risu 1.6.3 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +12 -0
- data/Gemfile.ci +9 -9
- data/Gemfile.lock +118 -0
- data/LICENSE +1 -1
- data/NEWS.markdown +98 -0
- data/README.markdown +10 -3
- data/Rakefile +2 -2
- data/bin/risu +3 -3
- data/lib/risu.rb +6 -2
- data/lib/risu/base.rb +10 -3
- data/lib/risu/base/graph_template_helper.rb +71 -0
- data/lib/risu/base/host_template_helper.rb +75 -0
- data/lib/risu/base/malware_template_helper.rb +96 -0
- data/lib/risu/base/post_process_base.rb +210 -0
- data/lib/risu/base/post_process_manager.rb +120 -0
- data/lib/risu/base/schema.rb +10 -7
- data/lib/risu/base/shares_template_helper.rb +158 -0
- data/lib/risu/base/template_base.rb +12 -10
- data/lib/risu/base/template_helper.rb +105 -3
- data/lib/risu/base/template_manager.rb +16 -12
- data/lib/risu/base/templater.rb +23 -9
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +23 -17
- data/lib/risu/cli/banner.rb +3 -3
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/attachment.rb +3 -3
- data/lib/risu/models/familyselection.rb +3 -3
- data/lib/risu/models/host.rb +74 -9
- data/lib/risu/models/hostproperty.rb +3 -3
- data/lib/risu/models/individualpluginselection.rb +3 -3
- data/lib/risu/models/item.rb +92 -29
- data/lib/risu/models/patch.rb +3 -3
- data/lib/risu/models/plugin.rb +30 -2
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -2
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +3 -3
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +3 -3
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +23 -16
- data/lib/risu/parsers/nessus/postprocess.rb +3 -6
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +82 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +86 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +67 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +104 -0
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +60 -0
- data/lib/risu/parsers/nessus/postprocess/java.rb +49 -198
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +65 -0
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +54 -0
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +84 -0
- data/lib/risu/parsers/nessus/postprocess/php.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +178 -0
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +10 -5
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +375 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +72 -0
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +3 -1
- data/lib/risu/renderers/csvrenderer.rb +53 -0
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +57 -0
- data/lib/risu/templates/assets.rb +5 -4
- data/lib/risu/templates/cover_sheet.rb +4 -3
- data/lib/risu/templates/exec_summary.rb +4 -3
- data/lib/risu/templates/executive_summary_detailed.rb +9 -8
- data/lib/risu/templates/exploitablity_summary.rb +82 -0
- data/lib/risu/templates/failed_audits.rb +98 -0
- data/lib/risu/templates/finding_statistics.rb +2 -1
- data/lib/risu/templates/findings_host.rb +20 -22
- data/lib/risu/templates/findings_summary.rb +11 -9
- data/lib/risu/templates/findings_summary_with_pluginid.rb +31 -85
- data/lib/risu/templates/graphs.rb +9 -10
- data/lib/risu/templates/host_findings_csv.rb +67 -0
- data/lib/risu/templates/host_summary.rb +2 -1
- data/lib/risu/templates/malicious_process_detection.rb +2 -1
- data/lib/risu/templates/missing_root_causes.rb +162 -0
- data/lib/risu/templates/ms_patch_summary.rb +3 -2
- data/lib/risu/templates/ms_update_summary.rb +5 -4
- data/lib/risu/templates/ms_wsus_findings.rb +5 -4
- data/lib/risu/templates/notable.rb +7 -11
- data/lib/risu/templates/notable_detailed.rb +7 -4
- data/lib/risu/templates/pci_compliance.rb +5 -4
- data/lib/risu/templates/stig_findings_summary.rb +5 -4
- data/lib/risu/templates/talking_points.rb +164 -0
- data/lib/risu/templates/technical_findings.rb +8 -4
- data/lib/risu/templates/template.rb +3 -2
- data/lib/risu/templates/top_25.rb +115 -0
- data/risu.gemspec +16 -15
- metadata +142 -77
@@ -0,0 +1,164 @@
|
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Templates
|
29
|
+
class TalkingPoints < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
31
|
+
|
32
|
+
# Initializes the Talking Points Report
|
33
|
+
def initialize ()
|
34
|
+
@template_info =
|
35
|
+
{
|
36
|
+
:name => "talking_points",
|
37
|
+
:author => "hammackj",
|
38
|
+
:version => "0.0.2",
|
39
|
+
:renderer => "PDF",
|
40
|
+
:description => "Generates a Talking Points Report"
|
41
|
+
}
|
42
|
+
end
|
43
|
+
|
44
|
+
# Renders the Talking Points Report
|
45
|
+
def render(output)
|
46
|
+
report_classification
|
47
|
+
|
48
|
+
report_title Report.title
|
49
|
+
report_subtitle "Talking Points Report"
|
50
|
+
report_author "This report was prepared by\n#{Report.author}"
|
51
|
+
|
52
|
+
@output.text "\n\n\n"
|
53
|
+
|
54
|
+
@output.text "Scan Date:", :style => :bold
|
55
|
+
@output.text "#{Report.scan_date}"
|
56
|
+
@output.text "\n"
|
57
|
+
|
58
|
+
# Number of hosts / score
|
59
|
+
@output.text "There were #{Host.count} hosts identified, containing #{Item.critical_risks.to_a.count + Item.high_risks.to_a.count} critical and high risks findings. Of those there were #{Item.critical_risks.to_a.count} Critical risks, and #{Item.high_risks.to_a.count} High risks."
