risu 1.5.0 → 1.5.1

data/lib/risu/cli/banner.rb

@@ -1,4 +1,30 @@
-#Cool random banner stuff for the cli, based on the metasploit random banner stuff
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Cool random banner stuff for the cli, based on the Metasploit random banner concept
 
 module Risu
 	module CLI
@@ -6,47 +32,47 @@ module Risu
 			Banners =
 				[
 '
-      _           
- _ __(_)___ _   _ 
+      _
+ _ __(_)___ _   _
 | \'__| / __| | | |
 | |  | \__ \ |_| |
 |_|  |_|___/\__,_|
-               
+
 
 ',
 '
-      _           
-     (_)          
- _ __ _ ___ _   _ 
+      _
+     (_)
+ _ __ _ ___ _   _
 | \'__| / __| | | |
 | |  | \__ \ |_| |
 |_|  |_|___/\__,_|
-                  
+
 
 ',
 '
-              _/                      
-   _/  _/_/        _/_/_/  _/    _/   
-  _/_/      _/  _/_/      _/    _/    
- _/        _/      _/_/  _/    _/     
-_/        _/  _/_/_/      _/_/_/      
+              _/
+   _/  _/_/        _/_/_/  _/    _/
+  _/_/      _/  _/_/      _/    _/
+ _/        _/      _/_/  _/    _/
+_/        _/  _/_/_/      _/_/_/
 
 
 ',
 '
-      o             
- ,_       ,         
-/  |  |  / \_|   |  
+      o
+ ,_       ,
+/  |  |  / \_|   |
    |_/|_/ \/  \_/|_/
-                    
+
 
 ',
 '
-       _         
+       _
   ____(_)__ __ __
  / __/ (_-</ // /
-/_/ /_/___/\_,_/ 
-                 
+/_/ /_/___/\_,_/
+
 
 '
 				]
@@ -56,4 +82,4 @@ _/        _/  _/_/_/      _/_/_/
 			end
 		end
 	end
-end
+end

data/lib/risu/exceptions.rb

@@ -1,3 +1,29 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Exceptions
 	end

data/lib/risu/exceptions/invaliddocument.rb

@@ -1,7 +1,36 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Exceptions
+
+		# Exception class for an invalid document
+		#
 		class InvalidDocument < StandardError
-	
+
 		end
 	end
 end

data/lib/risu/models.rb

@@ -1,3 +1,29 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 	end

data/lib/risu/models/familyselection.rb

@@ -1,8 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
-	module Models	
+	module Models
+
 		# FamilySelection Model
 		#
-		# @author Jacob Hammack
 		class FamilySelection < ActiveRecord::Base
 		  belongs_to :policy
 		end

data/lib/risu/models/host.rb

@@ -1,8 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
+
 		# Host Model
 		#
-		# @author Jacob Hammack <jacob.hammack@hammackj.com>
 		class Host < ActiveRecord::Base
 			belongs_to :report
 			has_many :items
@@ -275,6 +301,7 @@ module Risu
 					g = Gruff::Bar.new(GRAPH_WIDTH)
 					g.title = sprintf "Top 10 Hosts with Notable Findings Count"
 					g.sort = false
+					g.marker_count = 1
 					g.y_axis_increment = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
@@ -284,7 +311,7 @@ module Risu
 					Item.risks_by_host(limit).all.each do |item|
 						ip = Host.find_by_id(item.host_id).name
 #						count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
-						count = Item.where(:host_id => item.host_id).where(:severity => 3).count 
+						count = Item.where(:host_id => item.host_id).where(:severity => 4).count
 						if count > 0
 							g.data(ip, count)
 						end
@@ -300,6 +327,7 @@ module Risu
 					g = Gruff::Pie.new(GRAPH_WIDTH)
 					g.title = "Other Operating Systems Percentage"
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
 						:background_colors => %w(white white)
@@ -340,6 +368,7 @@ module Risu
 					g = Gruff::Pie.new(GRAPH_WIDTH)
 					g.title = "Windows Operating Systems By Percentage"
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
 						:background_colors => %w(white white)
@@ -501,6 +530,34 @@ module Risu
 
