Class: Nexpose::SharedCredential
- Inherits:
-
SharedCredentialSummary
- Object
- SharedCredentialSummary
- Nexpose::SharedCredential
- Defined in:
- lib/nexpose/shared_cred.rb
Instance Attribute Summary collapse
-
#auth_type ⇒ Object
Authentication type of SNMP v3 credential.
-
#database ⇒ Object
Database or SID.
-
#description ⇒ Object
Optional description of this credential.
-
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
-
#host ⇒ Object
IP address or host name to restrict this credential to.
-
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
-
#password ⇒ Object
Password or SNMP community name.
-
#pem_key ⇒ Object
PEM-format private key.
-
#port ⇒ Object
Single port to restrict this credential to.
-
#privacy_password ⇒ Object
Privacty password of SNMP v3 credential.
-
#privacy_type ⇒ Object
Privacy type of SNMP v3 credential.
-
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
-
#privilege_type ⇒ Object
Permission elevation type.
-
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
Attributes inherited from SharedCredentialSummary
#all_sites, #domain, #id, #last_modified, #name, #privilege_username, #type, #username
Class Method Summary collapse
Instance Method Summary collapse
- #_to_param(target, engine_id) ⇒ Object
- #as_xml ⇒ Object
-
#initialize(name, id = -1)) ⇒ SharedCredential
constructor
A new instance of SharedCredential.
-
#save(nsc) ⇒ Boolean
Save this credential to the security console.
-
#test(nsc, target, engine_id = nil) ⇒ Object
Test this credential against a target where the credentials should apply.
- #to_xml ⇒ Object
Methods inherited from SharedCredentialSummary
Constructor Details
#initialize(name, id = -1)) ⇒ SharedCredential
Returns a new instance of SharedCredential.
98 99 100 101 102 |
# File 'lib/nexpose/shared_cred.rb', line 98 def initialize(name, id = -1) @name, @id = name, id.to_i @sites = [] @disabled = [] end |
Instance Attribute Details
#auth_type ⇒ Object
Authentication type of SNMP v3 credential
85 86 87 |
# File 'lib/nexpose/shared_cred.rb', line 85 def auth_type @auth_type end |
#database ⇒ Object
Database or SID.
71 72 73 |
# File 'lib/nexpose/shared_cred.rb', line 71 def database @database end |
#description ⇒ Object
Optional description of this credential.
68 69 70 |
# File 'lib/nexpose/shared_cred.rb', line 68 def description @description end |
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
96 97 98 |
# File 'lib/nexpose/shared_cred.rb', line 96 def disabled @disabled end |
#host ⇒ Object
IP address or host name to restrict this credential to.
89 90 91 |
# File 'lib/nexpose/shared_cred.rb', line 89 def host @host end |
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
73 74 75 |
# File 'lib/nexpose/shared_cred.rb', line 73 def ntlm_hash @ntlm_hash end |
#password ⇒ Object
Password or SNMP community name.
75 76 77 |
# File 'lib/nexpose/shared_cred.rb', line 75 def password @password end |
#pem_key ⇒ Object
PEM-format private key.
77 78 79 |
# File 'lib/nexpose/shared_cred.rb', line 77 def pem_key @pem_key end |
#port ⇒ Object
Single port to restrict this credential to.
91 92 93 |
# File 'lib/nexpose/shared_cred.rb', line 91 def port @port end |
#privacy_password ⇒ Object
Privacty password of SNMP v3 credential
83 84 85 |
# File 'lib/nexpose/shared_cred.rb', line 83 def privacy_password @privacy_password end |
#privacy_type ⇒ Object
Privacy type of SNMP v3 credential
87 88 89 |
# File 'lib/nexpose/shared_cred.rb', line 87 def privacy_type @privacy_type end |
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
79 80 81 |
# File 'lib/nexpose/shared_cred.rb', line 79 def privilege_password @privilege_password end |
#privilege_type ⇒ Object
Permission elevation type. See Nexpose::Credential::ElevationType.
