Top Level Namespace

Defined Under Namespace

Modules: WhatWeb

Instance Method Summary collapse

Instance Method Details

#ABO_CMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/abo.cms.rb', line 13

WhatWeb::Plugin.define "ABO_CMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-08
  @version = "0.2"
  @description = "ABO.CMS"
  @website = "http://www.abocms.com/"

  # ShodanHQ results as at 2011-04-08 #
  # 54 for A-Powered-By

  @matches = [

    # Version Detection # A-Powered-By Header
    { version: /^ABO\.CMS( E-commerce| Corporative)? ([\d\.]+)/, offset: 1, search: "headers[a-powered-by]" },

  ]
end

#acarsdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/acarsd.rb', line 9

WhatWeb::Plugin.define "acarsd" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "acarsd is an Aircraft Communication Addressing and Reporting System (ACARS) decoder for a LINUX or Windows. It decodes ACARS transmissions collected from a radio scanner in real-time using sound cards. acarsd also provides realtime webserver."
  @website = "http://www.acarsd.org/"

  # More examples here: http://www.acarsd.org/webservers.html
  # Google results as at 2012-02-21 #
  # 11 for intitle:"RealTime Web ACARS" "ACARS decoder for Linux and Windows" "Help" "Map" "Reports" "Search"

  # Dorks #
  @dorks = [
    'intitle:"RealTime Web ACARS" "ACARS decoder for Linux and Windows" "Help" "Map" "Reports" "Search"'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header # Version Detection
    { search: "headers[server]", version: /^acarsd\/([^\s]+)$/ },

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="KjM <[email protected]>">' },

    # Title
    { certainty: 75, regexp: /<title>[^<]*RealTime Web ACARS/ },

    # HTML Comment
    { certainty: 75, text: '<!-- MAIN PART OF WEBACARS -->' },

    # Meta Description # Location
    { string: /<meta name="description" content="Realtime Web ACARS - [^\s]+ Location: ([^\.^\"^>]+)\./ },

  ]
end

#ACheckerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/achecker.rb', line 9

WhatWeb::Plugin.define "AChecker" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.1"
  @description = "AChecker  is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines."
  @website = "http://www.atutor.ca/achecker/"

  # Google results as at 2010-09-17 #
  # 6 for intitle:"AChecker : ATRC Accessibility Checker:"

  # Dorks #
  @dorks = [
    'intitle:"AChecker : ATRC Accessibility Checker:"'
  ]

  @matches = [

    # Default title
    { text: '<title>AChecker : ATRC Accessibility Checker: </title>' },

  ]

  # Version detection
  def passive(target)
    m = []

    if /	<br \/><h1>Web Accessibility Checker<\/h1>/.match?(target.body)
      if /	<\/td><td><span> Version: ([\d\.]+)<\/span><\/td>/.match?(target.body)
        version = target.body.scan(/	<\/td><td><span> Version: ([\d\.]+)<\/span><\/td>/)[0][0]
        m << { version: version }
      end
    end
    m
  end
end

#Acme_ServeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-18 # Andrew Horton Replaced passive function with match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/acme.serve.rb', line 12

WhatWeb::Plugin.define "Acme_Serve" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-01
  @version = "0.2"
  @description = "Minimal Java HTTP server class. This class implements a very small embeddable HTTP server. It runs Servlets compatible with the API used by JavaSoft's JavaServer server. Used as an embedded server for many devices."
  @website = "http://www.acme.com/java/software/Acme.Serve.Serve.html"

  # ShodanHQ results as at 2011-06-01 #
  # 600 for Acme.Serve
  # 592 for Acme.Serve -TJWS
  #  95 for Acme.Serve -JWS
  #  87 for Acme.Serve -JWS -TJWS
  #  87 for Acme.Serve -Rogatkin

  @matches = [
    # Version Detection
    { search: "headers[server]", version: /^Acme\.Serve\/v([\d\.]+) of [\d]{2}[a-z]{3}[\d]{2}$/ },
    # Date Detection
    { name: "Date from server header", search: "headers[server]", string: /^Acme\.Serve\/v[\d\.]+ of ([\d]{2}[a-z]{3}[\d]{2})$/ },
  ]
end

#ACollabObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/acollab.rb', line 9

WhatWeb::Plugin.define "ACollab" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.1"
  @description = "ACollab is an accessible, open source, multi-group, Web-based collaborative work environment. ACollab is available as a work groups addon for ATutor 1.4+ , and as a standalone collaborative work environment that will run on its own."
  @website = "http://www.atutor.ca/acollab/"

  # Google results as at 2010-09-17 #
  # 7 for intitle:"ACollab : Accessible Collaboration Environment:"

  # Dorks #
  @dorks = [
    'intitle:"ACollab : Accessible Collaboration Environment:"'
  ]

  @matches = [

    # Default title
    { text: '<title>ACollab : Accessible Collaboration Environment:' },

  ]
end

#AContentObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/acontent.rb', line 9

WhatWeb::Plugin.define "AContent" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.1"
  @description = "AContent  is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content."
  @website = "http://www.atutor.ca/acontent/"

  # Google results as at 2010-09-17 #
  # 1 for intitle:"AContent: Learning Content Repository:"

  # Dorks #
  @dorks = [
    'intitle:"AContent: Learning Content Repository:"'
  ]

  @matches = [

    # Default title
    { text: '<title>AContent: Learning Content Repository:' },

    # Login page
    { text: '<dt><span class="required" title="Required Field">*</span><label for="login">Login Name or Email</label></dt>' },

    # Default Favicon
    { md5: "28c34462a074c5311492759435549468", url: "/favicon.ico" },

  ]
end

#activeCollabObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 by Andrew Horton Added acpowered.gif logo, and powered by footer



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/activecollab.rb', line 12

WhatWeb::Plugin.define "activeCollab" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-02
  @version = "0.2"
  @description = "activeCollab - project management & collaboration tool - Requires PHP and MySQL"
  @website = "http://www.activecollab.com/"

  # Google results as at 2012-05-02 #
  # 569 for "powered by activeCollab" "Forgot password" intitle:"Login"
  # 109 for inurl:"index.php?path_info=login" intitle:"Login"

  # Dorks #
  @dorks = [
    '"powered by activeCollab" "Forgot password" intitle:"Login"'
  ]

  # Matches #
  @matches = [

    # Login Page # Form
    { text: '<form method="post" id="system_form_2" class="uniForm focusFirstField">' },

    # Login Page # JavaScript # Version Detection
    { version: /if\(\!App\.data\) \{ App\.data = \{\}; \}\s+App\.data\.quick_search_url = "[^"]+";\s+App\.data\.ac_version = "([^"]+)";/ },

    { name: "acpowered.gif", url: '/public/assets/images/acpowered.gif', md5: "ad6152c96454d96f7b8ec78c08bb789b" },
    { name: "powered by footer", text: '<p id="powered_by"><a href="http://www.activecollab.com/"' }
  ]
end

#ActiveHTMLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-18 # Andrew Horton Replaced passive function with match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/activehtml.rb', line 12

WhatWeb::Plugin.define "ActiveHTML" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-06
  @version = "0.2"
  @description = "seliSoft ActiveHTML provides Active-Server-Pages (ASP) to nearly every web server supporting CGI."
  @website = "http://www.selisoft.com/en/ahtml/"

  # ShodanHQ results as at 2011-08-06 #
  # 65 for ActiveHTML

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /ActiveHTML\/([^\s]+)/, search: "headers[server]" },

    # Version Detection # X-Powered-By
    { version: /seliSoft ActiveHTML\/([^\s]+)/, search: "headers[x-powered-by]" }
  ]
end

#ActiveXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-18 # Andrew Horton Replaced passive function with match for Flash-ActiveX

Version 0.2 by Andrew Horton Updated to return the CLSID as a module. Bugfix - quotes around classid are optional



15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/activex.rb', line 15

WhatWeb::Plugin.define "ActiveX" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.3"
  @description = "ActiveX is a framework based on Microsoft's Component Object Model (COM) and Object Linking and Embedding (OLE) technologies. ActiveX components officially operate only with Microsoft's Internet Explorer web browser and the Microsoft Windows operating system. - More info: http://en.wikipedia.org/wiki/ActiveX"

  # Matches #
  @matches = [
    # object clsid
    { module: /<object [^>]*classid=["']?clsid:([\s]*[a-f\d\-]+)['"]?/i },
    # Flash-ActiveX
    { string: "Flash-ActiveX", regexp: /d27cdb6e-ae6d-11cf-96b8-444553540000/ }
  ]
end

#AdaptCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/adaptcms.rb', line 9

WhatWeb::Plugin.define "AdaptCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-12
  @version = "0.1"
  @description = "AdaptCMS is a PHP CMS that is made for complete control of your website, easiness of use and easily adaptable to any type of website"
  @website = "http://www.adaptsoftware.org/article/1/Projects/AdaptCMS/"

  # Google results as at 2010-10-12 #
  # 7 for "powered by AdaptCMS"

  # Dorks #
  @dorks = [
    '"powered by AdaptCMS"'
  ]

  @matches = [

    # Version detection
    { version: /Powered by <a href="http:\/\/www.adaptcms.com">[<b>]*AdaptCMS([^<]*)<\/a>/ },

    # Powered by <a href="http://www.adaptcms.com">AdaptCMS</a>, <a href="http://www.adaptbb.com">AdaptBB</a>.
    # Powered by <a href="http://www.adaptcms.com"><b>AdaptCMS</a>
    # Powered by <a href="http://www.adaptcms.com"><b>AdaptCMS Lite</a>
    # Powered by <a href="http://www.adaptcms.com">AdaptCMS Pro</a>

  ]
end

#AddThisObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/addthis.rb', line 9

WhatWeb::Plugin.define "AddThis" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "AddThis is a free way to boost traffic back to your site by making it easier for visitors to share your content."
  @website = "http://www.addthis.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["|'][^>]*addthis\.com\/js/i },

  ]
end

#AdSubtractObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-18 # Andrew Horton Replaced passive function with match for server header



12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/adsubtract.rb', line 12

WhatWeb::Plugin.define "AdSubtract" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-06
  @version = "0.2"
  @description = "AdSubtract - a Windows proxy which removes popup ads."
  @website = "http://AdSubtract.com"

  # ShodanHQ results as at 2011-06-06 #
  # 65 for AdSubtract

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^AdSubtract ([\d\.]+)$/, search: "headers[server]" }
  ]
end

#AEFObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/aef.rb', line 9

WhatWeb::Plugin.define "AEF" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-27
  @version = "0.1"
  @description = "Advanced Electron Forum (AEF) - bulletin board software - requires PHP and MySQL"
  @website = "http://www.anelectron.com/"

  # Google results as at 2011-09-27 #
  # 385 for "Powered By AEF" "Electron Inc."

  # ShodanHQ results as at 2011-09-27 #
  # 6 for AEFCookies

  # Dorks #
  @dorks = [
    '"Powered By AEF" "Electron Inc."'
  ]

  # Matches #
  @matches = [

    # Meta Keywords
    { certainty: 75, text: '<meta name="keywords" content="aef, advanced, electron, forum, bulletin, board, software" />' },

    # Version Detection
    { version: /<a href="http:\/\/www\.anelectron\.com">Powered By AEF ([^<]{1,256})<\/a> &copy; [\d]{4}/ },

    # AEFCookies cookie
    { search: "headers[set-cookie]", regexp: /AEFCookies[\d]*\[aefsid\]=/ },

  ]
end

#AiCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/aicart.rb', line 9

WhatWeb::Plugin.define "AiCart" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-19
  @version = "0.1"
  @description = "AiCart shopping cart software is created in PHP and uses a simple template structure, makes it very flexible and easy to modify. The data in AiCart is stored in a MySQL database."
  @website = "http://www.aicart.ca/"

  # 17 for inurl:"/store.php?action=view_product pid="

  # Dorks #
  @dorks = [
    'inurl:"/store.php?action=view_product pid="'
  ]

  # Matches #
  @matches = [

    # login.php
    { text: '" for = "l_password">Password <span class="req">*</span></label>' },
    { text: '<input id = "l_password" name = "l_password" class = "field text medium" type = "password" maxlength = "255" value = "" />' },
    { text: '<input id="l_remember_me" name="l_remember_me" class = "field checkbox" type = "checkbox" value = "1" />' },
    { text: '<input name="APP_authenticate" type="hidden" id="APP_authenticate" value="frmLogin" />' },

  ]
end

#AirOSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/airos.rb', line 9

WhatWeb::Plugin.define "AirOS" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-30
  @version = "0.1"
  @description = "AirOS is an intuitive, versatile, highly developed Ubiquiti firmware technology that resides on Ubiquiti Station products. It is exceptionally intuitive and was designed to require no training to operate. Behind the user interface is a powerful firmware architecture which enables hi-performance outdoor multipoint networking. "
  @website = "http://www.ubnt.com/airos"

  # ShodanHQ results as at 2010-10-30 #
  # 8,411 for "Set-Cookie:" "AIROS_SESSIONID" Path= Version=
  # 8,411 for "cookiechecker uri="

  @matches = [

    # Login page
    { text: "cache_images(['main_top.png', 'main.png', 'link.png', 'net.png', '4dv.png', 'srv.png', 'system.png', 'border.gif', 'spectr.gif']);" },

  ]

  # Passive # HTTP Header
  def passive(target)
    m = []

    # Cookie
    m << { name: "AIROS_SESSIONID Cookie" } if target.headers["set-cookie"] =~ /AIROS_SESSIONID=[a-z0-9]{32}; Path=\/; Version=([\d\.]+)/

    # Location: /cookiechecker?uri=/
    m << { name: "Location HTTP Header", status: 301 } if target.headers["location"] =~ /\/cookiechecker\?uri=\//

    m
  end
end

#AirTiesRouterObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/airtiesrouter.rb', line 10

WhatWeb::Plugin.define "AirTiesRouter" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "AirTies Wireless Router"
  @website = "http://www.airties.com/"

  @matches = [
    { version: /<title>Airties ([^<]+)</ }
  ]
end

#AirvaeCommerceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-07 # Updated version detection method Updated matches



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/airvaecommerce.rb', line 13

WhatWeb::Plugin.define "AirvaeCommerce" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.2"
  @description = "Airvae Commerce 3.0 is a flexible, powerful, e-commerce shopping cart software offering clients, web developers, and I.T. professionals the perfect solution to deploy sophisticated, extensible, e-commerce solutions."
  @website = "http://www.airvaecommerce.com/"

  # Google results as at 2010-08-22 #
  # 43 for "powered by AirvaeCommerce" -Vulnerability

  # Dorks #
  @dorks = [
    '"powered by AirvaeCommerce" -Vulnerability'
  ]

  # Matches #
  @matches = [

    # Default stylesheet HTML
    { text: '<link href="imgs/store.css" rel="stylesheet" media="screen">' },

    # 3.x # Default stylesheet HTML
    { text: '<link href="/conf/minify/f=imgs/store.css&142" rel="stylesheet" media="screen">', version: "3.x" },

    # Version Detection # Powered by footer
    { version: /<a href="http:\/\/www.airvaecommerce.com">Powered by AirvaeCommerce ([\d\.]+) - E-Commerce Shopping Cart Software<\/a><br><br>/ },

  ]
end

#AllNewsManager_NETObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/allnewsmanager.net.rb', line 9

WhatWeb::Plugin.define "AllNewsManager_NET" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-04
  @version = "0.1"
  @description = "AllNewsManager.NET is a free news/article management system for ASP.NET sites."
  @website = "http://www.allnewsmanager.net/allnewsmanager/homepage.aspx"

  # Google results as at 2011-03-04 #
  # 80 for "Powered by AllNewsManager.NET"

  # Dorks #
  @dorks = [
    '"Powered by AllNewsManager.NET"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /(kujeme|Powered by) <a id="[^"]+" href="http:\/\/www.allnewsmanager.net">AllNewsManager.NET<\/a>/ },

  ]
end

#AllowObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/allow.rb', line 9

WhatWeb::Plugin.define "Allow" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-01
  @version = "0.1"
  @description = "This plugin retrieves the allowed methods from the HTTP Allow header. - More info: http://en.wikipedia.org/wiki/List_of_HTTP_header_fields"

  # 83 ShodanHQ results for "Allow: PUT" @ 2010-11-01
  # About 255 ShodanHQ results for "Allow: DELETE" @ 2010-11-01

  # Passive #
  def passive(target)
    m = []

    # Allow HTTP Header
    m << { module: target.headers["allow"].to_s } if target.headers["allow"]

    m
  end
end

#AlumniServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/alumniserver.rb', line 9

WhatWeb::Plugin.define "AlumniServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "Open Source Alumni software (PHP) for universities, schools and other organizations. Features include profile page, photo upload, messages, forum, job market. Admin pages include user management, content management, newsletter, website configuration."
  @website = "http://sourceforge.net/projects/alumniserver/"

  # Google results as at 2011-03-15 #
  # 9 for "AlumniServer project" inurl:AlumniServerProject.php
  # 5 for "This Alumni website runs with open source software from the AlumniServer project."

  # Dorks #
  @dorks = [
    '"AlumniServer project" inurl:AlumniServerProject.php',
    '"This Alumni website runs with open source software from the AlumniServer project."'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 75, ghdb: 'inurl:AlumniServerProject.php "AlumniServer project"' },

    # AlumniServer project footer link
    { text: '<div style="float:right;"><a href="AlumniServerProject.php" style="color:#c6cccd;margin:2px;margin-right:10px;">AlumniServer project</a></div>' },

    # NoScript HTML
    { text: '<div style="margin:25px 15px 20px 15px;"><noscript><div style="color:red;margin-bottom: 15px;">Your browser does not support JavaScript!</div></noscript><h2>The AlumniServer project</h2>' },

    # Meta Keywords
    { certainty: 25, text: '<meta name="keywords" content="Alumni,Student,Network,Community,University">' },

  ]
end

#AM4SSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/am4ss.rb', line 9

WhatWeb::Plugin.define "AM4SS" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-11
  @version = "0.1"
  @description = "Advanced Management For Services Sites (AM4SS)"
  @website = "http://am4ss.org/"

  # ShodanHQ results as at 2011-09-11 #
  # 396 for "Powered by AM4SS"
  # 353 for intitle:"Powered by AM4SS"

  # Dorks #
  @dorks = [
    'intitle:"Powered by AM4SS"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Copyright
    { version: /<meta name="copyright" content="Powered by am4ss ([^\s]+) (Programmed By|programming by) Mohammed Cherkaoui" \/>/ },

    # HTML Comment
    { text: '<!-- Header end and right block start -->' },

    # Powered by text
    { text: 'Powered By <a href="http://am4ss.com"><font color="#FF000">AM4SS</font></a>' },

    # StyleSheet
    { regexp: /<link rel="stylesheet" type="text\/css" href="templates\/[^\/]+\/am4ss\.css" \/>/ },

  ]
end

#AMDSoFTObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/amdsoft.rb', line 9

WhatWeb::Plugin.define "AMDSoFT" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-21
  @version = "0.1"
  @description = "CMS [Iranian]"
  @website = "http://www.iranfairit.com/main/index.aspx"

  # Google results as at 2011-06-21 #
  # 50 for "Powered by AMDSoFT" ext:aspx

  # Dorks #
  @dorks = [
    '"Powered by AMDSoFT" ext:aspx'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { regexp: /style="color: aliceblue"><span style="color: gray">Powered\s+by<\/span> <\/span><a href="http:\/\/www\.iranfairit\.com">/ },

  ]
end

#ANECMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/anecms.rb', line 12

WhatWeb::Plugin.define "ANECMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-15
  @version = "0.2"
  @description = "ANECMS"
  @website = "http://anecms.com/"

  # Dorks #
  @dorks = [
    '"powered by anecms"'
  ]

  # 11 results for "powered by anecms" @ 2010-06-15

  @matches = [

    # Default meta author
    { text: '<meta name="Author" content="Erwin Aligam - [email protected]" />' },

    # Powered by text
    { ghdb: '"powered by anecms"', certainty: 75 },
    { regexp: /&copy; [\d]{4} <strong><a href="http:\/\/anecms.com[^\>]*>anecms.com<\/a><\/strong>/ },

    # Default title
    { regexp: /<title>[^<^\-]+- Powered By ANECMS<\/title>/ },

  ]
end

#AntiboardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Updated description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/antiboard.rb', line 12

WhatWeb::Plugin.define "Antiboard" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "Antiboard is a PHP forum. Homepage used to be http://www.resynthesize.com/code/antiboard.php."

  # Dorks #
  @dorks = [
    'inurl: antiboard.php'
  ]

  # inurl: antiboard.php
  #  <form method="post" action="/antiboard/antiboard.php">
  # <a href="http://www.resynthesize.com/code/antiboard.php">Powered by antiboard 0.7.2</a>

  # Matches #
  @matches = [
    { name: "inurl", ghdb: "inurl:antiboard.php" },
    { name: "powered by", text: "<a href=\"http://www.resynthesize.com/code/antiboard.php\">Powered by antiboard" }
  ]
end

#AnyGateObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/whatweb/plugins/anygate.rb', line 10

WhatWeb::Plugin.define "AnyGate" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "Korean home wifi/router device"
  @website = "http://www.anygate.co.kr/"

  @matches = [
    { url: '/index.asp', text: '<title>AnyGate' },
    { url: '/index.asp', text: "사용자 암호가 설정되어 있지 않습니다.", string: "No Password" }
  ]
end

#anyInventoryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/anyinventory.rb', line 12

WhatWeb::Plugin.define "anyInventory" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-25
  @version = "0.2"
  @description = "anyInventory, the most flexible and powerful web-based inventory system"
  @website = "http://anyinventory.sourceforge.net/"

  # 51 results for "anyInventory, the most flexible and powerful web-based inventory system" @ 2010-07-25

  @matches = [

    # Default title
    { text: '		<title>anyInventory: Top</title>' },

    # Default HTML
    { regexp: /					 you have inventoried <b>[0-9]*<\/b>  items with <a href="http:\/\/anyinventory.sourceforge.net\/">anyInventory, the most flexible and powerful web-based inventory system<\/a>/ },

    # Version detection # default whitespace and version
    # Tested versions: 1.9.1 / 1.9.2 / 2.0
    { version: /								anyInventory ([\d\.]+)/ },

  ]
end

#AOLserverObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/aolserver.rb', line 9

WhatWeb::Plugin.define "AOLserver" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.1"
  @description = "AOLserver is America Online's Open-Source web server. AOLserver is the backbone of the largest and busiest production environments in the world. AOLserver is a multithreaded, Tcl-enabled web server used for large scale, dynamic web sites."
  @website = "http://www.aolserver.com/"
  # Source: http://aolserver.github.com/

  # ShodanHQ results as at 2011-06-04 #
  # 34,038 for aolserver

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^AOLserver$/ },

    # Version Detection
    { search: "headers[server]", version: /^AOLserver\/([^\s]+)/ },

  ]
end

#ApacheObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.8 # 2011-05-25 # Updated module detection Added htaccess www-authenticate realm detection

Version 0.7 # 2011-04-06 # Removed favicon matches in favor of /icons/ matches

Version 0.6 # Updated module detection

Version 0.5 # Added module detection

Version 0.4 # Combined Apache and Apache default pages plugins



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/whatweb/plugins/apache.rb', line 25

WhatWeb::Plugin.define "Apache" do
  @author = "Andrew Horton & Brendan Coles"
  @version = "0.8"
  @description = "The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards."
  @website = "http://httpd.apache.org/"

  # Google results as at 2010-10-26 #
  # 190 for intitle:"Test Page for Apache Installation"

  # ShodanHQ results #
  # 8,146,697 for "server: Apache"
  # 217,2233 for "server: mod_ssl"
  # 691,816 for "server: mod_auth_passthrough"
  # 753,880 for "server: mod_bwlimited"
  # 177,808 for "Server: mod_jk"
  # 25,076 for "Server: mod_fcgid"
  # 165,191 for "Server: mod_log_bytes"
  # 75,655 for "Server: mod_gzip"
  # 559 for for "Server: mod_security"
  # 450,117 for "Server: mod_perl"
  # 154,334 for "Server: mod_python"
  # 87,454 for "Server: mod_fastcgi"
  # 45,696 for "Server: mod_psoft_traffic"
  # 34,854 for "Server: mod_macro"
  # 61,692 for "Server: mod_throttle"
  # 3,553 for NOYB
  # 667 for WebSnmp Server Httpd
  # 16,566 for proxy_html
  # 26 for Basic realm "htaccess password prompt"

  # Dorks #
  @dorks = [
    'intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page"',
    'intitle:"Welcome to Your New Home Page!" "by the Debian release"',
    'intitle:"Test Page for Apache" "It Worked!"'
  ]

  # Matches #
  @matches = [

    # Default page # Default title
    { text: "<title>Test Page for Apache Installation</title>", string: "Default" },
    { text: "<TITLE>Test Page for the SSL/TLS-aware Apache Installation on Web Site</TITLE>", string: "Default" },

    # Default page # Default HTML
    { text: "<html><body><h1>It works!</h1></body></html>", string: "Default" },
    { text: "<html>Apache is functioning normally</html>", string: "Default" },
    { name: "This IP is being shared among many domains.",
      text: "<body><center>This IP is being shared among many domains.<br>\nTo view the domain you are looking for, simply enter the domain name in the location bar of your web browser.<br>", string: "Default" },
    { text: "Apache is working on your cPanel<sup>&reg;</sup> and WHM&#8482; Server", string: "Default" },

    # /icons/apache_pb.gif
    { url: "/icons/apache_pb.gif", md5: "48bc8b181b36c9289866a2e30f6afedd" },

    # /icons/apache_pb2.gif # 2.x
    { url: "/icons/apache_pb2.gif", md5: "36ccabeb1ad841c6af37660c3865a9c9", version: "2.x" },
    { url: "/icons/apache_pb2.gif", md5: "726dac78d3a989a360fc405452a798ee", version: "2.2" },

    # Headers
    { regexp: /^Apache/i, search: "headers[server]", name: "HTTP Server Header" },
    { version: /^Apache\/([\d\.]+)/i, search: "headers[server]", name: "HTTP Server Header" },
    { certainty: 75, module: "mod_security", regexp: /^NOYB$/, search: "headers[server]" },
    { certainty: 75, name: "htacess WWW-Authenticate realm", search: "headers[www-authenticate]", regexp: /Basic realm="htaccess password prompt"/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header # Apache
    if /^Apache/i.match?(target.headers["server"])

      # Module Detection
      m << { module: target.headers["server"].scan(/[\s](mod_[^\s^\(]+)/).flatten } if target.headers["server"] =~ /[\s](mod_[^\s^\(]+)/
      # proxy_html Module Detection
      m << { module: target.headers["server"].scan(/[\s](proxy_html\/[^\s]+)/).flatten } if target.headers["server"] =~ /[\s](proxy_html\/[^\s]+)/

    end

    # HTTP Server Header # Apache WebSnmp module
    if /^WebSnmp Server Httpd\/([\d.]+)$/.match?(target.headers["server"])
      m << { module: "WebSnmp/" + target.headers["server"].scan(/^WebSnmp Server Httpd\/([\d.]+)$/).flatten.first.to_s }
    end

    # x-mod-pagespeed Header # mod_pagespeed module
    m << { module: "mod_pagespeed/" + target.headers["x-mod-pagespeed"].scan(/^([\d\.]+-[\d]{3})$/).flatten.first.to_s } if target.headers["x-mod-pagespeed"] =~ /^([\d\.]+-[\d]{3})$/

    # Return passive matches
    m
  end
end

#AppleIDiskServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/appleidiskserver.rb', line 12

WhatWeb::Plugin.define "AppleIDiskServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-02
  @version = "0.2"
  @description = "With MobileMe iDisk, it.s easy to store, access, and share files online. You have plenty of storage space . even large files are no problem. Just add the files you need to your iDisk, and whatever you upload will be there for you to download using a web browser on any computer or using the iDisk app for iPhone, iPad, or iPod touch."
  @website = "http://www.apple.com/mobileme/features/idisk.html"

  # ShodanHQ results as at 2011-04-02 #
  # 286 for AppleIDiskServer

  @matches = [

    # HTTP Server header
    { regexp: /^AppleIDiskServer/, search: "headers[server]" },

    # HTTP Server header # Version Detection
    { version: /^AppleIDiskServer[\.|-][A-Z\d]+$/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server header
    if /^AppleIDiskServer[\.|-][A-Z\d]+$/.match?(target.headers["server"])

      # WWW Authenticate
      m << { name: "WWW Authenticate" } if target.headers["www-authenticate"] =~ /Basic realm="me\.com"/

      # Account Detection # X-dmUser
      m << { account: target.headers["x-dmuser"] } if target.headers["x-dmuser"]
    end

    # Return passive matches
    m
  end
end

#AppletObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-07 # Updated URL extraction method



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/applet.rb', line 12

WhatWeb::Plugin.define "Applet" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-15
  @version = "0.2"
  @description = "This plugin detects instances of applet HTML elements and retrieves the URL from the code parameter."
  @website = "http://en.wikipedia.org/wiki/Java_applet"

  # Google results as at 2010-10-15 #
  # 183 for "this site requires java"

  # Matches #
  @matches = [

    # Extract Code
    { string: /<applet[^>]+code[\s]*=[\s]*["|']?([^\s^>^"^']+)[^>]*>/i },

  ]
end

#AppServObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/appserv.rb', line 9

WhatWeb::Plugin.define "AppServ" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-23
  @version = "0.1"
  @description = "AppServ is an Apache, MySQL, PHP, phpMyAdmin installer package for Windows and Linux."
  @website = "http://www.appservnetwork.com/"

  # Google results as at 2011-09-23 #
  # 55 for intitle:"AppServ Open Project" "About AppServ Version"

  # Dorks #
  @dorks = [
    'intitle:"AppServ Open Project" "About AppServ Version"'
  ]

  # Matches #
  @matches = [

    { version: /<span class="headd"><strong><big>&nbsp; The AppServ Open Project - ([^\s]+) for (Windows|Linux) <\/big><\/strong><\/span><\/font><\/td>/ },

    { text: '<font color="#000080" class="headd">&nbsp;&nbsp;&nbsp;<img src="appserv/softicon.gif"' },

  ]
end

#ArticlePublisherPROObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-07 # Updated version detection method



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/articlepublisherpro.rb', line 12

WhatWeb::Plugin.define "ArticlePublisherPRO" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-30
  @version = "0.2"
  @description = "The Flexible and Easy Article Publishing System"
  @website = "http://article-publisher-pro.phparticlescript.com/"

  # Google results as at 2010-08-30 #
  # 31 for "powered by Article Publisher PRO" -Vulnerability

  # Dorks #
  @dorks = [
    '"powered by Article Publisher PRO" -Vulnerability'
  ]

  # Matches #
  @matches = [

    # Admin page
    { text: '<script>location.replace("./admin.php?showlogin");</script>' },
    { text: '<title>Article Publisher PRO Administrator Control Panel</title>' },
    { text: '<img src="/images/logo_app.gif"></div></td><td width="60%"><div id="title" class="column">Admin Control Panel</div></td>' },
    { text: '		<form name=fl method=post action=admin.php?login>' },

    # Error page
    { text: '<br><br><center><b>Please use a proper method to browse article(s) - The method you are using is not allowed...</b></center>' },

    # Version detection # Powered by text
    { version: /<div class="powered">Powered by <a href="http:\/\/www.ArticlePublisherPRO.com" target="_blank">Article Publisher PRO<\/a>  v([\d\.]+)/ },

  ]
end

#ashnewsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-07 # Updated version detection method



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/ashnews.rb', line 12

WhatWeb::Plugin.define "ashnews" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.2"
  @description = "ashnews is a simple program using PHP/MySQL that allows you to easily add a news/blog system to your site."
  @website = "http://projects.ashwebstudio.com/"

  # 19 results for "News powered by ashNews" -allinurl -Vulnerabilities @ 2010-08-28

  # Matches #
  @matches = [

    # Version Detection # powered by text
    { version: /<td align="center"><font face=Arial size=1>News powered by <a href=http:\/\/projects.ashwebstudio.com>ashnews v([\d\.]+)<\/a><\/font><\/td>/ },

  ]
end

#ASProxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/asproxy.rb', line 9

WhatWeb::Plugin.define "ASProxy" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-25
  @version = "0.1"
  @description = "ASProxy is a free and open-source web proxy which allows the user to surf the net anonymously."
  @website = "http://asproxy.sourceforge.net/"

  # Google results as at 2011-05-25 #
  # 26 for "Surf the web with ASProxy" inurl:(surf|noscript)
  # 12 for "Surf the web with ASProxy" inurl:(surf|noscript) inurl:B6X!

  # Dorks #
  @dorks = [
    '"Surf the web with ASProxy" inurl:(surf|noscript)'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- Surf the web invisibly using ASProxy power. A Powerfull web proxy is in your hands. -->' },
    { text: '<!--This is ASProxy powered by SalarSoft. -->' },

    # input button id="btnASProxyDisplayButton"
    { text: '<input type="button" onclick="_Page_SubmitForm()" value="Display" id="btnASProxyDisplayButton" class="Button" />' },

    # Version Detection
    { version: /asproxydone="2"(\ style="font-weight:[\s]*bold;[\s]*text-decoration:[\s]*none")?>ASProxy ([^\s^<]+)<\/a>/, offset: 1 },

  ]
end

#aspWebLinksObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection #



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/aspweblinks.rb', line 11

WhatWeb::Plugin.define "aspWebLinks" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.2"
  @description = "Web app for categorizing links"
  @website = "http://www.fullrevolution.com/"

  # Dorks #
  @dorks = [
    '"powered by aspWebLinks"'
  ]

  # 41 results for "powered by aspWebLinks" @ 2010-08-28
  # 7 results for "powered by aspWebLinks" intitle:"aspWebLinks" @ 2010-08-28

  @matches = [

    # Version detection # Powered by text
    { version: /Powered By aspWebLinks ([\d\.]+) from <A[^>]*HREF=["']http:\/\/www.fullrevolution.com[^>]*>Full Revolution, Inc.<\/A>/ },
    { version: /<A[^>]*HREF=["']http:\/\/www.fullrevolution.com[^>]*>Powered By aspWebLinks ([\d\.]+)<\/A>/ },

    # Version detection # Default title
    { version: /<title>aspWebLinks ([\d\.]+)<\/title>/ },

  ]
end

#AsteriskObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/whatweb/plugins/asterisk.rb', line 9

WhatWeb::Plugin.define "Asterisk" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-29
  @version = "0.1"
  @description = "Asterisk - communications server software. Asterisk powers IP PBXs, VoIP gateways, call center ACDs and IVR systems."
  @website = "https://www.asterisk.org/asterisk"

  # ShodanHQ results as at 2011-08-29 #
  # 23,957 for Asterisk

  # Google results as at 2011-08-29 #
  # 4 for intitle:"Asterisk Configuration GUI" "Asterisk Configuration Panel - Please click on a panel to manage related features"

  # Dorks #
  @dorks = [
    'intitle:"Asterisk Configuration GUI" "Asterisk Configuration Panel - Please click on a panel to manage related features"'
  ]

  # Matches #
  @matches = [

    # Redirect Page # /static/index.html
    { url: "/static/index.html", regexp: /Your browser should automatically go to the configuration page\.[\s]+<br>[\s]+Or you can <a href="config\/cfgbasic\.html">click here<\/a>[\s]+<br>/ },

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Asterisk\// },

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Asterisk\/(.+)$/ },

    # HTML Comment
    { regexp: /<!--[\s]+\* Asterisk-GUI -[\s]+an Asterisk configuration interface/ },

    # StyleSheet
    { text: '<link href="stylesheets/cfgbasic.css" media="all" rel="Stylesheet" type="text/css" />' },

    # NoScript # /static/config/index.html
    { url: "/static/config/index.html", text: '<div id="ACTIVE_CONTENT"><noscript>You need to enable Javascript in your browser !!</noscript></div>' },

    # GUI Version Detection # /static/config/js/astman.js
    { url: "/static/config/js/astman.js", module: /		version : '([^']+)' \/\/ gui version/ },

  ]
end

#ATutorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/atutor.rb', line 9

WhatWeb::Plugin.define "ATutor" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.2"
  @description = "ATutor is a free Open Source Web-based elearning environment designed with accessibility and adaptability in mind."
  @website = "http://www.atutor.ca/"
  # Source: https://github.com/atutor/ATutor/

  # Dorks #
  @dorks = [
    'For guidance on using ATutor see the official ATutor Handbook',
    'inurl:"mods/_standard/social/index_public.php"'
  ]

  # Matches #
  @matches = [

    { name: "Meta Generator", string: %r{<meta name="Generator" content="ATutor - Copyright ([0-9]{4}) by http://atutor.ca" />} },

    { name: "JavaScript", certainty: 75, text: 'ATutor.course = ATutor.course || {};' },

    { name: "Documentation link", text: '<span id="howto">For guidance on using ATutor see the official' },

  ]
end

#AurionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/aurion.rb', line 9

WhatWeb::Plugin.define "Aurion" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "Integrated HR and Payroll software available online, hosted or in-house. [Australian]"
  @website = "http://www.aurion.com.au/"

  # Google results as at 2011-08-25 #
  # 2 for intitle:"Aurion V10"
  # 2 for "Error: JavaScript is not enabled" "Please enable JavaScript in your browser or refer to you internal IT support for assistance."
  # 1 for inurl:aurprod10

  # Dorks #
  @dorks = [
    '"Error: JavaScript is not enabled" "Please enable JavaScript in your browser or refer to you internal IT support for assistance."'
  ]

  # Matches #
  @matches = [

    # Login Page # Noscript
    { text: '<br/>Please enable JavaScript in your browser or refer to you internal IT support for assistance.<br/><br/></div>' },

    # Login Page # HTML comment
    { text: '<!-- Aurion Teal will be used as the login-time default. Shell layouts will replace these after login. -->' },

    # Login Page # HTML comment
    { text: '<!-- teal.css has stuff needed for div#loading-noscript -->' },

    # meta http-equiv="X-UA-Compatible" and HTML comment
    { text: '<meta http-equiv="X-UA-Compatible" content="chrome=1; IE=8; IE=7"> <!-- Stop Internet Explorer from using "Compatability Mode" -->' },

    # Login Page # Version Detection # Title
    { version: /<title>Aurion V([^\s^<]+)<\/title>[\s]+<link rel="shortcut icon" href="\.\/favicon\.ico" >/ },

  ]
end

#AvantFAXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-08-23 # Brendan Coles <[email protected]> Added version detection and google dorks



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/avantfax.rb', line 12

WhatWeb::Plugin.define "AvantFAX" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-10
  @version = "0.2"
  @description = "AvantFAX is a web application for managing faxes on HylaFAX fax servers."
  @website = "http://avantfax.com/"

  # ShodanHQ results as at 2011-05-10 #
  # 216 for AvantFAX

  # Google results as at 2011-08-23 #
  # 18 for "avantfax login" "Enter your username and password to access the fax interface."

  # Dorks #
  @dorks = [
    '"avantfax login" "Enter your username and password to access the fax interface."'
  ]

  # Matches #
  @matches = [

    # Meta description
    { text: '<meta name="description" content="Web 2.0 HylaFAX management" />' },

    # Password input HTML
    { text: '</label><br /><br /><input type="password" name="password" id="password" style="width: 12em" maxlength="15" /></p><br />' },

    # AvantFAX Cookie
    { search: "headers[set-cookie]", regexp: /AvantFAX=[a-z\d]{26}; path=\// },

    # Version Detection # Login page
    { version: /<p><a href="http:\/\/www\.avantfax\.com" target="_blank"><img src="images\/avantfax-big\.png" border="0" alt="AvantFAX" \/><\/a><\/p>[\s]+<p align="center">([^\s^<]+)<\/p>/ },

  ]
end

#AxCMS_netObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/axcms.net.rb', line 9

WhatWeb::Plugin.define "AxCMS_net" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-04
  @version = "0.1"
  @description = "AxCMS.net - the free ASP.NET CMS by Axinom"
  @website = "http://en.axcms.net/"

  # Google results as at 2011-03-04 #
  # 59 for "powered by axcms"

  # ShodanHQ results as at 2011-03-04 #
  # 8 for X-Powered-By: AxCMS.net

  # Dorks #
  @dorks = [
    '"powered by axcms"'
  ]

  # Matches #
  @matches = [

    # Powered by logo HTML
    { text: '<div style="text-align:center;width:100%;"><a href="http://axcms.net" target="_blank"><img src="http://axcms.net/upload/poweredby_150x25_13871.png" height="25" width="150" alt="Powered by AxCMS.net" style="height:25px;width:150px;border-width:0px;" /></a></div></form>' },

    # Version Detection # Meta Generator
    { version: /<meta name="GENERATOR" content="AxCMS.net ver([\d\.]{1,15})">/ },
    { version: /<meta name="GENERATOR" content="AxCMS.net ([\d\.]{1,15})" \/>/ },

    # Version Detection # HTML Comment
    { version: /<!-- Generated by AxCMS.net ([\d\.]{1,15}) -->/ },

    # HTML Comment
    { text: '<!-- Build and published by AxCMS.net | powered by Axinom-->' },

  ]

  # Passive #
  def passive(target)
    m = []

    # X-Powered-By: AxCMS.net
    m << { version: target.headers['x-powered-by'].scan(/AxCMS.net ([\d\.]+)/)[0] } if target.headers['x-powered-by'] =~ /AxCMS.net ([\d\.]+)/

    # Return passive matches
    m
  end
end

#AxousObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/axous.rb', line 9

WhatWeb::Plugin.define "Axous" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-20
  @version = "0.1"
  @description = "Axous is an e-shop system for software venders."
  @website = "http://www.axous.com/"

  # Google results as at 2012-05-20 #
  # 105 for "Powered by Axous" "Valid CSS"

  # Dorks #
  @dorks = [
    '"Powered by Axous" "Valid CSS"'
  ]

  # Matches #
  @matches = [

    # Meta Generator # The version is a lie
    { regexp: /<meta name="generator" content="Axous V([^"]+)" \/>/ },

    # Footer # Powered by link # Version Detection
    { version: /Powered by <a href="http:\/\/www\.axous\.com\/" target="_blank" title="Axous Shareware Shop">Axous ([^\s]+)<\/a> &copy;/ },

    # tits? In my HTML? It's more likely than you think.
    { text: '<div class="tit2 tit3">Products</div>' },

  ]
end

#axTLSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-18 # Andrew Horton Replaced passive function with :search=>“headers” pattern Added website parameter



13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/axtls.rb', line 13

WhatWeb::Plugin.define "axTLS" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools."
  @website = "http://axtls.sourceforge.net/"

  # ShodanHQ results as at 2011-05-30 #
  # 592 for axhttpd

  @matches = [
    { version: /^axhttpd\/([^\s]+)$/, search: "headers[server]" }
  ]
end

#b2evolutionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/b2evolution.rb', line 9

WhatWeb::Plugin.define "b2evolution" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-11
  @version = "0.1"
  @description = "b2evolution is a powerful blog tool you can install on your own website."
  @website = "http://b2evolution.net/"

  # Dorks #
  @dorks = [
    '"Powered by b2evolution"'
  ]

  # 482 results for "Powered by b2evolution" @ 2010-10-11

  @matches = [

    # Default image HTML
    { regexp: /rsc\/img\/powered-by-b2evolution-150t.gif" alt="Powered by b2evolution"/i },

    # Version detection # Login page
    { version: /<p class="footer"><a href="http:\/\/b2evolution.net\/" title="visit b2evolution's website"><strong>b2evolution ([^<]+)<\/strong><\/a>/ },

    # Version detection # Meta generator
    { version: /<meta name="generator" content="b2evolution ([^\"]+)" \/>/ },

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/b2evolution.net[\/]*"[^>]+>b2evolution<\/a>/ },

  ]
end

#BAB_StatsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/bab.stats.rb', line 9

WhatWeb::Plugin.define "BAB_Stats" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-16
  @version = "0.1"
  @description = "BAB.Stats is a statistics system for the Delta Force series of games by Novalogic."
  @website = "http://www.babstats.com/progress.php"

  # Google results as at 2011-03-16 #
  # 137 for intitle:"Powered by BAB.Stats"
  # 12 for "BAB.Stats is a statistics system for the Delta Force series of games by Novalogic" inurl:"index.php?action=about"

  # Dorks #
  @dorks = [
    'intitle:"Powered by BAB.Stats"',
    '"BAB.Stats is a statistics system for the Delta Force series of games by Novalogic" inurl:"index.php?action=about"'
  ]

  # Matches #
  @matches = [

    # Meta Author
    { text: '<meta NAME="Author" CONTENT="Bab.Stats Team">' },

    # Title
    { certainty: 25, regexp: /<title>[^:]+ :: [^:]+ :: Powered by BAB.stats<\/title>/ },

    # Version Detection
    { version: /Powered by BAB.Stats :: <a href="index.php\?action=about&bms=" onmouseover="doTooltip\(event, 'About BaB.Stats'\)" onmouseout="hideTip\(\)">BabStats v([\d\.]+)<\/a>/ },

    # Version Detection
    { version: /Powered by <a href="index.php\?action=about&bms=">BAB.stats<\/a> version ([\d\.]+)/ },

    # Chronos # Meta Author
    { text: '<meta NAME="Author" CONTENT="Tomas Stucinskas a.k.a Baboon">', string: "Chronos" },

    # Chronos # Title
    { text: ' - Powered by BAB.stats Chronos</title>', string: "Chronos" },

    # Chronos # HTML Comment
    { text: '<!-- @author = : Tomas Stucinskas a.k.a Baboon -->', string: "Chronos" },

    # Chronos # Version Detection # Powered by link
    { version: /Powered by Bab.stats ::[\r\n\s]*<a[^>]+href="(http:\/\/www.babstats.com\/|\/Neos_Chronos\/index.php\?action=about)">Neos.Chronos<\/a> ::[\s\r\n]*Version ([^\(]+) \(Standalone\)/, offset: 1, string: "Chronos" },

  ]
end

#BackBeeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
 
# File 'lib/whatweb/plugins/backbee.rb', line 9

WhatWeb::Plugin.define "BackBee" do
  @author = "Guillaume Delacour <[email protected]>" # 2016-04-22
  @version = "0.1"
  @description = "BackBee is an open source Content Management System (CMS)"

  # Matches #
  @matches = [
    { certainty: 100, text: '<div id="bb5-site-wrapper">' },
  ]
end

#BackupPCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/backuppc.rb', line 9

WhatWeb::Plugin.define "BackupPC" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-20
  @version = "0.1"
  @description = "BackupPC is a high-performance, enterprise-grade system for backing up Linux, WinXX and MacOSX PCs and laptops to a server's disk."
  @website = "http://backuppc.sourceforge.net/"

  # ShodanHQ results as at 2011-08-20 #
  # 75 for BackupPC_Admin

  # Google results as at 2011-08-20 #
  # 1 for intitle:"BackupPC Server Status" inurl:BackupPC_Admin

  # Dorks #
  @dorks = [
    'intitle:"BackupPC Server Status" inurl:BackupPC_Admin'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 75, ghdb: 'inurl:"/cgi-bin/BackupPC_Admin"' },

    # input value="hostInfo"
    { text: '<input type="hidden" name="action" value="hostInfo"><input type="submit" value="Go" name="ignore">' },

    # body onLoad
    { text: '</head><body onLoad="document.getElementById(\'NavMenu\').style.height=document.body.scrollHeight">' },

    # WWW-Authenticate Header
    { search: "headers[www-authenticate]", regexp: /Basic realm="(Backup Admin|BackupPC admin|backuppc)"/ },

    # Location Header
    { url: "/", search: "headers[location]", regexp: /\/cgi-bin\/BackupPC_Admin$/ },

  ]
end

#BadBlueObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/badblue.rb', line 12

WhatWeb::Plugin.define "BadBlue" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-20
  @version = "0.2"
  @description = "A free, very small Windows web server for sharing, publishing and serving files."
  @website = "http://www.badblue.com/"

  # Google results as at 2011-04-20 #
  # 12 for intitle:"BadBlue: the file-sharing web server anyone can use" -intitle

  # ShodanHQ results as at 2011-04-20 #
  # 18 for BadBlue

  # Dorks #
  @dorks = [
    'intitle:"BadBlue: the file-sharing web server anyone can use" -intitle'
  ]

  @matches = [
    { version: /^BadBlue\/([\d\.]+)$/, search: "headers[server]" }
  ]
end

#BASEObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/base.rb', line 9

WhatWeb::Plugin.define "BASE" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-05
  @version = "0.1"
  @description = "Basic Analysis and Security Engine (BASE) - front end for the snort IDS system."
  @website = "http://base.secureideas.net/"

  # Google as at 2011-12-05 #
  # 8 for "The following pages will prompt you for set up information to finish the install of BASE." intitle:"Basic Analysis and Security Engine (BASE)"
  # 7 for intitle:"Basic Analysis and Security Engine (BASE)" "Built on ACID by Roman Danyliw" "Login" "Password"

  # Dorks #
  @dorks = [
    '"The following pages will prompt you for set up information to finish the install of BASE." intitle:"Basic Analysis and Security Engine (BASE)"',
    'intitle:"Basic Analysis and Security Engine (BASE)" "Built on ACID by Roman Danyliw" "Login" "Password"'
  ]

  # Matches #
  @matches = [

    # ./setup/*.php # HTML Comment
    { text: '<!-- Basic Analysis and Security Engine (BASE) -->' },

    # ./setup/*.php # HTML Comment # Version Detection
    { version: /<!-- Basic Analysis and Security Engine \(BASE\) ([\d\.]+ \([^\)]+\)) -->/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # ./setup/index.php # PHP Version Detection
    if target.body =~ /<tr><td class="setupKey" width="50%">Config Writeable:<\/td><td class="setupValue"><font color='#(336600|FF0000)'>(Yes|No)<\/font><\/td<\/tr>[\s]+<tr><td class="setupKey" width="50%">PHP Version:<\/td><td class="setupValue"><font color='#336600'>([^<]+)<\/font><\/td<\/tr>/
      m << { string: "PHP/#{$3}" }
    end

    # ./help/base_setup_help.php # Version and Path Detection
    if target.body =~ /<!-- BASE_path = (.+)[\s]+BASE_urlpath = \/.*[\s]+BASE_VERSION = (.+)[\s]+-->/
      m << { filepath: $1.to_s }
      m << { version: $2.to_s }
    end

    # Return passive matches
    m
  end
end

#BasilicObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-08 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/basilic.rb', line 12

WhatWeb::Plugin.define "Basilic" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-14
  @version = "0.2"
  @description = "Basilic is a bibliography server for research laboratories. It automates and facilitates the diffusion of research publications over the internet, automatically generating web pages from a publication database."
  @website = "http://artis.imag.fr/Software/Basilic"

  # 14 results for "powered by basilic" @ 2010-08-14

  # Dorks #
  @dorks = [
    '"powered by basilic"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: "Powered by <a href='http://artis.imag.fr/Software/Basilic/'>Basilic</a></p>" },
    { text: "<a href='http://artis.imag.fr/Software/Basilic'>Powered by Basilic</a></span>" },

    # Version Detection # Powered by footer text
    { version: /<span>Powered by <a href='http:\/\/artis.imag.fr\/Software\/Basilic'>Basilic ([\d\.]+)<\/a><\/span>/ },
    { version: /<a href='http:\/\/artis.imag.fr\/Software\/Basilic'[^>]+>&copy; Powered by Basilic ([\d\.]+)/ },

  ]
end

#BataviObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/batavi.rb', line 9

WhatWeb::Plugin.define "Batavi" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-23
  @version = "0.1"
  @description = "Batavi open source e-commerce"
  @website = "http://www.batavi.org/"

  # Google results as at 2012-02-23 #
  # 4 for intitle:"Batavi Administration Tool" "Log Into The Administration Tool"

  # Dorks #
  @dorks = [
    'intitle:"Batavi Administration Tool" "Log Into The Administration Tool"'
  ]

  # Matches #
  @matches = [

    # Powered by footer # Version Detection
    { version: /<p align="center"><a href="http:\/\/www\.batavi\.org" target="_blank" class="poweredByButton"><span class="poweredBy">Powered By<\/span><span class="Batavi">Batavi ([^<]+)<\/span><\/a><\/p>/ },

    # Meta Generator
    { text: '<meta name="generator" content="Batavi.org - Open Source E-Commerce" />' },

    # Meta Generator # Version Detection
    { version: /<meta name="Generator" content="Batavi ([^\}^>]+)" \/>/ },

    # X-Powered-By Header
    { search: "headers[x-powered-by]", regexp: /Batavi e\-commerce/ },

    # Set-Cookie # frontsid
    { search: "headers[set-cookie]", regexp: /frontsid=[^;]+;/ },

  ]
end

#bbPressObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/bbpress.rb', line 9

WhatWeb::Plugin.define "bbPress" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-06
  @version = "0.1"
  @description = "bbPress is forum software with a twist from the creators of WordPress."
  @website = "http://bbpress.org/"

  # Google results as at 2011-04-06 #
  # 534 for "is proudly powered by bbPress"

  # Dorks #
  @dorks = [
    '"is proudly powered by bbPress"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="bbPress ([\d\.]+)" \/>/ },

    # Proudly powered by text
    { regexp: / is proudly powered by <a[^>]+href="http:\/\/bbpress\.org">bbPress<\/a>/ },

    # HTML Comment
    { text: '<!-- If you like showing off the fact that your server rocks -->' },

  ]
end

#BeEFObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2012-04-12 # Updated matches for new versions of BeEF

Version 0.3 # 2011-03-26 # Added version detection

Version 0.2 # 2011-03-02 # Added favicon and beefmagic.js.php matches



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/beef.rb', line 18

WhatWeb::Plugin.define "BeEF" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-04
  @version = "0.4"
  @description = "BeEF - Browser Exploitation Framework"
  @website = "http://beefproject.com/"

  # Matches #
  @matches = [

    # PHP BeEF # Default Logo HTML
    { text: '<img src="../images/beef.gif" onclick="new Effect.Shake(\'sidebar\');"></div> BeEF</h1>' },

    # PHP BeEF # Title
    { certainty: 75, text: '<title>Browser Exploitation Framework</title>' },

    # PHP BeEF # Injected script
    { regexp: /<script[^>]+src=['"]?[^>^="'^"]+\/hook\/beefmagic\.js\.php['"]?/, certainty: 75, string: "Hook" },

    # Injected script
    { regexp: /<script[^>]+src=['"]?https?:\/\/[^\/]+\/hook\.js['"]?/, certainty: 75, string: "Hook" },

    # Logo HTML
    { url: "/ui/authentication", text: '<div id="centered"><img id="beef-logo" src="/ui/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>' },

    # /ui/media/images/beef.png
    { url: "/ui/media/images/beef.png", md5: "5f8cdcd65c5c05f875710f2c10503192" },

    # HTTP # Server # Version Detection
    { search: "headers[server]", version: /^BeEF ([^\s]+)$/ },

  ]
end

#BestShopProObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/bestshoppro.rb', line 9

WhatWeb::Plugin.define "BestShopPro" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-02
  @version = "0.1"
  @description = "BestShopPro"
  @website = "http://www.bst.pl/"

  # Google results as at 2011-11-02 #
  # 157 for inurl:"pokaz_podkat.php?idkat="
  # 107 for intitle:"Powered By BST"

  # Dorks #
  @dorks = [
    'inurl:"pokaz_podkat.php?idkat="'
  ]

  # Matches #
  @matches = [

    # Login Page
    { text: '<td width=300 height=18 colspan=2 align=center class=tdn><b>Logowanie</b></td></tr>' },

    # Meta Author
    { text: '<meta content="www.bst.pl" name="author"/>' },
    { text: '<META CONTENT="www.bst.pl" NAME=AUTHOR>' },

  ]
end

#BIGACEObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/bigace.rb', line 9

WhatWeb::Plugin.define "BIGACE" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "BIGACE is not just an easy to use Web Content Management System (CMS), but offers also a scripting API and an extensible architecture for developing, maintaining, and deploying applications."
  @website = "http://www.bigace.de/"

  # Google results as at 2011-03-15 #
  # 344 for "Powered by BIGACE" -dork

  # Dorks #
  @dorks = [
    '"Powered by BIGACE" -dork'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://www.bigace.de/" target="_blank">BIGACE</a>' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.bigace.de\/"[^>]*>BIGACE ([\d\.]+)<\/a>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="BIGACE ([\d\.]+)"( \/)?>/ },

    # Version Detection # HTML Comment
    { version: /<!--[\r\n][\r\n]   Site is running BIGACE ([\d\.]+) [\r\n]        a PHP based Web CMS for MySQL[\r\n]             \(C\) Kevin Papst \(www.bigace.de\)[\r\n]/ },

  ]
end

#BigDumpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/bigdump.rb', line 9

WhatWeb::Plugin.define "BigDump" do
  @author = "Brendan Coles <[email protected]>" # 2010-12-28
  @version = "0.1"
  @description = "BigDump: Staggered MySQL Dump Importer "
  @website = "http://www.ozerov.de/bigdump.php"

  # 230 for intitle:"BigDump ver" +Filename "BigDump: Staggered MySQL Dump Importer"
  # 210 for inurl:"bigdump.php" intitle:"BigDump ver" +Filename "BigDump: Staggered MySQL Dump Importer"

  # Dorks #
  @dorks = [
    'inurl:"bigdump.php" intitle:"BigDump ver" "Filename" "BigDump: Staggered MySQL Dump Importer"'
  ]

  # Matches #
  @matches = [

    # Version Detection
    { version: /<h1>BigDump: Staggered MySQL Dump Importer ver\. ([^\s^<]{2,6})<\/h1>/ },
    { version: /<title>BigDump ver\. ([^\s^<]{2,6})<\/title>/ },

  ]
end

#BitKeeperObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/bitkeeper.rb', line 12

WhatWeb::Plugin.define "BitKeeper" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "BitKeeper Bug Manager - BitKeeper is paving the way for the next generation of SCM tools. As the leader in distributed configuration management and the culmination of a decade of innovation, BitKeeper has been shown to double the pace of software development."
  @website = "http://bitkeeper.com/"

  # Google results as at 2011-06-04 #
  # 1 for intitle:"BugManager Home"
  # 1 for inurl:"/cgi-bin/query.cgi?.page=advquery"

  # ShodanHQ results as at 2011-06-04 #
  # 1 for bkhttp

  # Matches #
  @matches = [

    # Advanced Query link
    { text: '<A class="tab" HREF="/cgi-bin/query.cgi?.page=advquery">Advanced Query</A>' },

    # Version Detection # HTTP Server Header
    { version: /^bkhttp\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#bitweaverObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/bitweaver.rb', line 9

