risu 1.4.3

data/lib/nessusdb/listener.rb

@@ -0,0 +1,274 @@
+# encoding: utf-8
+
+require "nessusdb"
+
+module NessusDB
+
+	# NessusSaxListener
+	#
+	#
+	# @author Jacob Hammack <jacob.hammack@hammackj.com>
+	class NessusSaxListener
+		include LibXML::XML::SaxParser::Callbacks
+
+		# Sets up a array of all valid xml fields
+		#
+		#
+		def initialize
+			@vals = Hash.new
+
+			@valid_elements = Array["see_also", "cve", "ReportItem", "xref", "bid", "plugin_version", "risk_factor",
+				"description", "cvss_base_score", "solution", "item", "plugin_output", "tag", "synopsis", "plugin_modification_date",
+				"FamilyName", "FamilyItem", "Status", "vuln_publication_date", "ReportHost", "HostProperties", "preferenceName",
+				"preferenceValues", "preferenceType", "fullName", "pluginId", "pluginName", "selectedValue", "selectedValue",
+				"name", "value", "preference", "plugin_publication_date", "cvss_vector", "patch_publication_date",
+				"NessusClientData_v2", "Policy", "PluginName", "ServerPreferences", "policyComments", "policyName", "PluginItem",
+				"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
+				"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
+				"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
+				"plugin_type", "cpe"]
+
+				# This makes adding new host properties really easy.
+				@valid_host_properties = {
+					"HOST_END" => :end ,
+					"mac-address" => :mac ,
+					"HOST_START" => :start ,
+					"operating-system" => :os,
+					"host-ip" => :ip ,
+					"host-fqdn" => :fqdn ,
+					"netbios-name" => :netbios ,
+					"local-checks-proto" => :local_checks_proto ,
+					"smb-login-used" => :smb_login_used ,
+					"ssh-auth-meth" => :ssh_auth_meth ,
+					"ssh-login-used" => :ssh_login_used ,
+					"pci-dss-compliance" => :pci_dss_compliance ,
+					"pci-dss-compliance:" => :pci_dss_compliance_ ,
+					"pcidss:compliance:failed" => :pcidss_compliance_failed,
+					"pcidss:compliance:passed" => :pcidss_compliance_passed,
+					"pcidss:deprecated_ssl" => :pcidss_deprecated_ssl,
+					"pcidss:expired_ssl_certificate" => :pcidss_expired_ssl_certificate,
+					"pcidss:high_risk_flaw" => :pcidss_high_risk_flaw,
+					"pcidss:medium_risk_flaw" => :pcidss_medium_risk_flaw,
+					"pcidss:reachable_db" => :pcidss_reachable_db,
+					"pcidss:www:xss" => :pcidss_www_xss
+				}
+				
+				@valid_ms_patches = {
+					"MS11-030" => :ms11_030,
+					"MS11-026" => :ms11_026, 
+					"MS11-034" => :ms11_034, 
+					"MS11-021" => :ms11_021, 
+					"MS11-029" => :ms11_029, 
+					"MS11-023" => :ms11_023, 
+					"MS11-022" => :ms11_022, 
+					"MS09-027" => :ms09_027,
+					"MS11-033" => :ms11_033, 
+					"MS11-019" => :ms11_019, 
+					"MS11-024" => :ms11_024, 
+					"MS11-031" => :ms11_031, 
+					"MS11-020" => :ms11_020, 
+					"MS11-018" => :ms11_018, 
+					"MS11-028" => :ms11_028, 
+					"MS11-032" => :ms11_032
+				}
+		end
+
+		# Callback for when the start of a xml element is reached
+		#
+		# @param element
+		# @param attributes
+		def on_start_element(element, attributes)
+			@tag = element
+			@vals[@tag] = ""
+
+			if !@valid_elements.include?(element)
+				puts "New XML element detected: #{element}. Please report this to #{NessusDB::EMAIL}"
+			end
+
+			case element
+				when "Policy"
+					@policy = NessusDB::Models::Policy.create
+					@policy.save
+				when "preference"
+					@sp = @policy.server_preferences.create
+					@sp.save
+				when "item"
+					@item = @policy.plugins_preferences.create
+					@item.save
+				when "FamilyItem"
+					@family = @policy.family_selections.create
+					@family.save
+				when "PluginItem"
+					@plugin_selection = @policy.individual_plugin_selections.create
+					@plugin_selection.save
+				when "Report"
+					@report = @policy.reports.create
+					@report.name = attributes["name"]
+					@report.save
+				when "ReportHost"
+					@rh = @report.hosts.create
+					@rh.name = attributes["name"]
+					@rh.save
+				when "tag"
+					unless attributes["name"] =~ /(MS\d\d-\d\d\d)/
+					    @attr = if @valid_host_properties.keys.include?(attributes["name"])
+					            attributes["name"]
+					        else
+					            nil
+					        end
+					    puts "New HostProperties attribute: #{attributes["name"]}. Please report this to jacob.hammack@hammackj.com\n" if @attr.nil?    
