risu 1.4.3

data/lib/nessusdb/templates/finding_statistics.rb

@@ -0,0 +1,23 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) {
+	text "Finding Statistics", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+text "Scan Date:", :style => :bold
+text "#{Report.scan_date}"
+text "\n"
+
+headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
+data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]
+
+table([headers] + [data], :header => true, :width => bounds.width) do
+	row(0).style(:font_style => :bold, :background_color => 'cccccc')
+	cells.borders = [:top, :bottom, :left, :right]
+end

data/lib/nessusdb/templates/findings_host.rb

@@ -0,0 +1,49 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "Findings Summary Report", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+Host.sorted.each do |host|
+	if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
+		font_size(20) { 
+			text "#{host.ip} - #{host.fqdn}", :style => :bold 
+			}
+	end
+	
+	if host.items.high_risks_unique_sorted.all.size > 0
+		font_size(18) { 
+			fill_color "FF0000"
+			text "High Findings", :style => :bold 
+			fill_color "000000"
+		}
+	
+		host.items.high_risks_unique_sorted.each do |item|
+			name = Plugin.find_by_id(item.plugin_id).plugin_name
+			text "#{name}"
+		end
+	end
+	
+	if host.items.medium_risks_unique_sorted.all.size > 0
+		font_size(18) { 
+			fill_color "FF8040"
+			text "Medium Findings", :style => :bold 
+			fill_color "000000"
+		}
+	
+		host.items.medium_risks_unique_sorted.each do |item|
+			name = Plugin.find_by_id(item.plugin_id).plugin_name
+			text "#{name}"
+		end
+	end
+	
+	if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
+		text "\n"
+	end
+end

data/lib/nessusdb/templates/findings_summary.rb

@@ -0,0 +1,68 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "Findings Summary Report", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+font_size(20) { 
+	fill_color "FF0000"
+	text "High Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.high_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name}"
+end
+
+start_new_page
+
+font_size(20) { 
+	fill_color "FF8040"
+	text "Medium Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.medium_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name}"
+end
+
+start_new_page
+
+font_size(20) { 
+	fill_color "0000FF"
+	text "Low Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.low_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name}"
+end
+
+#Provides nothing
+#font_size(20) { 
+#	fill_color "008000"
+#	text "Low Findings", :style => :bold 
+#	fill_color "000000"
+#}
+#
+#Item.low_risks_unique_sorted.each do |item|
+#	name = Plugin.find_by_id(item.plugin_id).plugin_name
+#	count = Item.where(:plugin_id => item.plugin_id).count
+#
+#	text "#{count} - #{name}"
+#end

data/lib/nessusdb/templates/findings_summary_with_pluginid.rb

@@ -0,0 +1,68 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "Findings Summary Report", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+font_size(20) { 
+	fill_color "FF0000"
+	text "High Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.high_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name} - #{item.plugin_id}"
+end
+
+start_new_page
+
+font_size(20) { 
+	fill_color "FF8040"
+	text "Medium Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.medium_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name} - #{item.plugin_id}"
+end
+
+start_new_page
+
+font_size(20) { 
+	fill_color "0000FF"
+	text "Low Findings", :style => :bold 
+	fill_color "000000"
+}
+
+Item.low_risks_unique_sorted.each do |item|
+	name = Plugin.find_by_id(item.plugin_id).plugin_name
+	count = Item.where(:plugin_id => item.plugin_id).count
+
+	text "#{count} - #{name} - #{item.plugin_id}"
+end
+
+#Provides nothing
+#font_size(20) { 
+#	fill_color "008000"
+#	text "Low Findings", :style => :bold 
+#	fill_color "000000"
+#}
+#
+#Item.low_risks_unique_sorted.each do |item|
+#	name = Plugin.find_by_id(item.plugin_id).plugin_name
+#	count = Item.where(:plugin_id => item.plugin_id).count
+#
+#	text "#{count} - #{name}"
+#end

