risu 1.5.3 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.ci +1 -0
- data/LICENSE +1 -1
- data/NEWS.markdown +80 -3
- data/README.markdown +9 -8
- data/Rakefile +7 -7
- data/bin/risu +1 -1
- data/lib/risu.rb +6 -3
- data/lib/risu/base.rb +2 -1
- data/lib/risu/base/schema.rb +8 -4
- data/lib/risu/base/template_base.rb +3 -1
- data/lib/risu/base/template_helper.rb +115 -0
- data/lib/risu/base/template_manager.rb +1 -1
- data/lib/risu/base/templater.rb +3 -4
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +3 -10
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +92 -9
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +47 -13
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +9 -1
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +69 -9
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +69 -50
- data/lib/risu/parsers/nexpose/nexpose_document.rb +2 -5
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/templates/assets.rb +17 -29
- data/lib/risu/templates/cover_sheet.rb +40 -44
- data/lib/risu/templates/exec_summary.rb +11 -20
- data/lib/risu/templates/{executive_summary.rb → executive_summary_detailed.rb} +2 -11
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +25 -86
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_summary.rb +18 -14
- data/lib/risu/templates/ms_patch_summary.rb +17 -24
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +10 -14
- data/lib/risu/templates/notable_detailed.rb +43 -54
- data/lib/risu/templates/pci_compliance.rb +28 -34
- data/lib/risu/templates/stig_findings_summary.rb +25 -38
- data/lib/risu/templates/technical_findings.rb +46 -55
- data/lib/risu/templates/template.rb +4 -3
- data/risu.gemspec +12 -11
- metadata +79 -61
data/lib/risu/models/patch.rb
CHANGED
data/lib/risu/models/plugin.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -35,6 +35,14 @@ module Risu
|
|
35
35
|
has_many :references
|
36
36
|
has_many :individual_plugin_selections
|
37
37
|
|
38
|
+
def cvss_base_score=(cvss_base_score)
|
39
|
+
write_attribute(:cvss_base_score, cvss_base_score.to_f)
|
40
|
+
end
|
41
|
+
|
42
|
+
def cvss_base_score
|
43
|
+
read_attribute(:cvss_base_score).to_s
|
44
|
+
end
|
45
|
+
|
38
46
|
class << self
|
39
47
|
|
40
48
|
# Queries for all risks based on Plugin.risk_factor
|
data/lib/risu/models/policy.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -28,12 +28,48 @@ module Risu
|
|
28
28
|
module Models
|
29
29
|
|
30
30
|
# Reference Model
|
31
|
-
#
|
32
31
|
class Reference < ActiveRecord::Base
|
33
32
|
has_many :plugins
|
34
33
|
|
35
34
|
class << self
|
36
35
|
|
36
|
+
#Generates a full string of all the references
|
37
|
+
#
|
38
|
+
# @returns [String] of all the references with in-line formatting for
|
39
|
+
# direct output to the report
|
40
|
+
def reference_string
|
41
|
+
reference_names = ["cve", "cpe", "bid", "see_also", "iava", "msft",
|
42
|
+
"osvdb", "cert", "edbid", "rhsa", "secunia", "suse", "dsa",
|
43
|
+
"owasp", "cwe", "iavb", "iavt", "cisco_sa", "ics_alert",
|
44
|
+
"cisco_bug_id", "cisco_sr", "cert_vu", "vmsa", "cert_cc",
|
45
|
+
"msvr", "apple_sa", "icsa"
|
46
|
+
]
|
47
|
+
|
48
|
+
ref_string = ""
|
49
|
+
|
50
|
+
reference_names.each do |type|
|
51
|
+
ref = reference_string_by self.send(type)
|
52
|
+
|
53
|
+
ref_string << "<b>#{type}</b>: #{ref}\n" if ref.length != 0
|
54
|
+
end
|
55
|
+
|
56
|
+
ref_string
|
57
|
+
end
|
58
|
+
|
59
|
+
# Generates a string of all the references of the specified type
|
60
|
+
#
|
61
|
+
# @param type Result of a [Reference] model reference accessors
|
62
|
+
#
|
63
|
+
# @return [String] containing all references of type comma separated
|
64
|
+
def reference_string_by type
|
65
|
+
rstring = []
|
66
|
+
type.each do |ref|
|
67
|
+
rstring << ref.value
|
68
|
+
end
|
69
|
+
|
70
|
+
rstring.join(", ")
