risu 1.7.4 → 1.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/NEWS.markdown +35 -0
- data/README.markdown +1 -1
- data/lib/risu.rb +3 -3
- data/lib/risu/base/host_template_helper.rb +3 -2
- data/lib/risu/base/schema.rb +6 -0
- data/lib/risu/base/template_helper.rb +8 -7
- data/lib/risu/base/template_manager.rb +5 -4
- data/lib/risu/cli.rb +2 -2
- data/lib/risu/cli/application.rb +1 -3
- data/lib/risu/exceptions.rb +2 -2
- data/lib/risu/exceptions/invaliddocument.rb +2 -2
- data/lib/risu/models.rb +2 -2
- data/lib/risu/models/host.rb +7 -1
- data/lib/risu/models/item.rb +32 -15
- data/lib/risu/models/pluginspreference.rb +2 -2
- data/lib/risu/models/policy.rb +2 -2
- data/lib/risu/models/reference.rb +2 -2
- data/lib/risu/models/report.rb +2 -2
- data/lib/risu/models/serverpreference.rb +2 -2
- data/lib/risu/models/version.rb +2 -2
- data/lib/risu/parsers.rb +2 -2
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +87 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +21 -3
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +10 -2
- data/lib/risu/parsers/nessus/postprocess/apache.rb +8 -4
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +61 -0
- data/lib/risu/parsers/nessus/postprocess/db2.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +79 -0
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +83 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +63 -41
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +30 -3
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +12 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +24 -9
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +33 -3
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/php.rb +47 -1
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +35 -1
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +1 -0
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +55 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +9 -2
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +51 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +688 -0
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +13 -1
- data/lib/risu/parsers/nexpose/nexpose_document.rb +2 -2
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +2 -2
- data/lib/risu/renderers.rb +2 -2
- data/lib/risu/renderers/csvrenderer.rb +2 -2
- data/lib/risu/renderers/nilrenderer.rb +2 -2
- data/lib/risu/renderers/pdfrenderer.rb +2 -2
- data/lib/risu/templates/executive_summary_detailed.rb +2 -2
- data/lib/risu/templates/exploitablity_summary.rb +2 -2
- data/lib/risu/templates/finding_statistics.rb +2 -2
- data/lib/risu/templates/graphs.rb +2 -2
- data/lib/risu/templates/host_findings_csv.rb +3 -3
- data/lib/risu/templates/host_summary.rb +2 -2
- data/lib/risu/templates/ms_patch_summary.rb +2 -2
- data/lib/risu/templates/top_25.rb +2 -2
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6936958320d0f5a66b83446740f767902c0a8aa
|
4
|
+
data.tar.gz: 037950d5f6ef7524e8062ae080d69d0c493c62ba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e166f6769fd4f88a96a494fab589c84e9900e88dd939fda23f21efd12c817d8bed1e6c8245ea5fb0536c668e2c74053b3348492a41dfb2f9f05de1931754541e
|
7
|
+
data.tar.gz: c7a5d992b4445cce24900e4f990e438d2debfe346ea57eed42b9cd7ac8555543de6c0da59b6e994c9b304819fe361134ef63f18609e6ca3f924b3f3e09557cbc
|
data/NEWS.markdown
CHANGED
@@ -1,5 +1,40 @@
|
|
1
1
|
# News
|
2
2
|
|
3
|
+
# 1.7.5 (November, 2015)
|
4
|
+
- Added initial test for HostProperties
|
5
|
+
- Added fixture for HostProperties testing
|
6
|
+
- Added VMware vCenter Post Processing
|
7
|
+
- Added VMware Player Post Processing
|
8
|
+
- Added WinSCP Post Processing
|
9
|
+
- Added non rounded risk % text methods
|
10
|
+
- Added SigPlus Pro post process
|
11
|
+
- Added epo HostProperty
|
12
|
+
- Updated Flash Player plugin list
|
13
|
+
- Updated Adobe Reader plugin list
|
14
|
+
- Updated Root Cause post processing
|
15
|
+
- Updated Windows Post Processing
|
16
|
+
- Updated Apache Post Processing
|
17
|
+
- Updated Java Post Processing
|
18
|
+
