risu 1.6.3 → 1.7.0

data/lib/risu/base/schema.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Base
@@ -71,7 +71,7 @@ module Risu
 					t.integer :report_id
 					t.string :name
 					t.string :os
-					t.string :mac
+					t.text :mac, limit: 4294967295
 					t.datetime :start
 					t.datetime :end
 					t.string :ip
@@ -113,7 +113,7 @@ module Risu
 				create_table :plugins do |t|
 					t.string :plugin_name
 					t.string :family_name
-					t.text :description
+					t.text :description, limit: 4294967295
 					t.string :plugin_version
 					t.datetime :plugin_publication_date
 					t.datetime :plugin_modification_date
@@ -130,8 +130,8 @@ module Risu
 					t.string :canvas_package
 					t.string :exploit_available
 					t.string :risk_factor
-					t.text :solution
-					t.text :synopsis
+					t.text :solution, limit: 4294967295
+					t.text :synopsis, limit: 4294967295
 					t.string :plugin_type
 					t.string :exploit_framework_exploithub
 					t.string :exploithub_sku
@@ -141,8 +141,11 @@ module Risu
 					t.string :script_version
 					t.string :d2_elliot_name
 					t.string :exploit_framework_d2_elliot
+					t.string :exploited_by_malware
 					t.boolean :rollup
 					t.integer :risk_score
+					t.string :compliance
+					t.string :root_cause
 				end
 
 				create_table :individual_plugin_selections do |t|

data/lib/risu/base/shares_template_helper.rb

@@ -0,0 +1,158 @@
+# Copyright (c) 2012-2014 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Templates
+		module SharesTemplateHelper
+
+			#
+			def anon_ftp_count
+				begin
+					return Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id).count
+				rescue => e
+					return 0
+				end
+			end
+
+			#
+			def anon_ftp_section
+
+				if anon_ftp_count() <= 0
+					return
+				end
+
+				heading2 "Anonymous FTP Detection"
+
+				findings =  Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id)
+
+				findings.each do |finding|
+					host = Host.find_by_id(finding.host_id)
+
+					host_string = "#{host.name}"
+					host_string << " (#{host.fqdn})" if host.fqdn != nil
+
+					text "Host", :style => :bold
+					text host_string
+
+					text "\n"
+
+					text "Plugin Output", :style => :bold
+					text finding.plugin_output
+
+					text "\n"
+				end
+			end
+
+			#
+			def anon_smb_count
+				begin
+					return Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id).count
+				rescue => e
+					return 0
+				end
+			end
+
+			#
+			def anon_smb_section
+
+				if anon_smb_count() <= 0
+					return
+				end
+
+				heading2 "Anonymous SMB Share Detection"
+
+				findings =  Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id)
+
+				findings.each do |finding|
+					host = Host.find_by_id(finding.host_id)
+
+					host_string = "#{host.name}"
+					host_string << " (#{host.fqdn})" if host.fqdn != nil
+
+					text "Host", :style => :bold
+					text host_string
+
+					text "\n"
+
+					text "Plugin Output", :style => :bold
+					text finding.plugin_output
+
+					text "\n"
+				end
+			end
+
+			def shares_section
+				poor_count = 0
+
+				anon_ftp_text = ""
+				anon_smb_text = ""
+
+				anon_smb_count = 0
+				anon_ftp_count = 0
+
+				begin
+					anon_ftp_count = Item.where(:plugin_id => Plugin.where(:plugin_name => "Anonymous FTP Enabled").first.id).count
+				rescue Exception => e
+				end
+
+				begin
+					anon_smb_count = Item.where(:plugin_id => Plugin.where(:plugin_name => "Microsoft Windows SMB Shares Unprivileged Access").first.id).count
+				rescue Exception => e
+				end
+
+				if anon_ftp_count > 1
+					anon_ftp_text = "Anonymous FTP was detected as being enabled on #{anon_ftp_count} network nodes. Anonymous FTP allows anyone to access files stored on the FTP server, depending on the server's configuration also write files. "
+					poor_count = poor_count + 1
+				elsif anon_ftp_count == 1
+					anon_ftp_text = "Anonymous FTP was detected as being enabled on #{anon_ftp_count} network node. Anonymous FTP allows anyone to access files stored on the FTP server, depending on the server's configuration also write files. "
+					poor_count = poor_count + 1
+				end
+
+				if anon_smb_count > 1
+					anon_smb_text = "Anonymous SMB shares were detected on #{anon_smb_count} network nodes. These shares also were found to have read and write access enabled. "
+					poor_count = poor_count + 1
+				elsif anon_smb_count == 1
+					anon_smb_text = "Anonymous SMB shares were detected on #{anon_smb_count} network node. These shares also were found to have read and write access enabled. "
+					poor_count = poor_count + 1
+				end
+
+				anonymous_access_text = "Allowing anonymous access to a file server can lead to information disclosures and other security violations. Each instance should be evaluated and removed or noted in the network's security policy.\n"
+
+				heading1 "Poor Security Practice" if poor_count > 0
+
+				#Anon ftp/smb + clear text
+				@output.text anon_ftp_text + anon_smb_text + anonymous_access_text if anon_ftp_count > 1 || anon_smb_count > 1
+				@output.text "\n"
+				@output.text "\n"
+			end
+
+			def shares_appendix_section
+				anon_ftp_section
+				anon_smb_section				
+			end
+		end
+	end
+end

data/lib/risu/base/template_base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Base
@@ -30,21 +30,23 @@ module Risu
 		# Base template class, all report templates must be a subclass of this.
 		#
 		class TemplateBase
+			
+			# @todo comment
 			attr_accessor :output
 
