risu 1.7.4 → 1.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/NEWS.markdown +35 -0
- data/README.markdown +1 -1
- data/lib/risu.rb +3 -3
- data/lib/risu/base/host_template_helper.rb +3 -2
- data/lib/risu/base/schema.rb +6 -0
- data/lib/risu/base/template_helper.rb +8 -7
- data/lib/risu/base/template_manager.rb +5 -4
- data/lib/risu/cli.rb +2 -2
- data/lib/risu/cli/application.rb +1 -3
- data/lib/risu/exceptions.rb +2 -2
- data/lib/risu/exceptions/invaliddocument.rb +2 -2
- data/lib/risu/models.rb +2 -2
- data/lib/risu/models/host.rb +7 -1
- data/lib/risu/models/item.rb +32 -15
- data/lib/risu/models/pluginspreference.rb +2 -2
- data/lib/risu/models/policy.rb +2 -2
- data/lib/risu/models/reference.rb +2 -2
- data/lib/risu/models/report.rb +2 -2
- data/lib/risu/models/serverpreference.rb +2 -2
- data/lib/risu/models/version.rb +2 -2
- data/lib/risu/parsers.rb +2 -2
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +87 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +21 -3
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +10 -2
- data/lib/risu/parsers/nessus/postprocess/apache.rb +8 -4
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +61 -0
- data/lib/risu/parsers/nessus/postprocess/db2.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +79 -0
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +83 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +63 -41
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +30 -3
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +12 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +24 -9
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +33 -3
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/php.rb +47 -1
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +35 -1
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +1 -0
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +55 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +9 -2
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +51 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +688 -0
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +13 -1
- data/lib/risu/parsers/nexpose/nexpose_document.rb +2 -2
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +2 -2
- data/lib/risu/renderers.rb +2 -2
- data/lib/risu/renderers/csvrenderer.rb +2 -2
- data/lib/risu/renderers/nilrenderer.rb +2 -2
- data/lib/risu/renderers/pdfrenderer.rb +2 -2
- data/lib/risu/templates/executive_summary_detailed.rb +2 -2
- data/lib/risu/templates/exploitablity_summary.rb +2 -2
- data/lib/risu/templates/finding_statistics.rb +2 -2
- data/lib/risu/templates/graphs.rb +2 -2
- data/lib/risu/templates/host_findings_csv.rb +3 -3
- data/lib/risu/templates/host_summary.rb +2 -2
- data/lib/risu/templates/ms_patch_summary.rb +2 -2
- data/lib/risu/templates/top_25.rb +2 -2
- metadata +16 -2
@@ -42,7 +42,7 @@ module Risu
|
|
42
42
|
osvdb cert edb-id rhsa secunia suse dsa
|
43
43
|
owasp cwe iavb iavt cisco-sa ics-alert
|
44
44
|
cisco-bug-id cisco-sr cert-vu vmsa apple-sa
|
45
|
-
icsa cert-cc msvr usn hp glsa freebsd
|
45
|
+
icsa cert-cc msvr usn hp glsa freebsd tra
|
46
46
|
])
|
47
47
|
|
48
48
|
# An array of valid host properties
|
@@ -58,6 +58,7 @@ module Risu
|
|
58
58
|
pcidss:insecure_http_methods LastUnauthenticatedResults LastAuthenticatedResults cpe-0 cpe-1
|
59
59
|
cpe-2 cpe-3 Credentialed_Scan policy-used UnsupportedProduct:microsoft:windows_xp::sp2
|
60
60
|
UnsupportedProduct:microsoft:windows_xp UnsupportedProduct:microsoft:windows_2000 UnsupportedProduct
|
61
|
+
mcafee-epo-guid
|
61
62
|
])
|
62
63
|
|
63
64
|
# An array of all valid elements expected during parsing
|
@@ -76,6 +77,7 @@ module Risu
|
|
76
77
|
cm:compliance-audit-file cm:compliance-check-name cm:compliance-result cm:compliance-output policyOwner
|
77
78
|