WhatWeb::Plugin.define "bitweaver" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.1"
  @description = "Bitweaver is a free and open source web application framework and content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully featured on install but is modular and easy to extend."
  @website = "http://www.bitweaver.org/"

  # Google results as at 2011-02-24 #
  # 151 for "powered by bitweaver"

  # Dorks #
  @dorks = [
    '"powered by bitweaver"'
  ]

  # Matches #
  @matches = [

    # Powered By HTML
    { text: '<a id="poweredby" class="external" href="http://www.bitweaver.org">Powered by bitweaver</a>' },

    # Meta Generator
    { text: '<meta name="generator" content="bitweaver - http://www.bitweaver.org" />' },

  ]
end

#BlackJumboDogObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/blackjumbodog.rb', line 9

WhatWeb::Plugin.define "BlackJumboDog" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "SapporoWorks BlackJumboDog provides server functions (HTTP, FTP, etc)"
  @website = "http://www.spw02.sakura.ne.jp/spw/"

  # ShodanHQ results as at 2011-03-13 #
  # 453 for BlackJumboDog
  # Most results are from Japan

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^BlackJumboDog$/ },

    # Version Detection
    { search: "headers[server]", version: /^BlackJumboDog Version (.+)$/ },

  ]
end

#BlazixObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/blazix.rb', line 12

WhatWeb::Plugin.define "Blazix" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-06
  @version = "0.2"
  @description = "Blazix is a high-performance full-featured Java application server. Blazix can be used as an Application Server or as a full Web Server."
  @website = "http://www.blazix.com/"

  # ShodanHQ results as at 2011-06-06 #
  # 14 for Blazix

  @matches = [

    { version: /^Blazix Java Server ([^\s]+)$/, search: "headers[server]" },
  ]
end

#BlogEngine_NETObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/blogengine.net.rb', line 9

WhatWeb::Plugin.define "BlogEngine_NET" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-04
  @version = "0.1"
  @description = "BlogEngine.NET is an open source .NET blogging project that was born out of desire for a better blog platform. A blog platform with less complexity, easy customization, and one that takes advantage of the latest .NET features."
  @website = "http://www.dotnetblogengine.net/"

  # Google results as at 2011-03-04 #
  # 483 for "Powered by BlogEngine.NET"

  # Dorks #
  @dorks = [
    '"Powered by BlogEngine.NET"'
  ]

  # Matches #
  @matches = [

    # Default Favicon HTML
    { text: '<link rel="shortcut icon" href="pics/blogengine.ico" type="image/x-icon" />' },

    # Powered by text
    { regexp: /Powered by[\r\n\s]*<a href="http:\/\/www.dotnetblogengine.net[\/]?"[^>]*>BlogEngine.NET<\/a>/ },

    # Version Detection # Powered by text
    { version: /Powered by[\r\n\s]*<a href="http:\/\/www.dotnetblogengine.net[\/]?"[^>]*>BlogEngine.NET<\/a>[\r\n\s]*([\d\.]+)/ },

  ]
end

#BlognPlusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated regex matches and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/blogn-plus.rb', line 12

WhatWeb::Plugin.define "BlognPlus" do
  @author = "Brendan Coles <bcoles at gmail dot com>" # 2010-06-15
  @version = "0.2"
  @description = "BlognPlus"
  @website = "http://www.blogn.org/"

  # 106 results for "powered by BlognPlus" @ 2010-06-15

  # Dorks #
  @dorks = [
    '"powered by BlognPlus"'
  ]

  @matches = [

    # Default powered by text
    { regexp: /Powered by[\s]*<a href="http:\/\/www.blogn.org[^>]*>BlognPlus/i },

    # Version detection # Meta generator
    { version: /<meta name="generator"[^>]*content="BlognPlus ([0-9\.]+)/ },

  ]
end

#BloofoxCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/bloofoxcms.rb', line 9

WhatWeb::Plugin.define "BloofoxCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "bloofoxCMS is a free open source content management system (CMS). bloofoxCMS is a small and easy to use CMS."
  @website = "http://bloofox.com/"

  # Google results as at 2011-02-27 #
  # 167 for "Powered by bloofoxCMS"

  # Dorks #
  @dorks = [
    '"Powered by bloofoxCMS"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="bloofoxCMS ([\d\.]+)" \/>/ },

    # Default HTML comment
    { regexp: /<!--[\r\n\s]+This Website was generated by bloofoxCMS.[\r\n\s]+bloofoxCMS is open source published under the gnu gpl. Visit www.bloofox.com for more details![\r\n\s]+Copyrights \(c\) 2006-2007 by Alexander Lang[\r\n\s]+\/\/-->/ },

    # Powered by text # Case insensitive because older versions use capitalized tags
    { regexp: /Powered by <a href="http:\/\/www.bloofox.com">bloofoxCMS<\/a>/i },

  ]
end

#BlueDragonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/bluedragon.rb', line 12

WhatWeb::Plugin.define "BlueDragon" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-30
  @version = "0.2"
  @description = "BlueDragon for the Microsoft .NET Framework allows you to natively integrate and deploy your ColdFusion applications on the .NET platform."
  @website = "http://www.newatlanta.com/products/bluedragon/product_info/overview.cfm"

  # ShodanHQ results as at 2011-07-30 #
  # 319 for BlueDragon

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /BlueDragon Server (JXAS|JX)/, search: "headers[server]" },

    # Version Detection # x-powered-by header
    { version: /BlueDragon Server\/([^\s^,]+)/, search: "headers[x-powered-by]" },

    # Version Detection # HTTP Server Header
    { version: /BlueDragon Server( JXAS| JX)?(\/| )([\d\.]+)/, offset: 2, search: "headers[server]" },

  ]
end

#BlueOnyxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/blueonyx.rb', line 9

WhatWeb::Plugin.define "BlueOnyx" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-25
  @version = "0.1"
  @description = "Server Appliances and Software - BlueOnyx is a Linux distribution (based on CentOS v5.5) which aims at delivering a turnkey server appliance for webhosting. It comes with a web based GUI interface which allows you to manage most aspects of the server, its sites and accounts. BlueOnyx is a modernized fork of BlueQuartz. A lot of improvements and enhancements went into BlueOnyx, including support for Java Servlet Pages, built in web based email, phpMyAdmin and provisions to automatically create MySQL databases and users for each virtual site - Homepages: http://www.solarspeed.net/ & http://www.blueonyx.it/ & http://bluequartz.org/"

  # Google results as at 2011-03-25 #
  # 518 for "Welcome to the Web Site of" "Use your favorite FTP application to move your website to the web server."
  # 561 for (intitle:Login BlueOnyx|intitle:Login BlueQuartz)

  # Dorks #
  @dorks = [
    '"Welcome to the Web Site of" "Use your favorite FTP application to move your website to the web server."',
    '(intitle:Login BlueOnyx|intitle:Login BlueQuartz)'
  ]

  # Matches #
  @matches = [

    # Version Detection # Title
    { version: /<TITLE>Login - BlueOnyx ([^\s]+) Series - [^<^\s]+<\/TITLE>/ },

    # Version Detection # JavaScript
    { version: 'document.write\("\\nThank you for using the BlueOnyx ([^\s]+) Series.\\n"\);' },

    # body html # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, text: '<BODY BGCOLOR="#FFFFFF" onLoad="focuslogin()" onResize="if(navigator.appName == \'Netscape\') location.reload()" LINK="#FFFFFF" VLINK="#FFFFFF">' },

    # HTML Comment # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, regexp: /EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES\.[\n][\n]You acknowledge that  this software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility.[\n]-->/ },

    # Meta Copyright # 404 Error
    # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, text: '<META NAME="Copyright" VALUE="Copyright (C) 2000, Cobalt Networks, Inc.  All rights reserved.">' },

    # Redirect Page # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, text: 'var url = "/login.php?expired=true&target="+escape(pathname+top.location.search+top.location.hash);' },

    # Welcome to text # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, regexp: /<P ALIGN="CENTER"><FONT SIZE="5" COLOR="#000099" FACE="HELVETICA, ARIAL"><B>Welcome to the Web Site of [^\s^<]+<\/B><\/FONT>/ },

    # web root redirector # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, text: "<BODY onLoad=\"location='http://'+location.host+'/login/'\">" },

  ]
end

#BlueQuartzObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/bluequartz.rb', line 9

WhatWeb::Plugin.define "BlueQuartz" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-25
  @version = "0.1"
  @description = "Server Appliances and Software - BlueOnyx is a Linux distribution (based on CentOS v5.5) which aims at delivering a turnkey server appliance for webhosting. It comes with a web based GUI interface which allows you to manage most aspects of the server, its sites and accounts. BlueOnyx is a modernized fork of BlueQuartz. A lot of improvements and enhancements went into BlueOnyx, including support for Java Servlet Pages, built in web based email, phpMyAdmin and provisions to automatically create MySQL databases and users for each virtual site - Homepages: http://www.solarspeed.net/ & http://www.blueonyx.it/ & http://bluequartz.org/"

  # Google results as at 2011-03-25 #
  # 518 for "Welcome to the Web Site of" "Use your favorite FTP application to move your website to the web server."
  # 561 for (intitle:Login BlueOnyx|intitle:Login BlueQuartz)

  # Dorks #
  @dorks = [
    '"Welcome to the Web Site of" "Use your favorite FTP application to move your website to the web server."',
    '(intitle:Login BlueOnyx|intitle:Login BlueQuartz)'
  ]

  # Matches #
  @matches = [

    # Version Detection # Title
    { version: /<TITLE>Login - BlueQuartz ([^\s]+) Series - [^<^\s]+<\/TITLE>/ },

    # Version Detection # JavaScript
    { version: 'document.write\("\\nThank you for using the BlueQuartz ([^\s]+) Series.\\n"\);' },

    # body html # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, text: '<BODY BGCOLOR="#FFFFFF" onLoad="focuslogin()" onResize="if(navigator.appName == \'Netscape\') location.reload()" LINK="#FFFFFF" VLINK="#FFFFFF">' },

    # HTML Comment # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, regexp: /EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES\.[\n][\n]You acknowledge that  this software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility.[\n]-->/ },

    # Meta Copyright # 404 Error
    # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, text: '<META NAME="Copyright" VALUE="Copyright (C) 2000, Cobalt Networks, Inc.  All rights reserved.">' },

    # Redirect Page # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, text: 'var url = "/login.php?expired=true&target="+escape(pathname+top.location.search+top.location.hash);' },

    # Welcome to text # Shared by BlueOnyx and BlueQuartz and Sun Cobalt servers
    { certainty: 25, regexp: /<P ALIGN="CENTER"><FONT SIZE="5" COLOR="#000099" FACE="HELVETICA, ARIAL"><B>Welcome to the Web Site of [^\s^<]+<\/B><\/FONT>/ },

    # web root redirector # Shared by BlueOnyx and BlueQuartz
    { certainty: 75, text: "<BODY onLoad=\"location='http://'+location.host+'/login/'\">" },

  ]
end

#boastMachineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated matches, removed certainty and updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/boastmachine.rb', line 12

WhatWeb::Plugin.define "boastMachine" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-16
  @version = "0.2"
  @description = "boastMachine blog"
  @website = "http://boastology.com/"

  # 217 results for "powered by boastMachine" +"Recent posts" -exploit @ 2010-06-16

  # Dorks #
  @dorks = [
    '"powered by boastMachine" "Recent posts" -exploit'
  ]

  @matches = [

    # Powered by text
    { ghdb: '"powered by boastMachine" +"Recent posts"', certainty: 75 },

    # Version detection # Powered by text
    { version: /Powered by <a href="http:\/\/boastology.com">boastMachine v([\d\.]+)<\/a>/ },

    # Default logo HTML
    { regexp: /<a href="http:\/\/boastology.com"><img src="http:\/\/[^>]*alt="Powered by boastMachine" \/><\/a>/ },

  ]
end

#BoboObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/bobo.rb', line 13

WhatWeb::Plugin.define "Bobo" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-02
  @version = "0.2"
  @description = "Bobo is a light-weight framework for creating WSGI web applications. It's goal is to be easy to use and remember. It addresses 2 problems: 1) mapping URLs to objects and 2) calling objects to generate HTTP responses. Bobo doesn't have a templating language, a database integration layer, or a number of other features that are better provided by WSGI middle-ware or application-specific libraries. Bobo builds on other frameworks, most notably WSGI and WebOb."
  @website = "http://bobo.digicool.com/"

  # ShodanHQ results as at 2010-11-02 #
  # 95  for X-Ksscommands:
  # 441 for Bobo-Exception-Line
  # 441 for Bobo-Exception-Value
  # 441 for Bobo-Exception-Type

  @matches = [

    # Bobo-Exception-Line
    { name: "HTTP Bobo-Exception-Line Header", regexp: //, search: "headers[bobo-exception-line]" },

    # Bobo-Exception-Value
    {  name: "HTTP Bobo-Exception-Value Header", regexp: //, search: "headers[bobo-exception-value]" },

    # Extract # Bobo-Exception-File
    {  name: "HTTP Bobo-Exception-File Header", string: /([^\r^\n]+)/, search: "headers[bobo-exception-file]" },

    # Extract # Bobo-Exception-File
    {  name: "HTTP Bobo-Exception-Type Header", string: /([^\r^\n]+)/, search: "headers[bobo-exception-type]" },

    # X-Ksscommands
    {  name: "X-Ksscommands HTTP Header", regexp: //, search: "headers[x-ksscommands]" },

  ]
end

#BomgarObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/bomgar.rb', line 9

WhatWeb::Plugin.define "Bomgar" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "Bomgar simplifies support by letting technicians control remote computers, servers, smartphones and network devices over the internet or network. With Bomgar, a support rep can see what customers see or control their computers for support."
  @website = "http://www.bomgar.com/remotedesktopaccess/"

  # ShodanHQ results as at 2011-05-31 #
  # 3,453 for Bomgar

  # Google results as at 2012-01-29 #
  # 590 for "Bomgar Corporation. Redistribution Prohibited. All Rights Reserved. " "Access Software for Help Desk Support"

  # Dorks #
  @dorks = [
    '"Bomgar Corporation. Redistribution Prohibited. All Rights Reserved. " "Access Software for Help Desk Support"'
  ]

  # Matches #
  @matches = [

    # Powered by logo
    { text: '<img src="/content/poweredby.jpg" alt="Remote Support by BOMGAR"/>' },

    # Aggressive # /content/poweredby.jpg
    { url: "/content/poweredby.jpg", md5: "11a7db4d9e6f72253c60a3f649c5a157" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    if /^Bomgar$/.match?(target.headers["server"])

      m << { name: "HTTP Server Header" }

      # Version Detection # HTML Comment
      m << { version: target.body.scan(/<!--Product Version: ([\d\.]+)-->/) } if target.body =~ /<!--Product Version: ([\d\.]+)-->/
      m << { version: target.body.scan(/<!--Bomgar Version: ([\d\.]+)-->/) } if target.body =~ /<!--Bomgar Version: ([\d\.]+)-->/

    end

    # Return passive matches
    m
  end
end

#BOOKSolvedObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/booksolved.rb', line 9

WhatWeb::Plugin.define "BOOKSolved" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-16
  @version = "0.1"
  @description = "BOOKSolved - guestbook script"
  @website = "http://www.usolved.net/scripts_9.html"

  # Google results as at 2011-10-16 #
  # 297 for +BOOKSolved "by USOLVED"
  # 172 for +BOOKSolved "by USOLVED" inurl:"booksolved.php"

  # Dorks #
  @dorks = [
    '"BOOKSolved" "by USOLVED" inurl:"booksolved.php"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- BOOKSolved - Copyright by www.usolved.net -->' },

    # Version Detection # HTML Comment
    { version: /<!-- BOOKSolved v([^\s]+)- Copyright by www\.usolved\.net -->/ },

    # Version Detection # Footer
    { version: /<tr><td style="text-align: center;">[\s]*BOOKSolved ([^\s]+) &copy; by <a href="http:\/\/www\.usolved\.net" (target="_blank" )?class="menu">USOLVED<\/a>/ },

  ]
end

#BosClassifiedsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-08 # Updated version detection method



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/bosclassifieds.rb', line 12

WhatWeb::Plugin.define "BosClassifieds" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.2"
  @description = "The BosClassifieds Classified Ad System will allow your web site visitors to place their own classified ads to your web site into categories which you specify. All BosDev, Inc products require a web server running PHP version 4.10 or higher, MySQL 3.23 or higher, and the GD2 graphics library."
  @website = "http://www.bosdev.com/bosclassifieds/"

  # Google results as at 2010-08-22 #
  # 47 for "powered by BosClassifieds Classified Ads System"

  # Dorks #
  @dorks = [
    '"powered by BosClassifieds Classified Ads System"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://www.bosdev.com/" target="_blank">BosClassifieds</a> <a href="http://www.bosdev.com/" target="_blank">Classified Ads</a> System<br>Copyright' },

    # Version Detection # Meta generator
    { version: /  <meta name="generator" content="BosClassifieds ([\d\.]+) by BosDev">/ },

  ]
end

#BrewBloggerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/brewblogger.rb', line 9

WhatWeb::Plugin.define "BrewBlogger" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-23
  @version = "0.1"
  @description = "BrewBlogger is a easy to set up, easy to use, browser-based homebrew logging and calculation suite. It is a PHP/MySQL-based system that provides today's brewer not only a fast and easy way to record their brewing activities, recipes, and awards, but also forum to share their zymurgistic efforts and expertise with the homebrewing community around the world."
  @website = "http://www.brewblogger.net/"

  # 115 for ("BrewBlogger 2.3.2 Club Edition developed by zkdigital.com"|"BrewBlogger 2.3.2 Personal Edition developed by zkdigital.com")
  #  50 for "BrewBlogger 2.3.2 Personal Edition developed by zkdigital.com"
  #  73 for "BrewBlogger 2.3.2 Club Edition developed by zkdigital.com"

  # Dorks #
  @dorks = [
    '("BrewBlogger 2.3.2 Club Edition developed by zkdigital.com"|"BrewBlogger 2.3.2 Personal Edition developed by zkdigital.com")'
  ]

  # Matches #
  @matches = [

    # Version Detection # div id="footer"
    { version: /<div id="footer">Content &copy; 2011 [^\n]+ &mdash; BrewBlogger ([^\s]+) (Personal Edition|Club Edition) developed by <a href="http:\/\/www\.zkdigital\.com" target="_blank">zkdigital\.com<\/a>/ },

    # Edition Detection # div id="footer"
    { string: /<div id="footer">Content &copy; 2011 [^\n]+ &mdash; BrewBlogger ([^\s]+) (Personal Edition|Club Edition) developed by <a href="http:\/\/www\.zkdigital\.com" target="_blank">zkdigital\.com<\/a>/, offset: 1 },

  ]
end

#BrightcoveObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
 
# File 'lib/whatweb/plugins/brightcove.rb', line 9

WhatWeb::Plugin.define "Brightcove" do
  @author = "Peter van der Laan" # 2014-08-22
  @version = "0.1"
  @description = "Brightcove Inc., a leading global provider of cloud services for video, offers a family of products that revolutionize the way organizations deliver video experiences."
  @website = "https://www.brightcove.com/"

  @matches = [
    { regexp: /goku\.brightcove\.com|admin\.brightcove\.com\/js/ },
  ]
end

#BrowserCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/browsercms.rb', line 9

WhatWeb::Plugin.define "BrowserCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-18
  @version = "0.1"
  @description = "The newly redesigned BrowserCMS 2.0 is an easy, affordable way to control, edit, and organize website content."
  @website = "http://www.browsercms.com/"

  # Google results as at 2010-10-18 #
  # 96 for "powered by BrowserCMS"

  # Dorks #
  @dorks = [
    '"powered by BrowserCMS"'
  ]

  # Matches #
  @matches = [

    # Default HTML comment
    { text: '<!--User is member of the following groups:  -->' },

    # 2.x # Powered by text
    { text: '<li class="bmcms"><a href="http://www.browsercms.com/index.ww" title="BrowserCMS 2.0" target="_blank"><span>Powered by BrowserCMS 2.0</span></a></li>', version: "2.x" },

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/www.browsercms.com[\/]*"[^>]+>BrowserCMS<\/a>/i },
    { regexp: /<a href="http:\/\/www.browsercms.com[\/]*"[^>]+title="Powered by BrowserCMS"[^>]+/ },

    # Powered by logo default HTML
    { regexp: /<a href="http:\/\/www.browsercms.com[^>]+><img[^>]*src="\/site\/images[^>]+ onmouseover="this.src='\/site\/images[^>]+onmouseout="this.src='\/site\/images[^>]+alt="Powered by BrowserCMS"[^>]*><\/a>/i },

    # Login page
    { text: '<form method="POST" action="/portlets/login/do-login.jsp" name="security">' },
    { regexp: /<input type="hidden" name="success_uri" value="[^>]*\/page.ww\?name=[^>]*\&section=[^>]*"\/>/ },
    { regexp: /<input type="hidden" name="failure_uri" value="[^>]*\/page.ww\?name=[^>]*\&section=[^>]*"\/>/ },

    # Version detection # Meta generator
    { version: /<meta name="generator" content="BrowserCMS ([^\"]+)"/ },

  ]
end

#bSpeakObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-08 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/bspeak.rb', line 12

WhatWeb::Plugin.define "bSpeak" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-27
  @version = "0.2"
  @description = "bSpeak is 26th Avenue's threaded message board application. It is full-featured and fast, allowing you to create a community, provide online support, or provide announcements for your website."
  @website = "http://www.bspeak.com/"

  # 23 results for "powered by bSpeak" @ 2010-08-27

  # Dorks #
  @dorks = [
    '"powered by bSpeak"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: ' - powered by bSpeak</TITLE>' },

    # Version Detection # Powered by text
    { version: /<br><div align="center"><span class="tinytext">Powered by <\/span><a href="http:\/\/www.bspeak.com" class="tinylink" target="bspeak_window">bSpeak ([\d\.]+)<\/a><\/div>/ },

  ]
end

#BugFreeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/bugfree.rb', line 9

WhatWeb::Plugin.define "BugFree" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-22
  @version = "0.1"
  @description = "BugFree [Chinese]"
  @website = "http://www.bugfree.org.cn/"

  # Google results as at 2011-10-22 #
  # 12 for inurl:"Login.php" intitle:"BugFree"

  # Dorks #
  @dorks = [
    'inurl:"Login.php" intitle:"BugFree"'
  ]

  # Matches #
  @matches = [

    # Login Page # Version Detection # div id="LoginMain"
    { version: /<div id="loginLogo">[\s]+<img src="Image\/login_logo\.png" id="logo" alt=BugFree \/><br \/>[\s]+<center style="color:#666666;font-size:10px;padding-left:4px;">([^\s^<]+)<\/center>[\s]+<\/div>/ },

    # Login Page # Version Detection # div id="LoginMain"
    { version: /<div id="LoginMain">[\s]+<div id="LoginLogo">[\s]+<span id="Version">([^\s^<]+)<\/span>[\s]+<\/div>[\s]+<div id="LoginFormContainer">/ },

    # Login Page # Version Detection # span id="Version"
    { version: /<span id="Version"><img src="Image\/logo\.png" height=40 title=BugFree \/>([^\s^<]+)<\/span>/ },

    # Login Page # xajax_xSelectLanguage
    { text: '<select name=\'Language\' id=\'Language\' class="NormalSelect MyInput select" onchange="xajax_xSelectLanguage(this.value);return false;" >' },

    # Login Page # Logo HTML
    { text: '<img src="Image/login_bg_left.gif" class="loginBgImage"/>' },

    # Login Page # Older Versions ~1.0 # BugUserPWD
    { text: '<td><input type="password" name="BugUserPWD" class="MyInput"></td>' },

  ]
end

#BusinessSpaceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/businessspace.rb', line 9

WhatWeb::Plugin.define "BusinessSpace" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-12
  @version = "0.1"
  @description = "BusinessSpace community"

  # 15 results for "powered by BusinessSpace" @ 2010-08-12
  # 22 results for inurl:"blogs_all_in_community" @ 2010-08-12

  @matches = [

    # Admin Page
    { text: '  <title>Login to our community network!</title>' },

    # Footer
    { text: '				&copy; BusinessSpace			</div>' },

    { text: 'This is a place for people building a circle of professional contacts, open to sharing new business opportunities, and looking to fully promote and showcase their capabilities." />' }

  ]
end

#BXRObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-08 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/bxr.rb', line 12

WhatWeb::Plugin.define "BXR" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-06
  @version = "0.2"
  @description = "BXR is an interface to manage a Blosxom-Based blog through the web or XML-RPC. Current it supports blogger, and metaWeblog APIs."
  @website = "http://sourceforge.net/projects/bxr/"

  # 1 result for "BXR Web Login" intitle:"Please Enter Password" @ 2010-08-06

  # Dorks #
  @dorks = [
    '"BXR Web Login" intitle:"Please Enter Password"'
  ]

  # Matches
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="BXR::Web" />' },

    # Version Detection # Powered by text
    { version: /<div class="bxrlogo">Powered by <a href="http:\/\/sourceforge.net\/projects\/bxr\/">BXR<\/a> ([\d\.]+)<\/div>/ },

  ]
end

#CactiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/cacti.rb', line 9

WhatWeb::Plugin.define "Cacti" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-22
  @version = "0.1"
  @description = "Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality."
  @website = "http://www.cacti.net/"

  # Google results as at 2011-11-22 #
  # 86 for inurl:"cacti/graph_view.php?action="
  # 49 for "Please enter your Cacti user name and password below:" intitle:"Login to Cacti"

  # Dorks #
  @dorks = [
    'inurl:"cacti/graph_view.php?action="'
  ]

  # Matches #
  @matches = [

    # Login Page # title
    { text: '<title>Login to Cacti</title>' },

    # Login Page # body tag
    { text: '<body bgcolor="#FFFFFF" onload="document.login.login_username.focus()">' },

  ]
end

#CactuShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/cactushop.rb', line 9

WhatWeb::Plugin.define "CactuShop" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-19
  @version = "0.1"
  @description = "ASP and ASP.NET SEO optimized database-driven e-commerce storefront software."
  @website = "http://www.cactushop.com/"

  # ShodanHQ results as at 2011-07-19 #
  # 17 for CactuShop

  # Google results as at 2011-07-19 #
  # 132 for "Cactusoft International FZ-LLC & Cactusoft Ltd All rights reserved"

  # Dorks #
  @dorks = [
    '"Cactusoft International FZ-LLC & Cactusoft Ltd All rights reserved"'
  ]

  # Matches #
  @matches = [

    # select name="numCurrencyID"
    { text: '<select name="numCurrencyID" class="currencymenu" onchange="javascript:document.getElementById(\'currmenuform\').submit();">' },

    # HTML Comment
    { certainty: 75, regexp: /<!-- MYDEVLICNUM -->/ },

    # Version Detection # HTML Comment
    { version: /<!-- CactuShop v\.?([^\s]+) license: [\s]+ -->/ },

    # Version Detection # HTML Comment
    { version: /<!---?[\s]+===============================================================================[\s]+CACTUSHOP v?([^\s]+) ASP SHOPPING CART/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # CactuShop Cookie
    if target.headers["set-cookie"] =~ /CactuShop[\d]+lang=numLanguageID=/ && target.headers["set-cookie"] =~ /CactuShop[\d]+=numCurrencyID=/
      m << { name: "CactuShop cookies" }
    end

    # Return passive matches
    m
  end
end

#CafeEngineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/cafeengine.rb', line 9

WhatWeb::Plugin.define "CafeEngine" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "CafeEngine is a professional CMS for cafe or restaurant web site with integrated shopping cart. It's not a set of scripts only, but allow to provide new level of service to restaurant visitors and administration. "

  # Google results as at 2011-03-03 #
  # 25 for Copyright CafeEngine "2008-2009"

  # Dorks #
  @dorks = [
    'Copyright CafeEngine "2008-2009"'
  ]

  # Matches #
  @matches = [

    # Copyright Link
    { text: '  <td id="footer">Copyright &copy; <a href="http://cafeengine.com">CafeEngine</a> 2008-2009</td>' },

    # Copyright Text
    { text: '  <td id="footer">Copyright &copy; CafeEngine</a> 2008-2009</td>' },

    # Copyright Link # Admin Page
    { text: '  <td id=footer>Copyright &copy; <a href=http://cafeengine.com>CafeEngine.com</a> 2008-2009</td>' },

    # Default JavaScript
    { text: '  win = window.open(src,"","top=20,left=20,height=" + h + ",width=" + w + ",toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes")' },

  ]
end

#CalendarixObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-10 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/calendarix.rb', line 12

WhatWeb::Plugin.define "Calendarix" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.2"
  @description = "Calendarix is a powerful and easy to use web-based calendar that runs on PHP and MySQL."
  @website = "http://www.calendarix.com/"

  # 14 results for "powered by Calendarix" @ 2010-09-18
  # 45 results for intitle:"Calendarix User Login" intext:"Calendarix User Login" +Username +Password @ 2010-09-18

  # Dorks #
  @dorks = [
    'intitle:"Calendarix User Login" intext:"Calendarix User Login" "Username" "Password"',
    '"powered by Calendarix"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /powered by <a[^>]*http:\/\/www.calendarix.com[^>]+>Calendarix<\/a>/i },

    # Default javascript
    { text: "  default : { window.location.href='calendar.php?op=cal&month=9&year=2010&catview=0' ; break;}" },
    { text: "var url = 'cal_popup.php?op=view&id='+event+'&uname=' ;" },

    # Default logo
    { md5: "24dde98839b19e595532bb92d99f356a", path: "images/calendarix.gif" },

    # Default title
    { text: "<title>Calendarix User Login</title>" },

    # Version Detection # Logo alt text
    { version: /<img src="images\/calendarix.gif" Alt="About Calendarix ([\d\.a-z]+)" border=0 width=88 height=31  \/>/ },

  ]
end

#CalendarScriptObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/whatweb/plugins/calendarscript.rb', line 9

WhatWeb::Plugin.define "CalendarScript" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-19
  @version = "0.1"
  @description = "CalendarScript is a fully customizable event-publishing solution. It gives you everything you'll need to begin, then gives you the power to redefine it to fit your specific needs."
  @website = "http://www.calendarscript.com/"

  # Google results as at 2011-03-19 #
  # 401 for "Powered by CalendarScript"
  # 32 for inurl:calendar_admin.pl intitle:"Calendar Administration : Login"
  # 10 for "Powered by CalendarScript" inurl:calendar_admin.pl intitle:"Calendar Administration : Login"
  # 9 for "CGISession: Session file" "could not be opened for writing!"

  # Dorks #
  @dorks = [
    '"Powered by CalendarScript"',
    'inurl:calendar_admin.pl intitle:"Calendar Administration : Login"',
    '"Powered by CalendarScript" inurl:calendar_admin.pl intitle:"Calendar Administration : Login"',
    '"CGISession: Session file" "could not be opened for writing!"'
  ]

  # Matches #
  @matches = [

    # GHDB # Admin Page # filename and title
    { certainty: 75, ghdb: 'inurl:calendar_admin.pl intitle:Calendar Administration : Login' },

    # GHDB # filename and powered by
    { certainty: 75, ghdb: 'powered by CalendarScript inurl:calendar.pl filetype:pl' },

    # Admin Page # Title
    { text: '<HEAD><TITLE>Calendar Administration : Login</TITLE>' },

    # Admin Page # Local File Path Detection # Error String
    { filepath: /<FONT COLOR="red">CGISession: Session file \[([^\]]+)\] could not be opened for writing!<BR><\/FONT>/ },

    # Admin Page # Powered by link
    { text: '<FONT color="#FFFFFF" SIZE="-1">Powered by <A HREF="http://www.CalendarScript.com/" STYLE="color:#FFFFFF;">CalendarScript</A></FONT>' },

    # Powered by link
    { text: 'Powered by <A HREF="http://www.CalendarScript.com/" CLASS="footertext" STYLE="text-decoration:underline;">CalendarScript</A>' },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # Local File Path Detection # Find application base path
    if /^[^\n]*\/(calendar_admin\.pl|calendar\.pl)/i.match?(target.uri.path)

      # Generate Random String
      random_string = rand(36**6).to_s(36)

      # Detect /calendar.pl or /calendar_admin.pl
      target_url = target.uri.path.scan(/^([^\n]*\/)(calendar_admin\.pl|calendar\.pl)/i)[0][0].to_s + "calendar.pl?year=" + random_string

      # Open application base url + "?year=" + random string
      unless target_url.nil?

        url = URI.join(target.uri.to_s, target_url).to_s
        new_target = WhatWeb::Target.new(url)

        # Extract local file path
        m << { filepath: new_target.body.scan(/^Month '-1' out of range 0\.\.11 at ([^\n^<]+) <a href="#error">line [\d]+<\/a>\.$/).flatten } if new_target.body =~ /^Month '-1' out of range 0\.\.11 at ([^\n^<]+) <a href="#error">line [\d]+<\/a>\.$/

      end

    end

    # Return aggressive matches
    m
  end
end

#CameraLifeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/whatweb/plugins/camera-life.rb', line 9

WhatWeb::Plugin.define "CameraLife" do
  @author = "Andrew Horton" # 2015-05-07
  @version = "0.1"
  @description = "Camera Life is an open source software package you install and run on your own server running PHP and MySQL."
  @website = "https://fulldecent.github.io/cameralife/"

  # Matches #
  @matches = [
    # Version in HTTP header
    { version: /<meta name="generator" content="Camera Life version ([^"]+)">/ },
    { string: '<a href="http://fulldecent.github.io/cameralife"><i class="fa fa-globe"></i> Built with Camera Life</a>' },
    { version: /This site is powered by Camera Life version ([^ ]+)/ }

  ]
end

#CampsiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-10 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/campsite.rb', line 12

WhatWeb::Plugin.define "Campsite" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-15
  @version = "0.2"
  @description = "Campsite is a multilingual content management system (CMS) for news websites."
  @website = "http://www.sourcefabric.org/"

  # 28 results for "powered by campsite" @ 2010-08-15

  # Dorks #
  @dorks = [
    '"powered by campsite"'
  ]

  # Matches #
  @matches = [

    # Powered by image
    { text: '<a href="http://www.campware.org" target="_blank"><img src="/templates/img/powered.gif" alt="powered by campsite" border="0"/></a>' },

    # Powered by text
    { text: 'powered by <a href="http://www.campware.org" target="_blank">CAMPSite</a></p>' },
    { text: 'powered by <a href="http://campsite.campware.org" target="_blank">Campsite</a>' },
    { text: 'powered by <a href="http://campsite.sourcefabric.org" target="_blank">Campsite</a>' },

    # Version Detection # Meta generator
    { version: /<meta name="generator" content="Campsite ([\d\.a-z]+)" \/>/ },

  ]
end

#cApexWEBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/capexweb.rb', line 9

WhatWeb::Plugin.define "cApexWEB" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-19
  @version = "0.1"
  @description = "cApexWEB - web based Backoffice client"
  @website = "http://www.capitalsoft.com/"

  # Google results as at 2011-12-19 #
  # 147 for "User Id" "Password" intitle:"cApexWEB"
  #  87 for inurl:capexweb intitle:"cApexWEB"

  # Dorks #
  @dorks = [
    '"User Id" "Password" intitle:"cApexWEB"'
  ]

  # Matches #
  @matches = [

    # Frameset
    { text: '<frame name="main" src="capexmain_middle.htm" scrolling="no" target="_top">' },

    # Title # Version Detection
    { version: /<title>cApexWEB ([^\s^<]+)<\/title>/ },

    # ./capexmain_middle.htm # Login Page # HTML Comment
    { text: '<!-- Change Company & Address Line , Enter First Line for Company Name and 2nd Line of Address --->' },

    # ./capexmain_middle.htm # Login Page # dfcode
    { string: /<input type="hidden" value="([^\s^"^>]+)"  name="dfcode">/ },

    # ./capexmain_middle.htm # Login Page # database
    { string: /<input type="hidden" name="dfparentdb" value="([^\s^"^>]+)">/ },

    # ./capexmain_middle.htm # Login Page # datbase ip
    { string: /<input type="hidden" name="dfparentip" value="([^\s^"^>]+)">/ },

    # ./capexmain_middle.htm # Login Page # Form
    { text: '<td><form method="post" name="parentpage" action="../servlet/capexweb.parentvalidatepassword">' },
    { text: '<form method="post" action="../servlet/capexweb.parentvalidatepassword">' },

    # ./capexmain_middle.htm # Login Page # JavaScript
    { text: 'var winPop = window.open("../servlet/capexweb.parentvalidatepassword?dfuserid="+dfuserid.value+"&dfpassword="+dfpassword.value+"&dfparentip="+dfparentip.value+"&dfparentdb="+dfparentdb.value+"&dfcode="+dfcode.value+"","mywin","width=550,height=550,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,fullscreen=yes");' },

  ]
end

#CartweaverObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/cartweaver.rb', line 9

WhatWeb::Plugin.define "Cartweaver" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.1"
  @description = "Cartweaver is truly as close to Instant e-Commerce as you can get. Now you can have a full-featured, robust, scaleable, ASP shopping cart, ColdFusion shopping cart or PHP shopping cart ready in less time than you can imagine."
  @website = "http://www.cartweaver.com/"

  # 41 results for "powered by Cartweaver" @ 2010-08-22

  # Dorks #
  @dorks = [
    '"powered by Cartweaver"'
  ]

  @matches = [

    # Error page text
    { text: '<title>Cartweaver Error Notice</title>' },

    # Admin page
    { text: '    <h1>Cartweaver&copy; Administration Log In</h1>' },

    # Logo HTML
    { regexp: /<a href="http:\/\/www.cartweaver.com[\/]*"[\ target="_blank"]*>[\s]*<img src="[images\/]*cartweaver[0-9]+x[0-9]+.gif" [^alt]+alt="Powered [B|b]+y Cartweaver"/ },

    # Default logos
    { md5: '772f447bf727f9045aa3440ad30ebd40', url: 'images/cartweaver88x31.gif' },
    { md5: 'c69d6a93a877325c6f33f8ee4339ce8f', url: 'images/cartweaver80x15.gif' },

  ]
end

#CAStorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/castor.rb', line 9

WhatWeb::Plugin.define "CAStor" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-21
  @version = "0.1"
  @description = "CAStor is object storage software designed to store unstructured data also referred to as fixed content or reference information. This includes documents, e-mail, images, audio, video, voice mails, ring tones, and medical images and records."
  @website = "http://www.caringo.com/"

  # Data Sheets #
  # http://www.caringo.com/resources/datasheets.html

  # Google results as at 2011-09-21 #
  # 2 for intitle:"CAStor Node Status" +"CAStor Node IP"

  # ShodanHQ results as at 2011-09-21 #
  # 25 for CAStor Cluster
  #  2 for CAStor Reverse Proxy

  # Dorks #
  @dorks = [
    'intitle:"CAStor Node Status" "CAStor Node IP"'
  ]

  # Matches #
  @matches = [

    # HTML + Title + h2 Heading
    { url: "/", text: '<html><head><title>CAStor Node Status</title></head><body><h2>CAStor Node IP' },

    # HTTP Headers
    { search: "headers[server]", version: /^CAStor Cluster\/([^\s]+)$/ },
    { search: "headers[server]", module: /^CAStor (Reverse Proxy .+)$/ },
    { search: "headers[castor-system-totalgbavailable]", regexp: /^[\d]+$/ },
    { search: "headers[castor-system-totalgbcapacity]", regexp: /^[\d]+$/ },

  ]
end

#CaudiumObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved 2 patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/caudium.rb', line 12

WhatWeb::Plugin.define "Caudium" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-02
  @version = "0.2"
  @description = "Caudium is the name of a GPL-ed (free for commercial and personal use) web server written in Pike and in C. It is originally based on the Roxen Challenger 1.3 code base."
  @website = "http://www.caudium.net/"
  # More info: http://www.http-stats.com/X-Got-Fish

  # About 209 ShodanHQ results for Server: Caudium @ 2011-08-02

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^[\s]*Caudium\/([^\s^\r^\n]+)/, search: "headers[server]" },

    # Catch-All # HTTP Server Header
    { name: "HTTP Server Header", regexp: /^[\s]*Caudium[^\s^\r^\n]*/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Pike Version Detection # HTTP X-Got-Fish Header
    m << { module: "Pike:" + target.headers["x-got-fish"].to_s.scan(/^[\s]*Pike v([^\r^\n]+)/i).flatten.first.to_s } if target.headers["x-got-fish"].to_s =~ /^[\s]*Pike v([^\r^\n]+)/i

    m
  end
end

#CensuraObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-09 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/censura.rb', line 12

WhatWeb::Plugin.define "Censura" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-01
  @version = "0.2"
  @description = "Censura - the flexible, robust, reviews and ratings application."
  @website = "http://www.censura.info/"

  # 70 results for "Powered by: Censura" @ 2010-08-01

  # Dorks #
  @dorks = [
    '"Powered by: Censura"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by footer
    # The "brand removal" option is a one-off fee per license. There is a link within your client area to allow you to purchase a "brand removal" option.
    # http://www.censura.info/support/kb/article/000001
    { version: /Powered by: <a[^>]* href="http:\/\/www.censura.info">Censura<\/a> version ([\d\.]+)/ },

  ]
end

#CentreonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
 
# File 'lib/whatweb/plugins/centreon.rb', line 9

WhatWeb::Plugin.define "Centreon" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-09
  @version = "0.2"
  @description = "Centreon is a network, system, applicative supervision and monitoring tool, it is based upon Nagios."
  @website = "http://www.centreon.com/"

  # Google results as at 2011-11-11 #
  # 50 for intitle:"Centreon - IT & Network Monitoring" "Centreon Logo"
  #  4 for inurl:"centreon/main.php"

  # Dorks #
  @dorks = [
    'intitle:"Centreon - IT & Network Monitoring" "Centreon Logo"'
  ]

  # Matches #
  @matches = [

    # Login Page # Year Detection # Meta Generator
    { string: /<meta name="Generator" content="Centreon - Copyright \(C\) 2005 - (20[\d]{2}) Open Source Matters\. All rights reserved\." \/>/ },

    # Login Page # Year Detection # td id="LoginInvitcpy"
    { string: /<td id="LoginInvitcpy" colspan="2"><br \/>&copy; 2005-(20[\d]{2}) <a href="mailto:infos@centreon\.com">Centreon<\/a><\/td>/ },

    # Login Page # Logo HTML
    { text: '<td class="LoginInvitLogo" colspan="2"><img src="img/centreon.gif" alt="Centreon Logo" title="Centreon Logo" style="" /></td>' },

    # Login Page # Version Detection
    { version: /<tr>[\s]+<td class="LoginInvitVersion"><br \/>[\s]+([^\s^<]+)[\s]+<\/td>[\s]+<td class="LoginInvitDate"><br \/>/ },

  ]

  def aggressive(target)
    m = []

    versions = Hash[
                    "1.4.1" =>
                    [["include/common/javascript/functions.js",
                      "09937072e56b15c00406cd463e408e78"],
                     ["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "4b657d56eb66b6c76de6308fb7b6ed17"]],
                    "1.4.2" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "4b657d56eb66b6c76de6308fb7b6ed17"]],
                    "1.4.2.1" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "4b657d56eb66b6c76de6308fb7b6ed17"]],
                    "1.4.2.2" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "4b657d56eb66b6c76de6308fb7b6ed17"]],
                    "1.4.2.3" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "4b657d56eb66b6c76de6308fb7b6ed17"]],
                    "1.4.2.4" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "9ecebc30b3796242eb1c971dd13eb5e3"]],
                    "1.4.2.5" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "9ecebc30b3796242eb1c971dd13eb5e3"]],
                    "1.4.2.6" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "9ecebc30b3796242eb1c971dd13eb5e3"]],
                    "1.4.2.7" =>
                    [["include/monitoring/status/templates/serviceSchedule.ihtml",
                      "9ecebc30b3796242eb1c971dd13eb5e3"]],
                    "1.4.2.8" =>
                    [["include/views/graphs/graphODS/graphODSByHost.ihtml",
                      "44c6fa0c23e3ec470ae0675e07a64711"]],
                    "2.0" =>
                    [["include/monitoring/status/status-ndo/templates/metaService.xsl",
                      "ea4c470d4b394ad94a048892172a6e0d"]],
                    "2.0.1" =>
                    [["include/configuration/configResources/listResources.ihtml",
                      "47a71373ea0ffc719f27df78d37b2673"]],
                    "2.0.2" =>
                    [["include/common/javascript/functions.js",
                      "795243ce2f7c4ae08c1e441ee537ba65"]],
                    "2.1" =>
                    [["include/configuration/configObject/host/listHost.ihtml",
                      "2dc3be403ade882bb329def8039c0dfb"]],
                    "2.1.1" =>
                    [["include/configuration/configObject/host/listHost.ihtml",
                      "2dc3be403ade882bb329def8039c0dfb"]],
                    "2.1.2" =>
                    [["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.3" =>
                    [["include/monitoring/status/Services/xsl/service.xsl",
                      "a91d4421eece22b984d52c2dde9da4fb"],
                     ["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.4" =>
                    [["include/monitoring/status/Services/xsl/service.xsl",
                      "301b8f822cad37711e8f6bdbbb01d27d"],
                     ["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.5" =>
                    [["include/monitoring/objectDetails/template/serviceDetails.ihtml",
                      "50545ce4bcd327be9cac22f0b76e9627"],
                     ["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.6" =>
                    [["include/monitoring/objectDetails/template/serviceDetails.ihtml",
                      "92a8fa33943a18aa87ad7c17b5357c81"],
                     ["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.7" =>
                    [["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"]],
                    "2.1.8" =>
                    [["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"],
                     ["Themes/Centreon-2/style.css",
                      "c5ea4a47743e8296b7b2a833d2366b30"]],
                    "2.1.9" =>
                    [["include/configuration/configObject/service/listService.ihtml",
                      "102dabd2a494e4c5a5813db808d98b6b"],
                     ["include/configuration/configObject/host/listHost.ihtml",
                      "87e104f0287a280fef1194dd60cd2855"],
                     ["Themes/Centreon-2/style.css",
                      "c5ea4a47743e8296b7b2a833d2366b30"]],
                    "2.1.10" =>
                    [["Themes/Centreon-2/style.css",
                      "c5ea4a47743e8296b7b2a833d2366b30"],
                     ["include/home/tacticalOverview/tacticalOverview.ihtml",
                      "a2a13e046acb7e84dae8e1fe5f52e43e"]],
                    "2.1.11" =>
                    [["Themes/Centreon-2/style.css",
                      "c5ea4a47743e8296b7b2a833d2366b30"],
                     ["include/home/tacticalOverview/tacticalOverview.ihtml",
                      "4071ef8a8f0a555ceedb43c850ae2e7a"]],
                    "2.1.12" =>
                    [["Themes/Centreon-2/style.css",
                      "f81f143277155ea383276da090504e2b"]],
                    "2.1.13" =>
                    [["Themes/Centreon-2/style.css",
                      "f81f143277155ea383276da090504e2b"]],
                    "2.2.0" =>
                    [["include/common/javascript/xslt.js",
                      "747cf39e51507829fe7dfba73ae07bd6"]],
                    "2.2.1" =>
                    [["include/common/javascript/xslt.js",
                      "6f24fcbbd09c0ecf8c0f32a9473ecbfc"]],
                    "2.2.2" =>
                    [["include/common/javascript/xslt.js",
                      "6f24fcbbd09c0ecf8c0f32a9473ecbfc"]],
                    "2.3.0" =>
                    [["install/install.css",
                      "cdda9ffedc1d9a8677ef852daf24353c"],
                     ["include/configuration/configObject/service/listService.ihtml",
                      "670398d91d02092025a1adc8ec3c552d"],
                     ["include/options/accessLists/actionsACL/formActionsAccess.ihtml",
                      "53ccb52eff95b5d16f8c0a3461484603"]],
                    "2.3.1" =>
                    [["include/configuration/configObject/service/listService.ihtml",
                      "670398d91d02092025a1adc8ec3c552d"],
                     ["include/options/accessLists/actionsACL/formActionsAccess.ihtml",
                      "53ccb52eff95b5d16f8c0a3461484603"]],
                    "2.3.2" =>
                    [["include/configuration/configObject/service/listService.ihtml",
                      "e24ae26743857397fb30436d4fde63c8"],
                     ["include/configuration/configObject/service/listService.ihtml",
                      "1229b0d0bb71137b6687801937133f4b"],
                     ["include/configuration/configLoad/formLoadFiles.ihtml",
                      "bd699e606bcc933ac5879279c1d4d2b8"]],
                    "2.3.3" =>
                    [["include/configuration/configObject/service/listService.ihtml",
                      "e24ae26743857397fb30436d4fde63c8"],
                     ["include/configuration/configLoad/formLoadFiles.ihtml",
                      "bd699e606bcc933ac5879279c1d4d2b8"]],
                    "2.3.4" =>
                    [["include/configuration/configObject/service/formService.ihtml",
                      "0ef9f37123c715e760f4159b6b5cff45"],
                     ["include/configuration/configLoad/formLoadFiles.ihtml",
                      "4a4968a7d3b14f73c364a1859167ef89"]],
                    "2.3.8" =>
                    [["include/configuration/configLoad/formLoadFiles.ihtml",
                      "4a4968a7d3b14f73c364a1859167ef89"]],
                    "2.3.9" =>
                    [["include/views/graphs/graph.xsl",
                      "7cb9c6a65ad914c90f2ab7434f39e381"],
                     ["include/configuration/configLoad/formLoadFiles.ihtml",
                      "4a4968a7d3b14f73c364a1859167ef89"]],
                    ]
    v = WhatWeb::Matcher::Version.new("Centreon", versions, target.uri)

    version = v.matches_format

    # Return version matches from md5 hashes, if present
    unless version.empty?
      version.each { |ver|
        m << { name: "MD5 sums", version: ver }
      }
    end

    # Return aggressive matches
    m
  end
end

#CERNObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/cern.rb', line 9

WhatWeb::Plugin.define "CERN" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "The CERN httpd (also known as W3C httpd) is a generic public domain full-featured hypertext server which can be used as a regular HTTP server. Version 3.0A is the final version. It was generated July 15th 1996."
  @website = "http://www.w3.org/Daemon/"

  # ShodanHQ results as at 2011-03-13 #
  # 1,118 for CERN
  #   969 for CERN/3.0
  #    37 for CERN/3.0a

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^CERN\/([^\s]+)/ },

  ]
end

#CERVISObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/cervis.rb', line 9

WhatWeb::Plugin.define "CERVIS" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-02
  @version = "0.1"
  @description = "Community Event Registration and Volunteer Information System (CERVIS) is the most complete and customizable web-based volunteer management software available."
  @website = "https://www.cervistech.com/"

  # Google results as at 2012-05-02 #
  # 96 for "powered by CERVIS" "Contact Us" inurl:"console.php" inurl:"console_id"

  # Dorks #
  @dorks = [
    '"powered by CERVIS" "Contact Us" inurl:"console.php" inurl:"console_id"'
  ]

  # Matches #
  @matches = [

    # Powered by logo HTML
    { text: '<a href="http://www.cervistech.com" target="_blank"><img src="/acts/images/cervis_logo_sm.png" align=\'absmiddle\' border="0" />Powered by CERVIS</a>' },

    # Company Name Detection
    { string: /<meta name="title" content="(Volunteer)? Opportunities and Event Registration ([^"]+)" \/>/, offset: 1 },

  ]
end

#CGIProxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection and matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/cgiproxy.rb', line 12

WhatWeb::Plugin.define "CGIProxy" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-06
  @version = "0.2"
  @description = "This CGI script acts as an HTTP or FTP proxy. Through it, you can retrieve any resource that is accessible from the server it runs on."
  @website = "http://www.jmarshall.com/tools/cgiproxy/"

  # About 15 results for +filetype:cgi "Start browsing through this CGI-based proxy by entering a URL below" @ 2010-06-06

  @matches = [

    # GHDB Match
    # http://johnny.ihackstuff.com/ghdb?function=detail&id=531
    { ghdb: 'filetype:cgi "Start browsing through this CGI-based proxy by entering a URL below"', certainty: 75 },

    # Default title
    { text: '<title>Start Using CGIProxy</title>' },

    # Vesion detection
    { version: /<a href="http:\/\/www.jmarshall.com\/tools\/cgiproxy\/"><i>CGIProxy ([^<]+)<\/i><\/a>/ },

  ]
end

#cgitObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.1 # 2014-07-20 # Initial version



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/cgit.rb', line 12

WhatWeb::Plugin.define "cgit" do
  @author = "Fabian Affolter <[email protected]>" # 2014-07-20
  @version = "0.1"
  @description = "A web frontend for git repositories written in C."
  @website = "http://git.zx2c4.com/cgit/"

  # Matches #
  @matches = [
    # ID
    { text: "<div id='cgit'><table id='header'>" },

    # Default CSS
    { text: "<link rel='stylesheet' type='text/css' href='/cgit.css'/>" },

    # Footer
    { text: "<div class='footer'>Copyright &copy; 2000 &ndash; 20[\d]{2} Jason A. Donenfeld. All Rights Reserved.</div>" },

    # Generator
    { name: 'meta generator',
      text: "<meta name='generator' content='cgit v([^\s]+)'\/>" },

  ]

  # Passive #
  def passive(target)
    m = []
    # Version detection
    if /<meta name='generator' content='cgit v([^\s]+)'\/>/.match?(target.body)
      version = target.body.scan(/<meta name='generator' content='cgit v([^\s]+)'\/>/)[0][0]
      m << { version: version }
    end
    m
  end
end

#ChamiloObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/chamilo.rb', line 9

WhatWeb::Plugin.define "Chamilo" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-16
  @version = "0.1"
  @description = "Chamilo is a fully-fledged e-learning system. Chamilo can be connected to any open-specification system."
  @website = "http://www.chamilo.org/"

  # ShodanHQ results as at 2011-08-16 #
  # 2 for X-Powered-By Chamilo

  # Google results as at 2011-08-16 #
  # 709 for ("Plattform Chamilo"|"Portal Chamilo"|"Plataforma Chamilo") inurl:index.php?language=
  # 111 for "Congratulations! You have successfully installed your e-learning portal!" +Chamilo

  # Dorks #
  @dorks = [
    '("Plattform Chamilo"|"Portal Chamilo"|"Plataforma Chamilo") inurl:index.php?language=',
    '"Congratulations! You have successfully installed your e-learning portal!" "Chamilo"'
  ]

  # Matches #
  @matches = [

    # Major Version Detection # X-Powered-By Header
    { search: "headers[x-powered-by]", version: /^Chamilo ([\d\.]+)/ },

    # Help Link
    { text: '<link href="http://www.chamilo.org/documentation.php" rel="Help" />' },

    # Major Version Detection # Meta Generator
    { regexp: /<meta name="Generator" content="Chamilo ([\d\.]+)">/ },

    # HTML Comment
    { text: '<!-- end of #main" started at the end of banner.inc.php -->' },

    # Full Version Detection # Footer
    { version: /<\/div>(Portal|Plattform|Platform|Plataforma) <a href="http:\/\/www\.chamilo\.org\/?" target="_blank">Chamilo ([^<^\s]+)<\/a> &copy;/, offset: 1 },
    { version: /<div class="copyright">(Portal|Plattform|Platform|Plataforma) <a href="http:\/\/www\.chamilo\.org\/?" target="_blank">Chamilo ([^<^\s]+)<\/a> &copy;/, offset: 1 },

  ]
end

#CherokeeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/cherokee.rb', line 12

WhatWeb::Plugin.define "Cherokee" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "Cherokee is a very fast, flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, uWSGI, SSI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Load Balancing, Apache compatible log files, Data Base Balancing, Reverse HTTP Proxy, Traffic Shaper, Video Streaming and much more."
  @website = "http://www.cherokee-project.com/"

  # ShodanHQ results as at 2011-05-30 #
  # 3,196 for Cherokee

  @matches = [

    # Version Detection
    { name: "HTTP Server Header", version: /^Cherokee\/([^\s]+)/, search: "headers[server]" },

    # HTTP Server Header
    { name: "HTTP Server Header", regexp: /^Cherokee/, search: "headers[server]" },

  ]
end

#ChiliProjectObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/chiliproject.rb', line 9

WhatWeb::Plugin.define "ChiliProject" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-24
  @version = "0.1"
  @description = "ChiliProject is a web based project management system."
  @website = "https://www.chiliproject.org/"

  # ShodanHQ results as at 2012-07-24 #
  # 25 for _chiliproject_session

  # Google results as at 2012-07-24 #
  # 113 for "Powered by ChiliProject" intitle:"ChiliProject" -site:chiliproject.org

  # Dorks #
  @dorks = [
    '"Powered by ChiliProject" intitle:"ChiliProject" -site:chiliproject.org'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: 'Powered by <a href="https://www.chiliproject.org/">ChiliProject</a>' },

    # Meta Description
    { text: '<meta name="description" content="ChiliProject" />' },

    # HTML Comment
    { text: '<!-- page specific tags -->' },

    # Help Link # Version Detection
    { version: /<li><a href="https:\/\/www\.chiliproject\.org\/help\/v([^\s^"]+)" class="help">/ },

    # Set-Cookie # _chiliproject_session
    { search: "headers[set-cookie]", regexp: /_chiliproject_session=/ },

  ]
end

#chillyCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/chillycms.rb', line 9

WhatWeb::Plugin.define "chillyCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-08
  @version = "0.1"
  @description = "chillyCMS is a Content Management System. This is a software which allows you to create a website without any programming skills."
  @website = "http://chillycms.bplaced.net/"

  # 8 results for "powered by chillyCMS" @ 2010-09-08
  # 5 results for inurl:chillyCMS/core/show.site.php @ 2010-09-08

  # Dorks #
  @dorks = [
    'inurl:chillyCMS/core/show.site.php',
    '"powered by chillyCMS"'
  ]

  @matches = [

    # Default URL structure
    # { :ghdb=>'inurl:/chillyCMS/core/show.site.php' },

    # Powered by text
    { text: '	powered by <a href="http://FrozenPepper.de">chillyCMS</a>.' },
    { text: '	<p>&copy;2010 <a href="">demo.opensourcecms.com</a>,' },
    { text: '	<p>&copy;2010 <a href="">chillycms.bplaced.net</a>,' },

  ]
end

#ChinaCacheObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-23 # Updated regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/chinacache.rb', line 12

