Risu is Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
Home Page: http://hammackj.github.io/risu
License: MIT License
I did try to use the gem install nessusdb and run it from another directory and it works fine. While going through the templates, however, the executive_summary.rb produces the following error:
Error: undefined method number_of_hosts' for #<Class:0xb660fe44> /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
(eval):19:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ineval'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininstance_eval'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in initialize' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:innew'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in generate' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:29:ingenerate'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:230:in main' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:241 /usr/bin/nessusdb:19:inload'
/usr/bin/nessusdb:19
I have just installed and attempted to create the config file but get the following error:
MacBook-Pro:~ mlpotgieter$ risu --create-config
/opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:in gem_original_require': /opt/local/lib/ruby/gems/1.8/gems/risu-1.4.6/bin/../lib/risu/base/template_manager.rb:102: syntax error, unexpected kEND (SyntaxError) from /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:inrequire'
from /opt/local/lib/ruby/gems/1.8/gems/risu-1.4.6/bin/../lib/risu/base.rb:12
from /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:in gem_original_require' from /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:inrequire'
from /opt/local/lib/ruby/gems/1.8/gems/risu-1.4.6/bin/../lib/risu.rb:25
from /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:in gem_original_require' from /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:36:inrequire'
from /opt/local/lib/ruby/gems/1.8/gems/risu-1.4.6/bin/risu:9
from /opt/local/bin/risu:19:in `load'
from /opt/local/bin/risu:19
MacBook-Pro:~ mlpotgieter$
On OS X 10.6, originally had problems building risu but updated my ports and then it built fine. Then I ran into this problem.
How do I pull the start time, end time and length of scan for including in a template?
Ok I eventually got Risu to create the config file and am not getting this error:
$ risu test-2011.nessus
/opt/local/lib/ruby/1.8/openssl/ssl-internal.rb:30: [BUG] Segmentation fault
ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-darwin10]
Abort trap
$
Google revealed that this problem could be related to compiling Ruby with old version of Xcode. Some suggestions say to not use the macports version of ruby. I eventually used macports to uninstall, ruby and rubygems then selfupdated ports and reinstalled with the same error.
What would be the suggested way to get risu working with mac os x 10.6.
During installation on certain platforms errors can occur that are not so obvious to fix! These need to be documented and added to the wiki!
It would be great if there were a way to include custom notes into a template without having to edit the template itself. Maybe an additional table in the DB where notes could be entered and then included into the right section of the report by using tags or named sections.
I think this one is a bit over my head for now but would be a great template to have. I need a list of all of the findings, sorted first by critical, high, medium, low and then by count. For example:
Summary of Findings
Critical
104 - Name of Finding 1
49 - Name of Finding 2
32 - Name of Finding 3
High
14 - Name of Finding 4
11 - Name of Finding 5
Medium
392 - Name of Finding 6
201 - Name of Finding 7
Low
10 - Name of Finding 8
5 - Name of Finding 9
etc.
I need to include a list of the top 10 vulnerabilities found. What object call or code snippet would I use get this list?
Are any of you listing CVE in your summary reports?
I'm trying to make a template to generate a summary that contains:
High severity findings:
{for each High finding}
$PluginID(www), $CVE(www)
$SummaryDescriptionOfFinding
$listofhosts
Medium severity findings:
{for each Medium finding}
$PluginID(www), $CVE(www)
$SummaryDescriptionOfFinding
$listofhosts
Trying to install risu on BackTrack5. Followed the wiki for Ubuntu 10 and installed the prerequesite packages. I also did a gem update and now gem install risu produces:
Building native extensions. This could take a while...
ERROR: Error installing risu:
ERROR: Failed to build gem native extension.
