risu 1.6.2 → 1.6.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b5cd1e3ce6b95cafbd6932d61bf077fe216e4a60
-  data.tar.gz: 6897e5ee7f28b2289f2fa9830522778f3996e5c5
+  metadata.gz: e68cad1b3c4a774e7910aac3401b6b55ffa5ab48
+  data.tar.gz: 42d63e62cc61a230495a6b3c1e69c9f6165e52cd
 SHA512:
-  metadata.gz: 71f8a12245e3cf7378773cafc6d349b8aa0728902c35b0f130c1f7be54f4555d3ef9517855b429fb521a9dab444fbd9ea66d07e24af201e9ef5e4e591dd9b4bd
-  data.tar.gz: 217fa0b9def0e3e267dd5ef0541d261df3f0bc32c6883be5168d8bba5b9a7103a05b6d4221c37e5201d940df928aea4fee8dd4a9054671d4f292db3bb0fac66d
+  metadata.gz: 7651b038bae3dbe3d27c82431a1125ff41b1309fe91ace6464d4c1e2794bbac0779b998a002e8487fd6a35ed40c792863b835aad5b565f8d6ebeb5df3e46651e
+  data.tar.gz: be5aa294863a70be65695e165db193185519ad263d8bc517a95df13cd047b198c56673845cf734516185ebfe42c69859e2da9c71d302cdb32f5b746bf89ccec4

data/Gemfile.ci

@@ -1,7 +1,5 @@
 source :rubygems
-source "http://rubygems.org"
-source :rubyforge
-source "http://gems.rubyforge.org"
+source "https://rubygems.org"
 
 gem "rails"
 gem "libxml-ruby"

data/NEWS.markdown

@@ -1,7 +1,39 @@
 # News
 
+#1.6.3 (October 01, 2013)
+- Rails 4.0 compatibility, backwards rails compatibility doesn't exist. You will need to update any plugins using old Rails APIs
+- Support for Ruby less than 1.9.3 also doesn't exist
+- Schema
+	- Changed size of ServerPreferences.value to text instead of string. Pull Request from [alanjones]
+	- Changed size of HostProperties.value to text instead of string. Pull Request from [alanjones]
+	- Changed size of References.value to text instead of string. Pull Request from [alanjones]
+- Models
+	- Policy Model
+		- Added policy_comments
+	- HostProperty Model
+		- Added patch-summary-total-cves
+		- Added patch-summary-cve-num-{HASH}
+		- Added patch-summary-cves-{HASH}
+		- Added patch-summary-txt-{HASH}
+	- Plugin Model
+		- Added script_version
+		- Added d2_elliot_name
+		- Added exploit_framework_d2_elliot
+	- Attachment Model ***NEW***
+		- New Model for attachment meta-data
+			- Please note this is just the hash of the attachment, the real attachment is not in the .nessus file.
+- Templates
+	- Added initial malicious process detection template based on plugin #59275,
+		it is rough at the moment but good for viewing all the findings. It requires
+		that local checks were run, for the plugin to fire during the Nessus scan.
+- Wiki
+	- New page for installing on [Kali Linux](https://github.com/arxopia/risu/wiki/Kali-Linux-Risu-Installation-Guide)
+- Post Processing (Alpha Support)
+	- Started to develop a method for doing post processing on all the findings
+		- Initial RiskScore plugin to calculate a risk score for Plugins / Findings / Hosts
+
 #1.6.2 (March 13, 2013)
-- pci_compliance template - Correct a bug that prevented it from working. Reported by [jkordish]
+- pci_compliance template - Corrected a bug that prevented it from working. Reported by [jkordish]
 - Added Report.extra to contain any extra risu.config yaml settings to be passed to a report
 	- Check for nil before using it!
 	- It will contain all tags in the report: section of the config file
@@ -47,11 +79,11 @@
 			- os_windows_2k12
 			- not_is_windows_2k12
 		- Changed the wording `other_os_graph_text` to indicate that its just a percentage of the non windows computers
-		- Added 'bios_uuid' Property 
+		- Added 'bios_uuid' Property
 	- Reference Model
-		- Added cert-cc, 
+		- Added cert-cc,
 		- Added apple-sa
-		- Added icsa 
+		- Added icsa
 		- Added msvr
 	- Plugin Model
 		- cvss_base_score is now a float in the schema, this change should be transparent

data/README.markdown

@@ -2,7 +2,7 @@
 
 Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
 
-Version **1.6.2** is the current release.
+Version **1.6.3** is the current release.
 