|
71
|
+
end
|
72
|
+
|
37
73
|
# Queries all unique CVEs
|
38
74
|
#
|
39
75
|
def cve
|
@@ -82,43 +118,43 @@ module Risu
|
|
82
118
|
where(:reference_name => "cert").select('DISTINCT value')
|
83
119
|
end
|
84
120
|
|
85
|
-
#
|
121
|
+
# Queries all unique edbid refs
|
86
122
|
#
|
87
123
|
def edbid
|
88
124
|
where(:reference_name => "edb-id").select('DISTINCT value')
|
89
125
|
end
|
90
126
|
|
91
|
-
#
|
127
|
+
# Queries all unique rhsa refs
|
92
128
|
#
|
93
129
|
def rhsa
|
94
130
|
where(:reference_name => "rhsa").select('DISTINCT value')
|
95
131
|
end
|
96
132
|
|
97
|
-
#
|
133
|
+
# Queries all unique secunia refs
|
98
134
|
#
|
99
135
|
def secunia
|
100
136
|
where(:reference_name => "secunia").select('DISTINCT value')
|
101
137
|
end
|
102
138
|
|
103
|
-
#
|
139
|
+
# Queries all unique suse refs
|
104
140
|
#
|
105
141
|
def suse
|
106
142
|
where(:reference_name => "suse").select('DISTINCT value')
|
107
143
|
end
|
108
144
|
|
109
|
-
#
|
145
|
+
# Queries all unique dsa refs
|
110
146
|
#
|
111
147
|
def dsa
|
112
148
|
where(:reference_name => "dsa").select('DISTINCT value')
|
113
149
|
end
|
114
150
|
|
115
|
-
#
|
151
|
+
# Queries all unique owasp refs
|
116
152
|
#
|
117
153
|
def owasp
|
118
154
|
where(:reference_name => "owasp").select('DISTINCT value')
|
119
155
|
end
|
120
156
|
|
121
|
-
#
|
157
|
+
# Queries all unique cwe refs
|
122
158
|
#
|
123
159
|
def cwe
|
124
160
|
where(:reference_name => "cwe").select('DISTINCT value')
|
@@ -171,6 +207,30 @@ module Risu
|
|
171
207
|
def vmsa
|
172
208
|
where(:reference_name => "vmsa").select('DISTINCT value')
|
173
209
|
end
|
210
|
+
|
211
|
+
#
|
212
|
+
#
|
213
|
+
def cert_cc
|
214
|
+
where(:reference_name => "cert-cc").select('DISTINCT value')
|
215
|
+
end
|
216
|
+
|
217
|
+
#
|
218
|
+
#
|
219
|
+
def apple_sa
|
220
|
+
where(:reference_name => "apple-sa").select('DISTINCT value')
|
221
|
+
end
|
222
|
+
|
223
|
+
#
|
224
|
+
#
|
225
|
+
def icsa
|
226
|
+
where(:reference_name => "icsa").select('DISTINCT value')
|
227
|
+
end
|
228
|
+
|
229
|
+
#
|
230
|
+
#
|
231
|
+
def msvr
|
232
|
+
where(:reference_name => "msvr").select('DISTINCT value')
|
233
|
+
end
|
174
234
|
end
|
175
235
|
end
|
176
236
|
end
|
data/lib/risu/models/report.rb
CHANGED
data/lib/risu/models/version.rb
CHANGED
data/lib/risu/parsers.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -42,7 +42,8 @@ module Risu
|
|
42
42
|
"cpe", "bid", "see_also", "xref", "cve", "iava", "msft",
|
43
43
|
"osvdb", "cert", "edb-id", "rhsa", "secunia", "suse", "dsa",
|
44
44
|
"owasp", "cwe", "iavb", "iavt", "cisco-sa", "ics-alert",
|
45
|
-
"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa"
|
45
|
+
"cisco-bug-id", "cisco-sr", "cert-vu", "vmsa", "apple-sa",
|
46
|
+
"icsa", "cert-cc", "msvr"
|
46
47
|
]
|
47
48
|
|
48
49
|
@valid_elements = Array["ReportItem", "plugin_version", "risk_factor",
|
@@ -56,46 +57,52 @@ module Risu
|
|
56
57
|
"exploit_available", "metasploit_name", "exploit_framework_canvas", "canvas_package", "exploit_framework_metasploit",
|
57
58
|
"plugin_type", "exploithub_sku", "exploit_framework_exploithub", "stig_severity", "plugin_name", "fname", "always_run",
|
58
59
|
"cm:compliance-info", "cm:compliance-actual-value", "cm:compliance-check-id", "cm:compliance-policy-value",
|
59
|
-
"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output"
|
60
|
+
"cm:compliance-audit-file", "cm:compliance-check-name", "cm:compliance-result", "cm:compliance-output", "policyOwner",
|
61
|
+
"visibility"
|
60
62
|
]
|
61
63
|
|
62
|
-
|
64
|
+
@valid_elements = @valid_elements + @valid_references
|
63
65
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
66
|
+
# This makes adding new host properties really easy, except for the
|
67
|
+
#MS patch numbers, this are handled differently.
