Risu

Risu is a Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.

Version v1.5.0 is the current release.


Installation

Risu is released through RubyGems. This allows for an easier installation.

% gem update
% gem install risu

If you experience any problems during the installation process please check this wiki page. Most common issues are recorded here and they are usually based on 3rd party native libraries.


Database Setup

% risu --create-config
% $EDITOR risu.cfg
% risu --create-tables
  1. Generate the risu.cfg file.
  2. Edit the risu.cfg file, filling in the variables as needed.
  3. Migrate the database schema.

Example SQLite3 Config

report:
  author: Jacob Hammack
  title: Example Risu Report
  company: Arxopia LLC.
  classification: UNCLASSIFIED

database:
  adapter: sqlite3
  database: assessment.db

Example MySQL Config

report:
  author: Jacob Hammack
  title: Example Risu Report
  company: Arxopia LLC.
  classification: UNCLASSIFIED

database:
    adapter: mysql
    host: localhost
    port: 3306
    database: risu_assessment_may
    username: root
    password: password
    timeout: 1000

Parsing Nessus Output

% risu report1.nessus [report2.nessus ...]
  1. Parse the files by passing their names on the command line.

Viewing Data

The data can be viewed with a query browser available for your database. Risu include a console option to use the database in a ActiveRecord type console. A Rails front end will be available in the future.


Risu Console

Using the Risu Console is just like using Rails. You can access all of the ActiveRecord models directly and pull specific data from each model. Like SQL only easier!

[hammackj@taco:~/assessments]$ risu --console

      _           
 _ __(_)___ _   _ 
| '__| / __| | | |
| |  | \__ \ |_| |
|_|  |_|___/\__,_|

risu Console v1.5.0
>> Host.first
=> #<Risu::Models::Host id: 1, report_id: 1, name: "10.69.69.74", os: "Linux Kernel 2.6 on Debian 
4.0 (etch)", 
mac: "XX:XX:XX:XX:XX:XX", start: "2011-04-20 16:29:37", end: "2011-04-20 16:32:14", ip: "10.69.69.74", 
fqdn: "redada.hammackj.net", netbios: "REDADA", local_checks_proto: nil, smb_login_used: nil, 
ssh_auth_meth: nil, ssh_login_used: nil, pci_dss_compliance: nil, notes: nil>
>> Item.first
=> #<Risu::Models::Item id: 1, host_id: 1, plugin_id: 1, plugin_output: nil, port: 22, svc_name: "ssh", 
protocol: "tcp", severity: 0, verified: nil>

Generating Reports

To generate a report please execute the following after the the data is parsed into the database.

% risu -t  -o "REPORT_NAME.pdf"

Templates

By default templates are located in the gem installation directory of Risu. on my development machine they were found at:

[hammackj@taco:~/Projects/public/risu]$ ./bin/risu -l
Available Templates
    assets - Generates a Assets Summary Report
    cover_sheet - Generates a coversheet with a logo (Example Template)
    exec_summary - Generates a simple executive summary.
    exec_summary_detailed - Generates a detailed executive summary report
    finding_statistics - Generates report finding statistics
    findings_host - Generates a findings report by host
    findings_summary - Generates a findings summary report
    findings_summary_with_pluginid - Geneates a Findings Summary with Nessus Plugin ID
    graphs - Generates a report with all the graphs in it
    host_summary - Generates a Host Summary Report
    ms_patch_summary - Generates a Microsoft Patch Summary Report
    ms_update_summary - Generates a Microsoft Update Summary Report
    pci_compliance - Generates a PCI Compliance Overview Report
    technical_findings - Generates a Technical Findings Report
    template - template
[hammackj@taco:~/Projects/public/risu]$

Creating Templates

Creating a template is a simple process, lets look at a simple example:

module Risu
        module Modules
            class Template  "template", 
                        :author => "hammackj", 
                        :version => "0.0.1", 
                        :description => "template"
                    }
                end

                #
                #
                def render(output)
                output.text Report.classification, :align => :center
                output.text "\n"

                output.font_size(22) { output.text Report.title, :align => :center }
                output.font_size(18) {
                    output.text "Finding Statistics", :align => :center
                    output.text "\n"
                    output.text "This report was prepared by\n#{Report.author}", :align => :center
                }

                output.text "\n\n\n"

                output.text "Scan Date:", :style => :bold
                output.text "#{Report.scan_date}"
                output.text "\n"

                headers = ["Number of hosts","Number of risks","High Risks", "Medium Risks", "Low Risks", "Info Risks"]
                data = [Host.count, Item.risks.count, Item.high_risks.count, Item.medium_risks.count, Item.low_risks.count, Item.info_risks.count]

                output.table([headers] + [data], :header => true, :width => output.bounds.width) do
                    row(0).style(:font_style => :bold, :background_color => 'cccccc')
                    cells.borders = [:top, :bottom, :left, :right]
                end     
                
                end
            end
        end
    end

This template generates a simple table with all of the statistics from the the parsed report.

As you can there are lots of Objects we can pull data from.

The Report class is the center piece of the relation of data. A report has the policy used for that scan and each host is tied back to the report via the report_id field. The Report class is also infused with the properties from the config file for Author/Title/Classification.

>> Report
=> Risu::Models::Reportid: integer, policy_id: integer, name: string

The Host class represents each host in the report.

>> Host
=> Risu::Models::Hostid: integer, report_id: integer, name: string, os: string, mac: string, 
start: datetime, end: datetime, ip: string, fqdn: string, netbios: string, local_checks_proto: string, 
smb_login_used: string, ssh_auth_meth: string, ssh_login_used: string, pci_dss_compliance: string, notes: text

The Item class represents each item in the report.

>> Item
=> Risu::Models::Itemid: integer, host_id: integer, plugin_id: integer, plugin_output: text, 
port: integer, svc_name: string, protocol: string, severity: integer, verified: boolean

All of these models have some relation to each other so you can do some pretty cool ActiveRecord ruby code. Each ActiveRecord Model has named scopes to call commonly used queries.


Report.first.hosts.first # Will return the first host in the first report

Report.first.hosts.first.items # Will return the findings for the first host in the first report

Host.where(:ip => "10.69.69.74") # Will return the hosts with ip 10.69.69.74

Host.where("ip LIKE '10.69.69.%'") # Will return the hosts in the 10.69.69 subnet

Item.high_risks # Will return the Items that are rated a High Risk (Red)

Item.high_risks.first.host # Will return the first host with a high risk

Using the Risu Console will help you get a grasp on all the info and how to use it. It is much easier to test report ideas in the console than to build the template and test it over and over.

The output for the reports is Prawn, a ruby library for PDF generation. All of the output functions from Prawn are supported in Risu templates.


Issues

If you have any problems, bugs or feature requests please use the github issue tracker.



Donations

I have received several requests for a method to donate to the project. You can use the following Paypal donation link; if you are interested in donating to the Risu Project. Your donations are welcome and help the development of Risu.


Click here to lend your support to: Risu and make a donation at www.pledgie.com !

Contact

You can reach me at jacob[dot]hammack[at]hammackj[dot]com.

You can also contact me on IRC as hammackj on irc.freenode.net, #risu