|
60
|
+
|
61
|
+
@output.text "These critical and highs were discovered on #{Host.unique_hosts_with_critical_and_high_count} unique hosts. #{Item.risk_percent_rounded_text} of the total assessed computers were found to have an critical or high finding."
|
62
|
+
|
63
|
+
# @todo need vulnerable host count
|
64
|
+
|
65
|
+
@output.text "\n\n\n"
|
66
|
+
|
67
|
+
# Top Hosts with Findings
|
68
|
+
#@todo need this call
|
69
|
+
|
70
|
+
@output.text "\n\n\n"
|
71
|
+
|
72
|
+
# Notable Findings
|
73
|
+
Item.top_10_table(@output)
|
74
|
+
|
75
|
+
|
76
|
+
# Plugin_output keyword search?
|
77
|
+
|
78
|
+
@output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
|
85
|
+
# # Copyright (c) 2010-2014 Arxopia LLC.
|
86
|
+
# # All rights reserved.
|
87
|
+
# #
|
88
|
+
# # Redistribution and use in source and binary forms, with or without
|
89
|
+
# # modification, are permitted provided that the following conditions are met:
|
90
|
+
# #
|
91
|
+
# # * Redistributions of source code must retain the above copyright
|
92
|
+
# # notice, this list of conditions and the following disclaimer.
|
93
|
+
# # * Redistributions in binary form must reproduce the above copyright
|
94
|
+
# # notice, this list of conditions and the following disclaimer in the
|
95
|
+
# # documentation and/or other materials provided with the distribution.
|
96
|
+
# # * Neither the name of the Arxopia LLC nor the names of its contributors
|
97
|
+
# # may be used to endorse or promote products derived from this software
|
98
|
+
# # without specific prior written permission.
|
99
|
+
# #
|
100
|
+
# # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
101
|
+
# # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
102
|
+
# # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
103
|
+
# # DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
104
|
+
# # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
105
|
+
# # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
106
|
+
# # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
107
|
+
# # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
108
|
+
# # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
109
|
+
# # OF THE POSSIBILITY OF SUCH DAMAGE.
|
110
|
+
|
111
|
+
# module Risu
|
112
|
+
# module Templates
|
113
|
+
# class TalkingPoints < Risu::Base::TemplateBase
|
114
|
+
# include TemplateHelper
|
115
|
+
|
116
|
+
# # Initializes the Talking Points Report
|
117
|
+
# def initialize ()
|
118
|
+
# @template_info =
|
119
|
+
# {
|
120
|
+
# :name => "talking_points",
|
121
|
+
# :author => "hammackj",
|
122
|
+
# :version => "0.0.1",
|
123
|
+
# :description => "Generates a Talking Points Report"
|
124
|
+
# }
|
125
|
+
# end
|
126
|
+
|
127
|
+
# # Renders the Talking Points Report
|
128
|
+
# def render(output)
|
129
|
+
# report_classification
|
130
|
+
|
131
|
+
# report_title Report.title
|
132
|
+
# report_subtitle "Talking Points Report"
|
133
|
+
# report_author "This report was prepared by\n#{Report.author}"
|
134
|
+
|
135
|
+
# @output.text "\n\n\n"
|
136
|
+
|
137
|
+
# @output.text "Scan Date:", :style => :bold
|
138
|
+
# @output.text "#{Report.scan_date}"
|
139
|
+
# @output.text "\n"
|
140
|
+
|
141
|
+
# # Number of hosts / score
|
142
|
+
# @output.text "There were #{Host.count} hosts identified, containing #{Item.critical_risks.to_a.count + Item.high_risks.to_a.count} critical and high risks findings. Of those there were #{Item.critical_risks.to_a.count} Critical risks, and #{Item.high_risks.to_a.count} High risks. were discovered on #{Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