|
68
|
+
# @todo this needs to become a sql hash table with accessors for the common ones
|
69
|
+
@valid_host_properties = {
|
70
|
+
"HOST_END" => :end,
|
71
|
+
"mac-address" => :mac,
|
72
|
+
"HOST_START" => :start,
|
73
|
+
"operating-system" => :os,
|
74
|
+
"host-ip" => :ip,
|
75
|
+
"host-fqdn" => :fqdn,
|
76
|
+
"netbios-name" => :netbios,
|
77
|
+
"local-checks-proto" => :local_checks_proto,
|
78
|
+
"smb-login-used" => :smb_login_used,
|
79
|
+
"ssh-auth-meth" => :ssh_auth_meth,
|
80
|
+
"ssh-login-used" => :ssh_login_used,
|
81
|
+
"pci-dss-compliance" => :pci_dss_compliance,
|
82
|
+
"pci-dss-compliance:" => :pci_dss_compliance_ , #I think this is a Tenable bug~
|
83
|
+
"system-type" => :system_type,
|
84
|
+
"bios-uuid" => :bios_uuid,
|
85
|
+
"pcidss:compliance:failed" => :pcidss_compliance_failed,
|
86
|
+
"pcidss:compliance:passed" => :pcidss_compliance_passed,
|
87
|
+
"pcidss:deprecated_ssl" => :pcidss_deprecated_ssl,
|
88
|
+
"pcidss:expired_ssl_certificate" => :pcidss_expired_ssl_certificate,
|
89
|
+
"pcidss:high_risk_flaw" => :pcidss_high_risk_flaw,
|
90
|
+
"pcidss:medium_risk_flaw" => :pcidss_medium_risk_flaw,
|
91
|
+
"pcidss:reachable_db" => :pcidss_reachable_db,
|
92
|
+
"pcidss:www:xss" => :pcidss_www_xss,
|
93
|
+
"pcidss:directory_browsing" => :pcidss_directory_browsing,
|
94
|
+
"pcidss:known_credentials" => :pcidss_known_credentials,
|
95
|
+
"pcidss:compromised_host:worm" => :pcidss_compromised_host_worm,
|
96
|
+
"pcidss:obsolete_operating_system" => :pcidss_obsolete_operating_system,
|
97
|
+
"pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer,
|
98
|
+
"pcidss:unprotected_mssql_db" => :pcidss_unprotected_mssql_db,
|
99
|
+
"pcidss:obsolete_software" => :pcidss_obsolete_software,
|
100
|
+
"pcidss:www:sql_injection" => :pcidss_www_sql_injection,
|
101
|
+
"pcidss:backup_files" => :pcidss_backup_files,
|
102
|
+
"traceroute-hop-0" => :traceroute_hop_0,
|
103
|
+
"traceroute-hop-1" => :traceroute_hop_1,
|
104
|
+
"traceroute-hop-2" => :traceroute_hop_2
|
105
|
+
}
|
99
106
|
end
|
100
107
|
|
101
108
|
# Callback for when the start of a XML element is reached
|
@@ -139,19 +146,19 @@ module Risu
|
|
139
146
|
|
140
147
|
if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
|
141
148
|
@attr = if attributes["name"] =~ /[M|m][S|s]\d{2,}-\d{2,}/
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
149
|
+
attributes["name"]
|
150
|
+
else
|
151
|
+
nil
|
152
|
+
end
|
146
153
|
else
|
147
154
|
@attr = if @valid_host_properties.keys.include?(attributes["name"])
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
155
|
+
attributes["name"]
|
156
|
+
else
|
157
|
+
nil
|
158
|
+
end
|
152
159
|
end
|
153
160
|
|
154
|
-
puts "New HostProperties attribute: #{attributes["name"]}. Please report this to
|
161
|
+
puts "New HostProperties attribute: #{attributes["name"]}. Please report this to #{Risu::EMAIL}\n" if @attr.nil?
