risu 1.4.4 → 1.4.5
Sign up to get free protection for your applications and to get access to all the features.
- data/NEWS.markdown +14 -1
- data/README.markdown +23 -41
- data/TODO.markdown +48 -39
- data/lib/risu.rb +4 -9
- data/lib/risu/base.rb +15 -0
- data/lib/risu/base/prawn_templater.rb +37 -0
- data/lib/risu/{schema.rb → base/schema.rb} +34 -15
- data/lib/risu/base/template_base.rb +23 -0
- data/lib/risu/base/template_manager.rb +106 -0
- data/lib/risu/base/templater.rb +37 -0
- data/lib/risu/cli/application.rb +28 -8
- data/lib/risu/models.rb +1 -2
- data/lib/risu/models/host.rb +147 -23
- data/lib/risu/models/item.rb +131 -43
- data/lib/risu/models/plugin.rb +1 -1
- data/lib/risu/models/report.rb +11 -1
- data/lib/risu/models/serverpreference.rb +0 -2
- data/lib/risu/models/servicedescription.rb +10 -0
- data/lib/risu/parsers.rb +2 -3
- data/lib/risu/parsers/nessus/nessus_document.rb +69 -0
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +278 -0
- data/lib/risu/templates/assets.rb +45 -18
- data/lib/risu/templates/cover_sheet.rb +70 -42
- data/lib/risu/templates/exec_summary.rb +64 -45
- data/lib/risu/templates/executive_summary.rb +185 -161
- data/lib/risu/templates/finding_statistics.rb +44 -17
- data/lib/risu/templates/findings_host.rb +70 -46
- data/lib/risu/templates/findings_summary.rb +78 -54
- data/lib/risu/templates/findings_summary_with_pluginid.rb +80 -54
- data/lib/risu/templates/graphs.rb +46 -19
- data/lib/risu/templates/host_summary.rb +62 -39
- data/lib/risu/templates/ms_patch_summary.rb +59 -35
- data/lib/risu/templates/ms_update_summary.rb +59 -35
- data/lib/risu/templates/pci_compliance.rb +88 -64
- data/lib/risu/templates/technical_findings.rb +132 -106
- data/lib/risu/templates/template.rb +24 -0
- metadata +12 -6
- data/lib/risu/listener.rb +0 -274
- data/lib/risu/nessusdocument.rb +0 -66
- data/lib/risu/prawn_templater.rb +0 -38
|
@@ -1,23 +1,50 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingStatistics < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "finding_statistics",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates report finding statistics"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22) { text Report.title, :align => :center }
|
|
5
|
-
font_size(18) {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Finding Statistics", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
10
29
|
|
|
11
|
-
text "\n\n\n"
|
|
30
|
+
output.text "\n\n\n"
|
|
12
31
|
|
|
13
|
-
text "Scan Date:", :style => :bold
|
|
14
|
-
text "#{Report.scan_date}"
|
|
15
|
-
text "\n"
|
|
32
|
+
output.text "Scan Date:", :style => :bold
|
|
33
|
+
output.text "#{Report.scan_date}"
|
|
34
|
+
output.text "\n"
|
|
16
35
|
|
|
17
|
-
headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
|
|
18
|
-
data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]
|
|
36
|
+
headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
|
|
37
|
+
data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]
|
|
19
38
|
|
|
20
|
-
table([headers] + [data], :header => true, :width => bounds.width) do
|
|
21
|
-
|
|
22
|
-
|
|
39
|
+
output.table([headers] + [data], :header => true, :width => output.bounds.width) do
|
|
40
|
+
row(0).style(:font_style => :bold, :background_color => 'cccccc')
|
|
41
|
+
cells.borders = [:top, :bottom, :left, :right]
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
23
47
|
end
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
|
|
@@ -1,49 +1,73 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsHost < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_host",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates a findings report by host"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
22
|
+
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Findings Summary Report", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
output.text "\n\n\n"
|
|
31
|
+
|
|
32
|
+
Host.sorted.each do |host|
|
|
33
|
+
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
34
|
+
output.font_size(20) {
|
|
35
|
+
output.text "#{host.ip} - #{host.fqdn}", :style => :bold
|
|
36
|
+
}
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
if host.items.high_risks_unique_sorted.all.size > 0
|
|
40
|
+
output.font_size(18) {
|
|
41
|
+
output.fill_color "FF0000"
|
|
42
|
+
output.text "High Findings", :style => :bold
|
|
43
|
+
output.fill_color "000000"
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
host.items.high_risks_unique_sorted.each do |item|