WhatWeb::Plugin.define "ChinaCache" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-30
  @version = "0.2"
  @description = "ChinaCache is a leading content distribution network (CDN) service provider in China. This header, vehicolated through squid, not only tells the world where the content is coming from, it also brings some (obscure) info with it. What is sure is that there is no open standard on how to use this server header field. Probably it is there only for debugging purposes by the employees of ChinaCache."
  @website = "http://www.chinacache.com/"

  # ShodanHQ results as at 2010-10-30 #
  # About 958 results for "Powered-By-ChinaCache"

  # Passive #
  def passive(target)
    m = []

    # powered-by-chinacache HTTP Header
    unless target.headers["powered-by-chinacache"].nil?
      m << { string: target.headers["powered-by-chinacache"].to_s }
    end

    # Return passive matches
    m
  end
end

#cInvoiceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/cinvoice.rb', line 9

WhatWeb::Plugin.define "cInvoice" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-06
  @version = "0.1"
  @description = "Forperfect cInvoice system - web-based invoice system. Requires PHP and MySQL."
  @website = "http://www.forperfect.com/seo/cinvoice.php"

  # Google results as at 2011-07-06 #
  # 37 for "Powered by cInvoice system"

  # Dorks #
  @dorks = [
    '"Powered by cInvoice system"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by footer
    { version: /<small>Powered by <a href="http:\/\/www\.forperfect\.com\/" class="footerlink">cInvoice system ([\d\.]+)<\/a><\/small>/ },

    # Footer table + td class=copyright
    { regexp: /\/images\/footer_bg\.gif" width="[\d]{2}%" align="center" cellspacing="1" cellpadding="1"><td class=copyright align="center">/ },

  ]
end

#CitrusDBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/citrusdb.rb', line 9

WhatWeb::Plugin.define "CitrusDB" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-11
  @version = "0.1"
  @description = "CitrusDB is a web based customer care and billing software solution (CC&B) - Requires PHP and MySQL"
  @website = "http://www.citrusdb.org/"

  # Google results as at 2012-04-11 #
  # 36 for intitle:CitrusDB "Enter your username and password" "username" "password"

  # Dorks #
  @dorks = [
    'intitle:CitrusDB "Enter your username and password" "username" "password"'
  ]

  # Matches #
  @matches = [

    # input
    { text: '<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"  onclick="password.value = calcMD5(password.value)" class=smallbutton>' },

    # logo html
    { certainty: 75, text: '<center><table><td valign=top><img src="images/my-logo.png">' },

  ]
end

#CitusCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/cituscms.rb', line 9

WhatWeb::Plugin.define "CitusCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-23
  @version = "0.1"
  @description = "CitusCMS - Open Source Content Management System"
  @website = "http://www.citus-cms.org/"

  # Google results as at 2011-06-23 #
  # 53 for "Powered by CitusCMS"

  # Dorks #
  @dorks = [
    '"Powered by CitusCMS"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '<title>Administration &#149; Webseitenname</title>' },

    # HTML Comment
    { text: '<!-- Powered by CitusCMS - http://www.citus-cms.org -->' },

    # Powered by text
    { text: 'Powered by <a href="http://www.citus-cms.org" target="_blank" title="Powered by CitusCMS"><strong>CitusCMS</strong></a>' },

    # Meta Generator
    { text: '<meta name="generator" content="CitusCMS - http://www.citus-cms.org" />' },
    { text: '<meta name="generator" content="CitusCMS [http://www.citus-cms.org]" />' },

    # Version Detection # HTML Comment
    { version: /<!-- CitusCMS Core Version: ([^\s]+) -->/ },

  ]
end

#ClanSphereObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/clansphere.rb', line 9

WhatWeb::Plugin.define "ClanSphere" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Free OpenSource Clan CMS"
  @website = "www.csphere.eu/index/clansphere/about"

  # Google results as at 2010-09-18 #
  # 45 for "powered by ClanSphere"

  # Dorks #
  @dorks = [
    '"powered by ClanSphere"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '<title>ClanSphere - News</title>' },

    # Meta generator
    { text: '<meta name="generator" content="ClanSphere" />' },

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/www.csphere.eu[^>]+>Clansphere[\ CSP]*/i },
    { regexp: /<a href="[\/]*index.php\?mod=clansphere&amp;action=about[^>]+>Powered by Clansphere[\ CSP]*/i },
    { regexp: /<a href="[\/]*index.php\?mod=clansphere&amp;action=about[^>]+>Clansphere[\ CSP]*/i },
    { regexp: /powered by <a href="http:\/\/www.clansphere.net[^>]+>ClanSphere Project<\/a>/ },

  ]
end

#ClarolineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/claroline.rb', line 9

WhatWeb::Plugin.define "Claroline" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "Claroline is an Open Source eLearning and eWorking platform allowing teachers to build effective online courses and to manage learning and collaborative activities on the web. Translated into 35 languages, Claroline has a large worldwide community"
  @website = "http://www.claroline.net/"

  # Google results as at 2011-03-24 #
  # 466 for "Powered by Claroline"

  # Dorks #
  @dorks = [
    '"Powered by Claroline"'
  ]

  # Matches #
  @matches = [

    # Year Detection # Indicates the age of install # Powered by text
    # `[^<]{1,20}` section is to detect multiple languages
    { string: /<div id="poweredBy">[^<]{1,20}<a href="http:\/\/www\.claroline\.net" target="_blank">Claroline<\/a> &copy; 2001 - (20[\d]{2})<\/div>/ },

    # link tags
    { certainty: 75, text: '<link href="http://www.claroline.net/documentation.htm" rel="Help" />' },
    { certainty: 75, text: '<link href="http://www.claroline.net/credits.htm" rel="Author" />' },
    { certainty: 75, text: '<link href="http://www.claroline.net" rel="Copyright" />' },

  ]
end

#ClickTaleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/clicktale.rb', line 9

WhatWeb::Plugin.define "ClickTale" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-26
  @version = "0.1"
  @description = "Customer Experience Analytics by ClickTale - discover everything visitors do on your website. Watch Visitor Recordings, Mouse Move Heatmaps, and Form Analytics."
  @website = "http://www.clicktale.com/"

  # Matches #
  @matches = [

    # div id="ClickTaleDiv"
    { text: '<div id="ClickTaleDiv" style="display: none;"></div>' },

  ]
end

#ClickyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/clicky.rb', line 9

WhatWeb::Plugin.define "Clicky" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-07
  @version = "0.1"
  @description = "Clicky - Real Time Web Analytics"
  @website = "https://www.getclicky.com/"

  # Matches #
  @matches = [

    # JavaScript
    { regexp: /<script[^>]+src=["'](https?:)?\/\/static\.getclicky\.com/i },

  ]
end

#ClientExecObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/clientexec.rb', line 9

WhatWeb::Plugin.define "ClientExec" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-23
  @version = "0.1"
  @description = "ClientExec is a comprehensive and flexible web hosting billing solution designed for customer billing, helpdesk, e-mail and (team) management and communication. ClientExec was conceived and built with small to mid-sized hosting companies in mind."
  @website = "http://www.clientexec.com/"

  # ShodanHQ results as at 2011-05-23 #
  # 74 for CLIENTEXEC
  # 33 for fuse=newedge

  # Google results as at 2011-05-23 #
  # 254 for intitle:"Support Center - Powered By ClientExec"

  # Dorks #
  @dorks = [
    'intitle:"Support Center - Powered By ClientExec"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- These should not have debug at the end for production -->' },

    # Default Title
    { text: '<title>Support Center - Powered By ClientExec</title>' },

    # Login Form HTML
    { text: '<form action="index.php?fuse=admin&amp;action=Login&amp;public=1" method="post"' },

    # Theme Detection
    { module: /<img class="logo" src="templates\/([^\/]+)\/images\/public\/caption_photo\.jpg" alt="clientexec" \/>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # CLIENTEXEC Cookie
    if /CLIENTEXEC=[a-z\d]{26,32}; path=\//.match?(target.headers["set-cookie"])

      m << { name: "CLIENTEXEC Cookie" }

      # Unauthorized Version Installed
      if /^Cannot access EnterLicense view directly$/.match?(target.body)
        m << { string: "Unauthorized Version" }
      end

    end

    # Return passive matches
    m
  end
end

#ClipBucketObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/clipbucket.rb', line 9

WhatWeb::Plugin.define "ClipBucket" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-18
  @version = "0.1"
  @description = "ClipBucket is an OpenSource Multimedia Management Script"
  @website = "http://clip-bucket.com"

  # ShodanHQ  results as at 2012-01-18 #
  # 193 for pageredir

  # Google results as at 2012-01-18 #
  # 370 for "Forged by ClipBucket"

  # Dorks #
  @dorks = [
    '"Forged by ClipBucket"'
  ]

  # Matches #
  @matches = [

    # Meta Copyright
    { string: /<meta name="copyright" content="ClipBucket - PHPBucket ClipBucket 2007 - (20[\d]{2})" \/>/ },

    # Meta Author
    { text: '<meta name="author" content="Arslan Hassan - http://clip-bucket.com/arslan-hassan" />' },

    # HTML Comments # Version Detection
    { text: '<!-- ClipBucket v2 -->', version: "2.x" },
    { version: /<!-- ClipBucket version ([\d\.]+) -->/ },

    # HTML Comments
    { text: '<!-- Setting Template Variables -->' },
    { text: '<!-- Forged by ClipBucket -->' },
    { text: '<!-- Forged by ClipBucket ends -->' },
    { text: '<!-- Please do not remove this unless you have license -->' },

    # Forged by ClipBucket
    { text: 'Forged by <a href="http://clip-bucket.com/">ClipBucket</a>' },

    # Set-Cookie # pageredir
    { search: "headers[set-cookie]", regexp: /pageredir=https?%3A%2F%2F/, certainty: 25 },

  ]
end

#ClipShareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/clipshare.rb', line 9

WhatWeb::Plugin.define "ClipShare" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.1"
  @description = "With a huge variety of features and options, at an extremely affordable price, ClipShare is the ultimate video script for starting your highly profitable video sharing community website just like the big boys: Youtube, DailyMotion, Metacafe, or Google Video."
  @website = "http://www.clip-share.com/"

  # Google results as at 2010-08-21 #
  # 204 for "powered by ClipShare"

  # Dorks #
  @dorks = [
    '"powered by ClipShare"'
  ]

  @matches = [

    { text: '<!--!!!!!!!!!!!!!!!!!!!!!!!!! Processing SCRIPT !!!!!!!!!!!!!!!!!!!-->' },
    { text: '<!--!!!!!!!!!!!!!!!!!!!!!!!! LIBRARY !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-->' },
    { text: 'Powered By <a href="http://www.clip-share.com">ClipShare</a>' },

  ]
end

#CloudFlareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-05-10 David P Robinson <[email protected]> Added regex to detect CloudFlare email address protection feature

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[] Change plugin name captilization



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/cloudflare.rb', line 18

WhatWeb::Plugin.define "CloudFlare" do
  @author = "Aung Khant <http://yehg.net/> & David P Robinson <[email protected]>" # 2011-02-04
  @version = "0.3"
  @description = "CloudFlare is a content delivery network. Its features include DDoS protection and Web Application Firewall functionality"
  @website = "https://www.cloudflare.com/"

  # Google results as at 2011-04-12 #
  # 14 for "Performance & Security by Cloudflare"

  # Dorks #
  @dorks = [
    '"Performance & Security by Cloudflare"'
  ]

  # Matches #
  @matches = [

    { name: 'access restricted iframe', text: '<iframe frameborder="0" width="100%" height="100%" src="http://anti-virus.cloudflare.com/cdn-cgi/anti-virus-challenge?h=' },

    { name: 'footer', text: '&nbsp;&nbsp;Performance &amp; Security by <a id="FooterCloudFlare" href="https://www.cloudflare.com" target="_blank">CloudFlare</a>' },

    { search: "headers[server]", regexp: /cloudflare\-nginx/, name: "server header" },

    { search: "headers[set-cookie]", regexp: /__cfduid/, name: "__cfduid cookie" },

    { name: "email address protection", regexp: /\/cdn-cgi\/l\/email-protection#[a-f0-9]{36}/ }

  ]
end

#CloudFrontObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/cloudfront.rb', line 9

WhatWeb::Plugin.define "CloudFront" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-02
  @version = "0.1"
  @description = "CloudFront Server"

  # ShodanHQ results as at 2010-11-02 #
  # 3,530 for X-Cache: Error from cloudfront
  # 3,532 for server cloudfront

  @matches = [

    # Error page
    { status: 403, text: "<html><body>Sorry, invalid request</body></html>" },

    # HTTP Server Header
    { search: "headers[server]", regexp: /^CloudFront/ },

    # HTTP X-Cache Header
    { search: "headers[x-cache]", regexp: /^Error from cloudfront/ },

  ]
end

#CMScontrolObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated regex and ghdb matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/cmscontrol.rb', line 12

WhatWeb::Plugin.define "CMScontrol" do
  @author = "Brendan Coles <bcoles at gmail dot com>" # 2010-06-15
  @version = "0.2"
  @description = "CMScontrol"
  @website = "http://www.cmscontrol.com/"

  # Google results as at 2010-06-15 #
  # 79 for +CMScontrol -"SQL Injection" -exploit +inurl:"index.php?id_menu="

  # Dorks #
  @dorks = [
    '"CMScontrol" -"SQL Injection" -exploit inurl:"index.php?id_menu="'
  ]

  @matches = [

    # 79 results for +CMScontrol -"SQL Injection" -exploit +inurl:"index.php?id_menu=" @ 2010-06-15
    { ghdb: '+CMScontrol inurl:"index.php?id_menu="', certainty: 25 },

    # Default meta generator
    { regexp: /<META name=[\"\']*generator[\"\']* content=[\"\']*CMScontrol eContent[\"\']*>/i },

    # Default meta formatter
    { regexp: /<META name=[\"\']*formatter[\"\']* content=[\"\']*CMScontrol eContent[\"\']*>/i },

    # Default meta abstract
    { regexp: /<META name=[\"\']*abstract[\"\']* content=[\"\']*CMScontrol[\"\']*>/i },

    # Default javascript in old versions
    { text: 'document.write("<ME"+"TA ht"+"tp-eq"+"uiv=\"REF"+"RESH\" con"+"tent=\"1.00; u"+"rl="+"index"+"."+"ph"+"p\">");' },

    # Default meta generator # 3.x
    { regexp: /<META NAME=[\"\']*generator[\"\']* CONTENT=[\"\']*CMScontrol rel 3.x[\"\']*>/i, version: '3.x' },

  ]
end

#CMScoutObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/cmscout.rb', line 9

WhatWeb::Plugin.define "CMScout" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.1"
  @description = "CMScout is a free and open-source CMS (Content management system) for Scouting related groups from around the world. A CMS is a piece of web software that makes it easy for you to install, and manage a website without needing to know any programming languages."
  @website = "http://www.cmscout.co.za/"

  # Google results as at 2010-08-22 #
  # 93 for "powered by CMScout"

  # Dorks #
  @dorks = [
    '"powered by CMScout"'
  ]

  @matches = [

    # Powered by text
    { regexp: /Powered by CMScout &copy;[\d\,]+ <a href="http:\/\/www.cmscout.za.net" title="CMScout Group" target="_blank">CMScout Group<\/a>/ },
    { text: '<!--Shows the CMScout and website copyright information. Please do not remove this without permission from the CMScout admin-->' },

  ]
end

#CMSimpleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website

Version 0.2 # Added version detection. Updated matches.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/cmsimple.rb', line 15

WhatWeb::Plugin.define "CMSimple" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-05
  @version = "0.3"
  @description = "CMSimple is a simple content management system for smart maintainance of small commercial or private sites."
  @website = "http://www.cmsimple.org/"

  # About 70,800 results for "Powered by CMSimple.dk" +welcome @ 2010-06-04

  # Dorks #
  @dorks = [
    '"Powered by CMSimple.dk" "welcome"'
  ]

  @matches = [

    # GHDB Match
    { ghdb: '"Powered by CMSimple.dk" welcome', certainty: 75 },

    # Meta generator
    { text: '<meta name="generator" content="CMSimple' },

    # Version detection # Meta generator
    { version: /<meta name="generator" content="CMSimple ([\d\.]+)[^>]*>/ },

  ]
end

#CMSQLiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/cmsqlite.rb', line 9

WhatWeb::Plugin.define "CMSQLite" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-18
  @version = "0.1"
  @description = "CMSQLite is a small, fast, flexible and complete Content-Management-System (CMS). "
  @website = "http://cmsqlite.net/"

  # Google results as at 2010-07-18 #
  # 25 results for "powered by CMSQLite"

  # Dorks #
  @dorks = [
    '"powered by CMSQLite"'
  ]

  @matches = [

    { text: '<div id="cmsqliteFooter"><span id="anchorFooter"><a href="http://www.cmsqlite.net" target="_blank">powered by CMSQLite</a></span></div></body></html>' },

    { text: '<meta name="generator" content="www.CMSQLite.net by www.Netzabdruck.de" />' },

  ]
end

#CmyDocumentObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/cmydocument.rb', line 9

WhatWeb::Plugin.define "CmyDocument" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-04
  @version = "0.1"
  @description = "CmyDocument is a Content Management and Document Management application"
  @website = "http://cmydocument.com/"

  # Google results as at 2011-11-04 #
  # 6 for inurl:"myDoclist.asp" intitle:"CmyDocument"

  # Dorks #
  @dorks = [
    'inurl:"myDoclist.asp" intitle:"CmyDocument"'
  ]

  # Matches #
  @matches = [

    # StyleSheet
    { text: '<link href="CmyDocument.css" rel="stylesheet" type="text/css">' },
    { text: '<link href="CmyDocument2.css" rel="stylesheet" type="text/css">' },
    { text: '<link rel="stylesheet" type="text/css" href="CmyDocument.css">' },

    # Shortcut Icon
    { text: '<link rel="SHORTCUT ICON" href="icon_cmydoc.ico">' },

    # HTML Comment
    { text: '<!-- footer (begin) --><!-- *** Note: Only licensed users are allowed to remove or change the following copyright statement. *** -->' },

    # Document View link
    { regexp: /<td style="white-space: nowrap;"><span class="aspmaker"><a href="myDocview\.asp\?(myDocID|ID)=[\d]+">View<\/a><\/span><\/td>/ },

  ]
end

#CodeIgniterProfilerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/code_igniter_profiler.rb', line 10

WhatWeb::Plugin.define "CodeIgniterProfiler" do
  @author = "Caleb Anderson"
  @version = "0.1"
  @description = "Find codeigniter profiler debug divs"

  def passive(target)
    m = []
    if target.body =~ /URI STRING/ && target.body =~ /Total Execution Time/ && target.body =~ /Controller Execution Time/ && target.body =~ /Loading Time Base Classes/
      m << { name: 'Found 4 strings' }
    end
    m
  end
end

#ColdFusionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2012-02-05 # Added header match. Updated matches. Updated version detection.

Version 0.2 # 2011-04-25 # Added cookie matches



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/whatweb/plugins/coldfusion.rb', line 15

WhatWeb::Plugin.define "ColdFusion" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-15
  @version = "0.3"
  @description = "Adobe ColdFusion application server and software enables developers to rapidly build, deploy, and maintain robust Internet applications for the enterprise."
  @website = "http://www.adobe.com/products/coldfusion/"

  # ShodanHQ results as at 2012-02-05 #
  # 6,536 for page-completion-status
  #   529 for page-completion-status Abnormal

  # Google results as at 2011-04-25 #
  # 30 for intitle:"ColdFusion Administrator Login"
  # 72 for intitle:"Login / Admin Area" ext:cfm

  # Dorks #
  @dorks = [
    'intitle:"ColdFusion Administrator Login"'
  ]

  # Matches #
  @matches = [

    # Admin Page # Title
    { text: '	<title>ColdFusion Administrator Login</title>' },

    # Admin Page # Meta Author
    { regexp: /<meta name="Author" content="Copyright (\(c\)\ )?[0-9]{4}-[0-9]{4} Macromedia( Corp|, Inc)\. All rights reserved\.">/ },

    # Admin Page # JavaScript
    { text: "	{   document.write(\"<link rel='STYLESHEET' type='text/css' href='./cfadmin_ns.css'>\");}" },

    # Admin Page # Form
    { text: '<form name="loginform" action="./enter.cfm" method="POST" onSubmit="cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));" >' },

    # Admin Page # input name="cfadminPassword"
    { text: '<input name="cfadminPassword" type="Password" size="15" style="width:15em;" class="label" maxlength="100" id="admin_login">' },

    # Admin Page # Copyright text
    { text: '	Macromedia, the Macromedia logo, Macromedia ColdFusion and ColdFusion are<br />' },

    # Admin Page # Logo HTML
    { text: '	<tr><td><img src="./images/mx_copyrframe.gif" width="2" height="57" border="0" alt="ColdFusion MX" hspace="10"></td>' },

    # /CFIDE/administrator/images/loginbackground.jpg # Version 9.x
    { url: '/CFIDE/administrator/images/loginbackground.jpg', md5: "596b3fc4f1a0b818979db1cf94a82220", version: "9.x" },

    # /CFIDE/administrator/images/AdminColdFusionLogo.gif # Version 7.x
    { url: "/CFIDE/administrator/images/AdminColdFusionLogo.gif", md5: "620b2523e4680bf031ee4b1538733349", version: "7.x" },

    # page-completion-status Header
    { search: "headers[page-completion-status]", certainty: 75, regexp: /(Abnormal|Normal)/ },

    # Set-Cookie # /CFAUTHORIZATION_cfadmin=/
    { search: "headers[set-cookie]", regexp: /CFAUTHORIZATION_cfadmin=/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # CFID and CFTOKEN cookie
    if target.headers["set-cookie"] =~ /CFID=/ && target.headers["set-cookie"] =~ /CFTOKEN=/
      m << { name: "CFID and CFTOKEN cookie" }
    end

    # Version detection using admin panel text
    if /Enter your RDS or Admin password below/.match?(target.body)

      if target.body =~ /Version:[\s]*([^<]+)<\/strong><br \/>/
        m << { version: $1.to_s.tr(',', ".") }
      end

    end

    # Return passive matches
    m
  end
end

#CollabtiveObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/collabtive.rb', line 9

WhatWeb::Plugin.define "Collabtive" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-10
  @version = "0.1"
  @description = "Collabtive - Open Source Collaboration"
  @website = "http://collabtive.o-dyn.de/"

  # Google results as at 2012-06-10 #
  # 21 for "Project Management" "Stay logged in" intitle:"Login" intitle:"Collabtive"

  # Dorks #
  @dorks = [
    '"Project Management" "Stay logged in" intitle:"Login" intitle:"Collabtive"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<title>Login @ Collabtive</title>' },

    # HTML Comments
    { text: '<!--<div id = "jslog" style = "color:red;position:absolute;top:60%;right:5%;width:300px;border:1px solid;background-color:grey;"></div>-->' },

    # Form HTML
    { text: '<form id = "loginform" name = "loginform" method="post" action="manageuser.php?action=login"  onsubmit="return validateCompleteForm(this,\'input_error\');">' },

  ]
end

#CollegiateLinkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/collegiatelink.rb', line 9

WhatWeb::Plugin.define "CollegiateLink" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-22
  @version = "0.1"
  @description = "CollegiateLink"
  @website = "http://www.collegiatelink.net/"

  # 120 for "Powered by CollegiateLink Version"
  # 109 for "Powered by CollegiateLink Version" inurl:"Community?action"

  # Dorks #
  @dorks = [
    '"Powered by CollegiateLink Version" inurl:"Community?action"'
  ]

  # Matches #
  @matches = [

    # Version detection # Powered by footer
    { version: /Powered by <a href="http:\/\/www\.collegiatelink\.net">CollegiateLink<\/a> Version ([\d\.]+)<\/p><div id="links">CollegiateLink uses / },

    # HTML Comments + divs + span classes
    { text: '</div></div></div><div class="salink"><span class="shadow"><!----></span></div></div><span class="clearDiv"><!----></span></div></div><span class="clearDiv"><!----></span><script type="text/javascript">' },

  ]
end

#ComancheObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/comanche.rb', line 9

WhatWeb::Plugin.define "Comanche" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-24
  @version = "0.1"
  @description = "Comanche is an open-source web server for Squeak. Comanche contains the server framework, which makes it possible to develop web applications entirely in Squeak, without the need to run an external web server."
  @website = "http://wiki.squeak.org/swiki"

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Comanche\/([^\s]+)/ },

  ]
end

#ComersusCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Updated description, added website, and changed name to ComersusCart

Version 0.2 removed :name and :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/comersus.rb', line 15

WhatWeb::Plugin.define "ComersusCart" do
  @author = "Andrew Horton"
  @version = "0.3"

  @description = "ComersusCart is an open-source shopping cart using ASP. Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus Cart is free and it can be used for commercial purposes. Full source code included and compatible with Windows and Linux Servers."
  @website = "http://www.comersus.com/"

  # <meta NAME="DESCRIPTION" CONTENT="Powered by Comersus http://www.comersus.com">
  # <title>Tarkenton Sports, Inc. Powered by Comersus ASP Shopping Cart Open Source - http://www.comersus.com - http://www.1aspshoppingcart.com</title>
  # <a href="comersus_showCart.asp">
  # <a href="comersus_dynamicIndex.asp">Home</a>

  # <title>specialequipment Powered by Comersus ASP Shopping Cart Open Source - http://www.comersus.com - http://www.1aspshoppingcart.com</title>
  # <meta NAME="DESCRIPTION" CONTENT="Powered by Comersus http://www.comersus.com - ASP shopping cart software for Windows and Linux with Access, SQL Server or mySQL - easy to configure, Open Source and Free">
  # Powered by <a href="asp_shopping_cart_download.html">Comersus</a> 4.36 Sophisticated ASP Shopping Cart Open Source</b>

  @matches = [
    { regexp: /<meta NAME="DESCRIPTION" CONTENT="Powered by Comersus http:\/\/www.comersus.com">/i },
    { regexp: /<title>[^<]*Powered by Comersus ASP Shopping Cart Open Source[^<]*<\/title>/i },
    { regexp: /<a href="[^"]*comersus_showCart.asp">/i },
    { regexp: /Powered by <[^>]*>Comersus<\/a>/i }
  ]
end

#CommonSpotObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-17 # Brendan Coles <[email protected]> Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/commonspot.rb', line 12

WhatWeb::Plugin.define "CommonSpot" do
  @author = "Tonmoy Saikia"
  @version = "0.2"
  @description = "The CommonSpot Web content management solution (Web CMS) increases the value of content by creating engaging Web experiences that generate high impact results."
  @website = "http://www.paperthin.com/"

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta[^>]+name="Generator"[^>]+content="CommonSpot[^"]+"[^>]*\/>/ },

    # img tags
    { regexp: /<img[^>]+src="[^"]+commonspot[^"]+"[^>]*\/>/ },

    # commonspot.css
    { regexp: /<link[^>]+href="[^"]commonspot\/commonspot\.css"[^>]+\/>/ },

    # Version Detection # Meta Generator
    { version: /<meta[^>]+name="Generator"[^>]+content="CommonSpot[^\d^"]+([\d\.]+)"[^>]*\/>/ },

  ]
end

#ComprafacilObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/comprafacil.rb', line 9

WhatWeb::Plugin.define "Comprafacil" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "Web shop app [Brazilian]"
  @website = "http://www.comprafacil.com.br/"

  # Google results as at 2011-05-19 #
  # 81 for inurl:"viewSection.jsf" ext:jsf

  # Dorks #
  @dorks = [
    'inurl:"viewSection.jsf" ext:jsf'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: '<a id="seloPowered" href="http://www.comprafacil.com.br"><img alt="Powered by Comprafacil" src="' },

    # Meta Author
    { text: '<meta name="author"      content="HERMES SA" />' },
    { text: '<meta name="author" content="HERMES SA" />' },

  ]
end

#ConfluenceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-19 # Updated version detection Added HTTP header matches

Version 0.2 # Updated version detection



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/whatweb/plugins/confluence.rb', line 16

WhatWeb::Plugin.define "Confluence" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-06
  @version = "0.3"
  @description = "Confluence combines powerful online authoring capabilities, deep Office integration and an extensive plugin catalog to help people work better together and share information effortlessly."
  @website = "http://www.atlassian.com/software/confluence/"

  # ShodanHQ results as at 2011-03-19 #
  # 13 for x-confluence

  # Google results as at 2011-03-19 #
  # 144 for "Atlassian Confluence" +"the Enterprise Wiki" +"Intranet software for documentation and knowledge management" +"Report a bug"

  # Matches #
  @matches = [

    # GHDB Match
    { certainty: 75, ghdb: '"Atlassian Confluence" "the Enterprise Wiki" "Intranet software for documentation and knowledge management" "Report a bug"' },

    # Meta confluence-context-path
    { text: '<meta id="confluence-context-path" name="confluence-context-path" content="">' },

    # Powered by text
    { text: '<li class="noprint"><a href="http://www.atlassian.com/software/confluence" class="hover-footer-link">Atlassian Confluence</a>' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www\.atlassian\.com\/software\/confluence"[^>]*>Atlassian Confluence<\/a> ([\d\._]+)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # x-confluence-cluster-node
    m << { name: "x-confluence-cluster-node header" } if target.headers["x-confluence-cluster-node"]

    # x-confluence-request-time
    m << { name: "x-confluence-request-time header" } if target.headers["x-confluence-request-time"]

    # Return passive matches
    m
  end
end

#ConfToolObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/conftool.rb', line 9

WhatWeb::Plugin.define "ConfTool" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-24
  @version = "0.1"
  @description = "ConfTool is a Web-based event management system that was developed to support the organization of conferences, workshops, congresses and seminars. - Hompage: http://www.conftool.net/"

  # Google results as at 2011-06-24 #
  # 72 for "ConfTool Conference Administration" "User name or e-mail"

  # Dorks #
  @dorks = [
    '"ConfTool Conference Administration" "User name or e-mail"'
  ]

  # Matches #
  @matches = [

    # h2 heading
    { text: '<h2 align=center>ConfTool Conference Administration</h2>' },

    # Username input # Standard Edition
    { string: "Standard", text: '<td class="td_dlg_input" width=67% align=left><input type=text name=\'ctusername\' tabindex=2 size=35></td></tr>' },

    # Version Detection # Pro Edition
    { string: "Pro", version: /<td align="right" nowrap><a href="http:\/\/www\.conftool\.net\/"><span class="[^"]+">Conference Software - <\/span><span class="[^"]+">[\s]+(VSIS )?ConfTool( Pro)? ([^<^\s]+)<\/span><\/a><BR>/, offset: 2 },

    # Version Detection # Standard Edition
    { string: "Standard", version: /<td align="right" nowrap><span class="normal8"><a href='http:\/\/www\.conftool\.net'>(Conference |Web-based |Event |Abstract )?(Management|Conference) (Software|System) - VSIS <b>ConfTool<\/b><\/a> Standard ([^<^\s]+)<\/span><BR>/, offset: 3 },

  ]
end

#Connect2Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/connect2.rb', line 12

WhatWeb::Plugin.define "Connect2" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "Message Handling System (MHS) is an important early email protocol developed by Novell. A compatible family of products from Infinite Technologies ( now Captaris - http://www.captaris.com ) and marketed under the name Connect2 were also very widely used as part of MHS-based email networks. - More info: http://en.wikipedia.org/wiki/Message_Handling_System"

  # ShodanHQ results as at 2011-05-31 #
  # 25 for Web Services Module

  @matches = [
    # HTTP Server Header
    { regexp: /for Connect2-SMTP/, search: "headers[server]" },

    # HTTP Server Header # Module Detection
    { module: /^(Web Services Module [^\s]+ \([\d]+\)) for Connect2-SMTP$/, search: "headers[server]" },

  ]
end

#ContentXXLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/contentxxl.rb', line 9

WhatWeb::Plugin.define "ContentXXL" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "ContentXXL - CMS [German] - Requires: .NET"
  @website = "http://www.contentxxl.de/"

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="contentXXL Business Content Management System  ([^\(]+)\([^\)]+\) \/ contentXXL International GmbH \/ www.contentxxl.de" [\/]?>/ },

    # .NET Version Detection # Meta Generator
    { string: /<meta name="generator" content="contentXXL Business Content Management System  [^\(]+\(([^\)]+), [^,^>]+, (Release|Debug)\) \/ contentXXL International GmbH \/ www.contentxxl.de" [\/]?>/ },

  ]
end

#CookiesObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2011-05-14 # Brendan Coles <[email protected]> Changed @cookies to target.headers to support recursive mode

Version 0.4 # 2011-04-08 # Brendan Coles <[email protected]> Added username and localfile path detection for cookies containing public_html

Version 0.3 # 2011-01-30 # Brendan Coles <[email protected]> Fixed regex bug # Cookies were always split by “=” even when it wasn’t present

Version 0.2 removed :certainty=>100



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/cookies.rb', line 21

WhatWeb::Plugin.define "Cookies" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "Display the names of cookies in the HTTP headers. The values are not returned to save on space."

  # ShodanHQ results as at 2011-04-08 #
  # 2,527,334 for set-cookie
  # 37 for set-cookie path home public_html
  # 17 for set-cookie path=/home/ /public_html

  # Passive #
  def passive(target)
    m = []

    unless target.headers["set-cookie"].nil? || target.headers["set-cookie"].empty?

      # Extract cookie names
      target.headers["set-cookie"].split("\n").each do |cookie|
        m << { string: cookie.split("=")[0] } if cookie =~ /=/
      end

      # Detect local file paths containing public_html
      if /path=\/home[\d]*\/([^\/]+)\/public_html\//.match?(target.headers["set-cookie"].to_s)
        m << { account: target.headers["set-cookie"].to_s.scan(/path=\/home[\d]*\/([^\/]+)\/public_html\//).flatten }
        m << { filepath: target.headers["set-cookie"].to_s.scan(/path=(\/home[\d]*\/[^\/]+\/public_html\/)/).flatten }
      end

    end

    # Return passive match
    m
  end
end

#CoppermineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2016-04-17 # Andrew Horton Updated description and added website

Version 0.3 Uses :version=>//

Version 0.2 removed :name and :certainty=>100



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/coppermine.rb', line 18

WhatWeb::Plugin.define "Coppermine" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "Open-source Photo Gallery powered by PHP & MySQL"
  @website = "http://www.coppermine-gallery.net/"

  #  Coppermine version: 1.4.19
  # <!--
  #   SVN version info:
  #   Coppermine version: 1.4.19
  #   $Revision: 4392 $
  #   $LastChangedBy: gaugau $
  #   $Date: 2008-04-16 09:25:35 +0200 (Mi, 16 Apr 2008) $
  # -->
  # <!-- BEGIN album_list -->
  # Powered by <a href="http://coppermine-gallery.net/" title="Coppermine Photo Gallery" rel="external">Coppermine Photo Gallery</a>
  # <!--Coppermine Photo Gallery 1.4.19 (stable)-->

  # with joomla
  # <!-- +++++++++++++++++++ coppermine begin +++++++++++++++++++ -->

  # <title>Coppermine Photo Gallery - Home</title>
  # <!--Coppermine Photo Gallery 1.3.2-->
  # Powered by <a href="http://coppermine.sf.net/" target="_blank">Coppermine Photo Gallery</a>

  # <!--Coppermine Photo Gallery 1.4.10 (stable)-->
  # Powered by <a href="http://coppermine.sourceforge.net/" title="Coppermine Photo Gallery" rel="external">Coppermine Photo Gallery</a>

  # <a href="displayimage.php?album=lastup&amp;cat=0&amp;pos=6">

  @matches = [

    { text: "<title>Coppermine Photo Gallery - Home</title>" },
    { regexp: /Coppermine version: ([0-9\.]+)[ \n]*\$Revision/ },
    { text: "<!-- BEGIN album_list -->" },
    { name: "powered by link",
      regexp: /Powered by <a href="http:\/\/(coppermine-gallery.net|coppermine.sf.net|coppermine.sourceforge.net)\/" [^>]+>Coppermine Photo Gallery<\/a>/ },
    { regexp: /<!--Coppermine Photo Gallery ([\d\.]+)[^>]+-->/ },
    { name: "displayimage.php url",
      certainty: 50,
      regexp: /<a href="[^"]*\/displayimage.php\?album=[a-z0-9]+&pos=">/ }, # "

    { version: /<!--Coppermine Photo Gallery ([\d\.]+[^>]+)-->/, name: "<!--Coppermine Photo Gallery" } # "

  ]
end

#CouchPotatoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/couchpotato.rb', line 9

WhatWeb::Plugin.define "CouchPotato" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-09
  @version = "0.1"
  @description = "CouchPotato is an automatic NZB and torrent downloader"
  @website = "http://couchpotatoapp.com/"

  # Google results as at 2012-01-09 #
  # 38 for "Update (diff) available: update now , Check for new version"

  # Dorks #
  @dorks = [
    '"Update (diff) available: update now , Check for new version"'
  ]

  # Matches #
  @matches = [

    # html
    { text: '<html><body><h1>Error 401 Unauthorized</h1>Something unexpected has happened.</body></html>', certainty: 25 },

    # Footer # Version Detection
    { version: /<a href="\/cron\/force\/">Force check<\/a> \)[\s]+<\/div>[\s]+<div id="version">[\s]+Version: <em>([^\s^<]+)<\/em>/ },

    # Default Favicon
    { md5: "a59c6fead5d55050674f327955df3acb", url: "/static/images/favicon.ico" },

    # Default Apple Touch Icon
    { md5: "4814f0d48b2944e48d474325fc4a0f86", url: "/static/images/homescreen.png" },

  ]
end

#CougarObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/cougar.rb', line 12

WhatWeb::Plugin.define "Cougar" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-27
  @version = "0.2"
  @description = "Cougar video conferencing server"
  @website = "http://www.cougarconference.com/"

  # ShodanHQ results as at 2011-07-27 #
  # 21,987 for Cougar
  # 21,026 for Cougar Supported

  @matches = [

    { search: "headers[server]", version: /^Cougar\/([\d\.]+)$/ }

  ]
end

#coWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/cowiki.rb', line 12

WhatWeb::Plugin.define "coWiki" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-22
  @version = "0.2"
  @description = "coWiki - wiki"
  @website = "http://www.cowiki.org/"

  # Google results as at 2010-07-22 #
  # 8 for "powered by coWiki"

  # Matches #
  @matches = [

    # HTML Comment
    { version: /<!-- Generated by coWiki ([^ ]+) \((http:\/\/www.develnet.org|http:\/\/www.cowiki.org)\) -->/ },

    # Meta Generator
    { version: /<meta name="generator" content="coWiki ([^,]+), (http:\/\/www.develnet.org|http:\/\/www.cowiki.org)"[^>]*>/ },

  ]
end

#cPanelObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2011-08-04 Andrew Horton - added default meta refresh page

Version 0.4 # 2011-04-06 # Brendan Coles <[email protected]> Added /cgi-sys/defaultwebpage.cgi and /img-sys/header.jpg aggressive matches

Version 0.3 # Brendan Coles <[email protected]> Added version detection. Added OS detection.

Version 0.2 removed :name and :certainty=>100



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/whatweb/plugins/cpanel.rb', line 20

WhatWeb::Plugin.define "cPanel" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "Site configuration and management software application. Supporting many operating systems while allowing endusers to control every aspect of their webhosting experience."
  @website = "http://www.cpanel.net/"

  # Google results as at 2012-04-11 #
  # 899 for inurl:":2082/frontend" -demo
  # 487 for inurl:":2095/webmail/x3"

  # Dorks #
  @dorks = [
    'inurl:":2082/frontend" -demo',
    'inurl:":2095/webmail/x3"'
  ]

  # Matches #
  @matches = [

    # Welcome Page # Default title
    { text: "<title>cPanel&reg;</title>" },

    # Welcome Page # Default logo HTML
    { text: '<div id="footer_images"><img src="sys_cpanel/images/powered_by.gif" />' },

    # Welcome Page # Default text
    { text: "Apache is working on your cPanel<sup>&reg;</sup> and WHM&#8482; Server" },

    # Default meta refresh redirection webpage
    { text: '<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>' },

    # Login Page # Default CSS
    { regexp: /<link rel="stylesheet" href="[^>^"]*\/unprotected\/cpanel\/style_optimized\.css" type="text\/css" \/>/ },

    # Version Detection # Login page # Default title
    { version: /<title>cPanel&reg;[\s]{0,2}([\d\.]+)<\/title>/ },

    # Aggressive # /cgi-sys/defaultwebpage.cgi
    { url: "/cgi-sys/defaultwebpage.cgi", text: '<p class="troubleshoot">It may be possible to restore access to this site by <a href="http://www.cpanel.net/docs/dnscache/cleardns.html">following these instructions</a> for clearing your dns cache.</p>' },

    # Aggressive # /img-sys/header.jpg
    { url: "/img-sys/header.jpg", md5: "b0f3863b68ff707c3fb586bd87b4f9c6" },

    # Version Detection # HTTP Server header
    { search: "headers[server]", version: /^cpsrvd\/([\d\.]+)$/ },

  ]
end

#cPassManObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/cpassman.rb', line 9

WhatWeb::Plugin.define "cPassMan" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-12
  @version = "0.1"
  @description = "cPassMan is a Passwords Manager dedicated for managing passwords in a collaborative way. It is especially designed to provide passwords access security for allowed people."
  @website = "http://www.cpassman.org/"

  # Google results as at 2011-04-12 #
  # 63 results for intitle:"Collaborative Passwords Manager"

  # Dorks #
  @dorks = [
    'intitle:"Collaborative Passwords Manager"'
  ]

  # Matches #
  @matches = [

    # Login page # Default title
    { text: '<title>Collaborative Passwords Manager</title>' },

    # Version detection # Login page
    { version: /<a href="http:\/\/cpassman.org[\/]?" target="_blank">cPassMan<\/a> ([^\ ]+)/ },

    # License HTML
    { text: '<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/" title="Collaborative Passwords Manager by Nils Laumaill&#233; is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License" target="_blank">' },

  ]
end

#cpCommerceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/cpcommerce.rb', line 9

WhatWeb::Plugin.define "cpCommerce" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-14
  @version = "0.1"
  @description = "Web shopping cart"
  @website = "http://cpcommerce.org/"

  # 58 results for "powered by cpCommerce" @ 2010-08-14

  @matches = [

    { text: '        Powered by cpCommerce' },
    { text: '    <title>cpCommerce by Matthew Wilkin</title>' },
    { text: 'Powered by <a href="http://cpcommerce.cpradio.org/" target="_blank">cpCommerce</a>.' },
    { text: 'Powered by <a href="http://cpcommerce.org/" target="_blank">cpCommerce</a>.' },

  ]
end

#CrazyEggObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/crazyegg.rb', line 9

WhatWeb::Plugin.define "CrazyEgg" do
  @author = "Peter van der Laan"
  @version = "0.1"
  @description = "Visualizes where your visitors click"
  @website = "http://www.crazyegg.com/"

  @matches = [

    # HTML
    { text: "cetrk.com" },
    { account: /dnn506yrbagrg\.cloudfront\.net\/pages\/scripts\/(\d+\/\d+)/ }

  ]
end

#crossdomain_xmlObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/crossdomain.xml.rb', line 9

WhatWeb::Plugin.define "crossdomain_xml" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-09
  @version = "0.1"
  @description = "This plugin extracts allowed domain from crossdomain.xml"

  # 61 results for ext:xml "allow-access-from domain" inurl:"crossdomain.xml"

  # Matches #
  @matches = [

    # Default text
    { text: '<cross-domain-policy>', path: "crossdomain.xml" },

    { text: '<site-control permitted-cross-domain-policies="none"/>', string: "none", module: "Permit", path: "crossdomain.xml" },

    # Extract allowed domains
    { string: /<allow-access-from domain="([^"]+)"/, path: "crossdomain.xml", module: "Allow" },

  ]
end

#CrushFTPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Replaced passive function with matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/crushftp.rb', line 12

WhatWeb::Plugin.define "CrushFTP" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-02
  @version = "0.2"
  @description = "A full-scale FTP server by Ben Spink written in Java using the SWING user interface libraries. [Mac OS/Windows/Linux]"
  @website = "http://www.crushftp.com/"

  # ShodanHQ results as at 2011-04-02 #
  # 33 for CrushFTP

  # Matches #
  @matches = [

    # JavaScript
    { certainty: 25, text: '<script type="text/javascript" src="crushftp_functions.js"></script>' },

    # HTTP Server header
    { regexp: /^CrushFTP /, search: "headers[server]" },

    # Version Detection # HTTP Server
    { version: /^CrushFTP (HTTP[\d]? Server )?Version ([\d\.]+)$/, offset: 1, search: "headers[server]" },

    # CrushAuth Cookie
    { name: "CrushAuth Cookie", regexp: /^CrushAuth=/, search: "headers[set-cookie]" },

    # WWW-Authenticate
    { name: "WWW-Authenticate", version: /^Basic realm="CrushFTP Server Version ([\d\.]+)"$/, search: "headers[www-authenticate]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server header
    if /^CrushFTP /.match?(target.headers["server"])

      # Account Detection # X-dmUser
      m << { account: target.headers["x-dmuser"] } unless target.headers["x-dmuser"].nil?
    end

    # Return passive matches
    m
  end
end

#CruxCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/cruxcms.rb', line 9

WhatWeb::Plugin.define "CruxCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-10
  @version = "0.1"
  @description = "CruxCMS - Online Content Manager"
  @website = "http://www.cruxsoftware.co.uk/"

  # 10 results for "powered by Crux CMS" -vulnerability @ 2010-07-10

  # Dorks #
  @dorks = [
    '"powered by Crux CMS" -vulnerability'
  ]

  # Matches #
  @matches = [

    { text: '<font color="#666666"><center>Powered by <a href="http://www.cruxcms.co.uk">Crux CMS</a></center> </font>' },

    { text: '<font color="#666666"><center>Powered by <a href="http://www.cruxsoftware.co.uk">Crux CMS</a></center> </font>' },

    { text: '<meta name="Generator" content="Created by CruxCMS http://www.cruxsoftware.co.uk">' },

    { text: '<meta name="Generator" content="Created by Crux CMS http://www.cruxcms.co.uk">' },

  ]
end

#CruxPAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/cruxpa.rb', line 9

WhatWeb::Plugin.define "CruxPA" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-10
  @version = "0.1"
  @description = "CruxPA - Simple, easy to use task list/CRM"
  @website = "http://www.cruxsoftware.co.uk/"

  # Dorks #
  @dorks = [
    '"Powered By CruxPA"'
  ]

  # Matches #
  @matches = [

    { text: '<div id="copy"><center>Powered By <a href="http://www.cruxsoftware.co.uk">CruxPA</a><br>' },

  ]
end

#CSCSSMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-12 # Updated regex match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/cscssm.rb', line 12

WhatWeb::Plugin.define "CSCSSM" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-23
  @version = "0.2"
  @description = "CSCSSM Proxy server"

  # ShodanHQ results as at 2010-10-23
  # 117 for Proxy-agent:CSCSSM

  # Passive #
  def passive(target)
    m = []

    # Proxy-Agent HTTP Header
    m << { name: "Proxy-Agent HTTP Header" } if target.headers["proxy-agent"].to_s =~ /^[\s]*CSCSSM/
    # Return passive matches
    m
  end
end

#CubeCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/cubecart.rb', line 12

WhatWeb::Plugin.define "CubeCart" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-10
  @version = "0.2"
  @description = "CubeCart is an out of the box ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support."
  @website = "http://www.cubecart.com/"

  # Google results as at 2010-09-10 #
  # 492 results for intitle:"powered by cubecart"
  # 643 results for "powered by cubecart"

  # Dorks #
  @dorks = [
    'intitle:"powered by cubecart"',
    '"powered by cubecart"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: "<div class='txtCopyright'>Powered by <a href='http://www.cubecart.com' class='txtCopyright' target='_blank'>CubeCart</a>" },

    # Default title
    { regexp: /<title>[^<]{1,256} \(Powered by CubeCart\)<\/title>/ },

    # Version Detection # Powered by text
    { version: /<p class="defaultText">Powered by CubeCart version ([\d\.]+)<br \/>/ },

  ]
end

#CultBookingObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/cultbooking.rb', line 9

WhatWeb::Plugin.define "CultBooking" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "A comprehensive and free-of-charge Internet Booking Engine (IBE)"
  @website = "http://www.cultuzz.com/cultbooking"

  # Google results as at 2011-03-13 #
  # 29 for inurl:cultbooking.php filetype:php

  # Dorks #
  @dorks = [
    'inurl:cultbooking.php filetype:php'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 75, ghdb: "inurl:cultbooking.php filetype:php" },

    # Promotion Code Input # English
    { text: '<tr><td width="3%" align="center"><img src="img/default/small/pfeil_vor.gif" id="up2"/></td><td width="32%"> <p>Enter the promotioncode (if any)</p></td><td><input size="10" maxlength="20" name="promotionCode" align="right" value="" >' },

    # Promotion Code Input # English
    { text: '<tr><td width="3%" align="center"><img src="img/default/small/pfeil_vor.gif" id="up2"/></td><td width="45%"> <p>Enter the promotion code (if any)</p></td><td><input size="10" maxlength="20" name="promotionCode" align="right">' },

    # Promotion Code Input # German
    { text: '<tr><td width="3%" align="center"><img src="img/default/small/pfeil_vor.gif" id="up2"/></td><td width="45%"> <p>Promotioncode eingeben (falls vorhanden)</p></td><td><input size="10" maxlength="20" name="promotionCode" align="right">' },

    # Font Size Links # English
    { text: '<span class="font" onclick="small();"> <img src="img/default/small.gif" alt="small font"> </span> <span class="font" onclick="medium();"><img src="img/default/medium.gif" alt="medium font" > </span> <span class="font" onclick="large();"> <img src="img/default/large.gif" alt="large font"></span></td>' },

    # Font Size Links # German
    { text: '<span class="font" onclick="small();"> <img src="img/default/small.gif" alt="small font"> </span> <span class="font" onclick="medium();"><img src="img/default/medium.gif" alt="medium font" > </span> <span class="font" onclick="large();"> <img src="img/default/large.gif" alt="large font"></span></td>' },

  ]
end

#CUPSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/cups.rb', line 9

WhatWeb::Plugin.define "CUPS" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-05
  @version = "0.1"
  @description = "Common UNIX Printing System (CUPS)"
  @website = "http://www.cups.org/"

  # ShodanHQ results as at 2011-12-05 #
  # 19 for CUPS Upgrade

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^CUPS\/([^\s]+)$/ },

    # Upgrade Header
    { search: "headers[upgrade]", regexp: /^TLS\/1\.0,HTTP\/1\.1$/, certainty: 25 },

  ]
end

#CuteFlowObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/cuteflow.rb', line 9

WhatWeb::Plugin.define "CuteFlow" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-20
  @version = "0.1"
  @description = "CuteFlow - web-based workflow management"
  @website = "http://sourceforge.net/projects/cuteflow/"

  # ShodanHQ results as at 2012-06-20 #
  # 8 for strMyLanguage

  # Google results as at 2012-06-20 #
  # 30 for intitle:"CuteFlow" "CuteFlow - Document circulation system" "Login" "Username" "Password" "Language"

  # Dorks #
  @dorks = [
    'intitle:"CuteFlow" "CuteFlow - Document circulation system" "Login" "Username" "Password" "Language"'
  ]

  # Matches #
  @matches = [

    # Powered by footer # Version Detection
    { version: /<a href="http:\/\/cuteflow\.org" target="_blank"><img src="images\/cuteflow_logo_small\.png" border="0"\s?\/><\/a><br>\s+<strong style="font-size:8pt;font-weight:normal">Version ([^\s^<]+)<\/strong><br>/ },

    # Set-Cookie # strMyLanguage
    { search: "headers[set-cookie]", regexp: /^strMyLanguage=/ },

  ]
end

#Cyn_inObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/cyn.in.rb', line 9

WhatWeb::Plugin.define "Cyn_in" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.1"
  @description = "Cyn.in is a collaboration software that inter-connects your people with each other and their collective knowledge, seamlessly."
  @website = "http://www.cynapse.com/cynin"

  # 140 for "Powered by cyn.in" "free open source edition"
  #  25 for "Powered by cyn.in" "free open source edition" inurl:mail_password_form

  # Dorks #
  @dorks = [
    '"Powered by cyn.in" "free open source edition"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="cyn.in - http://cyn.in" />' },

    # Aggressive # /favicon.ico
    { md5: "3640b38549e4eeb872f66ec53ee27842", url: "/favicon.ico" },

    # Version Detection # Powered by text
    { version: /<a href="http:\/\/www\.cynapse\.com\/cynin" target="_blank" class="smallcolophonmainlink">Powered by cyn\.in v([^\s]+) - free open source edition<\/a>/ },

  ]
end

#DaDaBIKObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/dadabik.rb', line 9

WhatWeb::Plugin.define "DaDaBIK" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "DaDaBIK is an Open Source PHP application which allows you to easily create a highly customizable database front-end/application without coding. You can use it to create in a few minutes a very basic CRUD (create, read, update, delete) database front-end or to develop a more sophisticated database application. DaDaBIK uses the ADOdb and the PDO database abstraction libraries in order to support as many DBMSs as possible, at the moment it has been tested on MySQL, PostgreSQL, SQLite, Oracle and MS SQL Server."
  @website = "http://www.dadabik.org/"

  # Google results as at 2011-08-25 #
  # 22 for "Powered by: DaDaBIK database front-end" intitle:"DaDaBIK database front-end"

  # Dorks #
  @dorks = [
    '"Powered by: DaDaBIK database front-end" intitle:"DaDaBIK database front-end"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="DaDaBIK ([^"^>]{1,10}) - http:\/\/www\.dadabik\.org\/">/ },

    # Powered by footer
    { text: '<div class="powered_by_dadabik" align="right">Powered by: <a href="http://www.dadabik.org/">DaDaBIK</a> database front-end</div>' },

  ]
end

#DaisyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/daisy.rb', line 13

WhatWeb::Plugin.define "Daisy" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-09
  @version = "0.2"
  @description = "Daisy is a content management system that offers rich out-of-the-box functionality combined with solid foundations for extensibility and integration. Daisy consists of two main components: a stand-alone repository server accessible through HTTP/XML (using the ReST style of WebServices) and/or a high-level (remote) Java API, and an extensive editing and publishing front-end web application running inside Apache Cocoon."
  @website = "http://daisycms.org/daisy/about.html"

  # Documentation: http://cocoondev.org/books/daisy_docs_book--20070924-074927/publications/html-one-page/output/index.html

  # ShodanHQ results as at 2011-06-09 #
  # 26 for X-Daisy-Version

  @matches = [

    # HTTP X-Daisy-Version Header
    { regexp: //, search: "headers[x-daisy-version]" },

    # HTTP X-Daisy-Version # Version Detection
    { version: /^([^\s]+) \(build: [^\s]+/, search: "headers[x-daisy-version]" },

    # HTTP X-Daisy-Version # Build Detection
    { string: /^[^\s]+ \(build: ([^\s]+)/, search: "headers[x-daisy-version]" },

  ]
end

#darkstatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/darkstat.rb', line 9

WhatWeb::Plugin.define "darkstat" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-17
  @version = "0.1"
  @description = "darkstat captures network traffic, calculates statistics about usage, and serves reports over HTTP."
  @website = "http://unix4lyfe.org/darkstat/"

  # ShodanHQ results as at 2012-02-17 #
  # 11 for darkstat

  # Google results as at 2012-02-17 #
  # 15 for intitle:darkstat intitle:"graphs" "graphs" "Running for"

  # Dorks #
  @dorks = [
    'intitle:darkstat intitle:"graphs" "graphs" "Running for"'
  ]

  # Matches #
  @matches = [

    # Menu # Version Detection
    { version: /<li class="label">darkstat ([^\s^<]+)<\/li><li><a href="[^"]+">graphs<\/a><\/li>/ },

    # Title # Version Detection
    { version: /<title>darkstat ([^\s]+) : graphs ([^\s^\)]+)<\/title>/ },

    # HTTP Server Header # Version Detection
    { search: "headers[server]", version: /^darkstat\/([^\s]+)$/ },

  ]
end

#DataNetObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/datanet.rb', line 9

WhatWeb::Plugin.define "DataNet" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-23
  @version = "0.1"
  @description = "DataNET is a complete end-to-end system consisting of IP packet data routing server software called DataGate, which links to one or more client programs such as Datalink's DataHost, or third-party software connected over the Internet or Intranet."
  @website = "http://www.datalinksystemsinc.com/software.html"

  # Google results as at 2011-09-23 #
  # 5 for intitle:"DataNet Tracking System Login" "DataNet Tracking System." "User Name" "Password"

  # Dorks #
  @dorks = [
    'intitle:"DataNet Tracking System Login" "DataNet Tracking System." "User Name" "Password"'
  ]

  # Matches #
  @matches = [

    # Login Page # Version Detection
    { version: /<td><input class="txt" onkeypress='return keyPress\(this,event\);' type='password'( maxlength='10')? id='password'><\/td><\/tr>[\s]+<tr><td class="ver">\(Version ([^\s^<]+)\)<\/td>/, offset: 1 },

    # Login Page
    { text: '<div class="scada"><a class="scada" href=\'/scada\'>DataNet Scada Interface</a></div></body>' },

  ]
end

#DBHcmsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/dbhcms.rb', line 9

WhatWeb::Plugin.define "DBHcms" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "The DBHcms is a small free Open Source content management system for personal and small business websites."
  @website = "http://www.drbenhur.com"

  # Google results as at 2011-02-27 #
  # 65 for "powered by DBHcms" -dork

  # Dorks #
  @dorks = [
    '"powered by DBHcms" -dork'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<a target="_blank" href="http://www.drbenhur.com/" class="copyright"> powered by DBHcms </a>' },

    # HTML Comment
    { regexp: /<!--[\r\n\s]+#############################################################################################[\r\n\s]+#                                                                                           #[\r\n\s]+#  DBHCMS - Web Content Management System                                                   #[\r\n\s]+#                                                                                           #[\r\n\s]+#############################################################################################/ },

    # HTML Comment
    { regexp: /<!--[\r\n\s]+Please leave this link on your website, it will help a lot for the DBHcms to get well-known. [\r\n\s]+You may change color and size, you can even remove it if you wish but then at least let me [\r\n\s]+know about your website so I can add you to my references.[\r\n\s]+Thank you very much for your cooperation! Greets, Kai.[\r\n\s]+-->/ },