data/lib/nessusdb/templates/graphs.rb

@@ -0,0 +1,33 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(24) { text Report.title, :align => :center }
+font_size(18) { 
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+start_new_page
+
+image Item.risks_by_severity_graph, :width => 500, :height => 375, :position => :center
+
+start_new_page
+
+image Item.risks_by_service_graph(10), :width => 500, :height => 375, :position => :center
+
+start_new_page
+
+image Plugin.top_by_count_graph(10), :width => 500, :height => 375, :position => :center
+
+start_new_page
+
+image Host.top_vuln_graph(10), :width => 500, :height => 375, :position => :center
+
+start_new_page
+
+image Host.other_os_graph, :width => 500, :height => 375, :position => :center
+
+start_new_page
+
+image Host.windows_os_graph, :width => 500, :height => 375, :position => :center

data/lib/nessusdb/templates/host_summary.rb

@@ -0,0 +1,40 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) {
+	text "Host Summary Report", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+results = Array.new
+
+headers = ["Hostname", "Total", "High", "Medium", "Low", "Info"]
+header_widths = {0 => 137, 1 => 75, 2 => 75, 3 => 75, 4 => 75, 5 => 75}
+
+Host.sorted.each do |host|
+	row = Array.new
+
+	total  = Item.risks.where(:host_id => host.id).count
+	high = Item.high_risks.where(:host_id => host.id).count
+	medium = Item.medium_risks.where(:host_id => host.id).count
+	low = Item.low_risks.where(:host_id => host.id).count
+	info = Item.info_risks.where(:host_id => host.id).count
+
+	row.push(host.name)
+	row.push(total)
+	row.push(high)
+	row.push(medium)
+	row.push(low)
+	row.push(info)
+
+	results.push(row)
+end
+
+table([headers] + results, :header => true, :column_widths => header_widths, :row_colors => ['ffffff', 'E5E5E5']) do
+	row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
+	cells.borders = [:top, :bottom, :left, :right]
+end

data/lib/nessusdb/templates/ms_patch_summary.rb

@@ -0,0 +1,37 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "Missing Microsoft Patch Summary", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+Item.ms_patches.each do |item|
+	host = Host.find_by_id(item.host_id)
+	
+	if host == nil
+		next
+	end
+	
+	if host.name != nil
+		text "Host:", :style => :bold 
+		text host.name
+	end
+	
+	if host.os != nil
+		text "OS:", :style => :bold
+		text host.os
+	end
+	
+	if host.mac != nil
+		text "Mac:", :style => :bold
+		text host.mac
+	end
+	text "\n"
+	text item.plugin_output
+	text "\n"
+end

data/lib/nessusdb/templates/ms_update_summary.rb

@@ -0,0 +1,43 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "Microsoft Update Summary", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+font_size(12)
+
+results = Array.new
+
+headers = ["Hostname","Operating System", "Windows Update Status"]
+header_widths = {0 => 108, 1 => 264, 2 => 140}
+
+Item.ms_update.each do |item|
+	host = Host.find_by_id(item.host_id)
+	
+	if host == nil
+		next
+	end
+	
+	row = Array.new
+	row.push(host.name)
+	row.push(host.os)
+	
+	if item.plugin_output =~ /'Automatic Updates' are disabled/
+		row.push("Disabled")
+	else
+		row.push("Enabled")
+	end
+	
+	results.push(row)
+end
+
+table([headers] + results, :header => true, :column_widths => header_widths, :row_colors => ['ffffff', '336699']) do
+	row(0).style(:font_style => :bold, :background_color => 'cccccc')
+	cells.borders = [:top, :bottom, :left, :right]
+end

data/lib/nessusdb/templates/pci_compliance.rb

@@ -0,0 +1,66 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) { 
+	text "PCI /DSS Complience Overview", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+@hosts_count = Host.find(:all, :conditions => ["pci_dss_compliance is not null"]).count
+@hosts_passed = Host.find(:all, :conditions => ["pci_dss_compliance like 'passed'"])
+@hosts_failed = Host.find(:all, :conditions => ["pci_dss_compliance like 'failed'"])
+
+font_size(20) {
+	text "Summary\n", :style => :bold
+}
+
+text "Of #{@hosts_count} total hosts, #{@hosts_passed.count} passed and #{@hosts_failed.count} failed."
+
+text "\n\n"
+
+if @hosts_passed.length > 0
+	font_size(20) { 
+		fill_color "00FF00"
+		text "PCI / DSS Compliant Hosts", :style => :bold
+		fill_color "000000"
+		}
+	
+	text "\n"
+	
+	@hosts_passed.each do |host|	
+		text "#{host.ip} / #{host.fqdn} - passed\n"
+	end unless @hosts_passed == nil
+	
+	start_new_page
+end
+
+if @hosts_failed.length > 0
+	font_size(20) { 
+		fill_color "FF0000"
+		text "Non PCI / DSS Compliant Hosts", :style => :bold 
+		fill_color "000000"
+		}
+	
+	text "\n"
+	
+	@hosts_failed.each do |host|	
+			host_id = host.id
+			plugin = Plugin.find(:first, :conditions => { :id => 33929 })
+			item = Item.find(:first, :conditions => { :host_id => host_id, :plugin_id => plugin.id })
+
+			text "#{host.ip} / #{host.fqdn} - failed\n", :style => :bold
+			text "Description:\n", :style => :bold
+			text "#{plugin.description}\n"
+			text "Plugin Output:\n", :style => :bold
+			text "#{item.plugin_output}\n"
+
+			text "\n"
+
+	end unless @hosts_failed == nil
+	
+	start_new_page
+end

