Class: Nexpose::Credential

Inherits:
APIObject show all
Defined in:
lib/nexpose/credential.rb

Overview

Contains the shared methods for the SiteCredential and SharedCredential Objects. See Nexpose::SiteCredential or Nexpose::SharedCredential for additional info.

Direct Known Subclasses

SharedCredentialSummary, SiteCredentials

Defined Under Namespace

Modules: AuthenticationType, ElevationType, PrivacyType, Scope, Service

Constant Summary collapse

DEFAULT_PORTS =

Mapping of Common Ports.

{ 'cvs'              => 2401,
'ftp'              => 21,
'http'             => 80,
'as400'            => 449,
'notes'            => 1352,
'tds'              => 1433,
'sybase'           => 5000,
'cifs'             => 445,
'cifshash'         => 445,
'oracle'           => 1521,
'pop'              => 110,
'postgresql'       => 5432,
'remote execution' => 512,
'snmp'             => 161,
'snmpv3'           => 161,
'ssh'              => 22,
'ssh-key'          => 22,
'telnet'           => 23,
'mysql'            => 3306,
'db2'              => 50000 }

Instance Method Summary collapse

Methods inherited from APIObject

#object_from_hash

Instance Method Details

#_to_param(target, engine_id, port, siteid) ⇒ Object



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# File 'lib/nexpose/credential.rb', line 109

def _to_param(target, engine_id, port, siteid)
  { engineid: engine_id,
    sc_creds_dev: target,
    sc_creds_svc: @service,
    sc_creds_database: @database,
    sc_creds_domain: @domain,
    sc_creds_uname: @username,
    sc_creds_password: @password,
    sc_creds_pemkey: @pem_key,
    sc_creds_port: port,
    sc_creds_privilegeelevationusername: @privilege_username,
    sc_creds_privilegeelevationpassword: @privilege_password,
    sc_creds_privilegeelevationtype: @privilege_type,
    sc_creds_snmpv3authtype: @auth_type,
    sc_creds_snmpv3privtype: @privacy_type,
    sc_creds_snmpv3privpassword: @privacy_password,
    siteid: siteid }
end

#set_as400_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the IBM AS/400 service.



151
152
153
154
155
156
# File 'lib/nexpose/credential.rb', line 151

def set_as400_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::AS400
end

#set_cifs_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft Windows/Samba (SMB/CIFS) service.



175
176
177
178
179
180
# File 'lib/nexpose/credential.rb', line 175

def set_cifs_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::CIFS
end

#set_cifshash_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) service.



183
184
185
186
187
188
# File 'lib/nexpose/credential.rb', line 183

def set_cifshash_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::CIFSHASH
end

#set_cvs_service(username = nil, password = nil) ⇒ Object

sets the Concurrent Versioning System (CVS) service



129
130
131
132
133
# File 'lib/nexpose/credential.rb', line 129

def set_cvs_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::CVS
end

#set_db2_service(database = nil, username = nil, password = nil) ⇒ Object

sets the DB2 service



136
137
138
139
140
141
# File 'lib/nexpose/credential.rb', line 136

def set_db2_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::DB2
end

#set_ftp_service(username = nil, password = nil) ⇒ Object

sets the File Transfer Protocol (FTP) service



144
145
146
147
148
# File 'lib/nexpose/credential.rb', line 144

def set_ftp_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::FTP
end

#set_http_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Web Site HTTP Authentication service.



283
284
285
286
287
288
# File 'lib/nexpose/credential.rb', line 283

def set_http_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::HTTP
end

#set_mysql_service(database = nil, username = nil, password = nil) ⇒ Object

sets the MySQL Server service.



191
192
193
194
195
196
# File 'lib/nexpose/credential.rb', line 191

def set_mysql_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::MYSQL
end

#set_notes_service(password = nil) ⇒ Object

sets the Lotus Notes/Domino service.



159
160
161
162
# File 'lib/nexpose/credential.rb', line 159

def set_notes_service(password = nil)
  @notes_id_password = password
  @service = Service::NOTES
end

#set_oracle_service(sid = nil, username = nil, password = nil) ⇒ Object

sets the Oracle service.



199
200
201
202
203
204
# File 'lib/nexpose/credential.rb', line 199

def set_oracle_service(sid = nil, username = nil, password = nil)
  @database = sid
  @user_name = username
  @password = password
  @service = Service::ORACLE
end

#set_pop_service(username = nil, password = nil) ⇒ Object

sets the Post Office Protocol (POP) service.



