Changing Risk Finding Colors

[mrjim72]

How can I change the colors to match the schema from previous versions of Risu where Critical Findings were purple, High Findings were red, Medium Findings were orange, Low Findings were yellow, and Informational Findings were blue? I have edited the graph colors in the risu.rb file, but they only seem to affect the headers in the technical_findings.rb file and those color headers do not match with the findings_summary.rb file. I'd like to the headers in both templates consistent with the older Risu version risk colors. Is that possible with the newer version? Thanks.

[hammackj]

Which version are you using? I think the color mismatch is fixed in the dev version. I haven't released a new one yet, as I haven't had a chance to do real world testing on some of the changes. If you check out branch 1.7.2 all the colors should be the same (New colors, based on the current Nessus ones) You can change all the colors with the GRAPH_COLORS variable. You should be able to override it in a custom template to change the colors for that template.

I will look at adding a way to configure it from the risu.cfg file.

[mrjim72]

Ah, okay. I'm using 1.7.1. Is there a command line install for the 1.7.2 dev version?

[hammackj]

an easy way would be to clone the repo and use it that way, assuming a Unix shell

git clone https://github.com/arxopia/risu.git
cd risu
git checkout 1.7.2
rake build
gem install risu*.gem

then

risu --version

That should return 1.7.2

I should be able to release 1.7.2 soon maybe tonight or tomorrow night. If you can wait a few more days.

[mrjim72]

I was having all kinds of problems with Risu and RVM not staying installed on Kali, so I went back to my Backtrack 5R1 VM and everything installed fine for 1.7.2. However, I get an error with every Risu command: "Warning: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.6". This didn't seem to have much of an effect, however Risu will not generate a technical findings report. What I'm trying to do is get a technical findings report that includes the mediums and lows as well. I got that to work on Kali, but the colors didn't match, even in 1.7.2. I think fixing this other warning with Nokogiri will be the easier thing to do.

[hammackj]

The medium and low might be commented out in the source for the template.

The nokogiri one is fine to ignore doesn't seem to impact anything.

I will take closer look tonight. When I glanced everything seemed to match up. I use custom templates for most things.

On Monday, January 5, 2015, mrjim72 notifications@github.com wrote:

I was having all kinds of problems with Risu and RVM not staying installed on Kali, so I went back to my Backtrack 5R1 VM and everything installed fine for 1.7.2. However, I get an error with every Risu command: "Warning: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.6". This didn't seem to have much of an effect, however Risu will not generate a technical findings report. What I'm trying to do is get a technical findings report that includes the mediums and lows as well. I got that to work on Kali, but the colors didn't match, even in 1.7.2 I think fixing this other warning with Nokogiri will be the easier thing to do.

— Reply to this email directly or view it on GitHub https://github.com/arxopia/risu/issues/76#issuecomment-68773738.

Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com

[mrjim72]

I did have success removing the comments for the mediums and lows using Risu on a Kali VM. However, 1.7.2 will not generate a technical findings report on this Backtrack VM. I haven't tried all of the available templates, but other ones that I have tried have worked fine. Other than the Nokogiri warning, it doesn't give me any other error or note when I try to create a technical findings report; it just simply does not make the report. Odd.

[hammackj]

What version of ruby?

What's the output of risu --version?

Should show a few versions.

On Monday, January 5, 2015, mrjim72 notifications@github.com wrote:

I did have success removing the comments for the mediums and lows using Risu on a Kali VM. However, 1.7.2 will not generate a technical findings report on this Backtrack VM. I haven't tried all of the available templates, but other ones that I have tried have worked fine. Other than the Nokogiri warning, it doesn't give me any other error or note when I try to create a technical findings report; it just simply does not make the report. Odd.

— Reply to this email directly or view it on GitHub https://github.com/arxopia/risu/issues/76#issuecomment-68776004.

Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com

[mrjim72]

Here's what I'm using:

risu: 1.7.2 Ruby Version: 2.0.0 Rubygems Version: 2.0.0.rc.2

[hammackj]

I pushed the new gem, let me know if there is any difference.