/usr/bin/ruby1.9.2 extconf.rb
checking for Ruby version >= 1.8.5... yes
checking for gcc... yes
checking for Magick-config... yes
checking for ImageMagick version >= 6.4.9... yes
checking for HDRI disabled version of ImageMagick... yes
checking for stdint.h... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of
necessary libraries and/or headers. Check the mkmf.log file for more
details. You may need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/ruby1.9.2
/usr/lib/ruby/1.9.2/mkmf.rb:368:in try_do': The complier failed to generate an executable file. (RuntimeError) You have to install development tools first. from /usr/lib/ruby/1.9.2/mkmf.rb:452:intry_cpp'
from /usr/lib/ruby/1.9.2/mkmf.rb:834:in block in have_header' from /usr/lib/ruby/1.9.2/mkmf.rb:693:inblock in checking_for'
from /usr/lib/ruby/1.9.2/mkmf.rb:280:in block (2 levels) in postpone' from /usr/lib/ruby/1.9.2/mkmf.rb:254:inopen'
from /usr/lib/ruby/1.9.2/mkmf.rb:280:in block in postpone' from /usr/lib/ruby/1.9.2/mkmf.rb:254:inopen'
from /usr/lib/ruby/1.9.2/mkmf.rb:276:in postpone' from /usr/lib/ruby/1.9.2/mkmf.rb:692:inchecking_for'
from /usr/lib/ruby/1.9.2/mkmf.rb:833:in have_header' from extconf.rb:193:in
Gem files will remain installed in /var/lib/gems/1.9.2/gems/rmagick-2.13.1 for inspection.
Results logged to /var/lib/gems/1.9.2/gems/rmagick-2.13.1/ext/RMagick/gem_make.out
From an Email:
Nessusdb may produce more usefull outputs when it gets errors like db
connection error. Only says "Database connection error!" :)
I do not see a way the tool works now to do multiple scans from the same database. Looks like I would need to create a new database for each scan I wanted to report on. Maybe this is by design. It would be very helpful to be able to use the same database for multiple scans.
As a feature there should be a way to specify which scan you wanted to report on or all from the database.
All of the templates I have tried so far produce errors after updating gems and doing a new nessusdb gem install.
The assets templates produces the following error:
Error: undefined method number_of_hosts' for #<Class:0xb662c01c> ./bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
(eval):19:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ineval'
./bin/../lib/nessusdb/prawn_templater.rb:31:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininstance_eval'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in initialize' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:innew'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in generate' ./bin/../lib/nessusdb/prawn_templater.rb:29:ingenerate'
bin/nessusdb:230:in `main'
bin/nessusdb:241
Needs more documentation on failures that can happen during install and other issues.
With the outlines.rb template I am getting these errors:
Error: private method section' called for #<Prawn::Outline:0xb6425e30> /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in eval' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in instance_eval' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininitialize'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in new' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:ingenerate'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:29:in generate' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:230:inmain'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:241
/usr/bin/nessusdb:19:in `load'
/usr/bin/nessusdb:19
When reporting against nessus data, a finding such as 'Apache < 2.0.55 Multiple Vulnerabilities' can exist on a number of ports per host, but currently risu will point out every occurrence of a host with a finding, and when that includes tcp ports 80, 443, 8080 and who knows where else, the findings reported will appear inflated and potentially annoy the recipient.
How should a user of risu write their templates to normalize hosts (hostname or IP address) when running reports like notable_vulnerabilities or technical_findings?
Is there presently a way to do this?
I need to be able to pull critical risks by host or medium risks by host, etc. Right now I can use risks_by_host(x) to get the top x number of risks by host. I need to be able to do this for each of the risk levels.
In the windows_os_graph definition there is a bug. This procedure pulls the counts for w2k, xp, w2k3, vista, w2k8 and w7. But, in the g.data calls where the OS items are populated, the last 3 are using w2k3 rather than the right matching count.
Whenever I try to use the exec summary or graph reports I get the following error message:
Error: no decode delegate for this image format /tmp/magick-FuXNOBYn-00000001' @ error/constitute.c/ReadImage/532:(null)'
Here is the output of identify -list format:
nessus:~/risu/allservers# identify -list format
3FR r-- Hasselblad CFV/H3D39II
A* rw+ Raw alpha samples
AAI* rw+ AAI Dune image
AI rw- Adobe Illustrator CS2
ART* rw- PFS: 1st Publisher Clip Art
ARW r-- Sony Alpha Raw Image Format
AVI r-- Microsoft Audio/Visual Interleaved
AVS* rw+ AVS X image
B* rw+ Raw blue samples
BMP* rw- Microsoft Windows bitmap image
BMP2* -w- Microsoft Windows bitmap image (V2)
BMP3* -w- Microsoft Windows bitmap image (V3)
C* rw+ Raw cyan samples
CAL* r-- Continuous Acquisition and Life-cycle Support Type 1
Specified in MIL-R-28002 and MIL-PRF-28002
CALS* r-- Continuous Acquisition and Life-cycle Support Type 1
Specified in MIL-R-28002 and MIL-PRF-28002
CANVAS* r-- Constant image uniform color
CAPTION* r-- Image caption
CIN* rw- Cineon Image File
CIP* -w- Cisco IP phone image format
CLIP* -w+ Image Clip Mask
CMYK* rw+ Raw cyan, magenta, yellow, and black samples
CMYKA* rw+ Raw cyan, magenta, yellow, black, and alpha samples
CR2 r-- Canon Digital Camera Raw Image Format
CRW r-- Canon Digital Camera Raw Image Format
CUR* rw- Microsoft icon
CUT* r-- DR Halo
DCM* r-- Digital Imaging and Communications in Medicine image
DICOM is used by the medical community for images like X-rays. The
specification, "Digital Imaging and Communications in Medicine
(DICOM)", is available at http://medical.nema.org/. In particular,
see part 5 which describes the image encoding (RLE, JPEG, JPEG-LS),
and supplement 61 which adds JPEG-2000 encoding.