207
208
209
210
211
# File 'lib/nexpose/credential.rb', line 207

def set_pop_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::POP
end

#set_postgresql_service(database = nil, username = nil, password = nil) ⇒ Object

sets the PostgreSQL service.



214
215
216
217
218
219
# File 'lib/nexpose/credential.rb', line 214

def set_postgresql_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::POSTGRESQL
end

#set_remote_execution_service(username = nil, password = nil) ⇒ Object

sets the Remote Execution service.



222
223
224
225
226
# File 'lib/nexpose/credential.rb', line 222

def set_remote_execution_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::REMOTE_EXECUTION
end

#set_snmp_service(community_name = nil) ⇒ Object

sets the Simple Network Management Protocol v1/v2c service.



250
251
252
253
# File 'lib/nexpose/credential.rb', line 250

def set_snmp_service(community_name = nil)
  @community_name = community_name
  @service = Service::SNMP
end

#set_snmpv3_service(authentication_type = AuthenticationType::NOAUTH, username = nil, password = nil, privacy_type = PrivacyType::NOPRIV, privacy_password = nil) ⇒ Object

sets the Simple Network Management Protocol v3 service.



256
257
258
259
260
261
262
263
# File 'lib/nexpose/credential.rb', line 256

def set_snmpv3_service(authentication_type = AuthenticationType::NOAUTH, username = nil, password = nil, privacy_type = PrivacyType::NOPRIV, privacy_password = nil)
  @authentication_type = authentication_type
  @user_name = username
  @password = password
  @privacy_type = privacy_type
  @privacy_password = privacy_password
  @service = Service::SNMPV3
end

#set_ssh_key_service(username, pemkey, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

sets the Secure Shell (SSH) Public Key service.



239
240
241
242
243
244
245
246
247
# File 'lib/nexpose/credential.rb', line 239

def set_ssh_key_service(username, pemkey,  password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil)
  @user_name = username
  @password = password
  @pem_format_private_key = pemkey
  @permission_elevation_type = elevation_type || ElevationType::NONE
  @permission_elevation_user = elevation_user
  @permission_elevation_password = elevation_password
  @service = Service::SSH_KEY
end

#set_ssh_service(username = nil, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

sets the Secure Shell (SSH) service.



229
230
231
232
233
234
235
236
# File 'lib/nexpose/credential.rb', line 229

def set_ssh_service(username = nil, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil)
  @user_name = username
  @password = password
  @permission_elevation_type = elevation_type || ElevationType::NONE
  @permission_elevation_user = elevation_user
  @permission_elevation_password = elevation_password
  @service = Service::SSH
end

#set_sybase_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

sets the Sybase SQL Server service.



266
267
268
269
270
271
272
273
# File 'lib/nexpose/credential.rb', line 266

def set_sybase_service(database = nil, domain = nil, username = nil, password = nil)
  @database = database
  @domain = domain
  @use_windows_auth = domain.nil?
  @user_name = username
  @password = password
  @service = Service::SYBASE
end

#set_tds_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft SQL Server service.



165
166
167
168
169
170
171
172
# File 'lib/nexpose/credential.rb', line 165

def set_tds_service(database = nil, domain = nil, username = nil, password = nil)
  @database = database
  @domain = domain
  @use_windows_auth = domain.nil?
  @user_name = username
  @password = password
  @service = Service::TDS
end

#set_telnet_service(username = nil, password = nil) ⇒ Object

sets the Telnet service.



276
277
278
279
280
# File 'lib/nexpose/credential.rb', line 276

def set_telnet_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::TELNET
end

#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Object

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail.

Parameters:

  • nsc (Connection)

    An active connection to the security console.

  • target (String)

    Target host to check credentials against.

  • engine_id (Fixnum) (defaults to: nil)

    ID of the engine to use for testing credentials. Will default to the local engine if none is provided.



97
98
99
100
101
102
103
104
105
106
# File 'lib/nexpose/credential.rb', line 97

def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.find { |e| e.name == 'Local scan engine' }.id
  end
  @port = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  xml = AJAX.form_post(nsc, '/data/credential/shared/test', parameters)
  result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult')
  result.attributes['success'].to_i == 1
end