 ## Requirements
 
@@ -55,7 +55,7 @@ Any database that ActiveRecord supports should work. Risu has been tested with [
 
 
 # Viewing Data
-The data can be viewed with a query browser available for your database. A Rails front end will be available in the **future**.
+The data can be viewed with a query browser available for your database.
 
 ## Generating Reports
 To generate a report please execute the following after the the data is parsed into the database.

data/Rakefile

@@ -26,7 +26,6 @@
 
 $LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
 
-require 'rubygems'
 require "risu"
 require 'rake'
 require 'rake/testtask'

data/bin/risu

@@ -31,7 +31,6 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '/../lib'))
 $stdout.sync = true
 $stderr.sync = true
 
-require 'rubygems'
 require 'risu'
 
 app = Risu::CLI::Application.new

data/lib/risu.rb

@@ -26,7 +26,7 @@
 
 module Risu
 	APP_NAME = "risu"
-	VERSION = "1.6.2"
+	VERSION = "1.6.3"
 	GRAPH_WIDTH = 750
 	EMAIL = "risu@arxopia.com"
 	CONFIG_FILE = "./risu.cfg"
@@ -56,6 +56,7 @@ require 'risu/cli'
 require 'risu/exceptions'
 require 'risu/models'
 require 'risu/parsers'
+require 'risu/parsers/nessus/postprocess'
 require 'risu/renderers'
 
 include Risu::Models

data/lib/risu/base/schema.rb

@@ -34,7 +34,7 @@ module Risu
 			def self.up
 				create_table :policies do |t|
 					t.string :name
-					t.string :comments
+					t.text :comments
 					t.string :owner
 					t.string :visibility
 				end
@@ -42,7 +42,7 @@ module Risu
 				create_table :server_preferences do |t|
 					t.integer :policy_id
 					t.string :name
-					t.string :value
+					t.text :value, limit: 4294967295
 				end
 
 				create_table :plugins_preferences do |t|
@@ -78,18 +78,20 @@ module Risu
 					t.string :fqdn
 					t.string :netbios
 					t.text :notes
+					t.integer :risk_score
 				end
 
 				create_table :host_properties do |t|
 					t.integer :host_id
 					t.string :name
-					t.string :value
+					t.text :value, limit: 4294967295
 				end
 
 				create_table :items do |t|
 					t.integer :host_id
 					t.integer :plugin_id
-					t.text :plugin_output
+					t.integer :attachment_id
+					t.text :plugin_output, limit: 4294967295
 					t.integer :port
 					t.string :svc_name
 					t.string :protocol
@@ -104,6 +106,8 @@ module Risu
 					t.string :cm_compliance_check_name
 					t.string :cm_compliance_result
 					t.string :cm_compliance_output
+					t.integer :real_severity
+					t.integer :risk_score
 				end
 
 				create_table :plugins do |t|
@@ -134,6 +138,11 @@ module Risu
 					t.string :stig_severity
 					t.string :fname
 					t.string :always_run
+					t.string :script_version
+					t.string :d2_elliot_name
+					t.string :exploit_framework_d2_elliot
+					t.boolean :rollup
+					t.integer :risk_score
 				end
 
 				create_table :individual_plugin_selections do |t|
@@ -147,7 +156,15 @@ module Risu
 				create_table :references do |t|
 					t.integer :plugin_id
 					t.string :reference_name
-					t.string :value
+					t.text :value
+				end
+
+				create_table :attachments do |t|
+					t.integer :item_id
+					t.string :name
+					t.string :type
+					t.string :ahash
+					t.text :value
 				end
 
 				create_table :versions do |t|
@@ -166,23 +183,23 @@ module Risu
 					t.string :value
 				end
 
-				#Index's for speed increases
+				#Index's for speed increases, possibly have these apply after parsing @todo
 				add_index :items, :host_id
 				add_index :items, :plugin_id
 				add_index :references, :plugin_id
 
 				#Default data for service descriptions
 				#@todo Unused ATM, might be better to use a yaml file tho..
-				ServiceDescription.create :name => "www", :description => ""
-				ServiceDescription.create :name => "cifs", :description => ""
-				ServiceDescription.create :name => "smb", :description => ""
-				ServiceDescription.create :name => "netbios-ns", :description => ""
-				ServiceDescription.create :name => "snmp", :description => ""
-				ServiceDescription.create :name => "ftp", :description => ""
-				ServiceDescription.create :name => "epmap", :description => ""
-				ServiceDescription.create :name => "ntp", :description => ""
-				ServiceDescription.create :name => "dce-rpc", :description => ""
-				ServiceDescription.create :name => "telnet", :description => ""
+				# ServiceDescription.create :name => "www", :description => ""
+				# ServiceDescription.create :name => "cifs", :description => ""
+				# ServiceDescription.create :name => "smb", :description => ""
+				# ServiceDescription.create :name => "netbios-ns", :description => ""
+				# ServiceDescription.create :name => "snmp", :description => ""
+				# ServiceDescription.create :name => "ftp", :description => ""
+				# ServiceDescription.create :name => "epmap", :description => ""
+				# ServiceDescription.create :name => "ntp", :description => ""
+				# ServiceDescription.create :name => "dce-rpc", :description => ""
+				# ServiceDescription.create :name => "telnet", :description => ""
 			end
 
