MetaSploitFraemwork/plugins/besecure.rb

#
# This plugin provides integration with beSECURE. Written by Noam Rathaus.
#
# Distributed under MIT license:
# http://www.opensource.org/licenses/mit-license.php
#
# Version 10.5.17

require 'base64'
require 'zlib'
require 'tempfile'
require 'pathname'

module Msf
  class Plugin::BeSECURE < Msf::Plugin
    class BeSECURECommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      def name
        'beSECURE'
      end

      def commands
        {
          'besecure_help' => 'Displays help',
          'besecure_version' => 'Display the version of the beSECURE server',
          'besecure_apikey' => 'Set the beSECURE API Key',
          'besecure_hostname' => 'Set the beSECURE Hostname',
          'besecure_debug' => 'Enable/Disable debugging',
          'besecure_ssl_verify' => 'Enable/Disable SSL verification',

          'besecure_report_list' => 'Display list of reports',

          'besecure_report_download' => 'Save a report to disk',
          'besecure_report_import' => 'Import report specified by ID into framework'
        }
      end

      def cmd_besecure_help
        print_status('besecure_help                  Display this help')
        print_status('besecure_debug                 Enable/Disable debugging')
        print_status('besecure_version               Display the version of the beSECURE server')
        print_status('besecure_apikey                Set the beSECURE API Key')
        print_status('besecure_ssl_verify            Set whether to verify or not SSL')
        print_status('besecure_hostname              Set the beSECURE Hostname')

        print_status
        print_status('REPORTS')
        print_status('=======')
        print_status('besecure_report_list           Lists reports')
        print_status('besecure_report_download       Downloads an beSECURE report specified by ID')
        print_status('besecure_report_import         Import report specified by ID into framework')
      end

      # Verify the database is connected and usable
      def database?
        if !(framework.db && framework.db.usable)
          return false
        else
          return true
        end
      end

      # Verify correct number of arguments and verify -h was not given. Return
      # true if correct number of arguments and help was not requested.
      def args?(args, min = 1, max = nil)
        if !max then max = min end
        if ((args.length < min) || (args.length > max) || (args[0] == '-h'))
          return false
        end

        return true
      end

      #--------------------------
      # Basic Functions
      #--------------------------
      def cmd_besecure_hostname(*args)
        if args?(args)
          @hostname = args[0]
          print_good(@hostname)
        else
          print_status('Usage:')
          print_status('besecure_hostname string')
        end
      end

      def cmd_besecure_apikey(*args)
        if args?(args)
          @apikey = args[0]
          print_good(@apikey)
        else
          print_status('Usage:')
          print_status('besecure_apikey string')
        end
      end

      def cmd_besecure_ssl_verify(*args)
        if args?(args)
          @ssl_verify = args[0]
          if (@ssl_verify != 'yes') && (@ssl_verify != 'no')
            @ssl_verify = 'yes'
          end
          print_good(@ssl_verify)
        else
          print_status('Usage:')
          print_status("besecure_ssl_verify 'yes'/'no' (default is yes)")
        end
      end

      def cmd_besecure_debug(*args)
        if args?(args)
          @debug = args[0].to_i
          print_good(@debug)
        else
          print_status('Usage:')
          print_status('besecure_debug integer')
        end
      end

      def cmd_besecure_version
        req = Net::HTTP::Post.new('/json.cgi', { 'Host' => @hostname })
        req.set_form_data({ 'apikey' => @apikey, 'primary' => 'interface' })

        if @debug
          print_status(req.body)
        end

        http = Net::HTTP.new(@hostname, 443)
        if @debug
          http.set_debug_output($stdout) # Logger.new("foo.log") works too
        end

        http.use_ssl = true
        if @ssl_verify == 'no'
          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
        end

        res = http.start { |h| h.request(req) }

        unless res
          print_error("#{@hostname} - Connection timed out")
          return ''
        end

        body = ''
        begin
          body = JSON.parse(res.body)
        rescue JSON::ParserError
          print_error("#{@hostname} - Unable to parse the response")
          return ''
        end

        if body['error']
          print_error("#{@hostname} - An error occurred:")
          print_error(body)
          return ''
        end

        print_good(body['version'])
      end

      #--------------------------
      # Report Functions
      #--------------------------

      def cmd_besecure_report_list(*_args)
        tbl = Rex::Text::Table.new(
          'Columns' => ['ID', 'Name', 'Hosts']
        )

