risu 1.4.8 → 1.4.9

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -5,16 +5,15 @@ require 'risu'
 module Risu
 	module Parsers
 		module Nessus
+			
 			# NessusSaxListener
 			#
-			#
 			# @author Jacob Hammack <jacob.hammack@hammackj.com>
 			class NessusSaxListener
 				include LibXML::XML::SaxParser::Callbacks
 
 				# Sets up a array of all valid xml fields
 				#
-				#
 				def initialize
 					@vals = Hash.new
 
@@ -27,23 +26,24 @@ module Risu
 						"Report", "Family", "Preferences", "PluginsPreferences", "FamilySelection", "IndividualPluginSelection", "PluginId",
 						"pci-dss-compliance", "exploitability_ease", "cvss_temporal_vector", "exploit_framework_core", "cvss_temporal_score",
 						"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
-						"plugin_type", "cpe"]
-
-						# This makes adding new host properties really easy.
+						"plugin_type", "cpe", "exploithub_sku", "exploit_framework_exploithub", "stig_severity"]
+						
+						# This makes adding new host properties really easy, except for the 
+						#MS patch numbers, this are handled differently.
 						@valid_host_properties = {
-							"HOST_END" => :end ,
-							"mac-address" => :mac ,
-							"HOST_START" => :start ,
+							"HOST_END" => :end,
+							"mac-address" => :mac,
+							"HOST_START" => :start,
 							"operating-system" => :os,
-							"host-ip" => :ip ,
-							"host-fqdn" => :fqdn ,
-							"netbios-name" => :netbios ,
-							"local-checks-proto" => :local_checks_proto ,
-							"smb-login-used" => :smb_login_used ,
-							"ssh-auth-meth" => :ssh_auth_meth ,
-							"ssh-login-used" => :ssh_login_used ,
-							"pci-dss-compliance" => :pci_dss_compliance ,
-							"pci-dss-compliance:" => :pci_dss_compliance_ ,
+							"host-ip" => :ip,
+							"host-fqdn" => :fqdn,
+							"netbios-name" => :netbios,
+							"local-checks-proto" => :local_checks_proto,
+							"smb-login-used" => :smb_login_used,
+							"ssh-auth-meth" => :ssh_auth_meth,
+							"ssh-login-used" => :ssh_login_used,
+							"pci-dss-compliance" => :pci_dss_compliance,
+							"pci-dss-compliance:" => :pci_dss_compliance_ , #I think this is a Tenable bug~
 							"pcidss:compliance:failed" => :pcidss_compliance_failed,
 							"pcidss:compliance:passed" => :pcidss_compliance_passed,
 							"pcidss:deprecated_ssl" => :pcidss_deprecated_ssl,
@@ -52,162 +52,16 @@ module Risu
 							"pcidss:medium_risk_flaw" => :pcidss_medium_risk_flaw,
 							"pcidss:reachable_db" => :pcidss_reachable_db,
 							"pcidss:www:xss" => :pcidss_www_xss,
+							"pcidss:directory_browsing" => :pcidss_directory_browsing,
+							"pcidss:known_credentials" => :pcidss_known_credentials,
+							"pcidss:compromised_host:worm" => :pcidss_compromised_host_worm,
 							"system-type" => :system_type,
 							"pcidss:obsolete_operating_system" => :pcidss_obsolete_operating_system,
-							"pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer
+							"pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer,
+							"pcidss:unprotected_mssql_db" => :pcidss_unprotected_mssql_db,
+							"pcidss:obsolete_software" => :pcidss_obsolete_software,