+					end
+				when "ReportItem"
+					@vals = Hash.new # have to clear this out or everything has the same references
+					@ri = @rh.items.create
+					if attributes["pluginID"] == "0"
+						@plugin = NessusDB::Models::Plugin.find_or_create_by_id(1)
+					else
+						@plugin = NessusDB::Models::Plugin.find_or_create_by_id(attributes["pluginID"])
+					end
+
+					@ri.port	= attributes["port"]
+					@ri.svc_name = attributes["svc_name"]
+					@ri.protocol = attributes["protocol"]
+					@ri.severity = attributes["severity"]
+
+					@ri.plugin_id = @plugin.id
+					@plugin.plugin_name = attributes["pluginName"]
+					@plugin.family_name = attributes["pluginFamily"]
+					@plugin.save
+					@ri.save
+			end
+		end
+
+		# Called when the inner text of a element is reached
+		#
+		# @param text
+		def on_characters(text)
+			if @vals[@tag] == nil then
+				@vals[@tag] = text
+			else
+				@vals[@tag] << text
+			end
+		end
+
+		# Called when the end of the xml element is reached
+		#
+		# @param element
+		def on_end_element(element)
+			@tag = nil
+			case element
+				when "policyName"
+					@policy.attributes = {
+						:name => @vals["policyName"]
+					}
+
+					@policy.save
+				when "policyComments"
+					@policy.attributes = {
+						:comments => @vals["policyComments"]
+					}
+
+					@policy.save
+				when "preference"
+					@sp.attributes = {
+						:name => @vals["name"],
+						:value => @vals["value"]
+					}
+					@sp.save
+
+					#This takes a really long time, there is about 34,000 pluginIDs in this
+					#field and it takes about 36 minutes to parse just this info =\
+					#lets prepopulate the plugins table with the known pluginid's
+					#if @vals["name"] == "plugin_set"
+					#	 @all_plugins = @vals["value"].split(";")
+					#
+					#	 @all_plugins.each { |p|
+					#			@plug = Plugin.find_or_create_by_id(p)
+					#			@plug.save
+					#	 }
+					#end
+				when "item"
+					@item.attributes = {
+						:plugin_name => @vals["pluginName"],
+						:plugin_id => @vals["pluginId"],
+						:fullname => @vals["fullName"],
+						:preference_name => @vals["preferenceName"],
+						:preference_type => @vals["preferenceType"],
+						:preference_values => @vals["preferenceValues"],
+						:selected_values => @vals["selectedValue"]
+					}
+
+					@item.save
+				when "FamilyItem"
+					@family.attributes = {
+						:family_name => @vals["FamilyName"],
+						:status => @vals["Status"]
+					}
+
+					@family.save
+				when "PluginItem"
+					@plugin_selection.attributes = {
+						:plugin_id => @vals["PluginId"],
+						:plugin_name => @vals["PluginName"],
+						:family => @vals["Family"],
+						:status => @vals["Status"]
+					}
+
+					@plugin_selection.save
+				when "tag"
+					@rh.attributes = {@valid_host_properties[@attr] => @vals["tag"].gsub("\n", ",") } if @valid_host_properties.keys.include?(@attr) 
+					@rh.save
+				#We cannot handle the references in the same block as the rest of the ReportItem tag because
+				#there tends to be more than of the different types of reference per ReportItem, this causes issue for a sax
+				#parser. To solve this we do the references before the final plugin data
+				when "cve"
+					@cve = @plugin.references.create
+					@cve.reference_name = "cve"
