risu 1.6.3 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +12 -0
- data/Gemfile.ci +9 -9
- data/Gemfile.lock +118 -0
- data/LICENSE +1 -1
- data/NEWS.markdown +98 -0
- data/README.markdown +10 -3
- data/Rakefile +2 -2
- data/bin/risu +3 -3
- data/lib/risu.rb +6 -2
- data/lib/risu/base.rb +10 -3
- data/lib/risu/base/graph_template_helper.rb +71 -0
- data/lib/risu/base/host_template_helper.rb +75 -0
- data/lib/risu/base/malware_template_helper.rb +96 -0
- data/lib/risu/base/post_process_base.rb +210 -0
- data/lib/risu/base/post_process_manager.rb +120 -0
- data/lib/risu/base/schema.rb +10 -7
- data/lib/risu/base/shares_template_helper.rb +158 -0
- data/lib/risu/base/template_base.rb +12 -10
- data/lib/risu/base/template_helper.rb +105 -3
- data/lib/risu/base/template_manager.rb +16 -12
- data/lib/risu/base/templater.rb +23 -9
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +23 -17
- data/lib/risu/cli/banner.rb +3 -3
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/models.rb +1 -1
- data/lib/risu/models/attachment.rb +3 -3
- data/lib/risu/models/familyselection.rb +3 -3
- data/lib/risu/models/host.rb +74 -9
- data/lib/risu/models/hostproperty.rb +3 -3
- data/lib/risu/models/individualpluginselection.rb +3 -3
- data/lib/risu/models/item.rb +92 -29
- data/lib/risu/models/patch.rb +3 -3
- data/lib/risu/models/plugin.rb +30 -2
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -2
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +3 -3
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +3 -3
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +23 -16
- data/lib/risu/parsers/nessus/postprocess.rb +3 -6
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +82 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +86 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +67 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +104 -0
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +52 -0
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +60 -0
- data/lib/risu/parsers/nessus/postprocess/java.rb +49 -198
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +65 -0
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +54 -0
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +84 -0
- data/lib/risu/parsers/nessus/postprocess/php.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +178 -0
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +10 -5
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +375 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +72 -0
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +3 -1
- data/lib/risu/renderers/csvrenderer.rb +53 -0
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +57 -0
- data/lib/risu/templates/assets.rb +5 -4
- data/lib/risu/templates/cover_sheet.rb +4 -3
- data/lib/risu/templates/exec_summary.rb +4 -3
- data/lib/risu/templates/executive_summary_detailed.rb +9 -8
- data/lib/risu/templates/exploitablity_summary.rb +82 -0
- data/lib/risu/templates/failed_audits.rb +98 -0
- data/lib/risu/templates/finding_statistics.rb +2 -1
- data/lib/risu/templates/findings_host.rb +20 -22
- data/lib/risu/templates/findings_summary.rb +11 -9
- data/lib/risu/templates/findings_summary_with_pluginid.rb +31 -85
- data/lib/risu/templates/graphs.rb +9 -10
- data/lib/risu/templates/host_findings_csv.rb +67 -0
- data/lib/risu/templates/host_summary.rb +2 -1
- data/lib/risu/templates/malicious_process_detection.rb +2 -1
- data/lib/risu/templates/missing_root_causes.rb +162 -0
- data/lib/risu/templates/ms_patch_summary.rb +3 -2
- data/lib/risu/templates/ms_update_summary.rb +5 -4
- data/lib/risu/templates/ms_wsus_findings.rb +5 -4
- data/lib/risu/templates/notable.rb +7 -11
- data/lib/risu/templates/notable_detailed.rb +7 -4
- data/lib/risu/templates/pci_compliance.rb +5 -4
- data/lib/risu/templates/stig_findings_summary.rb +5 -4
- data/lib/risu/templates/talking_points.rb +164 -0
- data/lib/risu/templates/technical_findings.rb +8 -4
- data/lib/risu/templates/template.rb +3 -2
- data/lib/risu/templates/top_25.rb +115 -0
- data/risu.gemspec +16 -15
- metadata +142 -77
data/lib/risu/base/schema.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Base
|
@@ -71,7 +71,7 @@ module Risu
|
|
71
71
|
t.integer :report_id
|
72
72
|
t.string :name
|
73
73
|
t.string :os
|
74
|
-
t.
