Class: Risu::Templates::MaliciousProcessDetection

Inherits:
Base::TemplateBase show all
Includes:
TemplateHelper
Defined in:
lib/risu/templates/malicious_process_detection.rb

Instance Attribute Summary

Attributes inherited from Base::TemplateBase

#output, #template_info

Instance Method Summary collapse

Methods included from TemplateHelper

#default_credential_plugins, #default_credentials_appendix_section, #default_credentials_section, #definition, #has_default_credentials?, #heading1, #heading2, #heading3, #heading4, #heading5, #heading6, #item_count_by_plugin_id, #item_count_by_plugin_name, #new_page, #report_author, #report_classification, #report_subtitle, #report_title, #table, #text, #title

Methods included from ScanHelper

#authenticated_count, #scan_info_to_hash

Methods included from SharesTemplateHelper

#anon_ftp_count, #anon_ftp_section, #anon_smb_count, #anon_smb_query, #anon_smb_section, #shares_appendix_section, #shares_section, #shares_section_has_findings?

Methods included from GraphTemplateHelper

#other_os_graph_page, #risks_by_service_graph_page, #risks_by_severity_graph_page, #root_cause_graph_page, #windows_os_graph_page

Methods included from MalwareTemplateHelper

#conficker_appendix_section, #conficker_count, #conficker_section, #known_malicious_process_appendix_section, #known_malicious_process_count, #known_malicious_process_section, #malware_appendix_section, #malware_section

Methods included from HostTemplateHelper

#unsupported_os, #unsupported_os_appendix_section

Methods inherited from Base::TemplateBase

inherited

Constructor Details

#initializeMaliciousProcessDetection

Returns a new instance of MaliciousProcessDetection.



27
28
29
30
31
32
33
34
35
36
 
# File 'lib/risu/templates/malicious_process_detection.rb', line 27

def initialize
  @template_info =
  {
    :name => "malicious_process_detection",
    :author => "hammackj",
    :version => "0.0.1",
    :renderer => "PDF",
    :description => "Generates a Malicious Process Detection Report"
  }
end

Instance Method Details

#render(output) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/risu/templates/malicious_process_detection.rb', line 38

def render output
  text Report.classification.upcase, :align => :center
  text "\n"

  report_title Report.title
  report_subtitle "Malicious Process Detection Findings"
  report_author "This report was prepared by\n#{Report.author}"

  text "\n\n\n"

  unique_risks = Array.new
  unique_risks << Hash[:title => "Malicious Processes", :color => "9B30FF", :values => Item.where(:plugin_id => 59275)] if Item.where(:plugin_id => 59275).count != 0

  unique_risks.each_with_index do |h, index|
    if h[:values].length > 0

      output.font_size(18) do
        output.fill_color h[:color]
        text h[:title], :style => :bold
        output.fill_color "000000"
      end

      text "\n"

      h[:values].each do |f|
        plugin = Plugin.find_by_id(f.plugin_id)

        references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name)

        output.font_size(16) do
          text "#{plugin.plugin_name}\n"
        end

        text "Host", :style => :bold

        ho = Host.find_by_id(f.host_id)

        host_string = "#{ho.name}"
        host_string << " (#{ho.fqdn})" if ho.fqdn != nil

        text host_string

        if f.plugin_output != nil
          text "\nPlugin output", :style => :bold
          text f.plugin_output
        end

        if plugin.description != nil
          text "\nDescription", :style => :bold
          text plugin.description.gsub(/[ ]{2,}/, " "), :inline_format => true
        end

        if plugin.synopsis != nil
          text "\nSynopsis", :style => :bold
          text plugin.synopsis
        end

        if plugin.cvss_base_score != nil
          text "\nCVSS Base Score", :style => :bold
          text plugin.cvss_base_score
        end

        if plugin.exploit_available != nil
          text "\nExploit Available", :style => :bold

          plugin.exploit_available? ? "Yes" : "No"
        end

        if plugin.solution != nil
          text "\nSolution", :style => :bold
          text plugin.solution
        end

        if references.size != 0
          text "\nReferences", :style => :bold
          text plugin.references.reference_string, :inline_format => true
          plugin_url = "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin.id}"
          text "<b>nessus_plugin</b>: #{plugin_url}", :inline_format => true, :link => plugin_url
        end

        text "\n"
      end
    end

    output.start_new_page if unique_risks[index+1] != nil
  end

  output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
end