risu 1.7.4 → 1.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/NEWS.markdown +35 -0
- data/README.markdown +1 -1
- data/lib/risu.rb +3 -3
- data/lib/risu/base/host_template_helper.rb +3 -2
- data/lib/risu/base/schema.rb +6 -0
- data/lib/risu/base/template_helper.rb +8 -7
- data/lib/risu/base/template_manager.rb +5 -4
- data/lib/risu/cli.rb +2 -2
- data/lib/risu/cli/application.rb +1 -3
- data/lib/risu/exceptions.rb +2 -2
- data/lib/risu/exceptions/invaliddocument.rb +2 -2
- data/lib/risu/models.rb +2 -2
- data/lib/risu/models/host.rb +7 -1
- data/lib/risu/models/item.rb +32 -15
- data/lib/risu/models/pluginspreference.rb +2 -2
- data/lib/risu/models/policy.rb +2 -2
- data/lib/risu/models/reference.rb +2 -2
- data/lib/risu/models/report.rb +2 -2
- data/lib/risu/models/serverpreference.rb +2 -2
- data/lib/risu/models/version.rb +2 -2
- data/lib/risu/parsers.rb +2 -2
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +87 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +21 -3
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +10 -2
- data/lib/risu/parsers/nessus/postprocess/apache.rb +8 -4
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +61 -0
- data/lib/risu/parsers/nessus/postprocess/db2.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +79 -0
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +83 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +63 -41
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +30 -3
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +12 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +24 -9
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +33 -3
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/php.rb +47 -1
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +35 -1
- data/lib/risu/parsers/nessus/postprocess/shockwave.rb +1 -0
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +55 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +56 -0
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +58 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +9 -2
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +51 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +62 -0
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +53 -0
- data/lib/risu/parsers/nessus/postprocess/windows.rb +688 -0
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +57 -0
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +13 -1
- data/lib/risu/parsers/nexpose/nexpose_document.rb +2 -2
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +2 -2
- data/lib/risu/renderers.rb +2 -2
- data/lib/risu/renderers/csvrenderer.rb +2 -2
- data/lib/risu/renderers/nilrenderer.rb +2 -2
- data/lib/risu/renderers/pdfrenderer.rb +2 -2
- data/lib/risu/templates/executive_summary_detailed.rb +2 -2
- data/lib/risu/templates/exploitablity_summary.rb +2 -2
- data/lib/risu/templates/finding_statistics.rb +2 -2
- data/lib/risu/templates/graphs.rb +2 -2
- data/lib/risu/templates/host_findings_csv.rb +3 -3
- data/lib/risu/templates/host_summary.rb +2 -2
- data/lib/risu/templates/ms_patch_summary.rb +2 -2
- data/lib/risu/templates/top_25.rb +2 -2
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f6936958320d0f5a66b83446740f767902c0a8aa
|
|
4
|
+
data.tar.gz: 037950d5f6ef7524e8062ae080d69d0c493c62ba