    # HTML Comment
    { regexp: /<!--[\r\n\s]+Change the copyright but please leave a link "powered by DBHcms" to http:\/\/www.drbenhur.com[\r\n\s]+This will help a lot for the DBHcms to get well-known. You may change color and size, you[\r\n\s]+can even remove it if you wish but then at least let me know about your website so I can add[\r\n\s]+you to my references. Thank you very much for your cooperation! Greets, Kai.[\r\n\s]+-->/ },

  ]
end

#DeleGateObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.2 # 2011-06-04 # Updated regex



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/delegate.rb', line 15

WhatWeb::Plugin.define "DeleGate" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-30
  @version = "0.3"
  @description = "DeleGate is a multi-purpose application level gateway, or a proxy server which runs on multiple platforms (Unix, Windows, MacOS X and OS/2). DeleGate mediates communication of various protocols (HTTP, FTP, NNTP, SMTP, POP, IMAP, LDAP, Telnet, SOCKS, DNS, etc.), applying cache and conversion for mediated data, controlling access from clients and routing toward servers."
  @website = "http://www.delegate.org/delegate/"

  # ShodanHQ results as at 2011-06-04 #
  # 393 for DeleGate-Ver

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^DeleGate\/([^\s]+)/, search: "headers[server]" },
    # Version Detection # HTTP DeleGate-Ver Header
    { version: /^([^\s]+) \(delay=/, search: "headers[delegate-ver]" },
  ]
end

#DeluxeBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/deluxebb.rb', line 9

WhatWeb::Plugin.define "DeluxeBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "DeluxeBB is a powerful open source bulletin board, which helps you create your own web communities in less than 10 minutes. The board is written completely in PHP and uses a MySQL database to store its content."
  @website = "http://www.deluxebb.com/"

  # Google results as at 2011-02-27 #
  # 69 for "DeluxeBB 1.3 is copyrighted to the DeluxeBB team '05-08"

  # Dorks #
  @dorks = [
    '"DeluxeBB 1.3 is copyrighted to the DeluxeBB team \'05-08"'
  ]

  # Matches #
  @matches = [

    # Default HTML Comment
    { regexp: /<!-- \|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|-\|[\r\n\s]+\| This forum is coded by and          \|[\r\n\s]+\| copyrighted to Frank Nissel         \|/ },

    # Meta Description
    { text: '<meta name="description" content="powered by DeluxeBB - www.deluxebb.com" />' },

    # Version Detection # Copyright link text
    { version: /<p><a href="http:\/\/www.deluxebb.com" target="_blank">DeluxeBB ([\d\.]+)<\/a> is copyrighted to the DeluxeBB team '05/ },

  ]
end

#DiamondListObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/diamondlist.rb', line 9

WhatWeb::Plugin.define "DiamondList" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "DiamondList is a free open source ruby on rails wishlist management program. It allows you to track one or more wishlists for one or more people, for any kind of event!"
  @website = "http://www.hulihanapplications.com/projects/diamondlist"

  # 11 results for "powered by DiamondList" @ 2010-09-18

  # Dorks #
  @dorks = [
    '"powered by DiamondList"'
  ]

  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://www.hulihanapplications.com/projects/diamondlist"><b>DiamondList</b>' },

  ]
end

#DiasporaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/diaspora.rb', line 9

WhatWeb::Plugin.define "Diaspora" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-30
  @version = "0.1"
  @description = "Diaspora - social networking service"
  @website = "https://joindiaspora.com/"

  # Source: https://github.com/diaspora/diaspora

  # Needs more matches

  # ShodanHQ results as at 2011-10-30 #
  # 31 for _diaspora_session
  #  7 for X-Git-Update

  # Google results as at 2011-10-30 #
  # 182 for intitle:"Sign In" "Sign up" "Forgot your password?" inurl:"users/sign_in"

  # Dorks #
  @dorks = [
    'intitle:"Sign In" "Sign up" "Forgot your password?" inurl:"users/sign_in"'
  ]

  # Matches #
  @matches = [

    # Set-Cookie: _diaspora_session=
    { search: "headers[set-cookie]", regexp: /_diaspora_session=/ },

    # X-Git-Update
    { search: "headers[x-git-update]", string: /^([\d]{4}-[\d]{2}-[\d]{2} [\d]{2}:[\d]{2}:[\d]{2} .+)$/ },

    # X-Git-Revision
    { search: "headers[x-git-revision]", regexp: /^[a-f\d]{32}$/ },

    # Login Page # Remember Me
    { text: '<input name="user[remember_me]" type="hidden" value="0" /><input id="user_remember_me" name="user[remember_me]" type="checkbox" value="1" />' },

  ]
end

#DiBosObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website

Version 0.2 removed :name and :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/dibos.rb', line 15

WhatWeb::Plugin.define "DiBos" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "DiBos security surveillance system"
  @website = "http://www.boschsecurity.com/"

  # Dorks #
  @dorks = [
    'intitle:"DiBos - Login"'
  ]

  # <OBJECT id="Loader" style="width:0;height:0" codeBase='cab/Dibos80.CAB#version=8,5,0,1092' classid="CLSID:6F83F815-49D0-46BB-A81C-A9D18C33A0E7"

  # "\r\n<script language=\"jscript\"  src=\"Scripting/ScriptLib.js\"></script>\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\r\n<META HTTP-EQUIV=\"Expires\" CONTENT=\"-1\">\r\n\r\n<head>\r\n<TITLE>DiBos - Login</TITLE>\r\n<link rel=\"STYLESHEET\" type=\"text/css\" href=\"style/bovisnt.css\"></link>\r\n</head>\r\n\r\n<body>\r\n<!-- Page start -->\r\n<table border=\"0\">\r\n<tr>\r\n<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>\r\n<td class=\"errorStyle\">\r\nPlease update your browser version.<br>Microsoft Internet Explorer 5.0 or higher is supported.\r\n</td>\r\n</tr>\r\n<tr><td colspan=\"2\">&nbsp;</td></tr>\r\n</table>\r\n\r\n\r\n\r\n</body>\r\n</html>\r\n"

  # Matches #
  @matches = [

    { regexp: /<title>DiBos - Login<\/title>/i },

    { text: '<link rel="STYLESHEET" type="text/css" href="style/bovisnt.css"></link>' },

    # Object moved text for non-IE browsers
    { text: '<h2>Object moved to <a href="/Error.aspx?error=wrongbrowser">here</a>.</h2>' }

  ]
end

#DirectAdminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/directadmin.rb', line 12

WhatWeb::Plugin.define "DirectAdmin" do
  @author = "Brendan Coles <[email protected]>" # 201-04-22
  @version = "0.2"
  @description = "Control panel for web hosting companies running Red Hat 7.x, 8.x, 9.x, Red Hat Enterprise and FreeBSD."
  @website = "http://www.directadmin.com/"

  # 24 for intitle:"DirectAdmin Login" "DirectAdmin Login Page" "Please enter your Username and Password"

  # Dorks #
  @dorks = [
    'intitle:"DirectAdmin Login" "DirectAdmin Login Page" "Please enter your Username and Password"'
  ]

  # Matches #
  @matches = [

    { text: '<td class=listtitle colspan=2>Please enter your Username and Password</td></tr>' },

    { text: '<title>DirectAdmin Login</title>' },

    { text: '*{ FONT-SIZE: 8pt; FONT-FAMILY: verdana; } b { FONT-WEIGHT: bold; } .listtitle { BACKGROUND: #425984; COLOR: #EEEEEE; white-space: nowrap; } td.list { BACKGROUND: #EEEEEE; white-space: nowrap; } </style>' },

    { text: "onload=\"document.form.username.focus();if(document.form.referer.value.indexOf('#')==-1)document.form.referer.value+=location.hash;\">" },

    # Version Detection # HTTP Server Header
    { version: /^DirectAdmin Daemon v([^\s]+) Registered to /, search: "headers[server]" },

  ]
end

#DjangoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/django.rb', line 9

WhatWeb::Plugin.define "Django" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-27
  @version = "0.1"
  @description = "Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design."
  @website = "https://www.djangoproject.com/"

  # ShodanHQ results as at 2012-02-27 #
  # 878 for WSGIServer Python

  # Matches #
  @matches = [

    # HTTP Server
    { certainty: 25, search: "headers[server]", regexp: /^WSGIServer\/[^\s]+ Python\/[^\s]+$/ },

    # Debug message # source: django/views/debug.py
    { regexp: /<div id="explanation">[\s]+<p>[\s]+You're seeing this error because you have <code>DEBUG = True<\/code> in your[\s]+Django settings file/ },

    # 404 Page # Debug message # source: django/views/debug.py
    { url: "/doesnotexist123highwaytothedangerzone", string: /<p>[\s]+Using the URLconf defined in <code>([^\.^\s]+)\.urls<\/code>,[\s]+Django tried these URL patterns, in this order:/ },

    # Default Welcome Message # source: django/views/debug.py
    { regexp: '<meta name="robots" content="NONE,NOARCHIVE"><title>Welcome to Django</title>' },

    # Default Welcome Message # Project Name # source: django/views/debug.py
    { string: /<li>Start your first app by running <code>python ([^\/]+)\/manage\.py startapp \[appname\]<\/code>\.<\/li>/ },

    # /admin # Login Page
    { regexp: /<form action="\/admin\/[^"^>]*" method="post" id="login-form"><div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='[a-f\d]{32}' \/><\/div>/ },

    # Login Page
    { certainty: 75, text: '<input type="hidden" name="this_is_the_login_form" value="1" />' },

  ]

  # Passive #
  def passive(target)
    m = []

    unless target.headers["set-cookie"].nil? || target.headers["set-cookie"].empty?

      # Extract cookie names
      target.headers["set-cookie"].split("\n").each do |cookie|
        m << { string: cookie.split("=")[0], certainty: 75 } if cookie =~ /csrftoken=/
      end

    end

    # Return passive match
    m
  end
end

#DoceboLMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/whatweb/plugins/docebolms.rb', line 9

WhatWeb::Plugin.define "DoceboLMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets."
  @website = "http://www.docebo.org/doceboCms/index.php"

  # Google results as at  2011-03-24 #
  # 253 for "Powered by Docebo"

  # Dorks #
  @dorks = [
    '"Powered by Docebo"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: 'Powered by <a href="http://www.docebo.com/?versions" onclick="window.open(this.href); return false;">Docebo <sup>&reg;</sup></a>' },

    # Powered by link # "." matches unencoded (R) symbols which fail in regex
    { regexp: /<div class="powered"><a href="http:\/\/www.docebo.com\/\?[a-z]+" target="_blank" alt="Powered by Docebo ." title="Powered by Docebo .">Powered by Docebo .<\/a><\/div>/ },

    # Version Detection # Title
    { certainty: 25, version: /<title>DoceboCore ([\d\.]+)<\/title>/ },

    # Version Detection # Powered by text
    { version: /Powered by Docebo <sup>&reg;<\/sup> (Community|Enterprise) Edition/ },

    # Version Detection # Powered by link
    { version: /Powered by <a href="http:\/\/www\.docebo\.com\/\?versions" onclick="window\.open\(this\.href\); return false;">Docebo <sup>&reg;<\/sup> (Community|Enterprise) Edition<\/a>/ },

    # JavaScript
    { text: 'lang_setup.setBody("<ul class=\"link_list_inline\" id=\"language_selection\"><li><a class=\"lang-sprite lang_' },

  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection # Install Page # Title and h1 heading
    if target.body =~ /<title>Docebo installer<\/title>/ && target.body =~ /<h1>Docebo ([\d\.]+) - Installation<\/h1>/
      m << { string: "Install Page", version: target.body.scan(/<h1>Docebo ([\d\.]+) - Installation<\/h1>/) }
    end

    # Return passive matches
    m
  end
end

#DokeosObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/whatweb/plugins/dokeos.rb', line 9

WhatWeb::Plugin.define "Dokeos" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "Dokeos is an open source online learning suite. It provides all the features needed for e-learning and blended learning management : From Authoring to Reporting."
  @website = "http://www.dokeos.com/"

  # Google results as at 2011-03-24 #
  # 3   for intitle:"Dokeos has not been installed"
  # 578 for "Portal Dokeos"

  # Dorks #
  @dorks = [
    'intitle:"Dokeos has not been installed"',
    '"Portal Dokeos"'
  ]

  # Matches #
  @matches = [

    # ul id
    { certainty: 25, text: '<ul id="dokeostabs">' },

    # HTML Comment
    { text: '<!-- start of #main wrapper for #content and #menu divs -->' },

    # link tags
    { certainty: 75, text: '<link href="http://www.dokeos.com/documentation.php" rel="Help" />' },
    { certainty: 75, text: '<link href="http://www.dokeos.com/team.php" rel="Author" />' },
    { certainty: 75, text: '<link href="http://www.dokeos.com" rel="Copyright" />' },

    # Meta Generator
    { text: '<meta name="Generator" content="Dokeos">' },

    # Install Page # Title
    { certainty: 75, text: '<title>Dokeos has not been installed</title>' },

    # Install Page # Click to Install
    { regexp: /<form action="main\/install\/index\.php" method="get"><button class="save" type="submit"[^>]+value="&nbsp;&nbsp; Click to INSTALL (Dokeos|DOKEOS)[\s]+&nbsp;&nbsp;" >Click to INSTALL (Dokeos|DOKEOS)[\s]*<\/button><\/form><br \/>/, string: "Install Page" },

    # Year Detection # Copyright
    { string: /<div class="copyright">[^<]+<a href="http:\/\/www\.dokeos\.com" target="_blank">[\s]*Dokeos [\d\.]*<\/a> &copy; (20[\d]{2})[\s]*<\/div>/ },

    # Version Detection # Copyright
    { version: /<div class="copyright">[^<]+<a href="http:\/\/www\.dokeos\.com" target="_blank">[\s]*Dokeos ([\d\.]+)<\/a>/ },

    # Version Detection # Install Page # Title
    { version: /<title>&mdash; Dokeos Installation &mdash; Version ([\d\.]+)<\/title>/, string: "Install Page" },

  ]
end

#DokuWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/dokuwiki.rb', line 9

WhatWeb::Plugin.define "DokuWiki" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-20
  @version = "0.1"
  @description = "DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind."
  @website = "http://dokuwiki.org/"

  # Google results as at 2011-03-20 #
  # 176 for "powered by DokuWiki" inurl:doku.php filetype:php

  # Dorks #
  @dorks = [
    '"powered by DokuWiki" inurl:doku.php filetype:php'
  ]

  # Matches #
  @matches = [

    # GHDB
    { ghdb: '"powered by DokuWiki" inurl:doku.php filetype:php' },

    # div class
    { regexp: /<div class="dokuwiki"[\s]?>/ },

    # Meta Generator
    { text: '<meta name="generator" content="DokuWiki" />' },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="DokuWiki Release ([^"]+)" \/>/ },

  ]
end

#DolphinObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/dolphin.rb', line 9

WhatWeb::Plugin.define "Dolphin" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-05
  @version = "0.1"
  @description = "Dolphin is built using PHP and MySQL running on Apache. It is tested and proven stable running on Linux. Dolphin will also run on Windows if needed."
  @website = "http://www.busmgtsys.com/"

  # Matches #
  @matches = [

    # Login Page # Title
    { text: '<title>Dolphin Log In</title>' },

    # Login Page # PHP_AUTH_PW
    { text: '<td><input name="PHP_AUTH_PW" type="password"></td>' },

    # Login Page # PHP_AUTH_USER
    { text: '<td NOWRAP><input name="PHP_AUTH_USER" type="text"></td>' },

    # Login Page # body onload="focus_username();"
    { text: '<body onload="focus_username();" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">' },

  ]
end

#DORGObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/dorg.rb', line 9

WhatWeb::Plugin.define "DORG" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-22
  @version = "0.1"
  @description = "DORG is an Disc organization script which makes it easier for customers and businesses to find their software."
  @website = "http://www.discorganizer.org/"

  # 1 for "Powered by DORG"

  # Dorks #
  @dorks = [
    '"Powered by DORG"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: '<p>Powered by <a href="http://www.discorganizer.org">DORG</a>' },

    # Titles
    { text: '<title>DORG - Disc Organization System</title>' },
    { text: '<title>DORG - admin panel</title>' },

    # Meta Description
    { text: '<meta name="description" content="this is the administration panel of the DORG system" />' },

  ]
end

#dotclearObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/dotclear.rb', line 9

WhatWeb::Plugin.define "dotclear" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-29 #
  @version = "0.1"
  @description = "dotclear - blog"
  @website = "http://dotclear.org/"

  # Google results as at 2012-02-28 #
  # 561 for "powered by dotclear"

  # Dorks #
  @dorks = [
    '"powered by dotclear"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: '<p>Powered by <a href="http://dotclear.org/">Dotclear</a></p>' },

    # HTML Comments
    { text: '<!-- End #d-content -->' },
    { text: '<!-- End #blogextra -->' },

    # Search link
    { text: '<a href="#search">To search</a>' },

    # p class="post-info-co"
    { text: '<p class="post-info-co">' },

  ]
end

#dotDefenderObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/dotdefender.rb', line 9

WhatWeb::Plugin.define "dotDefender" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-08
  @version = "0.1"
  @description = "dotDefender is the market-leading software Web Application Firewall (WAF). dotDefender boasts enterprise-class security, advanced integration capabilities, easy maintenance and low total cost of ownership (TCO)."
  @website = "http://www.applicure.com/"

  # ShodanHQ results as at 2011-04-08 #
  # 6 for dotDefender

  # Passive #
  def passive(target)
    m = []

    # X-dotDefender-denied Header
    m << { string: "Denied" } unless target.headers["x-dotdefender-denied"].nil?

    # Return passive matches
    m
  end
end

#DotNetNukeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.6 # 2014-xx-xx # Pedro Worcel <[email protected]> general things

Version 0.5 # 2011-03-06 # Brendan Coles <[email protected]> Updated module and version detection

Version 0.4 uses :module now

Version 0.3 changed DotNetNuke� to DotNetNuke.3

Version 0.2 removed :name and :certainty=>100



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/whatweb/plugins/dotnetnuke.rb', line 25

WhatWeb::Plugin.define "DotNetNuke" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "DotNetNuke is an opensource CMS for Microsoft .Net. Passively detects modules and the copyright year."
  @website = "www.dotnetnuke.com"

  # ShodanHQ reuslts as at 2012-4-19 #
  # 713 for DotNetNukeAnonymous

  # Google results as at 2011-03-06 #
  # 442 for "Powered by dotnetnuke"

  # Dorks #
  @dorks = [
    '"Powered by dotnetnuke"'
  ]

  # Matches #
  @matches = [

    # CSS file path
    { regexp: /src="[^"]*\/portals\/_default\/(containers|skins)/i },

    # HTML Copyright Comment
    { name: "copyright", regexp: /<\!\-\- DotNetNuke.{3} \- http:\/\/www.dotnetnuke.com/ },

    # Meta Copyright
    { regexp: /<META NAME="COPYRIGHT" CONTENT="Copyright 2002-[0-9]{4} DotNetNuke">/ },

    # Meta Generator
    { text: '<meta id="MetaGenerator" name="GENERATOR" content="DotNetNuke " />' },

    # id="__VIEWSTATE" value="
    { name: "VIEWSTATE contains DotNetNuke",
      regexp: /__VIEWSTATE" value="[^"]*RG90TmV0TnVrZ|RvdE5ldE51a2|3ROZXROdWtl/ },

    # Default div id
    { text: '<div id="dnn_ctr' },
    { certainty: 75, text: '<div id="dnn_' },

    # Hidden input tag name and id # reliable
    { text: '<input name="__dnnVariable" type="hidden" id="__dnnVariable"' },

    # Version Detection # Meta Generator
    { version: /<META[^>]+NAME="GENERATOR" CONTENT="DotNetNuke ([\d\.]{1,10})">/i },

    # Module Detection # modules are in the path /DesktopModules/xxx
    { module: /(href|src)="\/DesktopModules\/([^\/]+)\//, offset: 1 },

    # Copyright year
    { string: /<!-- DotNetNuke[^<]*<!-- Copyright \(c\) 2002-([0-9]{4})/ },

    # DotNetNukeAnonymous Cookie # some sites have this cookie
    { search: "headers[set-cookie]", name: "DotNetNukeAnonymous Cookie", regexp: /DotNetNukeAnonymous=/ },

    # /logo.gif
    { url: "/logo.gif", md5: "6eef6123d31c45ace6b9003edb34772e" },

  ]

  def aggressive(target)
    m = []
    versions = Hash[
        "05.06.04" => [
          ["Portals/_default/default.css", "621653870c35f7eb431b9679b39155ee"],
        ],
        "05.06.05" => [
          ["Portals/_default/default.css", "621653870c35f7eb431b9679b39155ee"],
        ],
        "05.06.06" => [
          ["Portals/_default/default.css", "621653870c35f7eb431b9679b39155ee"],
        ],
        "05.06.07" => [
          ["Portals/_default/default.css", "621653870c35f7eb431b9679b39155ee"],
        ],
        "05.06.08" => [
          ["Portals/_default/default.css", "621653870c35f7eb431b9679b39155ee"],
        ],
        "06.00.02" => [
          ["js/Debug/dnncore.js", "2ce987d184050815c0214a72ad6bbc32"],
          ["Portals/_default/default.css", "e69946858f8e210c0e78bb4b8c45ee2f"],
        ],
        "06.01.00" => [
          ["js/Debug/dnncore.js", "2ce987d184050815c0214a72ad6bbc32"],
          ["Portals/_default/default.css", "3e2097fdc7bb717ed9f560ffc7930fbb"],
        ],
        "06.01.01" => [
          ["js/Debug/dnncore.js", "2ce987d184050815c0214a72ad6bbc32"],
          ["Portals/_default/default.css", "3e2097fdc7bb717ed9f560ffc7930fbb"],
        ],
        "06.01.02" => [
          ["js/Debug/dnncore.js", "2ce987d184050815c0214a72ad6bbc32"],
          ["Portals/_default/default.css", "da3990e75233883064b5adde3387ed3c"],
        ],
        "06.01.03" => [
          ["js/Debug/dnncore.js", "065b0515b58277e381ff8b5e788a15c7"],
          ["Portals/_default/default.css", "e4c0494ba357ec864000d1aad72296bb"],
        ],
        "06.01.04" => [
          ["js/Debug/dnncore.js", "909086a04259d01baafbba4cbbf15456"],
          ["Portals/_default/default.css", "a66cc13a301c91d86169b85dfaa8feca"],
        ],
        "06.01.05" => [
          ["js/Debug/dnncore.js", "909086a04259d01baafbba4cbbf15456"],
          ["Portals/_default/default.css", "39d8b4f0877e737abe5dfa5d77ac26f4"],
        ],
        "06.02.00" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "d2064a8bd52f2da618d733c840e60a8e"],
        ],
        "06.02.01" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "d2064a8bd52f2da618d733c840e60a8e"],
        ],
        "06.02.02" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "1eceb4ed64b7b18c0fbd2840b355f3b4"],
        ],
        "06.02.03" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "1eceb4ed64b7b18c0fbd2840b355f3b4"],
        ],
        "06.02.04" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "06.02.05" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "06.02.06" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "06.02.07" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "06.02.08" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "06.02.09" => [
          ["js/Debug/dnncore.js", "cf5a1ffa3adc5393155129e5df3b1e59"],
          ["Portals/_default/default.css", "eaee4aeeb1324a5bacdacba754d0098a"],
        ],
        "07.00.00" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "7b98402ead6695f283481957780b5604"],
          ["Portals/_default/Skins/Gravity/skin.css", "d8c286cd45c317b7421ea23047e6db7d"],
          ["Portals/_default/default.css", "d12dd9e07108d0034098caf54c374e11"],
        ],
        "07.00.01" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "7b98402ead6695f283481957780b5604"],
          ["Portals/_default/Skins/Gravity/skin.css", "459c9e1bad3c1f41f837f2fe49bf3086"],
          ["Portals/_default/default.css", "ddf088fc649e684315bb6c52a125c588"],
        ],
        "07.00.02" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "7b98402ead6695f283481957780b5604"],
          ["Portals/_default/Skins/Gravity/skin.css", "459c9e1bad3c1f41f837f2fe49bf3086"],
          ["Portals/_default/default.css", "ddf088fc649e684315bb6c52a125c588"],
        ],
        "07.00.03" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "7b98402ead6695f283481957780b5604"],
          ["Portals/_default/Skins/Gravity/skin.css", "459c9e1bad3c1f41f837f2fe49bf3086"],
          ["Portals/_default/default.css", "b2a0f31d8daff09a10ebbbbdef84186b"],
        ],
        "07.00.04" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "8285fc2cf5068f90bd55b4e3e2e5ed4d"],
          ["Portals/_default/Skins/Gravity/skin.css", "459c9e1bad3c1f41f837f2fe49bf3086"],
          ["Portals/_default/default.css", "923507367030d1a5476c79d44a04e06d"],
        ],
        "07.00.05" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "023ee5fd0fb40159dc857024c4135da9"],
          ["Portals/_default/Skins/Gravity/skin.css", "4ece356287d34733d5339b67cf1e932e"],
          ["Portals/_default/default.css", "68b3eee241236ef9e28dc93638eb7a96"],
        ],
        "07.00.06" => [
          ["js/Debug/dnncore.js", "a12580074341ae84dfbd1f28c025ebd3"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "023ee5fd0fb40159dc857024c4135da9"],
          ["Portals/_default/Skins/Gravity/skin.css", "4ece356287d34733d5339b67cf1e932e"],
          ["Portals/_default/default.css", "68b3eee241236ef9e28dc93638eb7a96"],
        ],
        "07.01.00" => [
          ["js/Debug/dnncore.js", "06d1c09a2130ede2d63330487004157c"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "1fe8462962517638da2ccb6d6449149b"],
          ["Portals/_default/Skins/Gravity/skin.css", "593c2d549f4d84b55af78f6e82dd8a1b"],
          ["Portals/_default/default.css", "5aaf509259a8d3b399ebec913622ddbb"],
        ],
        "07.01.01" => [
          ["js/Debug/dnncore.js", "a7e22fa5f29ac45fa4ad0f883b9a646d"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "580baf3cb55fa208d8d074182101e630"],
          ["Portals/_default/Skins/Gravity/skin.css", "593c2d549f4d84b55af78f6e82dd8a1b"],
          ["Portals/_default/default.css", "13b1624483406fa1a3d08f425f4d9cef"],
        ],
        "07.01.02" => [
          ["js/Debug/dnncore.js", "51817ce8467c78fff821d73b1cb054c6"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "d8e217e66186a2a3ba91fec7702a88de"],
          ["Portals/_default/Skins/Gravity/skin.css", "c3b94b06b928e0190a0c53ad9b11a2b1"],
          ["Portals/_default/default.css", "45b02f15f4ffd181f0b7f23c00b4c285"],
        ],
        "07.02.00" => [
          ["js/Debug/dnncore.js", "51817ce8467c78fff821d73b1cb054c6"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "d8e217e66186a2a3ba91fec7702a88de"],
          ["Portals/_default/Skins/Gravity/skin.css", "bd3478f118d58a5b7a4e524b2b2365b1"],
          ["Portals/_default/default.css", "8f89cfb76352d48e46f2e85bedd83b72"],
        ],
        "07.02.01" => [
          ["js/Debug/dnncore.js", "a7e22fa5f29ac45fa4ad0f883b9a646d"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "98277db6964fcd627a7864143e926ddd"],
          ["Portals/_default/Skins/Gravity/skin.css", "1c1a9675f3e8ab754c932b5c3ec62765"],
          ["Portals/_default/default.css", "d8e5817c53c8f45b952a7026c30176b2"],
        ],
        "07.02.02" => [
          ["js/Debug/dnncore.js", "a7e22fa5f29ac45fa4ad0f883b9a646d"],
          ["admin/Menus/ModuleActions/ModuleActions.js", "98277db6964fcd627a7864143e926ddd"],
          ["Portals/_default/Skins/Gravity/skin.css", "6140110855fd50d5ba3d48ee31599866"],
          ["Portals/_default/default.css", "dfba80f7700262768ab7341c86fa1c86"],
        ],
    ]

    v = WhatWeb::Matcher::Version.new("DNN (DotNetNuke)", versions, target.uri)

    version = v.matches_format

    # Set version if present
    unless version.empty?
      version.each { |ver|
        m << { name: "md5 sums of files", version: ver }
      }
    end

    # Return aggressive matches
    m
  end
end

#DreamboxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/dreambox.rb', line 12

WhatWeb::Plugin.define "Dreambox" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box), produced by German multimedia vendor Dream Multimedia. Enigma2 WebInterface - Control a DreamBox using a Browser. The Dreambox Webinterface (short WebIf) is included in all newer Images. - More info: http://en.wikipedia.org/wiki/Dreambox"
  # More info on Enigma2: http://dream.reichholf.net/wiki/Enigma2:WebInterface

  # ShodanHQ results as at 2011-05-30 #
  # 5,104 for Enigma2 WebInterface Server
  # 2,372 for Enigma2 TwistedWeb realm
  #    24 for TwistedWeb realm dm

  # Matches #
  @matches = [

    # Aggressive # /web-data/img/favicon.ico
    { url: "/web-data/img/favicon.ico", md5: "d9aa63661d742d5f7c7300d02ac18d69" },

    # Version Detection # HTTP Server Header
    { version: /^Enigma2 WebInterface Server ([\d\.]+)$/, search: "headers[server]" },

    # HTTP Server Header
    { regexp: /^TwistedWeb/, search: "headers[server]" },

    # HTTP Server Header # Version Detection
    { version: /^TwistedWeb\/([\d\.]+)/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header # TwistedWeb
    if /^TwistedWeb/.match?(target.headers["server"])

      # WWW-Authenticate # basic realm="Enigma2 WebInterface"
      m << { name: "TwistedWeb server + WWW-Authenticate realm" } if target.headers["www-authenticate"] =~ /^basic realm="Enigma2 WebInterface"$/

      # Title
      m << { name: "TwistedWeb server + Title" } if target.body =~ /<title>Dreambox WebControl<\/title>/

    end

    # Model Detection # WWW-Authenticate: basic realm
    if target.headers["server"] =~ /^Twisted\/[\d\.]+/ && target.headers["www-authenticate"] =~ /^basic realm="(dm[\d]{4})"$/i
      m << { model: target.headers["www-authenticate"].scan(/^basic realm="(dm[\d]{4})"$/i) }
    end

    # Return passive matches
    m
  end
end

#DrugPakObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/drugpak.rb', line 9

WhatWeb::Plugin.define "DrugPak" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "The DrugPak Software Suite is the premier random drug and alcohol testing management software available today. Hundreds of employers, TPAs, MROs, SAPs, clinics, hospitals, and occupational health departments use DrugPak to effectively and efficiently manage drug testing."
  @website = "http://www.drugpak.com/"

  # Google results as at 2011-05-31 #
  # 175 for inurl:dplive.dll

  # Dorks #
  @dorks = [
    'inurl:dplive.dll'
  ]

  # Matches #
  @matches = [

    # Redirect Page
    { text: '<LINK REL=StyleSheet HREF="<#imagepath>/<#_style1 default=dpstyle.css>" TYPE="text/css" MEDIA=screen>' },

    # Redirect Page
    { certainty: 25, text: '<!--Assist making SSL connection-->' },

    # Redirect Page # Powered by text
    { text: '<hr>Powered by DrugPak</body>' },

    # Login Page # StyleSheet # /bin/dplive.dll/login
    { text: '<LINK REL=StyleSheet HREF="/dplimg/DPSTYLE.CSS" TYPE="text/css" media="all">' },

    # HTML Comment + </BODY>
    { regexp: /<!--Request processed in [\d]{2} min, [\d]{2} sec, [\d]{3} ms--><\/BODY>/ },

  ]
end

#DrupalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-04-09 # Brendan Coles <[email protected]> Added aggressive md5 matches

Version 0.2 removed :name and :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
 
# File 'lib/whatweb/plugins/drupal.rb', line 15

WhatWeb::Plugin.define "Drupal" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "Drupal is an opensource CMS written in PHP."
  @website = "http://www.drupal.org"

  # hard to identify
  # <a href="http://drupal.org"><img src="/dagboek/misc/powered-black-80x15.png" alt="Powered by Drupal, an open source content management system" title="Powered by Drupal, an open source content management system" width="80" height="15" /></a>  </div>
  #  <script type="text/javascript" src="/misc/drupal.js"></script>
  #  <script type="text/javascript" src="/main/misc/drupal.js"></script>
  # @import "/misc/drupal.css";

  # Set-Cookie: SESS6bdd09d4debccdc3a0f49becc449e8d5=2sq674vjn6vig48e3podh3j8e2; expires=Fri, 11 Dec 2009 15:37:52 GMT; path=/; domain=.moby.com
  # Set-Cookie: SESS9795bcd4ea70e3f846e84f29f9491636=57eafcca6400d894772a136fb5889b92; expires=Fri, 11-Dec-2009 15:38:25 GMT; path=/; domain=.save-your-future.com

  # ShodanHQ results as at 2011-09-17 #
  # 1,047 for x-drupal-cache
  #    36 for mobileplugin_group

  # Google results as at 2011-09-17 #
  # 876 for inurl:/user/register +"Powered by Drupal"

  # Dorks #
  @dorks = [
    'inurl:/user/register "Powered by Drupal"'
  ]

  # Matches #
  @matches = [

    { regexp: /<script type="text\/javascript" src="[^\"]*\/misc\/drupal.js[^\"]*"><\/script>/ },
    { regexp: /<[^>]+alt="Powered by Drupal, an open source content management system"/ },
    { regexp: /@import "[^\"]*\/misc\/drupal.css"/ },
    { text: 'jQuery.extend(Drupal.settings,' },
    { certainty: 75, text: 'Drupal.extend(' },

    # SESS Drupal Cookie
    { name: "SESS Drupal Cookie", certainty: 75, search: "headers[set-cookie]", regexp: /^SESS[a-z0-9]{32}=[a-z0-9]{32}/ },

    # Mobile Plugin Cookie
    { module: "Mobile Plugin", name: "Mobile Plugin Cookie", search: "headers[set-cookie]", regexp: /mobileplugin_group=/ },

    # x-drupal-cache Header
    { search: "headers[x-drupal-cache]", regexp: /(HIT|MISS)/ },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    versions = Hash["2.0.0" =>
                    [["misc/CVS/Tag",
                      "3b89028c0366db9136a3163ae3c55387"]],
                    "4.2.0" =>
                    [["misc/drupal.css",
                      "049b663495feb2dd2711cd15ced57c33"]],
                    "4.2.0-rc" =>
                    [["misc/drupal.css",
                      "049b663495feb2dd2711cd15ced57c33"]],
                    "4.3.0" =>
                    [["misc/drupal.css",
                      "86ee0ad8c19c96802f58f7d3c80a1bfa"],
                     ["CHANGELOG",
                      "ed164bdd285b9d1738edbff790ec49f7"]],
                    "4.3.1" =>
                    [["misc/drupal.css",
                      "86ee0ad8c19c96802f58f7d3c80a1bfa"],
                     ["CHANGELOG",
                      "1ed2971d163cf1502d3966cdc5f15ffc"]],
                    "4.3.2" =>
                    [["misc/drupal.css",
                      "86ee0ad8c19c96802f58f7d3c80a1bfa"],
                     ["CHANGELOG",
                      "98936a45ae2a9b490cad8b5a9d7fb1a3"]],
                    "4.4.0" =>
                    [["misc/drupal.css",
                      "1ac2a22c7c0ce23abe186d76c4d251c3"],
                     ["CHANGELOG.txt",
                      "0335bf973d601188b391c70f04ca7243"]],
                    "4.4.1" =>
                    [["misc/drupal.css",
                      "1ac2a22c7c0ce23abe186d76c4d251c3"],
                     ["CHANGELOG.txt",
                      "e06199cb4d74df14476d92a38fffbfd2"]],
                    "4.4.2" =>
                    [["misc/drupal.css",
                      "1ac2a22c7c0ce23abe186d76c4d251c3"],
                     ["CHANGELOG.txt",
                      "02261a2b1b4f00788fd11a87e360ef60"]],
                    "4.4.3" =>
                    [["misc/drupal.css",
                      "1ac2a22c7c0ce23abe186d76c4d251c3"],
                     ["CHANGELOG.txt",
                      "fff84a431aa4a4b92c10cc300274b296"]],
                    "4.5.0" =>
                    [["misc/drupal.css",
                      "b9034cf9306d869c36616c5813eef31c"],
                     ["CHANGELOG.txt",
                      "4b3b0e140b04b78c9883dd0569df634e"]],
                    "4.5.1" =>
                    [["misc/drupal.css",
                      "b9034cf9306d869c36616c5813eef31c"],
                     ["CHANGELOG.txt",
                      "3e4147f889ce96e1f39b3ec35d36364b"]],
                    "4.5.2" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "d8221dd2d4aaa48372f369a3b500f8ac"]],
                    "4.5.3" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "5ea702655ee43162819c5f50f2d84522"]],
                    "4.5.4" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "c0c5d8a5e1d2ad17e2a953290b11adc5"]],
                    "4.5.5" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "47a4875fa1cc74f994933d250bbc3315"]],
                    "4.5.6" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "1626f53faa13239c0f0d82e76b4fb549"]],
                    "4.5.7" =>
                    [["misc/drupal.css",
                      "b690fd502bbd3770508ba9c552f9b8a7"]],
                    "4.5.8" =>
                    [["misc/drupal.css",
                      "041b90405d369eb5953ebf39317b94a3"],
                     ["CHANGELOG.txt",
                      "f42b699adfb2976a01f8160e63b64e54"]],
                    "4.6.0" =>
                    [["misc/drupal.css",
                      "1e94fde1440a3a5fc3235e85ae4ec264"],
                     ["CHANGELOG.txt",
                      "9445fe44b1845837a8696521d64dfa75"]],
                    "4.6.1" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "762b2edc5b29b02ca3a4c194ce0daf51"]],
                    "4.6.2" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "82abbc19f30144702216fe2607c21292"]],
                    "4.6.3" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "312bb1bffc81872f4c12c53670ac2bf8"]],
                    "4.6.4" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "07835864d00725c66c6da57abf89b6f7"]],
                    "4.6.5" =>
                    [["misc/drupal.css",
                      "94c5a7d8807b9ea6a6123751f3b6ab9d"],
                     ["CHANGELOG.txt",
                      "42fe92f314cdf557996f78a215721c61"]],
                    "4.6.6" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "a5cbbd153d04581cf6143a8c8d03ba97"]],
                    "4.6.7" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "3d8d75809df039d322f9f53cee62559d"]],
                    "4.6.8" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "117a28f0c801ada9e20cc13fdac980b6"]],
                    "4.6.9" =>
                    [["misc/drupal.css",
                      "bddf11eb117a1729906797bd22e3436b"],
                     ["CHANGELOG.txt",
                      "d874b4796e56c1c474914cb971e8a665"]],
                    "4.7.0" =>
                    [["misc/drupal.css",
                      "4dede1e52c41cbdbc81889375e0a9728"],
                     ["CHANGELOG.txt",
                      "becc2288fb70089d0ba29835bd69cf7a"]],
                    "4.7.0-beta3" =>
                    [["misc/drupal.js",
                      "f151220aded688adf35c623a17a0147a"],
                     ["CHANGELOG.txt",
                      "1019508b79cf21f522ff76e4a030e552"]],
                    "4.7.0-beta4" =>
                    [["misc/drupal.js",
                      "476482ca90e5ba941b43cdfbde04d03c"],
                     ["CHANGELOG.txt",
                      "708f0a1075cad3cbd488ef99e27928ff"]],
                    "4.7.0-beta5" =>
                    [["misc/drupal.css",
                      "e89eec8214eb000899279e49470da4cc"],
                     ["CHANGELOG.txt",
                      "708f0a1075cad3cbd488ef99e27928ff"]],
                    "4.7.0-beta6" =>
                    [["misc/drupal.css",
                      "106c3de80afec82dc572dddcd6fec44f"],
                     ["CHANGELOG.txt",
                      "708f0a1075cad3cbd488ef99e27928ff"]],
                    "4.7.0-rc1" =>
                    [["misc/drupal.js",
                      "179dc761149f23569d95011cc816e981"],
                     ["CHANGELOG.txt",
                      "4df953db89dece82a44a64f7f8286d48"]],
                    "4.7.0-rc2" =>
                    [["misc/drupal.css",
                      "4df953db89dece82a44a64f7f8286d48"]],
                    "4.7.1" =>
                    [["misc/drupal.js",
                      "dc0fbe017fd1cc3d97b8c12bc45dde41"],
                     ["CHANGELOG.txt",
                      "46803ea216fe48bdfcbe7adaa4a09e4a"]],
                    "4.7.2" =>
                    [["CHANGELOG.txt",
                      "9f02188540e0ffde08a627dbe061f533"]],
                    "4.7.3" =>
                    [["CHANGELOG.txt",
                      "2a7b8a6fe32929be66520aeb43c6efd0"]],
                    "4.7.4" =>
                    [["misc/drupal.js",
                      "3130d555431177091ff7ac5b4f3fe19e"],
                     ["CHANGELOG.txt",
                      "e6d4b383abc73ffd3280855d94da7100"]],
                    "4.7.5" =>
                    [["CHANGELOG.txt",
                      "f9981714ea6f071056c471e600be0727"]],
                    "4.7.6" =>
                    [["CHANGELOG.txt",
                      "ac05ff02fc29e420ca75a537e17ad4ef"]],
                    "4.7.7" =>
                    [["CHANGELOG.txt",
                      "a216343121a81a126da75e10c465a1da"]],
                    "4.7.8" =>
                    [["CHANGELOG.txt",
                      "cd68b6f4f1b5102991de0a00eb2545e7"]],
                    "4.7.9" =>
                    [["CHANGELOG.txt",
                      "e88b68a777b3da8635f1e498157a66c4"]],
                    "5.0-beta1" =>
                    [["misc/collapse.js",
                      "0c9ec12f6e197f5dfb99efa9f72b5fac"],
                     ["CHANGELOG.txt",
                      "88c3ad0b680e391ffa22d93b836dc29f"]],
                    "5.0-beta2" =>
                    [["misc/collapse.js",
                      "d3a1514d2c8ee27e23cf203208db784b"],
                     ["CHANGELOG.txt",
                      "9732141c20634caf74fd54b008e6d03c"]],
                    "5.0" =>
                    [["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["COLLAPSE.txt",
                      "c9ef6f2e003a51bf2d717bf18533449d"]],
                    "5.1" =>
                    [["misc/drupal.js",
                      "afd188dc6cd982d37463209679ab01ec"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "b906d4ce7664cab5cc0e0aadbcd73b81"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "f6461f239f68fca689ea44c090039b81"],
                     ["CHANGELOG.txt",
                      "f50c5a74726abac86c2c79a58536ec4b"]],
                    "5.2" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6]"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "3120bfcbe1ce6c29c50d28d70cca8f2f"]],
                    "5.3" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "ac3186c741a06d83024d7e4aaf06a8df"]],
                    "5.4" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "3a79f3fccf6a64381059cbd480500c7b"]],
                    "5.5" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "8e467aab453093341be996513a03fa92"]],
                    "5.6" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "f24d07bd8997283d678fd6ad908f780c"]],
                    "5.7" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "c4895824937b78bea640578538dfd2a9"]],
                    "5.8" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "92fc900b6072496b2ffa8da42cc24bf3"]],
                    "5.9" =>
                    [["misc/drupal.js",
                      "9e557006e956d365119eb2ebd2169051"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "c169204646e20d06114249a4a3d960fc"]],
                    "5.10" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "194573574fa000fa693eee0c9dd34a3e"]],
                    "5.11" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "a953f90ddd4db79c9f49c012df55dd77"]],
                    "5.12" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "c2bf440209fefc55ceeb3c03865392ec"]],
                    "5.13" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "cff5e5fd88b0a22ee21559ebb201df2a"]],
                    "5.14" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "4873ba00881268d04cffba0a82060ffc"]],
                    "5.15" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "c0a73dda8845d636ab7932f7d6542d61"]],
                    "5.16" =>
                    [["misc/drupal.js",
                      "2c5e4277fec6afac333e913744e0408f"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "cf59d099296ce4d5c978135f7a975a8d"]],
                    "5.17" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "ce3a480b2da212dfaaae686448a5ebc5"]],
                    "5.18" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "4aab0f029007b5365ab7f4e00e51cb20"]],
                    "5.19" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "f1b0e32674fd8fa5d6295eb12bd4a67b"]],
                    "5.20" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "42e1490702cabe0ecb124342a7084161"]],
                    "5.21" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "3a8040276f2aa716721699d325b035ca"]],
                    "5.22" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "e351ca8420e3221c1f7db554ca21911b"]],
                    "5.23" =>
                    [["misc/drupal.js",
                      "4677b027fed107133090dabccee2b4f5"],
                     ["misc/autocomplete.js",
                      "bb9da274dffe44db11c6e2d197170961"],
                     ["misc/collapse.js",
                      "505008f3f3443234c293601d9a513afc"],
                     ["misc/textarea.js",
                      "ac2c41ecba7bbd837bc70963f5610aa9"],
                     ["misc/progress.js",
                      "3d9bc2d85f06040266110438abb4d30b"],
                     ["misc/jquery.js",
                      "22f97a73d88b69276ef0dc62c42c69b6"],
                     ["misc/farbtastic/farbtastic.js",
                      "941c669986f4ff75adc6bb57cf81aae6"],
                     ["misc/farbtastic/farbtastic.css",
                      "8f9555f25fb258e78aeca92080b5cc3f"],
                     ["CHANGELOG.txt",
                      "1099db3cfaad8260a8422bdf973024d2"]],
                    "6.0" =>
                    [["misc/jquery.form.js",
                      "684e359f867fa615136be51b423f69d3"],
                     ["misc/tabledrag.js",
                      "effdd8385a29d33a2ee7e40832e30299"],
                     ["misc/drupal.js",
                      "ebbcc0156242a08a25c596432ca92f67"],
                     ["misc/ahah.js",
                      "082f5208102315b0ec105629521ff901"],
                     ["CHANGELOG.txt",
                      "222f47795c5a48909376cef9728b3652"]],
                    "6.0-beta1" =>
                    [["misc/drupal.js",
                      "1c264213d843edbb232494511a1041b9"],
                     ["misc/ahah.js",
                      "916eedccc1bc10c83a7c055bd7fff020"],
                     ["CHANGELOG.txt",
                      "e75604af7e0dc5241b6f70fd18565c19"]],
                    "6.0-beta2" =>
                    [["misc/jquery.form.js",
                      "b49d7d6de33591afd21b8d9831bcaf97"],
                     ["misc/ahah.js",
                      "8d64ddef22b8ada49160522ace24cde2"],
                     ["misc/drupal.js",
                      "e383c0fdd397c0f12d57fdf6dd9c4ab0"],
                     ["CHANGELOG.txt",
                      "73a6fd744bc9b313a2363c3870f2b7e0"]],
                    "6.0-beta3" =>
                    [["misc/jquery.form.js",
                      "684e359f867fa615136be51b423f69d3"],
                     ["misc/tabledrag.js",
                      "08f53c913abdd4287d4d829545a94b96"],
                     ["misc/drupal.js",
                      "e383c0fdd397c0f12d57fdf6dd9c4ab0"],
                     ["misc/ahah.js",
                      "ba782ca2ac71d2734ae06e24ebda093f"],
                     ["CHANGELOG.txt",
                      "402744b27528c63fa4e55f63d29c0e9e"]],
                    "6.0-beta4" =>
                    [["misc/jquery.form.js",
                      "684e359f867fa615136be51b423f69d3"],
                     ["misc/tabledrag.js",
                      "73efc1a53fa2019a66a426610e7ddc24"],
                     ["misc/drupal.js",
                      "e383c0fdd397c0f12d57fdf6dd9c4ab0"],
                     ["misc/ahah.js",
                      "ba782ca2ac71d2734ae06e24ebda093f"],
                     ["CHANGELOG.txt",
                      "b4a15cbcab333af135c831af0fdafe01"]],
                    "6.0-rc1" =>
                    [["CHANGELOG.txt",
                      "b942212dc515972564ac6356f8e6b033"],
                     ["misc/tabledrag.js",
                      "c6f7a28ffd7288909b207c0eb651298e"],
                     ["misc/tableheader.js",
                      "da96f76a7fef73f09e12ca207602a909"],
                     ["misc/drupal.js",
                      "e383c0fdd397c0f12d57fdf6dd9c4ab0"]],
                    "6.0-rc2" =>
                    [["misc/tableheader.js",
                      "7db0d737562f9344cc9b04b1d3a242ce"],
                     ["misc/tabledrag.js",
                      "c6f7a28ffd7288909b207c0eb651298e"],
                     ["misc/drupal.js",
                      "7082fbcedd60f675111cfa387dd59b00"],
                     ["CHANGELOG.txt",
                      "b942212dc515972564ac6356f8e6b033"]],
                    "6.0-rc3" =>
                    [["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/tabledrag.js",
                      "c6f7a28ffd7288909b207c0eb651298e"],
                     ["misc/drupal.js",
                      "7082fbcedd60f675111cfa387dd59b00"],
                     ["CHANGELOG.txt",
                      "c559dcef9854f1d6799b92bde24c37c7"]],
                    "6.0-rc4" =>
                    [["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/drupal.js",
                      "ebbcc0156242a08a25c596432ca92f67"],
                     ["misc/tabledrag.js",
                      "effdd8385a29d33a2ee7e40832e30299"],
                     ["CHANGELOG.txt",
                      "924aea956dc8184a3346d6ce77af159a"]],
                    "6.1" =>
                    [["misc/tabledrag.js",
                      "effdd8385a29d33a2ee7e40832e30299"],
                     ["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/drupal.js",
                      "2ff7dc985e57d1139ce4dc844b06bc64"],
                     ["CHANGELOG.txt",
                      "e1eb1056c0ba8dd5302d64ea468ea7d0"]],
                    "6.2" =>
                    [["misc/tabledrag.js",
                      "effdd8385a29d33a2ee7e40832e30299"],
                     ["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/drupal.js",
                      "2ff7dc985e57d1139ce4dc844b06bc64"],
                     ["CHANGELOG.txt",
                      "efa6e411bb61444c020e931c4543b2f6"]],
                    "6.3" =>
                    [["misc/tabledrag.js",
                      "a35ae83b4bd44d16623babf454beb16f"],
                     ["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["CHANGELOG.txt",
                      "d46048e276a7f523ae1475b465bb6dbc"]],
                    "6.4" =>
                    [["misc/tabledrag.js",
                      "a35ae83b4bd44d16623babf454beb16f"],
                     ["misc/tableheader.js",
                      "21d44d10b1c7a7f00989a641ea501e86"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["CHANGELOG.txt",
                      "2f7fd8d84e99e61873fb06082a98a550"]],
                    "6.5" =>
                    [["CHANGELOG.txt",
                      "92306257e7bd195b662d851b6857c0db"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"]],
                    "6.6" =>
                    [["CHANGELOG.txt",
                      "33ab8648bf45397b455d665219beae54"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"]],
                    "6.7" =>
                    [["CHANGELOG.txt",
                      "6b94ca6e5c3daa847f3d24979b841973"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"]],
                    "6.8" =>
                    [["CHANGELOG.txt",
                      "90a55f1aaa3e31ed4736bee56ffde496"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"]],
                    "6.9" =>
                    [["CHANGELOG.txt",
                      "b854e8a96bd5b95dd4285c155878a990"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"]],
                    "6.10" =>
                    [["CHANGELOG.txt",
                      "9d3546e991ffba015a6b57ce445caf03"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "eb95de9fb83daf5f013a4e73414e5a7e"]],
                    "6.11" =>
                    [["CHANGELOG.txt",
                      "7e3cfdd79d80ab13517d784d8ad6a0b1"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.12" =>
                    [["CHANGELOG.txt",
                      "6d02acfa1a7f0856876d4c72706435d7"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "74d381ff5eff8bd9f6b698c6211a8f90"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.13" =>
                    [["CHANGELOG.txt",
                      "236916121a511de71b3ed271a7a9742c"],
                     ["misc/drupal.js",
                      "398b3832c2de0a0ebd08cb7f2afe1545"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.14" =>
                    [["CHANGELOG.txt",
                      "41339a8f92c0b18bd02a5e9f93e1252b"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.15" =>
                    [["CHANGELOG.txt",
                      "79d4bfe249a6f0af26260be1aac06525"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.16" =>
                    [["CHANGELOG.txt",
                      "bcc6c6f2db3da0ae13908ba1e144b070"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.17" =>
                    [["CHANGELOG.txt",
                      "9cc81e3da698f965b95df9f8ff3cd16f"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "30fc044386f0056037bf7a0a697a9712"]],
                    "6.18" =>
                    [["CHANGELOG.txt",
                      "d1f718b79968e1d174bb91a9ee763998"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.19" =>
                    [["CHANGELOG.txt",
                      "004477c0cfaaa7a589a7d85b2cc505fa"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.20" =>
                    [["CHANGELOG.txt",
                      "b54c033af08c823221535ed0677242ba"],
                     ["misc/drupal.js",
                      "88682723723be277fb57c0d8e341c0cf"],
                     ["misc/tabledrag.js",
                      "920423353d7d0edff3c6b3fec57afd73"],
                     ["misc/tableheader.js",
                      "9f42b75075f35fbe361ea1f0da81cba8"]],
                    "6.21" =>
                    [["CHANGELOG.txt",
                      "f6a6fefda7509ecd7a3dc7eba7e380be"],
                     ["misc/drupal.js",
                      "9a1c645566d780facee5ce1a0d3fab7c"],
                     ["tabledrag.js",
                      "a0ba09f9639f03d227306c2bc97c81d4"],
                     ["tableheader.js",
                      "c31ba3d2e9fee48c7b19f580fe4ce19e"]],
                    "6.22" =>
                    [["CHANGELOG.txt",
                      "6da86d0653cd749b7ef5c59d6560b1f1"],
                     ["misc/drupal.js",
                      "fe6f8c678cb511d68a3dbe5a94f2e278"],
                     ["tabledrag.js",
                      "8cb29c5e52430f2b2b14212796271ea2"],
                     ["tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.23" =>
                    [["CHANGELOG.txt",
                      "aeb74a5dbcd3a1adcc0ca8b78449e50f"],
                     ["misc/drupal.js",
                      "fe6f8c678cb511d68a3dbe5a94f2e278"],
                     ["tabledrag.js",
                      "8cb29c5e52430f2b2b14212796271ea2"],
                     ["tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.24" =>
                    [["CHANGELOG.txt",
                      "5f493f3c41807aadb2e34e2644d6186e"],
                     ["misc/drupal.js",
                      "90c0aa7ed8581884c2afe73fc87b5697"],
                     ["tabledrag.js",
                      "8cb29c5e52430f2b2b14212796271ea2"],
                     ["tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.25" =>
                    [["CHANGELOG.txt",
                      "69067a08b19093a79ba8e620adf9dbe9"],
                     ["misc/drupal.js",
                      "90c0aa7ed8581884c2afe73fc87b5697"],
                     ["tabledrag.js",
                      "8cb29c5e52430f2b2b14212796271ea2"],
                     ["tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.26" =>
                    [["CHANGELOG.txt",
                      "fe13f306dc2d18faef0781339205e269"],
                     ["drupal.js",
                      "90c0aa7ed8581884c2afe73fc87b5697"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.27" =>
                    [["CHANGELOG.txt",
                      "fd8f769a1a4a770a9ff0ba4de7094b7a"],
                     ["drupal.js",
                      "90c0aa7ed8581884c2afe73fc87b5697"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "48e892b6303c82f2103b415d9c0dd00e"]],
                    "6.28" =>
                    [["CHANGELOG.txt",
                      "8159c0b8908ab0780207006f509d8297"],
                     ["drupal.js",
                      "1904f6fd4a4fe747d6b53ca9fd81f848"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "570b3f821441cd8f75395224fc43a0ea"]],
                    "6.29" =>
                    [["CHANGELOG.txt",
                      "168eb5e9bdb2c43d62fe5de2ec25eafa"],
                     ["misc/drupal.js",
                      "1904f6fd4a4fe747d6b53ca9fd81f848"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "570b3f821441cd8f75395224fc43a0ea"]],
                    "6.30" =>
                    [["CHANGELOG.txt",
                      "3cedd331b876ec30980aa595964b647c"],
                     ["misc/drupal.js",
                      "1904f6fd4a4fe747d6b53ca9fd81f848"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "3cedd331b876ec30980aa595964b647c"]],
                    "6.31" =>
                    [["CHANGELOG.txt",
                      "d236b109c1f8fae45cf40586cc40e9c2"],
                     ["misc/drupal.js",
                      "1904f6fd4a4fe747d6b53ca9fd81f848"],
                     ["misc/tabledrag.js",
                      "50ebbc8dc949d7cb8d4cc5e6e0a6c1ca"],
                     ["misc/tableheader.js",
                      "d236b109c1f8fae45cf40586cc40e9c2"]],
                    "7.0-alpha1" =>
                    [["misc/ajax.js",
                      "e9705a45006501b9e3ff1bc4fa2c7a37"],
                     ["misc/tabledrag.js",
                      "31882871abe4350aa37a99e425e8a31e"],
                     ["misc/drupal.js",
                      "cb392dbb30f9d1f60ad9111ff04ec76f"],
                     ["CHANGELOG.txt",
                      "5dceb87c7c8783b6371b305a285eea4b"]],
                    "7.0-alpha2" =>
                    [["misc/ajax.js",
                      "51843e1428caddbb170b9868ed729aa5"],
                     ["misc/tabledrag.js",
                      "31882871abe4350aa37a99e425e8a31e"],
                     ["misc/drupal.js",
                      "05680a34106d73d6e889b1224f63766b"],
                     ["CHANGELOG.txt",
                      "46fa5ca038abda95c797ff2338ed8a8f"]],
                    "7.0-alpha3" =>
                    [["misc/ajax.js",
                      "f3608f9042caa10299a1f56ca0dc1a99"],
                     ["misc/tabledrag.js",
                      "598b64ca1df6360e1220cd76fa7351d1"],
                     ["misc/drupal.js",
                      "0ae310e4d8055b6a731498bb713428b0"],
                     ["CHANGELOG.txt",
                      "32c29f96a4044498e7919bb2f07fa384"]],
                    "7.0-alpha4" =>
                    [["misc/ajax.js",
                      "34f0f6758282c32816f996842240f80a"],
                     ["misc/tabledrag.js",
                      "d76cb74f2216b40f0afdec376537b7ad"],
                     ["misc/drupal.js",
                      "0ae310e4d8055b6a731498bb713428b0"],
                     ["CHANGELOG.txt",
                      "b019dd69fb21cbfae8183ef7aa2d1d5e"]],
                    "7.0-alpha5" =>
                    [["misc/ajax.js",
                      "1155100a0e7f6786e33fa9126d4ad582"],
                     ["misc/tabledrag.js",
                      "5e089afe7918b96a0049e745fcef07fa"],
                     ["misc/drupal.js",
                      "99c0f9cd366557832418178a475a6c27"],
                     ["CHANGELOG.txt",
                      "810120469173e7ce0767e4f54d025e88"]],
                    "7.0-alpha6" =>
                    [["misc/ajax.js",
                      "68f0e2b9ed2db6b2cf764aab46d0c3b9"],
                     ["misc/tabledrag.js",
                      "75758e5701996536fd85962d3f011594"],
                     ["misc/drupal.js",
                      "20755d880e6103103d3000b05e8f0192"],
                     ["CHANGELOG.txt",
                      "99525ef80534f758e2d0e4af1797dd8b"]],
                    "7.0-alpha7" =>
                    [["misc/ajax.js",
                      "68f0e2b9ed2db6b2cf764aab46d0c3b9"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "1c446c2ab39a58ca1dd194e211608a7a"],
                     ["CHANGELOG.txt",
                      "d672cd026f87486cd6139e1e1b15e570"]],
                    "7.0-beta1" =>
                    [["misc/ajax.js",
                      "a1252fee1f538d85bd7c313c8225a565"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "1c446c2ab39a58ca1dd194e211608a7a"],
                     ["CHANGELOG.txt",
                      "2c064b19f0240d5838ac0ae9b0d76336"]],
                    "7.0-beta2" =>
                    [["misc/ajax.js",
                      "591ac9934ab65decec6c379c6840325b"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "1c446c2ab39a58ca1dd194e211608a7a"],
                     ["CHANGELOG.txt",
                      "7784d1f30b54933abf74b969d003afa5"]],
                    "7.0-beta3" =>
                    [["misc/ajax.js",
                      "2d42d5483f5e26514c7042ded1e78aa6"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "1a7f385e8e043cbc4c993cf130d475e2"],
                     ["CHANGELOG.txt",
                      "5af1565654858c3a7f996a8f79926172"]],
                    "7.0-rc1" =>
                    [["misc/ajax.js",
                      "3abc15f830710e39cfbb73fb99aac9e8"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "0034d9289a3ec0996a6e9b0a9f40a60c"],
                     ["CHANGELOG.txt",
                      "002d5e0a7a976238f169d934c0e651af"]],
                    "7.0-rc2" =>
                    [["misc/ajax.js",
                      "9a89c456ae6d8c7f9677ff8d7679f633"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "0034d9289a3ec0996a6e9b0a9f40a60c"],
                     ["CHANGELOG.txt",
                      "8a2ec8243001d2e52ef4e64b97bbe030"]],
                    "7.0-rc3" =>
                    [["misc/ajax.js",
                      "7dd50d7491281da4206eb7e7879894a9"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "0034d9289a3ec0996a6e9b0a9f40a60c"],
                     ["CHANGELOG.txt",
                      "8a2ec8243001d2e52ef4e64b97bbe030"]],
                    "7.0-rc4" =>
                    [["misc/ajax.js",
                      "7dd50d7491281da4206eb7e7879894a9"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "0034d9289a3ec0996a6e9b0a9f40a60c"],
                     ["CHANGELOG.txt",
                      "8a2ec8243001d2e52ef4e64b97bbe030"]],
                    "7.0" =>
                    [["misc/ajax.js",
                      "7dd50d7491281da4206eb7e7879894a9"],
                     ["misc/tabledrag.js",
                      "8285e986885b7426a3de91bca964c912"],
                     ["misc/drupal.js",
                      "847afc6e14d280e66a564194e166a66e"],
                     ["CHANGELOG.txt",
                      "1193b01ba75f425e7cf5be5857562bb6"]],
                    "7.1" =>
                    [["misc/ajax.js",
                      "68128e27dfec89bda87f9ad650a26768"],
                     ["misc/tabledrag.js",
                      "99c25e3595a25fee7c231d98fb9b9785"],
                     ["misc/drupal.js",
                      "f3f32021901f4c33d2eebbc634de587d"],
                     ["CHANGELOG.txt",
                      "cbecaf7c4da3a9503fc7528fc9655ef3"]],
                    "7.2" =>
                    [["misc/ajax.js",
                      "ce09253d1e955e8f806725bd5f5fe7cd"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0"],
                     ["CHANGELOG.txt",
                      "f1115ca52f7441b0fb35dbf2d8ceea8a"]],
                    "7.3" =>
                    [["misc/ajax.js",
                      "ce09253d1e955e8f806725bd5f5fe7cd"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0"],
                     ["CHANGELOG.txt",
                      "8a405ef6f0956fab84462cbc747bb4ee"]],
                    "7.4" =>
                    [["misc/ajax.js",
                      "ce09253d1e955e8f806725bd5f5fe7cd"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0]"],
                     ["CHANGELOG.txt",
                      "7d574236459eba874b0a0b45a0269251"]],
                    "7.5" =>
                    [["misc/ajax.js",
                      "ce09253d1e955e8f806725bd5f5fe7cd"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0]"],
                     ["CHANGELOG.txt",
                      "3dea36f6e8d7cad2ea47d5829917f62c"]],
                    "7.6" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0]"],
                     ["CHANGELOG.txt",
                      "3dea36f6e8d7cad2ea47d5829917f62c"]],
                    "7.7" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "b071885a5cc7377740f512da46eaae64"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0]"],
                     ["CHANGELOG.txt",
                      "2e1049b34cf095563cff4a1ab85b99c2"]],
                    "7.8" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "cea76de12c5bb95dd0789fbd3cd754f0]"],
                     ["CHANGELOG.txt",
                      "767cff2a1756be6db518b8cb9c360f5c"]],
                    "7.9" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "d4515f21acd461ca04304233bf0daa1e"],
                     ["CHANGELOG.txt",
                      "05c35ea41cde4ed14642b8a6f79cc353"]],
                    "7.10" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "cbd95e04bad1be13320ebbe63a863245"],
                     ["CHANGELOG.txt",
                      "c2cecc83ec443b111b09beeb3e525d32"]],
                    "7.11" =>
                    [["misc/ajax.js",
                      "b807d0ddb3ff3064f08d43f8ec3759e6"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "d4515f21acd461ca04304233bf0daa1e"],
                     ["CHANGELOG.txt",
                      "4dcfe6f20e161497b8a8c969f57cf9ae"]],
                    "7.12" =>
                    [["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["CHANGELOG.txt",
                      "750fc8fada9ada1044e2f47927771c1b"]],
                    "7.13" =>
                    [["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/tabledrag.js",
                      "8841f19d31bfe03bc1876c35bd03d337"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["CHANGELOG.txt",
                      "ca11b070227bcf518e64884a83b7f78e"]],
                    "7.14" =>
                    [["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["CHANGELOG.txt",
                      "fa02637f87ad76f18b3b97aed66753d2"]],
                    "7.15" =>
                    [["CHANGELOG.txt",
                      "30ca3761d02c5a025d5caea0e76b43c2"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.16" =>
                    [["CHANGELOG.txt",
                      "ad2968774051eb5479dc709ce87ba7e2"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.17" =>
                    [["CHANGELOG.txt",
                      "919a4daf02fad61f623fc2f8ff686640"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.18" =>
                    [["CHANGELOG.txt",
                      "e4e2ab8f1b84c77e14cb742c8275e906"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "f9281a1fa8b926ba038bebc3bb0c3d61"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.19" =>
                    [["CHANGELOG.txt",
                      "a6548e2a131e814eb78e0fb5e0170c69"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.20" =>
                    [["CHANGELOG.txt",
                      "66fb72fce833f76801de24ad24b84377"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.21" =>
                    [["CHANGELOG.txt",
                      "756587439d2dd9fce15110a2f08620fe"],
                     ["misc/ajax.js",
                      "334703efc42d1a849b675ee70a718853"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.22" =>
                    [["CHANGELOG.txt",
                      "dfd6807a045b68b02964dd8269e50ff7"],
                     ["misc/ajax.js",
                      "8a57a01ad28f72fedf5bf83dab4f1ece"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.23" =>
                    [["CHANGELOG.txt",
                      "33cdc361555923382d4dd72e657ad7bc"],
                     ["misc/ajax.js",
                      "8a57a01ad28f72fedf5bf83dab4f1ece"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.24" =>
                    [["CHANGELOG.txt",
                      "752e21ba08a2d988806034151120cb21"],
                     ["misc/ajax.js",
                      "8a57a01ad28f72fedf5bf83dab4f1ece"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.25" =>
                    [["CHANGELOG.txt",
                      "853320639aec176c29fa58af34e20bef"],
                     ["misc/ajax.js",
                      "8a57a01ad28f72fedf5bf83dab4f1ece"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.26" =>
                    [["CHANGELOG.txt",
                      "da1fdf2e2e07c5492c76759b592da669"],
                     ["misc/ajax.js",
                      "8a57a01ad28f72fedf5bf83dab4f1ece"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.27" =>
                    [["CHANGELOG.txt",
                      "cedcdbb21a0b0946b264fecc48a20703"],
                     ["misc/ajax.js",
                      "fb2f42e93aa34d26a48c415b46fb2468"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.28" =>
                    [["CHANGELOG.txt",
                      "d56858b074520fc947a7739c03031cbc"],
                     ["misc/ajax.js",
                      "d7a1d3b0e4468342268058e23fa71059"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.29" =>
                    [["CHANGELOG.txt",
                      "a73760e71235a045989fce8ed0525b80"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.30" =>
                    [["CHANGELOG.txt",
                      "0dc4dee7ee83ab17bd09ddd73c14e0c0"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.31" =>
                    [["CHANGELOG.txt",
                      "85f9505fcf687b9fd4b55d2e60393436"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.32" =>
                    [["CHANGELOG.txt",
                      "f0add58c8139bdee0e70756b3e5ce3d1"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.33" =>
                    [["CHANGELOG.txt",
                      "4ee104a47fbf9939cade2787e47b2c2a"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.34" =>
                    [["CHANGELOG.txt",
                      "34335e648b3cbd720cc3ed86f88c1d26"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.35" =>
                    [["CHANGELOG.txt",
                      "0ec14c07158a08aab9dda25d1893ab34"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "caaf444bbba2811b4fa0d5aecfa837e5"]],
                    "7.36" =>
                    [["CHANGELOG.txt",
                      "38ab3c6e309efd8119ff6496ae7cbbc0"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "c1bdc05ec3eab25853bec452e3addcd2"]],
                    "7.37" =>
                    [["CHANGELOG.txt",
                      "b3a9ba3846e041b02a02855667011e64"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "c1bdc05ec3eab25853bec452e3addcd2"]],
                    "7.38" =>
                    [["CHANGELOG.txt",
                      "947b04948fd53beab411bd04f4159c4d"],
                     ["misc/ajax.js",
                      "30d9e08baa11f3836eca00425b550f82"],
                     ["misc/drupal.js",
                      "0bb055ea361b208072be45e8e004117b"],
                     ["misc/tabledrag.js",
                      "c1bdc05ec3eab25853bec452e3addcd2"]],
    ]

