Tuesday, the 17th, will be my first day with the Rapid7 crew. In the past, I have worked a lot with C#/.NET technologies, so Chad Loder asked me to get a C# library written for the Nexpose API. You may find the relevant code here.

Within the repository, you have a nexpose-sharp folder and a nexpose-client folder. The nexpose-client folder contains a small application that consumes the Nexpose XML API via the C# library that I have written, which resides in nexpose-sharp.

Some key design aspects were implemented. Within the nexpose-sharp API library, you have 3 main classes, a NexposeSession, NexposeManager11, and NexposeManager12. Each of these classes implements IDisposable and uses this to ensure sessions and managers are logged out of Nexpose once the object is ready to be disposed. In order to ensure this happens properly, you can use the objects within the context of a using statement.

For instance, to simply authenticate with Nexpose, you would use your NexposeSession class and instantiate it as such:

using (NexposeSession session = new NexposeSession("192.168.1.101"))
{
    session.Authenticate("nexpose"/*username/*, "nexpose"/*password*/);
}

A new NexposeSession object is created within the context of the using statement. When the context ends, the Dispose method is called on the session

object, which logs out the session. But just authenticating isn't very useful. Why don't we grab each vulnerability NeXpose has a definition for and print it to a screen, with some vuln-specific details.

You have two Nexpose managers that have been implemented. Each one implements a specific version of the NeXpose XML API. NexposeManager11 implements the 1.1 XML API which is available on all NeXpose installations of at least version 4.0. NexposeManager12 implements the 1.2 extended XML API which is available for versions of NeXpose of 4.8 and greater. The NexposeManager12 class inherits from NexposeManager11, allowing you access to both API's from the one object. For simplicity, here is an example of the 1.1 API in action.

using (NexposeSession session = new NexposeSession("192.168.56.101"))
{
    session.Authenticate("nexpose"/*user*/, "nexpose"/*password*/);
    
    using (NexposeManager11 manager = new NexposeManager11(session))
    {
        XmlDocument vulns = manager.GetVulnerabilityListing();
        int i = 0;
        foreach (XmlNode vuln in vulns.FirstChild.ChildNodes)
        {
            string vulnID = vuln.Attributes["id"].Value;
            
            XmlDocument deets = manager.GetVulnerabilityDetails(vulnID);
            
            string title = deets.FirstChild.FirstChild.Attributes["title"].Value;
            string severity = deets.FirstChild.FirstChild.Attributes["severity"].Value;
            
            Console.WriteLine(String.Format("{0} has a severity of {1} and an id of {2}", title, severity, vulnID)); 
            
            i++;
            }
        Console.WriteLine("\n\nTotal vulnerabilities in database: " + i);
     } //manager calls Dispose here at the end of the context and logs the session out
}//session checks if it is logged in here at the end of its context, and if it is it will log itself out. 

Of course, for anything more complicated than this, you will want to use XPath or similar. If you end up running into a bug, feel free to send me an email. You may find more information on the respective API's here and here.