risu 1.6.3 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +12 -0
- data/Gemfile.ci +9 -9
- data/Gemfile.lock +118 -0
- data/LICENSE +1 -1
- data/NEWS.markdown +98 -0
- data/README.markdown +10 -3
- data/Rakefile +2 -2
- data/bin/risu +3 -3
- data/lib/risu.rb +6 -2
- data/lib/risu/base.rb +10 -3
- data/lib/risu/base/graph_template_helper.rb +71 -0
- data/lib/risu/base/host_template_helper.rb +75 -0
- data/lib/risu/base/malware_template_helper.rb +96 -0
- data/lib/risu/base/post_process_base.rb +210 -0
- data/lib/risu/base/post_process_manager.rb +120 -0
- data/lib/risu/base/schema.rb +10 -7
- data/lib/risu/base/shares_template_helper.rb +158 -0
- data/lib/risu/base/template_base.rb +12 -10
- data/lib/risu/base/template_helper.rb +105 -3
- data/lib/risu/base/template_manager.rb +16 -12
- data/lib/risu/base/templater.rb +23 -9
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +23 -17
- data/lib/risu/cli/banner.rb +3 -3
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/attachment.rb +3 -3
- data/lib/risu/models/familyselection.rb +3 -3
- data/lib/risu/models/host.rb +74 -9
- data/lib/risu/models/hostproperty.rb +3 -3
- data/lib/risu/models/individualpluginselection.rb +3 -3
- data/lib/risu/models/item.rb +92 -29
- data/lib/risu/models/patch.rb +3 -3
- data/lib/risu/models/plugin.rb +30 -2
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -2
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +3 -3
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +3 -3
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +23 -16
- data/lib/risu/parsers/nessus/postprocess.rb +3 -6
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +82 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +86 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +67 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +104 -0
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +60 -0
- data/lib/risu/parsers/nessus/postprocess/java.rb +49 -198
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +65 -0
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +54 -0
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +84 -0
- data/lib/risu/parsers/nessus/postprocess/php.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +178 -0
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +10 -5
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +375 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +72 -0
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +3 -1
- data/lib/risu/renderers/csvrenderer.rb +53 -0
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +57 -0
- data/lib/risu/templates/assets.rb +5 -4
- data/lib/risu/templates/cover_sheet.rb +4 -3
- data/lib/risu/templates/exec_summary.rb +4 -3
- data/lib/risu/templates/executive_summary_detailed.rb +9 -8
- data/lib/risu/templates/exploitablity_summary.rb +82 -0
- data/lib/risu/templates/failed_audits.rb +98 -0
- data/lib/risu/templates/finding_statistics.rb +2 -1
- data/lib/risu/templates/findings_host.rb +20 -22
- data/lib/risu/templates/findings_summary.rb +11 -9
- data/lib/risu/templates/findings_summary_with_pluginid.rb +31 -85
- data/lib/risu/templates/graphs.rb +9 -10
- data/lib/risu/templates/host_findings_csv.rb +67 -0
- data/lib/risu/templates/host_summary.rb +2 -1
- data/lib/risu/templates/malicious_process_detection.rb +2 -1