- Updated Item.notable_order_by_cvss_raw to pull in high findings if there are less than 10 critical findings
|
19
|
+
- Added new tags in_the_news, exploited_by_nessus, unsupported_by_vendor, default_account
|
20
|
+
- Downgraded FTP Privileged Port Bounce Scan to 0
|
21
|
+
- Added vSphere client post processing
|
22
|
+
- Added PCanywhere Post Processing
|
23
|
+
- Added Foxit Reader Post Processing
|
24
|
+
- Added Firefox Postprocessing
|
25
|
+
- Added VLC Post Processing
|
26
|
+
- Added a postprocess for downgrading plugins
|
27
|
+
- Added blackberry enterprise server Post Processing
|
28
|
+
- More support for windows 2003 unsupported
|
29
|
+
- Added DNS to the cvs output
|
30
|
+
- Added potentinal_vulnerability field
|
31
|
+
- Added support for unsupported windows 2003
|
32
|
+
- Test for potential_vunerability field
|
33
|
+
- Fixture for new field test
|
34
|
+
- Added docker container [jkordish]
|
35
|
+
- Added support for the agent field
|
36
|
+
- Added a default creds plugin
|
37
|
+
|
3
38
|
# 1.7.4 (January 25, 2015)
|
4
39
|
- Added New tags to the model Item
|
5
40
|
- cm:compliance-reference
|
data/README.markdown
CHANGED
@@ -6,7 +6,7 @@
|
|
6
6
|
|
7
7
|
Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
|
8
8
|
|
9
|
-
Version **1.7.
|
9
|
+
Version **1.7.4** is the current release.
|
10
10
|
|
11
11
|
## Requirements
|
12
12
|
|
data/lib/risu.rb
CHANGED
@@ -21,12 +21,12 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
APP_NAME = "risu"
|
29
|
-
VERSION = "1.7.
|
29
|
+
VERSION = "1.7.5"
|
30
30
|
GRAPH_WIDTH = 750
|
31
31
|
# red orange yellow green blue purple grey pink
|
32
32
|
GRAPH_COLORS = %w(#d2403f #ec9241 #fcc343 #50ad51 #397bbb #8E6B8E black #cccccc brown #e52d89)
|
@@ -67,9 +67,10 @@ module Risu
|
|
67
67
|
unsupported_os("Unsupported Windows NT Installations", "Microsoft Windows NT 4.0 Unsupported Installation Detection")
|
68
68
|
unsupported_os("Unsupported Windows 2000 Installations", "Microsoft Windows 2000 Unsupported Installation Detection")
|
69
69
|
unsupported_os("Unsupported Windows XP Installations", "Microsoft Windows XP Unsupported Installation Detection")
|
70
|
+
unsupported_os("Unsupported Windows 2003 Installations", "Microsoft Windows Server 2003 Unsupported Installation Detection")
|
70
71
|
|
71
72
|
text "\n"
|
72
|
-
end
|
73
|
+
end
|
73
74
|
end
|
74
75
|
end
|
75
|
-
end
|
76
|
+
end
|
data/lib/risu/base/schema.rb
CHANGED
@@ -151,6 +151,12 @@ module Risu
|
|
151
151
|
t.integer :risk_score
|
152
152
|
t.string :compliance
|
153
153
|
t.string :root_cause
|
154
|
+
t.string :agent
|
155
|
+
t.boolean :potential_vulnerability
|
156
|
+
t.boolean :in_the_news
|
157
|
+
t.boolean :exploited_by_nessus
|
158
|
+
t.boolean :unsupported_by_vendor
|
159
|
+
t.boolean :default_account
|
154
160
|
end
|
155
161
|
|
156
162
|
create_table :individual_plugin_selections do |t|
|
@@ -69,7 +69,7 @@ module Risu
|
|
69
69
|
if text == nil
|
70
70
|
text = ""
|
71
71
|
end
|
72
|
-
|
72
|
+
|
73
73
|
@output.text text, options
|
74
74
|
end
|
75
75
|
|
@@ -141,7 +141,7 @@ module Risu
|
|
141
141
|
return Item.where(:plugin_id => Plugin.where(:plugin_name => plugin_name).first.id).count
|
142
142
|
rescue => e
|
143
143
|
return 0
|
144
|
-
end
|
144
|
+
end
|
145
145
|
end
|
146
146
|
|
147
147
|
def item_count_by_plugin_id (plugin_id)
|
@@ -149,16 +149,17 @@ module Risu
|
|
149
149
|
return Item.where(:plugin_id => plugin_id).count
|
150
150
|
rescue => e
|
151
151
|
return 0
|
152
|
-
end
|
153
|
-
end
|
152
|
+
end
|
153
|
+
end
|
154
154
|
|
155
155
|
# @todo comment
|
156
156
|
def default_credential_plugins
|
157
157
|
[
|
158
|
-
10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369,
|
159
|
-
26918, 76073, 24745, 11245, 23938, 46786, 46789,
|
158
|
+
10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369,
|
159
|
+
26918, 76073, 24745, 11245, 23938, 46786, 46789, 10483,
|
160
|
+
81375
|
160
161
|
].uniq
|
161
|
-
end
|
162
|
+
end
|
162
163
|
|
163
164
|
# @todo comment
|
164
165
|
def has_default_credentials?