|
143
|
+
# #{Item.risk_percent_rounded_text} of the total assessed computers were found to have an critical or high finding."
|
144
|
+
|
145
|
+
# #need vulnerable host count
|
146
|
+
|
147
|
+
# @output.text "\n\n\n"
|
148
|
+
|
149
|
+
# # Top Hosts with Findings
|
150
|
+
# #@todo need this call
|
151
|
+
|
152
|
+
# @output.text "\n\n\n"
|
153
|
+
|
154
|
+
# # Notable Findings
|
155
|
+
# Item.top_10_table(@output)
|
156
|
+
|
157
|
+
|
158
|
+
# # Plugin_output keyword search?
|
159
|
+
|
160
|
+
# @output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
|
161
|
+
# end
|
162
|
+
# end
|
163
|
+
# end
|
164
|
+
# end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -34,7 +34,8 @@ module Risu
|
|
34
34
|
{
|
35
35
|
:name => "technical_findings",
|
36
36
|
:author => "hammackj",
|
37
|
-
:version => "0.0.
|
37
|
+
:version => "0.0.8",
|
38
|
+
:renderer => "PDF",
|
38
39
|
:description => "Generates a Technical Findings Report"
|
39
40
|
}
|
40
41
|
end
|
@@ -50,8 +51,11 @@ module Risu
|
|
50
51
|
text "\n\n\n"
|
51
52
|
|
52
53
|
unique_risks = Array.new
|
53
|
-
unique_risks << Hash[:title => "Critical Findings", :color =>
|
54
|
-
unique_risks << Hash[:title => "High Findings", :color =>
|
54
|
+
unique_risks << Hash[:title => "Critical Findings", :color => Risu::GRAPH_COLORS[0], :values => Item.critical_risks_unique] if Item.critical_risks_unique.to_a.size != 0
|
55
|
+
unique_risks << Hash[:title => "High Findings", :color => Risu::GRAPH_COLORS[1], :values => Item.high_risks_unique] if Item.high_risks_unique.to_a.size != 0
|
56
|
+
|
57
|
+
# unique_risks << Hash[:title => "Medium Findings", :color => Risu::GRAPH_COLORS[2], :values => Item.medium_risks_unique_sorted] if Item.medium_risks_unique_sorted.to_a.size != 0
|
58
|
+
# unique_risks << Hash[:title => "Low Findings", :color => Risu::GRAPH_COLORS[3], :values => Item.low_risks_unique_sorted] if Item.low_risks_unique_sorted.to_a.size != 0
|
55
59
|
|
56
60
|
unique_risks.each_with_index do |h, index|
|
57
61
|
if h[:values].length > 0
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -36,7 +36,8 @@ module Risu
|
|
36
36
|
{
|
37
37
|
:name => "template",
|
38
38
|
:author => "hammackj",
|
39
|
-
:version => "0.0.
|
39
|
+
:version => "0.0.4",
|
40
|
+
:renderer => "PDF",
|
40
41
|
:description => "template"
|
41
42
|
}
|
42
43
|
end
|
@@ -0,0 +1,115 @@
|
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Templates
|
29
|
+
class Top25 < Risu::Base::TemplateBase
|
30
|
+
include TemplateHelper
|
31
|
+
|
32
|
+
#
|
33
|
+
#
|
34
|
+
def initialize ()
|
35
|
+
@template_info =
|
36
|
+
{
|
37
|
+
:name => "top_25",
|
38
|
+
:author => "hammackj",
|
39
|
+
:version => "0.0.2",
|
40
|
+
:renderer => "PDF",
|
41
|
+
:description => "Generates a Top 25 Remediation report"
|
42
|
+
}
|
43
|
+
end
|
44
|
+
|
45
|
+
#
|
46
|
+
#
|
47
|
+
def render(output)
|
48
|
+
text Report.classification.upcase, :align => :center
|
49
|
+
text "\n"
|
50
|
+
|
51
|
+
report_title Report.title
|
52
|
+
report_subtitle "Top 25 Remediations"
|
53
|
+
report_author "This report was prepared by\n#{Report.author}"
|
54
|
+
text "\n\n\n"
|
55
|
+
|
56
|
+
results = Array.new
|
57
|
+
|
58
|
+
headers = ["Remediations", "Vulns", "Exploitability", "Assets", "RiskScore"]
|
59
|
+
|
60
|
+
page_width = output.bounds.width
|
61
|
+
|
62
|
+
#header_widths = {0 => 255, 1 => 56, 2 => 56, 3 => 56, 4 => 57}
|
63
|
+
header_widths = {
|
64
|
+
0 => (page_width * 0.50),
|
65
|
+
1 => (page_width * 0.10),
|
66
|
+
2 => (page_width * 0.15),
|
67
|
+
3 => (page_width * 0.10),
|
68
|
+
4 => (page_width * 0.15)
|
69
|
+
}
|
70
|
+
|
71
|
+
Plugin.where(:risk_factor => "Critical").order(:risk_score).limit(25).reverse_order.each do |plugin|
|
72
|
+
row = Array.new
|
73
|
+
|
74
|
+
name = plugin.plugin_name
|
75
|
+