DCR r-- Kodak Digital Camera Raw Image File
DCX* rw+ ZSoft IBM PC multi-page Paintbrush
DDS* r-- Microsoft DirectDraw Surface
DFONT* --- Multi-face font package
DNG r-- Digital Negative
DPX* rw- SMPTE 268M-2003 (DPX 2.0)
Digital Moving Picture Exchange Bitmap, Version 2.0.
See SMPTE 268M-2003 specification at http://www.smtpe.org
EPDF rw- Encapsulated Portable Document Format
EPI rw- Encapsulated PostScript Interchange format
EPS rw- Encapsulated PostScript
EPS2* -w- Level II Encapsulated PostScript
EPS3* -w+ Level III Encapsulated PostScript
EPSF rw- Encapsulated PostScript
EPSI rw- Encapsulated PostScript Interchange format
ERF r-- Epson RAW Format
FAX* rw+ Group 3 FAX
FAX machines use non-square pixels which are 1.5 times wider than
they are tall but computer displays use square pixels, therefore
FAX images may appear to be narrow unless they are explicitly
resized using a geometry of "150x100%".
FITS* rw- Flexible Image Transport System
FRACTAL* r-- Plasma fractal image
FTS* rw- Flexible Image Transport System
G* rw+ Raw green samples
G3* rw- Group 3 FAX
GIF* rw+ CompuServe graphics interchange format
GIF87* rw- CompuServe graphics interchange format (version 87a)
GRADIENT* r-- Gradual linear passing from one shade to another
GRAY* rw+ Raw gray samples
HALD* r-- Identity Hald color lookup table image
HDR* rw+ Radiance RGBE image format
HISTOGRAM* -w- Histogram of the image
HRZ* rw- Slow Scan TeleVision
HTM* -w- Hypertext Markup Language and a client-side image map
HTML* -w- Hypertext Markup Language and a client-side image map
ICB* rw+ Truevision Targa image
ICO* rw+ Microsoft icon
ICON* rw- Microsoft icon
INFO -w+ The image format and characteristics
INLINE* r-- Base64-encoded inline images
IPL* rw+ IPL Image Sequence
JNG* rw- JPEG Network Graphics
See http://www.libpng.org/pub/mng/ for details about the JNG
format.
JPEG* rw- Joint Photographic Experts Group JFIF format (80)
JPG* rw- Joint Photographic Experts Group JFIF format (80)
K* rw+ Raw black samples
K25 r-- Kodak Digital Camera Raw Image Format
KDC r-- Kodak Digital Camera Raw Image Format
LABEL* r-- Image label
M* rw+ Raw magenta samples
M2V rw+ MPEG Video Stream
M4V rw+ Raw MPEG-4 Video
MAC* r-- MAC Paint
MAP* rw- Colormap intensities and indices
MAT rw+ MATLAB level 5 image format
MATTE* -w+ MATTE format
MIFF* rw+ Magick Image File Format
MNG* rw+ Multiple-image Network Graphics (libpng 1.5.5)
See http://www.libpng.org/pub/mng/ for details about the MNG
format.
