Class: Nexpose::ScanTemplate

Inherits:
Object
  • Object
show all
Includes:
Sanitize
Defined in:
lib/nexpose/scan_template.rb

Overview

Configuration object for a scan template.

The constructor is designed to take a valid XML representation of a scan template. If you wish to create a new scan template from scratch, use the #load method without a template ID. If you wish to copy and modify an existing template, use the #copy method.

This class is only a partial representation of some of the features available for configuration.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Sanitize

#replace_entities

Constructor Details

#initialize(xml) ⇒ ScanTemplate

Returns a new instance of ScanTemplate.

Parameters:

  • xml (String)

    XML representation of a scan template.



55
56
57
 
# File 'lib/nexpose/scan_template.rb', line 55

def initialize(xml)
  @xml = REXML::Document.new(xml)
end

Instance Attribute Details

#xmlObject (readonly)

Parsed XML of a scan template.



52
53
54
 
# File 'lib/nexpose/scan_template.rb', line 52

def xml
  @xml
end

Class Method Details

.copy(nsc, id) ⇒ ScanTemplate

Copy an existing scan template, changing the id and title.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.

  • id (String)

    Unique identifier of an existing scan template.

Returns:

  • (ScanTemplate)

    A copy of the requested scan template configuration.



429
430
431
432
433
434
 
# File 'lib/nexpose/scan_template.rb', line 429

def self.copy(nsc, id)
  dupe = load(nsc, id)
  dupe.id = '#NewScanTemplate#'
  dupe.name = "#{dupe.name} Copy"
  dupe
end

.load(nsc, id = nil) ⇒ ScanTemplate

Load a scan template.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.

  • id (String) (defaults to: nil)

    Unique identifier of an existing scan template. If no ID is provided, a blank, base template will be returned.

Returns:

  • (ScanTemplate)

    The requested scan template configuration.



413
414
415
416
417
418
419
420
421
 
# File 'lib/nexpose/scan_template.rb', line 413

def self.load(nsc, id = nil)
  if id
    response = JSON.parse(AJAX.get(nsc, "/data/scan/templates/#{URI.encode(id)}"))
    xml = response['value']
  else
    xml = AJAX.get(nsc, '/ajax/scantemplate_config.txml')
  end
  new(xml)
end

Instance Method Details

#_disable_check(check, elem) ⇒ Object 



339
340
341
342
343
 
# File 'lib/nexpose/scan_template.rb', line 339

def _disable_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
  checks.elements['Disabled'].add_element(elem, { 'name' => check })
end

#_enable_check(check, elem) ⇒ Object 



333
334
335
336
337
 
# File 'lib/nexpose/scan_template.rb', line 333

def _enable_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
  checks.elements['Enabled'].add_element(elem, { 'name' => check })
end

#_remove_check(check, elem) ⇒ Object 



345
346
347
348
349
 
# File 'lib/nexpose/scan_template.rb', line 345

def _remove_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
  checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
end

#checks_by_categoryArray[String]

Get a list of the check categories enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled categories.



269
270
271
272
 
# File 'lib/nexpose/scan_template.rb', line 269

def checks_by_category
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('VulnCategory').map { |c| c.attributes['name'] }
end

#checks_by_typeArray[String]

Get a list of the check types enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled check types.



303
304
305
306
 
# File 'lib/nexpose/scan_template.rb', line 303

def checks_by_type
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('CheckType').map { |c| c.attributes['name'] }
end

#control_scanning=(enable) ⇒ Object

Adjust whether to perform control scanning (ControlsInsight integration) with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on control scanning.



121
122
123
124
 
# File 'lib/nexpose/scan_template.rb', line 121

def control_scanning=(enable)
  local_controls_scan = REXML::XPath.first(@xml, 'ScanTemplate/ControlsScan/localControlsScanEnabled')
  local_controls_scan.attributes['enabled'] = enable ? '1' : '0'
end

#control_scanning?Boolean

Returns Whether control scanning in enabled.

Returns:

  • (Boolean)

    Whether control scanning in enabled.