 					return text
 				end
+
+				#
+				#
+				def top_n_vulnerable(n)
+					hosts = Item.risks_by_host(Host.all.count).count
+					hosts = hosts.sort_by {|k, v| v}
+					hosts.reverse!
+
+					i = 0
+					hosts[0...n].each do |host_id, count|
+						hosts[i] = Host.where(:id => host_id)
+						i = i + 1
+					end
+
+					hosts[0...n]
+				end
+
+				def unique_hosts_with_critical
+					hosts = Item.critical_risks_by_host(Host.all.count).count
+					hosts = hosts.sort_by {|k, v| v}
+					hosts.reverse!
+				end
+
+				def unique_hosts_with_high
+					hosts = Item.high_risks_by_host(Host.all.count).count
+					hosts = hosts.sort_by {|k, v| v}
+					hosts.reverse!
+				end
 			end
 		end
 	end

data/lib/risu/models/individualpluginselection.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# IndividualPluginSelection Model
 		#
-		# @author Jacob Hammack
 		class IndividualPluginSelection < ActiveRecord::Base
 			belongs_to :policy
 			has_many :plugins

data/lib/risu/models/item.rb

@@ -1,9 +1,34 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Models
 
 		# Item Model
 		#
-		# @author Jacob Hammack <jacob.hammack@hammackj.com>
 		class Item < ActiveRecord::Base
 			belongs_to :host
 			belongs_to :plugin
@@ -22,8 +47,8 @@ module Risu
 				# @return [ActiveRecord::Relation] with the query results
 				def critical_risks
 					where(:severity => 4)
-				end				
-				
+				end
+
 				# Queries for all the high risks in the database
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -122,7 +147,7 @@ module Risu
 					select("items.*").select("count(*) as count_all").where(:severity => 0).group(:plugin_id).order("count_all DESC")
 				end
 
-				# Queries for all the risks grouped by service type, used for the Vulnerbilities by Service graph
+				# Queries for all the risks grouped by service type, used for the Vulnerabilities by Service graph
 				#
 				# @return [ActiveRecord::Relation] with the query results
 				def risks_by_service(limit=10)
@@ -142,13 +167,29 @@ module Risu
 				#
 				# @param limit Limits the result to a specific number, default 10
 				#
-				# @todo add high/med/low_risks_by_host functions
-				#
 				# @return [ActiveRecord::Relation] with the query results
 				def risks_by_host(limit=10)
 					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 4).group(:host_id).order("count_all DESC").limit(limit)
 				end
 
+				# Queries for all the Critical risks by host
+				#
+				# @param limit Limits the result to a specific number, default 10
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def critical_risks_by_host(limit=10)
+					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 4).group(:host_id).order("count_all DESC").limit(limit)
+				end
+
+				# Queries for all the High risks by host
+				#
+				# @param limit Limits the result to a specific number, default 10
+				#
+				# @return [ActiveRecord::Relation] with the query results
+				def high_risks_by_host(limit=10)
+					select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 3).group(:host_id).order("count_all DESC").limit(limit)
+				end
+
 				# Queries for all the hosts with the Microsoft patch summary plugin (38153)
 				#
 				# @return [ActiveRecord::Relation] with the query results
@@ -172,6 +213,7 @@ module Risu
 					g = Gruff::Pie.new(GRAPH_WIDTH)
 					g.title = sprintf "Top %d Services By Vulnerability", Item.risks_by_service(limit).all.count
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
 						:background_colors => %w(white white)
@@ -183,14 +225,16 @@ module Risu
 
 					StringIO.new(g.to_blob)
 				end
-				
-				#@todo comment
+
+				# Generates text for the Risks by Service graph
+				#
+				# @return [String] Text based on the Risks by Service graph
 				def risks_by_service_graph_text
 					"This graph is a representation of the findings found by service. This graph can help " +
 					"understand what services are running on the network and if they are vulnerable, where " +
-					"the risks are and how they should be protected.\n\n"				
+					"the risks are and how they should be protected.\n\n"
 				end
-				
+
 				# Generates a Graph of all the risks by severity
 				#
 				# @return [StringIO] Object containing the generated PNG image
@@ -198,6 +242,7 @@ module Risu
 					g = Gruff::Bar.new(GRAPH_WIDTH)
 					g.title = "Risks By Severity"
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(red orange yellow blue green purple black grey brown pink),
 						:background_colors => %w(white white)
@@ -208,28 +253,31 @@ module Risu
 					medium = Item.medium_risks.count
 					low = Item.low_risks.count
 					info = Item.info_risks.count
-					
+
 					if crit == nil then crit = 0 end
 					if high == nil then high = 0 end
 					if medium == nil then medium = 0 end
-					if low == nil then low = 0 end		
+					if low == nil then low = 0 end
 					if info == nil then info = 0 end
 
 					g.data("Critical", crit, "purple")
 					g.data("High", high, "red")
 					g.data("Medium", medium, "orange")
 					g.data("Low", low, "yellow")
-					g.data("Open Ports", info, "blue")
+					g.data("Informational", info, "blue")
 