data/lib/nessusdb/templates/technical_findings.rb

@@ -0,0 +1,116 @@
+text Report.classification, :align => :center
+text "\n"
+
+font_size(22) { text Report.title, :align => :center }
+font_size(18) {
+	text "High and Medium Findings", :align => :center
+	text "\n"
+	text "This report was prepared by\n#{Report.author}", :align => :center
+}
+
+text "\n\n\n"
+
+#@todo Revamping blacklisting in 1.3
+#blacklist_ip = "-"
+#blacklist_host_id = Host.where(:ip => blacklist_ip)
+#.where("host_id != (?)", blacklist_host_id)
+
+unique_risks = Array.new
+unique_risks << Hash[:title => "High Findings", :color => "FF0000", :values => Item.high_risks_unique]
+unique_risks << Hash[:title => "Medium Findings", :color => "FF8040", :values => Item.medium_risks_unique]
+
+unique_risks.each do |h|
+	if h[:values].length > 1
+		font_size(20) {
+			fill_color h[:color]
+			text h[:title], :style => :bold
+			fill_color "000000"
+			}
+
+		text "\n"
+
+		h[:values].each do |f|
+
+			hosts = Item.where(:plugin_id => f.plugin_id)
+			plugin = Plugin.find_by_id(f.plugin_id)
+
+			#Check if vuln is just on the blacklisted
+			#if hosts.count == 1
+			# if hosts.first.host_id == blacklist_host_id.first.id
+			#		next
+			# end
+			#end
+
+
+			references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)
+
+			font_size(16) { text "#{plugin.plugin_name}\n" }
+
+			if hosts.length > 1
+				text "Hosts", :style => :bold
+			else
+				text "Host", :style => :bold
+			end
+
+			hostlist = Array.new
+			hosts.each do |host|
+				h = Host.find_by_id(host.host_id)
+				#if h.id != blacklist_host_id.first.id
+					hostlist << h.name
+				#end
+			end
+
+			text hostlist.join(', ')
+
+			if f.plugin_output != nil
+				text "\nPlugin output", :style => :bold
+				text f.plugin_output
+			end
+
+			if plugin.description != nil
+				text "\nDescription", :style => :bold
+				text plugin.description
+			end
+
+			if plugin.synopsis != nil
+				text "\nSynopsis", :style => :bold
+				text plugin.synopsis
+			end
+
+			if plugin.cvss_base_score != nil
+				text "\nCVSS Base Score", :style => :bold
+				text plugin.cvss_base_score
+			end
+
+			if plugin.exploit_available != nil
+				text "\nExploit Available", :style => :bold
+
+				if plugin.exploit_available == "true"
+					text "Yes"
+				else
+					text "No"
+				end
+			end
+
+			if plugin.solution != nil
+				text "\nSolution", :style => :bold
+				text plugin.solution
+			end
+
+			if references.size != 0
+				text "\nReferences", :style => :bold
+				references.each { |ref|
+					ref_text = sprintf "%s: %s\n", ref.reference_name, ref.value
+					text ref_text
+				}
+				text "\nNessus Plugin", :style => :bold
+				text "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{f.plugin_id}"
+			end
+				text "\n"
+		end
+	end
+
+	start_new_page unless h[:values] == nil
+end
+
+number_pages "<page> of <total>", :at => [bounds.right - 75, 0], :width => 150, :page_filter => :all