    v = WhatWeb::Matcher::Version.new("Drupal", versions, target.uri)

    version = v.matches_format

    # Return version matches from md5 hashes, if present
    unless version.empty?
      version.each do |ver|
        m << { name: "MD5 sums", version: ver }
      end
    end
    m
  end
end

#DSpaceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/dspace.rb', line 9

WhatWeb::Plugin.define "DSpace" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-22
  @version = "0.1"
  @description = "An Open Archive Initiative (OAI) - compliant open-source software released by MIT for archiving eprints and other kinds of academic content."
  @website = "http://www.dspace.org/"

  # 35 for "Powered by DSpace, version"

  # Dorks #
  @dorks = [
    '"Powered by DSpace, version"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta content="DSpace" name="Generator" />' },

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="DSpace ([\d\.]+)" \/>/ },

    # Version Detection # Powered by text
    { version: /[pP]owered by <a href="http:\/\/(www\.)?dspace\.org"[^>]*>DSpace<\/a>, version ([\d\.]+)/, offset: 1 },

  ]
end

#DublinCoreObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/dublin_core.rb', line 10

WhatWeb::Plugin.define "DublinCore" do
  @author = "Caleb Anderson"
  @version = "0.1"
  @description = "Dublin Core Metadata Initiative (DCMI) supports shared innovation in metadata design and best practices across a broad range of purposes and business models."
  @website = "http://dublincore.org"

  @matches = [
    { name: "dublin core", regexp: /<meta [^>]*name="DC\.title"[^>]*>/i },
  ]
end

#DUclassifiedObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/duclassified.rb', line 9

WhatWeb::Plugin.define "DUclassified" do
  @author = "Tonmoy Saikia"
  @version = "0.1"
  @description = "DUclassified is a free Classified Ad Management system."
  @website = "http://www.duware.com/"

  # Dorks #
  @dorks = [
    '"powered by DUclassified" intitle:DUclassified'
  ]

  # <title>DUclassified</title>
  #:<title>DUclassified 4.0</title>
  # <link href="assets/DUclassified.css" rel="stylesheet" type="text/css">

  @matches = [
    { certainty: 75, ghdb: '"powered by DUclassified" intitle:DUclassified' },
    { name: "default title", regexp: /<title>DUclassified[\s\d\.\d]*<\/title>/ },
    { name: "assets/DUclassified.css", regexp: /<link[^>]href="[^"]*assets\/DUclassified.css"[^>]+>/ } # "

  ]
end

#DUforumObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Updated description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/duforum.rb', line 12

WhatWeb::Plugin.define "DUforum" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-02
  @version = "0.2"
  @description = "Forum. Homepage used to be http://www.duware.com/"

  # Dorks #
  @dorks = [
    '"powered by duforum" intitle:DUdforum'
  ]

  @matches = [

    # About 4,940 results @ 2010-06-02
    { certainty: 75, ghdb: '+"powered by duforum" +intitle:DUdforum' },
    { name: "default title", regexp: /<title>DUdforum[0-9a-zA-Z\ \.-]+<\/title>/ },
    { name: "default text", text: '<td align="right" valign="middle" class="text">Powered by <a href="http://www.duware.com" target="_blank">DUforum</a></td>' }

  ]
end

#DUgalleryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated matches and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/dugallery.rb', line 12

WhatWeb::Plugin.define "DUgallery" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-05
  @version = "0.2"
  @description = "DUgallery - PHP powered photo gallery."
  @website = "http://www.duware.com/"

  # Google results as at 2010-06-05 #
  # 1,490 results for ext:asp inurl:DUgallery intitle:"3.0"

  # Dorks #
  @dorks = [
    'ext:asp inurl:DUgallery intitle:"3.0"'
  ]

  @matches = [

    # GHDB Match # http://johnny.ihackstuff.com/ghdb/?function=detail&id=793
    { ghdb: 'ext:asp inurl:DUgallery intitle:"3.0"', version: "3.0", certainty: 75 },

    # Default Title
    { regexp: /<title>DUgallery[^<]*<\/title>/ },

    # Default Logo HTML
    { text: '<img src="assets/title.gif" alt="Powered by DUportal" width="269" height="62" border="0">' },

    # Version detection # Default title
    { version: /<title>DUgallery ([\d\.]+)<\/title>/ },

  ]
end

#DVWAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/dvwa.rb', line 9

WhatWeb::Plugin.define "DVWA" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-05
  @version = "0.1"
  @description = "Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable."
  @website = "http://www.dvwa.co.uk/"

  # Google results as at 2011-03-05 #
  # 1 for intutle:"Damn Vulnerable Web App (DVWA) - Login"
  @dorks = [
    'intitle:"Damn Vulnerable Web App (DVWA) - Login"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '		<title>Damn Vulnerable Web App (DVWA) - Login</title>' },

    # Default stylesheet HTML
    { regexp: /		<link rel="stylesheet" type="text\/css" href="[^"]*dvwa\/css\/login.css" \/>/ },

    # Password input
    { text: '			<p><label for="pass">Password</label><input type="password" AUTOCOMPLETE="off" size="20" name="password"></p><br />' },

  ]
end

#dwrObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/dwr.rb', line 9

WhatWeb::Plugin.define "dwr" do
  @author = "Aung Khant <http://yehg.net/>" # 2012-02-12
  @version = "0.1"
  @description = "Direct Web Remoting - http://directwebremoting.org"

  # Matches #
  @matches = [
    { name: 'HTML Body', text: '/dwr/engine.js\'>' },
    { name: 'HTML Body', text: '/dwr/engine.js">' }
  ]
end

#DXSockObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/whatweb/plugins/dxsock.rb', line 9

WhatWeb::Plugin.define "DXSock" do
  @author = "Brendan Coles <[email protected]>" # 2015-05-05
  @version = "0.1"
  @description = "DXSock is a developer library sold with full source code. The product is geared towards low-level client and server development. Supporting TCP/IP and UDP/IP solution, along with low-level Linux and Mac file devices. - Homepage: http://www.dxsock.com/view/"

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^RemObjects DXSock Web Server/ },

    # User-Agent Header
    { search: "headers[user-agent]", regexp: /^RemObjects SDK$/ },

  ]
end

#DynamicWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/whatweb/plugins/dynamicweb.rb', line 9

WhatWeb::Plugin.define "DynamicWeb" do
  @author = "Guillaume Delacour <[email protected]>" # 2017-04-15
  @version = "0.1"
  @description = "Dynamicweb is the All-In-One Platform for Content Management, Ecommerce, Digital Marketing and Integration."
  @website = "https://dynamicweb.com/"

  # Matches #
  @matches = [
    # Version in Meta Generator
    { version: /<meta name="generator" content="Dynamicweb ([^\s]+)"/ },
    # comment
    { certainty: 100, regexp: /\(c\) 1999-(20[\d]{2}) Dynamicweb Software A\/S/ },
    # Set-Cookie
    { certainty: 75, search: "headers[set-cookie]", regexp: /Dynamicweb/ },
  ]
end

#DZCPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/dzcp.rb', line 9

WhatWeb::Plugin.define "DZCP" do
  @author = "Brendan Coles <[email protected]>" # 2010-12-28
  @version = "0.1"
  @description = "deV!L`z Clanportal"
  @website = "http://www.dzcp.de"

  # Google results as at 2011-02-27 #
  # 419 for "2011 by deV!L`z Clanportal"

  # Dorks #
  @dorks = [
    '"2011 by deV!L`z Clanportal"'
  ]

  # Matches #
  @matches = [

    # Default JavaScript
    { regexp: /<script language="javascript" type="text\/javascript" src="..\/inc\/_templates_\/[^\/]+\/_js\/dzcp.js"><\/script>/ },

    # Copyright HTML Comment
    { regexp: /<!--\[ DZCP .{1} by Frank "deV!L" Herrmann - www.dzcp.de \]-->/ },

    # Copyright HTML Comment
    { regexp: /<!--\[ DZCP .{1} by Frank "deV!L" Herrmann - www.dzcp.de & Patrick "Richy" Richert - www.my-starmedia.de\]-->/ },

  ]
end

#EasyFeedsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/easyfeeds.rb', line 9

WhatWeb::Plugin.define "EasyFeeds" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-05
  @version = "0.1"
  @description = "EasyFeeds is a powerful PHP based RSS reader and news aggregator."
  @website = "http://www.ktools.net/easyfeeds/"

  # 54 for "Partners" "Powered by" +EasyFeeds +"Ktools.net"

  # Dorks #
  @dorks = [
    '"Partners" "Powered by" "EasyFeeds" "Ktools.net"'
  ]

  # Matches #
  @matches = [

    # divs
    { text: '<div id="feedslist" align="left" class="divTableCell">' },
    { text: '<div style="float: left; height: 35px; width: 300px; margin: 45px 0px 0px 40px;"></div>' },

    # Version Detection
    { version: /<td colspan="3" style="font-size: 10px; text-align: left;"><CENTER>Powered By:<br>EasyFeeds-([^<]+)<br \/>Ktools.net LLC-<a href="http:\/\/www.ktools.net" target="_blank">http:\/\/www.ktools.net<\/a><\/CENTER><\/td>/ },

    # Login Page # Version Detection
    { version: /<CENTER>Powered By:<br>EasyFeeds-([^<]+)<br \/>Ktools.net LLC-<a href="http:\/\/www.ktools.net" target="_blank">http:\/\/www.ktools.net<\/a><\/CENTER><\/div>/ },

  ]
end

#EazyCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/eazycms.rb', line 9

WhatWeb::Plugin.define "EazyCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-16
  @version = "0.1"
  @description = "eazyCMS offers the functionality that would, in a custom-made system, cost thousands or tens of thousands - and it's all available online through your browser CMS stands for Content Management System - it is an eazy way to interactively change the contents of your site - the titles of pages, what they contain, and the number and structure of pages that make up your site. - http://www.eazycms.com/home.php?page_id=2"

  # Google results as at 2010-08-16 #
  # 40 for "powered by eazyCMS"

  # Dorks #
  @dorks = [
    '"powered by eazyCMS"'
  ]

  # Matches #
  @matches = [

    { text: 'powered by <a href="http://www.eazycms.com" target="_blank">eazyCMS</a>' },
    { regexp: /<a [^href]+href="http:\/\/www.eazyCMS.com[\/]*"[^>]*>powered by eazyCMS<\/a>/ },
    { text: 'Powered by <a href="http://www.eazycms.com">eazyCMS</a>' },
    { text: 'Powered by <a title="eazyCMS :: The eazy-to-use Content Management System, maintain your website from anywhere in the world via a web browser!" href="http://www.eazycms.com" target="eazycms">eazyCMS</a>' },

  ]
end

#EchoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 removed :name and :certainty=>100



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/echo.rb', line 12

WhatWeb::Plugin.define "Echo" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "CMS"
  @website = "http://www.helloecho.com/"

  # Dorks #
  @dorks = [
    '"powered by echo"'
  ]

  # Matches #
  @matches = [
    { regexp: /<a href="http:\/\/www\.helloecho\.com\/go\/\?[^"]*" target="_blank">powered by echo<\/a>/ },
  ]
end

#ECShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/ecshop.rb', line 9

WhatWeb::Plugin.define "ECShop" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-18
  @version = "0.1"
  @description = "Ecshop is an Open Source Ecommerce Platform"
  @website = "http://www.ecshop.org/"

  # Google results as at 2011-03-18 #
  # 485 for "powered by ECSHOP"

  # Dorks #
  @dorks = [
    '"powered by ECSHOP"'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 25, regexp: /<title>[^<]+ - Powered by ECShop<\/title>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="ECSHOP v([\d\.]+)" \/>/ },

  ]
end

#EdgePrismObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/edgeprism.rb', line 9

WhatWeb::Plugin.define "EdgePrism" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-24
  @version = "0.1"
  @description = "Edge Prism Content Delivery Network (CDN)"

  # ShodanHQ results as at 2012-03-24 #
  # 15,549 for EdgePrism -EdgePrismSSL
  # 12 for EdgePrismSSL

  # Matches #
  @matches = [

    # HTTP Server Header # Version Detection
    { search: "headers[server]", version: /^EdgePrism\/([^\s]+)$/ },

    # HTTP Server Header
    { search: "headers[server]", regexp: /^EdgePrismSSL/ },

  ]
end

#EDIMAXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/whatweb/plugins/edimax.rb', line 12

WhatWeb::Plugin.define "EDIMAX" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-01
  @version = "0.2"
  @description = "EDIMAX Device # Wireless Access Point / Broadband Routers / Ethernet Hub / Printer Server / Load Balancing Router"
  @website = "http://www.edimax.com"

  # It's impossible to fingerprint the model without logging in #

  # Wireless Access Point / Broadband Routers / Ethernet Hub / Printer Server #
  # Default login: admin/1234
  # Wireless Acesss Point / Load Balancing Router #
  # Default Login: admin/password

  # About 12,383 SHodanHQ results for WWW-Authenticate: Basic realm="Default: admin/1234"
  # About 49 SHodanHQ results for "WWW-Authenticate: Basic realm=" "Default: admin/password"

  @matches = [

    # Default title
    { text: "<title>EDIMAX Technology</title>", certainty: 75 },

    # Access Point Status page # Default title
    { text: "<title>Access Point Status</title>", url: "/stainfo.asp" },

    # Default EDIMAX logo
    { md5: "9691c1bcac34138f8245d95e2e003e55", url: "/images/banner_up_03.jpg" },

    # Default JavaScript
    { text: "cdwindow=window.open('countdown.asp','CountDown','channelmode=0, directories=0,fullscreen=0,height=100,location=0,menubar=0,resizable=1,scrollbars=0,status=0,titlebar=0,toolbar=0,width=450','false');" },

    # Default CSS
    { text: '<link rel="stylesheet" href="edimax.css">', certainty: 75 },

  ]

  # Passive #
  def passive(target)
    m = []

    # Check Server
    if /GoAhead-Webs/.match?(target.headers["server"])

      # HTTP Server Header and WWW-Authenticate realm
      m << { name: "HTTP Server Header and WWW-Authenticate realm", status: 401, model: "Wireless Access Point / Broadband Router / Ethernet Hub / Printer Server" } if target.headers["www-authenticate"] =~ /Basic realm="Default: admin\/1234"/
      m << { name: "HTTP Server Header and WWW-Authenticate realm", status: 401, model: "Wireless Access Point / Load Balancing Router" } if target.headers["www-authenticate"] =~ /Basic realm="Default: admin\/password"/

    end

    m
  end
end

#eDirectoryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/edirectory.rb', line 9

WhatWeb::Plugin.define "eDirectory" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-27
  @version = "0.1"
  @description = "Arca Solutions eDirectory provides a php and .NET software platform to allow site owners to publish directory-driven websites with ease. - Hompage: http://www.edirectory.com/"

  # Google results as at 2011-06-27 #
  # 309 for "Powered by eDirectory" "type a keyword" +listings +events

  # Dorks #
  @dorks = [
    '"Powered by eDirectory" "type a keyword" "listings" "events"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<span class="basePowered">Powered by <a href="http://www.edirectory.com" target="_blank">eDirectory&trade;</a>.</span>' },

    { regexp: / class="basePowered">Powered by <a href="[^"]+" target="_blank">eDirectory&trade;[\s]?<\/a>/ },

    # Version Detection # /sitemgr/login.php
    { version: /<blockquote class="eDirectoryVersion"><span class="basePowered">Powered by <a href="http:\/\/www\.edirectory\.com" target="_blank">eDirectory&trade;<\/a> <\/span> v\.([^<^\s]+)<\/blockquote>/ },

  ]
end

#EDKObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/edk.rb', line 9

WhatWeb::Plugin.define "EDK" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-04
  @version = "0.1"
  @description = "EDK is an Open Source Killboard for EVE-Online, maintained by the EVE Development Network. Requirements: PHP >= version 5, the GD Library, MySQL >= version 5"
  @website = "http://wiki.eve-id.net/EDK"

  # Google results as at 2010-09-04 #
  # 355 for (inurl:alliance_detail | inurl:pilot_detail | inurl:corp_detail)

  # Dorks #
  @dorks = [
    '(inurl:alliance_detail | inurl:pilot_detail | inurl:corp_detail)'
  ]

  @matches = [

    # URL pattern
    { ghdb: "inurl:alliance_detail | inurl:pilot_detail | inurl:corp_detail" },

    # Default menu option
    { text: '<div class="menu-caption">Kills &amp; losses</div>' },

    # Table CSS class
    { text: '<tr class="kb-table-row-even">' },

    # Unique anchor & URL fragment
    { text: '&amp;scl_id=39">Industrial Command Ship</a></b></td>' },

    # HTML comment
    { text: '<!-- /killlistable.tpl -->' },

  ]
end

#eFrontObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/efront.rb', line 9

WhatWeb::Plugin.define "eFront" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-28
  @version = "0.1"
  @description = "eFront is a modern learning system, bundled with key enterprise functionality ranging from skill-gap analysis and branch management to tailor-made reports."
  @website = "http://www.efrontlearning.net/"

  # Google results as at 2011-10-28 #
  # 514 for inurl:"index.php?ctg=contact"
  # 236 for allintext:"efront version" "Community Edition" "Contact us"

  # Dorks #
  @dorks = [
    'inurl:"index.php?ctg=contact"',
    'allintext:"efront version" "Community Edition" "Contact us"'
  ]

  # Matches #
  @matches = [

    # body
    { text: '<body  onkeypress = "if (window.eF_js_keypress) eF_js_keypress(event);" onbeforeunload = "if (window.getPeriodicData) getPeriodicData();">' },

    # JavaScript
    { text: "<script>var BOOKMARKTRANSLATION = 'Bookmarks';var NODATAFOUND = 'No data found';</script>" },
    { text: '</script><script>if (__shouldTriggerNextNotifications) { new Ajax.Request("send_notifications.php?ajax=1", {method:\'get\', asynchronous:true}); } </script>' },

    # Version Detection # Footer
    { version: /<div><a href = "http:\/\/www\.efrontlearning\.net">eFront<\/a> \(version ([^\)]+)\) &bull; Community Edition &bull; <a href = "index\.php\?ctg=contact">/ },

    # Version Detection (Build) # JavaScript
    { version: /<script type = "text\/javascript" src = "js\/scripts\.php\?(build=[\d]+)&load=[^"^>]+"> <\/script>/ },

  ]
end

#eGroupWareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/egroupware.rb', line 9

WhatWeb::Plugin.define "eGroupWare" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-06
  @version = "0.1"
  @description = "Egroupware is a web based software for team collaboration, central data management and CRM: email client, online calendar, contact and task management, project and file management, trouble ticket system, synchronization."
  @website = "http://www.egroupware.org/"
  # Manual: http://www.stylite.de/egroupware_manuals

  # 25 results for inurl:"phpgw_forward" ext:php @ 2011-01-06

  # Dorks #
  @dorks = [
    'inurl:"phpgw_forward" ext:php'
  ]

  # Matches #
  @matches = [

    # Default meta author
    { text: '<meta name="author" content="eGroupWare http://www.egroupware.org" />' },

    # Version Detection # PoweredBy footer
    { version: /<div id="divPoweredBy>[^<]*<a href="http:\/\/www.egroupware.org">eGroupWare<\/a> version ([\d\.]+)<\/span><\/div>/ },

    # Version Detection # PoweredBy footer
    { version: /<a href="http:\/\/www.egroupware.org" target="_blank">eGroupWare<\/a> ([\d\.]+)[^<]*<\/div>/ },

    # Login page # session expired # french
    { text: '<div align="center"><font color="#FF0000">Votre session n\'est pas valide.</font></div>', string: "Language:French" },

    # Login page # session expired # english
    { text: '<div id="loginCdMessage"><font color="red">Your session could not be verified.</font></div>', string: "Language:English" },

    # Login Page # password.png md5sum
    { md5: "628381f4ef8ee6d35665e002ffa61bb0", url: "phpgwapi/templates/idots/images/password.png" },

    # Default favicon
    { md5: "f6e9339e652b8655d4e26f3e947cf212", url: "phpgwapi/templates/idots/images/favicon.ico" },

    # Login Page # Default Title
    { text: "<title>EGroupware [Login]</title>" },

    # meta copyright
    { string: /<meta name="copyright" content="eGroupWare http:\/\/www.egroupware.org \(c\) ([\d\.]+)" \/>/i },

    # 1.3 - 1.6 # HTML Comment
    { text: "<!-- we don't need body tags anymore, do we?) we do!!! onload!! LK -->", version: "1.3 - 1.6" },

    # Expresso Livre # powered by eGroupWare
    { text: '<META NAME="description" CONTENT="Expresso Livre login screen, working environment powered by eGroupWare">', module: "Expresso Livre" },
    { text: '<META NAME="keywords" CONTENT="Expresso Livre login screen, eGroupWare, groupware, groupware suite">', module: "Expresso Livre" },
    { text: '<br><a title="eGroupWare" target="_blank" href="http://www.egroupware.org/"> Powered by eGroupWare </a></div></td>', module: "Expresso Livre" },
    { text: "<TITLE>Expresso Livre - Login</TITLE>", module: "Expresso Livre" }

  ]
end

#eLitiusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/elitius.rb', line 12

WhatWeb::Plugin.define "eLitius" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-25
  @version = "0.2"
  @description = "eLitius is a free software package that allows a person to easily create and manage his own Affiliate Program, recruit affiliates, track visitors and sales."
  @website = "http://www.elitius.com/"

  # 21 results for "Powered by eLitius Version" -exploit -vulnerabilities

  # Matches #
  @matches = [

    # Meta Description
    { text: '<meta name="description" content="eLitius Affiliate Management Software" />' },

    # Version Detection # Powered by text
    { version: /[\s]+Powered by <a href="http:\/\/www.elitius.com\/" target="_blank" title="Affiliate [^>]{8,10} Software">eLitius<\/a> Version ([\d\.]+)<br \/>/ },

  ]
end

#EmailObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.6 # 2011-03-19 # Brendan Coles <[email protected]> Updated regex

Version 0.5 find all email addresses, return only unique addresses, rename to email

Version 0.4 Updated regex, added > and comments

Version 0.3 added ' to regex

Version 0.2 removed :certainty end at an optional ?, return the email address as a :string



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/email.rb', line 25

WhatWeb::Plugin.define "Email" do
  @author = "Andrew Horton"
  @version = "0.6"
  @description = "Extract email addresses. Find valid email address and syntactically invalid email addresses from mailto: link tags. We match syntactically invalid links containing mailto: to catch anti-spam email addresses, eg. bob at gmail.com. This uses the simplified email regular expression from http://www.regular-expressions.info/email.html for valid email address matching."

  # More Info:
  # The regex will only detect anti-spam e-mail addresses if present in "mailto:"
  # The regex does not validate e-mail addresses in "mailto:"
  #
  # Example:
  # <a href="mailto:bob at gmail dot com"> will return "bob at gmail dot com"
  # <p>Contact me:  bob at gmail dot com</p> will not be detected
  # <p>Contact me:  [email protected]</p> will return "[email protected]"

  # Google results as at 2011-03-19 #
  # 902 for "contact me" ("@hotmail.com"|"@gmail.com"|"@yahoo.com")

  # Matches #
  @matches = [

    # Detect valid email address in the page
    { string: /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}/i },

    # Detect any email address in a mailto: tag
    { string: /<[^>]+href=[^>]*mailto:([^\'\"\?>]+)[^>]*>/i },

  ]
end

#EnergineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/energine.rb', line 9

WhatWeb::Plugin.define "Energine" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "Energine Content Management Framework - XML based PHP5 content management framework"
  @website = "http://energine.org/"

  # Google results as at 2011-02-27 #
  # 85 for "Powered by Energine"

  # Dorks #
  @dorks = [
    '"Powered by Energine"'
  ]

  # Matches #
  @matches = [

    # Default JavaScript
    { regexp: /<script type="text\/javascript" src="[^"]*scripts\/Energine.js"><\/script>/ },

    # Default Stylesheet
    { regexp: /<link rel="stylesheet" type="text\/css" href="[^"]*stylesheets\/energine.css" \/>/ },

    # Powered by text
    { text: '<div id="footer"><span class="copyright">Powered by <a href="http://energine.org">Energine</a><br/>' },
    { text: '<span class="copyright">Powered by <a href= "http://energine.org/">Energine</a></span>' },

    # Error Page # Powered by text
    { certainty: 75, text: '<div id="footer">Powered by Energine.</div>' },
    { text: '<div id="footer">Powered by <a href="http://energine.org">Energine</a>' },

  ]
end

#Enigma2Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/enigma2.rb', line 9

WhatWeb::Plugin.define "Enigma2" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-10
  @version = "0.1"
  @description = "Enigma2 is a framebuffer-based zapping application (GUI) for linux."
  @website = "http://dream.reichholf.net/wiki/Enigma2"

  # Google results as at 2011-01-10 #
  # 159 for intitle:"Enigma2 movielist" filetype:rss

  # Dorks #
  @dorks = [
    'intitle:"Enigma2 movielist" filetype:rss'
  ]

  # Matches #
  @matches = [

    # RSS Feed # ./web/movielist.rss
    { regexp: /<\?xml version="1\.0" encoding="UTF-8"\?>[\s]+<rss version="2\.0">[\s]+<channel>[\s]+<title>Enigma2 Movielist<\/title>/ },

    # ./web/ # 404
    { text: '<html><head><title>Enigma2 WebControl</title></head><body><h1>404 - Page not found</h1></body></html>' },

    # Favicon # /web-data/img/favicon.ico
    { url: "/web-data/img/favicon.ico", md5: "d9aa63661d742d5f7c7300d02ac18d69" },

    # RSS Link
    { text: '<link rel="alternate" type="application/rss+xml" title="Movie List" href="/web/movielist.rss?tag" >' },

  ]
end

#EntransObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/entrans.rb', line 9

WhatWeb::Plugin.define "Entrans" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "Entrans is an online translation tool. The tool can be used by the online community to give suggestions for a list of English words/phrases that needs to be translated into a specific Indic Language."
  @website = "http://entrans.sourceforge.net/"

  # Google results as at 2011-02-27 #
  # 6 for "View All Strings" "The tool can be used by the online community"

  # Dorks #
  @dorks = [
    '"View All Strings" "The tool can be used by the online community"'
  ]

  # Matches #
  @matches = [

    # Default View All Strings HTML
    { text: '<li ><a href="list.php?category=all&amp;page=1" >View All Strings</a> </li>' },

    # Default Title
    { certainty: 25, text: "<title>Entrans</title>" },

  ]
end

#enVisionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/envision.rb', line 9

WhatWeb::Plugin.define "enVision" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-24
  @version = "0.1"
  @description = "Content Interface Corp enVision - interactive WYSIWYG layout editor"
  @website = "http://www.contentinterface.com/index.php?option=com_content&task=view&id=14&Itemid=26"

  # ShodanHQ results as at 2012-03-24 #
  # 5 for Content Interface Corp enVision

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Content Interface Corp - enVision ([^\s]+)/ },

  ]
end

#EpiwareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/epiware.rb', line 9

WhatWeb::Plugin.define "Epiware" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-16
  @version = "0.1"
  @description = "Epiware - Enterprise Document Management"
  @website = "http://www.epiware.com/"

  # Google results as at 2012-09-16 #
  # 31 for intitle:"Epiware" "This web-site requires javascript. Please enable javascript to access this web-site."

  # Dorks #
  @dorks = [
    'intitle:"Epiware" "This web-site requires javascript. Please enable javascript to access this web-site."'
  ]

  # Matches #
  @matches = [

    # Login Page # Version Detection
    { version: /<div id="masthead"><a href="http:\/\/www\.epiware\.com">Epiware<\/a><\/div>\s+<span class="version">version ([^<^\s]+)<\/span>/ },

    # Title
    { text: '<title>Epiware - Project and Document Management  </title>' },

    # NoScript
    { regexp: /<div id="jsWarning" class="javascript_warning">\s+This web-site requires javascript\.\s+Please enable javascript to access this web-site\.\s+<\/div>/ },

  ]
end

#error_logObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/error_log.rb', line 9

WhatWeb::Plugin.define "error_log" do
  @author = "Brendan Coles <[email protected]>" # 2010-12-28
  @version = "0.1"
  @description = "This plugin identifies PHP error_logs and and extracts the local file path."

  # Google results as at 2011-02-12 #
  # 847,000 for warning|error inurl:error_log +PHP "on line"
  # 269 for warning|error inurl:error_log +PHP "on line" inurl:".gov"

  # Dorks #
  @dorks = [
    'warning|error inurl:error_log "PHP" "on line"'
  ]

  # Matches #
  @matches = [

    # Extract local file path
    { filepath: /\[[\d]{2}\-[A-Za-z]{3,4}\-[\d]{4} [\d]{2}:[\d]{2}:[\d]{2}\] PHP .{1,50}: .* in (.*) on line [0-9]+/ },

    # Extract username
    { account: /\[[\d]{2}\-[A-Za-z]{3,4}\-[\d]{4} [\d]{2}:[\d]{2}:[\d]{2}\] PHP .{1,50}: .* in \/home\/([^\/]{1,32})\/.* on line [0-9]+/ },

  ]
end

#EscenicObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-30 # Brendan Coles <[email protected]> Updated regex to decrease false positives & merged EscenicEngine5 plugin



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/escenic.rb', line 12

WhatWeb::Plugin.define "Escenic" do
  @author = "Erik Inge Bolsø <[email protected]> & nikosk <[email protected]>"
  @version = "0.3"
  @description = "Escenic is a commercial CMS popular in the Nordic region."
  @website = "http://escenic.com/"

  # Google results as at 2011-03-19 #
  # 273 for filetype:ece

  # Dorks #
  @dorks = [
    'filetype:ece'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- Start Escenic Analysis Engine client script -->' },

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="Escenic AS"/>' },

    # Search Form
    { certainty: 25, regexp: /<form action="\/sok\/" id="[^"]+" method="get" accept-charset="utf-8"[^>]*>/ },

    # GHDB # Filetype
    { certainty: 75, ghdb: "filetype:ece inurl:article" },

    # escenic 4.x image storage structure
    { certainty: 25, regexp: /<img[^>]+src="[^"^>]+\/archive\/\d{5}\/[^"^>]+"[^>]*>/ },

    # escenic .ece url match
    { certainty: 25, regexp: /<a[^>]+href="[^"^>]+\/article[\d]{5,10}\.ece">[^<]*<\/a>/ },

  ]
end

#EservObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/eserv.rb', line 9

WhatWeb::Plugin.define "Eserv" do
  @author = "Brendan Coles <[email protected]>" # 2012-10-22
  @version = "0.1"
  @description = "Eserv - Mail Server - SMTP/POP3/IMAP/HTTP"
  @website = "http://www.eserv.ru/"

  # ShodanHQ results as at 2012-10-22 #
  # 14 for 404 Path not found (E4 WIKI)

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Eserv\/([^\s]+)/ },

    # Meta Generator # Version Detection
    { version: /<meta name="generator" content="Eserv\/([^\s^"]+)" \/>/ },

    # Powered by footer # Version Detection
    { version: /<span id='powered_by'>[^<]+<a href="http:\/\/www\.eserv\.ru\/"><span itemprop="name">Eserv<\/span><\/a>\/([^\s]+)/ },

  ]
end

#eSitesBuilderObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/esitesbuilder.rb', line 9

WhatWeb::Plugin.define "eSitesBuilder" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-03
  @version = "0.1"
  @description = "Professional online website builder is complete website creation tool that offers everything you need to build a website: ad-free hosting, free domain names, website templates and website design, CMS, eCommerce and Real Estate solutions. Make your own website today, create a website in minutes: turnkey solutions from a Personal Website to a big Online Store. Try it now for Free!"
  @website = "http://www.esitesbuilder.com"

  # 60 results for "powered by eSitesBuilder" @ 2010-08-28

  # Dorks #
  @dorks = [
    '"powered by eSitesBuilder"'
  ]

  @matches = [

    # HTML comment
    { text: '<!-- created by XTLabs, Inc. http://www.xt-labs.com -->' },

    # Powered by text
    { regexp: /<a [^href]+href="http:\/\/[www\.]*esitesbuilder.com">Powered by eSitesBuilder<\/a>/ },
    { text: 'Powered by <a href="http://www.esitesbuilder.com/" target="_blank" alt="website builder">eSitesBuilder</a>' },
    { text: 'All rights reserved. Powered by eSitesBuilder' },
    { regexp: /Powered by[&nbsp;]*[\s]*<a [^href]+href="http:\/\/[www\.]*esitesbuilder.com">eSitesBuilder<\/a>/ },
    { text: 'Powered by <a href="http://www.esitesbuilder.com/" target="_blank" alt="website builder">eSitesBuilder</a>' },

  ]
end

#esoTalkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/esotalk.rb', line 9

WhatWeb::Plugin.define "esoTalk" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-29
  @version = "0.1"
  @description = "esoTalk is a simple, fast, free web-forum."
  @website = "http://esotalk.com/"

  # Google results as at 2011-01-29 #
  # 93 for "Powered by esoTalk"

  # Dorks #
  @dorks = [
    '"Powered by esoTalk"'
  ]

  # Matches #
  @matches = [

    # Default Generated By HTML Comment
    { text: "<!-- This page was generated by esoTalk (http://esotalk.com) -->" },

    # Default Copyright HTML Comment
    { text: '<!-- The following text constitutes a copyright notification and, under the terms of the GNU GPL (see LICENSE), may neither be removed nor altered in any way which makes it invisible, affects the hyperlink, or changes the text "Powered by esoTalk". -->' },

    # Default Powered by Text
    { text: "Powered by <a href='http://esotalk.com/'>esoTalk</a>&trade;" },

    # Default Copyright Text
    { text: "<ul><li><a href='http://esotalk.com'>Donate to esoTalk</a></li></ul><p id='copyright'>" },

    # Install Page # Default Title
    { text: "<title>esoTalk Installer</title>", module: "Install Page" },

    # Install Page # Default Install Error Message
    { text: "<p>If you run into any other problems or just want some help with the installation, feel free to ask for assistance at the <a href='http://forum.esotalk.com/'>esoTalk support forum</a> where a bunch of friendly people will be happy to help you out.</p>", module: "Install Page" },

    # Install Page # Default JavaScript HTML
    { text: "<script type='text/javascript' src='../js/esotalk.js'></script>", module: "Install Page" },

  ]
end

#eSyndiCatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/esyndicat.rb', line 12

WhatWeb::Plugin.define "eSyndiCat" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-08
  @version = "0.2"
  @description = "eSyndiCat is a professional, affordable directory software solution."
  @website = "http://www.esyndicat.com/"

  # 8 results for "Powered by eSyndiCat Web Directory" @ 2010-08-08

  # Dorks #
  @dorks = [
    '"Powered by eSyndiCat Web Directory"'
  ]

  # Matches #
  @matches = [

    # Copyright Footer
    { regexp: /<div class="copyright">&copy; [0-9]{4}[\-0-9]{0,5} Powered by <a href="http:\/\/www.esyndicat.com\/">eSyndiCat[^<]{0,5} Directory [^<]{5,8}<\/a><\/div>/ },

    # Admin Panel
    { text: '<title>Login To eSyndiCat Admin Panel</title>' },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="eSyndiCat Web Directory Software ([\d\.]+)" \/>/ },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.esyndicat.com\/">eSyndiCat Pro v([\d\.]+)<\/a><br \/>/ },
    { version: /Powered by <a href="http:\/\/www.esyndicat.com\/">eSyndiCat<\/a> Version ([\d\.]+)<br \/>/ },

  ]
end

#EtanoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/etano.rb', line 9

WhatWeb::Plugin.define "Etano" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-24
  @version = "0.1"
  @description = "Etano - Dating and social networking script"
  @website = "https://code.google.com/p/etano/"

  # Google results as at 2012-03-24 #
  # 42 for "Powered by Etano" intitle:"Etano"

  # Dorks #
  @dorks = [
    '"Powered by Etano" intitle:"Etano"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: 'All Rights Reserved.<br />Powered by <a href="http://www.datemill.com" title="Etano community builder">Etano</a>.</p>' },

    # All rights reserverd footer
    { text: 'Etano</a>. All Rights Reserved.<br />' },

  ]
end

#ethProxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/ethproxy.rb', line 9

WhatWeb::Plugin.define "ethProxy" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-13
  @version = "0.1"
  @description = "ethProxy DDoS (Distributed Denial of Service) Proxy solution offers full DDoS protection for a wide-range of HTTP-based attacks without changing providers. Web traffic is filtered through the ethProxy systems and routed back to your host."
  @website = "http://www.ethproxy.com/"

  # ShodanHQ results as at 2011-05-13 #
  # 80 for ethProxy

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^ethProxy$/ },

  ]
end

#eTicketObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/eticket.rb', line 9

WhatWeb::Plugin.define "eTicket" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-15
  @version = "0.1"
  @description = "eTicket is a PHP-based electronic support ticket system that can receive tickets via email (pop3/pipe) or a web form."
  @website = "http://www.eticketsupport.com/"

  # Google results as at 2012-09-15 #
  # 523 for "Powered by eTicket" "Support Ticket System"

  # Dorks #
  @dorks = [
    '"Powered by eTicket" "Support Ticket System"'
  ]

  # Matches #
  @matches = [

    # Powered by footer
    { regexp: /<td><a href="(http:\/\/)?www\.eticketsupport\.com" target="_blank">Powered by eTicket<\/a><\/td>/ },

    # Footer
    { text: '<div class="pre-footer">Support Ticket System</div>' },

    # Stylesheet
    { text: '<link rel="stylesheet" href="themes/eticket/style.css" type="text/css">' },

    # ./readme.html
    { text: '<p><strong>Note:</strong> &quot;/path/to/automail.pl&quot; should be the <a href="http://en.wikipedia.org/wiki/Full_path">full path</a>' },

  ]
end

#EulerianWSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-19 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/eulerianws.rb', line 12

WhatWeb::Plugin.define "EulerianWS" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-08
  @version = "0.2"
  @description = "Eulerian Technologies Web Server (EulerianWS) [French]"
  @website = "http://www.eulerian.com/fr/"

  # About 127 ShodanHQ results for server EulerianWS @ 2011-01-08

  # Matches #
  @matches = [

    # Version Detection # Version footer HTML
    { version: /<td align="right"><address>EulerianWS\/([\d\.]+)<\/address><\/td><\/tr>/ },
    # HTTP Server Header
    { version: /^[\s]*EulerianWS\/([^\s^\r^\n]+)/, search: "headers[server]" },

  ]
end

#evercookieObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-23 # Brendan Coles <[email protected]> Updated regex Added version detection and script src path extraction



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/evercookie.rb', line 13

WhatWeb::Plugin.define "evercookie" do
  @author = "Aung Khant <http://yehg.net/>" # 2011-02-04
  @version = "0.2"
  @description = "EverCookie - evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others."
  @website = "http://samy.pl/evercookie/"

  # Matches #
  @matches = [

    # GHDB # Filename, extension and text
    { ghdb: 'inurl:/evercookie.js filetype:js "\*  by samy kamkar : [email protected] : http://samy.pl"' },

    # Version Detection
    { version: /^ \* evercookie ([\d\.]{1,3}) \([\d]{2}\/[\d\.]{2}\/[\d\.]{4}\) -- extremely persistent cookies/ },

    # Aggressive # Check for evercookie.js in current directory
    { url: 'evercookie.js', text: '*  by samy kamkar : [email protected] : http://samy.pl' },

    # Detect <script> src
    { string: /<script[^>]+src=['"]([^"^'^>]*evercookie\.js)['"][^>]*>[\s]*<\/script>/ },

  ]
end

#ExpressionEngineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 removed :name and :certainty=>100



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/whatweb/plugins/expression-engine.rb', line 12

WhatWeb::Plugin.define "ExpressionEngine" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "ExpressionEngine is CMS written in PHP. Free and commercial versions"
  @website = "http://expressionengine.com"

  # Dorks #
  @dorks = [
    '"Powered by ExpressionEngine"'
  ]

  # Powered by <a href="http://expressionengine.com/">ExpressionEngine</a>   uncommon

  @matches = [
    { regexp: /owered by <a href="http:\/\/expressionengine.com\/">ExpressionEngine<\/a>/ }
  ]

  # Set-Cookie: exp_last_visit=959242411; expires=Mon, 23-May-2011 03:13:31 GMT; path=/
  # Set-Cookie: exp_last_activity=1274602411; expires=Mon, 23-May-2011 03:13:31 GMT; path=/
  # Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/

  def passive(target)
    m = []
    m << { name: "exp_last_visit cookie" } if target.headers["set-cookie"] =~ /exp_last_visit=/
    m
  end

  # these plugins only identify the system. they don't find out the version, etc
  def aggressive(target)
    m = []

    url = URI.join(target.uri.to_s, "READ_THIS_FIRST.txt").to_s
    new_target = WhatWeb::Target.new(url)

    if /ExpressionEngine/.match?(new_target.body)
      m << { name: "readthisfirst txt file" }
    end

    url = URI.join(target.uri.to_s, "system/updates/ee_logo.jpg").to_s
    new_target = WhatWeb::Target.new(url)

    if (new_target.status == 200) && new_target.body =~ /JFIF/
      m << { name: "ee_logo jpg" }
    end

    m
  end
end

#ExtJSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/extjs.rb', line 9

WhatWeb::Plugin.define "ExtJS" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "Ext JS is a cross-browser JavaScript library for building rich internet applications."
  @website = "http://www.sencha.com/products/extjs/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["'][^>]*ext\-base\.js["']/i },

  ]
end

#eXtplorerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/extplorer.rb', line 9

WhatWeb::Plugin.define "eXtplorer" do
  @author = "Brendan Coles <[email protected]>" # 2012-12-31
  @version = "0.1"
  @description = "eXtplorer is a PHP and Javascript-based File Manager"
  @website = "http://extplorer.net/"

  # ShodanHQ results as at 2012-12-31 #
  # 412 for Set-Cookie eXtplorer

  # Matches #
  @matches = [

    # ./extplorer.xml # Version Detection
    { url: '/extplorer.xml', version: /<version>([^<]+)<\/version>/ },

    # Title
    { text: '<title>Login - eXtplorer</title>' },

  ]
end

#ExtremeWareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/extremeware.rb', line 9

WhatWeb::Plugin.define "ExtremeWare" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-21
  @version = "0.1"
  @description = "Extreme Networks ExtremeWare device"
  @website = "http://www.extremenetworks.com/services/software-userguide.aspx"

  # ShodanHQ results as at 2011-11-21 #
  # 250 for ExtremeWare

  # Google results as at 2011-11-21 #
  # 50 for intitle:"ExtremeWare Management Interface"

  # Dorks #
  @dorks = [
    'intitle:"ExtremeWare Management Interface"'
  ]

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^ExtremeWare\/([^\s]+)$/ },

    # /Images/extremelogan
    { md5: "a18d6970836e3302e4d6d085e8f9d31b", url: "/Images/extremelogan" },
    { md5: "bf368990304c878ce2924bc21b3f06d9", url: "/Images/extremelogan" },

    # / # Title
    { text: '<title>ExtremeWare Management Interface</title>' },

    # /extremetop # Logo HTML
    { text: '<center><img src="Images/extremelogan"><a href="extremebasepage" target="_top"><h2>Logon</h2></a><P><P><TABLE BORDER="0"><TR><TD NOWRAP><TT><FONT COLOR="#000000">' },

  ]
end

#EZCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/ezcms.rb', line 12

WhatWeb::Plugin.define "EZCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.2"
  @description = "Building your own website is easy with the EZ Websites Builder"
  @website = "http://www.ezwebsites.com.au"

  # Google results as at 2010-08-28 #
  # 20 for "powered by EZCMS" -Vulnerabilities

  # Dorks #
  @dorks = [
    '"powered by EZCMS" -Vulnerabilities'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '        <td align="right"><a href="http://www.ezwebsites.com.au" class="credits">Site Powered by EZCMS</a></td>' },

    # Admin page html
    { text: '      <td width="100%" align="left" valign="bottom" background="images/headerbg.png"><div align="right"><img src="images/headerright.png" border="0"></div></td>' },

    # Admin logo
    { md5: '3f9861ab3124420694f663c82bf770ab', url: 'admin/images/headerright.png' },

    # Default title
    { text: '<title>EZCMS Content Management System</title>' },

    # Version Detection # Admin page
    { version: /<center><strong>EZCMS ([\d\.]+) / },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/ezcms.eztechhelp.com\/">EZCMS ([\d\.]+)<\/a>/ },

  ]
end

#F3SiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated matches and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/f3site.rb', line 12

WhatWeb::Plugin.define "F3Site" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-27
  @version = "0.2"
  @description = "F3Site is a lightweight CMS written in XHTML 1.0 Strict, CSS and PHP 5. It lets you create multilingual websites without necessity of separate installation for each language."
  @website = "http://compmaster.prv.pl"

  # 64 results for "powered by F3Site" -exploit -dork @ 2010-10-20

  # Dorks #
  @dorks = [
    '"powered by F3Site" -exploit -dork'
  ]

  @matches = [

    # Powered by text
    { text: '<a href="http://compmaster.prv.pl" target="_blank">powered by F3Site</a></span>' },
    { regexp: /Powered by[^>]*<a[^>]*href="http:\/\/compmaster.prv.pl[^>]*>F3Site[^>]*<\/a>/ },
    { regexp: /Powered by[^>]*<a[^>]*href="http:\/\/dhost.info\/compmaste[^>]*>F3Site[^<]*<\/a>/ },

    # Version detection # Powered by text
    { version: /Powered by <a href="http:\/\/compmaster.prv.pl">F3Site v([\d\.]+) plus<\/a>/ },

  ]
end

#FCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/fcms.rb', line 9

WhatWeb::Plugin.define "FCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-06
  @version = "0.1"
  @description = "Family Connections CMS (FCMS)"
  @website = "https://www.familycms.com/index.php"

  # Google results as at 2011-12-06 #
  # 404 for intitle:"powered by Family Connections"

  # Dorks #
  @dorks = [
    'intitle:"powered by Family Connections"'
  ]

  # Matches #
  @matches = [

    # Meta Author
    { text: '<meta name="author" content="Ryan Haudenschilt"/>' },

    # Title
    { regexp: /- [pP]owered by Family Connections<\/title>/ },

    # Title # Version Detection
    { version: /- [pP]owered by Family Connections ([^\s^<]+)[\s]*<\/title>[\s]*(<meta|<link)/ },

  ]
end

#FestOSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/festos.rb', line 9

WhatWeb::Plugin.define "FestOS" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-18
  @version = "0.1"
  @description = "FestOS is web-based arts-n-crafts festival management software"
  @website = "http://festengine.org/"

  # 5 results for +"powered by FestOS" @ 2010-07-18

  # Dorks #
  @dorks = [
    '"powered by FestOS"'
  ]

  @matches = [

    { regexp: /Powered by[\ FestOS,]* <a href="http:\/\/[festengine.org\/|www.festengine.org\/|skypanther.com\/festos.php]+" title="FestOS, [the\ festival\ engine|the\ Festival\ Engine|the\ web\-based\ festival\ manager]+"[\ target="_blank"]*>[FestOS|FestOS&trade;|www.festengine.org]+<\/a>/ },

    { text: '	<meta name="author" content="FestOS by Skypanther Studios">' },
    { text: '	<meta name="author" content="Skypanther Studios">', certainty: 75 },

  ]
end

#FEXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/fex.rb', line 9

WhatWeb::Plugin.define "FEX" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-22
  @version = "0.1"
  @description = "F*EX (Frams's Fast File EXchange) is a service that can be used to allow users anywhere on the Internet to exchange files of ANY size quickly and conveniently."
  @website = "http://fex.rus.uni-stuttgart.de/fex.html"

