23
Jan
2012

Risu v1.4.9 Released

Risu v1.4.9 has been released. This is a minor release adding new XML tags.

#1.4.9 (January 23, 2012)
    - Added a simple notable vulnerability template table report
    - Added a detailed notable vulnerability template like the technical_findings report just limited to the top vulnerabilities up to 10
    - API for the top 10 vulnerabilities can be found on the Item model
        - top_10_sorted_raw(), returns the top 10 vulnerabilities in an Array sorted in the form of [plugin_id, count]
        - top_10_sorted(), returns the top 10 vulnerabilities in an Array sorted in the form of [name, count]
        - top_10_table(output), inserts a table into the output parameter object with the top 10 data using the top_10_sorted() method
    - All report template classification headers are forced upper case
    - Added 6 PCI related fields
        - pcidss:directory_browsing
        - pcidss:known_credentials
        - pcidss:compromised_host:worm
        - pcidss:unprotected_mssql_db
        - pcidss:obsolete_software
        - pcidss:www:sql_injection
    - Added New XML fields
        - exploit_framework_exploithub
        - exploithub_sku
        - stig_severity
    - Item.risks_by_host now only returns High findings. New accessors for each level will be added for 1.5 with support for the next version of Nessus
    - Fixed a bug on the exec_summary_detailed detailed report
    - A quick reference for Microsoft findings can now be found in the Patch model,
    You are able to get host_id, name(patch name, ie MS01-001), value (plugin_id)
    - Please report any missing tags that risu outputs to jacob[dot]hammackj[@]hammackj[.]com, I expect a ton of Microsoft Patch tags missing

You can install risu with Rubygems, by typing gem install risu in your command prompt. Please see the project page for more information.

Please report any issues that are discovered and I will do my best to fix them in a timely manner.


12
Jul
2011

Risu v1.4.6 Released

Risu v1.4.6 has been released. This is a minor release adding several PCI tags and a user template directory(~/.risu/templates/).

#1.4.6 (July 12, 2011)
- Added pcidss:dns_zone_transfer to the Nessus parser
- Added pcidss:obsolete_operating_system to the Nessus parser
- Removed warnings about several Microsoft patch tags, not sure what to do with them at the moment.
- Added a user template directory. Risu will scan ~/.risu/templates for user templates.

You can install risu with Rubygems, by typing gem install risu in your command prompt. Please see the project page for more information.

Please report any issues that are discovered and I will do my best to fix them in a timely manner.


04
Jul
2011

Risu v1.4.5 Released

Risu v1.4.5 has been released. Major changes to the way templates are handled. They are now treated like plugins and dynamically loaded when risu starts. This means several things, including you no longer have to specify the full path to the template to use it. This also makes it easier for me to add more renderers. This version also includes all of the missing xml fields that have been reported.

#1.4.5 (July 4, 2011)
- Implemented an modular template system, **breaks all existing templates**.
    - All templates are now implemented as Ruby classes this allows them to be dynamically loaded and removes the need to type the entire path to the template
    - This allows me to implement rendering systems that will be able to write pdf/html/rtf/csv in the future without having to have templates for each type
- Updated the Severity Graph and added some auto generated text based on the graph percentages
- Added a method to generate text for the other_os_graph
- Added a method to generate text for the windows_os_graph
- Added some auto generated text for unsupported operating systems to put into a report.
- Added AIX named_scopes on the Host model (os_aix and not_os_aix)
- Unified the colors to be the same for all the graphs
- Added validation of the XML files for Nessus Documents
- Added 'system_type' field to the Nessus parser

You can install risu with Rubygems, by typing gem install risu in your command prompt.

Please report any issues that are discovered and I will do my best to fix them in a timely manner.


09
Jun
2011

Installing Risu on Backtrack5

I receive a lot of questions about installing risu, Most of the problems are related to the native libraries required by rMagick. This is a step by step guide to configuring risu and testing it on Backtrack 5.

Nessus

If you plan to use Backtrack 5 as your you scanning box. I would recommend following this guide written by my boss for configuring Nessus on Backtrack 5.

Ruby via RVM

If you are not using RVM not I highly recommend using it to install ruby. The RVM homepage located here details all of the installation process. Since we are using Backtrack5 the default user is root. This isn't really the recommended way to install RVM but lets setup a multi-user install of RVM.

root@bt:~# bash < <(curl -s https://rvm.beginrescueend.com/install/rvm)

After the install is complete, restart your terminal. This will load RVM, then type:

root@bt:~# rvm -v
    
    rvm 1.6.20 by Wayne E. Seguin (wayneeseguin@gmail.com) [https://rvm.beginrescueend.com/]

You will want to install Ruby 1.9.2 for risu, As it offers the best performance for ruby applications.

root@bt:~# rvm install 1.9.2

Once the download/compile/install is complete set 1.9.2 as the default ruby to use for the system.