|
74
|
+
t.text :mac, limit: 4294967295
|
75
75
|
t.datetime :start
|
76
76
|
t.datetime :end
|
77
77
|
t.string :ip
|
@@ -113,7 +113,7 @@ module Risu
|
|
113
113
|
create_table :plugins do |t|
|
114
114
|
t.string :plugin_name
|
115
115
|
t.string :family_name
|
116
|
-
t.text :description
|
116
|
+
t.text :description, limit: 4294967295
|
117
117
|
t.string :plugin_version
|
118
118
|
t.datetime :plugin_publication_date
|
119
119
|
t.datetime :plugin_modification_date
|
@@ -130,8 +130,8 @@ module Risu
|
|
130
130
|
t.string :canvas_package
|
131
131
|
t.string :exploit_available
|
132
132
|
t.string :risk_factor
|
133
|
-
t.text :solution
|
134
|
-
t.text :synopsis
|
133
|
+
t.text :solution, limit: 4294967295
|
134
|
+
t.text :synopsis, limit: 4294967295
|
135
135
|
t.string :plugin_type
|
136
136
|
t.string :exploit_framework_exploithub
|
137
137
|
t.string :exploithub_sku
|
@@ -141,8 +141,11 @@ module Risu
|
|
141
141
|
t.string :script_version
|
142
142
|
t.string :d2_elliot_name
|
143
143
|
t.string :exploit_framework_d2_elliot
|
144
|
+
t.string :exploited_by_malware
|
144
145
|
t.boolean :rollup
|
145
146
|
t.integer :risk_score
|
147
|
+
t.string :compliance
|
148
|
+
t.string :root_cause
|
146
149
|
end
|
147
150
|
|
148
151
|
create_table :individual_plugin_selections do |t|
|
@@ -0,0 +1,158 @@
|
|
1
|
+
# Copyright (c) 2012-2014 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Templates
|
29
|
+
module SharesTemplateHelper
|
30
|
+
|
31
|
+
#
|
32
|
+
def anon_ftp_count
|
33
|
+
begin
|
34
|
+
return Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id).count
|
35
|
+
rescue => e
|
36
|
+
return 0
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
#
|
41
|
+
def anon_ftp_section
|
42
|
+
|
43
|
+
if anon_ftp_count() <= 0
|
44
|
+
return
|
45
|
+
end
|
46
|
+
|
47
|
+
heading2 "Anonymous FTP Detection"
|
48
|
+
|
49
|
+
findings = Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id)
|
50
|
+
|
51
|
+
findings.each do |finding|
|
52
|
+
host = Host.find_by_id(finding.host_id)
|
53
|
+
|
54
|
+
host_string = "#{host.name}"
|
55
|
+
host_string << " (#{host.fqdn})" if host.fqdn != nil
|
56
|
+
|
57
|
+
text "Host", :style => :bold
|
58
|
+
text host_string
|
59
|
+
|
60
|
+
text "\n"
|
61
|
+
|
62
|
+
text "Plugin Output", :style => :bold
|
63
|
+
text finding.plugin_output
|
64
|
+
|
65
|
+
text "\n"
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
#
|
70
|
+
def anon_smb_count
|
71
|
+
begin
|
72
|
+
return Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id).count
|
73
|
+
rescue => e
|
74
|
+
return 0
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
#
|
79
|
+
def anon_smb_section
|
80
|
+
|
81
|
+
if anon_smb_count() <= 0
|
82
|
+
return
|
83
|
+
end
|
84
|
+
|
85
|
+
heading2 "Anonymous SMB Share Detection"
|
86
|
+
|
87
|
+
findings = Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id)
|
88
|
+
|
89
|
+
findings.each do |finding|
|
90
|
+
host = Host.find_by_id(finding.host_id)
|
91
|
+
|
92
|
+
host_string = "#{host.name}"
|
93
|
+
host_string << " (#{host.fqdn})" if host.fqdn != nil
|
94
|
+
|
95
|
+
text "Host", :style => :bold
|
96
|
+
text host_string
|
97
|
+
|
98
|
+
text "\n"
|
99
|
+
|
100
|
+
text "Plugin Output", :style => :bold
|
101
|
+
text finding.plugin_output
|
102
|
+
|
103
|
+
text "\n"
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def shares_section
|
108
|
+
poor_count = 0
|
109
|
+
|
110
|
+
anon_ftp_text = ""
|
111
|
+
anon_smb_text = ""
|
112
|
+
|
113
|
+
anon_smb_count = 0
|
114
|
+
anon_ftp_count = 0
|
115
|
+
|
116
|
+
begin
|
117
|
+
anon_ftp_count = Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id).count
|
118
|
+
rescue Exception => e
|
119
|
+
end
|
120
|
+
|
121
|
+
begin
|
122
|
+
anon_smb_count = Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id).count
|
123
|
+
rescue Exception => e
|
124
|
+
end
|
125
|
+
|
126
|
+
if anon_ftp_count > 1
|
127
|
+
anon_ftp_text = "Anonymous FTP was detected as being enabled on #{anon_ftp_count} network nodes. Anonymous FTP allows anyone to access files stored on the FTP server, depending on the server's configuration also write files. "
|
128
|
+
poor_count = poor_count + 1
|
129
|
+
elsif anon_ftp_count == 1
|