+							"pcidss:www:sql_injection" => :pcidss_www_sql_injection
 						}
-						#@todo change this to an array and use a dynamic ms_patches table
-						@valid_ms_patches = [
-							"MS11-030",
-							"MS11-026",
-							"MS11-034",
-							"MS11-021",
-							"MS11-029",
-							"MS11-023",
-							"MS11-022",
-							"MS09-027",
-							"MS11-033",
-							"MS11-019",
-							"MS11-024",
-							"MS11-031",
-							"MS11-020",
-							"MS11-018",
-							"MS11-028",
-							"MS11-032",
-							"MS040-016",
-							"MS08-50",
-							"MS09-055",
-							"MS10-008",
-							"MS10-034",
-							"MS10-082",
-							"MS11-003",
-							"MS07-021",
-							"MS09-062",
-							"MS07-022",
-							"MS10-096",
-							"MS09-062",
-							"MS07-017",
-							"MS07-031",
-							"MS08-020",
-							"MS10-002",
-							"MS10-035",
-							"MS11-007",
-							"MS10-018",
-							"MS09-069",
-							"MS09-001",
-							"MS10-073",
-							"MS09-044",
-							"MS08-021",
-							"MS08-001",
-							"MS11-011",
-							"MS07-004",
-							"MS07-006",
-							"MS07-007",
-							"MS07-008",
-							"MS07-009",
-							"MS07-011",
-							"MS07-012",
-							"MS07-013",
-							"MS07-016",
-							"MS07-019",
-							"MS07-020",
-							"MS07-027",
-							"MS08-002",
-							"MS08-007",
-							"MS08-008",
-							"MS08-010",
-							"MS08-022",
-							"MS09-006",
-							"MS09-007",
-							"MS09-010",
-							"MS09-011",
-							"MS09-012",
-							"MS09-013",
-							"MS09-014",
-							"MS09-015",
-							"MS09-019",
-							"MS09-022",
-							"MS09-025",
-							"MS09-026",
-							"MS09-034",
-							"MS09-037",
-							"MS09-038",
-							"MS09-040",
-							"MS09-041",
-							"MS09-042",
-							"MS09-045",
-							"MS09-046",
-							"MS09-047",
-							"MS09-048",
-							"MS09-051",
-							"MS09-052",
-							"MS09-054",
-							"MS09-056",
-							"MS09-057",
-							"MS09-058",
-							"MS09-065",
-							"MS09-071",
-							"MS09-072",
-							"MS09-073",
-							"MS10-001",
-							"MS10-005",
-							"MS10-006",
-							"MS10-011",
-							"MS10-012",
-							"MS10-013",
-							"MS10-015",
-							"MS10-016",
-							"MS10-019",
-							"MS10-020",
-							"MS10-021",
-							"MS10-022",
-							"MS10-026",
-							"MS10-027",
-							"MS10-029",
-							"MS10-030",
-							"MS10-032",
-							"MS10-033",
-							"MS10-037",
-							"MS10-041",
-							"MS10-042",
-							"MS10-046",
-							"MS10-047",
-							"MS10-048",
-							"MS10-049",
-							"MS10-050",
-							"MS10-051",
-							"MS10-052",
-							"MS10-053",
-							"MS10-054",
-							"MS10-055",
-							"MS10-061",
-							"MS10-062",
-							"MS10-063",
-							"MS10-066",
-							"MS10-067",
-							"MS10-069",
-							"MS10-070",
-							"MS10-071",
-							"MS10-074",
-							"MS10-076",
-							"MS10-078",
-							"MS10-081",
-							"MS10-083",
-							"MS10-084",
-							"MS10-090",
-							"MS10-091",
-							"MS10-097",
-							"MS10-098",
-							"MS10-099",
-							"MS11-002",
-							"MS11-006",
-							"MS11-010",
-							"MS11-012",
-							"MS11-013",
-							"MS11-014",
-							"MS11-015",
-							"MS11-017"
-						]
 				end
 
