class Nexpose::SharedCredential

Attributes

auth_type[RW]

Authentication type of SNMP v3 credential

database[RW]

Database or SID.

description[RW]

Optional description of this credential.

disabled[RW]

Array of sites where this credential has been temporarily disabled.

host[RW]

IP address or host name to restrict this credential to.

ntlm_hash[RW]

Windows/Samba LM/NTLM Hash.

password[RW]

Password or SNMP community name.

pem_key[RW]

PEM-format private key.

permission_elevation_password[RW]

Password to use when elevating permissions (e.g., sudo).

permission_elevation_password=[RW]

Password to use when elevating permissions (e.g., sudo).

permission_elevation_type[RW]

Permission elevation type. See Nexpose::Credential::ElevationType.

permission_elevation_type=[RW]

Permission elevation type. See Nexpose::Credential::ElevationType.

port[RW]

Single port to restrict this credential to.

privacy_password[RW]

Privacty password of SNMP v3 credential

privacy_type[RW]

Privacy type of SNMP v3 credential

privilege_password[RW]

Password to use when elevating permissions (e.g., sudo).

privilege_type[RW]

Permission elevation type. See Nexpose::Credential::ElevationType.

sites[RW]

Array of site IDs that this credential is restricted to.

Public Class Methods

load(nsc, id) click to toggle source
# File lib/nexpose/shared_credential.rb, line 115
def self.load(nsc, id)
  response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}")
  parse(response)
end
new(name, id = -1) click to toggle source
# File lib/nexpose/shared_credential.rb, line 108
def initialize(name, id = -1)
  @name     = name
  @id       = id.to_i
  @sites    = []
  @disabled = []
end
parse(xml) click to toggle source
# File lib/nexpose/shared_credential.rb, line 218
def self.parse(xml)
  rexml = REXML::Document.new(xml)
  rexml.elements.each('Credential') do |c|
    cred = new(c.elements['Name'].text, c.attributes['id'].to_i)

    desc = c.elements['Description']
    cred.description = desc.text if desc

    c.elements.each('Account/Field') do |field|
      case field.attributes['name']
      when 'database'
        cred.database = field.text
      when 'domain'
        cred.domain = field.text
      when 'username'
        cred.username = field.text
      when 'password'
        cred.password = field.text
      when 'ntlmhash'
        cred.ntlm_hash = field.text
      when 'pemkey'
        cred.pem_key = field.text
      when 'privilegeelevationusername'
        cred.privilege_username = field.text
      when 'privilegeelevationpassword'
        cred.privilege_password = field.text
      when 'privilegeelevationtype'
        cred.privilege_type = field.text
      when 'snmpv3authtype'
        cred.auth_type = field.text
      when 'snmpv3privtype'
        cred.privacy_type = field.text
      when 'snmpv3privpassword'
        cred.privacy_password = field.text
      end
    end

    service = REXML::XPath.first(c, 'Services/Service')
    cred.type = service.attributes['type']

    c.elements.each('Restrictions/Restriction') do |r|
      cred.host = r.text if r.attributes['type'] == 'host'
      cred.port = r.text.to_i if r.attributes['type'] == 'port'
    end

    sites = REXML::XPath.first(c, 'Sites')
    cred.all_sites = sites.attributes['all'] == '1'

    sites.elements.each('Site') do |site|
      site_id = site.attributes['id'].to_i
      cred.sites << site_id unless cred.all_sites
      cred.disabled << site_id if site.attributes['enabled'] == '0'
    end

