Class: Watobo::Modules::Passive::Multiple_server_headers
- Inherits:
-
PassiveCheck
- Object
- PassiveCheck
- Watobo::Modules::Passive::Multiple_server_headers
- Defined in:
- modules/passive/multiple_server_headers.rb
Constant Summary
Constants included from Constants
Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED
Instance Method Summary collapse
- #do_test(chat) ⇒ Object
-
#initialize(project) ⇒ Multiple_server_headers
constructor
A new instance of Multiple_server_headers.
Constructor Details
#initialize(project) ⇒ Multiple_server_headers
Returns a new instance of Multiple_server_headers.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'modules/passive/multiple_server_headers.rb', line 29 def initialize(project) @project = project super(project) @info.update( :check_name => 'Collect Server Headers', # name of check which briefly describes functionality, will be used for tree and progress views :description => "Identify Server Header Information, e.g. Apache 6.x ", # description of checkfunction :author => "Andreas Schmidt", # author of check :version => "0.9" # check version ) @finding.update( :threat => 'Information about the system maybe revealed', # thread of vulnerability, e.g. loss of information :class => "Server Headers", # vulnerability class, e.g. Stored XSS, SQL-Injection, ... :type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN ) @server_list = [] end |
Instance Method Details
#do_test(chat) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'modules/passive/multiple_server_headers.rb', line 49 def do_test(chat) begin chat.response.headers.each do |header| if header =~ /^server: (.*)/i then = $1.strip #server_banner.gsub!(/^[ ]+/,"") unless @server_list.include?(chat.request.site + ) #puts "found different server header" @server_list.push chat.request.site + # puts "[#{chat.id}]: #{server_banner}" addFinding( :proof_pattern => "Server: #{}", :chat => chat, :title => ) end end if header =~ /X-Powered-By: (.*)/i then match = $1.strip unless @server_list.include?(chat.request.site + match) #puts "found different server header" @server_list.push chat.request.site + match # puts "[#{chat.id}]: #{server_banner}" addFinding( :proof_pattern => "#{match}", :chat => chat, :title => "#{match}" ) end end end end rescue => bang puts "ERROR!! #{Module.nesting[0].name}" puts bang puts bang.backtrace if $DEBUG end |