MONO* rw- Raw bi-level bitmap
MOV rw+ MPEG Video Stream
MP4 rw+ MPEG-4 Video Stream
MPC* rw+ Magick Persistent Cache image format
MPEG rw+ MPEG Video Stream
MPG rw+ MPEG Video Stream
MRW r-- Sony (Minolta) Raw Image File
MSL* --- Magick Scripting Language
MSVG -w+ ImageMagick's own SVG internal renderer
MTV* rw+ MTV Raytracing image format
MVG* rw- Magick Vector Graphics
NEF r-- Nikon Digital SLR Camera Raw Image File
NULL* rw- Constant image of uniform color
O* rw+ Raw opacity samples
ORF r-- Olympus Digital Camera Raw Image File
OTB* rw- On-the-air bitmap
OTF* --- Open Type font
PAL* rw- 16bit/pixel interleaved YUV
PALM* rw+ Palm pixmap
PAM* rw+ Common 2-dimensional bitmap format
PATTERN* r-- Predefined pattern
PBM* rw+ Portable bitmap format (black and white)
PCD* rw- Photo CD
PCDS* rw- Photo CD
PCL rw+ Printer Control Language
PCT* rw- Apple Macintosh QuickDraw/PICT
PCX* rw- ZSoft IBM PC Paintbrush
PDB* rw+ Palm Database ImageViewer Format
PDF rw+ Portable Document Format
PDFA rw+ Portable Document Archive Format
PEF r-- Pentax Electronic File
PES* r-- Embrid Embroidery Format
PFA* --- Postscript Type 1 font (ASCII)
PFB* --- Postscript Type 1 font (binary)
PFM* rw+ Portable float format
PGM* rw+ Portable graymap format (gray scale)
PICON* rw- Personal Icon
PICT* rw- Apple Macintosh QuickDraw/PICT
PIX* r-- Alias/Wavefront RLE image format
PJPEG* rw- Joint Photographic Experts Group JFIF format (80)
PLASMA* r-- Plasma fractal image
PNG* rw- Portable Network Graphics (libpng 1.5.5)
See http://www.libpng.org/ for details about the PNG format.
PNG24* rw- opaque 24-bit RGB (zlib 1.2.3.3)
PNG32* rw- opaque or transparent 32-bit RGBA
PNG8* rw- 8-bit indexed with optional binary transparency
PNM* rw+ Portable anymap
PPM* rw+ Portable pixmap format (color)
PREVIEW* -w- Show a preview an image enhancement, effect, or f/x
PS rw+ PostScript
PS2* -w+ Level II PostScript
PS3* -w+ Level III PostScript
PSB* rw+ Adobe Large Document Format
PSD* rw+ Adobe Photoshop bitmap
PWP* r-- Seattle Film Works
R* rw+ Raw red samples
RADIAL-GRADIENT* r-- Gradual radial passing from one shade to another
RAF r-- Fuji CCD-RAW Graphic File
RAS* rw+ SUN Rasterfile
RGB* rw+ Raw red, green, and blue samples
RGBA* rw+ Raw red, green, blue, and alpha samples
RGBO* rw+ Raw red, green, blue, and opacity samples
RLA* r-- Alias/Wavefront image
RLE* r-- Utah Run length encoded image
SCR* r-- ZX-Spectrum SCREEN$
SCT* r-- Scitex HandShake
SFW* r-- Seattle Film Works
SGI* rw+ Irix RGB image
SHTML* -w- Hypertext Markup Language and a client-side image map
SR2 r-- Sony Raw Format 2
SRF r-- Sony Raw Format
STEGANO* r-- Steganographic image
SUN* rw+ SUN Rasterfile
SVG -w+ Scalable Vector Graphics
SVGZ -w+ Compressed Scalable Vector Graphics
TEXT* rw+ Text
TGA* rw+ Truevision Targa image
THUMBNAIL* -w+ EXIF Profile Thumbnail
TILE* r-- Tile image with a texture
TIM* r-- PSX TIM
TTC* --- TrueType font collection
TTF* --- TrueType font
TXT* rw+ Text
UIL* -w- X-Motif UIL table
UYVY* rw- 16bit/pixel interleaved YUV
VDA* rw+ Truevision Targa image
VICAR* rw- VICAR rasterfile format
VID* rw+ Visual Image Directory
VIFF* rw+ Khoros Visualization image
VST* rw+ Truevision Targa image
WBMP* rw- Wireless Bitmap (level 0) image
WMV rw+ Windows Media Video
WPG* r-- Word Perfect Graphics
X3F r-- Sigma Camera RAW Picture File
XBM* rw- X Windows system bitmap (black and white)
XC* r-- Constant image uniform color
XCF* r-- GIMP image
XPM* rw- X Windows system pixmap (color)
XPS r-- Microsoft XML Paper Specification
XV* rw+ Khoros Visualization image
Y* rw+ Raw yellow samples
YCbCr* rw+ Raw Y, Cb, and Cr samples
