risu 1.6.3 → 1.7.0

data/lib/risu/base/templater.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Base
@@ -47,13 +47,27 @@ module Risu
 					template = @template
 					template_manager = @template_manager
 
-					Prawn::Document.generate(@output_file, :margin => [75, 50, 75, 50]) do |output|
-						output.font_size 10
-						t = template_manager.find_template_by_name(template)
-						t = t.class.new
-						t.output = output
-						t.render(output) unless t == nil
+					t = template_manager.find_template_by_name(template)
+					t = t.class.new
+
+					if t.template_info[:renderer] == "CSV"
+						Risu::Renderers::CSVRenderer.generate(@output_file) do |output|
+							t = template_manager.find_template_by_name(template)
+							t = t.class.new
+							t.output = output
+							t.render(output) unless t == nil
+						end
+					elsif t.template_info[:renderer] == "PDF"
+						Prawn::Document.generate(@output_file, :margin => [75, 50, 75, 50]) do |output|
+							output.font_size 10
+							t = template_manager.find_template_by_name(template)
+							t = t.class.new
+							t.output = output
+							t.render(output) unless t == nil
+						end		
 					end
+
+
 				rescue => e
 					raise unless Rails.env.production?
 					puts "Templater Error: #{e.message} \n #{e.backtrace.join("\n\t")}\n"

data/lib/risu/cli.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/cli/application.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module CLI
@@ -41,9 +41,10 @@ module Risu
 
 				@options[:debug] = false
 				@options[:list_templates] = false
-				@options[:rollup] = false
+				@options[:post_process] = false
 
 				@template_manager = Risu::Base::TemplateManager.new "risu/templates"
+				@postprocess_manager = Risu::Base::PostProcessManager.new "risu/parsers/nessus/postprocess"
 			end
 
 			# Creates a blank configuration file
@@ -243,10 +244,14 @@ module Risu
 							@options[:output_file] = option
 						end
 
-						opt.on('-l', '--list-templates', "Lists all of the templates available to #{APP_NAME}") do |option|
+						opt.on('--list-templates', "Lists all of the templates available to #{APP_NAME}") do |option|
 							@options[:list_templates] = option
 						end
 
+						opt.on('--list-post-process', "Lists all of the post processors available to #{APP_NAME}") do |option|
+							@options[:list_postprocesses] = option
+						end
+
 						# @todo THIS NO WORK
 						#opt.on('--create-template NAME', "Creates a template file in the ~/.risu/templates directory") do |option|
 						#	if File.exists?(option) == true
@@ -346,6 +351,11 @@ module Risu
 					exit
 				end
 
+				if @options[:list_postprocesses]
+					@postprocess_manager.display_postprocesses
+					exit
+				end
+
 				if @options[:debug] == true
 					puts "[*] Enabling Debug Mode"
 				end
@@ -417,24 +427,22 @@ module Risu
 						next
 					end
 				end
+
+				process_post_processing
 			end
 
 			# Preforms PostProcessing on the dataset
 			#
 			def process_post_processing
-				if @options[:post_process] != false
+				if @options[:post_process] == true
 
 					puts "[*] Preforming Post Processing"
 
-					#Calculate all RiskScores
-					puts "\t[*] Calculating RiskScore for all vulnerabilities"
-					score = Risu::Parsers::Nessus::PostProcess::RiskScore.new
-					score.run()
-
-					#Clean up java patches
-					#puts "\t[*] Rolling up Oracle Java vulnerabilities"
-					#java = Risu::Parsers::Nessus::PostProcess::Java.new
-					#java.run()
+					@postprocess_manager.registered_postprocesses.each do |p|
+						#p = post.new
+						puts "\t[*] Running #{p.info[:description]}"
+						p.run()
+					end
 				end
 			end
 
@@ -467,8 +475,6 @@ module Risu
 						raise Risu::Exceptions::InvalidDocument, "[!] Invalid Document - #{file}"
 					end
 
-					process_post_processing()
-
 					printf "[*] Finished parsing %s. Parse took %.02f seconds\n", file, Time.now - tstart
 				rescue Interrupt => i
 					puts "[!] Parse canceled!"

data/lib/risu/cli/banner.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #Cool random banner stuff for the CLI, based on the Metasploit random banner concept
 

data/lib/risu/exceptions.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/exceptions/invaliddocument.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

data/lib/risu/models/attachment.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/familyselection.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/host.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models
@@ -392,7 +392,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black gray brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -408,6 +408,49 @@ module Risu
 					StringIO.new(g.to_blob)
 				end
 
