nexpose_exploit_check.rb

#!/usr/bin/env ruby

#Snippets inspired by the following posts
#https://github.com/rapid7/nexpose-client/wiki
#https://community.rapid7.com/community/nexpose/blog/2013/12/18/sql-export-report-using-the-api

require 'rubygems'
require 'nexpose'
require 'io/console'
require 'csv'

include Nexpose

#auth vars
host = 'IP'
port = '3780'
user = 'USERNAME'
pass = 'PASSWORD'

#Create connector
puts "Nexpose Vuln Exploits Check (30 days) Script: Dennis Chow v1.0 20140331"
puts "\nConnecting to #{host} as #{user}..."
nsc = Nexpose::Connection.new(host, user, pass, port)

begin
  #auth
  nsc.login
  #clean logout
  at_exit { nsc.logout }
  
rescue ::Nexpose::APIError => err
  $stderr.puts("Connection failed: #{err.reason}")
  exit(1)
end

#One blink for yes, two blinks for no!
class Beep
  #The use of "self" init a class method rather than instance method
  def self.pass
    print "\a"
  end
  def self.fail
    print "\a \a"
  end
end


puts "Please enter vuln series to search"
puts "Example: Enter MS14- if you want to encompass MS14-012, MS14-013 etc."
puts "Example: For all exploitable vulns in the last 30 days. Do not enter anything and hit enter."
prompt = ' > '
print prompt
#Limiting character count to 32
UserInput = STDIN.gets(32).chomp()
puts "You entered: #{UserInput}"

#begin cat sql query
queryA = "
SELECT nexpose_id, title, proofAsText(description) AS desc, date_published, exploits, malware_kits, severity, pci_status, round(cvss_score::numeric, 2) AS cvss_score FROM dim_vulnerability WHERE now() - date_published <= INTERVAL '30 days' AND (exploits >=1 OR malware_kits >=1) AND title LIKE '%"

queryB = UserInput

queryC = "ORDER BY date_published DESC;"

queryD = queryA + queryB + "%' " + queryC

#adhoc reports delete themselves
report_config = Nexpose::AdhocReportConfig.new(nil, 'sql')
report_config.add_filter('version', '1.1.0')
report_config.add_filter('query', queryD)

#parse to csv format
report_output = report_config.generate(nsc)
csv_output = CSV.parse(report_output.chomp, { :headers => :first_row } )

#write out to csv file
fileOut = File.open("exploitable_vulns.csv", 'w')
fileOut.write(csv_output)
fileOut.close()
Beep.pass

puts "Export of vulnerable exploits within the last 30 days complete. Filename: exploitable_vulns.csv"

exit