Class: Intrigue::Ident::Check::Citrix

Inherits:
Base
  • Object
show all
Defined in:
lib/checks/citrix.rb

Instance Method Summary collapse

Methods inherited from Base

inherited

Instance Method Details

#generate_checks(url) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/checks/citrix.rb', line 6

def generate_checks(url)
  [
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "Netscaler Gateway",
      :match_details => "Citrix Netscaler Gateway",
      :tags => ["tech:vpn"],
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /<title>Netscaler Gateway/,
      :hide => false,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "Netscaler Gateway",
      :match_details => "(often) customized logon page - netscaler gateway",
      :tags => ["tech:vpn"],
      :version => nil,
      :match_type => :content_body,
      :match_content => /CTXMSAM_LogonFont/,
      :hide => false,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "Netscaler Gateway",
      :match_details => "misspelled content-length header",
      :tags => ["tech:vpn"],
      :references => ["https://support.citrix.com/article/CTX211605"],
      :version => nil,
      :match_type => :content_headers,
      :match_content => /^cteonnt-length:.*$/,
      :hide => false,
      :paths => ["#{url}"],
      :examples => ["http://204.29.196.116:80"]
    },
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "Netscaler Gateway",
      :match_details => "cookie",
      :tags => ["tech:vpn"],
      :references => ["https://support.citrix.com/article/CTX131488"],
      :version => nil,
      :match_type => :content_cookies,
      :match_content => /citrix_ns_id=/,
      :hide => false,
      :paths => ["#{url}"],
      :verify => ["dW5kZXJhcm1vdXIjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly8yMDQuMjkuMTk2LjEwMjo4MA=="],
      :examples => ["http://204.29.196.102:80"]
    },
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "XenServer",
      :match_details => "page title",
      :tags => ["tech:hypervisor"],
      :references => [""],
      :version => nil,
      :dynamic_version => lambda { |x| _first_body_capture(x,/<title>XenServer (.*?)<\/title>/) },
      :match_type => :content_body,
      :match_content => /<title>XenServer/,
      :hide => false,
      :paths => ["#{url}"],
      :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTU4Ljg1LjE3My4zNzo4MA=="],
      :examples => ["http://158.85.173.37:80"]
    },
    {
      :type => "application",
      :vendor => "Citrix",
      :product => "XenServer",
      :match_details => "page title",
      :tags => ["tech:hypervisor"],
      :references => [""],
      :version => nil,
      :dynamic_version => lambda { |x| _first_body_capture(x,/<title>Welcome to Citrix XenServer (.*?)<\/title>/) },
      :match_type => :content_body,
      :match_content => /<title>Welcome to Citrix XenServer/,
      :hide => false,
      :paths => ["#{url}"],
      :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzIzLmRjLjU1OWUuaXA0LnN0YXRpYy5zbC1yZXZlcnNlLmNvbTo0NDM="],
      :examples => ["https://23.dc.559e.ip4.static.sl-reverse.com:443"]
    }
  ]
end