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e166f6769fd4f88a96a494fab589c84e9900e88dd939fda23f21efd12c817d8bed1e6c8245ea5fb0536c668e2c74053b3348492a41dfb2f9f05de1931754541e
|
|
7
|
+
data.tar.gz: c7a5d992b4445cce24900e4f990e438d2debfe346ea57eed42b9cd7ac8555543de6c0da59b6e994c9b304819fe361134ef63f18609e6ca3f924b3f3e09557cbc
|
data/NEWS.markdown
CHANGED
|
@@ -1,5 +1,40 @@
|
|
|
1
1
|
# News
|
|
2
2
|
|
|
3
|
+
# 1.7.5 (November, 2015)
|
|
4
|
+
- Added initial test for HostProperties
|
|
5
|
+
- Added fixture for HostProperties testing
|
|
6
|
+
- Added VMware vCenter Post Processing
|
|
7
|
+
- Added VMware Player Post Processing
|
|
8
|
+
- Added WinSCP Post Processing
|
|
9
|
+
- Added non rounded risk % text methods
|
|
10
|
+
- Added SigPlus Pro post process
|
|
11
|
+
- Added epo HostProperty
|
|
12
|
+
- Updated Flash Player plugin list
|
|
13
|
+
- Updated Adobe Reader plugin list
|
|
14
|
+
- Updated Root Cause post processing
|
|
15
|
+
- Updated Windows Post Processing
|
|
16
|
+
- Updated Apache Post Processing
|
|
17
|
+
- Updated Java Post Processing
|
|
18
|
+
- Updated Item.notable_order_by_cvss_raw to pull in high findings if there are less than 10 critical findings
|
|
19
|
+
- Added new tags in_the_news, exploited_by_nessus, unsupported_by_vendor, default_account
|
|
20
|
+
- Downgraded FTP Privileged Port Bounce Scan to 0
|
|
21
|
+
- Added vSphere client post processing
|
|
22
|
+
- Added PCanywhere Post Processing
|
|
23
|
+
- Added Foxit Reader Post Processing
|
|
24
|
+
- Added Firefox Postprocessing
|
|
25
|
+
- Added VLC Post Processing
|
|
26
|
+
- Added a postprocess for downgrading plugins
|
|
27
|
+
- Added blackberry enterprise server Post Processing
|
|
28
|
+
- More support for windows 2003 unsupported
|
|
29
|
+
- Added DNS to the cvs output
|
|
30
|
+
- Added potentinal_vulnerability field
|
|
31
|
+
- Added support for unsupported windows 2003
|
|
32
|
+
- Test for potential_vunerability field
|
|
33
|
+
- Fixture for new field test
|
|
34
|
+
- Added docker container [jkordish]
|
|
35
|
+
- Added support for the agent field
|
|
36
|
+
- Added a default creds plugin
|
|
37
|
+
|
|
3
38
|
# 1.7.4 (January 25, 2015)
|
|
4
39
|
- Added New tags to the model Item
|
|
5
40
|
- cm:compliance-reference
|
data/README.markdown
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
|
|
7
7
|
Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
|
|
8
8
|
|
|
9
|
-
Version **1.7.
|
|
9
|
+
Version **1.7.4** is the current release.
|
|
10
10
|
|
|
11
11
|
## Requirements
|
|
12
12
|
|
data/lib/risu.rb
CHANGED
|
@@ -21,12 +21,12 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
APP_NAME = "risu"
|
|
29
|
-
VERSION = "1.7.
|
|
29
|
+
VERSION = "1.7.5"
|
|
30
30
|
GRAPH_WIDTH = 750
|
|
31
31
|
# red orange yellow green blue purple grey pink
|
|
32
32
|
GRAPH_COLORS = %w(#d2403f #ec9241 #fcc343 #50ad51 #397bbb #8E6B8E black #cccccc brown #e52d89)
|
|
@@ -67,9 +67,10 @@ module Risu
|
|
|
67
67
|
unsupported_os("Unsupported Windows NT Installations", "Microsoft Windows NT 4.0 Unsupported Installation Detection")
|
|
68
68
|
unsupported_os("Unsupported Windows 2000 Installations", "Microsoft Windows 2000 Unsupported Installation Detection")
|
|
69
69
|
