risu 1.4.4 → 1.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/NEWS.markdown +14 -1
- data/README.markdown +23 -41
- data/TODO.markdown +48 -39
- data/lib/risu.rb +4 -9
- data/lib/risu/base.rb +15 -0
- data/lib/risu/base/prawn_templater.rb +37 -0
- data/lib/risu/{schema.rb → base/schema.rb} +34 -15
- data/lib/risu/base/template_base.rb +23 -0
- data/lib/risu/base/template_manager.rb +106 -0
- data/lib/risu/base/templater.rb +37 -0
- data/lib/risu/cli/application.rb +28 -8
- data/lib/risu/models.rb +1 -2
- data/lib/risu/models/host.rb +147 -23
- data/lib/risu/models/item.rb +131 -43
- data/lib/risu/models/plugin.rb +1 -1
- data/lib/risu/models/report.rb +11 -1
- data/lib/risu/models/serverpreference.rb +0 -2
- data/lib/risu/models/servicedescription.rb +10 -0
- data/lib/risu/parsers.rb +2 -3
- data/lib/risu/parsers/nessus/nessus_document.rb +69 -0
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +278 -0
- data/lib/risu/templates/assets.rb +45 -18
- data/lib/risu/templates/cover_sheet.rb +70 -42
- data/lib/risu/templates/exec_summary.rb +64 -45
- data/lib/risu/templates/executive_summary.rb +185 -161
- data/lib/risu/templates/finding_statistics.rb +44 -17
- data/lib/risu/templates/findings_host.rb +70 -46
- data/lib/risu/templates/findings_summary.rb +78 -54
- data/lib/risu/templates/findings_summary_with_pluginid.rb +80 -54
- data/lib/risu/templates/graphs.rb +46 -19
- data/lib/risu/templates/host_summary.rb +62 -39
- data/lib/risu/templates/ms_patch_summary.rb +59 -35
- data/lib/risu/templates/ms_update_summary.rb +59 -35
- data/lib/risu/templates/pci_compliance.rb +88 -64
- data/lib/risu/templates/technical_findings.rb +132 -106
- data/lib/risu/templates/template.rb +24 -0
- metadata +12 -6
- data/lib/risu/listener.rb +0 -274
- data/lib/risu/nessusdocument.rb +0 -66
- data/lib/risu/prawn_templater.rb +0 -38
|
@@ -1,23 +1,50 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingStatistics < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "finding_statistics",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates report finding statistics"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22) { text Report.title, :align => :center }
|
|
5
|
-
font_size(18) {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Finding Statistics", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
10
29
|
|
|
11
|
-
text "\n\n\n"
|
|
30
|
+
output.text "\n\n\n"
|
|
12
31
|
|
|
13
|
-
text "Scan Date:", :style => :bold
|
|
14
|
-
text "#{Report.scan_date}"
|
|
15
|
-
text "\n"
|
|
32
|
+
output.text "Scan Date:", :style => :bold
|
|
33
|
+
output.text "#{Report.scan_date}"
|
|
34
|
+
output.text "\n"
|
|
16
35
|
|
|
17
|
-
headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
|
|
18
|
-
data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]
|
|
36
|
+
headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
|
|
37
|
+
data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]
|
|
19
38
|
|
|
20
|
-
table([headers] + [data], :header => true, :width => bounds.width) do
|
|
21
|
-
|
|
22
|
-
|
|
39
|
+
output.table([headers] + [data], :header => true, :width => output.bounds.width) do
|
|
40
|
+
row(0).style(:font_style => :bold, :background_color => 'cccccc')
|
|
41
|
+
cells.borders = [:top, :bottom, :left, :right]
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
23
47
|
end
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
|
|
@@ -1,49 +1,73 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsHost < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_host",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates a findings report by host"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
22
|
+
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Findings Summary Report", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
output.text "\n\n\n"
|
|
31
|
+
|
|
32
|
+
Host.sorted.each do |host|
|
|
33
|
+
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
34
|
+
output.font_size(20) {
|
|
35
|
+
output.text "#{host.ip} - #{host.fqdn}", :style => :bold
|
|
36
|
+
}
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
if host.items.high_risks_unique_sorted.all.size > 0
|
|
40
|
+
output.font_size(18) {
|
|
41
|
+
output.fill_color "FF0000"