81 82 83 |
# File 'lib/nexpose/shared_cred.rb', line 81 def privilege_type @privilege_type end |
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
94 95 96 |
# File 'lib/nexpose/shared_cred.rb', line 94 def sites @sites end |
Class Method Details
.load(nsc, id) ⇒ Object
104 105 106 107 |
# File 'lib/nexpose/shared_cred.rb', line 104 def self.load(nsc, id) response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}") parse(response) end |
.parse(xml) ⇒ Object
214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
# File 'lib/nexpose/shared_cred.rb', line 214 def self.parse(xml) rexml = REXML::Document.new(xml) rexml.elements.each('Credential') do |c| cred = new(c.elements['Name'].text, c.attributes['id'].to_i) desc = c.elements['Description'] cred.description = desc.text if desc c.elements.each('Account/Field') do |field| case field.attributes['name'] when 'database' cred.database = field.text when 'domain' cred.domain = field.text when 'username' cred.username = field.text when 'password' cred.password = field.text when 'ntlmhash' cred.ntlm_hash = field.text when 'pemkey' cred.pem_key = field.text when 'privilegeelevationusername' cred.privilege_username = field.text when 'privilegeelevationpassword' cred.privilege_password = field.text when 'privilegeelevationtype' cred.privilege_type = field.text when 'snmpv3authtype' cred.auth_type = field.text when 'snmpv3privtype' cred.privacy_type = field.text when 'snmpv3privpassword' cred.privacy_password = field.text end end service = REXML::XPath.first(c, 'Services/Service') cred.type = service.attributes['type'] c.elements.each('Restrictions/Restriction') do |r| cred.host = r.text if r.attributes['type'] == 'host' cred.port = r.text.to_i if r.attributes['type'] == 'port' end sites = REXML::XPath.first(c, 'Sites') cred.all_sites = sites.attributes['all'] == '1' sites.elements.each('Site') do |site| site_id = site.attributes['id'].to_i cred.sites << site_id unless cred.all_sites cred.disabled << site_id if site.attributes['enabled'] == '0' end return cred end nil end |
Instance Method Details
#_to_param(target, engine_id) ⇒ Object
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/nexpose/shared_cred.rb', line 192 def _to_param(target, engine_id) port = @port port = Credential::DEFAULT_PORTS[@type] if port.nil? { engineid: engine_id, sc_creds_dev: target, sc_creds_svc: @type, sc_creds_database: @database, sc_creds_domain: @domain, sc_creds_uname: @username, sc_creds_password: @password, sc_creds_pemkey: @pem_key, sc_creds_port: port, sc_creds_privilegeelevationusername: @privilege_username, sc_creds_privilegeelevationpassword: @privilege_password, sc_creds_privilegeelevationtype: @privilege_type, sc_creds_snmpv3authtype: @auth_type, sc_creds_snmpv3privtype: @privacy_type, sc_creds_snmpv3privpassword: @privacy_password, siteid: -1 } end |
#as_xml ⇒ Object
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/nexpose/shared_cred.rb', line 119 def as_xml xml = REXML::Element.new('Credential') xml.add_attribute('id', @id) name = xml.add_element('Name').add_text(@name) desc = xml.add_element('Description').add_text(@description) services = xml.add_element('Services') service = services.add_element('Service').add_attribute('type', @type) (account = xml.add_element('Account')).add_attribute('type', 'nexpose') account.add_element('Field', { 'name' => 'database' }).add_text(@database) account.add_element('Field', { 'name' => 'domain' }).add_text(@domain) account.add_element('Field', { 'name' => 'username' }).add_text(@username) account.add_element('Field', { 'name' => 'ntlmhash' }).add_text(@ntlm_hash) if @ntlm_hash account.add_element('Field', { 'name' => 'password' }).add_text(@password) if @password account.add_element('Field', { 'name' => 'pemkey' }).add_text(@pem_key) if @pem_key account.add_element('Field', { 'name' => 'privilegeelevationusername' }).add_text(@privilege_username) account.add_element('Field', { 'name' => 'privilegeelevationpassword' }).add_text(@privilege_password) if @privilege_password account.add_element('Field', { 'name' => 'privilegeelevationtype' }).add_text(@privilege_type) if @privilege_type account.add_element('Field', { 'name' => 'snmpv3authtype' }).add_text(@auth_type) if @auth_type account.add_element('Field', { 'name' => 'snmpv3privtype' }).add_text(@privacy_type) if @privacy_type account.add_element('Field', { 'name' => 'snmpv3privpassword' }).add_text(@privacy_password) if @privacy_password restrictions = xml.add_element('Restrictions') restrictions.add_element('Restriction', { 'type' => 'host' }).add_text(@host) if @host restrictions.add_element('Restriction', { 'type' => 'port' }).add_text(@port) if @port sites = xml.add_element('Sites') sites.add_attribute('all', @all_sites ? 1 : 0) @sites.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) if @disabled.member? s end if @sites.empty? @disabled.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) end end xml end |
#save(nsc) ⇒ Boolean
Save this credential to the security console.
114 115 116 117 |
# File 'lib/nexpose/shared_cred.rb', line 114 def save(nsc) response = AJAX.post(nsc, '/data/credential/shared/save', to_xml) !!(response =~ /success="1"/) end |
#test(nsc, target, engine_id = nil) ⇒ Object
Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail.
180 181 182 183 184 185 186 187 188 189 190 |
# File 'lib/nexpose/shared_cred.rb', line 180 def test(nsc, target, engine_id = nil) unless engine_id local_engine = nsc.engines.find { |e| e.name == 'Local scan engine' } engine_id = local_engine.id end parameters = _to_param(target, engine_id) xml = AJAX.form_post(nsc, '/ajax/test_admin_credentials.txml', parameters) result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult') result.attributes['success'].to_i == 1 end |
#to_xml ⇒ Object
167 168 169 |
# File 'lib/nexpose/shared_cred.rb', line 167 def to_xml as_xml.to_s end |