    return cred
  end
  nil
end

Public Instance Methods

_to_param(target, engine_id, port, siteid) click to toggle source
# File lib/nexpose/shared_credential.rb, line 195
def _to_param(target, engine_id, port, siteid)
  { engineid: engine_id,
    sc_creds_dev: target,
    sc_creds_svc: @service,
    sc_creds_database: @database,
    sc_creds_domain: @domain,
    sc_creds_uname: @username,
    sc_creds_password: @password,
    sc_creds_pemkey: @pem_key,
    sc_creds_port: port,
    sc_creds_privilegeelevationusername: @privilege_username,
    sc_creds_privilegeelevationpassword: @privilege_password,
    sc_creds_privilegeelevationtype: @privilege_type,
    sc_creds_snmpv3authtype: @auth_type,
    sc_creds_snmpv3privtype: @privacy_type,
    sc_creds_snmpv3privpassword: @privacy_password,
    siteid: siteid }
end
as_xml() click to toggle source
# File lib/nexpose/shared_credential.rb, line 130
def as_xml
  xml = REXML::Element.new('Credential')
  xml.add_attribute('id', @id)
  xml.add_element('Name').add_text(@name)
  xml.add_element('Description').add_text(@description)

  services = xml.add_element('Services')
  services.add_element('Service').add_attribute('type', @service)

  (account = xml.add_element('Account')).add_attribute('type', 'nexpose')
  account.add_element('Field', { 'name' => 'database' }).add_text(@database)
  account.add_element('Field', { 'name' => 'domain' }).add_text(@domain)
  account.add_element('Field', { 'name' => 'username' }).add_text(@username)
  account.add_element('Field', { 'name' => 'ntlmhash' }).add_text(@ntlm_hash) if @ntlm_hash
  account.add_element('Field', { 'name' => 'password' }).add_text(@password) if @password
  account.add_element('Field', { 'name' => 'pemkey' }).add_text(@pem_key) if @pem_key
  account.add_element('Field', { 'name' => 'privilegeelevationusername' }).add_text(@privilege_username)
  account.add_element('Field', { 'name' => 'privilegeelevationpassword' }).add_text(@privilege_password) if @privilege_password
  account.add_element('Field', { 'name' => 'privilegeelevationtype' }).add_text(@privilege_type) if @privilege_type
  account.add_element('Field', { 'name' => 'snmpv3authtype' }).add_text(@auth_type) if @auth_type
  account.add_element('Field', { 'name' => 'snmpv3privtype' }).add_text(@privacy_type) if @privacy_type
  account.add_element('Field', { 'name' => 'snmpv3privpassword' }).add_text(@privacy_password) if @privacy_password

  restrictions = xml.add_element('Restrictions')
  restrictions.add_element('Restriction', { 'type' => 'host' }).add_text(@host) if @host
  restrictions.add_element('Restriction', { 'type' => 'port' }).add_text(@port) if @port

  sites = xml.add_element('Sites')
  sites.add_attribute('all', @all_sites ? 1 : 0)
  @sites.each do |s|
    site = sites.add_element('Site')
    site.add_attribute('id', s)
    site.add_attribute('enabled', 0) if @disabled.member? s
  end
  if @sites.empty?
    @disabled.each do |s|
      site = sites.add_element('Site')
      site.add_attribute('id', s)
      site.add_attribute('enabled', 0)
    end
  end

  xml
end
save(nsc) click to toggle source

Save this credential to the security console.

@param [Connection] nsc An active connection to a Nexpose console. @return [Boolean] Whether the save succeeded.

# File lib/nexpose/shared_credential.rb, line 125
def save(nsc)
  response = AJAX.post(nsc, '/data/credential/shared/save', to_xml)
  !!(response =~ /success="1"/)
end
test(nsc, target, engine_id = nil, siteid = -1) click to toggle source

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.

@param [Connection] nsc An active connection to the security console. @param [String] target Target host to check credentials against. @param [Fixnum] engine_id ID of the engine to use for testing credentials.

Will default to the local engine if none is provided.
# File lib/nexpose/shared_credential.rb, line 184
def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
  end
  @port      = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  xml        = AJAX.form_post(nsc, '/data/credential/shared/test', parameters)
  result     = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult')
  result.attributes['success'].to_i == 1
end
to_xml() click to toggle source
# File lib/nexpose/shared_credential.rb, line 214
def to_xml
  as_xml.to_s
end