 				# Callback for when the start of a xml element is reached
@@ -250,7 +104,7 @@ module Risu
 							@attr = nil
 
 							if attributes["name"] =~ /[M|m][S|s]\d{2}-\d{2,}/
-								@attr = if @valid_ms_patches.include?(attributes["name"])
+								@attr = if attributes["name"] =~ /[M|m][S|s]\d{2}-\d{2,}/
 										attributes["name"]
 									else
 										nil
@@ -418,7 +272,10 @@ module Risu
 								:metasploit_name => @vals["metasploit_name"],
 								:exploit_framework_canvas => @vals["exploit_framework_canvas"],
 								:canvas_package => @vals["canvas_package"],
-								:cpe => @vals["cpe"]
+								:cpe => @vals["cpe"],
+								:exploit_framework_exploithub => @vals["exploit_framework_exploithub"],
+								:exploithub_sku => @vals["exploithub_sku"],
+								:stig_severity => @vals["stig_severity"]								
 							}
 							@plugin.save
 					end

data/lib/risu/templates/assets.rb

@@ -17,18 +17,18 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
-				output.font_size(22) { 
+				output.font_size(22) do
 					output.text Report.title, :align => :center 
-				}
+				end
 				
-				output.font_size(18) { 
+				output.font_size(18) do
 					output.text "Networked Assets", :align => :center
 					output.text "\n"
 					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				end
 
 				output.text "\n\n"
 

data/lib/risu/templates/cover_sheet.rb

@@ -9,7 +9,7 @@ module Risu
 				{ 
 					:name => "cover_sheet", 
 					:author => "hammackj", 
-					:version => "0.0.1", 
+					:version => "0.0.2", 
 					:description => "Generates a coversheet with a logo (Example Template)"
 				}
 			end

data/lib/risu/templates/exec_summary.rb

@@ -9,7 +9,7 @@ module Risu
 				{ 
 					:name => "exec_summary", 
 					:author => "hammackj", 
-					:version => "0.0.1", 
+					:version => "0.0.2", 
 					:description => "Generates a simple executive summary."
 				}
 			end
@@ -17,15 +17,18 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
-				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) { 
+				output.font_size(22) do
+					output.text Report.title, :align => :center 
+				end
+				
+				output.font_size(18) do
 				    output.text "Executive Summary", :align => :center
 				    output.text "\n"
 				    output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				end
 
 				output.text "\n\n\n"
 

data/lib/risu/templates/executive_summary.rb

@@ -9,7 +9,7 @@ module Risu
 				{
 					:name => "exec_summary_detailed",
 					:author => "Ed Davison <EDavison@getmns.com>",
-					:version => "0.0.1",
+					:version => "0.0.2",
 					:description => "Generates a detailed executive summary report"
 				}
 			end
@@ -171,7 +171,7 @@ module Risu
 				output.text "\n\n\n"
 				if (output.y <= 300)
 						output.start_new_page
-						move_down 50
+						output.move_down 50
 				end
 
 				output.text "Summary Graphs of Key Finding Statistics", :style => :bold

data/lib/risu/templates/finding_statistics.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/findings_host.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/findings_summary.rb

@@ -17,23 +17,26 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
-				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) { 
+				output.font_size(22) do 
+					output.text Report.title, :align => :center 
+				end
+				
+				output.font_size(18) do
 					output.text "Findings Summary Report", :align => :center
 					output.text "\n"
 					output.text "This report was prepared by\n#{Report.author}", :align => :center
-				}
+				end
 
 				output.text "\n\n\n"
 
-				output.font_size(20) { 
+				output.font_size(20) do
 					output.fill_color "FF0000"
 					output.text "High Findings", :style => :bold 
 					output.fill_color "000000"
-				}
+				end
 
 				Item.high_risks_unique_sorted.each do |item|
 					name = Plugin.find_by_id(item.plugin_id).plugin_name
@@ -44,11 +47,11 @@ module Risu
 
 				output.start_new_page
 
-				output.font_size(20) { 
+				output.font_size(20) do
 					output.fill_color "FF8040"
 					output.text "Medium Findings", :style => :bold 
 					output.fill_color "000000"
-				}
+				end
 
 				Item.medium_risks_unique_sorted.each do |item|
 					name = Plugin.find_by_id(item.plugin_id).plugin_name

data/lib/risu/templates/findings_summary_with_pluginid.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) do

data/lib/risu/templates/graphs.rb

@@ -18,7 +18,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(24) do

data/lib/risu/templates/host_summary.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/ms_patch_summary.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/ms_update_summary.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/notable.rb

@@ -0,0 +1,45 @@
+module Risu
+	module Modules
+		class Top10 < Risu::Base::TemplateBase
+			
+			#
+			#
+			def initialize ()
+				@template_info = 
+				{ 
+					:name => "notable", 
+					:author => "hammackj", 
+					:version => "0.0.2", 
+					:description => "Notable Vulnerabilities"
+				}
+			end
+			
+			#
+			#
+			def render(output)
+				output.text Report.classification.upcase, :align => :center
+				output.text "\n"
+
+				output.font_size(22) { 
+					output.text Report.title, :align => :center 
+				}
+				
+				output.font_size(18) {
+					output.text "Notable Vulnerabilities", :align => :center
+					output.text "\n"
+					output.text "This report was prepared by\n#{Report.author}", :align => :center
+				}
+
+				output.text "\n\n\n"
+				
+				output.text "Scan Date:", :style => :bold
+				output.text "#{Report.scan_date}"
+				output.text "\n"
+				
+				Item.top_10_table(output)
+				
+			end
+		end
+	end
+end
+

