risu 1.7.9 → 1.8.0

data/lib/risu/parsers/nessus/postprocess/winscp.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/parsers/nessus/postprocess/wireshark.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -78,6 +78,7 @@ module Risu
 								89103,
 								90786,
 								90787,
+								92817,
 								
 
 							]

data/lib/risu/parsers/nexpose/nexpose_document.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/parsers/nexpose/simple_nexpose.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/renderers.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/renderers/csvrenderer.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,14 +25,14 @@ module Risu
 
 			# @TODO comment
 			#
-			def self.generate(output_file, &block)
+			def self.generate output_file, &block
 				#csv = new(output_file, &block)
 				return new(output_file, &block)
 			end
 
 			# @TODO comment
 			#
-			def initialize(output_file, &block)
+			def initialize output_file, &block
 				@output_file = output_file
 				instance_eval(&block)
 			end

data/lib/risu/renderers/nilrenderer.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/renderers/pdfrenderer.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -23,10 +23,9 @@ module Risu
 	module Renderers
 		class PDFRenderer
 
-			#@TODO 
-			def initialize ()
-					
-
+			#@TODO
+			def initialize
+			
 			end
 
 			# @TODO comment

data/lib/risu/template_helpers.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal

data/lib/risu/templates/assets.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -24,7 +24,7 @@ module Risu
 		class AssetsTemplate < Risu::Base::TemplateBase
 			include TemplateHelper
 
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "assets",
@@ -35,7 +35,7 @@ module Risu
 				}
 			end
 
-			def render(output)
+			def render output
 				text Report.classification.upcase, :align => :center
 				text "\n"
 

data/lib/risu/templates/authentication_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,12 +25,12 @@ module Risu
 			include TemplateHelper
 
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "authentication_summary",
 					:author => "hammackj",
-					:version => "0.0.1",
+					:version => "0.0.2",
 					:renderer => "PDF",
 					:description => "Generates a Authentication Summary Report"
 				}
@@ -38,7 +38,7 @@ module Risu
 
 			#
 			#
-			def render(output)
+			def render output
 				@output.text Report.classification.upcase, :align => :center
 				@output.text "\n"
 
@@ -52,6 +52,35 @@ module Risu
 				@output.text "#{Report.scan_date}"
 				@output.text "\n"
 
+
+				credentialied_scans = HostProperty.where(:name => "Credentialed_Scan")
+				auth = []
+				unauth = []
+
+				credentialied_scans.each do |s|
+					if s.value == "true"
+						auth.push(s.host_id)
+					else
+						unauth.push(s.host_id)
+					end
+				end
+
+				auth_hosts = []
+
+				auth.each do |h|
+					auth_hosts.push Host.find(h).ip
+				end
+
+				@output.text "Authenticated Count:", :style => :bold
+				@output.text "#{auth.size}"
+				@output.text "\n"
+				@output.text "#{auth_hosts.join(", ")}"
+				@output.text "\n"
+
+				@output.text "UnAuthenticated Count:", :style => :bold
+				@output.text "#{unauth.size}"
+				@output.text "\n"
+
 				results = Array.new
 
 				headers = ["Hostname", "OS", "Authenticated"]
@@ -65,7 +94,7 @@ module Risu
 					if host.host_properties.where(:name => "Credentialed_Scan").first != nil
 						authenticated = host.host_properties.where(:name => "Credentialed_Scan").first.value
 					end
-					
+
 					os = host.os
 
 					host_name = host.name

data/lib/risu/templates/cover_sheet.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -24,7 +24,7 @@ module Risu
 		class CoverSheet < Risu::Base::TemplateBase
 			include TemplateHelper
 
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "cover_sheet",
@@ -35,7 +35,7 @@ module Risu
 				}
 			end
 
-			def render(output)
+			def render output
 				output.image "#{File.expand_path(File.dirname(__FILE__))}/data/nessuslogo.jpg", :scale => 0.2, :position => :left, :vposition => :top
 
 				text "\n"
@@ -83,6 +83,3 @@ module Risu
 		end
 	end
 end
-
-
-

data/lib/risu/templates/exec_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -26,7 +26,7 @@ module Risu
 
 			#
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "exec_summary",
@@ -39,7 +39,7 @@ module Risu
 
 			#
 			#
-			def render(output)
+			def render output
 				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
@@ -53,8 +53,16 @@ module Risu
 				output.text "#{Report.scan_date}"
 				output.text "\n"
 
-				output.text "This report contains the results of a security audit performed on #{Report.scan_date}. It contains confidential information about the state of your network. Access to this information by unauthorized personnel may allow them to compromise your network.\n\n"
+				output.text "This report contains the results of a security audit performed on #{Report.scan_date}."
 