  # ShodanHQ results as at 2012-02-22 #
  # 51 for fexsrv

  # Google results as at 2012-02-22 #
  # 13 for intitle:"F*EX - File EXchange" "F*EX - Frams' Fast File EXchange"

  # Dorks #
  @dorks = [
    'intitle:"F*EX - File EXchange" "F*EX - Frams\' Fast File EXchange"'
  ]

  # Matches #
  @matches = [

    # /logo.jpg
    { url: "/logo.jpg", md5: "ad8a95bba8dd1a61d70bd38611bc2059" },

    # Title
    { text: '<HEAD><TITLE>F*EX - File EXchange</TITLE></HEAD>' },

    # h1 heading
    { certainty: 75, text: "<h1>F*EX - Frams' Fast File EXchange" },

    # email address
    { regexp: /<a href="mailto:[^"]+">fexmaster<\/a><\/address>/i },

    # HTTP Server Header
    { search: "headers[server]", regexp: /^fexsrv$/ },

  ]
end

#FileMakerProObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/filemakerpro.rb', line 12

WhatWeb::Plugin.define "FileMakerPro" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.2"
  @description = "FileMaker Pro web publishing - FileMaker Pro is powerful, easy-to-use database software that helps you and your team get any task done faster. Millions of people in business, government, and education use FileMaker Pro to effortlessly manage all their information on Windows, Mac, and the web."
  @website = "http://www.filemaker.com.au/products/filemaker-pro/"

  # ShodanHQ results as at 2011-03-13 #
  # 951 for FileMakerPro
  # 127 for FileMakerPro -WebCompanion

  @matches = [

    # HTTP Server Header
    { regexp: /^FileMakerPro/, search: "headers[server]" },
    # Version Detection # HTTP Server Header
    { version: /^FileMakerPro\/([^\s]+)/, search: "headers[server]" },
    # Module Detection # HTTP Server Header
    { module: /^FileMakerPro\/[^\s]+ (WebCompanion\/.+)$/, search: "headers[server]" },

  ]
end

#FileNiceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/filenice.rb', line 9

WhatWeb::Plugin.define "FileNice" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "fileNice is a free php file browser, particularly useful if you have a 'dump' folder on your server where you regularly upload files and you want to be able to see what.s there."
  @website = "http://filenice.com/"

  # Google results as at 2011-03-03 #
  # 12 for "Files in" "Free open source file browser available from fileNice.com"

  # Dorks #
  @dorks = [
    '"Files in" "Free open source file browser available from fileNice.com"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: "<!-- please leave the word fileNice visible on the page, it's only polite really isn't it. -->" },
    { text: "<!-- please leave the word fileNice and the link to fileNice.com in the about, it's only polite really isn't it. I didn't do all this work just for you to try to pass it off as your own. -->" },

    # fileNice.com link
    { text: 'Free open source file browser available from <a href="http://fileNice.com" title="fileNice.com">fileNice.com</a><br />' },

    # Meta Generator
    { text: '	<meta name="generator" content="the fantabulous mechanical eviltwin code machine" />' },

  ]
end

#FileVistaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/filevista.rb', line 9

WhatWeb::Plugin.define "FileVista" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-07
  @version = "0.1"
  @description = "FileVista is a web file manager for storing, managing and sharing files online through your web browser."
  @website = "http://www.gleamtech.com/products/filevista/web-file-manager"

  # Google results as at 2011-05-07 #
  # 23 for "Welcome to FileVista" "Please enter your credentials:" "User name"

  # Dorks #
  @dorks = [
    '"Welcome to FileVista" "Please enter your credentials:" "User name"'
  ]

  # Matches #
  @matches = [

    # Version Detection # HTML comment
    { version: /<!--\r?\n\tFileVista v([\d\.]+)\r?\n\tCopyright / },

    # Welcome to FileVista text
    { text: "<td>Welcome to FileVista<br />Please enter your credentials:</td>" },

  ]
end

#FirePHPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/firephp.rb', line 9

WhatWeb::Plugin.define "FirePHP" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-15
  @version = "0.1"
  @description = "FirePHP enables you to log to your Firebug Console using a simple PHP method call. FirePHP works by sending JSON encoded debug data in the response headers instead of the page content."
  @website = "http://www.firephp.org/"

  # ShodanHQ results as at 2011-09-15 #
  # 17 for X-Wf-Protocol
  # 16 for x-wf-1-plugin
  # 15 for x-wf-1-structure
  # 14 for X-Wf-1-1-1

  # Matches #
  @matches = [

    # FirePHPCore # Version Detection # X-Wf-1-Plugin-1
    { search: "headers[x-wf-1-plugin-1]", version: /^http:\/\/meta\.firephp\.org\/Wildfire\/Plugin\/FirePHP\/Library-FirePHPCore\/([^\s]+)$/ },

    # FirebugConsole # Version Detection # X-Wf-1-Structure-1
    { search: "headers[x-wf-1-structure-1]", string: /^http:\/\/meta\.firephp\.org\/Wildfire\/Structure\/FirePHP\/(FirebugConsole\/[^\s]+)$/ },

    # X-Wf-Protocol
    { search: "headers[x-wf-protocol-1]", regexp: /^http:\/\/meta\.wildfirehq\.org\/Protocol\// },

  ]
end

#FluentNETObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Fixed GHDB and regex matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/fluentnet.rb', line 12

WhatWeb::Plugin.define "FluentNET" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-08
  @version = "0.2"
  @description = "FluentNET, DotContent's powerful content management software, empowers business users to create, manage and publish web content for both general public access as well as internal use, and maximises the value of web-based information."
  @website = "http://www.dotcontent.net"

  # 14 results for "powered by FluentCMS from DotContent" @ 2010-08-08

  # Dorks #
  @dorks = [
    '"powered by FluentCMS from DotContent"'
  ]

  @matches = [

    # Powered by text
    { ghdb: '"powered by FluentCMS from DotContent"', certainty: 75 },

    # Version Detection # Meta Generator
    { version: /<meta name="GENERATOR" content="Fluent[CMS|NET]+ ([\d\.]+) / },

  ]
end

#FluxBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array

Version 0.4 # 2011-04-06 # Brendan Coles <bcoles at gmail dot com> Added md5 matches for 1.4.x Added passive version detection

Version 0.3 removed :name and :certainty=>100



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/whatweb/plugins/fluxbb.rb', line 19

WhatWeb::Plugin.define "FluxBB" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "Open Source forum written in PHP"
  @website = "http://fluxbb.org/ - Aggressive matches can identify 1.2.x, 1.3.x and 1.4.x"

  # Google results as at 2011-04-06 #
  # 357 for "Powered by FluxBB"

  # Dorks #
  @dorks = [
    '"Powered by FluxBB"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { name: "Powered by", regexp: />P(owered by|ropuls&#233; par) (<strong>)?<a href="http:\/\/fluxbb\.org\/">FluxBB<\/a>/ },

    # Version Detection # Powered by link
    { version: />P(owered by|ropuls&#233; par) <a href="http:\/\/fluxbb\.org\/">FluxBB<\/a> ([\d\.]+)</, offset: 1 },

    # default styles - Cobalt.css  imports  index.html  Lithium.css  Mercury.css  Oxygen.css  Radium.css  Sulfur.css
    { certainty: 25, regexp: /<link rel="stylesheet" type="text\/css" href="style\/(Cobalt|Lithium|Mercury|Oxygen|Radium|Sulfur)\.css" \/>/ },

    # Login Link
    { certainty: 75, text: '<li id="navlogin"><a href="login.php">' },

    # brdwelcome div HTML
    { certainty: 75, regexp: /<div id="brdwelcome" class="inbox">[\s]+<p>[^<]+<\/p>[\s]+<\/div>/ },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [

      { version: "1.2.x",	path: "style/Sulfur.css", md5: "8d49e829aaf77164d0be3e05ef67c63d" },
      { version: "1.4-rc1", path: "style/Sulfur.css", md5: "ec6a6ac259f3de9a7c7f1b1b544387ba" },
      { version: "1.4-rc2 or 1.4-rc3", path: "style/Sulfur.css", md5: "1f0e9882d761837f01b148f1aa38df9f" },
      { version: "1.4-beta1 or 1.4-beta2", path: "style/Sulfur.css", md5: "88fb6eac3671593ef57c4b6b76802280" },
      { version: "1.4.0 - 1.4.2", path: "style/Sulfur.css", md5: "8c719837ddd3d1b76c9bdd2bf39b7078" },
      { version: "1.4.3", path: "style/Sulfur.css", md5: "d6207b6358017e91f3adef28764634a7" },
      { version: "1.4.4 - 1.4.5", path: "style/Sulfur.css", md5: "ededb4d5139af9984a4e64fc080ce0e4" },

      { version: "1.3",	path: "style/print.css", md5: "0956e3e8738ee13ee4845b90acd80a9c" },

      { version: "1.2.x", path: "style/Mercury.css", md5: "02a0558c65d3d2e7c6895f6bd6e1edf9" },
      { version: "1.4-beta1 or 1.4-beta2", path: "style/Mercury.css", md5: "c14d6b084de46779f3b6fb396e74be19" },
      { version: "1.4-rc1", 	path: "style/Mercury.css", md5: "f89d52345d2d54a7026703d9a99380a7" },
      { version: "1.4-rc2 or 1.4-rc3", path: "style/Mercury.css", md5: "55e3014174acc5026774b868f09bc378" },
      { version: "1.4.0 - 1.4.2", path: "style/Mercury.css", md5: "9ac090828cc194ca2d28b4d8294eec62" },
      { version: "1.4.3", path: "style/Mercury.css", md5: "191905f7acea9b7f378007b7c020296b" },
      { version: "1.4.4 - 1.4.5", path: "style/Mercury.css", md5: "024fc47a49c4e7d56feaadea290ca5d3" },

      { version: "1.2.x", path: "include/template/redirect.tpl", md5: "1f71f1b79ca455f691b66e91d47523ec" },
      { version: "1.3-beta2", path: "include/template/redirect.tpl", md5: "8b8646ca85c42103ab1941ce33b4058c" },
      { version: "1.3-legacy or 1.3-r718", path: "include/template/redirect.tpl", md5: "d7f4ca403f7d4453158b0765196f8173" },
      { version: "1.4-beta1 or 1.4-beta2", path: "include/template/redirect.tpl", md5: "ec3fc0a2fa3c13a8599be3cb4cd2aa71" },
      { version: "1.4-rc1", path: "include/template/redirect.tpl", md5: "2b361b3c0a7c6c81fa37da171e2c3514" },
      { version: "1.4-rc2 or 1.4-rc3", path: "include/template/redirect.tpl", md5: "582d9fd6679af0d26df157399a70864d" },
      { version: "1.4.x",	path: "include/template/redirect.tpl", md5: "441a1cd28ac4da75350d8d8438989e29" }

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    unless version.nil?
      m << { name: "md5 sums of files", version: version }
    end

    # Return aggressive matches
    m
  end
end

#FlysprayObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/flyspray.rb', line 9

WhatWeb::Plugin.define "Flyspray" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "Open source, web based bug tracking system written with a focus on ease-of-use."
  @website = "http://flyspray.org/"

  # Google results as at 2011-04-17 #
  # 381 for "Powered by Flyspray"

  # Dorks #
  @dorks = [
    '"Powered by Flyspray"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: "<!-- Please don't remove this line - it helps promote Flyspray -->" },

    # Powered by link
    { text: '<a href="http://flyspray.org/" class="offsite">Powered by Flyspray</a>' },

  ]
end

#fnordObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/fnord.rb', line 12

WhatWeb::Plugin.define "fnord" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.2"
  @description = "fnord - yet another small httpd"
  @website = "http://www.fefe.de/fnord/"

  # ShodanHQ results as at 2011-05-31 #
  # 6,444 for fnord

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^fnord\/([^\s]+)$/, search: "headers[server]" },
    { regexp: /^fnord/, search: "headers[server]" },
  ]
end

#FootprintObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/footprint.rb', line 12

WhatWeb::Plugin.define "Footprint" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-31
  @version = "0.2"
  @description = "Caching server"

  # ShodanHQ results as at 2011-03-31 #
  # 11,711 for Footprint FPMCP

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^Footprint ([\d\.]+)\/FPMCP$/, search: "headers[server]" },
    { regexp: /^Footprint/, search: "headers[server]" },
  ]
end

#FortiWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/fortiweb.rb', line 9

WhatWeb::Plugin.define "FortiWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-14
  @version = "0.1"
  @description = "The FortiWeb family of Web application and XML firewalls protect, balance, and accelerate Web applications, databases, and the information exchanged between them."
  @website = "http://www.fortinet.com/products/fortiweb/"

  # ShodanHQ results as at 2011-05-14 #
  # 985 for FortiWeb

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^FortiWeb$/ },

    # Version Detection
    { search: "headers[server]", version: /^FortiWeb-([\d\.]+)$/ },

  ]
end

#FossilObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/fossil.rb', line 9

WhatWeb::Plugin.define "Fossil" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-01
  @version = "0.1"
  @description = "Simple, high-reliability, distributed software configuration management"
  @website = "http://fossil-scm.org/index.html/doc/trunk/www/index.wiki"

  # Google results as at 2012-05-01 #
  # 26 for "Fossil version " inurl:"fossil.cgi"

  # Dorks #
  @dorks = [
    '"Fossil version " inurl:"fossil.cgi"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Footer
    { version: /<div class="footer">\s+(<a href="http:\/\/fossil-scm\.org">Fossil<\/a>|Fossil) version \[([^\]]+)\] [\d]{4}\-[\d]{2}\-[\d]{2} [\d]{2}:[\d]{2}:[\d]{2}/, offset: 1 },

    # Year Detection
    { string: /<div class="footer">\s+(<a href="http:\/\/fossil-scm\.org">Fossil<\/a>|Fossil) version \[[^\]]+\] ([\d]{4}\-[\d]{2}\-[\d]{2} [\d]{2}:[\d]{2}:[\d]{2})/, offset: 1 },

  ]
end

#FpollObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/fpoll.rb', line 9

WhatWeb::Plugin.define "Fpoll" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "Fpoll is a simple and easily customizable open source web poll script - Requires: PHP and MySQL"
  @website = "http://www.phpfront.com/fpoll.php"

  # Google results as at 2011-08-25 #
  # 8 for intitle:"Fpoll" intitle:"AdminCP" inurl:admincp ext:php
  # 8 for intitle:"Fpoll v1.1 AdminCP"

  # Dorks #
  @dorks = [
    'intitle:"Fpoll" intitle:"AdminCP" inurl:admincp ext:php'
  ]

  # Matches #
  @matches = [

    # Version Detection # Title
    { version: /<title>Fpoll v([^\s^>]+) AdminCP<\/title>[\s]+<link rel="stylesheet" href="admincp\/css\.css" media="all"\/>/ },

    # Version Detection # Admin Pages # Title
    { version: /<title>Fpoll v([^\s^>]+) AdminCP<\/title>[\s]+<link rel="stylesheet" href="css\.css" media="all"\/>/ },

    # Version Detection # Footer
    { version: /<br \/><br \/><hr \/><div style="text-align: center;">&copy 20[\d]{2} Fpoll v([^\s^>]+) \(<a href="http:\/\/www\.phpfront\.com">PHPfront\.com<\/a>\) <\/div><\/body>/ },

  ]
end

#FrameObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Fixed regex to return multiple frames



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/frame.rb', line 12

WhatWeb::Plugin.define "Frame" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-13
  @version = "0.2"
  @description = "This plugin detects instances of frame and iframe HTML elements."

  # Google results as at 2010-10-13 #
  # 213 for "your browser does not support frames"

  # Matches #
  @matches = [

    # Detect (i)frame
    { regexp: /<i?frame\s+/i }

  ]
end

#FreakAuthObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/freakauth.rb', line 9

WhatWeb::Plugin.define "FreakAuth" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-11
  @version = "0.1"
  @description = "FreakAuth is a simple authentication library for the Code Igniter PHP framework"
  @website = "http://freakauth.4webby.com/"

  # Google results as at 2011-04-11 #
  # 13 for intitle:"FreakAuth" "Welcome on board ! / Login"

  # ShodanHQ results as at 2011-04-11 #
  # 129 for Location: /framework/index.php

  # Dorks #
  @dorks = [
    'intitle:"FreakAuth" "Welcome on board ! / Login"'
  ]

  # Matches #
  @matches = [

    # Default title
    { regexp: /<title>FreakAuth &raquo; [^<]+<\/title>/ },

    # Login link
    { regexp: /Welcome on board ! \/ <a href="http[^"]+">Login<\/a>		<\/div>/ },

  ]
  # Passive #
  def passive(target)
    m = []

    # FreakAuth Cookie
    m << { name: "FreakAuth Cookie" } if target.headers["set-cookies"] =~ /^FreakAuth=/

    # Location Header # /framework/index.php
    m << { name: "Location Header" } if target.headers["location"] =~ /^\/framework\/index\.php$/

    # Return passive matches
    m
  end
end

#FreeJoomlas_comObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/freejoomlas.com.rb', line 9

WhatWeb::Plugin.define "FreeJoomlas_com" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-30
  @version = "0.1"
  @description = "FreeJoomlas.com - We provide free hosting for your Joomla portals. It is absolutely FREE. Moreover, we provide FREE subdomains (YOURNAME.FreeJoomlas.com) and UNLIMITED data transfer."
  @website = "http://www.freejoomlas.com/"

  # Google Results as at 2011-01-30
  # 100,000 for "joomla hosting powered by FreeJoomlas.com"
  # 47,400 for site:FreeJoomlas.com

  # Matches #
  @matches = [

    # Hosted By HTML
    { text: 'Free <a href="http://joomla.org" target=_blank>Joomla!</a> hosting powered by  <a href="http://freejoomlas.com"> FreeJoomlas.com </a>', module: "Joomla" },

  ]
end

#FreeNACObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/freenac.rb', line 9

WhatWeb::Plugin.define "FreeNAC" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-20
  @version = "0.1"
  @description = "FreeNAC is an OpenSource solution for LAN access control and dynamic Vlan management"
  @website = "http://freenac.net/"

  # Google results as at 2012-05-20 #
  # 1 for inurl:"stats.php?graphtype=bar"

  # Matches #
  @matches = [

    # Menu HTML
    { text: '<a href="unknowns.php" title="List unknown end devices and print/edit/delete them">Find unknowns</a><br/>' },

  ]
end

#FreeNASObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/freenas.rb', line 9

WhatWeb::Plugin.define "FreeNAS" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-09
  @version = "0.1"
  @description = "FreeNAS is an Open Source Storage Platform based on FreeBSD and supports sharing across Windows, Apple, and UNIX-like systems."
  @website = "http://www.freenas.org/"

  # ShodanHQ results as at 2012-09-09 #
  # 1,974 for location account/login next
  #   335 for freenas

  # Google results as at 2012-09-09 #
  # 1 for "FreeNAS" "Please log in" inurl:"account/login/"

  # Dorks #
  @dorks = [
    '"FreeNAS" "Please log in" inurl:"account/login/"'
  ]

  # Matches #
  @matches = [

    # /account/login # Version Detection
    { version: /<div id="login" data-dojo-type="dijit\.Dialog" data-dojo-props="title: 'Welcome to FreeNAS&trade; ([^']+)'">/ },
    { version: /<div id="login" dojoType="dijit\.Dialog" title="Welcome to FreeNAS ([^\s]+)">/ },

    # /account/login # HTML Comment # It's a login page? Thx bro
    { text: '<!-- THIS IS A LOGIN WEBPAGE -->' },

    # /account/login # HTML Comment # Logo HTML
    { text: '<a href="/" title="FreeNAS&trade;"><img src="/static/images/ui/freenas-logo.png?cache=" alt="FreeNAS&trade;" style="padding-left:10px;"/></a>' },

    # /static/images/ui/freenas-logo.png
    { url: "/static/images/ui/freenas-logo.png", md5: "e9f74076206e249ead75559119c028c6" },

    # Location Header
    { url: "/", search: "headers[location]", regexp: /https?:\/\/[^\/]+\/account\/login\/\?next=\// },

  ]
end

#FreePBXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/freepbx.rb', line 9

WhatWeb::Plugin.define "FreePBX" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-12
  @version = "0.1"
  @description = "FreePBX is an easy to use web based GUI (graphical user interface) that controls and manages Asterisk"
  @website = "http://www.freepbx.org/"

  # ShodanHQ results as at 2011-06-12 #
  # 10 for FreePBX http

  # Passive #
  def passive(target)
    m = []

    # WWW-Authenticate realm
    if /FreePBX/.match?(target.headers["www-authenticate"])
      m << { name: "WWW-Authenticate" } if target.headers["www-authenticate"] =~ /^Basic realm="FreePBX( Admin| Administration)?"/
      m << { name: "WWW-Authenticate" } if target.headers["www-authenticate"] =~ /^Digest realm="FreePBX"/
    end

    # Return passive matches
    m
  end
end

#fsaATLASObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/fsaatlas.rb', line 9

WhatWeb::Plugin.define "fsaATLAS" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-29
  @version = "0.1"
  @description = "fsaAtlas is an international student and scholar management system."
  @website = "http://www.sungardhe.com/Solutions/fsaATLAS/"

  # Google results as at 2012-01-29 #
  # 7 for intitle:"fsaATLAS Enterprise"

  # Dorks #
  @dorks = [
    'intitle:"fsaATLAS Enterprise"'
  ]

  # Matches #
  @matches = [

    # Login Page # Title # Version Detection
    { version: /<title>fsaATLAS Enterprise v\.([^\s^<]+)<\/title>/ },

    # Login Page # Logo HTML # Version Detection
    { version: /<div style="position:absolute; width:100px; top:0px; right:0px"><img src="images\/fsaatlastext\.png" alt="fsaATLAS Enterprise v\.([^\s^"]+)"\/><\/div>/ },

    # Login Page # Form
    { text: '<form action="LoginFinish.asp" method="post" name="MainForm">' },

    # Login Page # HTML Comment
    { text: '<!-- AP - 06/02/2009 - Defect 1533 - Campus DataLink Link not appearing at the top navigation bar-->' },

  ]
end

#GallarificObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/gallarific.rb', line 9

WhatWeb::Plugin.define "Gallarific" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.1"
  @description = "Gallarific is a fully customizable PHP photo gallery script that lets you collect, organize and share your images, photos and multimedia files with visitors directly from your Web site. It's compatible with 97% of Web site hosts."
  @website = "http://www.gallarific.com/"

  # Google results as at 2011-03-14 #
  # 5 for intitle:Gallarific "Sign in to Gallarific"

  # Dorks #
  @dorks = [
    'intitle:Gallarific "Sign in to Gallarific"'
  ]

  # Matches #
  @matches = [

    # http-equiv Generator
    { text: '<meta http-equiv="Generator" content="Gallarific" />' },

    # HTML Comment # Most Viewed
    { text: '<!-- popular_grid: output a 4x1 row containing the most viewed photos --><tr> <td colspan="2" class="heading">Most Viewed Photos</td>' },

    # HTML Comment # Recently Uploaded
    { text: '<!-- recent_grid: output a 4x1 row containing recently uploaded photos --><tr> <td colspan="2" class="heading">Recently Uploaded Photos</td>' },

    # Logo HTML
    { text: '<a href="http://www.gallarific.com/"><img src="http://www.gallarific.com/images/gallarific_white.gif" width="215" height="61" border="0" /></a>' },

    # Login Title
    { text: '<title>Gallarific > Sign in</title>' },

  ]
end

#GalleryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/gallery.rb', line 9

WhatWeb::Plugin.define "Gallery" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-10
  @version = "0.1"
  @description = "Photo gallery - Requires PHP and MySQL"
  @website = "http://gallery.menalto.com/"

  # Google results as at 2012-04-10 #
  # 187 for inurl:"/index.php/login/ajax" "Login" "Username" "Password" "Forgot your password"
  # 187 for "Powered by Gallery" "First" "Previous" "Next" "Last" "Available RSS feeds"
  # 120 for intitle:"Gallery 3 Installer" "Installing Gallery is easy. We just need a place to put your photos and info about your MySQL database."

  # Dorks #
  @dorks = [
    '187 for inurl:"/index.php/login/ajax" "Login" "Username" "Password" "Forgot your password"'
  ]

  # Matches #
  @matches = [

    # ./index.php/login/ajax # Login Page # Forgot password link
    { text: '<a href="#" id="g-password-reset" class="g-right g-text-small">Forgot your password?</a>' },

    # Powered by link # Version Detection
    { version: /<li class="(g-)?first">Powered by <a href="http:\/\/gallery\.menalto\.com">(<bdo dir="ltr">)?Gallery ([^<]+)(<\/bdo>)?<\/a><\/li>/, offset: 2 },

    # ./installer/ # Install Page # Filepath Detection
    { filepath: /We've found a place to store your photos:\s+<code class="location">([^<]+)<\/code>/ },

    # ./installer/ # Install Page # Title
    { certainty: 75, text: '<title>Gallery 3 Installer</title>' },

  ]
end

#GangliaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/ganglia.rb', line 9

WhatWeb::Plugin.define "Ganglia" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids. It is based on a hierarchical design targeted at federations of clusters. It leverages widely used technologies such as XML for data representation, XDR for compact, portable data transport, and RRDtool for data storage and visualization."
  @website = "http://ganglia.sourceforge.net/"

  # 118 for intitle:"Ganglia:: Cluster Report" "Cluster Report for"
  # 94 for intitle:"Ganglia" "Nodes colored by 1-minute load" +legend

  # Dorks #
  @dorks = [
    'intitle:"Ganglia:: Cluster Report" "Cluster Report for"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '<TITLE>Ganglia:: Cluster Report</TITLE>' },

    # Legend link
    { text: '(Nodes colored by 1-minute load) | <A HREF="./node_legend.html">Legend</A>' },

    # Metric select
    { text: '<B>Metric</B>&nbsp;&nbsp;<SELECT NAME="m" OnChange="ganglia_form.submit();">' },

    # Version Detection # Frontend # Footer
    { version: /<CENTER>\n<FONT SIZE="-1" class=footer>\n(Gmetad|Ganglia) Web Frontend version ([\d\.]+)\n<A HREF="http:\/\/ganglia\.sourceforge\.net\/downloads\.php\?component=ganglia-webfrontend&amp;\nversion=[\d\.]+">Check for Updates\.<\/A><BR>\n/, offset: 1 },

    # Version Detection # Backend # Footer
    { version: /Web Backend <i>\(gmetad\)<\/i> version ([\d\.]+)\n<A HREF="http:\/\/ganglia\.sourceforge\.net\/downloads\.php\?component=gmetad&amp;\nversion=[\d\.]+">Check for Updates\.<\/A><BR>/, offset: 1 },

  ]
end

#gCardsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/gcards.rb', line 9

WhatWeb::Plugin.define "gCards" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "gCards is a free PHP-based eCard system that is easy to setup and use. gCards simple Administration Console allows the administrator to upload images (JPEGs of GIFs), add eCard categories, and modify existing settings - Note: This project is dormant - no further updates will be done"
  @website = "http://www.gregphoto.net/gcards/index.php"

  # Google results as at 2011-03-15 #
  # 359 for "powered by gcards"
  # 11 for intitle:"eCards Administration Console Login" inurl:login.php

  # Dorks #
  @dorks = [
    '"powered by gcards"',
    'intitle:"eCards Administration Console Login" inurl:login.php'
  ]

  # Matches #
  @matches = [

    # Compose Link
    { certainty: 75, text: '<a href="compose.php?imageid=' },

    # Admin Page # Default Title
    { text: "<title>eCards Administration Console Login</title>" },

    # Version Detection
    { version: /<td>(Driftet av|Powered by|Un script de ) <a href="http:\/\/www.gregphoto.net\/gcards\/index.php"[^>]*>gCards<\/a> v([\d\.]+)<\/td>/, offset: 1 },

  ]
end

#GearHostObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-06 # Updated OS detection

Version 0.2 # 2011-02-10 # Updated regex match



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/gearhost.rb', line 15

WhatWeb::Plugin.define "GearHost" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-25
  @version = "0.3"
  @description = "GearHost is a Microsoft Gold Certified Windows Hosting Partner that specializes in complex hosted managed servers, CloudServers and shared Windows Web Hosting Solutions for ASP.NET, ColdFusion, Exchange Business Email and other technologies."
  @website = "http://www.gearhost.com/"

  # ShodanHQ results as at 2010-10-25 #
  # 1,369 for Hosted-With: GearHost Inc. (www.gearhost.com)

  # HTTP Header
  def passive(target)
    m = []

    # Hosted-With HTTP Header
    m << { os: "Windows", module: "ASP.NET, ColdFusion, PHP, Perl" } if target.headers["hosted-with"] =~ /[\s]*GearHost Inc\. \(www.gearhost.com\)/

    # Return Passive Matches
    m
  end
end

#GeekLogObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-10 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/geeklog.rb', line 12

WhatWeb::Plugin.define "GeekLog" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-25
  @version = "0.2"
  @description = "Geeklog is an open source application for managing dynamic web content. It is written in PHP and supports MySQL, PostgreSQL, or MS SQL as the database backend."
  @website = "http://www.geeklog.net/"

  # 352 results for "powered by GeekLog" @ 2010-09-25
  # Dorks #
  @dorks = [
    '"powered by GeekLog"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered By <a href="http://www.geeklog.net/">Geeklog</a>' },
    { text: 'Powered By <a class="footer" href="http://www.geeklog.net/">GeekLog</a>' },

    # HTML Comment
    { text: '<!--If you want the splash, uncomment the last line. If you want no splash, make sure it is commented out.-->' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.geeklog.net\/">Geeklog ([\d\.a-z]{1,10})<\/a>/ },

  ]
end

#GeoHttpServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/geohttpserver.rb', line 9

WhatWeb::Plugin.define "GeoHttpServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.1"
  @description = "GeoHttpServer"
  @website = "http://www.geovision.com.tw/english/index.asp"

  # ShodanHQ results as at 2011-05-30 #
  # 106,570 for GeoHttpServer

  # Matches #
  @matches = [

    # Aggressive # /Language.js
    { url: "/Language.js", md5: "f98b7425f7ff4680ac7682ed61844a17" },
    { url: "/Language.js", md5: "6682a8f95d0beb6524f0c08d2982654e" },
    { url: "/Language.js", md5: "97cdb361307be266683bceb8c452927b" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    if /^GeoHttpServer$/.match?(target.headers["server"])
      m << { name: "HTTP Server Header" }
    end

    # Return passive matches
    m
  end
end

#GeoNodeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/geonode.rb', line 9

WhatWeb::Plugin.define "GeoNode" do
  @author = "Brendan Coles <[email protected]>" # 2016-06-02
  @version = "0.1"
  @description = "GeoNode is a web-based application and platform for developing geospatial information systems (GIS) and for deploying spatial data infrastructures (SDI). "
  @website = "https://github.com/GeoNode/geonode/"

  # Dorks #
  @dorks = [
    '"Powered by GeoNode" intitle:"Explore Layers"'
  ]

  # Matches #
  @matches = [

    # /help link
    { name: 'Help link',
      text: '<a href="/help/" rel="tooltip" title="help"><i class="icon-question-sign"></i></a>' },

    # Version Detection # powered by footer
    { name: 'Footer',
      version: %r{Powered by <a href="http://geonode.org">GeoNode</a> <em>version ([a-z0-9\.]+)</em>} },

  ]
end

#GetSimpleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/getsimple.rb', line 12

WhatWeb::Plugin.define "GetSimple" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.2"
  @description = "GetSimple is an open source CMS that utilizes the speed and convenience of XML, a best-in-class UI and the easiest learning curve of any simple Content Management System out there."
  @website = "http://get-simple.info/"

  # 389 results for "powered by getsimple Version" @ 2010-08-28

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /	<meta name="generator" content="GetSimple \- ([\d\.\_A-Z]+)" \/>/ },

    # Version Detection # Powered by text
    { version: /<a href="http:\/\/get-simple.info\/" title="Open Source and Free CMS" >Powered by GetSimple<\/a> Version ([\d\.\_A-Z]+)/ },

    # Admin Page # Version Detection # Powered by text
    { version: /<a href="http:\/\/get-simple.info\/">Powered by GetSimple<\/a> Version ([\d\.\_A-Z]+)/ },

  ]
end

#GitoriousObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/gitorious.rb', line 9

WhatWeb::Plugin.define "Gitorious" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-13
  @version = "0.1"
  @description = "Gitorious provides open source infrastructure for hosting open source projects that use Git - Requires: Ruby."
  @website = "https://gitorious.org/gitorious"

  # ShodanHQ results as at 2011-08-13 #
  # 79 for _gitorious_sess

  # Google results as at 2011-08-13 #
  # 103 for intitle:"Gitorious" "Gitorious is a great way of collaborating on distributed open source projects" "About Gitorious" "Dashboard" "Login"

  # Dorks #
  @dorks = [
    'intitle:"Gitorious" "Gitorious is a great way of collaborating on distributed open source projects" "About Gitorious" "Dashboard" "Login"'
  ]

  # Matches #
  @matches = [

    # Powered by footer
    { regexp: /<a href="http:\/\/gitorious\.org"><img alt="Poweredby" src="\/images\/\.\.\/img\/poweredby\.png\?[\d]+" title="Powered by Gitorious" \/><\/a><\/div>/ },

    # _gitorious_sess Cookie
    { search: "headers[set-cookie]", regexp: /_gitorious_sess=[^-]+--[^;]+; domain=/ },

  ]
end

#gitstatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/gitstat.rb', line 9

WhatWeb::Plugin.define "gitstat" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-23
  @version = "0.1"
  @description = "gitstat is a web-based statistics and monitoring system for git"
  @website = "http://sourceforge.net/projects/gitstat/"

  # Google results as at 2011-06-23 #
  # 10 for "Powered by gitstat"

  # Dorks #
  @dorks = [
    '"Powered by gitstat"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Malformed Powered by HTML
    { version: /<a href="http:\/\/sourceforge\.net\/projects\/gitstat\/"<font size=4>\(Powered by gitstat v([^\)^\s]+)\)<\/font><\/a>/ },

    # HTML Comment
    { text: '<!-- FIXME: We should have some reference to the website of the git tree if available -->' },

    # Powered by footer
    { text: 'Powered by <a href="http://sourceforge.net/projects/gitstat/">gitstat</a> <br><img src="images/separator.gif" alt="" />Design: <a href="http://www.oswd.org/">OSWD.ORG</a></p>' },

  ]
end

#GitwebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/gitweb.rb', line 9

WhatWeb::Plugin.define "Gitweb" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-24
  @version = "0.1"
  @description = "Gitweb is a Git web interface, the one working on http://www.kernel.org/git/. It is written in Perl, and can be used as a CGI script, or as a mod_perl legacy script (run by ModPerl::Registry handler). It allows browsing a git repository (or a set of git repositories) using a web browser."
  @website = "http://git.or.cz/gitwiki/Gitweb"

  # Google results as at 2011-01-24 #
  # 228 results for "Project" "Description" "Owner" "Last Change" "Search" "summary" "shortlog" "log" "tree" "TXT" "OPML" intitle:git

  # Dorks #
  @dorks = [
    '"Project" "Description" "Owner" "Last Change" "Search" "summary" "shortlog" "log" "tree" "TXT" "OPML" intitle:git'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="gitweb\/([\d\.a-z]{1,25}) git\/[\d\.a-z]{1,25}"\/>/ },

    # Version Detection # HTML Comment
    { version: /<!\-\- git web interface version ([\d\.a-z]{1,25}), \(C\) 2005-2006, Kay Sievers <[email protected]>, Christian Gierke \-\->/ },

    # Git Version Detection # HTML Comment
    { module: /<!\-\- git core binaries version ([\d\.a-z]{1,25}) \-\->/ },

    # Git Version Detection # Meta Generator
    { module: /<meta name="generator" content="gitweb\/[\d\.a-z]{1,25} git\/([\d\.a-z]{1,25})"\/>/ },

  ]
end

#glFusionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/glfusion.rb', line 9

WhatWeb::Plugin.define "glFusion" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "Powerful content management with synergy, stability, & style. A dynamic system based on flexible and granular permissions, with spam protection, forums, file management, media gallery, calendars, polls, site-wide search, RSS feeds, and more!"
  @website = "http://www.glfusion.org/"

  # Google results as at 2011-03-15 #
  # 376 for "Page created in" "seconds by glFusion" +RSS

  # Matches #
  @matches = [

    # div # gl_moomenu1
    { certainty: 75, regexp: /<div (class|id)="gl_moomenu1">/ },

    # ul # gl_moomenu1
    { certainty: 75, text: '<ul class="gl_moomenu1">' },

    # Page created in link
    { regexp: /Page created in [\d\.]+ seconds( |&nbsp;)by <a href="http:\/\/www.glfusion.org\/"[^>]*>glFusion<\/a>/ },

  ]
end

#GlosswordObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-29 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/glossword.rb', line 12

WhatWeb::Plugin.define "Glossword" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-01
  @version = "0.2"
  @description = "Glossword helps you to create and publish online multilingual dictionary, glossary, or reference."
  @website = "http://glossword.biz/"

  # Google results as at 2013-02-06 #
  # 458 for "Powered by Glossword"

  # Dorks #
  @dorks = [
    '"Powered by Glossword"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta generator
    { version: /<meta name="generator" content="Glossword version ([\d\.\-a-z]+)" \/>/ },
    { version: /<meta content="Glossword version ([\d\.\-a-z]+)" name="generator" \/>/ },

    # Version Detection # Powered by text
    { version: /<p>Powered by <a href="http:\/\/glossword.info\/" style="text-decoration:underline">Glossword<\/a> ([\d\.]+)<\/p>/ },

  ]
end

#GoServeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/goserve.rb', line 12

WhatWeb::Plugin.define "GoServe" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.2"
  @description = "GoServe - A Web and Gopher Server for OS/2. SRE-http is a highly configurable http server which requires GoServe"
  @website = "http://www2.hursley.ibm.com/goserve"

  # More Info #
  # SRE-http is a highly configurable http/1.1 web server for OS/2. To use the SRE-http web server, you will need GoServe (a free, IBM EWS, OS/2 Internet server). - Homepage: http://www.srehttp.org/server/
  # ShodanHQ results as at 2011-05-31 #
  # 32 for GoServe
  # 14 for GoServe -OS

  @matches = [
    # HTTP Server Header
    { regexp: /^GoServe/, search: "headers[server]" },

    # Version Detection
    { version: /^GoServe\/([^\s]+)$/, search: "headers[server]" },

    # Version Detection
    { version: /^GoServe for OS\/2, version ([^\s^;]+); SRE-http [\d\.]+$/, search: "headers[server]" },

    # Module Detection
    { module: /^GoServe for OS\/2, version [^\s^;]+; (SRE-http [\d\.]+)$/, search: "headers[server]" },
  ]
end

#GridSiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/gridsite.rb', line 9

WhatWeb::Plugin.define "GridSite" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-31
  @version = "0.1"
  @description = "In its simplest application, GridSite uses X.509 certificates loaded into unmodified versions of web browsers like Internet Explorer, Netscape or Mozilla to authenticate users, and then grants read and write authorization on this basis. HTML and text files can be edited within a browser window, or pages and binary files can be uploaded from local disk. Certificate based authentification of users is now far more practical with the start of large scale issuing of X.509 certificates within Grid projects."
  @website = "http://www.gridsite.org/"

  # Google results as at 2011-01-31 #
  # 87,100 for inurl:gridsite-admin.cgi filetype:cgi -inurl

  # Dorks #
  @dorks = [
    'inurl:gridsite-admin.cgi filetype:cgi -inurl'
  ]

  # Matches #
  @matches = [

    # Default Menu HTML
    { text: '<a href="gridsite-admin.cgi?cmd=history&amp;file=index.html">View&nbsp;page&nbsp;history</a>' },
    { text: '<a href="gridsite-admin.cgi?cmd=print&amp;file=index.html">Print&nbsp;View</a>' },

    # Version Detection # Built with text
    { version: /Built with <a href="http:\/\/www.gridsite.org\/">GridSite<\/a>&nbsp;([\d\.]+)/ },
    { version: /Built with <a href="http:\/\/www.gridsite.org\/">GridSite<\/a> ([\d\.]+)/ },

    # FAQ # HTML Comment
    { text: "<!-- start of gridsitefoot.txt -->" },

  ]
end

#gSOAPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/gsoap.rb', line 12

WhatWeb::Plugin.define "gSOAP" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-05
  @version = "0.2"
  @description = "gSOAP Toolkit for SOAP Web Services and XML-Based Applications. The gSOAP toolkit is an open source C and C++ software development toolkit for SOAP/XML Web services and generic (non-SOAP) C/C++ XML data bindings. The toolkit analyzes WSDLs and XML schemas (separately or as a combined set) and maps the XML schema types and the SOAP messaging protocols to easy-to-use and efficient C and C++ code."
  @website = "http://gsoap2.sourceforge.net/"

  # ShodanHQ results as at 2011-06-05 #
  # 433 for gSOAP

  @matches = [

    { regexp: /^gSOAP/, search: "headers[server]" },
    # Version Detection # HTTP Server Header
    { version: /^gSOAP\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#GuppYObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-10 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/guppy.rb', line 12

WhatWeb::Plugin.define "GuppY" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-06
  @version = "0.2"
  @description = "An easy, free web portal, GuppY will allow you to generate very easily a complete and interactive web site. It requires no database."
  @website = "http://www.freeguppy.org/?lng=en"

  # Google results as at 2010-08-06 #
  # 326 for "Powered by GuppY" "CeCILL Free License"

  # Dorks #
  @dorks = [
    '"Powered by GuppY" "CeCILL Free License"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="Generator" content="GuppY">' },

    # Version Detection # Copyright Footer HTML
    { version: /<div class="foot"><span class='copyright'>&nbsp; <a class='copyright' href='http:\/\/www.freeguppy.org\/' title='GuppY site' target='_blank'> Site powered by GuppY v([\d\.]+) <\/a>/ },

    # Version Detection # HTML Comment
    { version: /  <!--\[  GuppY v([\d\.]+) CeCILL Copyright \(C\) [\d]{4}\-[\d]{4} by Laurent Duveau \- http:\/\/www.freeguppy.org\/  \]-->/ },

  ]
end

#HAProxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/haproxy.rb', line 9

WhatWeb::Plugin.define "HAProxy" do
  @author = "Brendan Coles <[email protected]>" # 2013-02-27
  @version = "0.1"
  @description = "Reliable, High Performance TCP/HTTP Load Balancer"
  @website = "http://haproxy.1wt.eu/"

  # ShodanHQ results #
  # 9,975 for HAProxy statistics

  # Matches #
  @matches = [

    # WWW-Authenticate: Basic realm="HAProxy Statistics"
    { status: 401, search: "headers[www-authenticate]", text: 'Basic realm="HAProxy Statistics"' },

  ]
end

#HESKObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/hesk.rb', line 9

WhatWeb::Plugin.define "HESK" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-05
  @version = "0.1"
  @description = "Web-based help desk software featuring unlimited tickets, categories, knowledgebase, attachments and more. - Requires: PHP and MySQL"
  @website = "http://www.hesk.com/"

  # Google results as at 2011-08-05 #
  # 487 for "Powered by Help Desk Software HESK"

  # Dorks #
  @dorks = [
    '"Powered by Help Desk Software HESK"'
  ]

  # Matches #
  @matches = [

    # JavaScript
    { regexp: /<script language="Javascript" type="text\/javascript" src="(\.\.\/|\.\/)?hesk_javascript\.js"><\/script>/ },

    # StyleSheet
    { regexp: /<link href="(\.\/)?hesk_style\.css" type="text\/css" rel="stylesheet"/ },
    { regexp: /<link rel="stylesheet" type="text\/css" href="(\.\/)?hesk_style\.css"/ },

    # body onload
    { text: '<body onload="javascript:var i=new Image();i.src=\'./img/orangebtnover.gif\';var i2=new Image();i2.src=\'./img/greenbtnover.gif\';">' },

    # Loading knowledgebase suggestions image
    { text: '<img src="img/loading.gif" width="24" height="24" alt="" border="0" style="vertical-align:text-bottom" /> <i>Loading knowledgebase suggestions...</i>' },

    # HTML Comment
    { text: '<!-- START KNOWLEDGEBASE SUGGEST -->' },

    # Admin Panel link
    { text: '<p style="text-align:center"><a href="admin/" class="smaller">Go to Administration Panel</a></p>' },

    # Powered by link
    { regexp: /<p style="text-align:center"><span class="smaller">Powered by <a href="http:\/\/www\.hesk\.com" class="smaller"( target="_blank")? title="Free Help Desk Software HESK">Help Desk Software<\/a> HESK&trade;/ },

    # Powered by link # Old versions < 1.0
    { text: 'Powered by <a href="http://www.phpjunkyard.com/free-helpdesk-software.php" class="smaller" target="_blank">Help desk software</a> HESK<sup>TM</sup></span>', version: "<1.0" },

    # Version Detection # Powered by link # Old versions < 1.0
    { version: /<p align="center"><font class="smaller">Powered by <a href="[^>^"]{0,256}" class="smaller" target="_blank">Help desk software Hesk<\/a> ([^\s^<]+)<\/font>/ },

  ]
end

#HikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/whatweb/plugins/hiki.rb', line 9

WhatWeb::Plugin.define "Hiki" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-07
  @version = "0.1"
  @description = "Hiki is a powerful and fast wiki clone written in Ruby."
  @website = "http://hikiwiki.org/en/"

  # Google results as at 2011-06-07 #
  # 344 for "Generated by Hiki" "Powered by Ruby"

  # Dorks #
  @dorks = [
    '"Generated by Hiki" "Powered by Ruby"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="Hiki ([^"^\s]+)">/ },

    # Error Page
    { text: '<html><head><title>Hiki Error</title></head><body>' },

    # Version Detection # Generated by
    { version: /<div class="footer">Generated by <a href="http:\/\/hikiwiki.org\/">Hiki<\/a> ([^\s]+) \([\d]{4}-[\d]{2}-[\d]{2}\)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Ruby Version Detection
    if target.body =~ /<div class="footer">Generated by <a href="http:\/\/hikiwiki.org\/">Hiki<\/a>/ && target.body =~ /Powered by <a href="http:\/\/www\.ruby-lang\.org\/">(Ruby)<(\/)a> ([^\s]+) \([\d]{4}-[\d]{2}-[\d]{2}\)/

      m << { string: target.body.scan(/Powered by <a href="http:\/\/www\.ruby-lang\.org\/">(Ruby)<(\/)a> ([^\s]+) \([\d]{4}-[\d]{2}-[\d]{2}\)/).flatten }

    end

    # Return passive matches
    m
  end
end

#HikVisionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/hikvision.rb', line 9

WhatWeb::Plugin.define "HikVision" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-15
  @version = "0.1"
  @description = "HikVision cameras, Digital Video Servers (DVS) and Digital Video Records (DVR)"
  @website = "http://www.hikvisionusa.com/"

  # ShodanHQ results as at 2011-07-15 #
  # 58,133 for Hikvision-Webs

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Hikvision-Webs$/ },

  ]
end

#HiveMailObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/hivemail.rb', line 9

WhatWeb::Plugin.define "HiveMail" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-24
  @version = "0.1"
  @description = "HiveMail - PHP Webmail Portal Script - Hompage: http://www.hivemail.com/"

  # ShodanHQ results as at 2012-08-24 #
  # 5 for hivesession

  # Google results as at 2012-08-24 #
  # 52 for "You are not logged in" "Forgot your password" "Choose a skin"
  #  1 for intitle:"Database Error in HiveMail"

  # Dorks #
  @dorks = [
    '"You are not logged in" "Forgot your password" "Choose a skin"'
  ]

  # Matches #
  @matches = [

    # Error Page # Title
    { text: '<title>Database Error in HiveMail&trade;</title>' },

    # Login Page # Version Detection # JavaScript
    { version: /\/\/ myaccounts holds the userpics\s+myaccounts = '[^']*';\s+recaptcha_global = "[^"]+";\s+hiveversion = "v([^"]+)";/ },

    # Login Page # input field
    { text: '<input type="text" class="validate[ajax[ajaxUserCall]] input" name="answer" id="answer" />' },

    # Login Page # Meta Product # Version Detection
    { version: /<meta name="product" content="Hivemail v([^"]+)">/ },

    # hivesession Cookie
    { search: "headers[set-cookie]", regexp: /hivesession=/ },

  ]
end

#HoloCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/holocms.rb', line 9

WhatWeb::Plugin.define "HoloCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "HoloCMS. Requires PHP."

  # 44 results for "powered by HoloCMS" +Meth0d @ 2010-10-14

  # Dorks #
  @dorks = [
    '"powered by HoloCMS" "Meth0d"'
  ]

  # Matches #
  @matches = [

    # Version detection # Meta generator
    { version: /<meta name="build" content="([^\ ]+) - [^-]+- HoloCMS" \/>/ },

    # Default HTML
    { text: '<div id="remember-me-notification" class="bottom-bubble" style="display:none;">' },

    # Powered by text
    { regexp: /^Powered by HoloCMS &copy[;]* 2008 Meth0d & Parts by Yifan, sisija/ },

  ]
end

#HopfTimeServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-07-30 # Brendan Coles <[email protected]> Added examples URLs, cookie match and google dork Updated matches and version detection



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/hopftimeserver.rb', line 13

WhatWeb::Plugin.define "HopfTimeServer" do
  @author = "Aung Khant, http://yehg.net"
  @version = "0.2"
  @description = "Detect Hopf Time Server CGI application (http://www.hopf.com/)"

  # Google results as at 2011-07-30 #
  # 8 for inurl:/cgi-bin/main.cgi?ntp

  # Dorks #
  @dorks = [
    'inurl:/cgi-bin/main.cgi?ntp'
  ]

  # Matches #
  @matches = [

    # Tag Pattern # /cgi-bin/main.cgi?ntp&0
    { url: '/cgi-bin/main.cgi?ntp&0', name: 'HTML Tag Pattern', tag_pattern: 'html,head,link,link,title,/title,style,/style,script,/script,meta,/head,body,table,tr,td,img,map,area,area,/map,/td,td,img,/td,/tr,tr,td,/td,td,/td,td,table,tr,td,img,/td,td,img,/td,td,a,/a,/td,td,img,/td,td,a,/a,/td,td,img,/td,td,a,/a,/td,td,img,/td,td,a,/a,/td,td,img,/td,td,a,/a,/td,td,img,/td,td,/td,td,table,tr,td,img,/td,td,img,/td,td,img,/td,td,img,/td,td,img,/td,/tr,/table,/td,td,img,/td,/tr,/table,/td,td,img,/td,/tr,tr,td,img,/td,td,/td,td,table,tr,td,table,tr,td,table,tr,td,table,tr,td,img,/td,td,div,/div,/td,td,img,/td,/tr,/table,/td,/tr,tr,td,table,tr,td,img,/td,td,/td,td,img,/td,/tr,tr,td,/td,td,div,table,tr,td,iframe,/iframe,/td,/tr,/table,/div,/td,td,/td,/tr,tr,td,img,/td,td,/td,td,img,/td,/tr,/table,/td,/tr,/table,/td,td,div,/div,/td,td,table,tr,td,table,tr,td,img,/td,td,div,/div,/td,td,img,/td,/tr,/table,/td,/tr,tr,td,table,tr,td,img,/td,td,/td,td,img,/td,/tr,tr,td,/td,td,div,table,tr,td,iframe,/iframe,/td,/tr,/table,/div,/td,td,/td,/tr,tr,td,img,/td,td,/td,td,img,/td,/tr,/table,/td,/tr,/table,/td,/tr,tr,td,table,tr,td,table,tr,td,img,/td,td,div,/div,/td,td,img,/td,/tr,/table,/td,/tr,tr,td,table,tr,td,img,/td,td,/td,td,img,/td,/tr,tr,td,/td,td,div,table,tr,td,form,table,tr,td,/td,/tr,tr,td,input,/td,/tr,tr,td,/td,/tr,tr,td,input,/td,/tr,tr,td,input,/td,/tr,tr,td,br,br,/td,/tr,/table,/form,/td,/tr,/table,/div,/td,td,/td,/tr,tr,td,img,/td,td,/td,td,img,/td,/tr,/table,/td,/tr,/table,/td,/tr,/table,/td,td,/td,/tr,/table,/td,td,img,/td,/tr,tr,td,/td,td,/td,td,div,/div,/td,td,img,/td,/tr,tr,td,/td,td,/td,td,/td,td,/td,/tr,/table,/body,/html' },

    # Aggressive # Version Detection # /cgi-bin/main.cgi?ntp&0
    { url: '/cgi-bin/main.cgi?ntp&0', version: /><title>Hopf ([^<]+) - System Info<\/title/ },

    # Version Detection # Title
    { version: /><title>Hopf ([^<^\s]+) - (System Info|General|Peers|Server Configuration|Kernel Info)<\/title>/ },

    # Version Detection # Title # Redirect Page
    { version: /<head><title>HOPF ([^<^\s]+) Configuration<\/title>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # NCD_COOKIE Cookie
    m << { name: "NCD_COOKIE Cookie" } if target.headers["set-cookie"] =~ /NCD_COOKIE=language=0#username=#logintime=#lastaction=;/

    # Return passive matches
    m
  end
end

#HostBillObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/hostbill.rb', line 9

WhatWeb::Plugin.define "HostBill" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-10
  @version = "0.1"
  @description = "HostBill - Billing software"
  @website = "http://hostbillapp.com/"

  # Google results as at 2012-02-10 #
  # 31 for inurl:"index.php?/tickets/new/" "Powered by HostBill"

  # Dorks #
  @dorks = [
    'inurl:"index.php?/tickets/new/" "Powered by HostBill"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- part below is not css valid. remove it if you want this document to be css valid -->' },

    # Powered by text
    { text: '</div><br/><center>Powered by <a href="http://hostbillapp.com" target="_blank"><strong>HostBill</strong></a></center><br/></div>' },

  ]
end

#HTML5Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 removed :probability



12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/whatweb/plugins/html5.rb', line 12

WhatWeb::Plugin.define "HTML5" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "HTML version 5, detected by the doctype declaration"

  # Matches #
  @matches = [

    { regexp: /<!DOCTYPE html>/i },
    { string: "applicationCache", regexp: /<html[^>]* manifest=/ },

  ]
end

#htpasswdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-01-21 # Updated credential extraction Added SHA1 hashes for common admin passwords Renamed plugin from “Credentials” to “htpasswd”

Version 0.2 Now requires htpasswd in the URL path to reduce false positives



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/whatweb/plugins/htpasswd.rb', line 18

WhatWeb::Plugin.define "htpasswd" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-23
  @version = "0.3"
  @description = ".htpasswd is a flat-file used to store usernames and password for basic authentication of Apache HTTP Server. This plugin attempts to retrievs credentials from .htpasswd files in user:pass format. - More info: http://en.wikipedia.org/wiki/Htpasswd"

  # Google Results as at 2011-01-21 #
  # 110 results for inurl:htpasswd ext:txt
  # 181 results for filetype:htpasswd htpasswd
  # 179 results for filetype:htpasswd inurl:htpasswd
  # 35 results for htpasswd filetype:bak
  # 2 results for ext:htpasswd1
  # 2 results for inurl:"htpasswd" ext:bak

  # Dorks #
  @dorks = [
    'inurl:htpasswd ext:txt',
    'filetype:htpasswd htpasswd',
    'filetype:htpasswd inurl:htpasswd'
  ]

  # Passive #
  # Extract credentials in user{2-255}:pass{1-80} format
  # Accepts : sha1, md4, md5, plaintext
  # The code is pretty ugly, but fast. Formatted for 80x24. Improvements welcomed.
  def passive(target)
    m = []

    # Check if the current file is a .htpasswd file
    if target.uri.path =~ /htpasswd/i && target.body =~ /^([0-9a-z\-_]{2,255}:[^\r^\n^\s^:]{1,80})[\r\n\s:]*/i

      # Loop through the results
      target.body.scan(/^([0-9a-z\-_]{2,255}:[^\r^\n^\s^:]{1,80})[\r\n\s:]*/i).each do |line|
        # Compare hash to a few common passwords if the user is "admin"
        m << if /^admin:\$apr1\$/.match?(line.to_s)

               # Common passwords # SHA1
               if line.to_s == "admin:$apr1$Ev0Cp...$6R55smBmW.t.uDr01ao5Q."
                 { account: "admin:admin" }
               elsif line.to_s == "admin:$apr1$XNQFp...$HCpZx9aTaQOD1vVFeGXUF1"
                 { account: "admin:password" }
               elsif line.to_s == "admin:$apr1$94APp...$Vs/UEEdcnanhzIvFweeVd."
                 { account: "admin:password1" }
               elsif line.to_s == "admin:$apr1$WqFQp...$xgPFU8Ao92A7eYg8J2cYx/"
                 { account: "admin:Password" }
               elsif line.to_s == "admin:$apr1$3fdSp...$qq4wV9G75szLU/hJsGHYQ1"
                 { account: "admin:12345" }
               elsif line.to_s == "admin:$apr1$b5XTp...$BcezBLeXvd7QT5Rlw.8Ki1"
                 { account: "admin:123456" }
               elsif line.to_s == "admin:$apr1$WRMUp...$THfv/Ixp9HKpKH34dtzO3."
                 { account: "admin:qwerty" }
               elsif line.to_s == "admin:$apr1$cT/Vp...$aOLWPBRTibzuNEhVpiw7V1"
                 { account: "admin:abc123" }
               elsif line.to_s == "admin:$apr1$5PaVp...$gYaTwDl0yviTysvEY4REn0"
                 { account: "admin:letmein" }

               # Display hash if unknown
               else
                 { account: line.to_s }
               end
             # Display hash if user is not "admin"
             else
               { account: line.to_s }
             end
      end
    end
    m
  end
end

#HttpFileServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/httpfileserver.rb', line 12

WhatWeb::Plugin.define "HttpFileServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "You can use HFS (HTTP File Server) to send and receive files. Access your remote files, over the network."
  @website = "http://www.rejetto.com/hfs/"

  # ShodanHQ results as at 2011-05-30 #
  # 5,253 for HFS

  # Google results as at 2011-05-30 #
  # 626 for "File List" "Folder archive" "HttpFileServer" "Servertime" "Uptime"
  # 642 for "File List" "Folder archive" "HttpFileServer" "Servertime" "Uptime" "Build-time"
  # 636 for "File List" "Folder archive" "HttpFileServer" "Servertime" "Uptime" "Build-time" intitle:HFS

  # Dorks #
  @dorks = [
    '"File List" "Folder archive" "HttpFileServer" "Servertime" "Uptime" "Build-time" intitle:HFS'
  ]

  # Matches #
  @matches = [

    # Version Detection # Footer
    { version: /<div id=footer>[\s]+<a href="http:\/\/www\.rejetto\.com\/hfs\/">HttpFileServer ([^<]+)<\/a>[\s]+<br \/>Servertime/ },

    # Version Detection # HTTP Server Header
    { version: /^HFS (\d\.\d.+)$/, search: "headers[server]" },

    { regexp: /^HFS /, search: "headers[server]" },

  ]
end

#HttpOnlyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/httponly.rb', line 9

WhatWeb::Plugin.define "HttpOnly" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-03
  @version = "0.1"
  @description = "If the HttpOnly flag is included in the HTTP set-cookie response header and the browser supports it then the cookie cannot be accessed through client side script - More Info: http://en.wikipedia.org/wiki/HTTP_cookie"

  # More Info #
  # http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
  # http://www.gnucitizen.org/blog/why-httponly-wont-protect-you/
  # https://www.owasp.org/index.php/HttpOnly

  # ShodanHQ results as at 2011-06-03 #
  # 252,825 for httponly

  # Passive #
  def passive(target)
    m = []

    # Set-Cookie Header
    unless target.headers["set-cookie"].nil? || target.headers["set-cookie"].empty?

      #     target.headers["set-cookie"].each do |cookie|
      #
      #       if cookie =~ /;[\s]*httponly/i
      #         m << { :string=>cookie.scan(/^([^;^=]+).*;[\s]*httponly/i) } if cookie =~ /^([^;^=]+).*;[\s]*httponly/i
      #       end
      #
      #     end
      if /;[\s]*httponly/i.match?(target.headers["set-cookie"])
        m << { string: target.headers["set-cookie"].scan(/^([^;^=]+).*;[\s]*httponly/i) } if target.headers["set-cookie"] =~ /^([^;^=]+).*;[\s]*httponly/i
      end
    end

    # Return passive matches
    m
  end
end

#HTTPServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2011-04-08 # Brendan Coles <[email protected]> Updated OS detection

Version 0.3 # 2011-02-21 # Brendan Coles <[email protected]> Added OS detection

Version 0.2 removed :probability



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/whatweb/plugins/http-server.rb', line 18

WhatWeb::Plugin.define "HTTPServer" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "HTTP server header string. This plugin also attempts to identify the operating system from the server header."