data/lib/risu/templates/notable_detailed.rb

@@ -0,0 +1,135 @@
+module Risu
+	module Modules
+		class Top10Detailed < Risu::Base::TemplateBase
+			
+			#
+			#
+			def initialize ()
+				@template_info = 
+				{ 
+					:name => "notable_detailed", 
+					:author => "hammackj", 
+					:version => "0.0.3", 
+					:description => "Notable Vulnerabilities Detailed"
+				}
+			end
+			
+			#
+			#
+			def render(output)
+				output.text Report.classification.upcase, :align => :center
+				output.text "\n"
+
+				output.font_size(22) { 
+					output.text Report.title, :align => :center 
+				}
+				
+				output.font_size(18) {
+					output.text "Notable Vulnerabilities", :align => :center
+					output.text "\n"
+					output.text "This report was prepared by\n#{Report.author}", :align => :center
+				}
+
+				output.text "\n\n\n"
+				
+				output.text "Scan Date:", :style => :bold
+				output.text "#{Report.scan_date}"
+				output.text "\n"
+				
+				output.font_size(10)
+				
+				data = Item.top_10_sorted_raw
+				
+				unique_risks = Array.new
+				unique_risks << Hash[:title => "High Findings", :color => "FF0000", :values => Item.top_10_sorted_raw[0..9]]
+				counter = 1
+				
+				unique_risks.each do |h|
+					if h[:values].length > 1
+						output.text "\n"
+
+						h[:values].each do |f|
+							plugin_id = f[0]
+							
+							hosts = Item.where(:plugin_id => plugin_id)
+							item = Item.where(:plugin_id => plugin_id)
+							plugin = Plugin.find_by_id(plugin_id)
+
+							references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)
+
+							output.font_size(16) do
+								output.text "#{counter}: #{plugin.plugin_name}\n"
+							end
+
+							if hosts.length > 1
+								output.text "Hosts", :style => :bold
+							else
+								output.text "Host", :style => :bold
+							end
+
+							hostlist = Array.new
+							hosts.each do |host|
+								h = Host.find_by_id(host.host_id)
+								hostlist << h.name
+							end
+
+							output.text hostlist.join(', ')
+
+							#if item.plugin_output != nil
+							#	output.text "\nPlugin output", :style => :bold
+							#	output.text f.plugin_output
+							#end
+
+							if plugin.description != nil
+								output.text "\nDescription", :style => :bold
+								output.text plugin.description
+							end
+
+							if plugin.synopsis != nil
+								output.text "\nSynopsis", :style => :bold
+								output.text plugin.synopsis
+							end
+
+							if plugin.cvss_base_score != nil
+								output.text "\nCVSS Base Score", :style => :bold
+								output.text plugin.cvss_base_score
+							end
+
+							if plugin.exploit_available != nil
+								output.text "\nExploit Available", :style => :bold
+
+								if plugin.exploit_available == "true"
+									output.text "Yes"
+								else
+									output.text "No"
+								end
+							end
+
+							if plugin.solution != nil
+								output.text "\nSolution", :style => :bold
+								output.text plugin.solution
+							end
+
+							if references.size != 0
+								output.text "\nReferences", :style => :bold
+								references.each do |ref|
+									ref_text = sprintf "%s: %s\n", ref.reference_name, ref.value
+									output.text ref_text
+								end
+								output.text "\nNessus Plugin", :style => :bold
+								output.text "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin_id}"
+							end
+							output.text "\n"
+							counter += 1
+						end
+					end
+
+					output.start_new_page unless h[:values] == nil
+				end
+
+				output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all				
+			end
+		end
+	end
+end
+

data/lib/risu/templates/pci_compliance.rb

@@ -17,7 +17,7 @@ module Risu
 			#
 			#
 			def render(output)
-				output.text Report.classification, :align => :center
+				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }

data/lib/risu/templates/technical_findings.rb

@@ -40,11 +40,13 @@ module Risu
 
 				unique_risks.each do |h|
 					if h[:values].length > 1
-						output.font_size(20) do
+						output.font_size(18) do
 							output.fill_color h[:color]
 							output.text h[:title], :style => :bold
 							output.fill_color "000000"
 						end
+						
+						output.font_size(10)
 
 						output.text "\n"
 

data/lib/risu/templates/template.rb

@@ -2,7 +2,7 @@ module Risu
 	module Modules
 		class Template < Risu::Base::TemplateBase
 			
-			#
+			# Initializes the template loading metadata
 			#
 			def initialize ()
 				@template_info = 
@@ -14,9 +14,10 @@ module Risu
 				}
 			end
 			
-			#
+			# Called during the rendering process
 			#
 			def render(output)
+				output.text "Template"
 			end
 		end
 	end

data/lib/risu.rb

@@ -1,6 +1,6 @@
 module Risu
 	APP_NAME = "risu"
-	VERSION = "1.4.8"
+	VERSION = "1.4.9"
 	GRAPH_WIDTH = 750
 	EMAIL = "jacob.hammack@hammackj.com"
 	CONFIG_FILE = "./risu.cfg"