|
|
42
|
+
output.text "High Findings", :style => :bold
|
|
43
|
+
output.fill_color "000000"
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
host.items.high_risks_unique_sorted.each do |item|
|
|
47
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
48
|
+
output.text "#{name}"
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
if host.items.medium_risks_unique_sorted.all.size > 0
|
|
53
|
+
output.font_size(18) {
|
|
54
|
+
output.fill_color "FF8040"
|
|
55
|
+
output.text "Medium Findings", :style => :bold
|
|
56
|
+
output.fill_color "000000"
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
host.items.medium_risks_unique_sorted.each do |item|
|
|
60
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
61
|
+
output.text "#{name}"
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
66
|
+
output.text "\n"
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
end
|
|
43
71
|
end
|
|
44
72
|
end
|
|
45
|
-
|
|
46
|
-
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
47
|
-
text "\n"
|
|
48
|
-
end
|
|
49
73
|
end
|
|
@@ -1,68 +1,92 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsSummary < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_summary",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates a findings summary report"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22) { text Report.title, :align => :center }
|
|
5
|
-
font_size(18) {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Findings Summary Report", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
10
29
|
|
|
11
|
-
text "\n\n\n"
|
|
30
|
+
output.text "\n\n\n"
|
|
12
31
|
|
|
13
|
-
font_size(20) {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
}
|
|
32
|
+
output.font_size(20) {
|
|
33
|
+
output.fill_color "FF0000"
|
|
34
|
+
output.text "High Findings", :style => :bold
|
|
35
|
+
output.fill_color "000000"
|
|
36
|
+
}
|
|
18
37
|
|
|
19
|
-
Item.high_risks_unique_sorted.each do |item|
|
|
20
|
-
|
|
21
|
-
|
|
38
|
+
Item.high_risks_unique_sorted.each do |item|
|
|
39
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
40
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
22
41
|
|
|
23
|
-
|
|
24
|
-
end
|
|
42
|
+
output.text "#{count} - #{name}"
|
|
43
|
+
end
|
|
25
44
|
|
|
26
|
-
start_new_page
|
|
45
|
+
output.start_new_page
|
|
27
46
|
|
|
28
|
-
font_size(20) {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
47
|
+
output.font_size(20) {
|
|
48
|
+
output.fill_color "FF8040"
|
|
49
|
+
output.text "Medium Findings", :style => :bold
|
|
50
|
+
output.fill_color "000000"
|
|
51
|
+
}
|
|
33
52
|
|
|
34
|
-
Item.medium_risks_unique_sorted.each do |item|
|
|
35
|
-
|
|
36
|
-
|
|
53
|
+
Item.medium_risks_unique_sorted.each do |item|
|
|
54
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
55
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
37
56
|
|
|
38
|
-
|
|
39
|
-
end
|
|
57
|
+
output.text "#{count} - #{name}"
|
|
58
|
+
end
|
|
40
59
|
|
|
41
|
-
start_new_page
|
|
60
|
+
output.start_new_page
|
|
42
61
|
|
|
43
|
-
font_size(20) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
}
|
|
62
|
+
output.font_size(20) {
|
|
63
|
+
output.fill_color "0000FF"
|
|
64
|
+
output.text "Low Findings", :style => :bold
|
|
65
|
+
output.fill_color "000000"
|
|
66
|
+
}
|
|
48
67
|
|
|
49
|
-
Item.low_risks_unique_sorted.each do |item|
|
|
50
|
-
|
|
51
|
-
|
|
68
|
+
Item.low_risks_unique_sorted.each do |item|
|
|
69
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
70
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
52
71
|
|
|
53
|
-
|
|
54
|
-
end
|
|
72
|
+
output.text "#{count} - #{name}"
|
|
73
|
+
end
|
|
55
74
|
|
|
56
|
-
#Provides nothing
|
|
57
|
-
#font_size(20) {
|
|
58
|
-
# fill_color "008000"
|
|
59
|
-
# text "Low Findings", :style => :bold
|
|
60
|
-
# fill_color "000000"
|
|
61
|
-
#}
|
|
62
|
-
#
|
|
63
|
-
#Item.low_risks_unique_sorted.each do |item|
|
|
64
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
65
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
66
|
-
#
|
|
67
|
-
# text "#{count} - #{name}"
|
|
68
|
-
#end
|
|
75
|
+
#Provides nothing
|
|
76
|
+
#output.font_size(20) {
|
|
77
|
+
# output.fill_color "008000"
|
|
78
|
+
# output.text "Low Findings", :style => :bold
|