unsupported_os("Unsupported Windows XP Installations", "Microsoft Windows XP Unsupported Installation Detection")
|
|
70
|
+
unsupported_os("Unsupported Windows 2003 Installations", "Microsoft Windows Server 2003 Unsupported Installation Detection")
|
|
70
71
|
|
|
71
72
|
text "\n"
|
|
72
|
-
end
|
|
73
|
+
end
|
|
73
74
|
end
|
|
74
75
|
end
|
|
75
|
-
end
|
|
76
|
+
end
|
data/lib/risu/base/schema.rb
CHANGED
|
@@ -151,6 +151,12 @@ module Risu
|
|
|
151
151
|
t.integer :risk_score
|
|
152
152
|
t.string :compliance
|
|
153
153
|
t.string :root_cause
|
|
154
|
+
t.string :agent
|
|
155
|
+
t.boolean :potential_vulnerability
|
|
156
|
+
t.boolean :in_the_news
|
|
157
|
+
t.boolean :exploited_by_nessus
|
|
158
|
+
t.boolean :unsupported_by_vendor
|
|
159
|
+
t.boolean :default_account
|
|
154
160
|
end
|
|
155
161
|
|
|
156
162
|
create_table :individual_plugin_selections do |t|
|
|
@@ -69,7 +69,7 @@ module Risu
|
|
|
69
69
|
if text == nil
|
|
70
70
|
text = ""
|
|
71
71
|
end
|
|
72
|
-
|
|
72
|
+
|
|
73
73
|
@output.text text, options
|
|
74
74
|
end
|
|
75
75
|
|
|
@@ -141,7 +141,7 @@ module Risu
|
|
|
141
141
|
return Item.where(:plugin_id => Plugin.where(:plugin_name => plugin_name).first.id).count
|
|
142
142
|
rescue => e
|
|
143
143
|
return 0
|
|
144
|
-
end
|
|
144
|
+
end
|
|
145
145
|
end
|
|
146
146
|
|
|
147
147
|
def item_count_by_plugin_id (plugin_id)
|
|
@@ -149,16 +149,17 @@ module Risu
|
|
|
149
149
|
return Item.where(:plugin_id => plugin_id).count
|
|
150
150
|
rescue => e
|
|
151
151
|
return 0
|
|
152
|
-
end
|
|
153
|
-
end
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
154
|
|
|
155
155
|
# @todo comment
|
|
156
156
|
def default_credential_plugins
|
|
157
157
|
[
|
|
158
|
-
10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369,
|
|
159
|
-
26918, 76073, 24745, 11245, 23938, 46786, 46789,
|
|
158
|
+
10862, 25927, 32315, 65950, 39364, 33852, 11454, 51369,
|
|
159
|
+
26918, 76073, 24745, 11245, 23938, 46786, 46789, 10483,
|
|
160
|
+
81375
|
|
160
161
|
].uniq
|
|
161
|
-
end
|
|
162
|
+
end
|
|
162
163
|
|
|
163
164
|
# @todo comment
|
|
164
165
|
def has_default_credentials?
|
|
@@ -107,10 +107,11 @@ module Risu
|
|
|
107
107
|
# Displays a list of all the templates to STDOUT
|
|
108
108
|
def display_templates
|
|
109
109
|
puts "Available Templates"
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
110
|
+
|
|
111
|
+
@registered_templates.each do |x|
|
|
112
|
+
p = x.new
|
|
113
|
+
puts "\t#{p.template_info[:name]} - #{p.template_info[:description]}\n"
|
|
114
|
+
end
|
|
114
115
|
end
|
|
115
116
|
end
|
|
116
117
|
end
|
data/lib/risu/cli.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module CLI
|
data/lib/risu/cli/application.rb
CHANGED
data/lib/risu/exceptions.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Exceptions
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Exceptions
|
data/lib/risu/models.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
data/lib/risu/models/host.rb
CHANGED
|
@@ -622,12 +622,15 @@ module Risu
|
|
|
622
622
|
win_nt_text = ""
|
|
623
623
|
win_2000_text = ""
|
|
624
624
|
win_xp_text = ""
|
|
625
|
+
win_2003_text = ""
|
|
626
|
+
|
|
625
627
|
win_95 = Host.os_windows_95
|
|
626
628
|
win_98 = Host.os_windows_98
|
|
627
629
|
win_me = Host.os_windows_me
|
|
628
630
|