+				#
+				# @todo comments
+				#
+				def windows_os_graph_has_data?
+					nt = Host.os_windows_nt.to_a.count
+					w2k = Host.os_windows_2k.to_a.count
+					xp = Host.os_windows_xp.to_a.count
+					w2k3 = Host.os_windows_2k3.to_a.count
+					vista = Host.os_windows_vista.to_a.count
+					w2k8 = Host.os_windows_2k8.to_a.count
+					w2k12 = Host.os_windows_2k12.to_a.count
+					w7 = Host.os_windows_7.to_a.count
+					w8 = Host.os_windows_8.to_a.count
+					other = (Host.os_windows.os_windows_other).to_a.count
+
+					if nt == 0 && w2k == 0 && xp == 0 && w2k3 == 0 && vista == 0 && w2k8 == 0 && w2k12 == 0 && w7 == 0 && w8 == 0 && other == 0
+						return false
+					else
+						return true
+					end
+				end
+
+				#
+				# @todo comments
+				#
+				def other_os_graph_has_data?
+					linux = Host.os_linux.to_a.count
+					osx = Host.os_osx.to_a.count
+					freebsd = Host.os_freebsd.to_a.count
+					netbsd = Host.os_netbsd.to_a.count
+					cisco = Host.os_cisco.to_a.count
+					vxworks = Host.os_vxworks.to_a.count
+					esx = Host.os_vmware_esx.to_a.count
+					aix = Host.os_aix.to_a.count
+					other = Host.os_other.to_a.count
+
+					if linux == 0 && osx == 0 && freebsd == 0 && cisco == 0 && vxworks == 0 && esx == 0 && aix == 0 && other == 0
+						return false
+					else
+						return true
+					end
+				end
+
 				# Graphs the percentage of other "non Windows" Operating Systems
 				#
 				# @return [StringIO] Binary image object of the results
@@ -417,7 +460,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black grey brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -458,7 +501,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black gray brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -578,12 +621,13 @@ module Risu
 					win_me_text = ""
 					win_nt_text = ""
 					win_2000_text = ""
+					win_xp_text = ""
 					win_95 = Host.os_windows_95
 					win_98 = Host.os_windows_98
 					win_me = Host.os_windows_me
-					win_nt = Host.os_windows_nt
-					#win_2000 = Host.os_windows_2k
+					win_nt = Plugin.where(:plugin_name => "Microsoft Windows NT 4.0 Unsupported Installation Detection")
 					win_2000 = Plugin.where(:plugin_name => "Microsoft Windows 2000 Unsupported Installation Detection")
+					win_xp = Plugin.where(:plugin_name => "Microsoft Windows XP Unsupported Installation Detection")
 
 					#Host.os_windows.not_os_windows_7.not_os_windows_2008.not_os_windows_vista.not_os_windows_2003.not_os_windows_xp
 
@@ -602,7 +646,10 @@ module Risu
 					win_2000_text = "Windows 2000 is an unsupported operating system; Microsoft has stopped support as of July 2010. " +
 					"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_2000.count >= 1
 
-					return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}"
+					win_xp_text = "Windows XP is an unsupported operating system; Microsoft has stopped support as of April 2014. " +
+					"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_xp.count >= 1
+
+					return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}#{win_xp_text}"
 				end
 
 				# @todo comments
@@ -698,6 +745,24 @@ module Risu
 					hosts = hosts.sort_by {|k, v| v}
 					hosts.reverse!
 				end
+
+				# @todo
+				def unique_hosts_with_critical_and_high_count
+					hosts = Array.new
+					crit = Item.critical_risks_by_host(Host.all.count)
+
+					crit.each do |item|
+						hosts.push(item.host_id)
+					end
+
+					high = Item.high_risks_by_host(Host.all.count)
+
+					high.each do |item|
+						hosts.push(item.host_id)
+					end
+
+					hosts.uniq.count
+				end
 			end
 		end
 	end

data/lib/risu/models/hostproperty.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/individualpluginselection.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models

data/lib/risu/models/item.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
+# Copyright (c) 2010-2014 Arxopia LLC.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Models
@@ -235,7 +235,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black grey brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -264,7 +264,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(red orange yellow blue green purple black grey brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -280,11 +280,10 @@ module Risu
 					if low == nil then low = 0 end
 					#if info == nil then info = 0 end
 
-					g.data("Critical", crit, "purple")
-					g.data("High", high, "red")
-					g.data("Medium", medium, "orange")
-					g.data("Low", low, "yellow")
-					#g.data("Informational", info, "blue")
+					g.data("Critical", crit)
+					g.data("High", high)
+					g.data("Medium", medium)
+					g.data("Low", low)
 
 					StringIO.new(g.to_blob)
 				end
@@ -307,7 +306,7 @@ module Risu
 					g.sort = false
 					g.marker_count = 1
 					g.theme = {
-						:colors => %w(purple red orange yellow blue green black grey brown pink),
+						:colors => Risu::GRAPH_COLORS,
 						:background_colors => %w(white white)
 					}
 
@@ -319,9 +318,9 @@ module Risu
 					if ii == nil then ii = 0 end
 					if iii == nil then iii = 0 end
 
-					g.data("Cat I", i, "purple")
-					g.data("Cat II", ii, "red")
-					g.data("Cat III", iii, "orange")
+					g.data("Cat I", i)
+					g.data("Cat II", ii)
+					g.data("Cat III", iii)
 