|
155
162
|
when "ReportItem"
|
156
163
|
@vals = Hash.new # have to clear this out or everything has the same references
|
157
164
|
@ri = @rh.items.create
|
@@ -195,14 +202,26 @@ module Risu
|
|
195
202
|
@policy.attributes = {
|
196
203
|
:name => @vals["policyName"]
|
197
204
|
}
|
198
|
-
|
199
205
|
@policy.save
|
206
|
+
|
200
207
|
when "policyComments"
|
201
208
|
@policy.attributes = {
|
202
209
|
:comments => @vals["policyComments"]
|
203
210
|
}
|
211
|
+
@policy.save
|
212
|
+
|
213
|
+
when "policyOwner"
|
214
|
+
@policy.attributes = {
|
215
|
+
:owner => @vals["policyOwner"]
|
216
|
+
}
|
217
|
+
@policy.save
|
204
218
|
|
219
|
+
when "visibility"
|
220
|
+
@policy.attributes = {
|
221
|
+
:visibility => @vals["visibility"]
|
222
|
+
}
|
205
223
|
@policy.save
|
224
|
+
|
206
225
|
when "preference"
|
207
226
|
@sp.attributes = {
|
208
227
|
:name => @vals["name"],
|
@@ -292,7 +311,7 @@ module Risu
|
|
292
311
|
:synopsis => @vals["synopsis"],
|
293
312
|
:plugin_type => @vals["plugin_type"],
|
294
313
|
:cvss_vector => @vals["cvss_vector"],
|
295
|
-
:cvss_base_score => @vals["cvss_base_score"],
|
314
|
+
:cvss_base_score => @vals["cvss_base_score"].to_f,
|
296
315
|
:vuln_publication_date => @vals["vuln_publication_date"],
|
297
316
|
:plugin_version => @vals["plugin_version"],
|
298
317
|
:cvss_temporal_score => @vals["cvss_temporal_score"],
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,9 +27,8 @@
|
|
27
27
|
module Risu
|
28
28
|
module Parsers
|
29
29
|
module Nexpose
|
30
|
+
|
30
31
|
# A Object to represent the Nexpose xml file in memory
|
31
|
-
#
|
32
|
-
# @author Jacob Hammack <jacob.hammack@hammackj.com>
|
33
32
|
class NexposeDocument
|
34
33
|
|
35
34
|
# Creates a instance of the NexposeDocument class
|
@@ -61,7 +60,6 @@ module Risu
|
|
61
60
|
end
|
62
61
|
|
63
62
|
# Invokes the SAX parser on the XML document
|
64
|
-
#
|
65
63
|
def parse
|
66
64
|
@parser = LibXML::XML::SaxParser.file @document
|
67
65
|
@parser.callbacks = SimpleNexpose.new
|
@@ -69,7 +67,6 @@ module Risu
|
|
69
67
|
end
|
70
68
|
|
71
69
|
# Fixes the ip field if nil and replaces it with the name if its an ip
|
72
|
-
#
|
73
70
|
def fix_ips
|
74
71
|
@hosts = Host.all
|
75
72
|
|
data/lib/risu/renderers.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -26,51 +26,39 @@
|
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
|
-
class
|
29
|
+
class AssetsTemplate < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
|
-
#
|
32
|
-
#
|
33
32
|
def initialize ()
|
34
33
|
@template_info =
|
35
34
|
{
|
36
35
|
:name => "assets",
|
37
36
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
37
|
+
:version => "0.0.2",
|
39
38
|
:description => "Generates a Assets Summary Report"
|
40
39
|
}
|
41
40
|
end
|
42
41
|
|
43
|
-
# @todo comment
|
44
|
-
#
|
45
42
|
def render(output)
|
46
|
-
|
43
|
+
text Report.classification.upcase, :align => :center
|
44
|
+
text "\n"
|
47
45
|
|
48
|
-
|
49
|
-
|
46
|
+
report_title Report.title
|
47
|
+
report_subtitle "Networked Assets"
|
48
|
+
report_author "This report was prepared by\n#{Report.author}"
|
50
49
|
|
51
|
-
|
52
|
-
output.text Report.title, :align => :center
|
53
|
-
end
|
54
|
-
|
55
|
-
output.font_size(18) do
|
56
|
-
output.text "Networked Assets", :align => :center
|
57
|
-
output.text "\n"
|
58
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
59
|
-
end
|
60
|
-
|
61
|
-
output.text "\n\n"
|
50
|
+
text "\n\n\n"
|
62
51
|
|
63
52
|
Host.sorted.each do |host|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
53
|
+
text "Name: #{host.name}\n"
|
54
|
+
text "FQDN: #{host.fqdn}\n" unless host.fqdn == nil
|
55
|
+
text "IP Address: #{host.ip}\n" unless host.ip == nil
|
56
|
+
text "NetBios: #{host.netbios}\n" unless host.netbios == nil
|
57
|
+
text sprintf "Mac Address: %s\n", host.mac.chomp.gsub("\n", ", ") unless host.mac == nil
|
58
|
+
text sprintf "Operation System: %s\n", host.os.chomp.gsub("\n", "/") unless host.os == nil
|
59
|
+
text "\n"
|
71
60
|
end
|
72
61
|
end
|
73
62
|
end
|
74
63
|
end
|
75
64
|
end
|
76
|
-
|