111
112
113
114
115
116
 
# File 'lib/nexpose/scan_template.rb', line 111

def control_scanning?
  global_controls_scan = REXML::XPath.first(@xml, 'ScanTemplate/ControlsScan/globalControlsScanEnabled')
  local_controls_scan = REXML::XPath.first(@xml, 'ScanTemplate/ControlsScan/localControlsScanEnabled')

  global_controls_scan.attributes['enabled'] == '1' || local_controls_scan.attributes['enabled'] == '1'
end

#correlate=(enable) ⇒ Object

Adjust whether to correlate reliable checks with regular checks.

Parameters:

  • enable (Boolean)

    Whether to turn on vulnerability correlation.



232
233
234
235
 
# File 'lib/nexpose/scan_template.rb', line 232

def correlate=(enable)
  vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  vuln_checks.attributes['correlate'] = enable ? '1' : '0'
end

#correlate?Boolean

Returns Whether to correlate reliable checks with regular checks.

Returns:

  • (Boolean)

    Whether to correlate reliable checks with regular checks.



225
226
227
228
 
# File 'lib/nexpose/scan_template.rb', line 225

def correlate?
  vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  vuln_checks.attributes['correlate'] == '1'
end

#delete(nsc) ⇒ Object

Delete this scan template from the console. Cannot be used to delete a built-in template.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.



441
442
443
 
# File 'lib/nexpose/scan_template.rb', line 441

def delete(nsc)
  nsc.delete_scan_template(id)
end

#descriptionString

Returns Description of this scan template.

Returns:

  • (String)

    Description of this scan template.



91
92
93
94
 
# File 'lib/nexpose/scan_template.rb', line 91

def description
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  desc.nil? ? nil : desc.text.to_s
end

#description=(description) ⇒ Object

Assign a description to this scan template. Require attribute.

Parameters:

  • description (String)

    Description of the scan template.



98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/nexpose/scan_template.rb', line 98

def description=(description)
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  if desc
    desc.text = replace_entities(description)
  else
    root = REXML::XPath.first(xml, 'ScanTemplate')
    desc = REXML::Element.new('templateDescription')
    desc.add_text(description)
    root.add_element(desc)
  end
end

#disable_checks_by_category(category) ⇒ Object

Disable checks by category for this template.

Parameters:

  • category (String)

    Category to disable. @see #list_vuln_categories



286
287
288
 
# File 'lib/nexpose/scan_template.rb', line 286

def disable_checks_by_category(category)
  _disable_check(category, 'VulnCategory')
end

#disable_checks_by_type(type) ⇒ Object

Disable checks by type for this template.

Parameters:

  • type (String)

    Type to disable. @see #list_vuln_types



320
321
322
 
# File 'lib/nexpose/scan_template.rb', line 320

def disable_checks_by_type(type)
  _disable_check(type, 'CheckType')
end

#disable_vuln_check(check_id) ⇒ Object

Disable individual check for this template.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



374
375
376
377
378
 
# File 'lib/nexpose/scan_template.rb', line 374

def disable_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Enabled/Check[@id='#{check_id}']")
  checks.elements['Disabled'].add_element('Check', { 'id' => check_id })
end

#enable_checks_by_category(category) ⇒ Object

Enable checks by category for this template.

Parameters:

  • category (String)

    Category to enable. @see #list_vuln_categories



278
279
280
 
# File 'lib/nexpose/scan_template.rb', line 278

def enable_checks_by_category(category)
  _enable_check(category, 'VulnCategory')
end

#enable_checks_by_type(type) ⇒ Object

Enable checks by type for this template.

Parameters:

  • type (String)

    Type to enable. @see #list_vuln_types



312
313
314
 
# File 'lib/nexpose/scan_template.rb', line 312

def enable_checks_by_type(type)
  _enable_check(type, 'CheckType')
end

#enable_tcp_ports=(enable) ⇒ Object

Disable TCP port scanning.

Parameters:

  • enable (Boolean)

    or disable TCP ports



197
198
199
200
 
# File 'lib/nexpose/scan_template.rb', line 197

def enable_tcp_ports=(enable)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/TCPPortScan')
  service_ports.attributes['mode'] = 'none' unless enable
end

#enable_udp_ports=(enable) ⇒ Object

Disable UDP port scanning.