root@bt:~# rvm use 1.9.2 --default

root@bt:~# ruby -v
ruby 1.9.2p180 (2011-02-18 revision 30909) [i686-linux]
root@bt:~# gem -v
1.6.2

Everything should be okay to go ahead and start the next step. You might also want other common ruby versions, this can be installed with these commands:

root@bt:~# rvm install 1.9.1
root@bt:~# rvm install 1.8.7

Prerequisites

Prerequisites can be a pain when setting up risu. I am working on getting rid of as many of them as I can but until then you will need to run the following:

root@bt:~# apt-get update && apt-get upgrade && apt-get dist-upgrade
root@bt:~# apt-get install libmagickwand-dev libmagickcore-dev libmagick9-dev

Installing Risu

root@bt:~# gem install risu

Testing the install

root@bt:~# risu -v
risu - 1.4.4
root@bt:~# risu --create-config

This will create a risu.cfg in the current directory. Edit it as follows

root@bt:~# vi risu.cfg 
root@bt:~# cat risu.cfg 
report:
  author: 
  title: 
  company: 
  classification: 

database:
  adapter: sqlite3
  database: test.db

root@bt:~#

Now lets create the database schema:

root@bt:~# risu --create-tables
==  Risu::Schema: migrating ===================================================
-- create_table(:policies)
   -> 0.0091s
-- create_table(:server_preferences)
   -> 0.0039s
-- create_table(:plugins_preferences)
   -> 0.0035s
-- create_table(:family_selections)
   -> 0.0025s
-- create_table(:reports)
   -> 0.0032s
-- create_table(:hosts)
   -> 0.0040s
-- create_table(:items)
   -> 0.0034s
-- create_table(:plugins)
   -> 0.0137s
-- create_table(:individual_plugin_selections)
   -> 0.0028s
-- create_table(:references)
   -> 0.0042s
-- create_table(:versions)
   -> 0.0025s
==  Risu::Schema: migrated (0.3588s) ==========================================

Lets login to the risu console and do a test.

root@bt:~# risu --console

      o             
 ,_       ,         
/  |  |  / \_|   |  
   |_/|_/ \/  \_/|_/


risu Console v1.4.4
>> Host.first
=> nil
>>

Great everything is working so far, so lets parse some data.

root@bt:~# risu nessus_report_PCI_Audit_hammackj.net.nessus 
[*] Parsing nessus_report_PCI_Audit_hammackj.net.nessus...
New HostProperties attribute: pcidss:obsolete_operating_system. Please report this to jacob.hammack@hammackj.com
New HostProperties attribute: system-type. Please report this to jacob.hammack@hammackj.com
New HostProperties attribute: pcidss:dns_zone_transfer. Please report this to jacob.hammack@hammackj.com
New HostProperties attribute: pcidss:directory_browsing. Please report this to jacob.hammack@hammackj.com
[*] Fixing IP Address field
[*] Finished parsing nessus_report_PCI_Audit_hammackj.net.nessus. Parse took 29.53 seconds

Now lets load up the console again and look at the data

root@bt:~# risu --console

      _           
 _ __(_)___ _   _ 
| '__| / __| | | |
| |  | \__ \ |_| |
|_|  |_|___/\__,_|
              

risu Console v1.4.4
>> Host.first
=> #<Risu::Models::Host id: 1, report_id: 1, name: "10.69.69.74", os: "Linux Kernel 2.6 on Debian 4.0 (etch)", mac: "00:22:3f:aa:33:ba", 
start: "2011-05-23 14:54:13", end: "2011-05-23 15:05:32", ip: "10.69.69.74", fqdn: "redada.hammackj.net", netbios: "REDADA", 
local_checks_proto: nil, smb_login_used: nil, ssh_auth_meth: nil, ssh_login_used: nil, 
pci_dss_compliance: "failed", pci_dss_compliance_: nil, pcidss_compliance_failed: "report", pcidss_compliance_passed: nil, 
pcidss_deprecated_ssl: nil, pcidss_expired_ssl_certificate: nil, pcidss_high_risk_flaw: "report", pcidss_medium_risk_flaw: "report", 
pcidss_reachable_db: nil, pcidss_www_xss: "report", notes: nil>
>> Host.first.name
=> "10.69.69.74"
>>

Awesome, everything loaded up and see can see data. Everything is working great. You now have a working risu install and you are ready to browse your data and create reports. If you have any more questions or want to report a bug please go here


28
May
2011

Risu v1.4.4 Released

Risu v1.4.4 has been released. Risu is the new name for NessusDB. No other real changes except for the name. I am working on re-adding host/plugin blacklisting and some other features for the next release. I just wanted to get the name change complete this weekend.

#1.4.4 (May 28, 2011)
- NessusDB has been renamed to risu
- Fixed a bug in --create-config, where tabs were being inserted with spaces
- Fixed a bug in load_config where the exception was not printed.
- Added more banners to the console for fun

You can install risu with Rubygems, by typing gem install risu in your command prompt.

Please report any issues that are discovered and I will do my best to fix them in a timely manner.