|
|
47
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
48
|
+
output.text "#{name}"
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
if host.items.medium_risks_unique_sorted.all.size > 0
|
|
53
|
+
output.font_size(18) {
|
|
54
|
+
output.fill_color "FF8040"
|
|
55
|
+
output.text "Medium Findings", :style => :bold
|
|
56
|
+
output.fill_color "000000"
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
host.items.medium_risks_unique_sorted.each do |item|
|
|
60
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
61
|
+
output.text "#{name}"
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
66
|
+
output.text "\n"
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
end
|
|
43
71
|
end
|
|
44
72
|
end
|
|
45
|
-
|
|
46
|
-
if host.items.high_risks_unique_sorted.all.size > 0 or host.items.medium_risks_unique_sorted.all.size > 0
|
|
47
|
-
text "\n"
|
|
48
|
-
end
|
|
49
73
|
end
|
|
@@ -1,68 +1,92 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsSummary < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_summary",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Generates a findings summary report"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22) { text Report.title, :align => :center }
|
|
5
|
-
font_size(18) {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
23
|
+
output.font_size(22) { output.text Report.title, :align => :center }
|
|
24
|
+
output.font_size(18) {
|
|
25
|
+
output.text "Findings Summary Report", :align => :center
|
|
26
|
+
output.text "\n"
|
|
27
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
28
|
+
}
|
|
10
29
|
|
|
11
|
-
text "\n\n\n"
|
|
30
|
+
output.text "\n\n\n"
|
|
12
31
|
|
|
13
|
-
font_size(20) {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
}
|
|
32
|
+
output.font_size(20) {
|
|
33
|
+
output.fill_color "FF0000"
|
|
34
|
+
output.text "High Findings", :style => :bold
|
|
35
|
+
output.fill_color "000000"
|
|
36
|
+
}
|
|
18
37
|
|
|
19
|
-
Item.high_risks_unique_sorted.each do |item|
|
|
20
|
-
|
|
21
|
-
|
|
38
|
+
Item.high_risks_unique_sorted.each do |item|
|
|
39
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
40
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
22
41
|
|
|
23
|
-
|
|
24
|
-
end
|
|
42
|
+
output.text "#{count} - #{name}"
|
|
43
|
+
end
|
|
25
44
|
|
|
26
|
-
start_new_page
|
|
45
|
+
output.start_new_page
|
|
27
46
|
|
|
28
|
-
font_size(20) {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
47
|
+
output.font_size(20) {
|
|
48
|
+
output.fill_color "FF8040"
|
|
49
|
+
output.text "Medium Findings", :style => :bold
|
|
50
|
+
output.fill_color "000000"
|
|
51
|
+
}
|
|
33
52
|
|
|
34
|
-
Item.medium_risks_unique_sorted.each do |item|
|
|
35
|
-
|
|
36
|
-
|
|
53
|
+
Item.medium_risks_unique_sorted.each do |item|
|
|
54
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
55
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
37
56
|
|
|
38
|
-
|
|
39
|
-
end
|
|
57
|
+
output.text "#{count} - #{name}"
|
|
58
|
+
end
|
|
40
59
|
|
|
41
|
-
start_new_page
|
|
60
|
+
output.start_new_page
|
|
42
61
|
|
|
43
|
-
font_size(20) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
}
|
|
62
|
+
output.font_size(20) {
|
|
63
|
+
output.fill_color "0000FF"
|
|
64
|
+
output.text "Low Findings", :style => :bold
|
|
65
|
+
output.fill_color "000000"
|
|
66
|
+
}
|
|
48
67
|
|
|
49
|
-
Item.low_risks_unique_sorted.each do |item|
|
|
50
|
-
|
|
51
|
-
|
|
68
|
+
Item.low_risks_unique_sorted.each do |item|
|
|
69
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
70
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
52
71
|
|
|
53
|
-
|
|
54
|
-
end
|
|
72
|
+
output.text "#{count} - #{name}"
|
|
73
|
+
end
|
|
55
74
|
|
|
56
|
-
#Provides nothing
|
|
57
|
-
#font_size(20) {
|
|
58
|
-
# fill_color "008000"
|
|
59
|
-
# text "Low Findings", :style => :bold
|
|
60
|
-
# fill_color "000000"
|
|
61
|
-
#}
|
|
62
|
-
#
|
|
63
|
-
#Item.low_risks_unique_sorted.each do |item|
|
|
64
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
65
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
66
|
-
#
|
|
67
|
-
# text "#{count} - #{name}"
|
|
68
|
-
#end
|
|
75
|
+
#Provides nothing
|
|
76
|
+
#output.font_size(20) {
|
|
77
|
+
# output.fill_color "008000"
|
|
78
|
+
# output.text "Low Findings", :style => :bold
|
|
79
|
+
# output.fill_color "000000"
|
|
80
|
+
#}
|
|
81
|
+
#
|
|
82
|
+
#Item.low_risks_unique_sorted.each do |item|
|
|
83
|
+
