risu 1.5.3 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.ci +1 -0
- data/LICENSE +1 -1
- data/NEWS.markdown +80 -3
- data/README.markdown +9 -8
- data/Rakefile +7 -7
- data/bin/risu +1 -1
- data/lib/risu.rb +6 -3
- data/lib/risu/base.rb +2 -1
- data/lib/risu/base/schema.rb +8 -4
- data/lib/risu/base/template_base.rb +3 -1
- data/lib/risu/base/template_helper.rb +115 -0
- data/lib/risu/base/template_manager.rb +1 -1
- data/lib/risu/base/templater.rb +3 -4
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +3 -10
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +92 -9
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +47 -13
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +9 -1
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +69 -9
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +69 -50
- data/lib/risu/parsers/nexpose/nexpose_document.rb +2 -5
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/templates/assets.rb +17 -29
- data/lib/risu/templates/cover_sheet.rb +40 -44
- data/lib/risu/templates/exec_summary.rb +11 -20
- data/lib/risu/templates/{executive_summary.rb → executive_summary_detailed.rb} +2 -11
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +25 -86
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_summary.rb +18 -14
- data/lib/risu/templates/ms_patch_summary.rb +17 -24
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +10 -14
- data/lib/risu/templates/notable_detailed.rb +43 -54
- data/lib/risu/templates/pci_compliance.rb +28 -34
- data/lib/risu/templates/stig_findings_summary.rb +25 -38
- data/lib/risu/templates/technical_findings.rb +46 -55
- data/lib/risu/templates/template.rb +4 -3
- data/risu.gemspec +12 -11
- metadata +79 -61
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,66 +27,62 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class CoverSheet < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
|
-
#
|
32
|
-
#
|
33
32
|
def initialize ()
|
34
33
|
@template_info =
|
35
34
|
{
|
36
35
|
:name => "cover_sheet",
|
37
36
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
37
|
+
:version => "0.0.3",
|
39
38
|
:description => "Generates a coversheet with a logo (Example Template)"
|
40
39
|
}
|
41
40
|
end
|
42
41
|
|
43
|
-
#
|
44
|
-
#
|
45
42
|
def render(output)
|
46
43
|
output.image "#{File.expand_path(File.dirname(__FILE__))}/data/nessuslogo.jpg", :scale => 0.2, :position => :left, :vposition => :top
|
47
44
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
45
|
+
text "\n"
|
46
|
+
text "\n"
|
47
|
+
text "\n"
|
48
|
+
text "\n"
|
49
|
+
text "\n"
|
50
|
+
text "\n"
|
51
|
+
text "\n"
|
55
52
|
|
56
|
-
|
57
|
-
|
58
|
-
end
|
53
|
+
text Report.classification.upcase, :align => :center
|
54
|
+
text "\n"
|
59
55
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
64
|
-
end
|
56
|
+
report_title Report.title
|
57
|
+
report_subtitle "Coversheet Example"
|
58
|
+
report_author "This report was prepared by\n#{Report.author}"
|
65
59
|
|
66
|
-
|
67
|
-
output.text "\n"
|
68
|
-
output.text "\n"
|
69
|
-
output.text "\n"
|
70
|
-
output.text "\n"
|
71
|
-
output.text "\n"
|
72
|
-
output.text "\n"
|
73
|
-
output.text "\n"
|
74
|
-
output.text "\n"
|
75
|
-
output.text "\n"
|
76
|
-
output.text "\n"
|
77
|
-
output.text "\n"
|
78
|
-
output.text "\n"
|
79
|
-
output.text "\n"
|
80
|
-
output.text "\n"
|
81
|
-
output.text "\n"
|
82
|
-
output.text "\n"
|
83
|
-
output.text "\n"
|
84
|
-
output.text "\n"
|
85
|
-
output.text "\n"
|
86
|
-
output.text "\n"
|
87
|
-
output.text "\n"
|
60
|
+
text "\n\n\n"
|
88
61
|
|
89
|
-
|
62
|
+
text "\n"
|
63
|
+
text "\n"
|
64
|
+
text "\n"
|
65
|
+
text "\n"
|
66
|
+
text "\n"
|
67
|
+
text "\n"
|
68
|
+
text "\n"
|
69
|
+
text "\n"
|
70
|
+
text "\n"
|
71
|
+
text "\n"
|
72
|
+
text "\n"
|
73
|
+
text "\n"
|
74
|
+
text "\n"
|
75
|
+
text "\n"
|
76
|
+
text "\n"
|
77
|
+
text "\n"
|
78
|
+
text "\n"
|
79
|
+
text "\n"
|
80
|
+
text "\n"
|
81
|
+
text "\n"
|
82
|
+
text "\n"
|
83
|
+
text "\n"
|
84
|
+
|
85
|
+
text "Nessus is a Registered Trademark of Tenable Network Security, Inc."