 			# Deletes all of the database tables created
@@ -202,6 +219,7 @@ module Risu
 				drop_table :service_descriptions
 				drop_table :patches
 				drop_table :host_properties
+				drop_table :attachments
 			end
 		end
 	end

data/lib/risu/base/template_manager.rb

@@ -65,6 +65,8 @@ module Risu
 				  end
 				rescue => e
 					puts "[!] Invalid template path"
+					#puts e.inspect
+  					#puts e.backtrace
 				end
 			end
 

data/lib/risu/cli/application.rb

@@ -41,6 +41,7 @@ module Risu
 
 				@options[:debug] = false
 				@options[:list_templates] = false
+				@options[:rollup] = false
 
 				@template_manager = Risu::Base::TemplateManager.new "risu/templates"
 			end
@@ -224,6 +225,13 @@ module Risu
 					opts = OptionParser.new do |opt|
 						opt.banner =	"#{APP_NAME} v#{VERSION}\nJacob Hammack\nhttp://www.arxopia.com\n\n"
 						opt.banner << "Usage: #{APP_NAME} [options] [files_to_parse]"
+						opt.separator('')
+						opt.separator("Parse Options")
+
+						opt.on('--post-process', 'Preform post processing on the data') do |option|
+							@options[:post_process] = option
+						end
+
 						opt.separator('')
 						opt.separator("Reporting Options")
 
@@ -411,36 +419,57 @@ module Risu
 				end
 			end
 
+			# Preforms PostProcessing on the dataset
+			#
+			def process_post_processing
+				if @options[:post_process] != false
+
+					puts "[*] Preforming Post Processing"
+
+					#Calculate all RiskScores
+					puts "\t[*] Calculating RiskScore for all vulnerabilities"
+					score = Risu::Parsers::Nessus::PostProcess::RiskScore.new
+					score.run()
+
+					#Clean up java patches
+					#puts "\t[*] Rolling up Oracle Java vulnerabilities"
+					#java = Risu::Parsers::Nessus::PostProcess::Java.new
+					#java.run()
+				end
+			end
+
 			# Handles the parsing of a single file
 			#
 			# @param file The to parse
 			def parse_file file
 				begin
-						puts "[*] Parsing #{file}..."
-						tstart = Time.new
+					puts "[*] Parsing #{file}..."
+					tstart = Time.new
 
-						if File.exists?(file) == false
-							raise Risu::Exceptions::InvalidDocument, "[!] Document does not exist - #{file}"
-						end
+					if File.exists?(file) == false
+						raise Risu::Exceptions::InvalidDocument, "[!] Document does not exist - #{file}"
+					end
 
-						nessus_doc = Risu::Parsers::Nessus::NessusDocument.new file
-						nexpose_doc = Risu::Parsers::Nexpose::NexposeDocument.new file
+					nessus_doc = Risu::Parsers::Nessus::NessusDocument.new file
+					nexpose_doc = Risu::Parsers::Nexpose::NexposeDocument.new file
 
-						if nessus_doc.valid? == true
-							nessus_doc.parse
+					if nessus_doc.valid? == true
+						nessus_doc.parse
 
-							puts "[*] Fixing IP Address field"
-							nessus_doc.fix_ips
-						elsif nexpose_doc.valid? == true
-							nexpose_doc.parse
+						puts "[*] Fixing IP Address field"
+						nessus_doc.fix_ips
+					elsif nexpose_doc.valid? == true
+						nexpose_doc.parse
 
-							puts "[*] Fixing IP Address field"
-							nexpose_doc.fix_ips
-						else
-							raise Risu::Exceptions::InvalidDocument, "[!] Invalid Document - #{file}"
-						end
+						puts "[*] Fixing IP Address field"
+						nexpose_doc.fix_ips
+					else
+						raise Risu::Exceptions::InvalidDocument, "[!] Invalid Document - #{file}"
+					end
+
+					process_post_processing()
 