YCbCrA* rw+ Raw Y, Cb, Cr, and alpha samples
YUV* rw- CCIR 601 4:1:1 or 4:2:2
Here is identify list configure:
nessus:~/risu/allservers# identify -list configure
Path: /usr/local/etc/ImageMagick-6.6.8/configure.xml
CC gcc -std=gnu99 -std=gnu99
CFLAGS -fopenmp -g -O2 -Wall -pthread
CODER_PATH /usr/local/lib/ImageMagick-6.6.8/modules-Q16/coders
CONFIGURE ./configure '--disable-shared'
CONFIGURE_PATH /usr/local/etc/ImageMagick-6.6.8/
COPYRIGHT Copyright (C) 1999-2011 ImageMagick Studio LLC
CPPFLAGS -I/usr/local/include/ImageMagick
CXX g++
CXXFLAGS -pthread
DEFS -DHAVE_CONFIG_H
DELEGATES jpeg jng png zlib
DISTCHECK_CONFIG_FLAGS --disable-deprecated --with-quantum-depth=16 --with-umem=no --with-autotrace=no --with-fontconfig=no --with-gslib=no --with-fontpath= --with-rsvg=no --with-xml=no --with-perl=no
DOCUMENTATION_PATH /usr/local/share/doc/ImageMagick-6.6.8/
EXEC-PREFIX /usr/local
EXECUTABLE_PATH /usr/local/bin
FEATURES OpenMP
FILTER_PATH /usr/local/lib/ImageMagick-6.6.8/modules-Q16/filters
HOST i686-pc-linux-gnu
LDFLAGS -L/usr/local/lib
LIB_VERSION 0x668
LIB_VERSION_NUMBER 6,6,8,10
LIBRARY_PATH /usr/local/lib/ImageMagick-6.6.8
LIBS -lMagickCore -ljpeg -lpng -lz -lm -lgomp -lpthread
NAME ImageMagick
PCFLAGS -fopenmp
PREFIX /usr/local
QuantumDepth 16
RELEASE_DATE 2011-09-25
SHARE_CONFIGURE_PATH /usr/local/share/ImageMagick-6.6.8
SHARE_PATH /usr/local/share/ImageMagick-6.6.8
VERSION 6.6.8
WEBSITE http://www.imagemagick.org
Path: [built-in]
NAME ImageMagick
DELEGATES jpeg jng png zlib
I have the ghostscript delegate installed but it is not showing, not sure if that is the error at hand.
Here is my risu.cfg
report:
author: Matthew F Hymowitz
title: All Servers Vulnerability Scan
company: GMP Netwroks, LLC
classification: UNCLASSIFIED
database:
adapter: sqlite3
host: localahost
port:
database: AllServers.db
username: root
password: ******
timeout:
Any thoughts you had would be much appreciated. Thank you.
Two questions I have after using risu for all of 24 hours (I really like it!)
Is there a way to ignore a list/array of plugin IDs at report generation or in a template?
and
Is there a way to ignore a list/array of IP addresses at report generation or in a template?
It would be a great feature to be able to use the DB connection settings in the config file to launch a mysql client session, e.g.
nessusdb --config-file myscan.cfg --mysql-cli
I am getting the following with the graphs.rb template:
Error: undefined method number_of_hosts' for #<Class:0xb660fe44> /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
(eval):19:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ineval'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:31:in generate' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininstance_eval'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in initialize' /usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:innew'
/usr/lib/ruby/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in generate' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/../lib/nessusdb/prawn_templater.rb:29:ingenerate'
/usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:230:in main' /usr/lib/ruby/gems/1.8/gems/nessusdb-1.2/bin/nessusdb:241 /usr/bin/nessusdb:19:inload'
/usr/bin/nessusdb:19
I am using a mid-stream version of 1.4 and am still getting some hostnames that are NULL. I have been having to go into SQL and set the hostname = ip in order to get all hosts to show up on some of the reports.
Don't know why these hosts show up with no hostname but it is a bug that is affecting the completeness of some reports.