130
|
+
anon_ftp_text = "Anonymous FTP was detected as being enabled on #{anon_ftp_count} network node. Anonymous FTP allows anyone to access files stored on the FTP server, depending on the server's configuration also write files. "
|
131
|
+
poor_count = poor_count + 1
|
132
|
+
end
|
133
|
+
|
134
|
+
if anon_smb_count > 1
|
135
|
+
anon_smb_text = "Anonymous SMB shares were detected on #{anon_smb_count} network nodes. These shares also were found to have read and write access enabled. "
|
136
|
+
poor_count = poor_count + 1
|
137
|
+
elsif anon_smb_count == 1
|
138
|
+
anon_smb_text = "Anonymous SMB shares were detected on #{anon_smb_count} network node. These shares also were found to have read and write access enabled. "
|
139
|
+
poor_count = poor_count + 1
|
140
|
+
end
|
141
|
+
|
142
|
+
anonymous_access_text = "Allowing anonymous access to a file server can lead to information disclosures and other security violations. Each instance should be evaluated and removed or noted in the network's security policy.\n"
|
143
|
+
|
144
|
+
heading1 "Poor Security Practice" if poor_count > 0
|
145
|
+
|
146
|
+
#Anon ftp/smb + clear text
|
147
|
+
@output.text anon_ftp_text + anon_smb_text + anonymous_access_text if anon_ftp_count > 1 || anon_smb_count > 1
|
148
|
+
@output.text "\n"
|
149
|
+
@output.text "\n"
|
150
|
+
end
|
151
|
+
|
152
|
+
def shares_appendix_section
|
153
|
+
anon_ftp_section
|
154
|
+
anon_smb_section
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Base
|
@@ -30,21 +30,23 @@ module Risu
|
|
30
30
|
# Base template class, all report templates must be a subclass of this.
|
31
31
|
#
|
32
32
|
class TemplateBase
|
33
|
+
|
34
|
+
# @todo comment
|
33
35
|
attr_accessor :output
|
34
36
|
|
35
|
-
@possible_templates = []
|
36
|
-
|
37
|
-
class << self
|
38
|
-
attr_reader :possible_templates
|
39
|
-
end
|
40
|
-
|
41
37
|
# Accessors for template meta-data
|
42
38
|
#
|
43
39
|
# @return [Hash] Containing template meta-data
|
44
40
|
#
|
45
41
|
attr_accessor :template_info
|
46
42
|
|
47
|
-
|
43
|
+
@possible_templates = []
|
44
|
+
|
45
|
+
class << self
|
46
|
+
attr_reader :possible_templates
|
47
|
+
end
|
48
|
+
|
49
|
+
# Adds any class that inherits from [TemplateBase] into an [Array] of
|
48
50
|
# possible templates for further validation.
|
49
51
|
#
|
50
52
|
def self.inherited(child)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2012 Arxopia LLC.
|
1
|
+
# Copyright (c) 2012-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,12 +21,16 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Templates
|
29
29
|
module TemplateHelper
|
30
|
+
include HostTemplateHelper
|
31
|
+
include MalwareTemplateHelper
|
32
|
+
include GraphTemplateHelper
|
33
|
+
include SharesTemplateHelper
|
30
34
|
|
31
35
|
#
|
32
36
|
def report_classification classification=Report.classification.upcase, newline=true
|
@@ -110,6 +114,104 @@ module Risu
|
|
110
114
|
@output.text title, :style => :bold
|
111
115
|
end
|
112
116
|
end
|
117
|
+
|
118
|
+
#
|
119
|
+
def table headers, header_widths, data
|
120
|
+
@output.table([headers] + data, :header => true, :column_widths => header_widths, :row_colors => ['ffffff', 'E5E5E5']) do
|
121
|
+
row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
|
122
|
+
cells.borders = [:top, :bottom, :left, :right]
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
#
|
127
|
+
def new_page
|
128
|
+
@output.start_new_page
|
129
|
+
end
|
130
|
+
|
131
|
+
#
|
132
|
+
def item_count_by_plugin_name (plugin_name)
|
133
|
+
begin
|
134
|
+
return Item.where(:plugin_id => Plugin.where(:plugin_name => plugin_name).first.id).count
|
135
|
+
rescue => e
|
136
|
+
return 0
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
def item_count_by_plugin_id (plugin_id)
|
141
|
+
begin
|
142
|
+
return Item.where(:plugin_id => plugin_id).count
|
143
|
+
rescue => e
|
144
|
+
return 0
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
# @todo comment
|
149
|
+
def default_credential_plugins
|
150
|
+
[
|
151
|
+
10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369,
|
152
|
+
26918,
|
153
|
+
].uniq
|
154
|
+
end
|
155
|
+
|
156
|
+
# @todo comment
|
157
|
+
def has_default_credentials?