|
79
|
+
# output.fill_color "000000"
|
|
80
|
+
#}
|
|
81
|
+
#
|
|
82
|
+
#Item.low_risks_unique_sorted.each do |item|
|
|
83
|
+
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
84
|
+
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
85
|
+
#
|
|
86
|
+
# output.text "#{count} - #{name}"
|
|
87
|
+
#end
|
|
88
|
+
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
@@ -1,68 +1,94 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsSummaryWithPluginID < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_summary_with_pluginid",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Geneates a Findings Summary with Nessus Plugin ID"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22)
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
23
|
+
output.font_size(22) do
|
|
24
|
+
output.text Report.title, :align => :center
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
output.font_size(18) do
|
|
28
|
+
output.text "Findings Summary Report", :align => :center
|
|
29
|
+
output.text "\n"
|
|
30
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
31
|
+
end
|
|
10
32
|
|
|
11
|
-
text "\n\n\n"
|
|
33
|
+
output.text "\n\n\n"
|
|
12
34
|
|
|
13
|
-
font_size(20) {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
}
|
|
35
|
+
output.font_size(20) {
|
|
36
|
+
output.fill_color "FF0000"
|
|
37
|
+
output.text "High Findings", :style => :bold
|
|
38
|
+
output.fill_color "000000"
|
|
39
|
+
}
|
|
18
40
|
|
|
19
|
-
Item.high_risks_unique_sorted.each do |item|
|
|
20
|
-
|
|
21
|
-
|
|
41
|
+
Item.high_risks_unique_sorted.each do |item|
|
|
42
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
43
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
22
44
|
|
|
23
|
-
|
|
24
|
-
end
|
|
45
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
46
|
+
end
|
|
25
47
|
|
|
26
|
-
start_new_page
|
|
48
|
+
output.start_new_page
|
|
27
49
|
|
|
28
|
-
font_size(20) {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
50
|
+
output.font_size(20) {
|
|
51
|
+
output.fill_color "FF8040"
|
|
52
|
+
output.text "Medium Findings", :style => :bold
|
|
53
|
+
output.fill_color "000000"
|
|
54
|
+
}
|
|
33
55
|
|
|
34
|
-
Item.medium_risks_unique_sorted.each do |item|
|
|
35
|
-
|
|
36
|
-
|
|
56
|
+
Item.medium_risks_unique_sorted.each do |item|
|
|
57
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
58
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
37
59
|
|
|
38
|
-
|
|
39
|
-
end
|
|
60
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
61
|
+
end
|
|
40
62
|
|
|
41
|
-
start_new_page
|
|
63
|
+
output.start_new_page
|
|
42
64
|
|
|
43
|
-
font_size(20) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
}
|
|
65
|
+
output.font_size(20) {
|
|
66
|
+
output.fill_color "0000FF"
|
|
67
|
+
output.text "Low Findings", :style => :bold
|
|
68
|
+
output.fill_color "000000"
|
|
69
|
+
}
|
|
48
70
|
|
|
49
|
-
Item.low_risks_unique_sorted.each do |item|
|
|
50
|
-
|
|
51
|
-
|
|
71
|
+
Item.low_risks_unique_sorted.each do |item|
|
|
72
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
73
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
52
74
|
|
|
53
|
-
|
|
54
|
-
end
|
|
75
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
76
|
+
end
|
|
55
77
|
|
|
56
|
-
#Provides nothing
|
|
57
|
-
#font_size(20) {
|
|
58
|
-
# fill_color "008000"
|
|
59
|
-
# text "Low Findings", :style => :bold
|
|
60
|
-
# fill_color "000000"
|
|
61
|
-
#}
|
|
62
|
-
#
|
|
63
|
-
#Item.low_risks_unique_sorted.each do |item|
|
|
64
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
65
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
66
|
-
#
|
|
67
|
-
# text "#{count} - #{name}"
|
|
68
|
-
#end
|
|
78
|
+
#Provides nothing
|
|
79
|
+
#output.font_size(20) {
|
|
80
|
+
# output.fill_color "008000"
|
|
81
|
+
# output.text "Low Findings", :style => :bold
|
|
82
|
+
# output.fill_color "000000"
|
|
83
|
+
#}
|
|
84
|
+
#
|
|
85
|
+
#Item.low_risks_unique_sorted.each do |item|
|
|
86
|
+
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
87
|
+
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
88
|
+
#
|
|
89
|
+
# output.text "#{count} - #{name}"
|
|
90
|
+
#end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
end
|