  # Passive #
  def passive(target)
    m = []

    unless target.headers["server"].nil?

      # OS Detection # Windows family
      m << { os: "Windows (32 bit)" } if target.headers["server"] =~ /Win32/i
      if /Windows/i.match?(target.headers["server"])
        m << { os: "Windows Vista" } if target.headers["server"] =~ /Windows Vista/i
        m << { os: target.headers["server"].scan(/(Windows [0-9]{4})/i) } if target.headers["server"] =~ /Windows [0-9]{4}/i
        m << { os: target.headers["server"].scan(/(Windows Server [0-9]{4})/i) } if target.headers["server"] =~ /Windows Server [0-9]{4}/i
        m << { os: "Windows XP" } if target.headers["server"] =~ /Windows XP/i
        m << { os: "Windows" } if m.empty?
      end

      # OS Detection # Unix family
      m << { os: "MontaVista Hard Hat Linux" } if target.headers["server"] =~ /MontaVista Software Hard Hat Linux/i
      m << { os: "FreeBSD" } if target.headers["server"] =~ /FreeBSD/i
      m << { os: "MacOSX" } if target.headers["server"] =~ /MacOSX/i
      m << { os: "CentOS" } if target.headers["server"] =~ /CentOS/i
      m << { os: "Debian Linux" } if target.headers["server"] =~ /Debian/i
      m << { os: "Ubuntu Linux" } if target.headers["server"] =~ /Ubuntu/i
      m << { os: "Mandrake Linux" } if target.headers["server"] =~ /Mandrake/i
      m << { os: "PCLinuxOS" } if target.headers["server"] =~ /PCLinuxOS/i
      m << { os: "Fedora Linux" } if target.headers["server"] =~ /Fedora/i
      m << { os: "openSUSE" } if target.headers["server"] =~ /openSUSE/i
      m << { os: "Arch Linux" } if target.headers["server"] =~ /Arch Linux/i
      m << { os: "Mandriva Linux" } if target.headers["server"] =~ /Mandriva Linux/i
      m << { os: "SUSE Linux" } if target.headers["server"] =~ /Linux\/SUSE/i
      m << { os: "Slackware Linux" } if target.headers["poweredby"] =~ /Slackware/i
      m << { os: "Gentoo Linux" } if target.headers["x-powered-by"] =~ /Gentoo/i
      m << { os: "Red Hat Linux" } if target.headers["server"] =~ /Red[-| ]?Hat/i
      m << { os: "GNU OpenSolaris" } if target.headers["server"] =~ /GNU_OpenSolaris/i
      m << { os: "Trustix Secure Linux" } if target.headers["server"] =~ /Trustix Secure Linux/i

      # Unix catch-all
      if m.empty? && target.headers["server"] =~ /UNIX/i
        m << { os: "Unix" }
      end

      # Solaris catch-all
      if m.empty? && target.headers["server"] =~ /Solaris/i
        m << { os: "Solaris" }
      end

      # Linux catch-all # Kernel Version Detection
      if m.empty? && target.headers["server"] =~ /Linux\/[^\s]+/
        m << { os: target.headers["server"].scan(/(Linux\/[^\s]+)/) }
      elsif m.empty? && target.headers["server"] =~ /Linux/
        m << { os: "Linux" }
      end

      # Return server string
      m << { name: "server string", string: target.headers['server'].to_s }

    end

    # Return passive matches
    m
  end
end

#i3microObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/i3micro.rb', line 12

WhatWeb::Plugin.define "i3micro" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "Tilgin was founded under the name i3 micro technology in 1997 and develops equipment for IPTV and VOIP solutions."
  @website = "http://www.tilgin.com/"

  # ShodanHQ results as at 2011-05-30 #
  # 5,115 for i3micro -SIP

  # Matches #
  @matches = [

    # VRG # Default Favicon
    { model: 'VRG', url: "/favicon.ico", md5: "e4a509e78afca846cd0e6c0672797de5" },

    # Model Detection # WWW-Authenticate: Digest realm i3micro
    { model: /^Digest realm="i3micro (V[A-Z]{2})", nonce/, search: "headers[www-authenticate]" },

  ]
end

#IcecastObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/icecast.rb', line 9

WhatWeb::Plugin.define "Icecast" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-07
  @version = "0.1"
  @description = "Icecast is a GPL streaming media server project that currently streams in MP3 format."
  @website = "http://www.icecast.org/"

  # ShodanHQ results as at 2011-08-07 #
  # 75 for icecast

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if target.headers["server"] =~ /^Icecast ([^\s]+)/
      m << { version: $1.to_s }
    end
    if target.headers["server"] =~ /^icecast\/([^\s]+)/
      m << { version: $1.to_s }
    end

    # icy-name Header
    m << { string: target.headers["icy-name"].to_s } unless target.headers["icy-name"].nil?

    # WWW-Authenticate Header
    m << { certainty: 75, name: "WWW-Authenticate Header" } if target.headers["www-authenticate"] =~ /Basic realm="Icecast/

    # Return passive matches
    m
  end
end

#ICEshopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/iceshop.rb', line 9

WhatWeb::Plugin.define "ICEshop" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-26
  @version = "0.1"
  @description = "ICEshop e-commerce"
  @website = "http://www.iceshop.nl/"

  # Google results as at 2012-02-16 #
  # 66 for "Powered by ICEshop"

  # Dorks #
  @dorks = [
    '"Powered by ICEshop"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<p id="power_by"><a href="http://www.iceshop.nl" target="_blank">Powered by ICEshop</a></p>' },

    # Powered by text
    { text: 'Powered by <a class="link copyright02" href="http://www.iceshop.nl/" target="_blank">ICEshop</a>' },

    # dl class
    { text: '<dl class="box boxLogo  box02 iceshop">' },

  ]
end

#IdeaWebServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/ideawebserver.rb', line 12

WhatWeb::Plugin.define "IdeaWebServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.2"
  @description = "home.net.pl hosting - a major polish hosting company home.pl uses its own server software (Idea Web Server)"
  @website = "http://home.net.pl"

  # ShodanHQ results as at 2011-03-13 #
  # 91,705 for IdeaWebServer
  # All results are from Poland

  @matches = [

    # Version Detection # HTTP Server Header
    { version: /^IdeaWebServer\/v([\d\.]+)$/, search: "headers[server]" },

  ]
end

#iDVRObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-02-25 # Updated version detection

Version 0.2 # Fixed regex



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/idvr.rb', line 15

WhatWeb::Plugin.define "iDVR" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-20
  @version = "0.3"
  @description = "iDVR (formerly Devloution Security System) is a video surveillance system for the Linux/X11 platform."
  @website = "http://code.google.com/p/idvr/"
  # default login: administrator/blank

  # Google results as at 2010-07-20 #
  # 247 for intitle:iDVR -intitle:"com | net | shop" -inurl:"asp | htm | pdf | html | php | shtml | com | at | cgi | tv"

  # Dorks #
  @dorks = [
    'intitle:iDVR -intitle:"com | net | shop" -inurl:"asp | htm | pdf | html | php | shtml | com | at | cgi | tv"'
  ]

  # Matches #
  @matches = [

    # Default Title
    { text: '<title>iDVR</title>' },

    # Default JavaScript
    { regexp: /	  	'	  codebase="http:\/\/' + szDomainFull + '\/NSIDVRCtrlX.ocx#version=[\d]{1},[\d]{1},[\d]{1},[\d]{1}"\n'\+/ },
    { text: '		\'	  classid="clsid:16A017B9-6CB4-47C7-8E81-6E9396FAC2B6"\\n\' +' },
    { regexp: /		monitorDiv.innerHTML = "<object id='monitorObject' style='display:none' classid='clsid:574B47E8-A366-4AB9-B2EA-57F145CA3780' codebase='lib\/monitor.cab#version=[\d]{1},[\d]{1},[\d]{1},[\d]{1}' VIEWASTEXT><\/object>";/ },

    # Version Detection # Default Title
    { version: /<title>iDVR (.*)[\d\.]+ \(Build ([\d\.]+)\)<\/title>/, offset: 1 },

  ]
end

#iGiveTestObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/igivetest.rb', line 9

WhatWeb::Plugin.define "iGiveTest" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-23
  @version = "0.1"
  @description = "iGiveTest is a comprehensive solution for creating, administering, and providing thorough analysis of tests on the Internet and Intranet. It is a quick and professional way to create and organize tests for employees, students, and people in training."
  @website = "http://igivetest.com/"

  # Google results as at 2011-03-23 #
  # 175 for "Powered by iGiveTest"
  # 29 for "Powered by iGiveTest v1.9.7"

  # Dorks #
  @dorks = [
    '"Powered by iGiveTest"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by link
    { version: /Powered by <a href="http:\/\/iGiveTest\.com" target=_blank>iGiveTest v([\d\.]+)<\/a>/ },

    # Version Detection # Powered by text
    { version: /<tr><td colspan=[\d] align=right>Powered by iGiveTest v([\d\.]+)<\/a><\/td><\/tr>/ },

    # Login Form
    { certainty: 25, text: '<form action="index.php" method=post name=signinform>' },

  ]
end

#iHTMLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/ihtml.rb', line 12

WhatWeb::Plugin.define "iHTML" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "iHTML is a server side internet/web programming and scripting language in used by thousands of sites worldwide to deliver cost effective dynamic database driven web sites."
  @website = "http://www.ihtml.com/"

  # ShodanHQ results as at 2011-06-04 #
  # 593 for iHTML

  @matches = [
    # Version Detection # HTTP Server Header
    { version: / \(Using iHTML\/([^\)^\s]+)\)/, search: "headers[server]" },

    # Version Detection # X-Powered-By Header
    { version: /^iHTML\/([^\s]+)$/, search: "headers[x-powered-by]" },

  ]
end

#IkonboardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/ikonboard.rb', line 9

WhatWeb::Plugin.define "Ikonboard" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-17
  @version = "0.1"
  @description = "PHP powered forum - Homepage [offline] : http://www.ikonboard.com"

  # Google results as at 2011-03-17 #
  # 238 for "Powered by Ikonboard" ext:cgi

  # Dorks #
  @dorks = [
    '"Powered by Ikonboard" ext:cgi'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- iB Copyright Information -->' },

    # Version Detection # Powered by link # 3.x
    { version: /Powered by <a href="http:\/\/www.ikonboard.com" class="copyright" target='_blank'>Ikonboard<\/a> ([^\s]+) &copy; 20[\d]{2} <a href='http:\/\/www.ikonboard.com' target='_blank'>Ikonboard<\/a>/ },

    # Version Detection # Powered by link # 2.x
    { version: /Powered by <a href="http:\/\/www.ikonboard.com">Ikonboard v([^<]+)<\/a><br>&copy; 20[\d]{2} Ikonboard.com/ },

    # Powered by text # printpage.cgi
    { regexp: /<\/td><\/tr><\/table><center><hr><p>[^<]+ [P|p]owered by Ikonboard<br>http:\/\/www.ikonboard.com<br>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="GENERATOR" content="Ikonboard ([^"]+)">/ },

    # Error Page # HTML Tag Pattern
    { certainty: 75, tag_pattern: "h1,/h1,pre,/pre,p,a,/a,/p" },

  ]
end

#iLOObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-31 # Updated regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/whatweb/plugins/ilo.rb', line 12

WhatWeb::Plugin.define "iLO" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-15
  @version = "0.2"
  @description = "Integrated Lights-Out, or iLO, is an embedded server management technology exclusive to Hewlett-Packard but similar in functionality to the Lights out management (LOM) technology of other vendors."
  @website = "http://en.wikipedia.org/wiki/HP_Integrated_Lights-Out"

  # Google results as at 2011-03-31 #
  # 75 for "select 'Yes' to accept the certificate to access Integrated Lights-Out."

  # Dorks #
  @dorks = [
    '"select \'Yes\' to accept the certificate to access Integrated Lights-Out."'
  ]

  # Matches #
  @matches = [

    # Derivative work text
    { text: 'Derivative Work - 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California<br>' },

    # Default title
    { regexp: /<title>[\s]+HP Integrated Lights-Out( [\d])?[\s]+<\/title>/ },

    # Default HP logo HTML
    { text: '<a href="http://www.hp.com/servers/lights-out" target="new"><IMG height=60 src="ilo.gif" width=150 border=0 alt="Integrated Lights-Out"></a>' },

    # Default JavaScript
    { text: 'document.title="Integrated Lights Out: "+serverName;' },

    # Version 2.x # Default HP logo HTML
    { text: '<a href="http://www.hp.com/go/ilo" target="new"><IMG src="iLO2_blue.jpg" height=57 border=0 alt="Integrated Lights-Out"></a>', version: "2.x" },

    # Version Detection # Copyright footer and HTML comment
    { version: /(\*|&copy;)[\s]{1,2}Copyright 2002,[\s]?([\d]{4}) Hewlett-Packard Development Company, L\.P\./, offset: 1 },

    # Version Detection # Copyright footer and HTML comment
    { version: /(\*|&copy;)[\s]{1,2}Copyright ([\d]{4}) Hewlett-Packard Development Company, L\.P\./, offset: 1 },

    # Version 2.x # Default JavaScript
    { text: 'document.title="Integrated Lights Out 2: "+serverName;', version: "2.x" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Get server nic name # JavaScript
    if /document\.title="Integrated Lights Out( [\d])?: "/.match?(target.body)
      m << { string: target.body.scan(/^nicName="([^"^\s]+)";/) } if target.body =~ /^nicName="([^"^\s]+)";/
    end

    # Return passive matches
    m
  end
end

#ImageviewObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/imageview.rb', line 9

WhatWeb::Plugin.define "Imageview" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "Imageview 6 is a 4th generation image gallery script, using AJAX to deliver the best version yet."
  @website = "http://www.blackdot.be/?inc=projects/imageview"

  # Google results as at 2011-03-15 #
  # 77 for inurl:imageview5
  # 63 for inurl:imageview6
  # 64 for intitle:"Imageview * :: By Jorge Schrauwen"
  # 67 for intitle:"Imageview * :: Help::"

  # Dorks #
  @dorks = [
    'inurl:imageview5',
    'inurl:imageview6',
    'intitle:"Imageview * :: By Jorge Schrauwen"'
  ]

  # Matches #
  @matches = [

    # Frameset
    { regexp: /<td (width="160"|rowspan="2")><iframe allowtransparency="yes" frameborder="0" height="100%" width="100%" scrolling="auto" title="(frmcontent|frmlist)" name="(frmcontent|frmlist)" src="albumlist.php\?album=[^"]*"><\/iframe><\/td>/ },

    # Meta Author
    { certainty: 25, text: '<meta name="author" content="Jorge Schrauwen" />' },

    # Frame
    { text: '<frame src="preload.php" name="frImageview" id="frImageview" />' },
    { text: '<frame src="about:blank" name="iHistoryRecorder" id="iHistoryRecorder" />' },

    # Meta Description
    { version: /<meta name="description" content="Imageview ([\d]{1}) :: By Jorge Schrauwen \(http:\/\/www.backdot.be\)">/ },

    # Link Developer
    { text: '<link rel="Developer" href="http://www.blackdot.be" title="Blackdot.be" />' },

    # Version Detection # Help Page # Default Title
    { version: /<title>Imageview ([\d]{1}) :: Help:: (Administration|Installation|Miscellaneous|User|Welcome|Menu)<\/title>/ },

    # Version Detection # Default Title
    { version: /<title>Imageview ([\d]{1}) :: (By Jorge Schrauwen|User Settings|Upload Image|Album View|Administration|RSS Feeds|Install)<\/title>/ },

  ]
end

#IMGalleryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/imgallery.rb', line 9

WhatWeb::Plugin.define "IMGallery" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-27
  @version = "0.1"
  @description = "image gallery web app"
  @website = "http://www.imgallery.zor.pl"

  # Dorks #
  @dorks = [
    '"Powered by IMGallery -exploit"'
  ]

  @matches = [

    # About 2,570,000 results @ 2010-06-27
    { name: 'GHDB: "Powered by IMGallery -exploit"',
      certainty: 75,
      ghdb: '"Powered by IMGallery" -exploit' },

    { name: 'powered by text',
      text: 'Powered by <a class = "a07" href="http://www.imgallery.zor.pl"><b>IMGallery</b></a> &copy; Dariusz Niemiec' },

  ]
end

#IndicesObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/indices.rb', line 9

WhatWeb::Plugin.define "Indices" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-17
  @version = "0.1"
  @description = "Indices is a set of hacks that makes Apache's default directory index pages pretty and more usable."
  @website = "http://antisleep.com/software/indices"

  # Google results as at 2012-03-17 #
  # 109 for "Parent Directory" "Indices 1.1"

  # Dorks #
  @dorks = [
    '"Parent Directory" "Indices 1.1"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { regexp: /<!--[\s]+Pleasant Apache directory listings courtesy of Indices:[\s]+http:\/\/antisleep\.com\/software\/indices[\s]+-->/ },

    # div class="credits" # Version Detection
    { version: /<div class="credits">[\s]+<a href="http:\/\/antisleep\.com\/software\/indices">Indices<\/a> ([^\s]+)[\s]+<\/div>/ },

  ]
end

#IndicoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/indico.rb', line 9

WhatWeb::Plugin.define "Indico" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-11
  @version = "0.1"
  @description = "Indico - Integrated Digital Conference - allows you to manage complex conferences, workshops and meetings."
  @website = "http://indico.cern.ch/"

  # Google results as at 2011-05-11 #
  # 27 for "powered by Indico" inurl:wcalendar.py

  # ShodanHQ results as at 2011-05-11 #
  # 38 for MAKACSESSION

  # Dorks #
  @dorks = [
    '"powered by Indico" inurl:wcalendar.py'
  ]

  # Matches #
  @matches = [

    # td class
    { text: '<td class="menuConfTopCell" align="left" valign="bottom">' },

    # Version Detection # Powered by link
    { version: /<\/span>&nbsp;Powered by(\ CERN)? <a href="http:\/\/cern\.ch\/indico">Indico ([^<]+)<\/a>&nbsp;<span class="separator">/, offset: 1 },

  ]

  # Passive #
  def passive(target)
    m = []

    # MAKACSESSION Cookie
    m << { name: "MAKACSESSION Cookie" } if target.headers["set-cookie"] =~ /^MAKACSESSION=[A-Z\d]{16}; Path=/

    # Return passive matches
    m
  end
end

#InfomasterObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/infomaster.rb', line 9

WhatWeb::Plugin.define "Infomaster" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-16
  @version = "0.1"
  @description = "InfoMaster ePlanning software - asset management and property development application tracking and planning"
  @website = "http://www.infomaster.com.au/"

  # Google results as at 2011-10-16 #
  # 40 for "Powered by Infomaster"
  # 33 for inurl:"modules/applicationmaster/default.aspx"
  # 30 for inurl:"modules/propertymaster/default.aspx"
  # 29 for (inurl:"modules/applicationmaster/default.aspx"|inurl:"modules/propertymaster/default.aspx")
  #  9 for intitle:"MasterView 2.0 Property Master"

  # Dorks #
  @dorks = [
    '"Powered by Infomaster"',
    '(inurl:"modules/applicationmaster/default.aspx"|inurl:"modules/propertymaster/default.aspx")'
  ]

  # Matches #
  @matches = [

    # Version Detection # Title
    { version: /<head><title>[\s]+MasterView ([\d\.]+) Property Master[\s]+<\/title>/, string: "MasterView" },

    # Class + Powered by
    { regexp: /class="ackn">[\s]*Powered by InfoMaster/ },

    # StyleSheets
    { text: '<link href="../../MasterView.css" type="text/css" rel="stylesheet"', string: "MasterView" },
    { text: '<link href="../../App_Themes/MasterView/MPLeftNavStyle/PanelBar.MPIFMA.css" type="text/css" rel="stylesheet" />', string: "MasterView" },

    # JavaScript
    { text: '<script language="javascript" src="../../common/masterView.js"></script>', string: "MasterView" },

    # Form
    { string: /<form name="frm(MasterView|MasterPlan)" method="post" action="default\.aspx/ },

  ]
end

#InterRedObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/interred.rb', line 9

WhatWeb::Plugin.define "InterRed" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "InterRed GmbH is a leading technology provider of content management systems (CMS), Knowledge Retrieval (KM), personalization of web sites, live reporting (website statistics) to use analysis of websites and offers print solutions for catalogs, magazines, newspapers Web-to-print, publishing houses."
  @website = "http://www.interred.de/"

  # Matches #
  @matches = [

    # Version Detection # HTML Comment
    { version: /<meta name="(generator|GENERATOR)" content="InterRed V([^,]+), http:\/\/www\.interred\.de\/, InterRed GmbH"( \/)?>/, offset: 1 },

    # Version Detection # Meta Generator
    { version: /<!-- Created with InterRed V([^,]+), http:\/\/www\.interred\.de\/, by InterRed GmbH -->/ },

  ]
end

#IntrasrvObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/intrasrv.rb', line 9

WhatWeb::Plugin.define "Intrasrv" do
  @author = "Brendan Coles <[email protected]>" # 2013-06-02
  @version = "0.1"
  @description = "IntraSrv - Simple Web Server"
  @website = "http://www.leighb.com/intrasrv.htm"

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^intrasrv ([\d\.]+)$/ },

  ]
end

#iPeerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/ipeer.rb', line 9

WhatWeb::Plugin.define "iPeer" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-25
  @version = "0.1"
  @description = "iPeer - a web-based platform/database independent application to develop and deliver peer evaluations - Requires PHP"
  @website = "http://ipeer.ctlt.ubc.ca/trac"

  # ShodanHQ results as at 2012-08-25 #
  # 2 for 2 for loginout/login IPEER

  # Google results as at 2012-08-25 #
  # 26 for "Powered by iPeer and TeamMaker - Created by UBC and Rose-Hulman"
  # 20 for intitle:"iPeer V2 with TeamMaker"

  # Dorks #
  @dorks = [
    '"Powered by iPeer and TeamMaker - Created by UBC and Rose-Hulman"',
    'intitle:"iPeer V2 with TeamMaker"'
  ]

  # Matches #
  @matches = [

    # Login Page # Title # Version Detection
    { version: /<title>iPeer V(\d) with TeamMaker<\/title>/ },

    # Login Page # Footer
    { text: '<h1 align="center"><span class="footer">Powered by iPeer and TeamMaker - Created by UBC and Rose-Hulman</span></h1>' },

    # Login Page # Version Detection
    { version: /<span class="bannerText"><span style='font-size: 120%;'>([^<]+)<\/span>&nbsp;&nbsp;with TeamMaker<\/span><\/td>/ },

    # Cookie # IPEER
    { search: "headers[set-cookie]", regexp: /IPEER=[^;]+;/ },

  ]
end

#iRealtyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/irealty.rb', line 9

WhatWeb::Plugin.define "iRealty" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-08
  @version = "0.1"
  @description = "iRealty is an advanced flexible php real estate software and CMS with open source code."
  @website = "http://www.irealtysoft.com/"

  # 52 results for "powered by iRealty" @ 2010-08-08

  # Dorks #
  @dorks = [
    '"powered by iRealty"'
  ]

  @matches = [

    { text: 'Powered by <a href="http://www.irealty.com/" title="iRealty"> iRealty </a>' },

    { text: '<a target="_blank" href="http://www.irealtysoft.com/">- Powered by iRealty</a>' },

    { text: 'Powered by <a target="_blank" title="iRealty &mdash; Real Estate Listing Software" href="http://www.irealtysoft.com/">iRealty</a>,' },

    { text: 'Powered by <a target="_blank" title="iRealty &mdash; Real Estate Listing Software" href="http://www.worksforweb.com/products/iRealty/">iRealty</a>,' },

  ]

  # Match PHPSESSID%28_%29 cookie
  def passive(target)
    m = []

    m << { name: "iRealty PHPSESSID%28_%29 cookie" } if target.headers["set-cookie"] =~ /^PHPSESSID%28_%29=[a-z0-9]{32}/

    m
  end
end

#iTalkBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/italkbb.rb', line 9

WhatWeb::Plugin.define "iTalkBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-19
  @version = "0.1"
  @description = "iTalkBB is a local and long distance calling service provided by iTalk Broadband Corporation. It combines voice and internet networks to provide inbound and outbound long distance and local calling solutions."
  @website = "http://www.italkbb.com/"
  # Default Login: 12345678 or 87654321

  # 10 for intitle:"V1" "welcome to phone settings" password -intitle

  # Dorks #
  @dorks = [
    'intitle:"V1" "welcome to phone settings" password -intitle'
  ]

  # Matches #
  @matches = [

    # Version Detection
    { version: /<HTML><HEAD><TITLE>[^>]+ V([\d\.]+)[\s]+<\/TITLE><STYLE type=text\/css>TD \{FONT-SIZE: 12px; LINE-HEIGHT: normal; TEXT-ALIGN: center\}<\/STYLE>/ },

    # welcome to phone settings + form tag
    { regexp: /<P align=center><FONT size=5>welcome to phone settings<\/FONT><\/P><FORM action=\/a /i },

  ]
end

#iTopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/itop.rb', line 9

WhatWeb::Plugin.define "iTop" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-24
  @version = "0.1"
  @description = "IT Operations Portal (iTop): a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool."
  @website = "http://sourceforge.net/projects/itop/"

  # Google results as at 2011-11-24 #
  # 14 for intitle:"iTop Login"
  #  1 for "Unable to read the configuration file" "Please check the access rights on this file"
  #  1 for "Click here to ignore this warning and continue to run iTop."

  # Dorks #
  @dorks = [
    'intitle:"iTop Login"'
  ]

  # Matches #
  @matches = [

    # Error # Missing Config File
    { text: "<p><b>Error</b>: Unable to read the configuration file: 'config-itop.php'. Please check the access rights on this file.</p>" },

    # Error # Writeable Config File
    { text: "<p><b>Security Warning</b>: the configuration file 'config-itop.php' should be read-only.</p><p>Please modify the access rights to this file.</p>" },

    # ./pages/UI.php # Login Page # Title
    { text: '<title>iTop Login</title>' },

    # ./pages/UI.php # Login Page # Version Detection
    { version: /<div id="login-logo"><a href="http:\/\/www\.combodo\.com\/itop"><img title="iTop [^\s]+ ([^\s^"]+)" src="\.\.\/images\/itop-logo/ },

  ]
end

#JamroomObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/jamroom.rb', line 12

WhatWeb::Plugin.define "Jamroom" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-25
  @version = "0.2"
  @description = "Jamroom specializes in building web communities centered around media producers such as musicians, photographers, video enthusiasts and more - Jamroom gives you the capability to provide dozens of different services to your users."
  @website = "http://www.jamroom.net/"

  # Google results as at 2010-07-25 #
  # 201 for "Powered by Jamroom"

  # Dorks #
  @dorks = [
    '"Powered by Jamroom"'
  ]

  # If you are a Licensed Jamroom User, you are free to remove ALL references to Jamroom or Jamroom.net from any of the OUTPUT templates (i.e. Artist Themes, Ranking templates, chart templates, etc.).

  # Matches #
  @matches = [

    # Default search input tag
    { text: '<input type="text" name="search_string" class="jform s_input" style="width:300px;">' },

    # Meta Designer
    { text: '<meta name="designer" content="Talldude Networks, LLC.">' },

    # Powered by link HTML
    { regexp: /<a href="http:\/\/www.jamroom.net"><img src="[^"]*" alt="Powered by Jamroom - the Powerful Social Media Platform" title="Powered by Jamroom - the Powerful Social Media Platform" border="0"><\/a>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="Jamroom ([\d\.]+)">/ },

  ]
end

#JavaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-06 # Updated OS detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/whatweb/plugins/java.rb', line 12

WhatWeb::Plugin.define "Java" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-28
  @version = "0.2"
  @description = "Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing."
  @website = "http://www.java.com/"

  # ShodanHQ results as at 2011-01-28 #
  #  10,814 for X-Powered-By: JSP
  #  153,488 for JSESSIONID
  #  571 for java.vendor=Sun Microsystems Inc
  #  47 for java.vendor=IBM Corporation
  #  118 for "x-powered-by" JSP JRE
  #  13950 for server JAVA

  # Passive #
  def passive(target)
    m = []

    # JSESSIONID Cookie
    m << { name: "JSESSIONID Cookie" } if target.headers["set-cookie"] =~ /JSESSIONID=[^;]{0,32};[\s]?path=\//i

    # X-Powered-By # JSP Version Detection
    m << { version: target.headers['x-powered-by'].scan(/JSP\/([\d\.]+)/) } if target.headers['x-powered-by'] =~ /JSP\/([\d\.]+)/
    # X-Powered-By # Servlet Version Detection
    m << { string: target.headers['x-powered-by'].scan(/(Servlet\/[\d\.]+)/i) } if target.headers['x-powered-by'] =~ /(Servlet\/[\d\.]+)/i
    # X-Powered-By # JRE Version Detection
    m << { string: target.headers['x-powered-by'].scan(/(JRE\/[\d\.\-\_]+)/) } if target.headers['x-powered-by'] =~ /(JRE\/[\d\.\-\_]+)/

    # Server # Version Detection
    m << { version: target.headers['server'].scan(/java\/([\d\.\-\_]+)/) } if target.headers['server'] =~ /java\/([\d\.\-\_]+)/
    # Server # JDK Version Detection
    m << { string: target.headers['server'].scan(/(JDK [\d\.\-\_]+)/) } if target.headers['server'] =~ /(JDK [\d\.\-\_]+)/

    # Servlet-Engine
    if /\((.*?); (.*?); Java (.*?); (.*?); java.vendor=[^\)]{0,50}\)/.match?(target.headers['servlet-engine'])

      # JSP Version Detection
      m << { string: target.headers['servlet-engine'].scan(/\((.*?); (.*?); Java (.*?); (.*?); java.vendor=[^\)]{0,50}\)/)[0][0] }
      # Servlet Version Detection
      m << { string: target.headers['servlet-engine'].scan(/\((.*?); (.*?); Java (.*?); (.*?); java.vendor=[^\)]{0,50}\)/)[0][1] }
      # Version Detection
      m << { version: target.headers['servlet-engine'].scan(/\((.*?); (.*?); Java (.*?); (.*?); java.vendor=[^\)]{0,50}\)/)[0][2] }
      # OS Detection
      m << { os: target.headers['servlet-engine'].scan(/\((.*?); (.*?); Java (.*?); (.*?); java.vendor=[^\)]{0,50}\)/)[0][3] }

    end

    # Return passive matches
    m
  end
end

#JBossObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-08-02 # Brendan Coles <[email protected]> Added example urls and X-Powered-By version+JBossWeb detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/whatweb/plugins/jboss.rb', line 12

WhatWeb::Plugin.define "JBoss" do
  @author = "Louis Nyffenegger"
  @version = "0.2"
  @description = "JBoss Application Server is the #1 most widely used Java application server on the market. A Java EE certified platform for developing and deploying enterprise Java applications, Web applications, and Portals, JBoss Application Server provides the full range of Java EE 5 features as well as extended enterprise services including clustering, caching, and persistence. - Homepaeg: http://www.jboss.org/jbossas/"

  # ShodanHQ results as at 2011-08-02 #
  # 26,691 for JBoss
  # 10,169 for JBossWeb
  #     68 for JBossAS

  # Google results as at 2011-08-02 #
  # 41 for intitle:"Welcome to JBoss AS"

  # Dorks #
  @dorks = [
    'intitle:"Welcome to JBoss AS"'
  ]

  # Matches #
  @matches = [

    # Default title from Jboss homepage
    { name: "Jboss default title",
      regexp: /<title>Welcome to JBoss AS<\/title>/ },

    # Jboss Homepage contains a link to administration console
    {  name: "link to Administration Console",
       certainty: 50,
       regexp: /<a href=\"\/admin-console\/\">Administration Console<\/a>/ },

    # Jboss Homepage contains a link to web console
    {  name: "link to Web Console",
       regexp: /<a href=\"\/web-console\/\">Jboss Web Console<\/a>/ },

    # Jboss Homepage contains a link to  JMX console
    {  name: "link to JMX Console",
       regexp: /<a href=\"\/jmx-console\/\">JMX Console<\/a>/ }
  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection # X-Powered-By Header
    if target.headers["x-powered-by"] =~ /JBoss(AS)?-([^\/^\s]+)/
      m << { version: $2.to_s }
    end

    # Module Detection # JBossWeb
    if target.headers["x-powered-by"] =~ /(JBossWeb-[^\/^\s^,]+)/
      m << { module: $1.to_s }
    end

    # Return passive matches
    m
  end
end

#jCoreObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/jcore.rb', line 9

WhatWeb::Plugin.define "jCore" do
  @author = "Brendan Coles <[email protected]>" # 2012-10-22
  @version = "0.1"
  @description = "jCore is a free and open source content management system (CMS) written in PHP and distributed under the GNU General Public License."
  @website = "http://jcore.net/about"

  # Google results as at 2012-10-22 #
  # 22 for intitle:"Admin - jCore - the Webmaster's Multisite CMS"
  #  7 for inurl:"members?requestpassword=1"

  # Dorks #
  @dorks = [
    'intitle:"Admin - jCore - the Webmaster\'s Multisite CMS"'
  ]

  # Matches #
  @matches = [

    # JavaScript # Version Detection
    { version: /<script type='text\/javascript'>\s+var JCORE_VERSION = '([^']+)';/ },

    # CSS # Version Detection
    { version: /<link href='https?:\/\/[^'^\?]+\/static\.php\?request=css(&amp;admin=1)?&amp;[\d]+\-v([\d\.]+)/, offset: 1 },

  ]
end

#JcowObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/jcow.rb', line 9

WhatWeb::Plugin.define "Jcow" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-20
  @version = "0.1"
  @description = "Jcow - social networking"
  @website = "http://www.jcow.net/"

  # Google results as at 2011-05-20 #
  # 161 for "Go to" "Admin CP" "Themes" "Username or Email" "Manage Blocks"

  # Dorks #
  @dorks = [
    '"Go to" "Admin CP" "Themes" "Username or Email" "Manage Blocks"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="Jcow Social Networking Software\. ([\d\.]+)" \/>/ },

    # Version Detection # Powered by footer
    { version: /Powered by <a href="http:\/\/www\.jcow\.net" title="Social Networking Software, Community Software" target="_blank"><strong>Jcow<\/strong> ([\d\.]+)<\/a>/ },

    # Meta Generator
    { text: '<meta name="Generator" content="Powered by Jcow" />' },

    # HTML Comments
    { text: '<!-- do NOT remove the Jcow Attribution Information -->' },
    { text: '<!-- jcow branding -->' },
    { text: '<!-- end jcow_application_box -->' },

  ]
end

#JenkinsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/whatweb/plugins/jenkins.rb', line 9

WhatWeb::Plugin.define "Jenkins" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-23
  @version = "0.1"
  @description = "Jenkins is an application that monitors executions of repeated jobs, such as building a software project or jobs run by cron."
  @website = "http://jenkins-ci.org/"

  # ShodanHQ results as at 2012-02-23 #
  # 100 for x-jenkins

  # Google results as at 2012-02-23 #
  # 20 for intitle:"Jenkins" "Remember me on this computer" "Jenkins ver"
  # 11 for inurl:":8080/jenkins/job/"

  # Dorks #
  @dorks = [
    'intitle:"Jenkins" "Remember me on this computer" "Jenkins ver"'
  ]

  # Matches #
  @matches = [

    # JavaScript
    { regexp: /<script>var isRunAsTest=false; var rootURL="[^"]*";<\/script>/ },

    # Footer # Version Detection
    { version: /<\/span><a href="http:\/\/jenkins\-ci\.org\/">Jenkins ver\. ([^<]+)<\/a>/ },

    # x-hudson-theme
    { search: "headers[x-hudson-theme]", regexp: /^.*$/ },

    # x-instance-identity
    { search: "headers[x-instance-identity]", regexp: /^.*$/ },

    # x-hudson-cli-port
    { search: "headers[x-hudson-cli-port]", regexp: /^.*$/ },

    # x-jenkins # Version Detection
    { search: "headers[x-jenkins]", version: /^(.+)$/ },

    # x-hudson
    { search: "headers[x-hudson]", regexp: /^.*$/ },

    # x-jenkins-cli-port
    { search: "headers[x-jenkins-cli-port]", regexp: /^.*$/ },

    # x-ssh-endpoint
    { search: "headers[x-ssh-endpoint]", regexp: /^.*$/ },

  ]
end

#JettyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/jetty.rb', line 9

WhatWeb::Plugin.define "Jetty" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-22
  @version = "0.1"
  @description = "Jetty is a pure Java application server. Jetty provides an HTTP server, HTTP client, and javax.servlet container."
  @website = "http://jetty.codehaus.org/jetty/"

  # ShodanHQ results as at 2011-08-22 #
  # 18,555 for Jetty

  # Google results as at 2011-08-22 #
  # 68 for inurl:"snoop.jsp" intitle:Snoop
  # 45 for intitle:"Powered By Jetty"

  # Dorks #
  @dorks = [
    'intitle:"JSP snoop page" "WebApp JSP Snoop page"'
  ]

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Jetty(\/|\()([^\s^\)]+)/, offset: 1 },

    # Servlet Version Detection # Servlet-Engine Header
    { search: "headers[servlet-engine]", module: /^(Jetty\/[^\s]+)/ },

    # Logo HTML
    { url: "/", text: '<A HREF="http://jetty.mortbay.org"><IMG SRC="jetty_banner.gif"></A>' },

    # Error page # Powered by footer
    { text: '<p><i><small><a href="http://jetty.mortbay.org">Powered by Jetty://</a></small></i></p>' },

  ]
end

#JEUSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/jeus.rb', line 12

WhatWeb::Plugin.define "JEUS" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.2"
  @description = "JEUS (Java Enterprise User Solution) is TmaxSoft's Java EE 5 certified e-Business Strategic Platform. It enables the efficient creation and implementation of a wide variety of rich user-oriented web applications, facilitates SOA concepts (Service Oriented Architecture), and provides a variety of enterprise system functions such as transaction control, session management, and distributed session clustering."
  @website = "http://us.tmaxsoft.com/jsp/product/detailcontents.jsp?psCd=00PD04&menuCd=00PDMSJE"

  # ShodanHQ results as at 2011-05-12 #
  # 1,543 for Jeus WebContainer
  # Most results are from Korea

  @matches = [
    { regexp: /^Jeus WebContainer/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Jeus WebContainer\/([\d\.]+)$/, search: "headers[server]" },
    { version: /^Jeus WebContainer\/JEUS (.+)$/, search: "headers[server]" },

  ]
end

#JigsawObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/jigsaw.rb', line 12

WhatWeb::Plugin.define "Jigsaw" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-07
  @version = "0.2"
  @description = "Jigsaw is W3C's leading-edge Web server platform, providing a sample HTTP 1.1 implementation and a variety of other features on top of an advanced architecture implemented in Java."
  @website = "http://www.w3.org/Jigsaw/"

  # ShodanHQ results as at 2011-06-07 #
  # 79 for Jigsaw

  @matches = [

    { regexp: /^Jigsaw/, search: "headers[server]" },
    { version: /^Jigsaw\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#jobberBaseObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Update regex and ghdb matches



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/jobberbase.rb', line 12

WhatWeb::Plugin.define "jobberBase" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-06
  @version = "0.2"
  @description = "jobberBase is the open-source job board software that helps you set up a jobsite in minutes!"
  @website = "http://www.jobberbase.com/"

  # About 116,000 results for +Companies +Sitemap "Proudly powered by jobberBase" @ 2010-60-06

  # Dorks #
  @dorks = [
    '"Companies" "Sitemap" "Proudly powered by jobberBase"'
  ]

  @matches = [

    # GHDB Match
    { ghdb: 'Companies Sitemap "Proudly powered by jobberBase"', certainty: 75 },

    # Meta author
    { text: '<meta name="author" content="http://www.jobberbase.com" />' },

    # Powered by text
    { regexp: /Proudly powered by[\s]+<a href="http:\/\/www.jobberbase.com\/"[^>]*title="open source job board software">jobberBase<\/a>/ },

  ]
end

#JQueryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 removed :probability

Version 0.3 rewrite

Version 0.4 added another match line from Eric Sesterhenn



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/jquery.rb', line 18

WhatWeb::Plugin.define "JQuery" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "A fast, concise, JavaScript that simplifies how to traverse HTML documents, handle events, perform animations, and add AJAX."
  @website = "http://jquery.com/"

  # Matches #
  @matches = [

    # JavaScript
    { regexp: /<script [^>]*jquery/ },

    # JavaScript # Version Detection
    { version: /jquery(\.min)?\.js\?ver=([0-9\.]+)['"]/, offset: 1 },
    { version: /jquery\/([0-9\.]+)\/jquery(\.min)?\.js/, offset: 0 },
    { version: /jquery-([0-9\.]+)(\.min)?\.js/, offset: 0 }

  ]
end

#KaiBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/kaibb.rb', line 9

WhatWeb::Plugin.define "KaiBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-05
  @version = "0.1"
  @description = "KaiBB Free and Open Bulletin Board Software - Requires: PHP and MySQL"
  @website = "http://www.kaibb.co.uk/"

  # Google results as at 2011-08-05 #
  # 24 for "Powered by KaiBB"

  # Dorks #
  @dorks = [
    '"Powered by KaiBB"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- THIS MUST REMAIN INTACT AND SHOWN ON ALL PAGES -->' },

    # Version Detection # Powered by link
    { version: /Powered by <a href="http:\/\/www\.kaibb\.co\.uk" class="normfont">KaiBB ([^\s^<]+)<\/a>/ },

    # Version Detection # Powered by link # Old versions # Seen on version 1.0.0
    { version: /Powered by <a href="http:\/\/\www\.mi-dia\.co\.uk" class="normfont">KaiBB ([^\s^<]+)<\/a>/ },

    # Meta Description
    { text: '<meta name="Description" http-equiv="Description" content="Forum powered by KaiBB - Powered by KaiBB" />' },

  ]
end

#KajonaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/kajona.rb', line 9

WhatWeb::Plugin.define "Kajona" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-19
  @version = "0.1"
  @description = "Kajona - Open Source Content Management System - Requires PHP & MySQL"
  @website = "http://www.kajona.de/"

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="generator" content="Kajona., www\.kajona\.de" \/>/ },

    # HTML Comment
    { regexp: /<!--\s+Website powered by Kajona. Open Source Content Management Framework/ },

    # JavaScript
    { regexp: /<script type="text\/javascript">KAJONA_(DEBUG|WEBPATH) = / },

    # Powered by text
    { text: '<div class="left">powered by Kajona</div>' },

    # Footer
    { text: '<div id="footerContainer">powered by <a href="http://www.kajona.de" target="_blank" title="Kajona' },

    # Admin Page # Footer # Year Detection
    { string: /<div class="copyright">&copy; (20[\d]{2}) <a href="http:\/\/www\.kajona\.de" target="_blank" title="Kajona/ },

  ]
end

#KampyleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/kampyle.rb', line 9

WhatWeb::Plugin.define "Kampyle" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "Feedback form solutions for websites & software. [JavaScript]"
  @website = "http://www.kampyle.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["']http:\/\/cf\.kampyle\.com\/k_button\.js["'][^>]*>/i },

    # HTML Comments
    { text: '<!--Start Kampyle Feedback Form Button-->' },
    { text: '<!--End Kampyle Feedback Form Button-->' },

  ]
end

#KarrigellObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-20 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/karrigell.rb', line 12

WhatWeb::Plugin.define "Karrigell" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "Karrigell is a flexible Python web framework, with a clear and intuitive syntax. It is independent from any database, ORM or templating engine, and lets the programmer choose between a variety of coding styles."
  @website = "http://karrigell.sourceforge.net/en/index.html"

  # ShodanHQ results as at 2011-05-30 #
  # 69 for Karrigell
  #  6 for Karrigell -Python

  @matches = [

    { regexp: /^Karrigell/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Karrigell\/([^\s]+) /, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Karrigell ([^\s]+)$/, search: "headers[server]" },

  ]
end

#KaZaAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-25 # Updated regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/kazaa.rb', line 12

WhatWeb::Plugin.define "KaZaA" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-25
  @version = "0.2"
  @description = "This plugin retrieves the KaZaA IP:port combination, network and username from the HTTP headers."

  # About 74 ShodanHQ results for X-Kazaa-Username
  # About 112 ShodanHQ results for X-Kazaa-Network

  # Passive #
  def passive(target)
    m = []

    # X-Kazaa-IP
    m << { string: target.headers["x-kazaa-ip"] } unless target.headers["x-kazaa-ip"].nil?

    # X-Kazaa-Network
    m << { module: target.headers["x-kazaa-network"] } unless target.headers["x-kazaa-network"].nil?

    # X-Kazaa-Username
    m << { account: target.headers["x-kazaa-username"] } unless target.headers["x-kazaa-username"].nil?

    # Return passive matches
    m
  end
end

#KibanaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/kabana.rb', line 9

WhatWeb::Plugin.define "Kibana" do
  @author = "Brendan Coles <[email protected]>" # 2015-04-26
  @version = "0.1"
  @description = "Kibana is an open source data visualization platform that allows you to interact with your data - Homepage: https://www.elastic.co/products/kibana"

  # Default Port: 5601

  # Matches #
  @matches = [

    # HTTP X-App-Name Header
    { search: "headers[x-app-name]", regexp: /^kibana$/ },

    # Body tag
    { text: '<body kibana ng-class' },

    # Version Detection
    { version: /<script>\s+window\.KIBANA_VERSION='([\d\.]+)';\s+window\.KIBANA_BUILD_NUM='[\d]+';/ },

  ]
end

#KleejaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter and description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/kleeja.rb', line 12

WhatWeb::Plugin.define "Kleeja" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.2"
  @description = "Kleeja is a free, open-source file upload system"
  @website = "http://www.kleeja.com/"

  # 55 results for intitle:"(powered by kleeja)" @ 2010-09-18
  # 311 results for "powered by kleeja" @ 2010-09-18

  # Dorks #
  @dorks = [
    '"powered by kleeja"'
  ]

  @matches = [

    # Default title
    { regexp: /<title>[^\(]+\(Powered by Kleeja\)<\/title>/ },

    # Meta copyright
    { text: '<meta name="copyrights" content="Powered by Kleeja :: kleeja.com" />' },

    # Meta description
    { text: '<meta name="Description" content="Powered by Kleeja :: kleeja.com" />' },

    # Powered by text
    { text: 'Powered by <a href="http://www.kleeja.com/" target="_blank">Kleeja</a>' },

    # HTML comment
    { text: '<!-- IF REMOVE: Pay for a license -->' },
    { text: '<!-- IF REMOVE: Pay for a license - see http://www.kleeja.com -->' },

  ]
end

#KnowledgeTreeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/knowledgetree.rb', line 9

WhatWeb::Plugin.define "KnowledgeTree" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Document Management Software"
  @website = "http://www.knowledgetree.com/"

  # 13 results for "powered by KnowledgeTree" "KnowledgeTree Version" @ 2010-09-18
  # 71 results for inurl:kt_path_info="ktcore.actions.document.assist" @ 2010-09-18
  # 77 results for "powered by KnowledgeTree" @ 2010-09-18

  # DOrks #
  @dorks = [
    '"powered by KnowledgeTree"'
  ]

  @matches = [

    # Default title
    { text: '    <title>Dashboard | KnowledgeTree</title>' },

    # Login page # Default title
    { text: '    <title>Login | KnowledgeTree</title>' },

    # Powered by image
    { text: '/resources/powered-by-kt.png" border="0" alt="Powered by KnowledgeTree" title="Powered by KnowledgeTree"/></a>' },

    # Favicon
    { md5: "bace14cd488b34068a9c2e54bff2b5b1", url: "/resources/favicon.ico" },

  ]

  # Version detection
  def passive(target)
    m = []

    # Login page
    if /                    <a href="http:\/\/www.knowledgetree.com\/">Document Management Software<\/a><br>/.match?(target.body)
      if /		    	    KnowledgeTree Version ([\d\.]+) \(Community Edition\)<br\/>/.match?(target.body)
        version = target.body.scan(/		    	    KnowledgeTree Version ([\d\.]+) \(Community Edition\)<br\/>/)[0][0]
        m << { version: version }
      end
    end

    m
  end
end

#KodiTVObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/kodi.rb', line 10

WhatWeb::Plugin.define "KodiTV" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "KODI is a media center. It was formerly known as XBMC Media Center."
  @website = "https://kodi.tv/"

  # Matches #
  @matches = [

    # Title
    { text: '<title>Kodi</title>' },

    { text: '<link rel="search" href="provider.xml" type="application/opensearchdescription+xml" title="Kodi Library" />' },

    { name: "favicon", md5: '91b72b23e7f499d6c09cb18c7b1278f1', url: '/favicon.ico' },

    { name: "xbmc.org found in /js/xbmc.launcher.js", certainty: 25, text: 'xbmc.org', url: '/js/xbmc.launcher.js' },

    # aggressive plugins
    { name: "WebInterface version from /addon.xml", module: /id="webinterface.default".*[\s]+version="([^"]+)"/, url: '/addon.xml' },

    { name: "XBMC JSON version from /addon.xml", version: /^[\s]+<import addon="xbmc.json" version="([^"]+)"/, url: '/addon.xml' },

  ]
end

#KohaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/koha.rb', line 9

WhatWeb::Plugin.define "Koha" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-27
  @version = "0.1"
  @description = "Koha is an open source software library automation package (ILS)"
  @website = "http://koha-community.org/"

  # Google results as at 2011-07-27 #
  # 262 for inurl:cgi-bin/koha ext:pl
  #  57 for intitle:"Log in to Koha" +Password

  # Dorks #
  @dorks = [
    'intitle:"Log in to Koha" "Password"',
    'inurl:cgi-bin/koha ext:pl'
  ]

  # Matches #
  @matches = [

    # Aggressive # favicon.ico
    { md5: "0c240ea1e838d2b398f48122924bf7a0", url: "/opac-tmpl/prog/en/includes/favicon.ico" },
    { md5: "0c240ea1e838d2b398f48122924bf7a0", url: "/intranet-tmpl/prog/en/includes/favicon.ico" },

    # favicon.ico HTML
    { regexp: /<link rel="shortcut icon" href="\/(intranet|opac)-tmpl\/[^\/]+\/[a-z]{2}\/includes\/favicon\.ico" type="image\/x-icon" \/>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="Koha ([^\s^"]+)" \/>/ },

    # input name="koha_login_context"
    { regexp: /<input type="hidden" name="koha_login_context" value="(opac|intranet)" \/>/ },

    # CSS
    { text: '<link rel="stylesheet" type="text/css" href="/intranet-tmpl/prog/en/lib/jquery/plugins/ui.tabs.css" />' },
    { text: '<link rel="stylesheet" type="text/css" href="/opac-tmpl/prog/en/lib/jquery/plugins/ui.tabs.css" />' },

    # Admin Page
    { text: '<li><a href="/cgi-bin/koha/lostpassword.pl" title="Password Lost and Found">Lost your password?</a></li>' },

    # Admin Page # HTML Comment
    { certainty: 25, text: '<!-- login prompt time-->' },

    # Admin Page # You are not logged in
    { text: '<div id="help"><span class="loggedin">You are not logged in | </span><a href="/cgi-bin/koha/help.pl" onclick="Help(); return false;">[ ? ]</a></div>' },

  ]
end

#KohanaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/kohana.rb', line 9

WhatWeb::Plugin.define "Kohana" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-10
  @version = "0.1"
  @description = "Kohana is an elegant HMVC PHP5 framework that provides a rich set of components for building web applications."
  @website = "http://kohanaframework.org/"

  # Google results as at 2011-05-10 #
  # 394 for kohanasession

  # Matches #
  @matches = [

  ]

  # Passive #
  def passive(target)
    m = []

    # kohanasession cookie
    m << { name: "kohanasession cookie" } if target.headers["set-cookie"] =~ /kohanasession=[a-z\d]{26}; expires=/

    # kohanasession_data cookie
    m << { name: "kohanasession_data cookie" } if target.headers["set-cookie"] =~ /kohanasession_data=/

    # Return passive matches
    m
  end
end

#KolabObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/kolab.rb', line 9

WhatWeb::Plugin.define "Kolab" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.1"
  @description = "Kolab is a Groupware Solution for Emails, Appointments, Contacts and more. It supports mixed client environments (Outlook/KDE) because of an open storage format. Any email client speaking standard protocols can be served."
  @website = "http://www.kolab.org/"

  # Google results as at 2011-05-12 #
  # 8 for intitle:"Kolab Groupware login"

  # Dorks #
  @dorks = [
    'intitle:"Kolab Groupware login"'
  ]

  # Matches #
  @matches = [

    # /favicon.png
    { md5: "8b2a22d60ef1352abd1e2e35f711bbf7", url: "/favicon.png" },

    # Kolab Groupware login div
    { text: '<div id="toptitle">Kolab Groupware login</div>' },

    # Meta Description
    { text: '<meta name="description" content="Kolab Administration Webinterface" />' },

    # Title
    { text: '<title>Kolab Groupware login</title>' },

  ]
end

#KontaktformularObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/kontaktformular.rb', line 9

WhatWeb::Plugin.define "Kontaktformular" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-13
  @version = "0.1"
  @description = "PHP contact form"
  @website = "http://www.radbekleidung.eu/gratis-kontaktformular.html"

  # 49 results for "Script Powered by Kontaktformular" @ 2010-09-13

  # Dorks #
  @dorks = [
    '"Script Powered by Kontaktformular"'
  ]

  @matches = [

    # HTML comment
    { text: '<!--Copyright darf NICHT entfernt werden!!-->' },
    { text: '<!-- Hinweis darf nicht entfernt werden! -->' },

    # Powered by text
    { text: 'Script Powered by <a target="_blank" href="http://www.radbekleidung.eu/gratis-kontaktformular.html">Kontaktformular</a>' },
    { text: '&copy; Script Powered by kontaktformular.org </span>' },

  ]
end

#KoobiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-02 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/koobi.rb', line 12

WhatWeb::Plugin.define "Koobi" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.2"
  @description = "Shop/CMS software [German]"
  @website = "http://www.Dream4.de/"

  # Google results as at 2010-08-28 #
  # 262 for "powered by Koobi PRO|SHOP|CMS" -"SQL Injection"

  # Dorks #
  @dorks = [
    '"powered by Koobi PRO|SHOP|CMS" -"SQL Injection"'
  ]

  # Matches #
  @matches = [

    # powered by text
    { regexp: /Powered by <a title="Koobi ist ein komfortables und leistungsf&auml;higes Content-Management-System \(CMS\) f&uuml;r Privatpersonen, Vereine, kleine und mittelst&auml;ndische Unternehmen, die einen professionellen Internetauftritt realisieren m&ouml;chten."[^>]+>Koobi/i },

    # HTML Comment
    { text: '<!-- powered by koobi - do not remove this info! -->' },

    # Version Detection # Koobie Pro Powered by text
    { version: /powered by <a class="foot" href="http:\/\/www.dream4.de\/[^>]+>Koobi Pro ([\d\.]+)<\/a>/i, string: "Pro" },

    # Version Detection # Meta generator
    { version: /<meta name="generator" content="\(c\) Koobi ([\d\.]+), http:\/\/www.dream4.de" \/>/ },

    # Version Detection # Powered by text
    { version: /Powered by <a title="Koobi ist ein komfortables und leistungsf&auml;higes Content-Management-System \(CMS\) f&uuml;r Privatpersonen, Vereine, kleine und mittelst&auml;ndische Unternehmen, die einen professionellen Internetauftritt realisieren m&ouml;chten."[^>]*>Koobi[\ :]*(SHOP|PRO|CMS)<\/a> ([\d\.]+)/i, offset: 1 },

    # Version Detection # Powered by text
    { version: /Powered by <a[^>]+href="http:\/\/www.dream4.de\/cms\/content\/6\/koobi\/1\/">Koobi<\/a> (PRO|SHOP|CMS)[\s]*([\d\.\ a-z]+)/i, offset: 1 },

    # Version Detection # Old Koobi CMS powered by text
    { version: /powered by <a[^>]+href="http:\/\/www.dream4.de\/[^>]+>koobi-cms<\/a> ([\d\.]+)/i },

    # Version Detection # Powered by text
    { version: /<div class="copyright">powered by Koobi CMS ([\d\.]+)/ },

    # Version Detection # HTML comment
    { version: /    Diese Webseite wurde mit Koobi[\ :]*(SHOP|PRO|CMS)[\ \-]*([\d\.\ a-z]+) erstellt./, offset: 1 },

    # Version Detection # Nulled script by antichat.ru # Powered by text
    { version: /powered by <a class="foot" href="http:\/\/www.antichat.ru" target="_blank">Koobi Pro ([\d\.]+) \[nulled by censored! from antichat.ru\]<\/a>/, string: "Nulled" },

  ]
end

#KSearchObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/ksearch.rb', line 9

WhatWeb::Plugin.define "KSearch" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-20
  @version = "0.1"
  @description = "KSearch is the easiest website search engine to integrate, implement and use. KSearch is fully customizable - you can add or remove any features you want, without permission. KSearch is Open Source Software."
  @website = "http://www.kscripts.com/"

  # Google results as at 2011-03-20 #
  # 159 for "Powered by KSearch" inurl:ksearch.cgi filetype:cgi

  # Dorks #
  @dorks = [
    '"Powered by KSearch" inurl:ksearch.cgi filetype:cgi'
  ]

  # Matches #
  @matches = [

    # GHDB # powered by and filename
    { ghdb: '"Powered by KSearch" inurl:ksearch.cgi filetype:cgi' },

    # Version Detection # Powered by link
    { version: /Powered by[\s]+<a[^>]+href="http:\/\/www\.kscripts\.com\/(scripts\.html#ksearch)?"[^>]*>KSearch[\s]+([\d\.]+[a-z]?)[\s]*<\/a>/, offset: 1 },

    # Powered by link
    { regexp: /Powered by[\s]+<a[^>]+href="http:\/\/www\.kscripts\.com\/(scripts\.html#ksearch)?"[^>]*>KSearch<\/a>/ },

  ]
end

#KSSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/kss.rb', line 9

WhatWeb::Plugin.define "KSS" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.1"
  @description = "KSS (Kinetic Style Sheets) is an Ajax framework that allows UI development without writing any Javascript. It uses style sheets with CSS-compliant syntax to declare and bind dynamic behaviors in the browser. The engine supports a set of generic DOM-like commands; they are computed on the server and sent back to manipulate the HTML page."
  @website = "http://kssproject.org/"

  # More Info #

  # The client-side Javascript library needs to be included in your page. It fetches Kinetic style sheets from the server, parses them and binds a set of action to browser events and/or page elements.