+					@cve.value = @vals["cve"]
+					@cve.save
+				when "bid"
+					@bid = @plugin.references.create
+					@bid.reference_name = "bid"
+					@bid.value = @vals["bid"]
+					@bid.save
+				when "see_also"
+					@see_also = @plugin.references.create
+					@see_also.reference_name = "see_also"
+					@see_also.value = @vals["see_also"]
+					@see_also.save
+				when "xref"
+					@xref = @plugin.references.create
+					@xref.reference_name = "xref"
+					@xref.value = @vals["xref"]
+					@xref.save
+				when "ReportItem"
+					@ri.plugin_output = @vals["plugin_output"]
+					@ri.save
+
+					@plugin.attributes = {
+						:solution => @vals["solution"],
+						:risk_factor => @vals["risk_factor"],
+						:description => @vals["description"],
+						:plugin_publication_date => @vals["plugin_publication_date"],
+						:synopsis => @vals["synopsis"],
+						:plugin_type => @vals["plugin_type"],
+						:cvss_vector => @vals["cvss_vector"],
+						:cvss_base_score => @vals["cvss_base_score"],
+						:vuln_publication_date => @vals["vuln_publication_date"],
+						:plugin_version => @vals["plugin_version"],
+						:cvss_temporal_score => @vals["cvss_temporal_score"],
+						:cvss_temporal_vector => @vals["cvss_temporal_vector"],
+						:exploitability_ease => @vals["exploitability_ease"],
+						:exploit_framework_core => @vals["exploit_framework_core"],
+						:exploit_available => @vals["exploit_available"],
+						:exploit_framework_metasploit => @vals["exploit_framework_metasploit"],
+						:metasploit_name => @vals["metasploit_name"],
+						:exploit_framework_canvas => @vals["exploit_framework_canvas"],
+						:canvas_package => @vals["canvas_package"],
+						:cpe => @vals["cpe"]
+					}
+					@plugin.save
+			end
+		end
+	end
+end

data/lib/nessusdb/models.rb

@@ -0,0 +1,18 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+	end
+end
+
+require 'nessusdb/models/host'
+require 'nessusdb/models/familyselection'
+require 'nessusdb/models/item'
+require 'nessusdb/models/individualpluginselection'
+require 'nessusdb/models/plugin'
+require 'nessusdb/models/pluginspreference'
+require 'nessusdb/models/serverpreference'
+require 'nessusdb/models/report'
+require 'nessusdb/models/reference'
+require 'nessusdb/models/policy'
+require 'nessusdb/models/version'

data/lib/nessusdb/models/familyselection.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models	
+		# FamilySelection Model
+		#
+		# @author Jacob Hammack
+		class FamilySelection < ActiveRecord::Base
+		  belongs_to :policy
+		end
+	end
+end

data/lib/nessusdb/models/host.rb

@@ -0,0 +1,359 @@
+# encoding: utf-8
+
+module NessusDB
+	module Models
+		# Host Model
+		#
+		# @author Jacob Hammack <jacob.hammack@hammackj.com>
+		class Host < ActiveRecord::Base
+			belongs_to :report
+			has_many :items
+
+			class << self
+
+				#
+				#
+				#
+				#def hosts_with_blacklist blacklist_hosts_id
+				# if blacklist_host_id == nil
+				#		where("id != ?", blacklist_host_id).count
+				# else
+			 #		count
+				# end
+				#end
+
+				# Sorts all of the hosts where the ip address is not null
+				#
+				# @return [Array] With all the Ip's in sorted order
+				def sorted
+					hosts = Host.where("ip is not NULL").order("ip").all
+
+					#Sort the ips in natural order.
