Class: NessusXMLRPC::NessusXMLRPCrexml

Inherits:
Object
  • Object
show all
Defined in:
lib/audit/lib/nessus_utils.rb

Instance Method Summary collapse

Instance Method Details

#file_upload(file) ⇒ Object 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/audit/lib/nessus_utils.rb', line 5

def file_upload(file)
  cmd = "curl --max-time 120 --silent --insecure --cookie \"token=#{@token}\" --form \"Filedata=@#{file}\" #{@nurl}file/upload"
  print "Executing Nessus command: '#{cmd}'\n"
  body = `#{cmd}`
  
  docxml = REXML::Document.new(body)
  begin
    status = docxml.root.elements['status'].text
    filename = docxml.root.elements['contents'].elements['fileUploaded'].text
  rescue => err
    print "[e] Error in XML parsing\n"
  end
  
  if status == "OK" then
    return filename
  else
    return nil
  end
end

#policy_delete(policy_id) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/audit/lib/nessus_utils.rb', line 50

def policy_delete(policy_id)
  cmd = "curl --max-time 120 --silent --insecure --cookie \"token=#{@token}\" --data \"policy_id=#{policy_id}\" #{@nurl}policy/delete"
  print "Executing Nessus command: '#{cmd}'\n"
  body = `#{cmd}`
  
  docxml = REXML::Document.new(body)
  begin
    status = docxml.root.elements['status'].text
  rescue => err
    print "[e] Error in XML parsing\n"
  end
  
  if status == "OK" then
    return true
  else
    return nil
  end
end

#policy_file_get_policies(policy_file) ⇒ Object 



69
70
71
72
73
74
 
# File 'lib/audit/lib/nessus_utils.rb', line 69

def policy_file_get_policies(policy_file)
  policy_names = []
  
  REXML::Document.new(File.read(policy_file)).root.each_element('//Policy') {|p| policy_names << p.elements['policyName'].text}
  return policy_names
end

#policy_upload(policy_file) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/audit/lib/nessus_utils.rb', line 25

def policy_upload(policy_file)
  filename = file_upload(policy_file)
  
  if filename then
    cmd = "curl --max-time 120 --silent --insecure --cookie \"token=#{@token}\" --data \"file=#{filename}\" #{@nurl}file/policy/import"
    print "Executing Nessus command: '#{cmd}'\n"
    body = `#{cmd}`
  
    docxml = REXML::Document.new(body)
    begin
      status = docxml.root.elements['status'].text
    rescue => err
      print "[e] Error in XML parsing\n"
    end
  
    if status == "OK" then
      return docxml
    else
      return nil
    end
  else
    return nil
  end
end

#scan_execute(policy_file, policy_name, scan_name, target) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/audit/lib/nessus_utils.rb', line 76

def scan_execute(policy_file, policy_name, scan_name, target)
  while (policy_id = policy_get_id(policy_name)) != '' do
    policy_delete(policy_id)
  end
  
  policy_upload(policy_file)
  
  policy_id = policy_get_id(policy_name)
  
  if policy_id != '' then
    scan = scan_new(policy_id, scan_name, target)
    
    while scan_status(scan) == 'running' do
      sleep(5)
    end
    
    report = report_file_download(scan)
    report_delete(scan)
    policy_delete(policy_id)
    return report
  else
    return nil
    # error: policy not found altough just imported
  end
end