You will need to remove the 1.7.2 you installed.

[mrjim72]

Uninstalled and reinstalled with no problems. Unfortunately, the technical findings template is still not generating a pdf. There are no errors or warnings other than the Nokogiri warning, but that doesn't affect any of the other templates that I've used. I type in "risu -t technical_findings -o report_technical_findings.pdf" and it gives the Nokogiri warning and then goes to the next bash prompt, just as with the other templates. When I do a ls or browse the home directory and there's no technical findings report. Is there something in the technical_findings.rb file that it isn't liking?

[hammackj]

If you copy the template from the lib/templates directory to another, you will need to Change the class name and the template_info for the name

Currently Medium and Low findings are commented out, due to their verbosity. Try downloading the template on the pastebin below and place and do risu -t technical_findings_test -o test.pdf and let me know how that works.

If that doesn't work try the findings_summary template and see if there is any findings in the database.

http://pastebin.com/quv8Ppkk

[mrjim72]

Real quick... before I try that fix, I have copies of the templates in other locations. Now, this doesn't seem to be affecting the other reports, but do I need to remove/rename these other files?

root@bt:~# find / -name 'technical_findings.rb' /usr/local/rvm/gems/ruby-2.0.0-p0/gems/risu-1.7.2/lib/risu/templates/technical_findings.rb /usr/local/rvm/gems/ruby-1.9.3-p392/gems/risu-1.6.2/lib/risu/templates/technical_findings.rb /root/risu/lib/risu/templates/technical_findings.rb root@bt:~#

[mrjim72]

I named it technical_findings_test.rb, but it didn't register with Risu because I got the infamous error:

root@bt:~# risu -t technical_findings_test -o test.pdf WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.6 [!] Template "technical_findings_test" does not exist. Please check the name

The findings summary template works like a champ with the new color scheme listing all of the findings from critical down to informational.

[hammackj]

Is the test template in the same directory as your risu.cfg?

[mrjim72]

No, I had put it in the /risu/lib/risu/templates/ directory. I moved it to my root directory and success! Only problem is the colors are wrong. The Critical Findings header is in a dark grey/green color. High and Medium are a lime green color and Low is in blue. Is there a way I can match them to the findings summary header colors?

[hammackj]

I found the bug last night. I will have a update in the repo tonight.

[mrjim72]

Okay thank you. I will try the updated version tonight.

[hammackj]

I pushed gem 1.7.3. Let me know if you are still having the issue. I rewrote the entire template as it was using older api calls.

[mrjim72]

I uninstalled the gem and then reinstalled it and confirmed that it's version 1.7.3. However, it's still not generating the technical findings report. Same result as before.

[hammackj]

Hmm this is puzzling ;/

On Thursday, January 8, 2015, mrjim72 notifications@github.com wrote:

I uninstalled the gem and then reinstalled it and confirmed that it's version 1.7.3. However, it's still not generating the technical findings report. Same result as before.

— Reply to this email directly or view it on GitHub https://github.com/arxopia/risu/issues/76#issuecomment-69277000.

Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com

[mrjim72]

Do I need to manually rip out the old directories?

[hammackj]

Try gem uninstall risu for all the versions then reinstall the latest. Might change something.

On Thursday, January 8, 2015, mrjim72 notifications@github.com wrote:

Do I need to manually rip out the old directories?

— Reply to this email directly or view it on GitHub https://github.com/arxopia/risu/issues/76#issuecomment-69277253.

Jacob Hammack Jacob.Hammack@Hammackj.com (210) 355-0036 http://www.hammackj.com

[mrjim72]

I did that yesterday because I had 1.62 and 1.72 installed. Just now there was only 1.7.2. This is a VM, so I think I'm going to just stand up a new one and see what happens with a fresh install. I'll report back what I find.