|
158
|
+
plugins = default_credential_plugins
|
159
|
+
default_cred = false
|
160
|
+
|
161
|
+
plugins.each do |plugin_id|
|
162
|
+
if item_count_by_plugin_id(plugin_id) > 0
|
163
|
+
default_cred = true
|
164
|
+
end
|
165
|
+
end
|
166
|
+
|
167
|
+
return default_cred
|
168
|
+
end
|
169
|
+
|
170
|
+
# @todo comment
|
171
|
+
def default_credentials_section
|
172
|
+
heading1 "Default Credentials"
|
173
|
+
|
174
|
+
text "Default credentials were discovered on the network. This can cause issues because the credentials can be found all over the Internet giving anyone with network access full access to the systems in question."
|
175
|
+
text "\n"
|
176
|
+
end
|
177
|
+
|
178
|
+
# @todo comment
|
179
|
+
def default_credentials_appendix_section
|
180
|
+
if !has_default_credentials?
|
181
|
+
return
|
182
|
+
end
|
183
|
+
|
184
|
+
heading1 "Default Credentials"
|
185
|
+
|
186
|
+
headers = ["Plugin Name", "IP"]
|
187
|
+
header_widths = {0 => (@output.bounds.width - 80), 1 => 80}
|
188
|
+
data = Array.new
|
189
|
+
|
190
|
+
default_credential_plugins.each do |plugin_id|
|
191
|
+
if item_count_by_plugin_id(plugin_id) > 0
|
192
|
+
items = Item.where(:plugin_id => plugin_id)
|
193
|
+
|
194
|
+
plugin_name = items.first.plugin_name
|
195
|
+
|
196
|
+
items.each do |item|
|
197
|
+
hosts = Host.where(:id => item.host_id)
|
198
|
+
|
199
|
+
hosts.each do |host|
|
200
|
+
row = Array.new
|
201
|
+
row.push plugin_name
|
202
|
+
row.push host.ip
|
203
|
+
|
204
|
+
data.push row
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
208
|
+
end
|
209
|
+
|
210
|
+
table headers, header_widths, data
|
211
|
+
|
212
|
+
text "\n"
|
213
|
+
end
|
214
|
+
|
113
215
|
end
|
114
216
|
end
|
115
217
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2014 Arxopia LLC.
|
2
2
|
# All rights reserved.
|
3
3
|
#
|
4
4
|
# Redistribution and use in source and binary forms, with or without
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Base
|
@@ -36,21 +36,25 @@ module Risu
|
|
36
36
|
#
|
37
37
|
# @return New instance of the template manager with templates loaded.
|
38
38
|
def initialize (path)
|
39
|
-
|
39
|
+
@registered_templates = Array.new
|
40
40
|
@templates = Array.new
|
41
41
|
|
42
42
|
base_dir = __FILE__.gsub("risu/base/template_manager.rb", "")
|
43
43
|
|
44
44
|
load_templates(base_dir + path)
|
45
|
+
load_templates(Dir.pwd, false)
|
45
46
|
load_templates(File.expand_path(USER_TEMPLATES_DIR)) if File.exists?(File.expand_path(USER_TEMPLATES_DIR)) && File.directory?(File.expand_path(USER_TEMPLATES_DIR))
|
46
47
|
end
|
47
48
|
|
48
49
|
# Loads templates from a specific path
|
49
50
|
#
|
50
51
|
# @param path Path to templates to load
|
51
|
-
def load_templates(path)
|
52
|
+
def load_templates(path, recursive=true)
|
52
53
|
begin
|
53
|
-
|
54
|
+
search_path = "#{path}/**/*.rb" if recursive == true
|
55
|
+
search_path = "#{path}/*.rb" if recursive == false
|
56
|
+
|
57
|
+
Dir[search_path].each do |x|
|
54
58
|
begin
|
55
59
|
require x
|
56
60
|
rescue => e
|
@@ -58,15 +62,15 @@ module Risu
|
|
58
62
|
end
|
59
63
|
end
|
60
64
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
65
|
+
TemplateBase.possible_templates.each do |p|
|
66
|
+
if validate(p) == true
|
67
|
+
@registered_templates << p if @registered_templates.include?(p) == false
|
68
|
+
end
|
69
|
+
end
|
66
70
|
rescue => e
|
67
71
|
puts "[!] Invalid template path"
|
68
72
|
#puts e.inspect
|
69
|
-
|
73
|
+
#puts e.backtrace
|
70
74
|
end
|
71
75
|
end
|
72
76
|
|