Class: Nexpose::SiteCredentials

Inherits:
Credential show all
Defined in:
lib/nexpose/site_credentials.rb

Overview

Object that represents administrative credentials to be used during a scan. When retrieved from an existing site configuration the credentials will be returned as a security blob and can only be passed back as is during a Site Save operation. This object can only be used to create a new set of credentials.

Constant Summary

Constants inherited from Credential

Credential::DEFAULT_PORTS

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from CredentialHelper

#set_as400_service, #set_cifs_service, #set_cifshash_service, #set_cvs_service, #set_db2_service, #set_ftp_service, #set_http_service, #set_mysql_service, #set_notes_service, #set_oracle_service, #set_pop_service, #set_postgresql_service, #set_remote_execution_service, #set_snmp_service, #set_snmpv3_service, #set_ssh_key_service, #set_ssh_service, #set_sybase_service, #set_tds_service, #set_telnet_service

Methods inherited from APIObject

#object_from_hash

Instance Attribute Details

#authentication_typeObject

The authentication type to use with SNMP v3 credentials



39
40
41
# File 'lib/nexpose/site_credentials.rb', line 39

def authentication_type
  @authentication_type
end

#community_nameObject

for snmp v1/v2



55
56
57
# File 'lib/nexpose/site_credentials.rb', line 55

def community_name
  @community_name
end

#databaseObject

database of the service



30
31
32
# File 'lib/nexpose/site_credentials.rb', line 30

def database
  @database
end

#descriptionObject

the description of credential



26
27
28
# File 'lib/nexpose/site_credentials.rb', line 26

def description
  @description
end

#domainObject

domain of the service



28
29
30
# File 'lib/nexpose/site_credentials.rb', line 28

def domain
  @domain
end

#enabledObject

is this credential enable on site or not.



24
25
26
# File 'lib/nexpose/site_credentials.rb', line 24

def enabled
  @enabled
end

#host_restrictionObject

The host for these credentials.



16
17
18
# File 'lib/nexpose/site_credentials.rb', line 16

def host_restriction
  @host_restriction
end

#idObject

Unique identifier of the credential on the Nexpose console.



12
13
14
# File 'lib/nexpose/site_credentials.rb', line 12

def id
  @id
end

#nameObject

The name



22
23
24
# File 'lib/nexpose/site_credentials.rb', line 22

def name
  @name
end

#notes_id_passwordObject

the notes password



47
48
49
# File 'lib/nexpose/site_credentials.rb', line 47

def notes_id_password
  @notes_id_password
end

#passwordObject

The password



20
21
22
# File 'lib/nexpose/site_credentials.rb', line 20

def password
  @password
end

#pem_format_private_keyObject

for ssh public key require pem format private key



53
54
55
# File 'lib/nexpose/site_credentials.rb', line 53

def pem_format_private_key
  @pem_format_private_key
end

#permission_elevation_passwordObject

The password to use when escalating privileges (optional)



37
38
39
# File 'lib/nexpose/site_credentials.rb', line 37

def permission_elevation_password
  @permission_elevation_password
end

#permission_elevation_typeObject

The type of privilege escalation to use (sudo/su) Permission elevation type. See Nexpose::Credential::ElevationType.



33
34
35
# File 'lib/nexpose/site_credentials.rb', line 33

def permission_elevation_type
  @permission_elevation_type
end

#permission_elevation_userObject

The userid to use when escalating privileges (optional)



35
36
37
# File 'lib/nexpose/site_credentials.rb', line 35

def permission_elevation_user
  @permission_elevation_user
end

#port_restrictionObject

The port on which to use these credentials.



18
19
20
# File 'lib/nexpose/site_credentials.rb', line 18

def port_restriction
  @port_restriction
end

#privacy_passwordObject

The privacy/encryption pass phrase to use with SNMP v3 credentials



43
44
45
# File 'lib/nexpose/site_credentials.rb', line 43

def privacy_password
  @privacy_password
end

#privacy_typeObject

The privacy/encryption type to use with SNMP v3 credentials



41
42
43
# File 'lib/nexpose/site_credentials.rb', line 41

def privacy_type
  @privacy_type
end

#scopeObject

scope of credential



57
58
59
# File 'lib/nexpose/site_credentials.rb', line 57

def scope
  @scope
end

#serviceObject

The service for these credentials.



14
15
16
# File 'lib/nexpose/site_credentials.rb', line 14

def service
  @service
end

#sidObject

sid for oracle



51
52
53
# File 'lib/nexpose/site_credentials.rb', line 51

def sid
  @sid
end

#use_windows_authObject

use windows auth



49
50
51
# File 'lib/nexpose/site_credentials.rb', line 49

def use_windows_auth
  @use_windows_auth
end

#user_nameObject

the user name to be used in service



45
46
47
# File 'lib/nexpose/site_credentials.rb', line 45

def user_name
  @user_name
end

Class Method Details

.copy(connection, site_id, credential_id) ⇒ SiteCredentials

Copy an existing configuration from a Nexpose instance. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

Parameters:

  • connection (Connection)

    Connection to the security console.

  • id (String)

    Unique identifier of an site.

  • id (String)

    Unique identifier of an credential.

Returns:



141
142
143
144
145
146
# File 'lib/nexpose/site_credentials.rb', line 141

def self.copy(connection, site_id, credential_id)
  site_credential      = self.load(connection, site_id, credential_id)
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end

.for_service(name, id = -1,, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS) ⇒ Object

Create a credential object using name, id, description, host and port



103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'lib/nexpose/site_credentials.rb', line 103

def self.for_service(name, id = -1, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS)
  cred                           = new
  cred.name                      = name
  cred.id                        = id.to_i
  cred.enabled                   = true
  cred.description               = desc
  cred.host_restriction          = host
  cred.port_restriction          = port
  cred.service                   = service
  cred.scope                     = Credential::Scope::SITE_SPECIFIC
  cred.permission_elevation_type = Credential::ElevationType::NONE
  cred
end

.load(nsc, site_id, credential_id) ⇒ SiteCredential

Load an credential from the provided console.

Parameters:

  • nsc (Connection)

    Active connection to a Nexpose console.

  • id (String)

    Unique identifier of an site.

  • id (String)

    Unique identifier of an credential.

Returns:

  • (SiteCredential)

    The requested credential of site, if found.



124
125
126
127
128
129
# File 'lib/nexpose/site_credentials.rb', line 124

def self.load(nsc, site_id, credential_id)
  uri  = "/api/2.1/sites/#{site_id}/credentials/#{credential_id}"
  resp = AJAX.get(nsc, uri, AJAX::CONTENT_TYPE::JSON)
  hash = JSON.parse(resp, symbolize_names: true)
  new.object_from_hash(nsc, hash)
end

Instance Method Details

#==(other) ⇒ Object



192
193
194
# File 'lib/nexpose/site_credentials.rb', line 192

def ==(other)
  eql?(other)
end

#_to_param(target, engine_id, port, siteid) ⇒ Object



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/nexpose/site_credentials.rb', line 81

def _to_param(target, engine_id, port, siteid)
  {
    dev: target,
    port: port,
    siteID: siteid,
    engineID: engine_id,
    service: @service,
    domain: @domain,
    database: @database,
    userName: @user_name,
    password: @password,
    privilegeElevationUserName: @permission_elevation_user,
    privilegeElevationPassword: @permission_elevation_password,
    privilegeElevationType: @permission_elevation_type,
    pemkey: @pem_format_private_key,
    snmpv3AuthType: @authentication_type,
    snmpv3PrivType: @privacy_type,
    snmpv3PrivPassword: @privacy_password
  }
end

#copySiteCredentials

Copy an existing configuration from a site credential. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

Returns:



155
156
157
158
159
160
# File 'lib/nexpose/site_credentials.rb', line 155

def copy
  site_credential      = self.clone
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end

#eql?(other) ⇒ Boolean

Returns:

  • (Boolean)


196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'lib/nexpose/site_credentials.rb', line 196

def eql?(other)
  id.eql?(other.id) &&
  service.eql?(other.service) &&
  host_restriction.eql?(other.host_restriction) &&
  port_restriction.eql?(other.port_restriction) &&
  password.eql?(other.password) &&
  name.eql?(other.name) &&
  enabled.eql?(other.enabled) &&
  description.eql?(other.description) &&
  domain.eql?(other.domain) &&
  database.eql?(other.database) &&
  permission_elevation_type.eql?(other.permission_elevation_type) &&
  permission_elevation_user.eql?(other.permission_elevation_user) &&
  permission_elevation_password.eql?(other.permission_elevation_password) &&
  authentication_type.eql?(other.authentication_type) &&
  privacy_type.eql?(other.privacy_type) &&
  privacy_password.eql?(other.privacy_password) &&
  user_name.eql?(other.user_name) &&
  notes_id_password.eql?(other.notes_id_password) &&
  use_windows_auth.eql?(other.use_windows_auth) &&
  sid.eql?(other.sid) &&
  pem_format_private_key.eql?(other.pem_format_private_key) &&
  community_name.eql?(other.community_name) &&
  scope.eql?(other.scope)
end

#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Boolean

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.

Parameters:

  • nsc (Connection)

    An active connection to the security console.

  • target (String)

    Target host to check credentials against.

  • engine_id (Fixnum) (defaults to: nil)

    ID of the engine to use for testing credentials. Will default to the local engine if none is provided.

  • siteid (Fixnum) (defaults to: -1))

Returns:

  • (Boolean)

    If the credential is able to connect to the target.



70
71
72
73
74
75
76
77
78
79
# File 'lib/nexpose/site_credentials.rb', line 70

def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
  end
  @port      = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  parameters = JSON.generate(parameters)
  resp       = JSON.parse(Nexpose::AJAX.post(nsc, '/data/credential/test', parameters, Nexpose::AJAX::CONTENT_TYPE::JSON))
  resp['success'] == 'true'
end

#to_hObject



166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# File 'lib/nexpose/site_credentials.rb', line 166

def to_h
  { id: id,
    service: service,
    host_restriction: host_restriction,
    port_restriction: port_restriction,
    password: password,
    name: name,
    enabled: enabled,
    description: description,
    domain: domain,
    database: database,
    permission_elevation_type: permission_elevation_type,
    permission_elevation_user: permission_elevation_user,
    permission_elevation_password: permission_elevation_password,
    authentication_type: authentication_type,
    privacy_type: privacy_type,
    privacy_password: privacy_password,
    user_name: user_name,
    notes_id_password: notes_id_password,
    use_windows_auth: use_windows_auth,
    sid: sid,
    pem_format_private_key: pem_format_private_key,
    community_name: community_name,
    scope: scope }
end

#to_jsonObject



162
163
164
# File 'lib/nexpose/site_credentials.rb', line 162

def to_json
  JSON.generate(to_h)
end