Parameters:

  • enable (Boolean)

    or disable UDP ports



219
220
221
222
 
# File 'lib/nexpose/scan_template.rb', line 219

def enable_udp_ports=(enable)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/UDPPortScan')
  service_ports.attributes['mode'] = 'none' unless enable
end

#enable_vuln_check(check_id) ⇒ Object

Enable individual check for this template.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



364
365
366
367
368
 
# File 'lib/nexpose/scan_template.rb', line 364

def enable_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/Check[@id='#{check_id}']")
  checks.elements['Enabled'].add_element('Check', { 'id' => check_id })
end

#exclude_tcp_service_ports=(ports) ⇒ Object

Exclude TCP ports when scanning for services

Parameters:

  • ports (Array)

    to exclude from scan



190
191
192
193
 
# File 'lib/nexpose/scan_template.rb', line 190

def exclude_tcp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/ExcludedTCPPortScan')
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#exclude_udp_service_ports=(ports) ⇒ Object

Exclude UDP ports when scanning for services

Parameters:

  • ports (Array)

    to exclude from scan



212
213
214
215
 
# File 'lib/nexpose/scan_template.rb', line 212

def exclude_udp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/ExcludedUDPPortScan')
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#host_threads=(threads) ⇒ Object

Adjust the number of threads to use per asset for this template

Parameters:

  • threads (Integer)

    the number of threads to use per asset



174
175
176
177
 
# File 'lib/nexpose/scan_template.rb', line 174

def host_threads=(threads)
  host_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/hostThreads')
  host_threads.text = threads.to_s
end

#idString

Returns Unique identifier of the scan template.

Returns:

  • (String)

    Unique identifier of the scan template.



60
61
62
63
 
# File 'lib/nexpose/scan_template.rb', line 60

def id
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  root.attributes['id']
end

#id=(value) ⇒ Object 



65
66
67
68
 
# File 'lib/nexpose/scan_template.rb', line 65

def id=(value)
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  root.attributes['id'] = value
end

#nameString

Returns Name or title of this scan template.

Returns:

  • (String)

    Name or title of this scan template.



71
72
73
74
 
# File 'lib/nexpose/scan_template.rb', line 71

def name
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  desc.nil? ? nil : desc.attributes['title']
end

#name=(name) ⇒ Object

Assign name to this scan template. Required attribute.

Parameters:

  • name (String)

    Title to assign.



78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/nexpose/scan_template.rb', line 78

def name=(name)
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  if desc
    desc.attributes['title'] = replace_entities(name)
  else
    root = REXML::XPath.first(xml, 'ScanTemplate')
    desc = REXML::Element.new('templateDescription')
    desc.add_attribute('title', name)
    root.add_element(desc)
  end
end

#policy_scanning=(enable) ⇒ Object

Adjust whether to perform policy scanning with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on policy scanning.



147
148
149
150
 
# File 'lib/nexpose/scan_template.rb', line 147

def policy_scanning=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disablePolicyScan'] = enable ? '0' : '1'
end

#policy_scanning?Boolean

Returns Whether policy scanning in enabled.

Returns:

  • (Boolean)

    Whether policy scanning in enabled.



140
141
142
143
 
# File 'lib/nexpose/scan_template.rb', line 140

def policy_scanning?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disablePolicyScan'] == '0'
end

#potential_checks=(enable) ⇒ Object

Adjust whether to perform potential vulnerability checks with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on potential checks.



260
261
262
263
 
# File 'lib/nexpose/scan_template.rb', line 260

def potential_checks=(enable)
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['potential'] = enable ? '1' : '0'
end

#potential_checks?Boolean

Returns Whether potential vulnerability checks are performed with this template.

Returns:

  • (Boolean)

    Whether potential vulnerability checks are performed with this template.



253
254
255
256
 
# File 'lib/nexpose/scan_template.rb', line 253

def potential_checks?
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['potential'] == '1'
end

#remove_checks_by_category(category) ⇒ Object

Remove checks by category for this template. Removes both enabled and disabled checks.

Parameters:

  • category (String)

    Category to remove. @see #list_vuln_categories



295
296
297
 
# File 'lib/nexpose/scan_template.rb', line 295

def remove_checks_by_category(category)
  _remove_check(category, 'VulnCategory')
end

#remove_checks_by_type(type) ⇒ Object

Remove checks by type for this template. Removes both enabled and disabled checks.

