class Nexpose::SiteCredentials

Object that represents administrative credentials to be used during a scan. When retrieved from an existing site configuration the credentials will be returned as a security blob and can only be passed back as is during a Site Save operation. This object can only be used to create a new set of credentials.

Attributes

authentication_type[RW]

The authentication type to use with SNMP v3 credentials

community_name[RW]

for snmp v1/v2

database[RW]

database of the service

description[RW]

the description of credential

domain[RW]

domain of the service

enabled[RW]

is this credential enable on site or not.

host_restriction[RW]

The host for these credentials.

id[RW]

Unique identifier of the credential on the Nexpose console.

name[RW]

The name

notes_id_password[RW]

the notes password

password[RW]

The password

pem_format_private_key[RW]

for ssh public key require pem format private key

permission_elevation_password[RW]

The password to use when escalating privileges (optional)

permission_elevation_type[RW]

The type of privilege escalation to use (sudo/su) Permission elevation type. See Nexpose::Credential::ElevationType.

permission_elevation_user[RW]

The userid to use when escalating privileges (optional)

port_restriction[RW]

The port on which to use these credentials.

privacy_password[RW]

The privacy/encryption pass phrase to use with SNMP v3 credentials

privacy_type[RW]

The privacy/encryption type to use with SNMP v3 credentials

scope[RW]

scope of credential

service[RW]

The service for these credentials.

sid[RW]

sid for oracle

use_windows_auth[RW]

use windows auth

user_name[RW]

the user name to be used in service

Public Class Methods

copy(connection, site_id, credential_id) click to toggle source

Copy an existing configuration from a Nexpose instance. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

@param [Connection] connection Connection to the security console. @param [String] id Unique identifier of an site. @param [String] id Unique identifier of an credential. @return [SiteCredentials] Site credential loaded from a Nexpose console.

# File lib/nexpose/site_credentials.rb, line 141
def self.copy(connection, site_id, credential_id)
  site_credential      = self.load(connection, site_id, credential_id)
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end
for_service(name, id = -1, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS) click to toggle source

Create a credential object using name, id, description, host and port

# File lib/nexpose/site_credentials.rb, line 103
def self.for_service(name, id = -1, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS)
  cred                           = new
  cred.name                      = name
  cred.id                        = id.to_i
  cred.enabled                   = true
  cred.description               = desc
  cred.host_restriction          = host
  cred.port_restriction          = port
  cred.service                   = service
  cred.scope                     = Credential::Scope::SITE_SPECIFIC
  cred.permission_elevation_type = Credential::ElevationType::NONE
  cred
end
load(nsc, site_id, credential_id) click to toggle source

Load an credential from the provided console.

@param [Connection] nsc Active connection to a Nexpose console. @param [String] id Unique identifier of an site. @param [String] id Unique identifier of an credential. @return [SiteCredential] The requested credential of site, if found.

# File lib/nexpose/site_credentials.rb, line 124
def self.load(nsc, site_id, credential_id)
  uri  = "/api/2.1/sites/#{site_id}/credentials/#{credential_id}"
  resp = AJAX.get(nsc, uri, AJAX::CONTENT_TYPE::JSON)
  hash = JSON.parse(resp, symbolize_names: true)
  new.object_from_hash(nsc, hash)
end

Public Instance Methods

==(other) click to toggle source
# File lib/nexpose/site_credentials.rb, line 192
def ==(other)
  eql?(other)
end
_to_param(target, engine_id, port, siteid) click to toggle source
# File lib/nexpose/site_credentials.rb, line 81
def _to_param(target, engine_id, port, siteid)
  {
    dev: target,
    port: port,
    siteID: siteid,
    engineID: engine_id,
    service: @service,
    domain: @domain,
    database: @database,
    userName: @user_name,
    password: @password,
    privilegeElevationUserName: @permission_elevation_user,
    privilegeElevationPassword: @permission_elevation_password,
    privilegeElevationType: @permission_elevation_type,
    pemkey: @pem_format_private_key,
    snmpv3AuthType: @authentication_type,
    snmpv3PrivType: @privacy_type,
    snmpv3PrivPassword: @privacy_password
  }
end
copy() click to toggle source

Copy an existing configuration from a site credential. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

@return [SiteCredentials] modified.

# File lib/nexpose/site_credentials.rb, line 155
def copy
  site_credential      = self.clone
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end
eql?(other) click to toggle source
# File lib/nexpose/site_credentials.rb, line 196
def eql?(other)
  id.eql?(other.id) &&
  service.eql?(other.service) &&
  host_restriction.eql?(other.host_restriction) &&
  port_restriction.eql?(other.port_restriction) &&
  password.eql?(other.password) &&
  name.eql?(other.name) &&
  enabled.eql?(other.enabled) &&
  description.eql?(other.description) &&
  domain.eql?(other.domain) &&
  database.eql?(other.database) &&
  permission_elevation_type.eql?(other.permission_elevation_type) &&
  permission_elevation_user.eql?(other.permission_elevation_user) &&
  permission_elevation_password.eql?(other.permission_elevation_password) &&
  authentication_type.eql?(other.authentication_type) &&
  privacy_type.eql?(other.privacy_type) &&
  privacy_password.eql?(other.privacy_password) &&
  user_name.eql?(other.user_name) &&
  notes_id_password.eql?(other.notes_id_password) &&
  use_windows_auth.eql?(other.use_windows_auth) &&
  sid.eql?(other.sid) &&
  pem_format_private_key.eql?(other.pem_format_private_key) &&
  community_name.eql?(other.community_name) &&
  scope.eql?(other.scope)
end
test(nsc, target, engine_id = nil, siteid = -1) click to toggle source

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.

@param [Connection] nsc An active connection to the security console. @param [String] target Target host to check credentials against. @param [Fixnum] engine_id ID of the engine to use for testing credentials.

Will default to the local engine if none is provided.

@param [Fixnum] siteid @return [Boolean] If the credential is able to connect to the target.

# File lib/nexpose/site_credentials.rb, line 70
def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
  end
  @port      = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  parameters = JSON.generate(parameters)
  resp       = JSON.parse(Nexpose::AJAX.post(nsc, '/data/credential/test', parameters, Nexpose::AJAX::CONTENT_TYPE::JSON))
  resp['success'] == 'true'
end
to_h() click to toggle source
# File lib/nexpose/site_credentials.rb, line 166
def to_h
  { id: id,
    service: service,
    host_restriction: host_restriction,
    port_restriction: port_restriction,
    password: password,
    name: name,
    enabled: enabled,
    description: description,
    domain: domain,
    database: database,
    permission_elevation_type: permission_elevation_type,
    permission_elevation_user: permission_elevation_user,
    permission_elevation_password: permission_elevation_password,
    authentication_type: authentication_type,
    privacy_type: privacy_type,
    privacy_password: privacy_password,
    user_name: user_name,
    notes_id_password: notes_id_password,
    use_windows_auth: use_windows_auth,
    sid: sid,
    pem_format_private_key: pem_format_private_key,
    community_name: community_name,
    scope: scope }
end
to_json() click to toggle source
# File lib/nexpose/site_credentials.rb, line 162
def to_json
  JSON.generate(to_h)
end