Just pulled the new 1.4 code and tried 'gem build nessusdb.gemspec' and get the following error:
Invalid gemspec in [nessusdb.gemspec]: Malformed version number string 1.4-dev
ERROR: While executing gem ... (NoMethodError)
undefined method `mark_version' for nil:NilClass
I am receiving an error when trying to use assets.rb template. I do not get this with the other ones and am not a ruby programmer so do not know where to start:
Error: private method gsub' called for nil:NilClass ./bin/../lib/nessusdb/prawn_templater.rb:32:ingenerate'
(eval):17:in sort' (eval):17:ingenerate'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in eval' ./bin/../lib/nessusdb/prawn_templater.rb:32:ingenerate'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in instance_eval' /var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininitialize'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in new' /var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:ingenerate'
./bin/../lib/nessusdb/prawn_templater.rb:31:in generate' bin/nessusdb:218:inmain'
bin/nessusdb:229
I need to be able to pull a list and count of servers by type to populate the following sort of table:
host type | count
server | xxx
workstation | xx
printer | xx
etc.
I have downloaded and installed risu and works so far. I have a template I created and am trying to use it. I tried 'risu -t ~/Documents/my_template.rb -o my_template.pdf' and was told '[!] Template "my_template.rb" does not exist. Please check the name'. I tried without the '.rb' and same result. So, I copied the template to /usr/local/rvm/gems/ruby-1.9.2-p290/gems/risu-1.4.8/lib/risu/templates where I found the other templates that come with risu and same result. I tried 'risu -l' and it does not show up.
How do I use my own template with risu?
New XML element detected: plugin_type. Please report this to [email protected]
When I process a nessus file, it seems as though the "patches" table does not get populated. As a result the ms_patch_summary template produces a blank report.
I had an issue with --create-config which was fixed, but when I tried to update I seemed to have broken things. What is the best way to re-install risu? I tried uninstalling after the update and reinstalling, but keep getting this error now.
Invalid gemspec in [/opt/local/lib/ruby/gems/1.8/specifications/risu-1.4.7.gemspec]: Illformed requirement ["#YAML::Syck::DefaultKey:0x105eecba8 2.5.0"]
I am at the point where I want to re-install rubygems but surly there is a better way to just clear out the old risu and start afresh? Apologies if this is more rubygems related than risu related.
I am creating a table of top 5 services with vulnerabilities and need to include a usage/description of the service.
e.g.
+-------+---------+--------------------------+ | count | service | description/usage | +-------+---------+--------------------------+ | 10 | cifs | Microsoft File and Print | +-------+---------+--------------------------+ | 5 | www | Web Server | +-------+---------+--------------------------+
And so on. The description attached to /etc/services is probably sufficient but the port "name" by itself is not enough.
What is the best way to do this rapidly?
I'm getting this error when trying to install risu:
box03:/home/jl/risu# gem install risu ERROR: Error installing risu: risu requires RubyGems version >= 1.6.0. Try 'gem update --system' to update RubyGems itself.
I have installed both rubygems 1.8 and 1.9.1
`box03:/home/jl# update-alternatives --config gem
There are 2 choices for the alternative gem (providing /usr/bin/gem).
Selection Path Priority Status
0 /usr/bin/gem1.8 180 auto mode
1 /usr/bin/gem1.8 180 manual mode
but when I try to lookup for the gem version installed, I get this
box03:/home/jl/risu# gem --version 1.3.7
I'm on Debian Squeeze, and when I try to update gem by it own means, it shows this warning
box03:/home/jl/risu# gem update --system ERROR: While executing gem ... (RuntimeError) gem update --system is disabled on Debian, because it will overwrite the content of the rubygems Debian package, and might break your Debian system in subtle ways. The Debian-supported way to update rubygems is through apt-get, using Debian official repositories. If you really know what you are doing, you can still update rubygems by setting the REALLY_GEM_UPDATE_SYSTEM environment variable, but please remember that this is completely unsupported by Debian.
I'm a bit scared about doing this, since it looks like it'll break all Debian dependencies. Anyone has seen this before? I'm new to ruby and probably I've something wrong with my installation
Hostnames and IPs are somehow parsed into the MAC field in the hosts table.
The ability to mark a false positive is a feature that would be great to have. I have some that I know I do not need in the results, like the share allows full access due to the credentials used for the scan (domain admin) and this is NOT a critical.
System: RISU 1.4.6, MySQL 5.5, Ruby 1.9.2 p180
It appears that loading the tag name "operating-system" into the database doesn't work consistently.