+				if Report.owner.nil? or Report.network.nil? or Report.location.nil?
+					output.text "It contains confidential information about the state of your network." 
+				else
+					output.text "It contains confidential information about the state of #{Report.owner}'s #{Report.network} network at #{Report.location}."
+				end
+				
+				output.text "Access to this information by unauthorized personnel may allow them to compromise said network.\n\n"
+				
 				output.text "A total of #{Host.count} hosts were found and scanned for vulnerabilities.\n\n"
 
 				output.text "There were #{Item.risks.count} vulnerabilities found during this scan. Of these, #{Item.critical_risks.count} were critical vulnerabilities,#{Item.high_risks.count} were high vulnerabilities, #{Item.medium_risks.count} were medium vulnerabilities, #{Item.low_risks.count} were low vulnerabilities and #{Item.info_risks.count} were information findings.\n\n"

data/lib/risu/templates/executive_summary_detailed.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,7 @@ module Risu
 
 			#
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "exec_summary_detailed",
@@ -38,7 +38,7 @@ module Risu
 
 			#
 			#
-			def render(output)
+			def render output
 				output.font_size 10
 				output.font "Times-Roman"
 

data/lib/risu/templates/exploitablity_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,7 @@ module Risu
 			include TemplateHelper
 
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "exploitablity_summary",
@@ -38,7 +38,7 @@ module Risu
 
 			# Generates a report with 4 Tables of findings showing which exploit
 			# framework has a exploit for the vulnerable finding.
-			def render(output)
+			def render output
 				report_classification
 
 				report_title Report.title

data/lib/risu/templates/failed_audits.rb

@@ -1,28 +1,22 @@
-# Copyright (c) 2010-2013 Arxopia LLC.
-# All rights reserved.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
 #
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above copyright
-#       notice, this list of conditions and the following disclaimer in the
-#       documentation and/or other materials provided with the distribution.
-#     * Neither the name of the Arxopia LLC nor the names of its contributors
-#     	may be used to endorse or promote products derived from this software
-#     	without specific prior written permission.
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
 #
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
-# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 
 module Risu
 	module Templates
@@ -31,7 +25,7 @@ module Risu
 
 			# Initializes the template loading meta data
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "failed_audits",
@@ -53,7 +47,7 @@ module Risu
 
 			# Called during the rendering process
 			#
-			def render(output)
+			def render output
 				text Report.classification.upcase, :align => :center
 				text "\n"
 
@@ -69,7 +63,7 @@ module Risu
 
 				Host.all.each do |h|
 					print_header(20, "#{h.name} (#{h.ip})", "000000")
-					
+
 					if h.items.where(:cm_compliance_result => "FAILED").count > 0
 						data = [["Name", "Policy", "Value"]]
 						h.items.where(:cm_compliance_result => "FAILED").each do |cm|
@@ -82,7 +76,7 @@ module Risu
 						end
 						text "\n"
 
-					elsif h.items.where(:cm_compliance_result => "PASSED").count > 0 
+					elsif h.items.where(:cm_compliance_result => "PASSED").count > 0
 						text "Host passed all audits."
 					else
 						text "Audits were not conducted on host."

data/lib/risu/templates/finding_statistics.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,7 @@ module Risu
 
 			#
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "finding_statistics",
@@ -38,7 +38,7 @@ module Risu
 
 			#
 			#
-			def render(output)
+			def render output
 				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 

data/lib/risu/templates/findings_host.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,7 @@ module Risu
 
 			#
 			#
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "findings_host",
@@ -38,7 +38,7 @@ module Risu
 
 			#
 			#
-			def render(output)
+			def render output
 				@output.font_size 10
 
 				report_classification

data/lib/risu/templates/findings_summary.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2016 Arxopia LLC.
+# Copyright (c) 2010-2017 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -24,7 +24,7 @@ module Risu
 		class FindingsSummary < Risu::Base::TemplateBase
 			include TemplateHelper
 
-			def initialize ()
+			def initialize
 				@template_info =
 				{
 					:name => "findings_summary",
@@ -35,7 +35,7 @@ module Risu
 				}
 			end
 
-			def print_risk_title (text, color)
+			def print_risk_title text, color
 				@output.font_size(20) do
 					@output.fill_color color.gsub('#', '')
 					@output.text text, :style => :bold
@@ -43,7 +43,7 @@ module Risu
 				end
 			end
 
-			def print_risk_summary(risks, text, color)
+			def print_risk_summary risks, text, color
 				print_risk_title(text, color) if risks.length != 0
 
 				risks.each do |item|
@@ -54,7 +54,7 @@ module Risu
 				end
 			end
 
-			def render(output)
+			def render output
 				text Report.classification.upcase, :align => :center
 				text "\n"