win_nt = Plugin.where(:plugin_name => "Microsoft Windows NT 4.0 Unsupported Installation Detection")
|
|
629
631
|
win_2000 = Plugin.where(:plugin_name => "Microsoft Windows 2000 Unsupported Installation Detection")
|
|
630
632
|
win_xp = Plugin.where(:plugin_name => "Microsoft Windows XP Unsupported Installation Detection")
|
|
633
|
+
win_2003 = Plugin.where(:plugin_name => "Microsoft Windows Server 2003 Unsupported Installation Detection")
|
|
631
634
|
|
|
632
635
|
#Host.os_windows.not_os_windows_7.not_os_windows_2008.not_os_windows_vista.not_os_windows_2003.not_os_windows_xp
|
|
633
636
|
|
|
@@ -649,7 +652,10 @@ module Risu
|
|
|
649
652
|
win_xp_text = "Windows XP is an unsupported operating system; Microsoft has stopped support as of April 2014. " +
|
|
650
653
|
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_xp.count >= 1
|
|
651
654
|
|
|
652
|
-
|
|
655
|
+
win_2003_text = "Windows 2003 is an unsupported operating system; Microsoft has stopped support as of July 2015. " +
|
|
656
|
+
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_2003.count >= 1
|
|
657
|
+
|
|
658
|
+
return "#{win_95_text}#{win_98_text}#{win_me_text}#{win_nt_text}#{win_2000_text}#{win_xp_text}#{win_2003_text}"
|
|
653
659
|
end
|
|
654
660
|
|
|
655
661
|
# @todo comments
|
data/lib/risu/models/item.rb
CHANGED
|
@@ -330,29 +330,29 @@ module Risu
|
|
|
330
330
|
#
|
|
331
331
|
# @return [FixNum] Percentage of vulnerable hosts
|
|
332
332
|
def calculate_vulnerable_host_percent
|
|
333
|
-
#patch to fix double counting
|
|
333
|
+
#patch to fix double counting
|
|
334
334
|
#unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical.count + Host.unique_hosts_with_high.count
|
|
335
335
|
unique_hosts_with_critical_and_high = Host.unique_hosts_with_critical_and_high_count
|
|
336
336
|
host_percent = (unique_hosts_with_critical_and_high.to_f / Host.count.to_f) * 100
|
|
337
337
|
end
|
|
338
338
|
|
|
339
|
-
#
|
|
339
|
+
# @todo w t f
|
|
340
340
|
def calculate_vulnerable_host_percent_with_patches_applied
|
|
341
341
|
|
|
342
342
|
exclude_list = []
|
|
343
343
|
hosts = []
|
|
344
344
|
|
|
345
|
-
Item.
|
|
346
|
-
exclude_list << h
|
|
347
|
-
end
|
|
345
|
+
risks = Item.top_10_sorted_raw[0..9]
|
|
348
346
|
|
|
349
|
-
|
|
347
|
+
risks.each do |risk|
|
|
348
|
+
exclude_list << risk[0]
|
|
349
|
+
end
|
|
350
350
|
|
|
351
|
-
|
|
351
|
+
Item.critical_risks.where.not(:plugin_id => exclude_list).each do |item|
|
|
352
352
|
hosts << item.host_id
|
|
353
353
|
end
|
|
354
354
|
|
|
355
|
-
Item.high_risks.each do |item|
|
|
355
|
+
Item.high_risks.where.not(:plugin_id => exclude_list).each do |item|
|
|
356
356
|
hosts << item.host_id
|
|
357
357
|
end
|
|
358
358
|
|
|
@@ -383,7 +383,7 @@ module Risu
|
|
|
383
383
|
# Builds a sentence based on the risk_percent to describe the risk
|
|
384
384
|
#
|
|
385
385
|
# @param risk_percent Calculated percentage of risk based on {Item::calculate_vulnerable_host_percent}
|
|
386
|
-
#
|
|
386
|
+
#
|
|
387
387
|
# @return [String] Sentence describing the implied significance of the risk_percent
|
|
388
388
|
def risk_text risk_percent
|
|
389
389
|
percent_text = case risk_percent
|
|
@@ -445,7 +445,15 @@ module Risu
|
|
|
445
445
|
|
|
446
446
|
def risk_percent_patched_rounded_text
|
|