Example of hosts.os table from a loaded .nessus file using the MySQL CLI:
mysql> select hosts.os from hosts;
+----------------------------------------------------------------+
| os |
+----------------------------------------------------------------+
| 2555917 |
| Windows 7 Professional |
| Windows 7 Professional |
| 2525694 |
| 2544893 |
| 2476687 |
| 816093 |
| 2476687 |
| Linux Kernel 2.6 on CentOS 5 |
| 2544893 |
| 2555917 |
| Microsoft Windows Server 2008 R2 Standard |
| 2530095 |
| Microsoft Windows Server 2003, Standard Edition (English) |
| 2555917 |
A specific example - host 10.3.11.72
mysql> select hosts.fqdn, hosts.ip, hosts.os from hosts where hosts.fqdn like "%
oem%";
+-----------------------------+------------+---------+
| fqdn | ip | os |
+-----------------------------+------------+---------+
| mah-oem1.corporate.xxxx.com | 10.3.11.72 | 2555917 |
+-----------------------------+------------+---------+
1 row in set (0.00 sec)
mysql>
Those numbers listed in the OS field seem to correspond to a subsequent tag when looking at the raw .nessus file:
general-purpose
Microsoft Windows Server 2003, Enterprise Edition (English)
2507938
2555917
00:50:56:xx:xx:ef
10.3.11.72
mah-oem1.corporate.xxxx.com
I tried another load of the data (risu --config-file test.cfg load_file.nessus) and the same issue occurred so it wasn't a one-time event.
Also, looking at the MAC address field, I see potentially the same problem. Sometime a MAC address, sometimes a number.
f2:89:0a:xx:xx:15
2525694
00:50:56:xx:xx:44
00:50:56:xx:xx:38
2555917
2555917
00:50:56:xx:xx:c2
00:50:56:xx:xx:72
I've never done Ruby coding, so I haven't really tracked down the error problem. Seems like a parsing issue in the OS field or some of those tags maybe. I don't really have a workaround either.
Thanks for any help here.
Steve
Need to do the findings_summary.rb template sorted by plugin name. This code is where the loop happens:
Item.critical_risks_unique_sorted.each do |item|
name = Plugin.find_by_id(item.plugin_id).plugin_name
count = Item.where(:plugin_id => item.plugin_id).count
text "#{count} - #{name}"
end
Do I need to add those to an array and then loop through the array or create a new critical_risks_unique_sorted_by_name item in the item.rb file to accomplish this? Seems like the latter is the better long term option but could no figure out how to do it on my own as there are no plugin_name's in the items table.
Ed
I am working on trying to create sort of an executive summary template. I have started with the finding_statistics.rb and added the graphs.rb output to it at the end.
I figured out the left and right alignment but need them side by side. How do I do this?
Any docs, tips or info you can point me to on writing these templates?
I use a new DB for each scan and have to load the full plugin set every time.
It would be good if there were a knowledge base or central repository like place to store plugin info so that it does not have to be loaded every time a scan is loaded. Maybe a separate database to store this?
Or if we could have multiple scans in the same DB then there just would need to be one set of plugins and then just update/load them if the plugin is updated.
Thoughts?
Just installed risu with 'gem install risu' and loaded a current Nessus scan result. I got the following new hostproperties warnings:
New HostProperties attribute: MS11-025. Please report this to [email protected]
New HostProperties attribute: MS11-039. Please report this to [email protected]
New HostProperties attribute: MS11-066. Please report this to [email protected]
New HostProperties attribute: MS11-067. Please report this to [email protected]
New HostProperties attribute: MS11-069. Please report this to [email protected]
I just updated from git and tried to execute nessusdb and am getting the following error:
Error: undefined method where' for #<Class:0xb65436a0> ./bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
./bin/../lib/nessusdb/models/report.rb:20:in scan_date' (eval):15:ingenerate'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in eval' ./bin/../lib/nessusdb/prawn_templater.rb:31:ingenerate'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:in instance_eval' /var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:238:ininitialize'
/var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:in new' /var/lib/gems/1.8/gems/prawn-core-0.8.4/lib/prawn/document.rb:130:ingenerate'
./bin/../lib/nessusdb/prawn_templater.rb:29:in generate' bin/nessusdb:230:inmain'
bin/nessusdb:241
Basically a template that is like the statistics template but with each host, sorted by IP, on a line with the number of each type of finding:
Count of Findings by IP Address
+---------+----------+------+--------+-----+
| IP | Critical | High | Medium | Low |
+---------+----------+------+--------+-----+
| 1.1.1.1 | 10 | 14 | 32 | 3 |
+---------+----------+------+--------+-----+
| 1.1.1.2 | 14 | 11 | 27 | 5 |
+---------+----------+------+--------+-----+
| 1.1.1.3 | 9 | 2 | 7 | 1 |
+---------+----------+------+--------+-----+
etc.
