Allow ad-hoc scan methods to behave similar as in UI

[sgreen-r7]

Feedback from this community post: https://community.rapid7.com/thread/7803

Should update the gem to allow for changing scan template, and scan targets for an ad-hoc scan via the API.

• Edit Ad-hoc scan to support a scan-template
• Edit Ad-hoc scan to support specified scan target(s)
• Edit Ad-hoc scan to support specified scan engine(s)

[gschneider-r7]

We should first expose this as an official API in Nexpose, preferably.

[gschneider-r7]

I've prototyped this using the UI endpoint and it seems to work okay. Going to wait for some internal feedback before I make a pull request.

[ben-git-hub99]

Hi. I would love to assist with this. Anything I can do to help?

[gschneider-r7]

Hi @ben-git-hub99, I've created a branch on my fork with my hacky experimental method. You can either use it with a Gemfile and bundle install with the Gemfile contents of:

gem 'nexpose', github: 'gschneider-r7/nexpose-client', branch: 'experimental_adhoc_scan'

Or you can download a pre-built gem file and install it with gem install nexpose-2.2.0.pre.gem.

In your script you'll probably want to add gem 'nexpose', '~>2.2.0.pre' before the require 'nexpose' line if you keep the official released version(s) of the gem installed.

Using the new method works like this:

nsc = Nexpose::Connection.new(...)
# Arbitrary site id
site_id = 1
# Default scan template
template = 'full-audit-without-web-spider'
# Local scan engine is typically id 3 on newer installs, but can be 2 on older installs
engine_id = 3
# Array of strings, although passing in Nexpose::IPRange and Nexpose::HostName objects also works correctly
assets_to_scan = ['example.fqdn', '192.168.1.1', '10.1.5.0 - 10.1.5.60']

scan_id = nsc.scan_assets_with_template_engine(site_id, assets_to_scan, template, engine_id)

puts scan_id

If any errors occur, they should be returned and match what you would see in the UI.

[ben-git-hub99]

Hi @gschneider-r7, I've tried out the branch and it works great! Can you make a second method to allow a single asset to be used instead of asset.join(,)? This would fit my needs exactly.

I can get around it with something like this:

site_id = 1
template = ['discovery','custom_discovery']
assets_to_scan = ['10.1.5.1, 'example.fqdn','10.1.5.2','example2.fqdn']
eng=3
template.each do |temp|
    assets_to_scan.each do |asset|
      asset = [asset,nil]
      scan_id = nsc.scan_assets_with_template_engine(site_id, asset, temp, eng)
      puts "Started scan_id: #{scan_id} for #{asset} using engine_id: #{eng} and template: #{temp}"
    end
end

But that seems a bit tacky. I look forward to the release of this. Thanks!

[gschneider-r7]

I've updated my fork to take into account an array with only 1 address in it, which should solve that issue.

[ben-git-hub99]

I couldn't figure out how to clone the fork, but I saw the commit history and just added the diffs. This works great! Any idea when you can get it shipped out in a release? I would love to multi-thread my project. 👍

[erran-r7]

I couldn't figure out how to clone the fork

For future reference, no need to, you could've added @gschneider-r7's fork as an additional upstream.

cd /path/to/your-checkout-of/nexpose-client
git remote add gschneider-r7 git@github.com:gschneider-r7/nexpose-client.git
git fetch gschneider-r7
# git cherry-pick COMMITS_YOU_CARE_FOR
# git checkout BRANCH_YOU_WANT_TO_USE --track gschneider-r7/BRANCH_YOU_WANT_TO_USE
# git pull gschneider-r7 BRANCH_YOU_WANT_TO_MERGE

If you're using bundler with rubygems you can point to @gschneider-r7, or your own fork and branch, on GitHub; see http://bundler.io/git.html. Obviously that wouldn't be useful with gems you want to push to rubygems.org though (they can't have git dependencies).

[ben-git-hub99]

Thanks for that information. I am still a bit new to Git.