|
90
86
|
end
|
91
87
|
end
|
92
88
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,6 +27,7 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class ExecSummary < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
32
|
#
|
32
33
|
#
|
@@ -35,7 +36,7 @@ module Risu
|
|
35
36
|
{
|
36
37
|
:name => "exec_summary",
|
37
38
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
39
|
+
:version => "0.0.5",
|
39
40
|
:description => "Generates a simple executive summary."
|
40
41
|
}
|
41
42
|
end
|
@@ -46,15 +47,9 @@ module Risu
|
|
46
47
|
output.text Report.classification.upcase, :align => :center
|
47
48
|
output.text "\n"
|
48
49
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
output.font_size(18) do
|
54
|
-
output.text "Executive Summary", :align => :center
|
55
|
-
output.text "\n"
|
56
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
57
|
-
end
|
50
|
+
report_title Report.title
|
51
|
+
report_subtitle "Executive Summary"
|
52
|
+
report_author "This report was prepared by\n#{Report.author}"
|
58
53
|
|
59
54
|
output.text "\n\n\n"
|
60
55
|
|
@@ -97,20 +92,16 @@ module Risu
|
|
97
92
|
output.image Item.risks_by_severity_graph, :width => 250, :at => [output.bounds.left, cury]
|
98
93
|
output.image Host.top_vuln_graph(10), :width => 250, :at => [output.bounds.right - 250, cury]
|
99
94
|
output.move_down 50
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
end
|
95
|
+
|
96
|
+
output.start_new_page
|
97
|
+
|
104
98
|
cury = output.y
|
105
99
|
output.image Item.risks_by_service_graph(10), :width => 250, :at => [output.bounds.left, cury]
|
106
100
|
output.image Host.other_os_graph, :width => 250, :at => [output.bounds.right - 250, cury]
|
107
101
|
output.move_down 250
|
108
|
-
|
109
|
-
# output.start_new_page
|
110
|
-
# cury = y
|
111
|
-
#end
|
102
|
+
|
112
103
|
cury = output.y
|
113
|
-
|
104
|
+
|
114
105
|
output.image Host.windows_os_graph, :width => 250, :at => [output.bounds.left, cury]
|
115
106
|
output.image Item.stigs_severity_graph, :width => 250, :at => [output.bounds.right - 250, cury]
|
116
107
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -220,22 +220,13 @@ module Risu
|
|
220
220
|
output.image Item.risks_by_severity_graph, :width => 250, :at => [output.bounds.left, cury]
|
221
221
|
output.image Host.top_vuln_graph(10), :width => 250, :at => [output.bounds.right - 250, cury]
|
222
222
|
|
223
|
-
output.move_down 225
|
224
|
-
if (output.y <= 300)
|
225
|
-
output.start_new_page
|
226
|
-
output.move_down 50
|
227
|
-
end
|
228
223
|
cury = output.y
|
229
224
|
output.image Item.risks_by_service_graph(10), :width => 250, :at => [output.bounds.left, cury]
|
230
225
|
output.image Host.other_os_graph, :width => 250, :at => [output.bounds.right - 250, cury]
|
231
226
|
output.move_down 225
|
232
|
-
|
233
|
-
output.start_new_page
|
234
|
-
output.move_down 50
|
235
|
-
end
|
227
|
+
|
236
228
|
cury = output.y
|
237
229
|
output.image Host.windows_os_graph, :width => 250, :at => [output.bounds.left, cury]
|
238
|
-
|
239
230
|
output.number_pages "<page> of <total>", :at => [output.bounds.right - 50, 0], :width => 150, :page_filter => :all
|
240
231
|
end
|
241
232
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,107 +27,46 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class FindingsSummary < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
|
-
#
|
32
|
-
#
|
33
32
|
def initialize ()
|
34
33
|
@template_info =
|
35
34
|
{
|
36
35
|
:name => "findings_summary",
|
37
36
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
37
|
+
:version => "0.0.2",
|
39
38
|
:description => "Generates a findings summary report"
|
40
39
|
}
|
41
40
|
end
|
42
41
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
output.font_size(22) do
|
50
|
-
output.text Report.title, :align => :center
|
51
|
-
end
|
52
|
-
|
53
|
-
output.font_size(18) do
|
54
|
-
output.text "Findings Summary Report", :align => :center
|
55
|
-
output.text "\n"
|
56
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
57
|
-
end
|
58
|
-
|
59
|
-
output.text "\n\n\n"
|
60
|
-
|
61
|
-
output.font_size(20) do
|
62
|
-
output.fill_color "551A8B"
|
63
|
-
output.text "Critical Findings", :style => :bold
|
64
|
-
output.fill_color "000000"
|
65
|
-
end
|
66
|
-
|
67
|
-
Item.critical_risks_unique_sorted.each do |item|
|
68
|
-
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
69
|
-
count = Item.where(:plugin_id => item.plugin_id).count
|
70
|
-
|
71
|
-
output.text "#{count} - #{name}"
|
72
|
-
end
|
73
|
-
|
74
|
-
output.font_size(20) do
|
75
|
-
output.fill_color "FF0000"
|
76
|
-
output.text "High Findings", :style => :bold
|
77
|
-
output.fill_color "000000"
|
78
|
-
end
|
79
|
-
|
80
|
-
Item.high_risks_unique_sorted.each do |item|
|
81
|
-
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
82
|
-
count = Item.where(:plugin_id => item.plugin_id).count
|
83
|
-
|
84
|
-
output.text "#{count} - #{name}"
|
85
|
-
end
|
86
|
-
|
87
|
-
output.start_new_page
|
88
|
-
|
89
|
-
output.font_size(20) do
|
90
|
-
output.fill_color "FF8040"
|
91
|
-
output.text "Medium Findings", :style => :bold
|
92
|
-
output.fill_color "000000"
|
42
|
+
def print_risk_summary(risks, text, color)
|
43
|
+
@output.font_size(20) do
|
44
|
+
@output.fill_color color
|
45
|
+
@output.text text, :style => :bold
|
46
|
+
@output.fill_color "000000"
|
93
47
|
end
|
94
48
|
|
95
|
-
|
49
|
+
risks.each do |item|
|
96
50
|
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
97
51
|
count = Item.where(:plugin_id => item.plugin_id).count
|
98
52
|
|
99
|
-
|
100
|
-
end
|
101
|
-
|
102
|
-
output.start_new_page
|
103
|
-
|
104
|
-
output.font_size(20) {
|
105
|
-
output.fill_color "0000FF"
|
106
|
-
output.text "Low Findings", :style => :bold
|
107
|
-
output.fill_color "000000"
|
108
|
-
}
|
109
|
-
|
110
|
-
Item.low_risks_unique_sorted.each do |item|
|
111
|
-
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
112
|
-
count = Item.where(:plugin_id => item.plugin_id).count
|
113
|
-
|
114
|
-
output.text "#{count} - #{name}"
|
115
|
-
end
|
116
|
-
|
117
|
-
#Provides nothing
|
118
|
-
#output.font_size(20) {
|
119
|
-
# output.fill_color "008000"
|
120
|
-
# output.text "Low Findings", :style => :bold
|
121
|
-
# output.fill_color "000000"
|
122
|
-
#}
|
123
|
-
#
|
124
|
-
#Item.low_risks_unique_sorted.each do |item|
|
125
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
126
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
127
|
-
#
|
128
|
-
# output.text "#{count} - #{name}"
|
129
|
-
#end
|
53
|
+
text "#{count} - #{name}"
|
54
|
+
end
|
55
|
+
end
|
130
56
|
|
57
|
+
def render(output)
|
58
|
+
text Report.classification.upcase, :align => :center
|
59
|
+
text "\n"
|
60
|
+
|
61
|
+
report_title Report.title
|
62
|
+
report_subtitle "Findings Summary Report"
|
63
|
+
report_author "This report was prepared by\n#{Report.author}"
|
64
|
+
text "\n\n\n"
|
65
|
+
|
66
|
+
print_risk_summary(Item.critical_risks_unique_sorted, "Critical Findings", "551A8B")
|
67
|
+
print_risk_summary(Item.high_risks_unique_sorted, "High Findings", "FF0000")
|
68
|
+
print_risk_summary(Item.medium_risks_unique_sorted, "Medium Findings", "FF8040")
|
69
|
+
print_risk_summary(Item.low_risks_unique_sorted, "Low Findings", "0000FF")
|
131
70
|
end
|
132
71
|
end
|
133
72
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,15 +27,15 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class HostSummary < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
|
-
#
|
32
32
|
#
|
33
33
|
def initialize ()
|
34
34
|
@template_info =
|
35
35
|
{
|
36
36
|
:name => "host_summary",
|
37
37
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
38
|
+
:version => "0.0.3",
|
39
39
|
:description => "Generates a Host Summary Report"
|
40
40
|
}
|
41
41
|
end
|
@@ -43,22 +43,23 @@ module Risu
|
|
43
43
|
#
|
44
44
|
#
|
45
45
|
def render(output)
|
46
|
-
output.text Report.classification.upcase, :align => :center
|
47
|
-
output.text "\n"
|
46
|
+
@output.text Report.classification.upcase, :align => :center
|
47
|
+
@output.text "\n"
|
48
48
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
output.text "\n"
|
53
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
54
|
-
}
|
49
|
+
report_title Report.title
|
50
|
+
report_subtitle "Host Summary Report"
|
51
|
+
report_author "This report was prepared by\n#{Report.author}"
|
55
52
|
|
56
|
-
output.text "\n\n\n"
|
53
|
+
@output.text "\n\n\n"
|
54
|
+
|
55
|
+
@output.text "Scan Date:", :style => :bold
|
56
|
+
@output.text "#{Report.scan_date}"
|
57
|
+
@output.text "\n"
|
57
58
|
|
58
59
|
results = Array.new
|
59
60
|
|
60
61
|
headers = ["Hostname", "Total", "Critical", "High", "Medium", "Low", "Info"]
|
61
|
-
header_widths = {0 =>
|
62
|
+
header_widths = {0 => 230, 1 => 46, 2 => 46, 3 => 46, 4 => 47, 5 => 46, 6 => 46}
|
62
63
|
|
63
64
|
Host.sorted.each do |host|
|
64
65
|
row = Array.new
|
@@ -70,7 +71,10 @@ module Risu
|
|
70
71
|
low = Item.low_risks.where(:host_id => host.id).count
|
71
72
|
info = Item.info_risks.where(:host_id => host.id).count
|
72
73
|
|
73
|
-
|
74
|
+
host_name = host.name
|
75
|
+
host_name = "#{host.name} (#{host.netbios})" if host.netbios != nil
|
76
|
+
|
77
|
+
row.push(host_name)
|
74
78
|
row.push(total)
|
75
79
|
row.push(crit)
|
76
80
|
row.push(high)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,9 +27,8 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class MSPatchSummary < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
|
-
#
|
32
|
-
#
|
33
32
|
def initialize ()
|
34
33
|
@template_info =
|
35
34
|
{
|
@@ -40,20 +39,15 @@ module Risu
|
|
40
39
|
}
|
41
40
|
end
|
42
41
|
|
43
|
-
#
|
44
|
-
#
|
45
42
|
def render(output)
|
46
|
-
|
47
|
-
|
43
|
+
text Report.classification.upcase, :align => :center
|
44
|
+
text "\n"
|
48
45
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
output.text "\n"
|
53
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
54
|
-
}
|
46
|
+
report_title Report.title
|
47
|
+
report_subtitle "Missing Microsoft Patch Summary"
|
48
|
+
report_author "This report was prepared by\n#{Report.author}"
|
55
49
|
|
56
|
-
|
50
|
+
text "\n\n\n"
|
57
51
|
|
58
52
|
Item.ms_patches.each do |item|
|
59
53
|
host = Host.find_by_id(item.host_id)
|
@@ -61,24 +55,23 @@ module Risu
|
|
61
55
|
next if host == nil
|
62
56
|
|
63
57
|
if host.name != nil
|
64
|
-
|
65
|
-
|
58
|
+
text "Host:", :style => :bold
|
59
|
+
text host.name
|
66
60
|
end
|
67
61
|
|
68
62
|
if host.os != nil
|
69
|
-
|
70
|
-
|
63
|
+
text "OS:", :style => :bold
|
64
|
+
text host.os
|
71
65
|
end
|
72
66
|
|
73
67
|
if host.mac != nil
|
74
|
-
|
75
|
-
|
68
|
+
text "Mac:", :style => :bold
|
69
|
+
text host.mac
|
76
70
|
end
|
77
|
-
|
78
|
-
|
79
|
-
|
71
|
+
text "\n"
|
72
|
+
text item.plugin_output
|
73
|
+
text "\n"
|
80
74
|
end
|
81
|
-
|
82
75
|
end
|
83
76
|
end
|
84
77
|
end
|