- data/lib/risu/templates/missing_root_causes.rb +162 -0
- data/lib/risu/templates/ms_patch_summary.rb +3 -2
- data/lib/risu/templates/ms_update_summary.rb +5 -4
- data/lib/risu/templates/ms_wsus_findings.rb +5 -4
- data/lib/risu/templates/notable.rb +7 -11
- data/lib/risu/templates/notable_detailed.rb +7 -4
- data/lib/risu/templates/pci_compliance.rb +5 -4
- data/lib/risu/templates/stig_findings_summary.rb +5 -4
- data/lib/risu/templates/talking_points.rb +164 -0
- data/lib/risu/templates/technical_findings.rb +8 -4
- data/lib/risu/templates/template.rb +3 -2
- data/lib/risu/templates/top_25.rb +115 -0
- data/risu.gemspec +16 -15
- metadata +142 -77
@@ -0,0 +1,98 @@
|
|
1
|
+
# Copyright (c) 2010-2013 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Templates
|
29
|
+
class FailedAudits < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
31
|
+
|
32
|
+
# Initializes the template loading meta data
|
33
|
+
#
|
34
|
+
def initialize ()
|
35
|
+
@template_info =
|
36
|
+
{
|
37
|
+
:name => "failed_audits",
|
38
|
+
:author => "abenson",
|
39
|
+
:version => "0.0.2",
|
40
|
+
:renderer => "PDF",
|
41
|
+
:description => "Failed Audit Checks"
|
42
|
+
}
|
43
|
+
end
|
44
|
+
|
45
|
+
def print_header(size, text, color)
|
46
|
+
oldcolor = @output.fill_color
|
47
|
+
@output.font_size(size) do
|
48
|
+
@output.fill_color color
|
49
|
+
@output.text text, :style => :bold
|
50
|
+
@output.fill_color oldcolor
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
# Called during the rendering process
|
55
|
+
#
|
56
|
+
def render(output)
|
57
|
+
text Report.classification.upcase, :align => :center
|
58
|
+
text "\n"
|
59
|
+
|
60
|
+
report_title Report.title
|
61
|
+
report_subtitle "Failed Audit Checks"
|
62
|
+
report_author "This report was prepared by\n#{Report.author}"
|
63
|
+
|
64
|
+
text "\n\n\n"
|
65
|
+
|
66
|
+
text "Verify each finding. The compliance audits only look for exact matches. For example, if the policy value for minimum password length is 8, and the actual value is 10, this finding can be ignored."
|
67
|
+
|
68
|
+
text "\n\n\n"
|
69
|
+
|
70
|
+
Host.all.each do |h|
|
71
|
+
print_header(20, "#{h.name} (#{h.ip})", "000000")
|
72
|
+
|
73
|
+
if h.items.where(:cm_compliance_result => "FAILED").count > 0
|
74
|
+
data = [["Name", "Policy", "Value"]]
|
75
|
+
h.items.where(:cm_compliance_result => "FAILED").each do |cm|
|
76
|
+
data += [[cm.cm_compliance_check_name, cm.cm_compliance_policy_value, cm.cm_compliance_actual_value]]
|
77
|
+
end
|
78
|
+
|
79
|
+
output.table(data, :header => true) do
|
80
|
+
row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
|
81
|
+
cells.borders = [:top, :bottom, :left, :right]
|
82
|
+
end
|
83
|
+
text "\n"
|
84
|
+
|
85
|
+
elsif h.items.where(:cm_compliance_result => "PASSED").count > 0
|
86
|
+
text "Host passed all audits."
|
87
|
+
else
|
88
|
+
text "Audits were not conducted on host."
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
text "\n\n\n"
|
93
|
+
|
94
|
+
output.start_new_page
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -36,6 +36,7 @@ module Risu
|
|
36
36
|
:name => "finding_statistics",
|
37
37
|
:author => "hammackj",
|
38
38
|
:version => "0.0.1",
|
39
|
+
:renderer => "PDF",
|
39
40
|
:description => "Generates report finding statistics"