        if @hostname.empty?
          print_error('Missing host value')
          return ''
        end

        req = Net::HTTP::Post.new('/json.cgi', { 'Host' => @hostname })
        req.set_form_data({ 'apikey' => @apikey, 'primary' => 'admin', 'secondary' => 'networks', 'action' => 'returnnetworks', 'search_limit' => 10000 })

        if @debug
          print_status(req.body)
        end

        http = Net::HTTP.new(@hostname, 443)
        if @debug
          http.set_debug_output($stdout) # Logger.new("foo.log") works too
        end

        http.use_ssl = true
        if @ssl_verify == 'no'
          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
        end

        res = http.start { |h| h.request(req) }

        unless res
          print_error("#{@hostname} - Connection timed out")
          return ''
        end

        body = ''
        begin
          body = JSON.parse(res.body)
        rescue JSON::ParserError
          print_error("#{@hostname} - Unable to parse the response")
          return ''
        end

        if body['error']
          print_error("#{@hostname} - An error occurred:")
          print_error(body)
          return ''
        end

        data = body['data']
        data.each do |item|
          tbl << [ item['ID'], item['Name'], item['PrettyRange']]
        end

        # print_good(body)

        print_good('beSECURE list of reports')
        print_line
        print_line tbl.to_s
        print_line
      end

      def cmd_besecure_report_download(*args)
        if args?(args, 4)
          req = Net::HTTP::Post.new('/json.cgi', { 'Host' => @hostname })
          format_file = args[1]
          req.set_form_data({ 'apikey' => @apikey, 'primary' => 'vulnerabilities', 'secondary' => 'report', 'action' => 'getreport', 'network' => args[0], 'format' => format_file })

          http = Net::HTTP.new(@hostname, 443)
          if @debug
            http.set_debug_output($stdout) # Logger.new("foo.log") works too
          end

          http.use_ssl = true
          if @ssl_verify == 'no'
            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
          end

          res = http.start { |h| h.request(req) }

          unless res
            print_error("#{@hostname} - Connection timed out")
            return ''
          end

          body = ''
          begin
            body = JSON.parse(res.body)
          rescue JSON::ParserError
            print_error("#{@hostname} - Unable to parse the response")
            return ''
          end

          if body['error']
            print_error("#{@hostname} - An error occurred:")
            print_error(body)
            return ''
          end

          decompressed = ''
          if format_file != 'json'
            compressed_base64 = body['compresseddata']
            compressed = Base64.decode64(compressed_base64)
            decompressed = Zlib::Inflate.inflate(compressed)
          else
            decompressed = body
          end

          if @debug
            print_status(decompressed)
          end

          ::FileUtils.mkdir_p(args[2])
          name = ::File.join(args[2], args[3])
          print_status("Saving report to #{name}")
          output = ::File.new(name, 'w')
          output.puts(decompressed)
          output.close

          ###
          # Return the report
          return decompressed
        else
          print_status('Usage: besecure_report_download <network_id> <format_name> <path> <report_name>')
        end

        return ''
      end

      def cmd_besecure_report_import(*args)
        if args?(args, 2)
          if !database?
            print_error('Database not ready')
            return ''
          end

          tempfile = Tempfile.new('results')

          res = cmd_besecure_report_download(args[0], 'nbe', File.dirname(tempfile) + '/', File.basename(tempfile))
          if res.empty?
            print_error('An empty report has been received')
            return ''
          end

          print_status('Importing report to database.')
          framework.db.import_file({ filename: tempfile })

          tempfile.unlink
        else
          print_status('Usage: besecure_report_import <network_id> <format_name>')
          print_status('Only the NBE and XML formats are supported for importing.')
        end
      end
    end

    #------------------------------
    # Plugin initialization
    #------------------------------

    def initialize(framework, opts)
      super
      add_console_dispatcher(BeSECURECommandDispatcher)
      print_status('Welcome to beSECURE integration by Noam Rathaus.')
      print_status
      print_status('beSECURE integration requires a database connection. Once the ')
      print_status('database is ready, connect to the beSECURE server using besecure_connect.')
      print_status('For additional commands use besecure_help.')
      print_status

      @debug = nil
    end

    def cleanup
      remove_console_dispatcher('beSECURE')
    end

    def name
      'beSECURE'
    end

    def desc
      'Integrates with the beSECURE - open source vulnerability management'
    end
  end
end