Parameters:

  • type (String)

    Type to remove. @see #list_vuln_types



329
330
331
 
# File 'lib/nexpose/scan_template.rb', line 329

def remove_checks_by_type(type)
  _remove_check(type, 'CheckType')
end

#remove_vuln_check(check_id) ⇒ Object

Remove individual check for this template. Removes both enabled and disabled checks.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



385
386
387
388
389
 
# File 'lib/nexpose/scan_template.rb', line 385

def remove_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/Check[@id='#{check_id}']")
  checks.elements.delete("Enabled/Check[@id='#{check_id}']")
end

#save(nsc) ⇒ Object

Save this scan template configuration to a Nexpose console.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.



395
396
397
398
399
400
401
402
403
404
 
# File 'lib/nexpose/scan_template.rb', line 395

def save(nsc)
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  if root.attributes['id'] == '#NewScanTemplate#'
    response = JSON.parse(AJAX.post(nsc, '/data/scan/templates', xml))
    root.attributes['id'] = response['value']
  else
    response = JSON.parse(AJAX.put(nsc, "/data/scan/templates/#{URI.encode(id)}", xml))
  end
  response['value']
end

#scan_threads=(threads) ⇒ Object

Adjust the number of threads to use per scan engine for this template

Parameters:

  • threads (Integer)

    the number of threads to use per engine



167
168
169
170
 
# File 'lib/nexpose/scan_template.rb', line 167

def scan_threads=(threads)
  scan_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/scanThreads')
  scan_threads.text = threads.to_s
end

#tcp_service_ports=(ports) ⇒ Object

Add custom TCP ports to scan for services

Parameters:

  • ports (Array)

    to scan



181
182
183
184
185
186
 
# File 'lib/nexpose/scan_template.rb', line 181

def tcp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/TCPPortScan')
  service_ports.attributes['mode'] = "custom"
  service_ports.attributes['method'] = "syn"
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#udp_service_ports=(ports) ⇒ Object

Add custom UDP ports to scan for services

Parameters:

  • posts (Array)

    to scan



204
205
206
207
208
 
# File 'lib/nexpose/scan_template.rb', line 204

def udp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/UDPPortScan')
  service_ports.attributes['mode'] = "custom"
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#unsafe_checks=(enable) ⇒ Object

Adjust whether to perform unsafe vulnerability checks with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on unsafe checks.



246
247
248
249
 
# File 'lib/nexpose/scan_template.rb', line 246

def unsafe_checks=(enable)
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['unsafe'] = enable ? '1' : '0'
end

#unsafe_checks?Boolean

Returns Whether unsafe vulnerability checks are performed by this template.

Returns:

  • (Boolean)

    Whether unsafe vulnerability checks are performed by this template.



239
240
241
242
 
# File 'lib/nexpose/scan_template.rb', line 239

def unsafe_checks?
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['unsafe'] == '1'
end

#vuln_checksArray[String]

Get a list of the individual vuln checks enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled vulnerability checks.



355
356
357
358
 
# File 'lib/nexpose/scan_template.rb', line 355

def vuln_checks
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('Check').map { |c| c.attributes['id'] }
end

#vuln_scanning=(enable) ⇒ Object

Adjust whether to perform vuln scanning with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on vuln scanning.



134
135
136
137
 
# File 'lib/nexpose/scan_template.rb', line 134

def vuln_scanning=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableVulnScan'] = enable ? '0' : '1'
end

#vuln_scanning?Boolean

Returns Whether vuln scanning in enabled.

Returns:

  • (Boolean)

    Whether vuln scanning in enabled.



127
128
129
130
 
# File 'lib/nexpose/scan_template.rb', line 127

def vuln_scanning?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableVulnScan'] == '0'
end

#web_spidering=(enable) ⇒ Object

Adjust whether to perform web spidering with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on web spider scanning.



160
161
162
163
 
# File 'lib/nexpose/scan_template.rb', line 160

def web_spidering=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableWebSpider'] = enable ? '0' : '1'
end

#web_spidering?Boolean

Returns Whether web spidering in enabled.

Returns:

  • (Boolean)

    Whether web spidering in enabled.



153
154
155
156
 
# File 'lib/nexpose/scan_template.rb', line 153

def web_spidering?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableWebSpider'] == '0'
end