vulns = Item.where(:plugin_id => plugin.id).count
|
76
|
+
|
77
|
+
|
78
|
+
if plugin.exploitability_ease == "Exploits are available"
|
79
|
+
exploitability = "Yes"
|
80
|
+
else
|
81
|
+
exploitability = "No"
|
82
|
+
end
|
83
|
+
|
84
|
+
assets = 0
|
85
|
+
|
86
|
+
if Item.where(:plugin_id => plugin.id).group(:host_id) != nil
|
87
|
+
assets = Item.where(:plugin_id => plugin.id).group(:host_id).to_a.count
|
88
|
+
end
|
89
|
+
|
90
|
+
# vuln_pub_days = 1
|
91
|
+
|
92
|
+
# vuln_pub_days = (DateTime.now.to_date - plugin.vuln_publication_date.to_date).to_i if plugin.vuln_publication_date != nil
|
93
|
+
|
94
|
+
# risk = (plugin.cvss_base_score.to_f * vuln_pub_days) * assets
|
95
|
+
risk = plugin.risk_score
|
96
|
+
|
97
|
+
row.push(name)
|
98
|
+
row.push(vulns)
|
99
|
+
row.push(exploitability)
|
100
|
+
row.push(assets)
|
101
|
+
row.push(risk)
|
102
|
+
|
103
|
+
results.push(row)
|
104
|
+
end
|
105
|
+
|
106
|
+
output.table([headers] + results, :header => true, :column_widths => header_widths, :row_colors => ['ffffff', 'E5E5E5']) do
|
107
|
+
row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
|
108
|
+
cells.borders = [:top, :bottom, :left, :right]
|
109
|
+
end
|
110
|
+
|
111
|
+
output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
data/risu.gemspec
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
base = __FILE__
|
28
28
|
$:.unshift(File.join(File.dirname(base), 'lib'))
|
@@ -32,13 +32,13 @@ require 'risu'
|
|
32
32
|
Gem::Specification.new do |s|
|
33
33
|
s.name = "#{Risu::APP_NAME}"
|
34
34
|
s.version = Risu::VERSION
|
35
|
-
s.homepage = "
|
35
|
+
s.homepage = "https://github.com/arxopia/risu"
|
36
36
|
s.summary = "#{Risu::APP_NAME}"
|
37
37
|
s.description = "#{Risu::APP_NAME} is a Nessus .nessus XML parser and report generation tool"
|
38
38
|
s.license = "BSD"
|
39
39
|
|
40
40
|
s.author = "Jacob Hammack"
|
41
|
-
s.email = "
|
41
|
+
s.email = "jacob.hammack@hammackj.com"
|
42
42
|
|
43
43
|
s.files = Dir['[A-Z]*'] + Dir['lib/**/*'] + ['risu.gemspec']
|
44
44
|
s.bindir = "bin"
|
@@ -50,15 +50,16 @@ Gem::Specification.new do |s|
|
|
50
50
|
s.required_rubygems_version = ">= 1.8.24"
|
51
51
|
s.rubyforge_project = "#{Risu::APP_NAME}"
|
52
52
|
|
53
|
-
s.add_development_dependency
|
54
|
-
s.add_development_dependency
|
53
|
+
s.add_development_dependency 'simplecov', '~> 0.7', '>= 0.7.1'
|
54
|
+
s.add_development_dependency 'yard', '~> 0.8', '>= 0.8.3'
|
55
|
+
s.add_development_dependency 'minitest', '~> 4.3', '>= 4.3.2'
|
55
56
|
|
56
|
-
s.add_dependency('rails', ['
|
57
|
-
s.add_dependency('libxml-ruby', ['
|
58
|
-
s.add_dependency('prawn', ['
|
59
|
-
s.add_dependency('gruff', ['
|
60
|
-
s.add_dependency('mysql2', ['
|
61
|
-
s.add_dependency('rmagick', [
|
62
|
-
s.add_dependency('sqlite3', [
|
63
|
-
s.add_dependency('nokogiri', [
|
57
|
+
s.add_dependency('rails', ['4.0.0'])
|
58
|
+
s.add_dependency('libxml-ruby', ['2.4.0'])
|
59
|
+
s.add_dependency('prawn', ['0.12.0'])
|
60
|
+
s.add_dependency('gruff', ['0.3.7'])
|
61
|
+
s.add_dependency('mysql2', ['0.3.11'])
|
62
|
+
s.add_dependency('rmagick', ['2.13.2'])
|
63
|
+
s.add_dependency('sqlite3', ['1.3.7'])
|
64
|
+
s.add_dependency('nokogiri', ['1.6.0'])
|
64
65
|
end
|
metadata
CHANGED
@@ -1,157 +1,189 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: risu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jacob Hammack
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2014-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: simplecov
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.7'
|
20
|
+
- - ">="
|
18
21
|
- !ruby/object:Gem::Version
|
19
22
|
version: 0.7.1
|
20
23
|
type: :development
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
|
-
- -
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0.7'
|
30
|
+
- - ">="
|
25
31
|