-			@possible_templates = []
-
-			class << self
-				attr_reader :possible_templates
-			end
-
 			# Accessors for template meta-data
 			#
 			# @return [Hash] Containing template meta-data
 			#
 			attr_accessor :template_info
 
-			#	 Adds any class that inherits from [TemplateBase] into an [Array] of
+			@possible_templates = []
+
+			class << self
+				attr_reader :possible_templates
+			end
+
+			# Adds any class that inherits from [TemplateBase] into an [Array] of
 			# possible templates for further validation.
 			#
 			def self.inherited(child)

data/lib/risu/base/template_helper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2012 Arxopia LLC.
+# Copyright (c) 2012-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,12 +21,16 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Templates
 		module TemplateHelper
+			include HostTemplateHelper
+			include MalwareTemplateHelper
+			include GraphTemplateHelper
+			include SharesTemplateHelper
 
 			#
 			def report_classification classification=Report.classification.upcase, newline=true
@@ -110,6 +114,104 @@ module Risu
 					@output.text title, :style => :bold
 				end
 			end
+
+			#
+			def table headers, header_widths, data
+				@output.table([headers] + data, :header => true, :column_widths => header_widths, :row_colors => ['ffffff', 'E5E5E5']) do
+					row(0).style(:font_style => :bold, :background_color => 'D0D0D0')
+					cells.borders = [:top, :bottom, :left, :right]
+				end
+			end
+
+			#
+			def new_page
+				@output.start_new_page
+			end
+
+			#
+			def item_count_by_plugin_name (plugin_name)
+				begin
+					return Item.where(:plugin_id => Plugin.where(:plugin_name => plugin_name).first.id).count
+				rescue => e
+					return 0
+				end				
+			end
+
+			def item_count_by_plugin_id (plugin_id)
+				begin
+					return Item.where(:plugin_id => plugin_id).count
+				rescue => e
+					return 0
+				end				
+			end	
+
+			# @todo comment
+			def default_credential_plugins
+				[
+					10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369, 
+					26918,
+				].uniq
+			end		
+
+			# @todo comment
+			def has_default_credentials?
+				plugins = default_credential_plugins
+				default_cred = false
+
+				plugins.each do |plugin_id|
+					if item_count_by_plugin_id(plugin_id) > 0
+						default_cred = true
+					end
+				end
+
+				return default_cred
+			end
+
+			# @todo comment
+			def default_credentials_section
+				heading1 "Default Credentials"
+
+				text "Default credentials were discovered on the network. This can cause issues because the credentials can be found all over the Internet giving anyone with network access full access to the systems in question."
+				text "\n"
+			end
+
+			# @todo comment
+			def default_credentials_appendix_section
+				if !has_default_credentials?
+					return
+				end
+
+				heading1 "Default Credentials"
+
+				headers = ["Plugin Name", "IP"]
+				header_widths = {0 => (@output.bounds.width - 80), 1 => 80}
+				data = Array.new
+
+				default_credential_plugins.each do |plugin_id|
+					if item_count_by_plugin_id(plugin_id) > 0
+						items = Item.where(:plugin_id => plugin_id)
+
+						plugin_name = items.first.plugin_name
+
+						items.each do |item|
+							hosts = Host.where(:id => item.host_id)
+
+							hosts.each do |host|
+								row = Array.new
+								row.push plugin_name
+								row.push host.ip
+
+								data.push row
+							end
+						end
+					end
+				end
+
+				table headers, header_widths, data
+
+				text "\n"
+			end
+
 		end
 	end
 end

data/lib/risu/base/template_manager.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Base
@@ -36,21 +36,25 @@ module Risu
 			#
 			# @return New instance of the template manager with templates loaded.
 			def initialize (path)
-			  @registered_templates = Array.new
+				@registered_templates = Array.new
 				@templates = Array.new
 
 				base_dir = __FILE__.gsub("risu/base/template_manager.rb", "")
 
 				load_templates(base_dir + path)
+				load_templates(Dir.pwd, false)
 				load_templates(File.expand_path(USER_TEMPLATES_DIR)) if File.exists?(File.expand_path(USER_TEMPLATES_DIR)) && File.directory?(File.expand_path(USER_TEMPLATES_DIR))
 			end
 
 			# Loads templates from a specific path
 			#
 			# @param path Path to templates to load
-			def load_templates(path)
+			def load_templates(path, recursive=true)
 				begin
-				  Dir["#{path}/**/*.rb"].each do |x|
+					search_path = "#{path}/**/*.rb" if recursive == true
+					search_path = "#{path}/*.rb" if recursive == false
+
+					Dir[search_path].each do |x|
 						begin
 							require x
 						rescue => e
@@ -58,15 +62,15 @@ module Risu
 						end
 					end
 
-				  TemplateBase.possible_templates.each do |p|
-				    if validate(p) ==  true
-				      @registered_templates << p if @registered_templates.include?(p) == false
-				    end
-				  end
+					TemplateBase.possible_templates.each do |p|
+						if validate(p) ==  true
+							@registered_templates << p if @registered_templates.include?(p) == false
+						end
+					end
 				rescue => e
 					puts "[!] Invalid template path"
 					#puts e.inspect
-  					#puts e.backtrace
+					#puts e.backtrace
 				end
 			end