I’ve been programming Expect scripts today, to login to Juniper routers and parse their config using Nessus. Similar to what I attempted with Cisco switches a while back, but I never really got into it then. I’ve got a working implementation now that can login to my Olive VM using just the regular expect program and a NASL script, no custom TCL or Perl or even the policy compliance plugin required.

I could probably get it down to one expect script per vendor for logging in and fetching the config, then a NASL script per device type to parse the output, e.g. for Cisco you’d have an expect script, then a NASL for CatOS on a 6509 and another for IOS on a 2950.

Its funny, if Cisco could sort out their SSH implementation to accept a command as input – like “ssh admin@10.0.0.4 show running-config” and use SSH keys, then everyone and his dog wouldn’t be writing expect scripts to do automated logins!

Anyway, here’s the basic expect script (created by running autoexpect and tidying the output) to query the config for a particular interface on JunOS Olive 9:

#!/usr/bin/expect

spawn ssh root@10.0.0.2
expect -exact "root@10.0.0.2's password: "
send -- "l337hax0r\r"
expect -re "\r
--- JUNOS.*\r
.*root@% "
send -- "cli\r"
expect -exact "cli\r\r
root> "
send -- "show interfaces em0 media\r"
expect -re " \r
.*
\r
root> "
send -- "exit\r"
expect -exact " \r
\r
root@% "
send -- "exit\r"
expect eof

You run that using pread() from the NASL, passing in the username, password, IP etc; to argv[], and Bob’s your uncle!