- !ruby/object:Gem::Version
|
26
32
|
version: 0.7.1
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: yard
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
30
36
|
requirements:
|
31
|
-
- -
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0.8'
|
40
|
+
- - ">="
|
32
41
|
- !ruby/object:Gem::Version
|
33
42
|
version: 0.8.3
|
34
43
|
type: :development
|
35
44
|
prerelease: false
|
36
45
|
version_requirements: !ruby/object:Gem::Requirement
|
37
46
|
requirements:
|
38
|
-
- -
|
47
|
+
- - "~>"
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '0.8'
|
50
|
+
- - ">="
|
39
51
|
- !ruby/object:Gem::Version
|
40
52
|
version: 0.8.3
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: minitest
|
55
|
+
requirement: !ruby/object:Gem::Requirement
|
56
|
+
requirements:
|
57
|
+
- - "~>"
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: '4.3'
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: 4.3.2
|
63
|
+
type: :development
|
64
|
+
prerelease: false
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "~>"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '4.3'
|
70
|
+
- - ">="
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: 4.3.2
|
41
73
|
- !ruby/object:Gem::Dependency
|
42
74
|
name: rails
|
43
75
|
requirement: !ruby/object:Gem::Requirement
|
44
76
|
requirements:
|
45
|
-
- - '
|
77
|
+
- - '='
|
46
78
|
- !ruby/object:Gem::Version
|
47
79
|
version: 4.0.0
|
48
80
|
type: :runtime
|
49
81
|
prerelease: false
|
50
82
|
version_requirements: !ruby/object:Gem::Requirement
|
51
83
|
requirements:
|
52
|
-
- - '
|
84
|
+
- - '='
|
53
85
|
- !ruby/object:Gem::Version
|
54
86
|
version: 4.0.0
|
55
87
|
- !ruby/object:Gem::Dependency
|
56
88
|
name: libxml-ruby
|
57
89
|
requirement: !ruby/object:Gem::Requirement
|
58
90
|
requirements:
|
59
|
-
- - '
|
91
|
+
- - '='
|
60
92
|
- !ruby/object:Gem::Version
|
61
93
|
version: 2.4.0
|
62
94
|
type: :runtime
|
63
95
|
prerelease: false
|
64
96
|
version_requirements: !ruby/object:Gem::Requirement
|
65
97
|
requirements:
|
66
|
-
- - '
|
98
|
+
- - '='
|
67
99
|
- !ruby/object:Gem::Version
|
68
100
|
version: 2.4.0
|
69
101
|
- !ruby/object:Gem::Dependency
|
70
102
|
name: prawn
|
71
103
|
requirement: !ruby/object:Gem::Requirement
|
72
104
|
requirements:
|
73
|
-
- - '
|
105
|
+
- - '='
|
74
106
|
- !ruby/object:Gem::Version
|
75
107
|
version: 0.12.0
|
76
108
|
type: :runtime
|
77
109
|
prerelease: false
|
78
110
|
version_requirements: !ruby/object:Gem::Requirement
|
79
111
|
requirements:
|
80
|
-
- - '
|
112
|
+
- - '='
|
81
113
|
- !ruby/object:Gem::Version
|
82
114
|
version: 0.12.0
|
83
115
|
- !ruby/object:Gem::Dependency
|
84
116
|
name: gruff
|
85
117
|
requirement: !ruby/object:Gem::Requirement
|
86
118
|
requirements:
|
87
|
-
- - '
|
119
|
+
- - '='
|
88
120
|
- !ruby/object:Gem::Version
|
89
121
|
version: 0.3.7
|
90
122
|
type: :runtime
|
91
123
|
prerelease: false
|
92
124
|
version_requirements: !ruby/object:Gem::Requirement
|
93
125
|
requirements:
|
94
|
-
- - '
|
126
|
+
- - '='
|
95
127
|
- !ruby/object:Gem::Version
|
96
128
|
version: 0.3.7
|
97
129
|
- !ruby/object:Gem::Dependency
|
98
130
|
name: mysql2
|
99
131
|
requirement: !ruby/object:Gem::Requirement
|
100
132
|
requirements:
|
101
|
-
- - '
|
133
|
+
- - '='
|
102
134
|
- !ruby/object:Gem::Version
|
103
135
|
version: 0.3.11
|
104
136
|
type: :runtime
|
105
137
|
prerelease: false
|
106
138
|
version_requirements: !ruby/object:Gem::Requirement
|
107
139
|
requirements:
|
108
|
-
- - '
|
140
|
+
- - '='
|
109
141
|
- !ruby/object:Gem::Version
|
110
142
|
version: 0.3.11
|
111
143
|
- !ruby/object:Gem::Dependency
|
112
144
|
name: rmagick
|
113
145
|
requirement: !ruby/object:Gem::Requirement
|
114
146
|
requirements:
|
115
|
-
- - '
|
147
|
+
- - '='
|
116
148
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.13.
|
149
|
+
version: 2.13.2
|
118
150
|
type: :runtime
|
119
151
|
prerelease: false
|
120
152
|
version_requirements: !ruby/object:Gem::Requirement
|
121
153
|
requirements:
|
122
|
-
- - '
|
154
|
+
- - '='
|
123
155
|
- !ruby/object:Gem::Version
|
124
|
-
version: 2.13.
|
156
|
+
version: 2.13.2
|
125
157
|
- !ruby/object:Gem::Dependency
|
126
158
|
name: sqlite3
|
127
159
|
requirement: !ruby/object:Gem::Requirement
|
128
160
|
requirements:
|
129
|
-
- - '
|
161
|
+
- - '='
|
130
162
|
- !ruby/object:Gem::Version
|
131
163
|
version: 1.3.7
|
132
164
|
type: :runtime
|
133
165
|
prerelease: false
|
134
166
|
version_requirements: !ruby/object:Gem::Requirement
|
135
167
|
requirements:
|
136
|
-
- - '
|
168
|
+
- - '='
|
137
169
|
- !ruby/object:Gem::Version
|
138
170
|
version: 1.3.7
|
139
171
|
- !ruby/object:Gem::Dependency
|
140
172
|
name: nokogiri
|
141
173
|
requirement: !ruby/object:Gem::Requirement
|
142
174
|
requirements:
|
143
|
-
- - '
|
175
|
+
- - '='
|
144
176
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
177
|
+
version: 1.6.0
|
146
178
|
type: :runtime
|
147
179
|
prerelease: false
|
148
180
|
version_requirements: !ruby/object:Gem::Requirement
|
149
181
|
requirements:
|
150
|
-
- - '
|
182
|
+
- - '='
|
151
183
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
184
|
+
version: 1.6.0
|
153
185
|
description: risu is a Nessus .nessus XML parser and report generation tool
|
154
|
-
email:
|
186
|
+
email: jacob.hammack@hammackj.com
|
155
187
|
executables:
|
156
188
|
- risu
|
157
189
|
extensions: []
|
@@ -160,73 +192,107 @@ extra_rdoc_files:
|
|
160
192
|
- LICENSE
|
161
193
|
- NEWS.markdown
|
162
194
|
files:
|
163
|
-
-
|
164
|
-
- NEWS.markdown
|
195
|
+
- Gemfile
|
165
196
|
- Gemfile.ci
|
166
|
-
-
|
197
|
+
- Gemfile.lock
|
167
198
|
- LICENSE
|
199
|
+
- NEWS.markdown
|
200
|
+
- README.markdown
|
201
|
+
- Rakefile
|
202
|
+
- bin/risu
|
168
203
|
- lib/risu.rb
|
169
|
-
- lib/risu/
|
170
|
-
- lib/risu/base/
|
171
|
-
- lib/risu/base/
|
204
|
+
- lib/risu/base.rb
|
205
|
+
- lib/risu/base/graph_template_helper.rb
|
206
|
+
- lib/risu/base/host_template_helper.rb
|
207
|
+
- lib/risu/base/malware_template_helper.rb
|
208
|
+
- lib/risu/base/post_process_base.rb
|
209
|
+
- lib/risu/base/post_process_manager.rb
|
172
210
|
- lib/risu/base/schema.rb
|
211
|
+
- lib/risu/base/shares_template_helper.rb
|
212
|
+
- lib/risu/base/template_base.rb
|
173
213
|
- lib/risu/base/template_helper.rb
|
174
214
|
- lib/risu/base/template_manager.rb
|
215
|
+
- lib/risu/base/templater.rb
|
175
216
|
- lib/risu/cli.rb
|
176
|
-
- lib/risu/cli/banner.rb
|
177
217
|
- lib/risu/cli/application.rb
|
178
|
-
- lib/risu/
|
179
|
-
- lib/risu/renderers/nilrenderer.rb
|
180
|
-
- lib/risu/renderers.rb
|
218
|
+
- lib/risu/cli/banner.rb
|
181
219
|
- lib/risu/exceptions.rb
|
182
|
-
- lib/risu/
|
220
|
+
- lib/risu/exceptions/invaliddocument.rb
|
221
|
+
- lib/risu/models.rb
|
222
|
+