+					hosts.sort! do |a,b|
+						ip1 = IPAddr.new a.ip
+						ip2 = IPAddr.new b.ip
+
+						ip1 <=> ip2
+					end
+
+					return hosts
+				end
+
+				# Queries for hosts with a Windows based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows
+					where("os LIKE '%Windows%'")#.group(:os)
+				end
+				
+				# Negation query for all hosts with a Windows based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows
+					where("os NOT LIKE '%Windows%'")
+				end
+
+				# Queries for hosts with a Windows NT based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_nt
+					where("os LIKE '%Windows NT%'")
+				end
+				
+				# Negation query for all hosts with a Windows NT based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_nt
+					where("os NOT LIKE '%Windows NT%'")
+				end
+				
+				# Queries for hosts with a Windows 2000 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_2k
+					where("os LIKE '%Windows 2000%'")
+				end
+							
+				# Negation query for all hosts with a Windows 2000 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_2k
+					where("os NOT LIKE '%Windows 2000%'")
+				end
+
+				# Queries for hosts with a Windows XP based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_xp
+					where("os LIKE '%Windows XP%'")
+				end
+				
+				# Negation query for all hosts with a Windows XP based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_xp
+					where("os NOT LIKE '%Windows XP%'")
+				end
+
+				# Queries for hosts with a Windows Server 2003 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_2k3
+					where("os LIKE '%Windows Server 2003%'")
+				end
+				
+				# Negation query for all hosts with a Windows Server 2003 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_2k3
+					where("os NOT LIKE '%Windows Server 2003%'")
+				end
+
+				# Queries for hosts with a Windows Vista based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_vista
+					where("os LIKE '%Windows Vista%'")
+				end
+				
+				# Negation query for all hosts with a Windows Vista based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_vista
+					where("os NOT LIKE '%Windows Vista%'")
+				end
+
+				# Queries for hosts with a Windows Server 2008 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_2k8
+					where("os LIKE '%Windows Server 2008%'")
+				end
+				
+				def not_os_windows_2k8
+					where("os NOT LIKE '%Windows Server 2008%'")
+				end
+
+				# Queries for hosts with a Windows 7 based Operating System
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_7
+					where("os LIKE '%Windows 7%'")
+				end
+				
+				# Negation query for all hosts with a Windows 7 based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_windows_7
+					where("os NOT LIKE '%Windows 7%'")
+				end
+
+				# Queries for hosts with a Windows Operating System that are not 2000,
+				# XP, 2003, Vista, 2008 or 7
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_windows_other
+					not_os_windows_7.not_os_windows_2k8.not_os_windows_vista.not_os_windows_2k3.not_os_windows_xp.not_os_windows_2k.not_os_windows_nt
+				end
+				
+				# Queries for all hosts with a Linux based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_linux
+					where("os LIKE '%Linux%'")
+				end
+				
+				# Negation query for all hosts with a Linux based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_linux
+					where("os NOT LIKE '%Linux%'")
+				end
+
+				# Queries for all hosts with a FreeBSD based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_freebsd
+					where("os LIKE '%FreeBSD%'")
+				end
+				
+				# Negation query for all hosts with a FreeBSD based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_freebsd
+					where("os NOT LIKE '%FreeBSD%'")
+				end
+
+				# Queries for all hosts with a NetBSD based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_netbsd
+					where("os LIKE '%NetBsd%'")
+				end
+				
+				# Negation query for all hosts with a NETbsd based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_netbsd
+					where("os NOT LIKE '%NetBsd%'")
+				end
+
+				# Queries for all hosts with a Cisco IOS based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_cisco
+					where("os LIKE '%CISCO%'")
+				end
+				
+				# Negation query for all hosts with a Cisco based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_cisco
+					where("os NOT LIKE '%CISCO%'")
+				end
+
