Class: NessusAPI::Session

Inherits:

Object

• Object
• NessusAPI::Session

Defined in:

lib/nessus_api/session.rb

Constant Summary

@@current =

Keep that in mind when I start extending the class.

nil

Class Method Summary

• .current ⇒ Object

Instance Method Summary

• #close ⇒ Object
• #current ⇒ Object
• #get(path, args = {}, token = @token) ⇒ Object
• #initialize(host = ENV['NESSUS_HOST'], user = ENV['NESSUS_USER'], pw = ENV['NESSUS_PASS'], port = ENV['NESSUS_PORT']) ⇒ Session constructor

  A new instance of Session.

• #policies ⇒ Object
• #scanList ⇒ Object

Constructor Details

#initialize(host = ENV['NESSUS_HOST'], user = ENV['NESSUS_USER'], pw = ENV['NESSUS_PASS'], port = ENV['NESSUS_PORT']) ⇒ Session

Returns a new instance of Session.

# File 'lib/nessus_api/session.rb', line 16

def initialize(host=ENV['NESSUS_HOST'], user=ENV['NESSUS_USER'],
               pw=ENV['NESSUS_PASS'], port=ENV['NESSUS_PORT'])
  # Attempts to connect with the given instance
  # of Nessus. Returns errors when it cannot reach
  # an installation, or if there are bad credentials
  # given. Returns a token otherwise.
  @host = host
  @port = port
  @token = self.get('login', {'login' => user, 'password' => pw},
               nil).css("token").text
  @@current = self
end

Class Method Details

.current ⇒ Object

# File 'lib/nessus_api/session.rb', line 69

def self.current
  @@current
end

Instance Method Details

#close ⇒ Object

# File 'lib/nessus_api/session.rb', line 59

def close
  # Logs out of Nessus installation
  # Returns a true, if it works.
  if self.get('logout').css('contents').text == 'OK'
    return true
  else
    return false
  end
end

#current ⇒ Object

# File 'lib/nessus_api/session.rb', line 73

def current
  @@current
end

#get(path, args = {}, token = @token) ⇒ Object

# File 'lib/nessus_api/session.rb', line 29

def get(path, args={}, token=@token)
  # Performs an API call using the path and arguments given.
  # Returns a token if there is not already a token.
  # Otherwise, it returns the response from the server.
  args['token'] = @token
  args['seq'] = Random.new.rand(9999).to_s
  url = URI('https://' + @host + ':' + @port + '/' + path)
  request = Net::HTTP::Post.new(url.path)
  request.set_form_data(args)
  conn = Net::HTTP.new(url.host, url.port)
  conn.use_ssl = true
  conn.verify_mode = OpenSSL::SSL::VERIFY_NONE
  begin
    response = conn.request(request)
    if response.is_a?(Net::HTTPSuccess)
      response_xml = Nokogiri::XML(response.body)
      if response_xml.at_css("seq").text != args['seq']
        raise StandardError, "Secret token did not match!"
      elsif response_xml.at_css("status").text != 'OK'
        raise AuthenticationError, "Credentials are not valid!"
      end
      return response_xml
    else
      raise ConnectionError, "Could not connect properly!"
    end
  rescue => e
    raise e
  end
end

#policies ⇒ Object

# File 'lib/nessus_api/session.rb', line 81

def policies
  results = []
  @doc = get('policy/list', {})
    (0..@doc.css("policies policyName").length-1).each do |i|
      results << [@doc.css("policies policyName")[i].text, @doc.css("policies policyID")[i].text]
    end
  return results
end

#scanList ⇒ Object

# File 'lib/nessus_api/session.rb', line 77

def scanList
  get('scan/list', {}).at_css('scanList')
end