- lib/risu/models/attachment.rb
|
223
|
+
- lib/risu/models/familyselection.rb
|
224
|
+
- lib/risu/models/host.rb
|
225
|
+
- lib/risu/models/hostproperty.rb
|
226
|
+
- lib/risu/models/individualpluginselection.rb
|
227
|
+
- lib/risu/models/item.rb
|
228
|
+
- lib/risu/models/patch.rb
|
229
|
+
- lib/risu/models/plugin.rb
|
230
|
+
- lib/risu/models/pluginspreference.rb
|
231
|
+
- lib/risu/models/policy.rb
|
232
|
+
- lib/risu/models/reference.rb
|
233
|
+
- lib/risu/models/report.rb
|
234
|
+
- lib/risu/models/serverpreference.rb
|
235
|
+
- lib/risu/models/servicedescription.rb
|
236
|
+
- lib/risu/models/version.rb
|
237
|
+
- lib/risu/parsers.rb
|
183
238
|
- lib/risu/parsers/nessus/nessus_document.rb
|
239
|
+
- lib/risu/parsers/nessus/nessus_sax_listener.rb
|
240
|
+
- lib/risu/parsers/nessus/postprocess.rb
|
241
|
+
- lib/risu/parsers/nessus/postprocess/adobe_air.rb
|
242
|
+
- lib/risu/parsers/nessus/postprocess/adobe_reader.rb
|
243
|
+
- lib/risu/parsers/nessus/postprocess/apache.rb
|
244
|
+
- lib/risu/parsers/nessus/postprocess/core_ftp.rb
|
245
|
+
- lib/risu/parsers/nessus/postprocess/flash_player.rb
|
246
|
+
- lib/risu/parsers/nessus/postprocess/flexnet.rb
|
247
|
+
- lib/risu/parsers/nessus/postprocess/google_chrome.rb
|
248
|
+
- lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb
|
184
249
|
- lib/risu/parsers/nessus/postprocess/java.rb
|
250
|
+
- lib/risu/parsers/nessus/postprocess/openssh.rb
|
251
|
+
- lib/risu/parsers/nessus/postprocess/openssl.rb
|
252
|
+
- lib/risu/parsers/nessus/postprocess/oracle_database.rb
|
253
|
+
- lib/risu/parsers/nessus/postprocess/php.rb
|
254
|
+
- lib/risu/parsers/nessus/postprocess/post_process.rb
|
185
255
|
- lib/risu/parsers/nessus/postprocess/risk_score.rb
|
186
|
-
- lib/risu/parsers/nessus/
|
256
|
+
- lib/risu/parsers/nessus/postprocess/root_cause.rb
|
257
|
+
- lib/risu/parsers/nessus/postprocess/servu.rb
|
258
|
+
- lib/risu/parsers/nessus/postprocess/shockwave.rb
|
259
|
+
- lib/risu/parsers/nessus/postprocess/windows.rb
|
260
|
+
- lib/risu/parsers/nessus/postprocess/wireshark.rb
|
187
261
|
- lib/risu/parsers/nexpose/nexpose_document.rb
|
188
262
|
- lib/risu/parsers/nexpose/simple_nexpose.rb
|
189
|
-
- lib/risu/
|
190
|
-
- lib/risu/
|
191
|
-
- lib/risu/
|
192
|
-
- lib/risu/
|
193
|
-
- lib/risu/templates/ms_patch_summary.rb
|
194
|
-
- lib/risu/templates/notable_detailed.rb
|
195
|
-
- lib/risu/templates/finding_statistics.rb
|
263
|
+
- lib/risu/renderers.rb
|
264
|
+
- lib/risu/renderers/csvrenderer.rb
|
265
|
+
- lib/risu/renderers/nilrenderer.rb
|
266
|
+
- lib/risu/renderers/pdfrenderer.rb
|
196
267
|
- lib/risu/templates/assets.rb
|
197
|
-
- lib/risu/templates/
|
198
|
-
- lib/risu/templates/
|
199
|
-
- lib/risu/templates/host_summary.rb
|
200
|
-
- lib/risu/templates/pci_compliance.rb
|
201
|
-
- lib/risu/templates/executive_summary_detailed.rb
|
268
|
+
- lib/risu/templates/cover_sheet.rb
|
269
|
+
- lib/risu/templates/data/nessuslogo.jpg