|
40
41
|
}
|
41
42
|
end
|
@@ -1,9 +1,9 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
|
-
|
3
|
+
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
5
5
|
# modification, are permitted provided that the following conditions are met:
|
6
|
-
|
6
|
+
#
|
7
7
|
# * Redistributions of source code must retain the above copyright
|
8
8
|
# notice, this list of conditions and the following disclaimer.
|
9
9
|
# * Redistributions in binary form must reproduce the above copyright
|
@@ -12,7 +12,7 @@
|
|
12
12
|
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
13
|
# may be used to endorse or promote products derived from this software
|
14
14
|
# without specific prior written permission.
|
15
|
-
|
15
|
+
#
|
16
16
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
17
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
18
|
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
@@ -21,12 +21,13 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class FindingsHost < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
32
|
#
|
32
33
|
#
|
@@ -35,7 +36,8 @@ module Risu
|
|
35
36
|
{
|
36
37
|
:name => "findings_host",
|
37
38
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
39
|
+
:version => "0.0.3",
|
40
|
+
:renderer => "PDF",
|
39
41
|
:description => "Generates a findings report by host"
|
40
42
|
}
|
41
43
|
end
|
@@ -43,23 +45,19 @@ module Risu
|
|
43
45
|
#
|
44
46
|
#
|
45
47
|
def render(output)
|
46
|
-
output.font_size 10
|
48
|
+
@output.font_size 10
|
47
49
|
|
48
|
-
|
49
|
-
output.text "\n"
|
50
|
+
report_classification
|
50
51
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
output.text "\n"
|
55
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
56
|
-
}
|
52
|
+
report_title Report.title
|
53
|
+
report_subtitle "Findings Summary by Host Report"
|
54
|
+
report_author "This report was prepared by\n#{Report.author}"
|
57
55
|
|
58
|
-
output.text "\n\n\n"
|
56
|
+
@output.text "\n\n\n"
|
59
57
|
|
60
58
|
Host.sorted.each do |host|
|
61
59
|
if host.items.high_risks_unique_sorted.to_a.count > 0 or host.items.medium_risks_unique_sorted.to_a.count > 0
|
62
|
-
output.font_size(16) do
|
60
|
+
@output.font_size(16) do
|
63
61
|
|
64
62
|
host_string = "#{host.ip}"
|
65
63
|
host_string << " (#{host.fqdn})" if host.fqdn != nil
|
@@ -69,7 +67,7 @@ module Risu
|
|
69
67
|
end
|
70
68
|
|
71
69
|
if host.items.critical_risks_unique_sorted.to_a.count > 0
|
72
|
-
output.font_size(12) do
|
70
|
+
@output.font_size(12) do
|
73
71
|
output.fill_color "551A8B"
|
74
72
|
output.text "Critical Findings", :style => :bold
|
75
73
|
output.fill_color "000000"
|
@@ -82,7 +80,7 @@ module Risu
|
|
82
80
|
end
|
83
81
|
|
84
82
|
if host.items.high_risks_unique_sorted.to_a.count > 0
|
85
|
-
output.font_size(12) {
|
83
|
+
@output.font_size(12) {
|
86
84
|
output.fill_color "FF0000"
|
87
85
|
output.text "High Findings", :style => :bold
|
88
86
|
output.fill_color "000000"
|
@@ -95,7 +93,7 @@ module Risu
|
|
95
93
|
end
|
96
94
|
|
97
95
|
if host.items.medium_risks_unique_sorted.to_a.count > 0
|
98
|
-
output.font_size(12) {
|
96
|
+
@output.font_size(12) {
|
99
97
|
output.fill_color "FF8040"
|
100
98
|
output.text "Medium Findings", :style => :bold
|
101
99
|
output.fill_color "000000"
|
@@ -108,7 +106,7 @@ module Risu
|
|
108
106
|
end
|
109
107
|
|
110
108
|
if host.items.high_risks_unique_sorted.to_a.count > 0 or host.items.medium_risks_unique_sorted.to_a.count > 0
|
111
|
-
output.text "\n"
|
109
|
+
@output.text "\n"
|
112
110
|
end
|
113
111
|
end
|
114
112
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
@@ -34,14 +34,15 @@ module Risu
|
|
34
34
|
{
|
35
35
|
:name => "findings_summary",
|
36
36
|
:author => "hammackj",
|
37
|
-
:version => "0.0.
