Class: Watobo::Modules::Passive::Detect_infrastructure

Inherits:
PassiveCheck
  • Object
show all
Defined in:
modules/passive/detect_infrastructure.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Constructor Details

#initialize(project) ⇒ Detect_infrastructure

Returns a new instance of Detect_infrastructure.


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# File 'modules/passive/detect_infrastructure.rb', line 27

def initialize(project)
  @project = project
  super(project)

  @info.update(
  :check_name => 'Infrastructure Information',    # name of check which briefly describes functionality, will be used for tree and progress views
  :description => "Searching for information in response body which may reveal information about Plattform, CMS-Systems, Application Server, ...",   # description of checkfunction
  :author => "Andreas Schmidt", # author of check
  :version => "0.9"   # check version
  )

  @finding.update(
  :threat => 'Information about the underlying infrastructure may help an attacker to perform specialized attacks.',        # thread of vulnerability, e.g. loss of information
  :class => "Infrastructure",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
  :type => FINDING_TYPE_INFO         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
  )

  @pattern_list = []
  @pattern_list << [ 'Server', Regexp.new('<address>(.*)Server at') ]
  @pattern_list << [ 'eZPublish CMS', Regexp.new('title="(eZ Publish)')]
  @pattern_list << [ 'Imperia CMS', Regexp.new('content=[^>]*(IMPERIA [\d\.]*)')]
  @pattern_list << [ 'Typo3 CMS', Regexp.new('content=[^>]*(TYPO3 [\d\.]* CMS)')]
  @pattern_list << [ 'Open Text CMS', Regexp.new('published by[^>]*(Open Text Web Solutions[\-\s\d\.]*)')]
  #<meta name="generator" content="Sefrengo / www.sefrengo.org" >
  #<meta name="author" content="CMS Sefrengo">
  @pattern_list << [ 'Sefrengo CMS', Regexp.new('content=[^>]*(Sefrengo[\s\d\.]*)')]
  @pattern_list << [ 'Tomcat', Regexp.new('(Apache Tomcat\/\d{1,4}\.\d{1,4}\.\d{1,4})') ]
  @pattern_list << [ 'Microsoft-IIS', Regexp.new('<img src="welcome.png" alt="(IIS7)"')]
#          When it’s a SharePoint 2010 site, you will get the result is like this: MicrosoftSharePointTeamServices: 14.0.0.6106
@pattern_list << [ 'SharePoint 2010', Regexp.new('MicrosoftSharePointTeamServices.*14.0.0.6106')]
# And in SharePoint 2007 site, the result is like this: MicrosoftSharePointTeamServices:12.0.0.4518
@pattern_list << [ 'SharePoint 2007', Regexp.new('MicrosoftSharePointTeamServices.*12.0.0.4518')]
  # "vaadinVersion":"7.0.4"
  @pattern_list << [ 'VAADIN }>', Regexp.new('vaadinVersion":"(\d+\.\d+\.\d+)')]
  @pattern_list << [ 'JBoss'    ,Regexp.new('JBoss Web.(\d+\.\d+\.\d+)')]

  #@pattern_list << 'sample code'

end

Instance Method Details

#do_test(chat) ⇒ Object


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'modules/passive/detect_infrastructure.rb', line 67

def do_test(chat)
  begin
     # puts "running module: #{Module.nesting[0].name}"
    #   puts "body" + chat.response.body.join
    return if chat.response.nil? or chat.response.body.nil?
    if chat.response.content_type =~ /text/ then
      
        @pattern_list.each do |pat|

          if chat.response.join =~ /(#{pat[1]})/i then
            #   puts "!!! MATCH !!!"
            match = $1
            addFinding(
            :proof_pattern => "#{match}",
            :chat => chat,
            :title => "[#{pat[0]}] - #{match.slice(0..21)}"
            )
            break
          end
      end
    end
  rescue => bang
    puts "ERROR!! #{Module.nesting[0].name}"
    puts bang
    if $DEBUG
      puts bang.backtrace 
      puts chat.response.join
    end
  end
end