|
@@ -107,10 +107,11 @@ module Risu
|
|
107
107
|
# Displays a list of all the templates to STDOUT
|
108
108
|
def display_templates
|
109
109
|
puts "Available Templates"
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
110
|
+
|
111
|
+
@registered_templates.each do |x|
|
112
|
+
p = x.new
|
113
|
+
puts "\t#{p.template_info[:name]} - #{p.template_info[:description]}\n"
|
114
|
+
end
|
114
115
|
end
|
115
116
|
end
|
116
117
|
end
|
data/lib/risu/cli.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module CLI
|
data/lib/risu/cli/application.rb
CHANGED
data/lib/risu/exceptions.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Exceptions
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Exceptions
|
data/lib/risu/models.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
data/lib/risu/models/host.rb
CHANGED
@@ -622,12 +622,15 @@ module Risu
|
|
622
622
|
win_nt_text = ""
|
623
623
|
win_2000_text = ""
|
624
624
|
win_xp_text = ""
|
625
|
+
win_2003_text = ""
|
626
|
+
|
625
627
|
win_95 = Host.os_windows_95
|
626
628
|
win_98 = Host.os_windows_98
|
627
629
|
win_me = Host.os_windows_me
|
628
630
|
win_nt = Plugin.where(:plugin_name => "Microsoft Windows NT 4.0 Unsupported Installation Detection")
|
629
631
|
win_2000 = Plugin.where(:plugin_name => "Microsoft Windows 2000 Unsupported Installation Detection")
|
630
632
|
win_xp = Plugin.where(:plugin_name => "Microsoft Windows XP Unsupported Installation Detection")
|
633
|
+
win_2003 = Plugin.where(:plugin_name => "Microsoft Windows Server 2003 Unsupported Installation Detection")
|
631
634
|
|
632
635
|
#Host.os_windows.not_os_windows_7.not_os_windows_2008.not_os_windows_vista.not_os_windows_2003.not_os_windows_xp
|
633
636
|
|
@@ -649,7 +652,10 @@ module Risu
|
|
649
652
|
win_xp_text = "Windows XP is an unsupported operating system; Microsoft has stopped support as of April 2014. " +
|
650
653
|
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_xp.count >= 1
|
651
654
|
|
652
|
-
|
655
|
+
win_2003_text = "Windows 2003 is an unsupported operating system; Microsoft has stopped support as of July 2015. " +
|
656
|
+
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_2003.count >= 1
|
657
|
+
|
658
|
+
return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}#{win_xp_text}#{win_2003_text}"
|
653
659
|
end
|
654
660
|
|
655
661
|
# @todo comments
|
data/lib/risu/models/item.rb
CHANGED
@@ -330,29 +330,29 @@ module Risu
|
|
330
330
|
#
|
331
331
|
# @return [FixNum] Percentage of vulnerable hosts
|
332
332
|
def calculate_vulnerable_host_percent
|
333
|
-
#patch to fix double counting
|
333
|
+
#patch to fix double counting
|
334
334
|
#unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
|
335
335
|
unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical_and_high_count
|
336
336
|
host_percent = (unique_hosts_with_critical_and_high.to_f / Host.count.to_f) * 100
|
337
337
|
end
|
338
338
|
|
339
|
-
#
|
339
|
+
# @todo w t f
|
340
340
|
def calculate_vulnerable_host_percent_with_patches_applied
|
341
341
|
|
342
342
|
exclude_list = []
|
343
343
|
hosts = []
|
344
344
|
|
345
|
-
Item.
