risu 1.4.5 → 1.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/NEWS.markdown CHANGED
@@ -1,5 +1,11 @@
1
1
  # News
2
2
 
3
+ #1.4.6 (July, 2011)
4
+ - Added pcidss:dns_zone_transfer to the Nessus parser
5
+ - Added pcidss:obsolete_operating_system to the Nessus parser
6
+ - Removed warnings about several Microsoft patch tags, not sure what to do with them at the moment.
7
+ - Added a user template directory. Risu will scan ~/.risu/templates for user templates.
8
+
3
9
  #1.4.5 (July 4, 2011)
4
10
  - Implemented an modular template system, **breaks all existing templates**.
5
11
  - All templates are now implemented as Ruby classes this allows them to be dynamically loaded and removes the need to type the entire path to the template
data/Rakefile CHANGED
@@ -12,7 +12,7 @@ end
12
12
  task :release => :build do
13
13
  system "gem push #{Risu::APP_NAME}-#{Risu::VERSION}.gem"
14
14
 
15
- puts "Just released #{Risu::APP_NAME} v#{Risu::VERSION}. #{Risu::APP_NAME} is always available in RubyGems!"
15
+ puts "Just released #{Risu::APP_NAME} v#{Risu::VERSION}. #{Risu::APP_NAME} is always available in RubyGems! More information at http://hammackj.com/projects/risu/"
16
16
  end
17
17
 
18
18
  task :clean do
data/TODO.markdown CHANGED
@@ -2,9 +2,12 @@
2
2
 
3
3
  **Release dates are estimates, and features can be changed at any time.**
4
4
 
5
+ ## 1.4.6
6
+
7
+
5
8
  ## 1.5 (7/4/2011)
6
- - Comment all named scope from 1.2
7
- - Clean up code
9
+ - Rework the blacklisting of plugins/hosts add to the config file
10
+ - Complete comments for all existing code
8
11
  - Create rSpec tests for everything (95%+ code coverage goal)
9
12
  - Parser tests
10
13
  - Add test for new xml element
@@ -31,7 +34,6 @@
31
34
  - ms update summary
32
35
  - pci compliance
33
36
  - tech findings
34
- - Rework the blacklisting of plugins/hosts add to the config file
35
37
 
36
38
  ##1.5.1 (8/4/2011) - Template work
37
39
  - Provide more templates
data/lib/risu.rb CHANGED
@@ -1,8 +1,6 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  APP_NAME = "risu"
5
- VERSION = "1.4.5"
3
+ VERSION = "1.4.6"
6
4
  GRAPH_WIDTH = 750
7
5
  EMAIL = "jacob.hammack@hammackj.com"
8
6
  CONFIG_FILE = "./risu.cfg"
data/lib/risu/base.rb CHANGED
@@ -1,10 +1,9 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Base
5
3
  end
6
4
  end
7
5
 
6
+ #Remove this by 1.5 as it doesn't seem to be needed
8
7
  #if ActiveRecord::Base.connected? == true
9
8
  # require 'risu/base/schema'
10
9
  #end
@@ -63,6 +63,8 @@ module Risu
63
63
  t.string :pcidss_compliance_passed
64
64
  t.string :pcidss_deprecated_ssl
65
65
  t.string :pcidss_expired_ssl_certificate
66
+ t.string :pcidss_obsolete_operating_system
67
+ t.string :pcidss_dns_zone_transfer
66
68
  t.string :pcidss_high_risk_flaw
67
69
  t.string :pcidss_medium_risk_flaw
68
70
  t.string :pcidss_reachable_db
@@ -3,21 +3,28 @@ module Risu
3
3
  class TemplateManager
4
4
  attr_accessor :registered_templates
5
5
 
6
+ # Creates new instance of TemplateManager
6
7
  #
8
+ # @param path Path relative to the base_dir of risu
7
9
  #
10
+ # @return New instance of the template manager with templates loaded.
8
11
  def initialize (path)
9
12
  @registered_templates = Array.new
10
13
  @templates = Array.new
11
14
 
12
- load_templates(path)
15
+ base_dir = __FILE__.gsub("risu/base/template_manager.rb", "")
16
+
17
+ load_templates(base_dir + path)
18
+ load_templates(File.expand_path(USER_TEMPLATES_DIR)) if File.exists?(File.expand_path(USER_TEMPLATES_DIR)) && File.directory?(File.expand_path(USER_TEMPLATES_DIR))
13
19
  end
14
20
 
21
+ # Loads templates from a specific path
15
22
  #
23
+ # @param path Path to templates to load
16
24
  #
17
- def load_templates(path)
25
+ def load_templates(path)
18
26
  begin
19
- base_dir = __FILE__.gsub("risu/base/template_manager.rb", "")
20
- Dir["#{base_dir + path}/**/*.rb"].each do |x|
27
+ Dir["#{path}/**/*.rb"].each do |x|
21
28
  begin
22
29
  load x
23
30
  rescue => e
@@ -27,28 +34,23 @@ module Risu
27
34
 
28
35
  TemplateBase.possible_templates.each do |p|
29
36
  if validate(p) == true
30
- @registered_templates << p
37
+ @registered_templates << p if @registered_templates.include?(p) == false
31
38
  end
32
39
  end
33
40
  rescue => e
34
- puts "Bad plugin"
41
+ puts "[!] Invalid template path"
35
42
  end
36
43
  end
37
44
 