[mrjim72]

Update: I stood up a new VM for my favorite stable version of Backtrack 5r3 and was not able to update to 1.7.3 because the repositories weren't alive anymore to automagically update Ruby and Rubygems. Instead of trying to hack through the weeds of that, I went back to Kali and started over. I uninstalled my prior versions of Risu and updated the Ruby stuff.

Here is what I'm running now:

risu: 1.7.3 Ruby Version: 2.1.2 Rubygems Version: 2.4.5

When I ran a technical findings report, the report generated perfectly with the correct color scheme, Critical in red, High in orange. However, despite the Medium and Low findings not being commented out, they were not included in the report.

I copied the report from the templates directory to my home directory and modified the class name and template_info to add "test" and I named the file "technical_findings_test.rb". I made no other changes.

When I ran that report, it included Critical, High, Medium, and Low, but with the goofy color scheme of the dark grey/green for Critical. High and Medium in lime green and Low in blue.

[mrjim72]

Some more info: I edited the GRAPH_COLORS[n] in the technical_findings_test.rb template in my home directory and went through all the variables from 0-9 and never did come close to matching the correct color schema.

Here are the GRAPH_COLORS as best I can determine from the variables 0-9.

[1]: lime green [2]: lime green

[4]: medium blue [5]: light blue [6]: kelly green (darker than 1&2, but not as dark as 0... reminded me of the NY Jets colors) [7]: med-light blue (between 4&5)

[9]: blue-med blue (between 3&4)

[hammackj]

Lets try this. Inside of your local technical_findings.rb, in the render method add this around line 93

puts GRAPH_COLORS.inspect

and then generate a report and let me know the output.

I get ["#d2403f", "#ec9241", "#fcc343", "#50ad51", "#397bbb", "#8E6B8E", "black", "#cccccc", "brown", "#e52d89"]

These are the correct colors set.

Also could you post the template copy you are using?

[mrjim72]

I got that same output, repeated five times.

Here's the template I'm using. I copied the technical_findings.rb from the templates directory to my home directory, changed the class and template_info name to included the word "test" and saved it as technical_findings_test.rb This is with the puts GRAPH_COLORS.inspect line included.

Copyright (c) 2010-2014 Arxopia LLC.

All rights reserved.

#

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:

#

* Redistributions of source code must retain the above copyright

notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in the

documentation and/or other materials provided with the distribution.

* Neither the name of the Arxopia LLC nor the names of its contributors

may be used to endorse or promote products derived from this software

without specific prior written permission.

#

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,

INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,

OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE

OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

OF THE POSSIBILITY OF SUCH DAMAGE.

\ \module Risu \ module Templates \ class TechnicalFindingsTestTemplate < Risu::Base::TemplateBase \ include TemplateHelper \ \ def initialize () \ @template_info = \ { \ :name => "technical_findings_test", \ :author => "hammackj", \ :version => "0.0.8", \ :renderer => "PDF", \ :description => "Generates a Technical Findings Report" \ } \ end \ \ def render(output) \ text Report.classification.upcase, :align => :center \ text "\n" \ \ report_title Report.title \ report_subtitle "Critical and High Findings" \ report_author "This report was prepared by\n#{Report.author}" \ \ text "\n\n\n" \ \ unique_risks = Array.new \ unique_risks << Hash[:title => "Critical Findings", :color => Risu::GRAPH_COLORS[0], :values => Item.critical_risks_unique] if Item.critical_risks_unique.to_a.size != 0

unique_risks << Hash[:title => "High Findings", :color => Risu::GRAPH_COLORS[1], :values => Item.high_risks_unique] if Item.high_risks_unique.to_a.size != 0

\

unique_risks << Hash[:title => "Medium Findings", :color => Risu::GRAPH_COLORS[2], :values => Item.medium_risks_unique_sorted] if Item.medium_risks_unique_sorted.to_a.size != 0

unique_risks << Hash[:title => "Low Findings", :color => Risu::GRAPH_COLORS[3], :values => Item.low_risks_unique_sorted] if Item.low_risks_unique_sorted.to_a.size != 0