447
447
|
"#{calculate_vulnerable_host_percent_with_patches_applied().round}%"
|
|
448
|
-
end
|
|
448
|
+
end
|
|
449
|
+
|
|
450
|
+
def risk_percent_text
|
|
451
|
+
"%.2f%" % calculate_vulnerable_host_percent()
|
|
452
|
+
end
|
|
453
|
+
|
|
454
|
+
def risk_percent_patched_text
|
|
455
|
+
"%.2f%" % calculate_vulnerable_host_percent_with_patches_applied()
|
|
456
|
+
end
|
|
449
457
|
|
|
450
458
|
#
|
|
451
459
|
# @todo comment
|
|
@@ -455,11 +463,20 @@ module Risu
|
|
|
455
463
|
#MIGHT NOT BE CORRECT @TODO
|
|
456
464
|
|
|
457
465
|
#return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").count(:all, :group => :plugin_id)
|
|
458
|
-
return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
|
466
|
+
#return Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
|
467
|
+
|
|
468
|
+
critical = Item.joins(:plugin).where(:severity => 4).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
|
469
|
+
|
|
470
|
+
if critical.size < 10
|
|
471
|
+
high = Item.joins(:plugin).where(:severity => 3).order("plugins.cvss_base_score").group(:plugin_id).distinct.count
|
|
472
|
+
critical = critical.merge high
|
|
473
|
+
end
|
|
474
|
+
|
|
475
|
+
return critical
|
|
459
476
|
end
|
|
460
477
|
|
|
461
478
|
# Scrubs a plugin_name to remove all pointless data
|
|
462
|
-
#
|
|
479
|
+
#
|
|
463
480
|
# @return [String] Scrubbed plugin name
|
|
464
481
|
def scrub_plugin_name (name)
|
|
465
482
|
return name.gsub("(remote check)", "").gsub("(uncredentialed check)", "").gsub(/(\(\d.*\))/, "")
|
|
@@ -467,7 +484,7 @@ module Risu
|
|
|
467
484
|
|
|
468
485
|
# Returns an array of plugin_id and plugin_name for the top 10
|
|
469
486
|
# findings unsorted
|
|
470
|
-
#
|
|
487
|
+
#
|
|
471
488
|
# @return [Array] Unsorted top 10 findings
|
|
472
489
|
def top_10_sorted_raw
|
|
473
490
|
raw = notable_order_by_cvss_raw
|
|
@@ -493,7 +510,7 @@ module Risu
|
|
|
493
510
|
|
|
494
511
|
# Returns an array of plugin_id and plugin_name for the top 10
|
|
495
512
|
# findings sorted by CVSS score
|
|
496
|
-
#
|
|
513
|
+
#
|
|
497
514
|
# @return [Array] Sorted top 10 findings
|
|
498
515
|
def top_10_sorted
|
|
499
516
|
raw = notable_order_by_cvss_raw
|
|
@@ -572,7 +589,7 @@ module Risu
|
|
|
572
589
|
results.push [name, total, core, metasploit, canvas, exploithub, d2elliot]
|
|
573
590
|
end
|
|
574
591
|
|
|
575
|
-
return results
|
|
592
|
+
return results
|
|
576
593
|
end
|
|
577
594
|
end
|
|
578
595
|
end
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
data/lib/risu/models/policy.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
data/lib/risu/models/report.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
data/lib/risu/models/version.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Models
|
data/lib/risu/parsers.rb
CHANGED
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
|
|
22
22
|
# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
23
23
|
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
24
|
-
#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
-
#OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24
|
+
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
25
|
+
# OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
26
26
|
|
|
27
27
|
module Risu
|
|
28
28
|
module Parsers
|