|
37
|
+
:version => "0.0.3",
|
38
|
+
:renderer => "PDF",
|
38
39
|
:description => "Generates a findings summary report"
|
39
40
|
}
|
40
41
|
end
|
41
42
|
|
42
43
|
def print_risk_summary(risks, text, color)
|
43
44
|
@output.font_size(20) do
|
44
|
-
@output.fill_color color
|
45
|
+
@output.fill_color color.gsub('#', '')
|
45
46
|
@output.text text, :style => :bold
|
46
47
|
@output.fill_color "000000"
|
47
48
|
end
|
@@ -63,10 +64,11 @@ module Risu
|
|
63
64
|
report_author "This report was prepared by\n#{Report.author}"
|
64
65
|
text "\n\n\n"
|
65
66
|
|
66
|
-
print_risk_summary(Item.critical_risks_unique_sorted, "Critical Findings",
|
67
|
-
print_risk_summary(Item.high_risks_unique_sorted, "High Findings",
|
68
|
-
print_risk_summary(Item.medium_risks_unique_sorted, "Medium Findings",
|
69
|
-
print_risk_summary(Item.low_risks_unique_sorted, "Low Findings",
|
67
|
+
print_risk_summary(Item.critical_risks_unique_sorted, "Critical Findings", Risu::GRAPH_COLORS[0])
|
68
|
+
print_risk_summary(Item.high_risks_unique_sorted, "High Findings", Risu::GRAPH_COLORS[1])
|
69
|
+
print_risk_summary(Item.medium_risks_unique_sorted, "Medium Findings", Risu::GRAPH_COLORS[2])
|
70
|
+
print_risk_summary(Item.low_risks_unique_sorted, "Low Findings", Risu::GRAPH_COLORS[3])
|
71
|
+
print_risk_summary(Item.info_risks_unique_sorted, "Informational Findings", Risu::GRAPH_COLORS[4])
|
70
72
|
end
|
71
73
|
end
|
72
74
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,12 +21,13 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class FindingsSummaryWithPluginID < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
32
|
#
|
32
33
|
#
|
@@ -35,100 +36,45 @@ module Risu
|
|
35
36
|
{
|
36
37
|
:name => "findings_summary_with_pluginid",
|
37
38
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
39
|
+
:version => "0.0.5",
|
40
|
+
:renderer => "PDF",
|
39
41
|
:description => "Generates a Findings Summary with Nessus Plugin ID"
|
40
42
|
}
|
41
43
|
end
|
42
44
|
|
43
45
|
#
|
44
46
|
#
|
45
|
-
def
|
46
|
-
output.
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
output.text Report.title, :align => :center
|
51
|
-
end
|
52
|
-
|
53
|
-
output.font_size(18) do
|
54
|
-
output.text "Findings Summary Report", :align => :center
|
55
|
-
output.text "\n"
|
56
|
-
output.text "This report was prepared by\n#{Report.author}", :align => :center
|
57
|
-
end
|
58
|
-
|
59
|
-
output.text "\n\n\n"
|
60
|
-
|
61
|
-
output.font_size(20) {
|
62
|
-
output.fill_color "9B30FF"
|
63
|
-
output.text "Critical Findings", :style => :bold
|
64
|
-
output.fill_color "000000"
|
65
|
-
}
|
66
|
-
|
67
|
-
Item.critical_risks_unique_sorted.each do |item|
|
68
|
-
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
69
|
-
count = Item.where(:plugin_id => item.plugin_id).count
|
70
|
-
|
71
|
-
output.text "#{count} - #{name} - #{item.plugin_id}"
|
47
|
+
def print_risk_summary_with_plugin_id(risks, text, color)
|
48
|
+
@output.font_size(20) do
|
49
|
+
@output.fill_color color.gsub('#', '')
|
50
|
+
@output.text text, :style => :bold
|
51
|
+
@output.fill_color "000000"
|
72
52
|
end
|
73
53
|
|
74
|
-
|
75
|
-
|
76
|
-
output.font_size(20) do
|
77
|
-
output.fill_color "FF0000"
|
78
|
-
output.text "High Findings", :style => :bold
|
79
|
-
output.fill_color "000000"
|
80
|
-
end
|
81
|
-
|
82
|
-
Item.high_risks_unique_sorted.each do |item|
|
54
|
+
risks.each do |item|
|
83
55
|
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
84
56
|