|
202
270
|
- lib/risu/templates/exec_summary.rb
|
271
|
+
- lib/risu/templates/executive_summary_detailed.rb
|
272
|
+
- lib/risu/templates/exploitablity_summary.rb
|
273
|
+
- lib/risu/templates/failed_audits.rb
|
274
|
+
- lib/risu/templates/finding_statistics.rb
|
275
|
+
- lib/risu/templates/findings_host.rb
|
276
|
+
- lib/risu/templates/findings_summary.rb
|
203
277
|
- lib/risu/templates/findings_summary_with_pluginid.rb
|
278
|
+
- lib/risu/templates/graphs.rb
|
279
|
+
- lib/risu/templates/host_findings_csv.rb
|
280
|
+
- lib/risu/templates/host_summary.rb
|
204
281
|
- lib/risu/templates/malicious_process_detection.rb
|
205
|
-
- lib/risu/templates/
|
206
|
-
- lib/risu/templates/
|
207
|
-
- lib/risu/templates/notable.rb
|
282
|
+
- lib/risu/templates/missing_root_causes.rb
|
283
|
+
- lib/risu/templates/ms_patch_summary.rb
|
208
284
|
- lib/risu/templates/ms_update_summary.rb
|
285
|
+
- lib/risu/templates/ms_wsus_findings.rb
|
286
|
+
- lib/risu/templates/notable.rb
|
287
|
+
- lib/risu/templates/notable_detailed.rb
|
288
|
+
- lib/risu/templates/pci_compliance.rb
|
289
|
+
- lib/risu/templates/stig_findings_summary.rb
|
290
|
+
- lib/risu/templates/talking_points.rb
|
209
291
|
- lib/risu/templates/technical_findings.rb
|
210
|
-
- lib/risu/templates/
|
211
|
-
- lib/risu/
|
212
|
-
- lib/risu/models/host.rb
|
213
|
-
- lib/risu/models/item.rb
|
214
|
-
- lib/risu/models/servicedescription.rb
|
215
|
-
- lib/risu/models/attachment.rb
|
216
|
-
- lib/risu/models/pluginspreference.rb
|
217
|
-
- lib/risu/models/familyselection.rb
|
218
|
-
- lib/risu/models/report.rb
|
219
|
-
- lib/risu/models/individualpluginselection.rb
|
220
|
-
- lib/risu/models/reference.rb
|
221
|
-
- lib/risu/models/version.rb
|
222
|
-
- lib/risu/models/plugin.rb
|
223
|
-
- lib/risu/models/patch.rb
|
224
|
-
- lib/risu/models/policy.rb
|
225
|
-
- lib/risu/models/serverpreference.rb
|
226
|
-
- lib/risu/parsers.rb
|
292
|
+
- lib/risu/templates/template.rb
|
293
|
+
- lib/risu/templates/top_25.rb
|
227
294
|
- risu.gemspec
|
228
|
-
|
229
|
-
homepage: http://www.arxopia.com/projects/risu
|
295
|
+
homepage: https://github.com/arxopia/risu
|
230
296
|
licenses:
|
231
297
|
- BSD
|
232
298
|
metadata: {}
|
@@ -236,19 +302,18 @@ require_paths:
|
|
236
302
|
- lib
|
237
303
|
required_ruby_version: !ruby/object:Gem::Requirement
|
238
304
|
requirements:
|
239
|
-
- -
|
305
|
+
- - ">="
|
240
306
|
- !ruby/object:Gem::Version
|
241
307
|
version: '0'
|
242
308
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
243
309
|
requirements:
|
244
|
-
- -
|
310
|
+
- - ">="
|
245
311
|
- !ruby/object:Gem::Version
|
246
312
|
version: 1.8.24
|
247
313
|
requirements: []
|
248
314
|
rubyforge_project: risu
|
249
|
-
rubygems_version: 2.0
|
315
|
+
rubygems_version: 2.2.0
|
250
316
|
signing_key:
|
251
317
|
specification_version: 4
|
252
318
|
summary: risu
|
253
319
|
test_files: []
|
254
|
-
has_rdoc: yard
|