 					StringIO.new(g.to_blob)
 				end
@@ -331,14 +330,42 @@ module Risu
 				#
 				# @return [FixNum] Percentage of vulnerable hosts
 				def calculate_vulnerable_host_percent
-					unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
+					#patch to fix double counting 
+					#unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
+					unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical_and_high_count
 					host_percent = (unique_hosts_with_critical_and_high.to_f / Host.count.to_f) * 100
 				end
 
 				#
-				# @todo comments
+				def calculate_vulnerable_host_percent_with_patches_applied
+
+					exclude_list = []
+					hosts = []
+
+					Item.notable_order_by_cvss_raw.each do |h, k|
+						exclude_list << h
+					end
+
+					criticals = Item.critical_risks.where.not(:plugin_id => exclude_list)
+
+					criticals.each do |item|
+						hosts << item.host_id
+					end
+
+					Item.high_risks.each do |item|
+						hosts << item.host_id
+					end
+
+					hosts.uniq!
+					(hosts.count.to_f / Host.count.to_f) * 100
+				end
+
+				# Based on the risk_percent returns a adjective representative
 				#
-				def ajective_for_risk_text risk_percent
+				# @param risk_percent Calculated percentage of risk based on {Item::calculate_vulnerable_host_percent}
+				#
+				# @return [String] Textual representation of the risk_percent
+				def adjective_for_risk_text risk_percent
 					adjective = case risk_percent
 						when 0..5
 							"excellent"
@@ -353,9 +380,11 @@ module Risu
 					end
 				end
 
+				# Builds a sentence based on the risk_percent to describe the risk
 				#
-				# @todo comments
-				#
+				# @param risk_percent Calculated percentage of risk based on {Item::calculate_vulnerable_host_percent}
+				# 
+				# @return [String] Sentence describing the implied significance of the risk_percent
 				def risk_text risk_percent
 					percent_text = case risk_percent
 						when 0..5.99
@@ -379,7 +408,7 @@ module Risu
 				# @todo rewrite this
 				def risks_by_severity_graph_text
 					host_percent = calculate_vulnerable_host_percent()
-					adjective = ajective_for_risk_text(host_percent)
+					adjective = adjective_for_risk_text(host_percent)
 					risk_text = risk_text(host_percent)
 
 					graph_text = "This bar graph is a representation of the findings by severity; the " +
@@ -414,6 +443,10 @@ module Risu
 					"#{calculate_vulnerable_host_percent().round}%"
 				end
 
+				def risk_percent_patched_rounded_text
+					"#{calculate_vulnerable_host_percent_with_patches_applied().round}%"
+				end				
+
 				#
 				# @todo comment
 				#
@@ -425,16 +458,17 @@ module Risu
 					return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
 				end
 
-				#
-				# @todo comment
-				#
+				# Scrubs a plugin_name to remove all pointless data
+				# 
+				# @return [String] Scrubbed plugin name
 				def scrub_plugin_name (name)
 					return name.gsub("(remote check)", "").gsub("(uncredentialed check)", "").gsub(/(\(\d.*\))/, "")
 				end
 
-				#
-				# @todo comment
-				#
+				# Returns an array of plugin_id and plugin_name for the top 10
+				# findings unsorted
+				# 
+				# @return [Array] Unsorted top 10 findings
 				def top_10_sorted_raw
 					raw = notable_order_by_cvss_raw
 
@@ -457,9 +491,10 @@ module Risu
 					return data
 				end
 
-				#
-				# @todo comment
-				#
+				# Returns an array of plugin_id and plugin_name for the top 10
+				# findings sorted by CVSS score
+				# 
+				# @return [Array] Sorted top 10 findings
 				def top_10_sorted
 					raw = notable_order_by_cvss_raw
 					data = Array.new
@@ -508,9 +543,37 @@ module Risu
 				    select("items.*").select("count(*) as count_all").group(:plugin_id).order("count_all DESC")
 				end
 
+				# Returns the plugin that this [Item] belongs to
+				#
+				# @return [Plugin] the that this [Item] references
 				def plugin
 					Plugin.where(:id => Item.first.attributes["plugin_id"])
 				end
+
+				# Builds a array of findings with their exploitablity values
+				#
+				# @param [ActiveRecord::Relation] findings to build matrix on
+				#
+				# @return [Array] with the rows of name, total, core, metasploit, canvas, exploithub, d2elliot
+				def exploitablity_matrix findings
+					results = Array.new
+
+					findings.each do |item|
+						plugin = Plugin.where(:id => item.plugin_id).first
+
+						name = scrub_plugin_name(plugin.plugin_name)
+						total = Item.where(:plugin_id => item.plugin_id).count
+						core = if plugin.exploit_framework_core == "true" then "Yes" else nil end
+						metasploit = if plugin.exploit_framework_metasploit == "true" then "Yes" else nil end
+						canvas = if plugin.exploit_framework_canvas == "true" then "Yes" else nil end
+						exploithub = if plugin.exploit_framework_exploithub == "true" then "Yes" else nil end
+						d2elliot = if plugin.exploit_framework_d2_elliot == "true" then "Yes" else nil end
+
+						results.push [name, total, core, metasploit, canvas, exploithub, d2elliot]
+					end
+
+					return results			
+				end
 			end
 		end
 	end