visibility script_version attachment policy_comments d2_elliot_name exploit_framework_d2_elliot
|
78
79
|
exploited_by_malware compliance cm:compliance-reference cm:compliance-see-also cm:compliance-solution
|
80
|
+
agent potential_vulnerability in_the_news exploited_by_nessus unsupported_by_vendor default_account
|
79
81
|
])
|
80
82
|
|
81
83
|
# TODO: documentation. These are never used in the class
|
@@ -406,7 +408,8 @@ module Risu
|
|
406
408
|
:always_run => @vals["always_run"],
|
407
409
|
:script_version => @vals["script_version"],
|
408
410
|
:exploited_by_malware => @vals["exploited_by_malware"],
|
409
|
-
:compliance => @vals["compliance"]
|
411
|
+
:compliance => @vals["compliance"],
|
412
|
+
:agent => @vals["agent"]
|
410
413
|
)
|
411
414
|
end
|
412
415
|
|
@@ -0,0 +1,87 @@
|
|
1
|
+
# Copyright (c) 2010-2015 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Parsers
|
29
|
+
module Nessus
|
30
|
+
module PostProcess
|
31
|
+
class AdobeAcrobat < Risu::Base::PostProcessBase
|
32
|
+
|
33
|
+
#
|
34
|
+
def initialize
|
35
|
+
@info =
|
36
|
+
{
|
37
|
+
:description => "Adobe Acrobat Patch Rollup",
|
38
|
+
:plugin_id => -99975,
|
39
|
+
:plugin_name => "Update to the latest Adobe Acrobat",
|
40
|
+
:item_name => "Update to the latest Adobe Acrobat",
|
41
|
+
:plugin_ids => [
|
42
|
+
79855,
|
43
|
+
83470,
|
44
|
+
40803,
|
45
|
+
40804,
|
46
|
+
40805,
|
47
|
+
40806,
|
48
|
+
42119,
|
49
|
+
43875,
|
50
|
+
44643,
|
51
|
+
45504,
|
52
|
+
47164,
|
53
|
+
48374,
|
54
|
+
49172,
|
55
|
+
50613,
|
56
|
+
51924,
|
57
|
+
52671,
|
58
|
+
53450,
|
59
|
+
55143,
|
60
|
+
56197,
|
61
|
+
57042,
|
62
|
+
77813,
|
63
|
+
57483,
|
64
|
+
58682,
|
65
|
+
61561,
|
66
|
+
64785,
|
67
|
+
63453,
|
68
|
+
66409,
|
69
|
+
74011,
|
70
|
+
84801,
|
71
|
+
84800,
|
72
|
+
77176,
|
73
|
+
77711,
|
74
|
+
69845,
|
75
|
+
71946,
|
76
|
+
|
77
|
+
|
78
|
+
|
79
|
+
|
80
|
+
]
|
81
|
+
}
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Parsers
|
@@ -32,7 +32,7 @@ module Risu
|
|
32
32
|
|
33
33
|
#
|
34
34
|
def initialize
|
35
|
-
@info =
|
35
|
+
@info =
|
36
36
|
{
|
37
37
|
:description => "Adobe Air Patch Rollup",
|
38
38
|
:plugin_id => -99994,
|
@@ -69,6 +69,24 @@ module Risu
|
|
69
69
|
66444,
|
70
70
|
66871,
|
71
71
|
63241,
|
72
|
+
77171,
|
73
|
+
77576,
|
74
|
+
78440,
|
75
|
+
79139,
|
76
|
+
80483,
|
77
|
+
34815,
|
78
|
+
40447,
|
79
|
+
43069,
|
80
|
+
46858,
|
81
|
+
48299,
|
82
|
+
50604,
|
83
|
+
44595,
|
84
|
+
84155,
|
85
|
+
84156,
|
86
|
+
84157,
|
87
|
+
84158,
|
88
|
+
84641,
|
89
|
+
85325,
|
72
90
|
|
73
91
|
]
|
74
92
|
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Parsers
|
@@ -75,7 +75,15 @@ module Risu
|
|
75
75
|
52672,
|
76
76
|
53451,
|
77
77
|
21698,
|
78
|
+
77712,
|
79
|
+
79856,
|
80
|
+
77175,
|
81
|
+
83471,
|
82
|
+
40494,
|
83
|
+
27584,
|
78
84
|
|
85
|
+
|
86
|
+
|
79
87
|
]
|
80
88
|
}
|
81
89
|
end
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Parsers
|
@@ -62,8 +62,12 @@ module Risu
|
|
62
62
|
48205,
|
63
63
|
50070,
|
64
64
|
53896,
|
65
|
-
|
66
|
-
|
65
|
+
69014,
|
66
|
+
76622,
|
67
|
+
81126,
|
68
|
+
73081,
|
69
|
+
84959,
|
70
|
+
40467,
|
67
71
|
|
68
72
|
]
|
69
73
|
}
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# Copyright (c) 2010-2015 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Parsers
|
29
|
+
module Nessus
|
30
|
+
module PostProcess
|
31
|
+
class AppleQuicktime < Risu::Base::PostProcessBase
|
32
|
+
|
33
|
+
#
|
34
|
+
def initialize
|
35
|
+
@info =
|
36
|
+
{
|
37
|
+
:description => "Apple QuickTime Patch Rollup",
|
38
|
+
:plugin_id => -99973,
|
39
|
+
:plugin_name => "Update to the latest Apple QuickTime",
|
40
|
+
:item_name => "Update to the latest Apple QuickTime",
|
41
|
+
:plugin_ids => [
|
42
|
+
66636,
|
43
|
+
72706,
|
44
|
+
78678,
|
45
|
+
62890,
|
46
|
+
|
47
|
+
|
48
|
+
|
49
|
+
]
|
50
|
+
}
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
# Copyright (c) 2010-2015 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Parsers
|
29
|
+
module Nessus
|
30
|
+
module PostProcess
|
31
|
+
class BlackBerryEnterpriseServerRollups < Risu::Base::PostProcessBase
|
32
|
+
|
33
|
+
#
|
34
|
+
def initialize
|
35
|
+
@info =
|
36
|
+
{
|
37
|
+
:description => "Black Berry Enterprise Server Patch Rollup",
|
38
|
+
:plugin_id => -99968,
|
39
|
+
:plugin_name => "Update to the latest Black Berry Enterprise Server",
|
40
|
+
:item_name => "Update to the latest Black Berry Enterprise Server",
|
41
|
+
:plugin_ids => [
|
42
|
+
50071,
|
43
|
+
51191,
|
44
|
+
51527,
|
45
|
+
55819,
|
46
|
+
55670,
|
47
|
+
53829,
|
48
|
+
72583,
|
49
|
+
77327,
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
|
54
|
+
]
|
55
|
+
}
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
# Copyright (c) 2010-2015 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Parsers
|
29
|
+
module Nessus
|
30
|
+
module PostProcess
|
31
|
+
class DowngradePlugins < Risu::Base::PostProcessBase
|
32
|
+
|
33
|
+
#
|
34
|
+
def initialize
|
35
|
+
@info =
|
36
|
+
{
|
37
|
+
:description => "Downgrades the Severity of Certain Plugins",
|
38
|
+
:plugin_id => 0
|
39
|
+
}
|
40
|
+
|
41
|
+
#0 - informational
|
42
|
+
#1 - low
|
43
|
+
#2 - medium
|
44
|
+
#3 - high
|
45
|
+
#4 - critical
|
46
|
+
|
47
|
+
@plugins_to_severity = {
|
48
|
+
41028 => 0, #SNMP Agent Default Community Name (public) - 41028
|
49
|
+
10264 => 0, #SNMP Agent Default Community Names - 10264
|
50
|
+
10081 => 0, #FTP Privileged Port Bounce Scan - 10081
|
51
|
+
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
#
|
56
|
+
def run
|
57
|
+
@plugins_to_severity.each do |k, v|
|
58
|
+
items = Item.where(:plugin_id => k)
|
59
|
+
|
60
|
+
if items == nil
|
61
|
+
next
|
62
|
+
end
|
63
|
+
|
64
|
+
items.each do |item|
|
65
|
+
if item == nil
|
66
|
+
next
|
67
|
+
end
|
68
|
+
|
69
|
+
item.severity = v
|
70
|
+
item.save
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
# Copyright (c) 2010-2015 Arxopia LLC.
|
2
|
+
# All rights reserved.
|
3
|
+
#
|
4
|
+
# Redistribution and use in source and binary forms, with or without
|
5
|
+
# modification, are permitted provided that the following conditions are met:
|
6
|
+
#
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
9
|
+
# * Redistributions in binary form must reproduce the above copyright
|
10
|
+
# notice, this list of conditions and the following disclaimer in the
|
11
|
+
# documentation and/or other materials provided with the distribution.
|
12
|
+
# * Neither the name of the Arxopia LLC nor the names of its contributors
|
13
|
+
# may be used to endorse or promote products derived from this software
|
14
|
+
# without specific prior written permission.
|
15
|
+
#
|
16
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
17
|
+
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
18
|
+
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
|
20
|
+
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
21
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
|
+
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
|
+
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
|
+
|
27
|
+
module Risu
|
28
|
+
module Parsers
|
29
|
+
module Nessus
|
30
|
+
module PostProcess
|
31
|
+
class FileZillaClient < Risu::Base::PostProcessBase
|
32
|
+
|
33
|
+
#
|
34
|
+
def initialize
|
35
|
+
@info =
|
36
|
+
{
|
37
|
+
:description => "FileZilla Client Patch Rollup",
|
38
|
+
:plugin_id => -99974,
|
39
|
+
:plugin_name => "Update to the latest FileZilla Client",
|
40
|
+
:item_name => "Update to the latest FileZilla Client",
|
41
|
+
:plugin_ids => [
|
42
|
+
69476,
|
43
|
+
69494,
|
44
|
+
|
45
|
+
|
46
|
+
]
|
47
|
+
}
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|