-						printf "[*] Finished parsing %s. Parse took %.02f seconds\n", file, Time.now - tstart
+					printf "[*] Finished parsing %s. Parse took %.02f seconds\n", file, Time.now - tstart
 				rescue Interrupt => i
 					puts "[!] Parse canceled!"
 					exit(1)

data/lib/risu/models.rb

@@ -43,3 +43,4 @@ require 'risu/models/version'
 require 'risu/models/servicedescription'
 require 'risu/models/patch'
 require 'risu/models/hostproperty'
+require 'risu/models/attachment'

data/lib/risu/models/attachment.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2010-2013 Arxopia LLC.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Models
+
+		# Patch Model
+		#
+		class Attachment < ActiveRecord::Base
+			belongs_to :item
+		end
+	end
+end

data/lib/risu/models/host.rb

@@ -51,7 +51,7 @@ module Risu
 				#
 				# @return [Array] With all the Ip's in sorted order
 				def sorted
-					hosts = Host.where("ip is not NULL").order("ip").all
+					hosts = Host.where("ip is not NULL").order("ip").to_a
 
 					#Sort the ips in natural order.
 					hosts.sort! do |a,b|
@@ -69,7 +69,7 @@ module Risu
 				# @return [String] of hosts \n delimited
 				def ip_list
 					ips = Array.new
-					hosts = Host.where("ip is not NULL").order("ip").all
+					hosts = Host.where("ip is not NULL").order("ip").to_a
 
 					hosts.each do |host|
 						ips << host.ip if host.ip != nil
@@ -258,7 +258,7 @@ module Risu
 				# @return [ActiveRecord::Relation] with the query results
 				def not_os_windows_8
 					where("os NOT LIKE '%Windows 8%'")
-				end				
+				end
 
 				# Queries for hosts with a Windows Operating System that are not 2000,
 				# XP, 2003, Vista, 2008 or 7
@@ -396,7 +396,7 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
-					Item.risks_by_host(limit).all.each do |item|
+					Item.risks_by_host(limit).to_a.each do |item|
 						ip = Host.find_by_id(item.host_id).name
 #						count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
 						count = Item.where(:host_id => item.host_id).where(:severity => 4).count
@@ -421,15 +421,15 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
-					linux = Host.os_linux.all.count
-					osx = Host.os_osx.all.count
-					freebsd = Host.os_freebsd.all.count
-					netbsd = Host.os_netbsd.all.count
-					cisco = Host.os_cisco.all.count
-					vxworks = Host.os_vxworks.all.count
-					esx = Host.os_vmware_esx.all.count
-					aix = Host.os_aix.all.count
-					other = Host.os_other.all.count
+					linux = Host.os_linux.to_a.count
+					osx = Host.os_osx.to_a.count
+					freebsd = Host.os_freebsd.to_a.count
+					netbsd = Host.os_netbsd.to_a.count
+					cisco = Host.os_cisco.to_a.count
+					vxworks = Host.os_vxworks.to_a.count
+					esx = Host.os_vmware_esx.to_a.count
+					aix = Host.os_aix.to_a.count
+					other = Host.os_other.to_a.count
 
 					g.data("Linux", linux) unless linux == 0
 					g.data("OSX", osx) unless osx == 0
@@ -462,16 +462,16 @@ module Risu
 						:background_colors => %w(white white)
 					}
 
-					nt = Host.os_windows_nt.all.count
-					w2k = Host.os_windows_2k.all.count
-					xp = Host.os_windows_xp.all.count
-					w2k3 = Host.os_windows_2k3.all.count
-					vista = Host.os_windows_vista.all.count
-					w2k8 = Host.os_windows_2k8.all.count
-					w2k12 = Host.os_windows_2k12.all.count
-					w7 = Host.os_windows_7.all.count
-					w8 = Host.os_windows_8.all.count
-					other = (Host.os_windows.os_windows_other).all.count
+					nt = Host.os_windows_nt.to_a.count
+					w2k = Host.os_windows_2k.to_a.count
+					xp = Host.os_windows_xp.to_a.count
+					w2k3 = Host.os_windows_2k3.to_a.count
+					vista = Host.os_windows_vista.to_a.count
+					w2k8 = Host.os_windows_2k8.to_a.count
+					w2k12 = Host.os_windows_2k12.to_a.count
+					w7 = Host.os_windows_7.to_a.count
+					w8 = Host.os_windows_8.to_a.count
+					other = (Host.os_windows.os_windows_other).to_a.count
 
 					g.data("NT", nt) if nt >= 1
 					g.data("2000", w2k) if w2k >= 1
@@ -481,7 +481,7 @@ module Risu
 					g.data("Server 2008", w2k8) if w2k8 >= 1
 					g.data("Server 2012", w2k12) if w2k12 >= 1
 					g.data("7", w7) if w7 >= 1
-					g.data("8", w8) if w8 >= 1					
+					g.data("8", w8) if w8 >= 1
 					g.data("Other Windows", other) if other >= 1
 