 					StringIO.new(g.to_blob)
 				end
-				
+
+				# Queries for all DISA Stig findings by category
 				#
+				# @param category The DISA Stig category I, II, III
 				#
-				def stig_findings(categeory="I")
-					where('plugin_id IN (:plugins)', :plugins => Plugin.where(:stig_severity => categeory).select(:id)).order("severity DESC")
+				# @return [ActiveRecord::Relation] with the query results
+				def stig_findings(category="I")
+					where('plugin_id IN (:plugins)', :plugins => Plugin.where(:stig_severity => category).select(:id)).order("severity DESC")
 				end
-				
+
 				# Generates a Graph of all the risks by severity
 				#
 				# @return [StringIO] Object containing the generated PNG image
@@ -237,6 +285,7 @@ module Risu
 					g = Gruff::Bar.new(GRAPH_WIDTH)
 					g.title = "Stigs By Severity"
 					g.sort = false
+					g.marker_count = 1
 					g.theme = {
 						:colors => %w(purple red orange yellow blue green black grey brown pink),
 						:background_colors => %w(white white)
@@ -245,7 +294,7 @@ module Risu
 					i = Item.stig_findings("I").count
 					ii = Item.stig_findings("II").count
 					iii = Item.stig_findings("III").count
-					
+
 					if i == nil then i = 0 end
 					if ii == nil then ii = 0 end
 					if iii == nil then iii = 0 end
@@ -255,94 +304,98 @@ module Risu
 					g.data("Cat III", iii, "orange")
 
 					StringIO.new(g.to_blob)
-				end				
+				end
 
-				# @todo change Report.title to a real variable
-				# @todo rewite this
-				def risks_by_severity_graph_text
-					#crit = Item.crit_risks.count
-					#high = Item.high_risks.count
-					#medium = Item.medium_risks.count
-					
-					#if crit == nil then crit = 0 end
-					#if high == nil then high = 0 end
-					#if medium == nil then medium = 0 end
-						
-					#percentage = high
-										
+				# @todo comment
+				#
+				def calculate_vulnerable_host_percent
 					hosts_with_critical = Hash.new
-					
-					Item.critical_risks.all.each do |item|
+
+					(Item.critical_risks.all + Item.high_risks.all).each do |item|
 						ip = Host.find_by_id(item.host_id).name
 						if hosts_with_critical[ip] == nil
 							hosts_with_critical[ip] = 1
 						end
-								
+
 						hosts_with_critical[ip] = hosts_with_critical[ip] + 1
 					end
-					
+
 					host_percent = (hosts_with_critical.count.to_f / Host.all.count.to_f) * 100
-					
-					adjective = case host_percent
+				end
+
+				# @todo comments
+				#
+				def ajective_for_risk_text risk_percent
+					adjective = case risk_percent
 						when 0..5
 							"excellent"
-						#when 6..10
-						#	"great"
 						when 6..10
-							"very good"
-						when 15..25
+							"great"
+						when 11..15
 							"good"
-						when 25..35
+						when 16..20
 							"fair"
 						else
 							"poor"
 					end
-										
-					percent_text = case host_percent
-						when 0..5			
+				end
+
+				# @todo comments
+				#
+				def risk_text risk_percent
+					percent_text = case risk_percent
+						when 0..5.99
 							"This implies that only a handful of computers are missing patches, and the current patch management is working well."
-						when 6..9
+						when 6..10.99
 							"This implies that there is a minor patch management issue. If there is a patch management system, it should be checked for problems. " +
-							"Each host should also be inspected to be certain it can receive patches."							
-						when 10..15
+							"Each host should also be inspected to be certain it can receive patches."
+						when 11..15.99
 							"This implies that there is a substantial patch management issue. If there is a patch management system, it should be checked for problems. " +
 							"Each host should also be inspected to be certain it can receive patches."
 						when 16..20
 							"This implies that there is a significant patch management issue. If there is a patch management system, it should be checked for problems. " +
 							"Each host should also be inspected to be certain it can receive patches."
 						else
-							"This implies that there is a major patch management problem on the network. Any patch management solutions should " +
+							"This implies that there is a critical patch management problem on the network. Any patch management solutions should " +
 							"be inspected for issues and they should be corrected as soon as possible. Each host should also be inspected to be certain it can receive patches."
 					end
-							
-					#graph_text = "This bar graph is a representation of the findings by severity; the " +
-					#"graph shows that, overall, #{Report.title} has a #{adjective} handle on the patch " +
-					#"management of the network. "
-					
+				end
+
+				# @todo change Report.title to a real variable
+				# @todo rewrite this
+				def risks_by_severity_graph_text
+					host_percent = calculate_vulnerable_host_percent()
+					adjective = ajective_for_risk_text(host_percent)
+					risk_text = risk_text(host_percent)
+
 					graph_text = "This bar graph is a representation of the findings by severity; the " +
-					"graph shows that, Overall #{Report.title} needs to implement patch management and configuration management as a priority."
-					
+					"graph shows that, overall, #{Report.title} has a #{adjective} handle on the patch " +
+					"management of the network. "
+
+					#graph_text = "This bar graph is a representation of the findings by severity; the " +
+					#{}"graph shows that, Overall #{Report.title} needs to implement patch management and configuration management as a priority."
+
 					#if adjective == "good" or adjective == "fair"
 					#	graph_text << "But improvements in patch management could be made to ensure an excellent rating."
 					#end
-					
+
 					graph_text << "\n\n"
-					
-					graph_text << "The majority of the high findings were found on #{host_percent.round}% of the total assessed computers. #{percent_text}\n\n"
-					
-					graph_text << "The systems with high vulnerabilities represent the largest threat to the network, " +
+
+					graph_text << "The majority of the critical findings were found on #{host_percent.round}% of the total assessed computers. #{risk_text}\n\n"
+
+					graph_text << "The systems with critical vulnerabilities represent the largest threat to the network, " +
 					"so patching this group is paramount to the overall network security. It only takes one vulnerability " +
 					"to create a security incident.\n\n"
-					
+
 					graph_text << "It should be noted that low findings and open ports represent the discovery "
 					graph_text << "of network services and open ports. Typically, these are not an indication of "
 					graph_text << "a serious problem and pose little to no threat. However, the correlation of "
 					graph_text << "data between the different severity levels could be used to determine degree "
 					graph_text << "of vulnerability for a given system.\n"
-					
+
 					return graph_text
 				end
-				
+
 				#sqlite only @todo @fix
 				def top_10_sorted_raw
 					raw = Item.joins(:plugin).where(:severity => 4).order("cast(plugins.cvss_base_score as real)").count(:all, :group => :plugin_id)
@@ -352,19 +405,19 @@ module Risu
 						row = Array.new
 						plugin_id = vuln[0]
 						count = vuln[1]
-						
-						row.push(plugin_id)					
+
+						row.push(plugin_id)
 						row.push(count)
 						data.push(row)
-					end	
+					end
 
 					data = data.sort do |a, b|
 						b[1] <=> a[1]
 					end
-					
+
 					return data
 				end
-				
+
 				def top_10_sorted
 					#raw = Item.where(:severity => 3).count(:all, :group => :plugin_id)
 					raw = Item.joins(:plugin).where(:severity => 4).order(:cvss_base_score).count(:all, :group => :plugin_id)
@@ -377,18 +430,18 @@ module Risu
 
 						name = Plugin.find_by_id(plugin_id).plugin_name
 
-						row.push(name)					
+						row.push(name)
 						row.push(count)
 						data.push(row)
-					end	
+					end
 
 					data = data.sort do |a, b|
 						b[1] <=> a[1]
 					end
-					
-					return data	
+
+					return data
 				end
-				
+
 				# Returns a prawn pdf table for the top 10 notable findings
 				#
 				# @todo change this method to return a array/table and let the template render it
@@ -404,16 +457,16 @@ module Risu
 					output.table([headers] + data[0..9], :header => true, :column_widths => header_widths, :width => output.bounds.width) do
 						row(0).style(:font_style => :bold, :background_color => 'cccccc')
 						cells.borders = [:top, :bottom, :left, :right]
-					end			
+					end
 				end
-				
+
 				# Queries for all unique risks and sorts them by count
-				# 
+				#
 				# @return [ActiveRecord::Relation] with the query results
 				def all_risks_unique_sorted
 				    select("items.*").select("count(*) as count_all").group(:plugin_id).order("count_all DESC")
 				end
-				
+
 			end
 		end
 	end