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
84
|
+
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
85
|
+
#
|
|
86
|
+
# output.text "#{count} - #{name}"
|
|
87
|
+
#end
|
|
88
|
+
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
@@ -1,68 +1,94 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
module Risu
|
|
2
|
+
module Modules
|
|
3
|
+
class FindingsSummaryWithPluginID < Risu::Base::TemplateBase
|
|
4
|
+
|
|
5
|
+
#
|
|
6
|
+
#
|
|
7
|
+
def initialize ()
|
|
8
|
+
@template_info =
|
|
9
|
+
{
|
|
10
|
+
:name => "findings_summary_with_pluginid",
|
|
11
|
+
:author => "hammackj",
|
|
12
|
+
:version => "0.0.1",
|
|
13
|
+
:description => "Geneates a Findings Summary with Nessus Plugin ID"
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
def render(output)
|
|
20
|
+
output.text Report.classification, :align => :center
|
|
21
|
+
output.text "\n"
|
|
3
22
|
|
|
4
|
-
font_size(22)
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
23
|
+
output.font_size(22) do
|
|
24
|
+
output.text Report.title, :align => :center
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
output.font_size(18) do
|
|
28
|
+
output.text "Findings Summary Report", :align => :center
|
|
29
|
+
output.text "\n"
|
|
30
|
+
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
|
31
|
+
end
|
|
10
32
|
|
|
11
|
-
text "\n\n\n"
|
|
33
|
+
output.text "\n\n\n"
|
|
12
34
|
|
|
13
|
-
font_size(20) {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
}
|
|
35
|
+
output.font_size(20) {
|
|
36
|
+
output.fill_color "FF0000"
|
|
37
|
+
output.text "High Findings", :style => :bold
|
|
38
|
+
output.fill_color "000000"
|
|
39
|
+
}
|
|
18
40
|
|
|
19
|
-
Item.high_risks_unique_sorted.each do |item|
|
|
20
|
-
|
|
21
|
-
|
|
41
|
+
Item.high_risks_unique_sorted.each do |item|
|
|
42
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
43
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
22
44
|
|
|
23
|
-
|
|
24
|
-
end
|
|
45
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
46
|
+
end
|
|
25
47
|
|
|
26
|
-
start_new_page
|
|
48
|
+
output.start_new_page
|
|
27
49
|
|
|
28
|
-
font_size(20) {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
50
|
+
output.font_size(20) {
|
|
51
|
+
output.fill_color "FF8040"
|
|
52
|
+
output.text "Medium Findings", :style => :bold
|
|
53
|
+
output.fill_color "000000"
|
|
54
|
+
}
|
|
33
55
|
|
|
34
|
-
Item.medium_risks_unique_sorted.each do |item|
|
|
35
|
-
|
|
36
|
-
|
|
56
|
+
Item.medium_risks_unique_sorted.each do |item|
|
|
57
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
58
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
37
59
|
|
|
38
|
-
|
|
39
|
-
end
|
|
60
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
61
|
+
end
|
|
40
62
|
|
|
41
|
-
start_new_page
|
|
63
|
+
output.start_new_page
|
|
42
64
|
|
|
43
|
-
font_size(20) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
}
|
|
65
|
+
output.font_size(20) {
|
|
66
|
+
output.fill_color "0000FF"
|
|
67
|
+
output.text "Low Findings", :style => :bold
|
|
68
|
+
output.fill_color "000000"
|
|
69
|
+
}
|
|
48
70
|
|
|
49
|
-
Item.low_risks_unique_sorted.each do |item|
|
|
50
|
-
|
|
51
|
-
|
|
71
|
+
Item.low_risks_unique_sorted.each do |item|
|
|
72
|
+
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
73
|
+
count = Item.where(:plugin_id => item.plugin_id).count
|
|
52
74
|
|
|
53
|
-
|
|
54
|
-
end
|
|
75
|
+
output.text "#{count} - #{name} - #{item.plugin_id}"
|
|
76
|
+
end
|
|
55
77
|
|
|
56
|
-
#Provides nothing
|
|
57
|
-
#font_size(20) {
|
|
58
|
-
# fill_color "008000"
|
|
59
|
-
# text "Low Findings", :style => :bold
|
|
60
|
-
# fill_color "000000"
|
|
61
|
-
#}
|
|
62
|
-
#
|
|
63
|
-
#Item.low_risks_unique_sorted.each do |item|
|
|
64
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
65
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
66
|
-
#
|
|
67
|
-
# text "#{count} - #{name}"
|
|
68
|
-
#end
|
|
78
|
+
#Provides nothing
|
|
79
|
+
#output.font_size(20) {
|
|
80
|
+
# output.fill_color "008000"
|
|
81
|
+
# output.text "Low Findings", :style => :bold
|
|
82
|
+
# output.fill_color "000000"
|
|
83
|
+
#}
|
|
84
|
+
#
|
|
85
|
+
#Item.low_risks_unique_sorted.each do |item|
|
|
86
|
+
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
|
87
|
+
# count = Item.where(:plugin_id => item.plugin_id).count
|
|
88
|
+
#
|
|
89
|
+
# output.text "#{count} - #{name}"
|
|
90
|
+
#end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
end
|