 					StringIO.new(g.to_blob)
@@ -491,16 +491,16 @@ module Risu
 				#@todo comment
 				#
 				def windows_os_graph_text
-					nt = Host.os_windows_nt.all.count
-					w2k = Host.os_windows_2k.all.count
-					xp = Host.os_windows_xp.all.count
-					w2k3 = Host.os_windows_2k3.all.count
-					vista = Host.os_windows_vista.all.count
-					w2k8 = Host.os_windows_2k8.all.count
-					w2k12 = Host.os_windows_2k12.all.count
-					w7 = Host.os_windows_7.all.count
-					w8 = Host.os_windows_8.all.count
-					other = (Host.os_windows.os_windows_other).all.count
+					nt = Host.os_windows_nt.to_a.count
+					w2k = Host.os_windows_2k.to_a.count
+					xp = Host.os_windows_xp.to_a.count
+					w2k3 = Host.os_windows_2k3.to_a.count
+					vista = Host.os_windows_vista.to_a.count
+					w2k8 = Host.os_windows_2k8.to_a.count
+					w2k12 = Host.os_windows_2k12.to_a.count
+					w7 = Host.os_windows_7.to_a.count
+					w8 = Host.os_windows_8.to_a.count
+					other = (Host.os_windows.os_windows_other).to_a.count
 
 					windows_os_count = nt + w2k + xp + w2k3 + vista + w7 + w8 + w2k8 + w2k12 + other
 
@@ -533,7 +533,7 @@ module Risu
 					return text
 				end
 
-				# 
+				#
 				# @todo comments
 				#
 				def unsupported_os?
@@ -634,15 +634,15 @@ module Risu
 					text = "This graph shows the percentage of the different Non-Windows based operating systems " +
 					"found on the #{Report.title} network.\n\n"
 
-					linux = Host.os_linux.all.count
-					osx = Host.os_osx.all.count
-					freebsd = Host.os_freebsd.all.count
-					netbsd = Host.os_netbsd.all.count
-					cisco = Host.os_cisco.all.count
-					vxworks = Host.os_vxworks.all.count
-					esx = Host.os_vmware_esx.all.count
-					aix = Host.os_aix.all.count
-					other = Host.os_other.all.count
+					linux = Host.os_linux.to_a.count
+					osx = Host.os_osx.to_a.count
+					freebsd = Host.os_freebsd.to_a.count
+					netbsd = Host.os_netbsd.to_a.count
+					cisco = Host.os_cisco.to_a.count
+					vxworks = Host.os_vxworks.to_a.count
+					esx = Host.os_vmware_esx.to_a.count
+					aix = Host.os_aix.to_a.count
+					other = Host.os_other.to_a.count
 
 					other_os_count = linux + osx + freebsd + netbsd + cisco + vxworks + esx + aix + other
 
@@ -653,10 +653,10 @@ module Risu
 
 					#todo add other os's here
 
-					text << "#{linux_percent.to_i}% of the non-windows network is running an Linux based operating system. " if linux_percent >= 1
-					text << "#{aix_percent.to_i}% of the non-windows network is running an AIX based operating system. " if aix_percent >= 1
-					text << "#{freebsd_percent.to_i}% of the non-windows network is running an FreeBSD based operating system. " if freebsd_percent >= 1
-					text << "#{vmware_percent.to_i}% of the non-windows network is running an VMware based operating system. " if vmware_percent >= 1
+					text << "#{linux_percent.to_i}% of the non-windows network are running an Linux based operating system. " if linux_percent >= 1
+					text << "#{aix_percent.to_i}% of the non-windows network are running an AIX based operating system. " if aix_percent >= 1
+					text << "#{freebsd_percent.to_i}% of the non-windows network are running an FreeBSD based operating system. " if freebsd_percent >= 1
+					text << "#{vmware_percent.to_i}% of the non-windows network are running an VMware based operating system. " if vmware_percent >= 1
 
 					text << "\n\n"<< unsupported_os_aix if aix > 0
 					text << "\n\n" << unsupported_os_freebsd if freebsd > 0
@@ -668,7 +668,7 @@ module Risu
 				# @todo comments
 				#
 				def top_n_vulnerable(n)
-					hosts = Item.risks_by_host(Host.all.count).count
+					hosts = Item.risks_by_host(Host.count).count
 					hosts = hosts.sort_by {|k, v| v}
 					hosts.reverse!