count = Item.where(:plugin_id => item.plugin_id).count
|
85
57
|
|
86
|
-
|
87
|
-
end
|
88
|
-
|
89
|
-
output.start_new_page
|
58
|
+
text "#{count} - #{name} - #{item.plugin_id}"
|
59
|
+
end
|
60
|
+
end
|
90
61
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
output.fill_color "0000FF"
|
108
|
-
output.text "Low Findings", :style => :bold
|
109
|
-
output.fill_color "000000"
|
110
|
-
}
|
111
|
-
|
112
|
-
Item.low_risks_unique_sorted.each do |item|
|
113
|
-
name = Plugin.find_by_id(item.plugin_id).plugin_name
|
114
|
-
count = Item.where(:plugin_id => item.plugin_id).count
|
115
|
-
|
116
|
-
output.text "#{count} - #{name} - #{item.plugin_id}"
|
117
|
-
end
|
118
|
-
|
119
|
-
#Provides nothing
|
120
|
-
#output.font_size(20) {
|
121
|
-
# output.fill_color "008000"
|
122
|
-
# output.text "Low Findings", :style => :bold
|
123
|
-
# output.fill_color "000000"
|
124
|
-
#}
|
125
|
-
#
|
126
|
-
#Item.low_risks_unique_sorted.each do |item|
|
127
|
-
# name = Plugin.find_by_id(item.plugin_id).plugin_name
|
128
|
-
# count = Item.where(:plugin_id => item.plugin_id).count
|
129
|
-
#
|
130
|
-
# output.text "#{count} - #{name}"
|
131
|
-
#end
|
62
|
+
#
|
63
|
+
#
|
64
|
+
def render(output)
|
65
|
+
text Report.classification.upcase, :align => :center
|
66
|
+
text "\n"
|
67
|
+
|
68
|
+
report_title Report.title
|
69
|
+
report_subtitle "Findings Summary Report"
|
70
|
+
report_author "This report was prepared by\n#{Report.author}"
|
71
|
+
text "\n\n\n"
|
72
|
+
|
73
|
+
print_risk_summary_with_plugin_id(Item.critical_risks_unique_sorted, "Critical Findings", Risu::GRAPH_COLORS[0])
|
74
|
+
print_risk_summary_with_plugin_id(Item.high_risks_unique_sorted, "High Findings", Risu::GRAPH_COLORS[1])
|
75
|
+
print_risk_summary_with_plugin_id(Item.medium_risks_unique_sorted, "Medium Findings", Risu::GRAPH_COLORS[2])
|
76
|
+
print_risk_summary_with_plugin_id(Item.low_risks_unique_sorted, "Low Findings", Risu::GRAPH_COLORS[3])
|
77
|
+
print_risk_summary_with_plugin_id(Item.info_risks_unique_sorted, "Informational Findings", Risu::GRAPH_COLORS[4])
|
132
78
|
end
|
133
79
|
end
|
134
80
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -27,6 +27,7 @@
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
class Graphs < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
30
31
|
|
31
32
|
#
|
32
33
|
#
|
@@ -35,7 +36,8 @@ module Risu
|
|
35
36
|
{
|
36
37
|
:name => "graphs",
|
37
38
|
:author => "hammackj",
|
38
|
-
:version => "0.0.
|
39
|
+
:version => "0.0.2",
|
40
|
+
:renderer => "PDF",
|
39
41
|
:description => "Generates a report with all the graphs in it",
|
40
42
|
:scanner => "Nessus"
|
41
43
|
}
|
@@ -75,19 +77,16 @@ module Risu
|
|
75
77
|
|
76
78
|
output.image Host.top_vuln_graph(10), :width => 500, :height => 375, :position => :center
|
77
79
|
|
78
|
-
|
79
|
-
|
80
|
-
output.image Host.other_os_graph, :width => 500, :height => 375, :position => :center
|
81
|
-
output.text Host.other_os_graph_text
|
80
|
+
other_os_graph_page
|
82
81
|
|
83
|
-
|
82
|
+
windows_os_graph_page
|
84
83
|
|
85
|
-
output.image
|
86
|
-
output.text Host.windows_os_graph_text
|
84
|
+
output.image Item.stigs_severity_graph, :width => 500, :height => 375, :position => :center
|
87
85
|
|
88
86
|
output.start_new_page
|
89
87
|
|
90
|
-
output.image
|
88
|
+
output.image Plugin.root_cause_graph, :width => 500, :height => 375, :position => :center
|
89
|
+
output.text Plugin.root_cause_graph_text
|
91
90
|
end
|
92
91
|
end
|
93
92
|
end
|