+				# Queries for all hosts with a VXWorks based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_vxworks
+					where("os LIKE '%VxWorks%'")
+				end
+				
+				# Negation query for all hosts with a VXWorks based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_vxworks
+					where("os NOT LIKE '%VxWorks%'")
+				end
+
+				# Queries for all hosts with a VMware ESX based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_vmware_esx
+					where("os LIKE '%VMware ESX%'")
+				end
+				
+				# Negation query for all hosts with a VMware ESX based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_vmware_esx
+					where("os NOT LIKE '%VMware ESX%'")
+				end
+				
+				# Queries for all hosts with a Mac OSX based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_osx
+					where("os LIKE '%Mac OS X%'")
+				end
+				
+				# Negation query for all hosts with a Mac OSX based Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def not_os_osx
+					where("os NOT LIKE '%Mac OS X%'")
+				end
+
+				# Queries for all hosts with a Unknown Operating system
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def os_other
+					not_os_osx.not_os_linux.not_os_netbsd.not_os_freebsd.not_os_cisco.not_os_vxworks.not_os_vmware_esx.not_os_windows
+				end
+
+				# Generates a graph of the high and medium findings count per host
+				#
+				# @return [StringIO] Binary image object of the results
+				def top_vuln_graph(limit=10)
+					g = Gruff::Bar.new(GRAPH_WIDTH)
+					g.title = sprintf "Top %d High/Medium Finding Count Per Host ", Item.risks_by_host(limit).all.count
+					g.sort = false
+					g.theme = {
+						:colors => %w(red green blue orange yellow purple black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					Item.risks_by_host(limit).all.each do |item|
+						ip = Host.find_by_id(item.host_id).name
+						count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
+
+						g.data(ip, count)
+					end
+
+					StringIO.new(g.to_blob)
+				end
+
+				# Graphs the percentage of other "non Windows" Operating Systems
+				#
+				# @return [StringIO] Binary image object of the results
+				def other_os_graph
+					g = Gruff::Pie.new(GRAPH_WIDTH)
+					g.title = "Other Operating Systems Percentage"
+					g.sort = false
+					g.theme = {
+						:colors => %w(red green blue orange yellow purple black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					linux = Host.os_linux.all.count
+					osx = Host.os_osx.all.count
+					freebsd = Host.os_freebsd.all.count
+					netbsd = Host.os_netbsd.all.count
+					cisco = Host.os_cisco.all.count
+					vxworks = Host.os_vxworks.all.count
+					esx = Host.os_vmware_esx.all.count
+					other = Host.os_other.all.count
+
+					g.data("Linux", linux) unless linux == 0
+					g.data("OSX", osx) unless osx == 0
+					g.data("FreeBSD", freebsd) unless freebsd == 0
+					g.data("NetBSD", netbsd) unless netbsd == 0
+					g.data("Cisco ISO", cisco) unless cisco == 0
+					g.data("VxWorks", vxworks) unless vxworks == 0
+					g.data("VMware", esx) unless esx == 0
+					g.data("Other", other) unless other == 0
+
+					#Creates very odd graphs
+					#Host.os_other.each do |host|
+					#	g.data(host.os, Host.where(:os => host.os).count) unless host.os == nil
+					#end
+
+					StringIO.new(g.to_blob)
+				end
+
+				# Graphs the percentage of Windows Operating Systems
+				#
+				# @return [StringIO] Binary image object of the results
+				def windows_os_graph
+					g = Gruff::Pie.new(GRAPH_WIDTH)
+					g.title = "Windows Operating Systems By Percentage"
+					g.sort = false
+					g.theme = {
+						:colors => %w(red green blue orange yellow purple black grey brown pink),
+						:background_colors => %w(white white)
+					}
+
+					nt = Host.os_windows_nt.all.count
+					w2k = Host.os_windows_2k.all.count
+					xp = Host.os_windows_xp.all.count
+					w2k3 = Host.os_windows_2k3.all.count
+					vista = Host.os_windows_vista.all.count
+					w2k8 = Host.os_windows_2k8.all.count
+					w7 = Host.os_windows_7.all.count
+					other = (Host.os_windows.os_windows_other).all.count
+
+					g.data("NT", nt) unless nt == 0
+					g.data("2000", w2k) unless w2k == 0
+					g.data("XP", xp) unless xp == 0
+					g.data("Server 2003", w2k3) unless w2k3 == 0
+					g.data("Vista", vista) unless vista == 0
+					g.data("Server 2008", w2k8) unless w2k8 == 0
+					g.data("7", w7) unless w7 == 0
+					g.data("Other Windows", other) unless other == 0
+
+					StringIO.new(g.to_blob)
+				end
+			end
+		end
+	end
+end