45
+ # Validates that a template is a valid template
38
46
  #
47
+ # @param template The template to validate
39
48
  #
40
49
  def validate(template)
41
50
  t = template.new
42
-
43
- if t == nil
44
- return false
45
- end
46
-
47
- if t.respond_to?(:render) == false
48
- return false
49
- end
50
-
51
- return true
51
+
52
+ return false if t == nil
53
+ return t.respond_to?(:render)
52
54
  end
53
55
 
54
56
  #
@@ -71,11 +73,14 @@ module Risu
71
73
  def register_template(plugin)
72
74
  load plugin
73
75
 
74
- @templates.push(plugin)
76
+ @templates.push(plugin) if @templates.include?(plugin) == false
75
77
  end
76
78
 
79
+ # Finds a template by its name
77
80
  #
81
+ # @param name Name of the template to find
78
82
  #
83
+ # @return the instance of the template or nil if not found
79
84
  def find_template_by_name(name)
80
85
  @registered_templates.each do |template|
81
86
  t = template.new
@@ -87,7 +92,7 @@ module Risu
87
92
  return nil
88
93
  end
89
94
 
90
- #
95
+ # Displays a list of all the templates
91
96
  #
92
97
  def display_templates
93
98
  puts "Available Templates"
data/lib/risu/cli.rb CHANGED
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module CLI
5
3
  end
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  #Cool random banner stuff for the cli, based on the metasploit random banner stuff
4
2
 
5
3
  module Risu
@@ -1,10 +1,7 @@
1
-
2
- # encoding: utf-8
3
-
4
1
  module Risu
5
2
  module Exceptions
6
3
  class InvalidDocument < StandardError
7
4
 
8
5
  end
9
6
  end
10
- end
7
+ end
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
  # FamilySelection Model
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
  # Host Model
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -112,7 +110,7 @@ module Risu
112
110
 
113
111
  # Queries for all the high risks by plugin
114
112
  #
115
- # @todo update this
113
+ # @param limit Limits the result to a specific number, default 10
116
114
  #
117
115
  # @return [ActiveRecord::Relation] with the query results
118
116
  def risks_by_plugin(limit=10)
@@ -121,6 +119,8 @@ module Risu
121
119
 
122
120
  # Queries for all the risks by host
123
121
  #
122
+ # @param limit Limits the result to a specific number, default 10
123
+ #
124
124
  # @return [ActiveRecord::Relation] with the query results
125
125
  def risks_by_host(limit=10)
126
126
  select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => [3, 2]).group(:host_id).order("count_all DESC").limit(limit)
@@ -142,6 +142,8 @@ module Risu
142
142
 
143
143
  # Generates a Graph of all the risks by service
144
144
  #
145
+ # @param limit Limits the result to a specific number, default 10
146
+ #
145
147
  # @return [StringIO] Object containing the generated PNG image
146
148
  def risks_by_service_graph(limit=10)
147
149
  g = Gruff::Pie.new(GRAPH_WIDTH)
@@ -152,9 +154,9 @@ module Risu
152
154
  :background_colors => %w(white white)
153
155
  }
154
156
 
155
- Item.risks_by_service(limit).all.each { |service|
157
+ Item.risks_by_service(limit).all.each do |service|
156
158
  g.data(service.svc_name, Item.find(:all, :conditions => {:svc_name => service.svc_name}).count)
157
- }
159
+ end
158
160
 
159
161
  StringIO.new(g.to_blob)
160
162
  end
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
@@ -1,7 +1,7 @@
1
1
  module Risu
2
2
  module Models
3
3
 
4
- #
4
+ # Service Description Model; Use for creating generic text for service descriptions
5
5
  #
6
6
  # @author Jacob Hammack
7
7
  class ServiceDescription < ActiveRecord::Base
@@ -1,5 +1,3 @@
1
- # encoding: utf-8
2
-
3
1
  module Risu
4
2
  module Models
5
3
 
data/lib/risu/parsers.rb CHANGED
@@ -4,4 +4,4 @@ module Risu
4
4
  end
5
5
 
6
6
  require 'risu/parsers/nessus/nessus_document'
7
- require 'risu/parsers/nessus/nessus_sax_listener'
7
+ require 'risu/parsers/nessus/nessus_sax_listener'
@@ -52,7 +52,9 @@ module Risu
52
52
  "pcidss:medium_risk_flaw" => :pcidss_medium_risk_flaw,
53
53
  "pcidss:reachable_db" => :pcidss_reachable_db,
54
54
  "pcidss:www:xss" => :pcidss_www_xss,
55
- "system-type" => :system_type
55
+ "system-type" => :system_type,
56
+ "pcidss:obsolete_operating_system" => :pcidss_obsolete_operating_system,
57
+ "pcidss:dns_zone_transfer" => :pcidss_dns_zone_transfer
56
58
  }
57
59
 
58
60
  @valid_ms_patches = {
@@ -71,7 +73,9 @@ module Risu
71
73
  "MS11-020" => :ms11_020,
72
74
  "MS11-018" => :ms11_018,
73
75
  "MS11-028" => :ms11_028,
74
- "MS11-032" => :ms11_032
76
+ "MS11-032" => :ms11_032,
77
+ "MS040-016" => :ms040_016,
78
+ "MS08-50" => :ms08_50
75
79
  }
76
80
  end
77
81
 
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: risu
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 1.4.5
5
+ version: 1.4.6
6
6
  platform: ruby
7
7
  authors:
8
8
  - Jacob Hammack
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2011-07-04 00:00:00 -05:00
13
+ date: 2011-07-12 00:00:00 -05:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency