risu 1.7.4 → 1.7.5

data/lib/risu/parsers/nessus/nessus_sax_listener.rb

@@ -42,7 +42,7 @@ module Risu
 					osvdb cert edb-id rhsa secunia suse dsa
 					owasp cwe iavb iavt cisco-sa ics-alert
 					cisco-bug-id cisco-sr cert-vu vmsa apple-sa
-					icsa cert-cc msvr usn hp glsa freebsd
+					icsa cert-cc msvr usn hp glsa freebsd tra
 				])
 
 				# An array of valid host properties
@@ -58,6 +58,7 @@ module Risu
 					pcidss:insecure_http_methods LastUnauthenticatedResults LastAuthenticatedResults cpe-0 cpe-1
 					cpe-2 cpe-3 Credentialed_Scan policy-used UnsupportedProduct:microsoft:windows_xp::sp2
 					UnsupportedProduct:microsoft:windows_xp UnsupportedProduct:microsoft:windows_2000 UnsupportedProduct
+					mcafee-epo-guid
 				])
 
 				# An array of all valid elements expected during parsing
@@ -76,6 +77,7 @@ module Risu
 					cm:compliance-audit-file cm:compliance-check-name cm:compliance-result cm:compliance-output policyOwner
 					visibility script_version attachment policy_comments d2_elliot_name exploit_framework_d2_elliot
 					exploited_by_malware compliance cm:compliance-reference cm:compliance-see-also cm:compliance-solution
+					agent potential_vulnerability in_the_news exploited_by_nessus unsupported_by_vendor default_account
 				])
 
 				# TODO: documentation. These are never used in the class
@@ -406,7 +408,8 @@ module Risu
 						:always_run => @vals["always_run"],
 						:script_version => @vals["script_version"],
 						:exploited_by_malware => @vals["exploited_by_malware"],
-						:compliance => @vals["compliance"]
+						:compliance => @vals["compliance"],
+						:agent => @vals["agent"]
 					)
 				end
 

data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb

@@ -0,0 +1,87 @@
+# Copyright (c) 2010-2015 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class AdobeAcrobat < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "Adobe Acrobat Patch Rollup",
+							:plugin_id => -99975,
+							:plugin_name => "Update to the latest Adobe Acrobat",
+							:item_name => "Update to the latest Adobe Acrobat",
+							:plugin_ids => [
+								79855,
+								83470,
+								40803,
+								40804,
+								40805,
+								40806,
+								42119,
+								43875,
+								44643,
+								45504,
+								47164,
+								48374,
+								49172,
+								50613,
+								51924,
+								52671,
+								53450,
+								55143,
+								56197,
+								57042,
+								77813,
+								57483,
+								58682,
+								61561,
+								64785,
+								63453,
+								66409,
+								74011,
+								84801,
+								84800,
+								77176,
+								77711,
+								69845,
+								71946,
+								
+
+
+
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/adobe_air.rb

@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers
@@ -32,7 +32,7 @@ module Risu
 
 					#
 					def initialize
-						@info = 
+						@info =
 						{
 							:description => "Adobe Air Patch Rollup",
 							:plugin_id => -99994,
@@ -69,6 +69,24 @@ module Risu
 								66444,
 								66871,
 								63241,
+								77171,
+								77576,
+								78440,
+								79139,
+								80483,
+								34815,
+								40447,
+								43069,
+								46858,
+								48299,
+								50604,
+								44595,
+								84155,
+								84156,
+								84157,
+								84158,
+								84641,
+								85325,
 								
 							]
 

data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb

@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers
@@ -75,7 +75,15 @@ module Risu
 								52672,
 								53451,
 								21698,
+								77712,
+								79856,
+								77175,
+								83471,
+								40494,
+								27584,
 								
+
+
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/apache.rb

@@ -21,8 +21,8 @@
 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 # OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-#OF THE POSSIBILITY OF SUCH DAMAGE.
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Risu
 	module Parsers
@@ -62,8 +62,12 @@ module Risu
 								48205,
 								50070,
 								53896,
-								
-								
+								69014,
+								76622,
+								81126,
+								73081,
+								84959,
+								40467,
 								
 							]
 						}

data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb

@@ -0,0 +1,56 @@
+# Copyright (c) 2010-2015 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class AppleQuicktime < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "Apple QuickTime Patch Rollup",
+							:plugin_id => -99973,
+							:plugin_name => "Update to the latest Apple QuickTime",
+							:item_name => "Update to the latest Apple QuickTime",
+							:plugin_ids => [
+								66636,
+								72706,
+								78678,
+								62890,
+								
+
+
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb

@@ -0,0 +1,61 @@
+# Copyright (c) 2010-2015 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class BlackBerryEnterpriseServerRollups < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "Black Berry Enterprise Server Patch Rollup",
+							:plugin_id => -99968,
+							:plugin_name => "Update to the latest Black Berry Enterprise Server",
+							:item_name => "Update to the latest Black Berry Enterprise Server",
+							:plugin_ids => [
+                50071,
+                51191,
+                51527,
+                55819,
+								55670,
+								53829,
+								72583,
+								77327,
+								
+
+
+
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/db2.rb

@@ -42,9 +42,10 @@ module Risu
 								62701,
 								71519,
 								76114,
-								76116
-								
-								
+								76116,
+								84828
+
+
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb

@@ -0,0 +1,79 @@
+# Copyright (c) 2010-2015 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class DowngradePlugins < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "Downgrades the Severity of Certain Plugins",
+							:plugin_id => 0
+						}
+
+            #0 - informational
+            #1 - low
+            #2 - medium
+            #3 - high
+            #4 - critical
+
+						@plugins_to_severity = {
+							41028 => 0, #SNMP Agent Default Community Name (public) - 41028
+              10264 => 0, #SNMP Agent Default Community Names - 10264
+							10081 => 0, #FTP Privileged Port Bounce Scan - 10081
+
+						}
+					end
+
+					#
+					def run
+						@plugins_to_severity.each do |k, v|
+							items = Item.where(:plugin_id => k)
+
+							if items == nil
+								next
+							end
+
+              items.each do |item|
+                if item == nil
+                  next
+                end
+
+                item.severity = v
+		            item.save
+              end
+
+						end
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/filezilla.rb

@@ -0,0 +1,53 @@
+# Copyright (c) 2010-2015 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class FileZillaClient < Risu::Base::PostProcessBase
+
+					#
+					def initialize
+						@info =
+						{
+							:description => "FileZilla Client Patch Rollup",
+							:plugin_id => -99974,
+							:plugin_name => "Update to the latest FileZilla Client",
+							:item_name => "Update to the latest FileZilla Client",
+							:plugin_ids => [
+								69476,
+								69494,
+								
+
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end