Class: Watobo::Modules::Active::Jboss::Jboss_basic

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/jboss/jboss_basic.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Jboss_basic

Returns a new instance of Jboss_basic.



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'modules/active/jboss/jboss_basic.rb', line 50

def initialize(project, prefs={})
  super(project, prefs)
  
  
  measure = "Remove all unnecessary JBoss-Interfaces like JMX-Console."
  
  @jboss_checks = Hash.new
  @jboss_checks["JBoss-AS (critical)"] = { :dirs => ['/jmx-console/HtmlAdaptor', '/web-console/Invoker', '/invoker/JMXInvokerServlet'],
    :rating => VULN_RATING_CRITICAL,
    :threat => "This server supports dangerous JBoss interfaces. An attacker can use these interfaces to gain control over system by deploying its own malicious servlets.",
    :measure => measure
  }

  #
  measure = "Disable all unneeded functions."                                                     
  @jboss_checks["JBoss-AS (info)"] = { :dirs => [ '/status', '/web-console/ServerInfo.jsp'],
    :rating => VULN_RATING_LOW,
    :threat => "There are some functions enabled on this server which leads to information disclosure.
An attacker can use these information to prepare more targeted attacks. ",
    :measure => measure
  }
  
  @checked_dirs = Hash.new
end

Instance Method Details

#generateChecks(chat) ⇒ Object 



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'modules/active/jboss/jboss_basic.rb', line 75

def generateChecks(chat)            
  chat.request.subDirs do |dir|
    if not @checked_dirs.has_key?(dir)                  
      @checked_dirs[dir] = :checked
      @jboss_checks.each do |ckey, check_settings| 
        check_settings[:dirs].each do |cdir|
          checker = proc {
            check_dir = cdir
            test_request = nil
            test_response = nil
            # IMPORTANT!!!
            # use copyRequest(chat) for cloning the original request 
            test = chat.copyRequest
            puts "appending dir #{check_dir}"
            test.setDir(dir)
            test.appendDir(check_dir)
            
            #puts test
            
            status, test_request, test_response = fileExists?(test, :default => true)
            if status == true  
              #test_chat = Chat.new(test, test_response,chat.id)
             # resource = "/" + test_request.resource
              addFinding( test_request, test_response,
                         :check_pattern => "#{check_dir}",
                         :test_item => dir,
              :chat => chat,
              :title => "[#{check_dir}]",
              :rating => check_settings[:rating],
              :threat => check_settings[:threat],
              :measure => check_settings[:measure],
              :class => ckey
              )
            end
            
            [ test_request, test_response ]
          }
          yield checker
        end
      end
    end  
  end
end

#resetObject 



46
47
48
 
# File 'modules/active/jboss/jboss_basic.rb', line 46

def reset()
  @checked_dirs.clear  
end