creating new template

[ebdavison]

I am working on trying to create sort of an executive summary template. I have started with the finding_statistics.rb and added the graphs.rb output to it at the end.

I figured out the left and right alignment but need them side by side. How do I do this?

Any docs, tips or info you can point me to on writing these templates?

[hammackj]

The template are pure Prawn. http://prawn.majesticseacreature.com/, I will take a look at this more tonight when I get home.

[abenson]

You mean having two columns? You can create a table, and have them side by side... Otherwise I'm not sure I follow.

[ebdavison]

Yes, two columns. I will try the table and look at the prawn docs.

[ebdavison]

Here is the start of what I have so far for an Executive Summary. I do not see a way to attach a file so I am including it here:

text findings.classification, :align => :center
text "\n"

font_size(22) { text findings.title, :align => :center }
font_size(18) { 
    text "Finding Statistics", :align => :center
    text "\n"
    text "This report was prepared by\n#{findings.author}", :align => :center
}

text "\n\n\n"

text "Scan Date:", :style => :bold
text "#{findings.scan_date}"
text "\n"

text "This report contains the results of a security audit performed on #{findings.scan_date}.\n\n"

text "A total of #{findings.number_of_hosts} hosts were found and scanned for vulnerabities.\n\n"

text "There were #{findings.number_of_risks} found during this scan.  Of these, #{findings.number_of_critical} were critical vulnerabilities, #{findings.number_of_high} were high vulnerabilities, #{findings.number_of_medium} were medium vulnerabilities and #{findings.number_of_low} were low vulnerabilties.\n\n"

text "Scan Statistics", :style => :bold
text "\n"

table([["Number of hosts","Number of risks","Critical Risks", "High Risks", "Medium Risks", "Low Risks"], 
[findings.number_of_hosts, findings.number_of_risks, findings.number_of_critical, findings.number_of_high, findings.number_of_medium, findings.number_of_low]], 
:cell_style => { :padding =>12 }, :width => bounds.width)
text "\n\n\n"

text "Graphs of key finding statistics", :style => :bold
text "\n\n\n"

cury = y
image findings.graph_findings_by_severity(findings), :width => 250, :at => [bounds.left, cury]
image findings.graph_top_vuln_hosts(findings), :width => 250, :at => [bounds.right - 250, cury]
move_down 50
if (y <= 300) 
    start_new_page
end
cury = y
image findings.graph_findings_by_service(findings), :width => 250, :at => [bounds.left, cury]
image findings.graph_other_operating_systems_by_count(findings), :width => 250, :at => [bounds.right - 250, cury]
move_down 50
if (y <= 300) 
    start_new_page
end
cury = y
image findings.graph_windows_operating_systems_by_count(findings), :width => 250, :at => [bounds.left, cury]

[hammackj]

Do you mind if I include this template in the next release?

[ebdavison]

Not at all but it definitely needs more polish as this is very rough. Including it would be great.

I will most likely continue to work on this. The standard bar that I am working against, as an example, is the Executive Summary from NeXpose Community as my boss likes that format. Do you have access to this report? I can show it to you as an example if you need one.

[hammackj]

I don't have a NeXpose box setup, If you have a sample one I will try to recreate it.

[ebdavison]

You can find an example here: https://netmon1.getmns.com/nexpose-exec.pdf

[hammackj]

Thank you for the pdf. I should be able to generate something like that, I will see what I can do.

[hammackj]

Added to v1.3. Should be available then or pull from source