|
346
|
-
exclude_list << h
|
347
|
-
end
|
345
|
+
risks = Item.top_10_sorted_raw[0..9]
|
348
346
|
|
349
|
-
|
347
|
+
risks.each do |risk|
|
348
|
+
exclude_list << risk[0]
|
349
|
+
end
|
350
350
|
|
351
|
-
|
351
|
+
Item.critical_risks.where.not(:plugin_id => exclude_list).each do |item|
|
352
352
|
hosts << item.host_id
|
353
353
|
end
|
354
354
|
|
355
|
-
Item.high_risks.each do |item|
|
355
|
+
Item.high_risks.where.not(:plugin_id => exclude_list).each do |item|
|
356
356
|
hosts << item.host_id
|
357
357
|
end
|
358
358
|
|
@@ -383,7 +383,7 @@ module Risu
|
|
383
383
|
# Builds a sentence based on the risk_percent to describe the risk
|
384
384
|
#
|
385
385
|
# @param risk_percent Calculated percentage of risk based on {Item::calculate_vulnerable_host_percent}
|
386
|
-
#
|
386
|
+
#
|
387
387
|
# @return [String] Sentence describing the implied significance of the risk_percent
|
388
388
|
def risk_text risk_percent
|
389
389
|
percent_text = case risk_percent
|
@@ -445,7 +445,15 @@ module Risu
|
|
445
445
|
|
446
446
|
def risk_percent_patched_rounded_text
|
447
447
|
"#{calculate_vulnerable_host_percent_with_patches_applied().round}%"
|
448
|
-
end
|
448
|
+
end
|
449
|
+
|
450
|
+
def risk_percent_text
|
451
|
+
"%.2f%" % calculate_vulnerable_host_percent()
|
452
|
+
end
|
453
|
+
|
454
|
+
def risk_percent_patched_text
|
455
|
+
"%.2f%" % calculate_vulnerable_host_percent_with_patches_applied()
|
456
|
+
end
|
449
457
|
|
450
458
|
#
|
451
459
|
# @todo comment
|
@@ -455,11 +463,20 @@ module Risu
|
|
455
463
|
#MIGHT NOT BE CORRECT @TODO
|
456
464
|
|
457
465
|
#return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").count(:all, :group => :plugin_id)
|
458
|
-
return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
466
|
+
#return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
467
|
+
|
468
|
+
critical = Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
469
|
+
|
470
|
+
if critical.size < 10
|
471
|
+
high = Item.joins(:plugin).where(:severity => 3).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
472
|
+
critical = critical.merge high
|
473
|
+
end
|
474
|
+
|
475
|
+
return critical
|
459
476
|
end
|
460
477
|
|
461
478
|
# Scrubs a plugin_name to remove all pointless data
|
462
|
-
#
|
479
|
+
#
|
463
480
|
# @return [String] Scrubbed plugin name
|
464
481
|
def scrub_plugin_name (name)
|
465
482
|
return name.gsub("(remote check)", "").gsub("(uncredentialed check)", "").gsub(/(\(\d.*\))/, "")
|
@@ -467,7 +484,7 @@ module Risu
|
|
467
484
|
|
468
485
|
# Returns an array of plugin_id and plugin_name for the top 10
|
469
486
|
# findings unsorted
|
470
|
-
#
|
487
|
+
#
|
471
488
|
# @return [Array] Unsorted top 10 findings
|
472
489
|
def top_10_sorted_raw
|
473
490
|
raw = notable_order_by_cvss_raw
|
@@ -493,7 +510,7 @@ module Risu
|
|
493
510
|
|
494
511
|
# Returns an array of plugin_id and plugin_name for the top 10
|
495
512
|
# findings sorted by CVSS score
|
496
|
-
#
|
513
|
+
#
|
497
514
|
# @return [Array] Sorted top 10 findings
|
498
515
|
def top_10_sorted
|
499
516
|
raw = notable_order_by_cvss_raw
|
@@ -572,7 +589,7 @@ module Risu
|
|
572
589
|
results.push [name, total, core, metasploit, canvas, exploithub, d2elliot]
|
573
590
|
end
|
574
591
|
|
575
|
-
return results
|
592
|
+
return results
|
576
593
|
end
|
577
594
|
end
|
578
595
|
end
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
data/lib/risu/models/policy.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
data/lib/risu/models/report.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
data/lib/risu/models/version.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Models
|
data/lib/risu/parsers.rb
CHANGED
@@ -21,8 +21,8 @@
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
26
26
|
|
27
27
|
module Risu
|
28
28
|
module Parsers
|