class Nexpose::SharedCredential
Attributes
Authentication type of SNMP v3 credential
Database or SID.
Optional description of this credential.
Array of sites where this credential has been temporarily disabled.
IP address or host name to restrict this credential to.
Windows/Samba LM/NTLM Hash.
Password or SNMP community name.
PEM-format private key.
Password to use when elevating permissions (e.g., sudo).
Password to use when elevating permissions (e.g., sudo).
Permission elevation type. See Nexpose::Credential::ElevationType
.
Permission elevation type. See Nexpose::Credential::ElevationType
.
Single port to restrict this credential to.
Privacty password of SNMP v3 credential
Privacy type of SNMP v3 credential
Password to use when elevating permissions (e.g., sudo).
Permission elevation type. See Nexpose::Credential::ElevationType
.
Array of site IDs that this credential is restricted to.
Public Class Methods
# File lib/nexpose/shared_credential.rb, line 115 def self.load(nsc, id) response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}") parse(response) end
# File lib/nexpose/shared_credential.rb, line 108 def initialize(name, id = -1) @name = name @id = id.to_i @sites = [] @disabled = [] end
# File lib/nexpose/shared_credential.rb, line 218 def self.parse(xml) rexml = REXML::Document.new(xml) rexml.elements.each('Credential') do |c| cred = new(c.elements['Name'].text, c.attributes['id'].to_i) desc = c.elements['Description'] cred.description = desc.text if desc c.elements.each('Account/Field') do |field| case field.attributes['name'] when 'database' cred.database = field.text when 'domain' cred.domain = field.text when 'username' cred.username = field.text when 'password' cred.password = field.text when 'ntlmhash' cred.ntlm_hash = field.text when 'pemkey' cred.pem_key = field.text when 'privilegeelevationusername' cred.privilege_username = field.text when 'privilegeelevationpassword' cred.privilege_password = field.text when 'privilegeelevationtype' cred.privilege_type = field.text when 'snmpv3authtype' cred.auth_type = field.text when 'snmpv3privtype' cred.privacy_type = field.text when 'snmpv3privpassword' cred.privacy_password = field.text end end service = REXML::XPath.first(c, 'Services/Service') cred.type = service.attributes['type'] c.elements.each('Restrictions/Restriction') do |r| cred.host = r.text if r.attributes['type'] == 'host' cred.port = r.text.to_i if r.attributes['type'] == 'port' end sites = REXML::XPath.first(c, 'Sites') cred.all_sites = sites.attributes['all'] == '1' sites.elements.each('Site') do |site| site_id = site.attributes['id'].to_i cred.sites << site_id unless cred.all_sites cred.disabled << site_id if site.attributes['enabled'] == '0' end return cred end nil end
Public Instance Methods
# File lib/nexpose/shared_credential.rb, line 195 def _to_param(target, engine_id, port, siteid) { engineid: engine_id, sc_creds_dev: target, sc_creds_svc: @service, sc_creds_database: @database, sc_creds_domain: @domain, sc_creds_uname: @username, sc_creds_password: @password, sc_creds_pemkey: @pem_key, sc_creds_port: port, sc_creds_privilegeelevationusername: @privilege_username, sc_creds_privilegeelevationpassword: @privilege_password, sc_creds_privilegeelevationtype: @privilege_type, sc_creds_snmpv3authtype: @auth_type, sc_creds_snmpv3privtype: @privacy_type, sc_creds_snmpv3privpassword: @privacy_password, siteid: siteid } end
# File lib/nexpose/shared_credential.rb, line 130 def as_xml xml = REXML::Element.new('Credential') xml.add_attribute('id', @id) xml.add_element('Name').add_text(@name) xml.add_element('Description').add_text(@description) services = xml.add_element('Services') services.add_element('Service').add_attribute('type', @service) (account = xml.add_element('Account')).add_attribute('type', 'nexpose') account.add_element('Field', { 'name' => 'database' }).add_text(@database) account.add_element('Field', { 'name' => 'domain' }).add_text(@domain) account.add_element('Field', { 'name' => 'username' }).add_text(@username) account.add_element('Field', { 'name' => 'ntlmhash' }).add_text(@ntlm_hash) if @ntlm_hash account.add_element('Field', { 'name' => 'password' }).add_text(@password) if @password account.add_element('Field', { 'name' => 'pemkey' }).add_text(@pem_key) if @pem_key account.add_element('Field', { 'name' => 'privilegeelevationusername' }).add_text(@privilege_username) account.add_element('Field', { 'name' => 'privilegeelevationpassword' }).add_text(@privilege_password) if @privilege_password account.add_element('Field', { 'name' => 'privilegeelevationtype' }).add_text(@privilege_type) if @privilege_type account.add_element('Field', { 'name' => 'snmpv3authtype' }).add_text(@auth_type) if @auth_type account.add_element('Field', { 'name' => 'snmpv3privtype' }).add_text(@privacy_type) if @privacy_type account.add_element('Field', { 'name' => 'snmpv3privpassword' }).add_text(@privacy_password) if @privacy_password restrictions = xml.add_element('Restrictions') restrictions.add_element('Restriction', { 'type' => 'host' }).add_text(@host) if @host restrictions.add_element('Restriction', { 'type' => 'port' }).add_text(@port) if @port sites = xml.add_element('Sites') sites.add_attribute('all', @all_sites ? 1 : 0) @sites.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) if @disabled.member? s end if @sites.empty? @disabled.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) end end xml end
Save this credential to the security console.
@param [Connection] nsc An active connection to a Nexpose
console. @return [Boolean] Whether the save succeeded.
# File lib/nexpose/shared_credential.rb, line 125 def save(nsc) response = AJAX.post(nsc, '/data/credential/shared/save', to_xml) !!(response =~ /success="1"/) end
Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.
@param [Connection] nsc An active connection to the security console. @param [String] target Target host to check credentials against. @param [Fixnum] engine_id ID of the engine to use for testing credentials.
Will default to the local engine if none is provided.
# File lib/nexpose/shared_credential.rb, line 184 def test(nsc, target, engine_id = nil, siteid = -1) unless engine_id engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id end @port = Credential::DEFAULT_PORTS[@service] if @port.nil? parameters = _to_param(target, engine_id, @port, siteid) xml = AJAX.form_post(nsc, '/data/credential/shared/test', parameters) result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult') result.attributes['success'].to_i == 1 end
# File lib/nexpose/shared_credential.rb, line 214 def to_xml as_xml.to_s end