\ \ unique_risks.each_with_index do |h, index| \ if h[:values].length > 0 \ \ output.font_size(18) do \ output.fill_color h[:color] \ text h[:title], :style => :bold \ output.fill_color "000000" \ end \ \ text "\n" \ \ h[:values].each do |f| \ \ hosts = Item.where(:plugin_id => f.plugin_id).group(:host_id) \ plugin = Plugin.find_by_id(f.plugin_id) \ \ references = Reference.where(:plugin_id => plugin.id).group(:value).order(:reference_name) \ \ output.font_size(16) do \ text "#{plugin.plugin_name}\n" \ end \ \ if hosts.length > 1 \ text "Hosts", :style => :bold \ else \ text "Host", :style => :bold \ end \ \ hostlist = Array.new \ hosts.each do |host| \ ho = Host.find_by_id(host.host_id) \ #if h.id != blacklist_host_id.first.id \ host_string = "#{ho.name}" \ host_string << " (#{ho.fqdn})" if ho.fqdn != nil \ hostlist << host_string \ \puts GRAPH_COLORS.inspect \ #end \ end \ \ text hostlist.join(', ') \ \ if f.plugin_output != nil \ text "\nPlugin output", :style => :bold \ text f.plugin_output \ end \ \ if plugin.description != nil \ text "\nDescription", :style => :bold \ text plugin.description.gsub(/[ ]{2,}/, " "), :inline_format => true \ end \ \ if plugin.synopsis != nil \ text "\nSynopsis", :style => :bold \ text plugin.synopsis \ end \ \ if plugin.cvss_base_score != nil \ text "\nCVSS Base Score", :style => :bold \ text plugin.cvss_base_score \ end \ \ if plugin.exploit_available != nil \ text "\nExploit Available", :style => :bold \ \ if plugin.exploit_available == "true" \ text "Yes" \ else \ text "No" \ end \ end \ \ if plugin.solution != nil \ text "\nSolution", :style => :bold \ text plugin.solution \ end \ \ if references.size != 0 \ text "\nReferences", :style => :bold \ text plugin.references.reference_string, :inline_format => true \ plugin_url = "http://www.tenablesecurity.com/plugins/index.php?view=single&id=#{plugin.id}" \ text "nessus_plugin: #{plugin_url}", :inline_format => true, :link => plugin_url \ end \ \ text "\n" \ end \ end \ \ output.start_new_page if unique_risks[index+1] != nil \ end \ \ output.number_pages " of ", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all \ end \ end \ end \end \

[hammackj]

Looks like thats the old version of the template. Below is the newest version with the fix.

https://raw.githubusercontent.com/arxopia/risu/master/lib/risu/templates/technical_findings.rb

[mrjim72]

Ignore the extraneous backslash. Pasting the code was a mess without them, so put them at the beginning of each new line.

[mrjim72]

Fixed! I've been toying with it for awhile to be sure. Your help with this also fixed an problem I've been having with Risu not liking my custom templates. I think that's because I was changing the template_info name, but not changing the class. Now I'm able to copy them over and toy with them. Thank you very much for your help and your patience. I love the tool and now I have an even better appreciation for the work that you put into it.

[hammackj]

Great glad everything is working for you.

Risu will load templates from

$GEM_HOME/gems/risu-version/lib/risu/templates

and

/home/username/.risu/templates

and the current directory. The class name and template_info hash name has to be unique or it will not load one of the dupe'd names.

Hope that helps! Feel free to ask any other questions you have.

[mrjim72]

Yes it helps! Thank you for doing what you do. I have a working install of 1.7.3 with both VM and an extra laptop install of Backtrack. It also works with my VM of Kali. Since the BT repositories have been killed off in favor of Kali, my desire is to convert to Kali. However, my each of my installs of RVM and Risu do not stay installed on my VM of Kali.

My next task is to do an install of the latest version of Kali on my extra laptop. I will report back. I'm betting it's NOT a Risu issue, since I have Risu working with VMs of Backtrack5R1 in a VM and in a laptop install and I also have it working with a VM of Kali 1.08.