How would I add my company logo to the top of each page in the template?
Would like to add "VMWare ESX" to the list of other OSs for the other_os_graph to call it out explicitly.
We have critical, high, medium and low queries already for risks_unique and risks_unique_sorted.
Please add info_risks_unique and info_risks_unique_sorted using a severity of 0.
Id like to get this in 1.4.3 this week.
New HostProperties attribute: pci-dss-compliance:. Please report this to [email protected]
New HostProperties attribute: pcidss:compliance:failed. Please report this to [email protected]
New HostProperties attribute: pcidss:compliance:passed. Please report this to [email protected]
New HostProperties attribute: pcidss:deprecated_ssl. Please report this to [email protected]
New HostProperties attribute: pcidss:expired_ssl_certificate. Please report this to [email protected]
New HostProperties attribute: pcidss:high_risk_flaw. Please report this to [email protected]
New HostProperties attribute: pcidss:medium_risk_flaw. Please report this to [email protected]
New HostProperties attribute: pcidss:reachable_db. Please report this to [email protected]
New HostProperties attribute: pcidss:www:xss. Please report this to [email protected]
I installed Risu with the command "gem install risu".
I imported Nessus files to Risu database successfully, but I cannot generate any report. Risu gives the following error. How can I solve this issue? Thanks.
risu -t "/var/lib/gems/1.9.1/gems/risu/lib/risu/templates/graphs.rb" -o "/root/Desktop/graphs.pdf"
Error: wrong constant name #Class:0x00000002470bb0
/usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/lib/risu/prawn_templater.rb:31:in eval' /usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/inflector/methods.rb:124:inblock in constantize'
/usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/inflector/methods.rb:123:in each' /usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/inflector/methods.rb:123:inconstantize'
/usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/dependencies.rb:183:in block in const_missing' /usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/dependencies.rb:181:ineach'
/usr/lib/ruby/gems/1.9.1/gems/activesupport-3.0.7/lib/active_support/dependencies.rb:181:in const_missing' (eval):3:inmodule:Modules'
(eval):2:in <module:Risu>' (eval):1:inblock in generate'
/usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/lib/risu/prawn_templater.rb:31:in eval' /usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/lib/risu/prawn_templater.rb:31:inblock in generate'
/usr/lib/ruby/gems/1.9.1/gems/prawn-0.11.1/lib/prawn/document.rb:210:in instance_eval' /usr/lib/ruby/gems/1.9.1/gems/prawn-0.11.1/lib/prawn/document.rb:210:ininitialize'
/usr/lib/ruby/gems/1.9.1/gems/prawn-0.11.1/lib/prawn/document.rb:121:in new' /usr/lib/ruby/gems/1.9.1/gems/prawn-0.11.1/lib/prawn/document.rb:121:ingenerate'
/usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/lib/risu/prawn_templater.rb:29:in generate' /usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/lib/risu/cli/application.rb:342:inrun'
/usr/lib/ruby/gems/1.9.1/gems/risu-1.4.4/bin/risu:12:in <top (required)>' /usr/bin/risu:19:inload'
/usr/bin/risu:19:in `
Would it be possible to add a table of contents to this document somehow. If there are too many findings it might get too busy but at least something with Critical, High, Medium and Low so know on which page they start and be able to jump to them would help.
Maybe an index in the end of the IPs with the page numbers they are in as well?
Vulns by Host
1.2.3.4 - NETBIOS
Criticals
- item 1
- item 2
- item 3
High
- Item 1
- Item 2
1.2.3.5 - NETBIOS2
Criticals
- Item 1
- Item 2
Highs
- Item 1
- Item 2
- Item 3
etc.
I see clearly how to create the database.yml file that can be edited for use. I do not see a way to specify the name of the config/yml file in the program options. It would be useful to have multiple config files, one for each VA/scan that one is working with. That way you could have a DB for each one without mixing the results of multiple runs or clients.
Create output into rtf so that word can load and edit the generated report.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.