  # Server-side code is currently available for Zope (2 and 3, which includes Plone). The kss.base egg (which is currently in alpha) brings server-side support to other pythonic platforms, such as pylons, django and grok. The Javascript client-side code can be used independently of existing server-side support.

  # ShodanHQ results as at 2011-06-02 #
  # 155 for X-Ksscommands

  # Passive #
  def passive(target)
    m = []

    # X-Ksscommands HTTP Header
    m << { name: "X-Ksscommands HTTP Header" } unless target.headers["x-ksscommands"].nil?

    # Return passive matches
    m
  end
end

#LabVIEWObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/labview.rb', line 12

WhatWeb::Plugin.define "LabVIEW" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "LabVIEW is a graphical programming environment used by millions of engineers and scientists to develop sophisticated measurement, test, and control systems using intuitive graphical icons and wires that resemble a flowchart."
  @website = "http://www.ni.com/labview/"

  # More Info #
  # http://www.ni.com/labview/whatis/
  # http://sine.ni.com/np/app/flex/p/docid/nav-77/lang/en/page/technicalresources

  # ShodanHQ results as at 2011-06-02 #
  # 211 for LabVIEW

  @matches = [

    { version: /^LabVIEW\/([\d\.]+)$/, search: "headers[server]" },

  ]
end

#LandShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/landshop.rb', line 9

WhatWeb::Plugin.define "LandShop" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-01
  @version = "0.1"
  @description = "LandShop - Open Source Real Estate System"
  @website = "http://www.landshop.gr/"

  # Google results as at 2012-04-01 #
  # 59 for "Powered by LandShop" inurl:"action"

  # Dorks #
  @dorks = [
    '"Powered by LandShop" inurl:"action"'
  ]

  # Matches #
  @matches = [

    # Powered by
    { regexp: /<a class="white" href="http:\/\/www\.landshop\.gr" target="_blank" (alte="Samedia LandShop")? title="Samedia Landshop">Land[Ss]hop<sup>&reg;<\/sup><\/a><br>/ },

    # div class="more CAT"
    { text: '<div class="more CAT" style="height:20px;margin:5px 0px 10px 0px;text-align:right"><a class="item fat"  href="ls.php?' },

    # ./admin # Admin Page # HTML Comment
    { text: '<!--<A href="<#G_ADMIN_URL#>/action/contacts.php?action=list"><#list_contacts#></a>-->' },

  ]
end

#LanRTCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/lanrtc.rb', line 12

WhatWeb::Plugin.define "LanRTC" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-09
  @version = "0.2"
  @description = "LanRTC Device"
  @website = "http://www.dorma-time-access.de/prod/content/view/full/36922/%28code%29/product_detail/%28parent%29/36921"

  # ShodanHQ results as at 2011-03-09 #
  # 5 for LanRTC

  # Matches #
  @matches = [

    # Logo
    { url: "/Logo.gif", md5: "2fe5a40924a7b13c61fcc66a7dacec94" },

    # Model Detection # Default Heading
    { model: /<tr><td><h2>LanRTC([\d]{4})<br>System information<\/h2><\/td>/ },

    # Model Detection # Default Title
    { model: /<title>LanRTC([\d]{4})-System information<\/title>/ },

    # Logo
    { text: '<td align=right><h2><img src="Logo.gif" width="120" height="59" alt="MBB Gelma"></h2>' },

    # Menu HTML
    { text: '<p><font size=-1><strong><a href="javascript:window.history.back()">Back</a> | <a href="Index.htm">System Info</a> | <a href="TmStatus.htm?TM=1">TM Status</a> | <a href="LanStat.htm">LAN Akt.</a> | <a href="de/Buchen.htm">Booking</a></strong></font></p></body></html>' },

    # Version Detection # HTTP Server Header
    { version: /^LanRTC\/([\d\.]{1,5})$/, search: "headers[server]" },

    # HTTP Server Header
    { regexp: /^LanRTC/, search: "headers[server]" },

  ]
end

#LaserWashObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/laserwash.rb', line 9

WhatWeb::Plugin.define "LaserWash" do
  @author = "Brendan Coles <[email protected]>" # 2013-07-28
  @version = "0.1"
  @description = "PDQ - LaserWash - touchless car wash equipment."
  @website = "http://www.pdqinc.com/car-wash-equipment/laserwash-360.asp"

  # ShodanHQ results # 2013-07-28
  # 42 for "PDQ Laserwash"

  # Matches #
  @matches = [

    # WWW-Authenticate realm
    { status: 401, search: "headers[www-authenticate]", regexp: /^Basic realm="PDQ Laserwash"$/ },

  ]
end

#LEAPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/leap.rb', line 9

WhatWeb::Plugin.define "LEAP" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "LEAP is a Content Management System (LEAP CMS), yet so much more than this. Because of its wide range of features that go beyond content management, it is also referred to as a Website Operating System."
  @website = "http://www.leapcms.com/"

  # Google results as at 2011-03-15 #
  # 113 for inurl:LEAP/error.lasso

  # Dorks #
  @dorks = [
    'inurl:LEAP/error.lasso'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="LEAP ([\d\.]+)"( \/)?>/ },

    # Version Detection # Meta Formatter
    { version: /<meta name="Formatter" content="LEAP ([\d\.]+)"( \/)?>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    if target.uri.host
      # window.location = host/LEAP/error.lasso JavaScript
      if target.body&.match?(Regexp.new('if \(ls == lw.length\) window.location = "http[s]?:\/\/' + Regexp.escape(target.uri.host) + '\/LEAP\/error.lasso";'))
        m << { name: "/LEAP/error.lasso JavaScript" }
      end
    end
    # /LEAP/ # 401 # www-authenticate
    if (@status == 401) && target.headers["www-authenticate"] =~ /^Basic realm="LEAP"$/ && target.uri.path =~ /^\/LEAP\//
      m << { name: "/LEAP/ www-authenticate" }
    end

    # Return passive matches
    m
  end
end

#LetoDMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/letodms.rb', line 9

WhatWeb::Plugin.define "LetoDMS" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-24
  @version = "0.1"
  @description = "LetoDMS is an open-source document-management-system based on PHP and MySQL published under the GPL."
  @website = "http://www.letodms.com/"

  # ShodanHQ results as at 2012-08-24 #
  # 30 for out/out.ViewFolder.php

  # Google results as at 2012-08-24 #
  # 84 for "letoDMS free document management system - www.letodms.com" "This is a classified area. Access is permitted only to authorized personnel"

  # Dorks #
  @dorks = [
    '"letoDMS free document management system - www.letodms.com" "This is a classified area. Access is permitted only to authorized personnel"'
  ]

  # Matches #
  @matches = [

    # Login Page # Disclaimer Footer
    { text: '<div class="disclaimer">This is a classified area. Access is permitted only to authorized personnel. Any violation will be prosecuted according to the national and international laws.</div>' },

    # Footer
    { text: 'letoDMS free document management system - www.letodms.com</div></body>' },

    # Location Header
    { search: "headers[location]", regexp: /out\/out\.ViewFolder\.php/ },

  ]
end

#LiferayObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # Update version detection and added cookie and javascript matches

Version 0.2 # Update version detection and ghdb match



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/liferay.rb', line 15

WhatWeb::Plugin.define "Liferay" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-13
  @version = "0.3"
  @description = "Liferay Portal is an enterprise web platform for building business solutions that deliver immediate results and long-term value."
  @website = "http://www.liferay.com/"

  # ShodanHQ results as at 2012-04-23 #
  # 707 for COOKIE_SUPPORT GUEST_LANGUAGE_ID
  # 650 for liferay-portal

  # Google results as at 2012-04-23 #
  # 208 for "Powered by Liferay Portal"
  #  90 for "Powered by Liferay Portal" -site:liferay.com

  # Dorks #
  @dorks = [
    '"Powered by Liferay Portal"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: "Powered by Liferay Portal", certainty: 10 },

    # JavaScript # Liferay.Util.addInputFocus()
    { text: "<![CDATA[*/Liferay.Util.addInputFocus();/*]]>*" },

    # HTTP Header # Liferay-Portal # Edition Detection
    { search: "headers[liferay-portal]", string: /^Liferay Portal (.+ Edition) (.+)$/ },

    # HTTP Header # Liferay-Portal # Version Detection
    { search: "headers[liferay-portal]", version: /^Liferay Portal (.+ Edition) (.+)$/, offset: 1 },

    # HTTP Header # Set-Cookie # GUEST_LANGUAGE_ID
    { search: "headers[set-cookie]", regexp: /GUEST_LANGUAGE_ID=[a-z]{2,3}_[A-Z]{2,3};/ },

  ]
end

#LifeTypeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-09 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/lifetype.rb', line 12

WhatWeb::Plugin.define "LifeType" do
  @author = "Aung Khant, http://yehg.net"
  @version = "0.2"
  @description = "LifeType is an open-source blogging platform with support for multiple blogs and users in a single installation."
  @website = "http://lifetype.net"

  # Dorks #
  @dorks = [
    '"Powered by LifeType"'
  ]

  # Matches #
  @matches = [

    # Default powered by text
    { regexp: /Powered by <a href="http:\/\/lifetype.net[^>]*>Lifetype<\/a>/i },
    { text: 'Powered by <a href="http://www.lifetype.net">LifeType</a>' },

    # Version Detection # Default meta generator
    { version: /<meta name="generator" content="lifetype-([\w\.]+)"/ },

    # Not Installed message HTML
    { text: 'LifeType has not been installed yet, you\'ll have to <font color="red"><b><a href="wizard.php" title="Install LifeType">Install LifeType</a></b></font> first!' },

  ]
end

#LightNEasyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/lightneasy.rb', line 9

WhatWeb::Plugin.define "LightNEasy" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-10
  @version = "0.1"
  @description = "LightNEasy is a simple and light Content Management System and Website Builder"
  @website = "http://www.lightneasy.org/"

  # Google results as at 2011-09-10 #
  # 331 for inurl:"LightNEasy.php?page="
  # 311 for "Powered by LightNEasy Content Manager"
  # 142 for "If you are seeing this, that means LightNEasy installation worked!"

  # Dorks #
  @dorks = [
    'inurl:"LightNEasy.php?page="',
    '"Powered by LightNEasy Content Manager"',
    '"If you are seeing this, that means LightNEasy installation worked!"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name='generator' content='LightNEasy( Mini)? ([^'^>]+)' \/>/, offset: 1 },

    # Version Detection # HTML Comment
    { version: /<!-- \+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| LightNEasy ([^\s]+) Content Management System[\s]+\| / },
    { version: /<!-- \+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| LightNEasy Content Management System[\s]+\| Copyright 2007-20[\d]{2} Fernando Baptista[\s]+\| http:\/\/(www\.)?lightneasy\.org[\s]+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| [^\|]+ version ([^\s]+)/, offset: 1 },

    # Database Type Detection # HTML Comment
    { string: /<!-- \+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| LightNEasy [^\s^\|]* Content Management System[\s]+\| ([^\|]+) version[\s]+/ },
    { string: /<!-- \+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| LightNEasy [^\s^\|]* Content Management System[\s]+\| Copyright 2007-20[\d]{2} Fernando Baptista[\s]+\| http:\/\/(www\.)?lightneasy\.org[\s]+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+\+[\s]+\| ([^\|]+) version [^\s]+/, offset: 1 },

    # Stylesheet
    { text: "<link rel='stylesheet' type='text/css' href='css/lightneasy.css' />" },

    # Version Detection # Powered by footer
    { version: /Powered by <a href="http:\/\/lightneasy\.org">LightNEasy ([^<]+)<\/a>/ },

    # Version Detection # Fresh install message
    { version: /<h1>LightNEasy ([^<^\s]+) index page<\/h1><p>If you are seeing this, that means <strong>LightNEasy<\/strong> installation worked!<\/p>/ },
    { version: /<h2 class="LNE_title">LightNEasy ([^<^\s]+) index page<\/h2><p>If you are seeing this, that means <strong>LightNEasy<\/strong> installation worked!<\/p>/ },

  ]
end

#lighttpdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.3 # 2011-03-06 # Updated OS detection

Version 0.2 # 2011-01-25 # Updated version detection



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/lighttpd.rb', line 18

WhatWeb::Plugin.define "lighttpd" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.4"
  @description = "Lightweight open-source web server."
  @website = "http://www.lighttpd.net/"

  # ShodanHQ results as at 2010-10-26 #
  # 124,972 for "server: lighttpd"

  @matches = [
    # Server HTTP header
    { regexp: /lighttpd/, search: "headers[server]" },

    # Version Detection # Server HTTP header
    { version: /^[\s]*lighttpd\/([^\s^\r^\n]+)/, search: "headers[server]" },

    # OS Detection # Server HTTP header
    { os: /^[\s]*lighttpd \(([^\)]+)\)/, search: "headers[server]" },
  ]
end

#linkSphericObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/linkspheric.rb', line 9

WhatWeb::Plugin.define "linkSpheric" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.1"
  @description = "linkSpheric. Possibly the world's coolest free online directory software that's absolutely free, no advertising, no spyware, just good old PHP-MySQL."
  @website = "http://dataspheric.com/services/software/ls/"

  # 61 results for "powered by linkSpheric" -Vulnerability @ 2010-08-21

  # Dorks #
  @dorks = [
    '"powered by linkSpheric" -Vulnerability'
  ]

  @matches = [

    # Default CSS
    { text: '<style type="text/css" media="screen">@import "styles/ls_orange.css";</style>"' },

    # Install Page
    { text: '<title>linkSpheric Installer</title>' },
    { text: '<p style="text-align: center;"><a href="admin/index.php"><img src="images/ls_logo.png" width="190" height="75" alt="Powered by linkSpheric" /></a></p>' },
    { text: '   <strong>linkSpheric Administrator:</strong>' },

    # Powered by text
    { text: '<!--License terms require you to leave this link attribution intact.  You are only permitted to remove it by special arrangement with dataSpheric-->' },
    { text: '<!--License terms require you to leave this link attribution intact. You are only permitted to remove it by special arrangement with dataSpheric-->' },
    { text: 'Powered by <a href="http://dataspheric.com/services/software/ls/" style="text-decoration: none; color: #000;"><strong>link<span style="font-size: 1.3em; color: #f60;">S</span>pheric</strong></a>' },

    # Default logo
    { md5: 'a421ddecd26e755219c63a130893d253', url: 'images/ls_logo.png' }

  ]
end

#LISTSERVObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/listserv.rb', line 9

WhatWeb::Plugin.define "LISTSERV" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-02
  @version = "0.1"
  @description = "LISTSERV launched the email list management industry in 1986 and remains the industry standard. It provides the power, reliability and enterprise-level performance you need to manage all your opt-in email lists, including email newsletters, announcement lists, discussion groups and email communities."
  @website = "http://www.lsoft.com/products/listserv.asp"

  # Google results as at 2011-04-02 #
  # 68 for "Server Administration" "List Management" "List Moderation" "Subscriber's Corner" "Email Lists"

  # Dorks #
  @dorks = [
    '"Server Administration" "List Management" "List Moderation" "Subscriber\'s Corner" "Email Lists"'
  ]

  # Matches #
  @matches = [

    # CSS
    { text: 'div.catalist h2 { font-family:times;  font-size:18pt; font-weight: bold; margin-bottom: }' },
    { text: '_white-space:pre;   /* IE only hack to re-specify in addition to word-wrap  */' },

    # Powered by logo HTML
    { text: 'alt="Powered by the LISTSERV Email List Manager" title="Powered by the LISTSERV Email List Manager" border="0"></a>' },

    # Redirect Page # Title
    { text: '<TITLE>LISTSERV - Redirecting ...</TITLE>' },

    # Version Detection # Title
    { version: /<title>Welcome to LISTSERV ([\d\.]+)<\/title>/ },

    # Version Detection # Logo
    { version: /<a href="\/scripts\/wa.exe\?[^"]+"><img src="\/archives\/images\/b-[a-z]{0,2}version\.jpg" alt="LISTSERV ([\d\.]+)" title="LISTSERV [\d\.]+" border="0"><\/a><\/td>/ },

  ]
end

#LiteRadiusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/literadius.rb', line 9

WhatWeb::Plugin.define "LiteRadius" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-14
  @version = "0.1"
  @description = "LiteRadius is a web server software program that interfaces geographic locations to the Google Maps API. Requires PHP and MySQL."
  @website = "http://www.escaperadius.com/er/products/literadius/lr.php"

  # Google results as at 2011-07-14 #
  # 33 for allinurl: locator.php?long=

  # Dorks #
  @dorks = [
    'allinurl: locator.php?long='
  ]

  # Matches #
  @matches = [

    # inurl:locator.php parsed_page lat long
    { ghdb: 'inurl:locator.php parsed_page lat long' },

  ]
end

#LiteSpeedObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/litespeed.rb', line 9

WhatWeb::Plugin.define "LiteSpeed" do
  @author = "Sagar Prakash Junnarkar  <[email protected]>" # 2012-11-09"
  @version = "1.0"
  @description = "LiteSpeed web server, which is able to read Apache configuration directly and used together with web hosting control panels by replacing Apache"

  def passive(target)
    m = []
    m << { name: "LiteSpeed server" } if target.headers["server"] =~ /LiteSpeed/i
    m
  end
end

#LiveZillaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/livezilla.rb', line 9

WhatWeb::Plugin.define "LiveZilla" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "LiveZilla, the Next Generation Live Help and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time."
  @website = "http://www.livezilla.net/"

  # Google results as at 2011-03-24 #
  # 14 for "LiveZilla - Freeware Live Support" intitle:"LiveZilla - Freeware Live Support - http://www.livezilla.net"
  # 12 for filetype:php inurl:server.php "Thank you for using LiveZilla!"

  # Dorks #
  @dorks = [
    '"LiveZilla - Freeware Live Support" intitle:"LiveZilla - Freeware Live Support - http://www.livezilla.net"'
  ]

  # Matches #
  @matches = [

    # Version Detection # registered trademark link
    { version: /<td colspan="2" width="400" align="center" (class|id)="lz_index_light_text">LiveZilla is a registered trademark<br>of LiveZilla GmbH<br><br>Version ([\d\.]+)<\/td>/, offset: 1 },

    # server.php # Thank you text
    { text: '<td><br><br><br><strong>Thank you for using LiveZilla!</strong></td>' },

    # HTML Comment and div id
    { text: '<!-- http://www.LiveZilla.net Tracking Code --><div id="livezilla_tracking" style="display:none"></div>' },

    # Error Page # address
    { text: '<address><a href="http://www.livezilla.net" target="_blank">LiveZilla - Freeware Live Support</a></address>' },

    # Meta Author
    { certainty: 25, text: '<meta name="author" content="LiveZilla GmbH">' },

    # Error Page # Title
    { text: '<title>LiveZilla - Freeware Live Support - http://www.livezilla.net</title>' },

  ]
end

#LoggixObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updates matches and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/loggix.rb', line 12

WhatWeb::Plugin.define "Loggix" do
  @author = "Brendan Coles <bcoles at gmail dot com>" # 2010-06-15
  @version = "0.2"
  @description = "Loggix is a really simple, lightweight PHP and SQlite driven weblog/cms engine."
  @website = "http://loggix.gotdns.org/"

  # 22 results for "Powered by Loggix" @ 2010-06-15

  # Dorks #
  @dorks = [
    '"Powered by Loggix"'
  ]

  @matches = [

    # Default meta generator
    { text: '<meta name="generator" content="Loggix" />' },

    # Version detection # Powered by text
    { version: /Powered by <a href="http:\/\/loggix.gotdns.org">Loggix<\/a> ver.([\d\.]+)<\/address>/ },

  ]
end

#LotusCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/lotuscms.rb', line 9

WhatWeb::Plugin.define "LotusCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-16
  @version = "0.1"
  @description = "LotusCMS (previously ArboroianCMS) brings to the forefront design and design integration into one of the most neglected CMS niches - Databaseless Web-Design and Development."
  @website = "http://www.lotuscms.org/"

  # Google results as at 2011-03-16 #
  # 10 for intitle:"LotusCMS Administration"
  # 63 for "Powered by LotusCMS"

  # Dorks #
  @dorks = [
    '"Powered by LotusCMS"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by: <a href="http://www.lotuscms.org">LotusCMS</a>' },
    { text: 'Powered by <a href="http://www.arboroia.com/cmsproject/">ArboroianCMS</a>' },

    # Menu
    { text: "<ul><li><a class='firstM' href='index.php?page=index'>Home</a></li><li><a class='normalM' href='index.php?system=" },

    # Admin Page # Title
    { text: '<title>LotusCMS Administration</title>' },
    { text: '<title>.:Lotus Administration:.</title>' },

    # Admin Page # Form
    { text: '<form method="POST" action="index.php?system=Admin&page=loginSubmit" id="contactform">' },

    # HTML Comment
    { text: "<!-- Please don't delete this. You can use this template for free and this is the only way that you can say thanks to me -->" },

    # Meta Keywords
    { certainty: 25, text: '<meta name="keywords" content="LotusCMS" />' },

  ]
end

#LPSEObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/lpse.rb', line 9

WhatWeb::Plugin.define "LPSE" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-29
  @version = "0.1"
  @description = "Electronic Procurement Service (Layanan Pengadaan Secara Elektronik - LPSE) - established by the Indonesian Ministry, Institution, College and state/local governments to facilitate procurement of government goods and services electronically."
  @website = "http://www.lkpp.go.id/v2/content.php?mid=2580235452"

  # ShodanHQ results as at 2012-02-29 #
  # 197 for eproc/app

  # Google results as at 2012-02-29 #
  # 589 for inurl:"/eproc/app"

  # Dorks #
  @dorks = [
    'inurl:"/eproc/app"'
  ]

  # Matches #
  @matches = [

    # HTTP Location Header
    { search: "headers[location]", regexp: /^(https?:\/\/[^\/]+)?\/eproc\/app/ },

    # StyleSheet
    { text: '<link rel="stylesheet" type="text/css" href="/eproc/assets/application.css"/>' },

  ]
end

#LuCIObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/whatweb/plugins/luci.rb', line 9

WhatWeb::Plugin.define "LuCI" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-07
  @version = "0.1"
  @description = "LuCI was founded in March 2008 as 'FFLuCI' as part of the efforts to create a port of the Freifunk-Firmware from OpenWrt Whiterussian to Kamikaze"
  @website = "http://luci.subsignal.org/"

  # Google results as at 2011-03-07 #
  # 70 for "Powered by LuCI" inurl:"/cgi-bin/luci/"

  # Dorks #
  @dorks = [
    '"Powered by LuCI" inurl:"/cgi-bin/luci/"'
  ]

  # Matches #
  @matches = [

    # Redirect Page
    { text: '<a style="color: white; text-decoration: none" href="/cgi-bin/luci">LuCI - Lua Configuration Interface</a>' },

    # StyleSheet HTML
    { text: '<link rel="stylesheet" type="text/css" media="screen" href="/luci-static/openwrt.org/cascade.css" />' },

    # Admin Link
    { text: '<li><a href="/cgi-bin/luci/admin/">Administration</a></li>' },

    # Default Logo
    { url: "/luci-static/openwrt.org/header.png", md5: "aba24739c2534a161fab2485e605a960" },

    # Version Detection # Powered by footer
    { version: /<p class="luci"><a href="\/cgi-bin\/luci\/about">Powered by LuCI [^<]+ \(v([^\)]+)\)<\/a><\/p>/, offset: 0 },

    { version: /<p class="luci"><a href="\/cgi-bin\/luci\/about">Powered by LuCI ([\d\.]+)<\/a><\/p>/ },

    # Firmware Version Detection
    { firmware: /<div id="header">[\r\n]*<h1>OpenWrt Firmware<\/h1>[\r\n]*<p>[\r\n]*([^<]+)<br \/>[\r\n]*Load: [^<]{10,15}<br \/>[\r\n]*Hostname: ([^\r^\n^<]+)[\s\r\n]*<\/p>[\r\n]*<\/div>/, offset: 0 },

    # Hostname Detection
    { string: /<div id="header">[\r\n]*<h1>OpenWrt Firmware<\/h1>[\r\n]*<p>[\r\n]*([^<]+)<br \/>[\r\n]*Load: [^<]{10,15}<br \/>[\r\n]*Hostname: ([^\r^\n^<]+)[\s\r\n]*<\/p>[\r\n]*<\/div>/, offset: 1 },

  ]
end

#LuxCalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/luxcal.rb', line 9

WhatWeb::Plugin.define "LuxCal" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-10
  @version = "0.1"
  @description = "LuxCal is a free user-friendly and lightweight web based event calendar. Requires PHP and MySQL"
  @website = "http://www.luxsoft.eu/"

  # Google results as at 2011-07-10 #
  # 109 for "powered by LuxSoft" +LuxCal "Log In" Monday Tuesday Wednesday Thursday Friday Saturday Sunday

  # Dorks #
  @dorks = [
    '"powered by LuxSoft" "LuxCal" "Log In" Monday Tuesday Wednesday Thursday Friday Saturday Sunday'
  ]

  # Matches #
  @matches = [

    # Meta Description
    { certainty: 75, text: '<meta name="description" content="LuxCal web calendar - a LuxSoft product" />' },

    # shortcut icon
    { certainty: 75, text: '<link rel="shortcut icon" href="lcal.ico" />' },

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="Roel Buining" />' },

    # Powered by footer
    { text: "<span class=\"floatR\"><a href=\"http://www.luxsoft.eu\"><font size='1'>powered by </font><i><b><font size='2' color='#0033FF'>Lux</font><font size='2' color='#AA0066'>Soft</font></b></i></a></span>" },

    # Version Detection # Footer HTML
    { version: /<b><i><font size='2' color='#0033FF'>Lux<\/font><font size='2' color='#AA0066'>Cal<\/font><\/i><\/b><font size='1'> version ([^<]+)<\/font>/ },

  ]
end

#LXRObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/lxr.rb', line 9

WhatWeb::Plugin.define "LXR" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = 'LXR (formerly "the Linux Cross Referencer") is a general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages."
  @website = "http://lxr.linux.no/'

  # Google results as at 2011-05-19 #
  # 82 for "This page was automatically generated by the LXR engine."
  # 72 for "Visit the LXR main site for more information."

  # Dorks #
  @dorks = [
    '"This page was automatically generated by the LXR engine."'
  ]

  # Matches #
  @matches = [

    # automatically generated by link
    { regexp: /<hr>\nThis page was automatically generated by the \n<a href="http:blurb\.html">LXR engine<\/a>\.\n<br>\nVisit the <a href="http:\/\/lxr\.linux\.no\/">LXR main site<\/a> for more\ninformation\./ },

    # Identifier search link
    { text: '<b>[</b>&nbsp;<a href="ident">identifier search</a>&nbsp;<b>]</b>' },
    { text: '[&nbsp;<a href="ident">identifier search</a>&nbsp;]' },

  ]
end

#LynxGuideObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/lynxguide.rb', line 9

WhatWeb::Plugin.define "LynxGuide" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-07
  @version = "0.1"
  @description = "The Lynx System is a Facility-wide, Network based, Duress and Emergency Notification System. "
  @website = "http://www.lynxguide.com/"

  # Google results as at 2012-05-07 #
  # 1 for inurl:"cgi/logon.plx"

  # Dorks #
  @dorks = [
    'inurl:"cgi/logon.plx"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<title>Login to LynxGuide Server</title>' },

    # Footer
    { text: 'Use subject to <a href="/cgi/help/license.htm">license agreement</a></span>' },

    # Set-Cookie # Access_Num
    { search: "headers[set-cookie]", regexp: /Access_Num=[^;]+;/ },

  ]
end

#MacHTTPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[] added website parameter



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/machttp.rb', line 13

WhatWeb::Plugin.define "MacHTTP" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "MacHTTP is a webserver designed to run on Mac OS versions 7.x through 9.x. It was written by software developer Chuck Shotton and was originally shareware; it is now available in source code form from SourceForge.net under the Perl Artistic License. It is still used on some older Macintosh hardware. It was later commercialized as WebSTAR, sold originally by StarNine and later bought by Quarterdeck Software. - More Info: http://en.wikipedia.org/wiki/MacHTTP"
  @website = "http://www.machttp.org/downloads/machttp/"

  # ShodanHQ results as at 2011-06-04 #
  # 40 for machttp

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^MacHTTP\/([^\s]+)$/, search: "headers[server]" },

    # HTTP Server Header
    { regexp: /^MacHTTP$/, search: "headers[server]" },

  ]
end

#MagentoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/whatweb/plugins/magento.rb', line 9

WhatWeb::Plugin.define "Magento" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "Opensource ecommerce platform written in PHP"
  @website = "http://www.magentocommerce.com"

  @dorks = [
    'Magento is a trademark of Magento Inc. Copyright" "admin"',
    'intitle:"Magento Downloader" "Report All Bugs"'
  ]

  @matches = [

    # default logo
    { text: 'images/logo.gif" alt="Magento Commerce" /></a></h1>', name: 'default logo alt-text' },

    # version detection
    { version: %r{<a href="http://www.magentocommerce.com/bug-tracking" id="bug_tracking_link"><strong>Report All Bugs</strong></a> \((Magento Connect Manager |Downloader )?ver. ([0-9\.]+)\)}, offset: 1 },

    # StyleSheet
    { regexp: %r{<link rel="stylesheet" type="text/css" href="[^"]+/skin/frontend/[^"]+/css/boxes.css" media="all"}, name: "/skin/front/*/css/boxes.css" },

    # Meta keywords
    { name: "Meta keywords", text: '<meta name="keywords" content="Magento, Varien, E-commerce" />' },

    # Search form
    { text: "var searchForm = new Varien.searchForm('search_mini_form', 'search', '" },
    { text: ',mage/cookies.js" ></script>' },

    # NoScript
    { regexp: /<div id="noscript-notice" class="magento-notice">/, name: 'JavaScript disabled warning' },
    { regexp: %r{<p>You must have JavaScript enabled in your browser to utilize the functionality of this website.</p>}, name: 'JavaScript disabled warning' },

    # Admin interface
    { url: '/admin', text: '<title>Log into Magento Admin Page</title>' },

    # Copyright footer
    { name: 'Copyright footer', string: /Magento is a trademark of Magento Inc. Copyright &copy; ([0-9]{4}) Magento Inc/ },

    # frontend cookie - no obvious pattern:
    # Set-Cookie: frontend=3d3tts5uumgt3v6klitfr15b05;  ALPHA  1.1.6
    # Set-Cookie: frontend=c7ec59c75e957b29f1d5e0d6cfcb3a98;  HEX  1.2.0.2
    # Set-Cookie: frontend=54f0e9aa64fe53d0f076ef0e328841d5;  HEX  1.2.1.2
    # Set-Cookie: frontend=873sd3kemps1al4np0c6ndkac4;  ALPHA  1.3.1
    # Set-Cookie: frontend=dcf246795fa247992d07daa7a7ba147e;   HEX  1.3.1.1
    # Set-Cookie: frontend=a9239941fea5df3bb1b75485d56cb817;   HEX   1.3.2.1
    # Set-Cookie: frontend=ec409bd20122a68f9c27fa66c358fc7d;   HEX  1.4.0.1
    # Set-Cookie: frontend=s0ucd54lq2js68cp05sp6r2u92;   ALPHA  1.4.0.1

    # Set-Cookie: magento=3s3piyt6bil5carswndryvwak6zqzo3x; expires=Tue, 02-Nov-2010 04:42:28 GMT; path=/; domain=www.malenasflowers.com (ver. 1.2.0.2)

    { name: "cookie called magento", search: "headers[set-cookie]", regexp: /^magento=[0-9a-f]+/ },
    { name: "cookie called frontend", search: "headers[set-cookie]", regexp: /^frontend=[0-9a-z]+/ }

  ]
end

#MagImageBankObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/magimagebank.rb', line 9

WhatWeb::Plugin.define "MagImageBank" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-01
  @version = "0.1"
  @description = "The MagImageBank is a easy to use and flexible web-based DAM (digital asset management) for managing images, videos and documents"
  @website = "http://www.magimagebank.com/"

  # Google results as at 2011-09-01 #
  # 179 for "Powered by MagImageBank" +"[email protected]"

  # Dorks #
  @dorks = [
    '"Powered by MagImageBank" "[email protected]"'
  ]

  # Matches #
  @matches = [

    # div id="SiteBottom" class="fun"
    { text: '</div></div><div id="SiteBottom" class="fun"></div><div id=\'SiteFooter\'>' },

    # StyleSheet
    { regexp: /<link href="\/imagebank\/stylesheets\/fancybox\.css\?[\d]+" media="screen" rel="Stylesheet" type="text\/css" \/>/ },

    # Powered by text
    { text: 'Powered by MagImageBank | <a href="http://magimagebank.com/">magimagebank.com</a> | <a href="mailto:[email protected]">[email protected]</a>' },

  ]
end

#MaharaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/mahara.rb', line 9

WhatWeb::Plugin.define "Mahara" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-05
  @version = "0.1"
  @description = "Mahara is an open source e-portfolio system"
  @website = "http://mahara.org/"

  # Google results as at 2011-11-05 #
  # 116 for "powered by mahara" inurl:"about.php" intitle:"About"

  # Dorks #
  @dorks = [
    '"powered by mahara" inurl:"about.php" intitle:"About"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- This site is powered by Mahara, an Open Source' },
    { text: '<!-- there is a div id="performance-info" wrapping this -->' },

    # div id="powered-by" + Logo HTML
    { text: '<div id="powered-by"><a href="http://mahara.org/"><img src="' },

    # JavaScript
    { text: '<script type="text/javascript">var strings = {"namedfieldempty":"The required field \"%s\" is empty","processing":"Processing","requiredfieldempty":"A required field is empty","unknownerror":"An unknown error occurred (0x20f91a0)",' },
    # <script type="text/javascript">var strings = {"namedfieldempty":"The required field \"%s\" is empty","processing":"Processing","requiredfieldempty":"A required field is empty","unknownerror":"An unknown error occurred (0x20f91a0)","loading":"Loading ...","showtags":"Show my tags","unreadmessages":"unread messages","unreadmessage":"unread message","pendingfriend":"pending friend","pendingfriends":"pending friends","couldnotgethelp":"An error occurred trying to retrieve the help page","password":"Password","username":"Username","login":"Login","sessiontimedout":"Your session has timed out, please enter your login details to continue","loginfailed":"You have not provided the correct credentials to log in. Please check your username and password are correct.","home":"Home","youhavenottaggedanythingyet":"You have not tagged anything yet"};</script>

  ]
end

#MailEnableObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/mailenable.rb', line 9

WhatWeb::Plugin.define "MailEnable" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-14
  @version = "0.1"
  @description = "Windows mail server software with webmail, caldav, carddav, antivirus, spam filtering and more."
  @website = "http://www.mailenable.com/"

  # Google results as at 2012-01-14 #
  # 87 for intitle:"MailEnable - Webmail" "Account Login" "MailEnable"

  # Dorks #
  @dorks = [
    'intitle:"MailEnable - Webmail" "Account Login" "MailEnable"'
  ]

  # Matches #
  @matches = [

    # Login Page # HTML Comment
    { text: '</table><!-- loginPanel_shell_table -->' },

    # Login Page # td class="loginPanel_botLeft"
    { text: '<td class="loginPanel_botLeft"><div class="loginPanel_botLeft_div"></div></td>' },

    # Login Page # Title
    { certainty: 75, text: '<title>MailEnable - Webmail</title>' },

  ]
end

#MailmanObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-05 # Brendan Coles <[email protected]> Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/mailman.rb', line 12

WhatWeb::Plugin.define "Mailman" do
  @author = "Tonmoy Saikia"
  @version = "0.2"
  @description = "Mailman is free software for managing electronic mail discussion and e-newsletter lists. WEB:http://www.gnu.org/software/mailman/index.html"

  # Google results as at 2011-03-05 #
  # 443 for inurl:mailman "Delivered by Mailman"
  # 300 for inurl:mailman "Delivered by Mailman" inurl:edu
  # 205 for inurl:mailman "Delivered by Mailman" inurl:gov
  # 25  for inurl:mailman "Delivered by Mailman" inurl:mil

  # Dorks #
  @dorks = [
    'inurl:mailman "Delivered by Mailman"'
  ]

  # Matches #
  @matches = [

    # GHDB Match
    { certainty: 25, ghdb: 'inurl:mailman "Delivered by Mailman"' },

    # Mailing list listinfo links
    { regexp: /<td><a[^>]+href="[^"]+\/listinfo\/[^"]+"><strong>[^<]+<\/strong><\/a><\/td>/ },

    # Version Detection # Delivered by logo
    { version: /<td><img src="[^"]+\/mailman.jpg" alt="Delivered by Mailman"[^>]+><br>version (\d.\d.[0-9a-z]+)/ },

    # Version Detection # Delivered by text
    { version: /<td><a href="http:\/\/www.gnu.org\/software\/mailman\/index.html">Delivered by Mailman<br>version (\d.\d.[0-9a-z]+)<\/a>/ },

  ]
end

#MailSiteExpressObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 removed :probability & :name



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/mailsite-express.rb', line 12

WhatWeb::Plugin.define "MailSiteExpress" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "Webmail in ASP. Versions < 6.1.2 insecure http://marc.info/?l=bugtraq&m=113053680631151&w=2 -"
  @website = "http://www.mailsite.com/products/express-webmail-server.asp"

  # <!-- This software is copyright 1999, 2000 Rockliffe systems, Inc. -->
  # <!-- default.asp ver. 4.5.6 -->
  # <title>MailSite Express</title>
  # <font face="arial" size="1">MailSite Express <br> version 4.5.6</font>

  # version 6
  # <b>MailSite <em>Express</em> Login</b>
  # onSubmit="OpenExpress(document.ExpressLogin)"

  # 24 for intitle:"MailSite Express" "MailSite Express Login"

  # Dorks #
  @dorks = [
    'intitle:"MailSite Express" "MailSite Express Login"'
  ]

  # Matches #
  @matches = [

    { text: '<title>MailSite Express</title>' },
    { regexp: /<font face="arial" size="1">MailSite Express <br> version [0-9\.]+<\/font>/ },
    { certainty: 50, regexp: /<!-- This software is copyright [0-9 ,\.]+ Rockliffe systems, Inc. -->/ },
    { text: '<b>MailSite <em>Express</em> Login</b>' },
    { text: 'onSubmit="OpenExpress(document.ExpressLogin)"' }

  ]
end

#MamboObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.6 # 2011-03-19 # Brendan Coles <[email protected]> Added aggressive match for /administrator/ Updated matches to remove false positives

Version 0.5 # 2011-03-06 # Brendan Coles <[email protected]> Updated module detection

Version 0.4 by Andrew Horton added matches suggested by Aung Khant including ‘meta name=“description’ and /<a href=”*index.php?option=com_/ from the Joomla plugin

Version 0.3 Andrew Horton added examples, changed time since epoch match for less false positives with Joomla, added mosvisitor cookie match Aung Khant(yehg.net) added description, README.php match, Mambo Admin match

Version 0.2 removed :name & :certainty



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'lib/whatweb/plugins/mambo.rb', line 26

WhatWeb::Plugin.define "Mambo" do
  @author = "Andrew Horton"
  @version = "0.6"
  @description = "Mambo CMS (http://mambo-foundation.org)"

  # Google results as at 2011-03-06 #
  # 3,420,000 results for "powered by mambo" inurl:option=com_content

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="Generator" content="Mambo - Copyright 2000 - [0-9]+ Miro International Pty Ltd.  All rights reserved." \/>/ },

    # Meta Description
    { regexp: /<meta name="description" content="Mambo - the dynamic portal engine and content management system" \/>/ },

    # README.php
    { url: 'README.php', text: 'Mambo is OSI Certified Open Source Software, released under the GNU General Public License' },

    # administrator/templates/mambo_admin/templateDetails.xml
    { url: 'administrator/templates/mambo_admin/templateDetails.xml', regexp: /(<name>Mambo Admin<\/name>|<authorUrl>http:\/\/www\.mambo\-foundation\.org<\/authorUrl>)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # /administrator/ # Confirm the presence of Mambo with 100% certainty
    if target.uri.path =~ /\/administrator\// && (target.body =~ /<div id="mambo"><img src="[^"]*\/images\/header_text.png" alt="Mambo Logo" \/><\/div>/ || target.body =~ /<a href="http:\/\/mambo-foundation.org">Mambo<\/a> is Free Software released under the GNU\/GPL License.<\/div>/ || target.body =~ /<title>[^<]+ Administration \[Mambo( Open Source)?\]<\/title>/)
      m << { name: "Mambo Administration Page" }
    end

    # HTML Comment # seconds since epoch # Also used by joomla
    if target.body =~ /<\/html>.*(\n)*<!-- [0-9]+.*-->(\n)*\z/ && target.body !~ /joomla/i
      m << { name: "seconds since epoch in html comment after </html>", certainty: 25 }
    end

    # Module Detection # Doesn't work in SEO mode # Also used by joomla
    if /<a href="[^"]*index.php\?option=(com_[^&^"]+)/.match?(target.body)

      # Absolute URL
      m << { certainty: 75, module: target.body.scan(/<a href="https?:\/\/#{Regexp.escape(target.uri.host)}[^"]*index.php\?option=(com_[^&^"]+)/) } if target.body =~ /<a href="https?:\/\/#{Regexp.escape(target.uri.host)}[^"]*index.php\?option=(com_[^&^"]+)/

      # Relative URL
      m << { certainty: 75, module: target.body.scan(/<a href="[^"^:]*index.php\?option=(com_[^&^"]+)/) } if target.body =~ /<a href="[^"^:]*index.php\?option=(com_[^&^"]+)/

    end

    # mosvisitor cookie # Also used by joomla
    m << { certainty: 75, name: "mosvisitor cookie" } if target.headers["set-cookie"] =~ /mosvisitor=[0-9]+/

    # Return passive matches
    m
  end

  # Aggressive #
  def aggressive(target)
    m = []

    # Open base_uri + /administrator/
    new_target = WhatWeb::Target.new(target.uri.to_s + "/administrator/")

    # Confirm the presence of Mambo with 100% certainty
    if new_target.body =~ /<div id="mambo"><img src="[^"]*\/images\/header_text.png" alt="Mambo Logo" \/><\/div>/ || new_target.body =~ /<a href="http:\/\/mambo-foundation.org">Mambo<\/a> is Free Software released under the GNU\/GPL License.<\/div>/ || new_target.body =~ /<title>[^<]+ Administration \[Mambo( Open Source)?\]<\/title>/
      m << { name: "Mambo Administration Page" }
    end

    # Return aggressive matches
    m
  end
end

#MantisBTObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/mantisbt.rb', line 9

WhatWeb::Plugin.define "MantisBT" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-12
  @version = "0.1"
  @description = "MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases."
  @website = "http://www.mantisbt.org/"

  # Google results as at 2011-03-12 #
  # 246 for "Powered by Mantis Bugtracker"
  # 11  for intitle:"MantisBT Administration" "Checking Installation"
  # 4   for intitle:"MantisBT Administration - Installation" ext:php "Checking Installation"

  # Dorks #
  @dorks = [
    '"Powered by Mantis Bugtracker"'
  ]

  # Matches #
  @matches = [

    # Logo Link # >= 1.1.x
    { regexp: /<div align="right"><a href="http:\/\/www.mantisbt.org" title="Free Web Based Bug Tracker"><img src="[^"]*images\/mantis_logo_button.gif" width="88" height="35" alt="Powered by Mantis Bugtracker" border="0" \/><\/a><\/div>/ },

    # Logo Link # <= 1.0.x
    { regexp: /<div align="right"><a href="http:\/\/www.mantis(bugtracker.com|bt.org)" title="Powered by Mantis Bugtracker"><img src="[^"]*images\/mantis_logo_button.gif" width="88" height="35" alt="Powered by Mantis Bugtracker" border="0" \/><\/a><\/div>/ },

    # Version Detection # >= 1.1.x
    { version: /<span class="timer"><a href="http:\/\/www.mantisbt.org\/" title="Free Web Based Bug Tracker">Mantis(BT)? ([\d\.]+)<\/a>\[<a href="http:\/\/www.mantisbt.org\/"  title="Free Web Based Bug Tracker" target="_blank">\^<\/a>\]<\/span>/, offset: 1 },

    # Version Detection # <= 1.0.x
    { version: /<span class="timer"><a href="http:\/\/www.mantis(bugtracker.com|bt.org)\/">Mantis ([\d\.]+)<\/a>\[<a href="http:\/\/www.mantis(bugtracker.com|bt.org)\/" target="_blank">\^<\/a>\]<\/span>/, offset: 1 },

    # Install Page # Default Title
    { string: "Install", text: "<title> MantisBT Administration - Installation  </title>" },

  ]
end

#MapServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-07-30 # Brendan Coles <[email protected]> Added examples URLs, added passive match and added google dork

Version 0.3 Andrew Horton. Replaced aggressive function with matches



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/mapserver.rb', line 14

WhatWeb::Plugin.define "MapServer" do
  @author = "Aung Khant, http://yehg.net"
  @version = "0.3"
  @description = "Detect MapServer CGI application (http://www.mapserver.org/)"

  # Google results as at 2011-07-30 #
  # 210 for inurl:cgi-bin/mapserv/?map
  # 133 for inurl:"cgi-bin/mapserv/?map"
  #  80 for inurl:"cgi-bin/mapserv.exe/?map"

  # Dorks #
  @dorks = [
    'inurl:cgi-bin/mapserv/?map'
  ]

  @matches = [
    { name: "Version", url: "?map=*", version: /<\/HEAD>\s*<!\-\- MapServer version (.*?)\s/ },
    { name: "Invalid Map Parameter", url: "/cgi-bin/mapserv/?map=*", regexp: /<BODY BGCOLOR="#FFFFFF">\s*msLoadMap(): Regular expression error/ },
    { name: "Invalid Map Parameter", url: "/cgi-bin/mapserv/?map=*", regexp: /<HEAD><TITLE>MapServer Message<\/TITLE><\/HEAD>\s*<!\-\- MapServer version/ }
  ]

  # Passive #
  def passive(target)
    m = []
    # Error Message # Empty QUERY_STRING
    if target.body == "No query information to decode. QUERY_STRING is set, but empty.\n"
      m << { name: "Error Message" }
    end
    # Return passive matches
    m
  end
end

#MasonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/mason.rb', line 9

WhatWeb::Plugin.define "Mason" do
  @author = "Brendan Coles <[email protected]>" # 2012-11-04
  @version = "0.1"
  @description = "Mason is a powerful Perl-based templating system for generating HTML or other dynamic content."
  @website = "http://www.masonhq.com/"

  # ShodanHQ results as at 2012-11-04 #
  # 27 for X-Powered-By: HTML::Mason

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[x-powered-by]", regexp: /HTML::Mason/ },

  ]
end

#MathopdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/mathopd.rb', line 12

WhatWeb::Plugin.define "Mathopd" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-30
  @version = "0.2"
  @description = "Mathopd is a very small, yet very fast HTTP server for UN*X systems. It supports useful features of HTTP/1.1, such as persistent connections, partial responses and pipelining. It does not support things like content negotation. The latest version of the software (1.5) also supports CGI/1.1."
  @website = "http://www.mathopd.org/"

  # ShodanHQ results as at 2011-03-30 #
  # 8,170 for Mathopd

  @matches = [
    # Version Detection # HTTP Server Header
    { version: /^Mathopd\/([^\s]+)/, search: "headers[server]" },

    # HTTP Server Header
    { regexp: /^Mathopd/, search: "headers[server]" },

  ]
end

#MediaWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-09-21 # Brendan Coles <[email protected]> Added google dorks and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/mediawiki.rb', line 12

WhatWeb::Plugin.define "MediaWiki" do
  @author = "Tonmoy Saikia"
  @version = "0.2"
  @description = "MediaWiki is a free software wiki  package written in PHP, originally for use on Wikipedia http://www.mediawiki.org/wiki/MediaWiki"

  # Google results as at 2011-09-21 #
  # 802 for "Powered by MediaWiki"
  # 393 for inurl:wiki/MediaWiki
  #  47 for inurl:Special:Version "This wiki is powered by MediaWiki"

  # Dorks #
  @dorks = [
    '"Powered by MediaWiki"',
    'inurl:wiki/MediaWiki',
    'inurl:Special:Version "This wiki is powered by MediaWiki"'
  ]

  # Matches #
  @matches = [

    # Logo alt text
    { text: 'alt="Powered by MediaWiki"' },

    # GHDB # URL Pattern
    { certainty: 75, ghdb: 'inurl:wiki MediaWiki' },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="MediaWiki ([^\s^"]+)" \/>/ },

    # Version Detection # wiki/Special:Version
    { version: /<td><a href="http:\/\/www\.mediawiki\.org\/" class="external text" rel="nofollow">MediaWiki<\/a><\/td>[\s]+<td>([^<]+)<\/td>/ },

  ]
end

#MeetingPlazaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/meetingplaza.rb', line 12

WhatWeb::Plugin.define "MeetingPlaza" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-21
  @version = "0.2"
  @description = "MeetingPlaza Distance Conference Service for internet conferencing, meeting, presentations, seminars, collaboration, events, and training."
  @website = "http://www.meetingplaza.com/e/"

  # ShodanHQ results as at 2011-07-21 #
  # 20 for InterSpace HTTP Tunneling

  # Google results as at 2011-07-21 #
  # 5 for "Hello. I'm MeetingPlaza HTTP Tunneling Server." +Date

  # Dorks #
  @dorks = [
    '"Hello. I\'m MeetingPlaza HTTP Tunneling Server." "Date"'
  ]

  # Matches #
  @matches = [

    { certainty: 25, text: '<html> <body> Hello. I\'m MeetingPlaza HTTP Tunneling Server.<br>Date: ' },

    # Version Detection # HTTP Server Header
    { version: /^InterSpace HTTP Tunneling\/([^\s]+)$/, search: "headers[server]" },

    # HTTP Server Header
    { regexp: /^InterSpace HTTP Tunneling/, search: "headers[server]" },

  ]
end

#MeiTrackObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/meitrack.rb', line 10

WhatWeb::Plugin.define "MeiTrack" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "MS02 GPS Tracking System from MeiTrack. Provides a web server to manage tracking of vehicles, chidren, pets, etc. The devices have plenty of features including eavesdropping, control by SMS, RFID, GPRS, panic alarms, etc"
  @website = "http://www.meitrack.net"

  # Matches #
  @matches = [

    # JavaScript
    { text: 'var _TrackerMain_GTVTSeries = "GT Series\\\\VT Series";' },

    # Form HTML
    { text: '<form name="form1" method="post" action="trackerlogin.aspx" id="form1">' },

  ]
end

#MercurialObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/mercurial.rb', line 9

WhatWeb::Plugin.define "Mercurial" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-16
  @version = "0.1"
  @description = "Mercurial is a free, distributed source control management tool."
  @website = "http://mercurial.selenic.com/"

  # Google results as at 2011-08-16 #
  # 462 for Mercurial summary shortlog changelog graph tags branches files changeset bz2 zip gz
  # 239 for Mercurial summary shortlog changelog graph tags branches files changeset bz2 zip gz inurl:shortlog

  # Dorks #
  @dorks = [
    'Mercurial summary shortlog changelog graph tags branches files changeset bz2 zip gz'
  ]

  # Matches #
  @matches = [

    { text: '<a href="http://mercurial.selenic.com/" title="Mercurial" style="float: right;">Mercurial</a>' },

    # Powered by link
    { regexp: /<div id="powered-by">[\s]+<p><a href="http:\/\/mercurial\.selenic\.com\/" title="Mercurial">/ },

  ]
end

#MetaGeneratorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-01-26 # Updated regex

Version 0.2 remove :certainty



15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/meta-generator.rb', line 15

WhatWeb::Plugin.define "MetaGenerator" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "This plugin identifies meta generator tags and extracts its value."

  # Matches #
  @matches = [

    # Extract value from the content param
    { string: /<meta[^>^=]+content[\s]*=[\s]*["|']?([^"^'^>]+)["|']?[^>^=]+name[\s]*=[\s]*["|']?generator["|']?/i },
    { string: /<meta[^>^=]+name[\s]*=[\s]*["|']?generator["|']?[^>^=]+content[\s]*=[\s]*"([^"^'^>]+)"/i },

  ]
end

#MetaPoweredByObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Brendan Coles <[email protected]> Updated string regexp

Version 0.2 remove :certainty



15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/meta-powered-by.rb', line 15

WhatWeb::Plugin.define "MetaPoweredBy" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "This plugin extracts the values for meta tags named poweredby, powered-by, and powered by"

  # Matches #
  @matches = [

    # Matches poweredby, powered-by, and powered by
    { string: /<meta[^>]+name=["']powered[\- ]?by["'][^>]+content=["']([^"]+)["']/i },

  ]
end

#MetInfoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/metinfo.rb', line 9

WhatWeb::Plugin.define "MetInfo" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-26
  @version = "0.1"
  @description = "MetInfo"
  @website = "http://www.metinfo.cn/"

  # Google results as at 2011-02-26 #
  # 409 for "Powered by MetInfo"

  # Dorks #
  @dorks = [
    '"Powered by MetInfo"'
  ]

  # Matches #
  @matches = [

    # Meta Copyright
    { regexp: /<meta name="copyright" content="Copyright 2008-20[\d]{2} MetInfo">/ },

    # Meta Author
    { regexp: /<meta name="author" content="[^"]+--Powered by MetInfo">/ },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.MetInfo.cn" target="_blank" title="MetInfo enterprise website manager system"><b>[^<]+<\/b><\/a> ([\d\.]+)/ },

  ]
end

#MHttpdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/mhttpd.rb', line 12

WhatWeb::Plugin.define "MHttpd" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-23
  @version = "0.2"
  @description = "MHTTPD stands for Minimal Hypertext Transport Protocol Daemon. MHTTPD is fast, simple and very small. It supports HTTP GET and POST method (that's all you need for more than 90% of time). It also supports HTTP Basic Authentication. Authentication can be performed by name and password lookup in a text file (userid:Unix_crypted_password) or from A LDAP server directly. And the server can be compiled as a secure server (SSL). The server does not have any configuration file and will not have any. Everything needed is hard coded at the top of the single C file."

  # 1017 ShodanHQ results for "Server: mhttpd v"
  # 472 ShodanHQ results for "Meta-HTML-Engine"

  @matches = [
    # Server # Short
    { regexp: /[\s]*mhttpd/, search: "headers[server]" },

    # Server # Short
    { version: /[\s]*mhttpd v([\d\.]+)/, search: "headers[server]" },

    # Server # Long
    { version: /[\s]*MHttpd\/([\d\.]+) \([^\;]+; [^\;]+; Meta-HTML\/[\d\.]+\)/, search: "headers[server]" },

    # Server # Long
    { module: /[\s]*MHttpd\/[\d\.]+ \([^\;]+; ([^\;]+); Meta-HTML\/[\d\.]+\)/, search: "headers[server]" },

    # Meta-HTML-Engine
    { version: /[\s]*MHttpd\/([\d\.]+) \([^\;]+; [^\;]+; Meta-HTML\/[\d\.]+\)/, search: "headers[meta-html-engine]" },
    { module: /[\s]*MHttpd\/[\d\.]+ \([^\;]+; ([^\;]+); Meta-HTML\/[\d\.]+\)/, search: "headers[meta-html-engine]" },

  ]
end

#micro_httpdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-12 # Updated regex match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/micro_httpd.rb', line 12

WhatWeb::Plugin.define "micro_httpd" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.2"
  @description = "micro_httpd is a very small Unix-based HTTP server. It runs from inetd, which means its performance is poor. But for low-traffic sites, it's quite adequate. It implements all the basic features of an HTTP server."
  @website = "http://www.acme.com/software/micro_httpd/"

  # ShodanHQ results as at 2010-10-26 #
  # 957,229 for "server: micro_httpd"

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /micro_httpd/i },

  ]
end

#MicrosoftOfficeWebServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-01-26 # Updated version detection regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/microsoftofficewebserver.rb', line 12

WhatWeb::Plugin.define "MicrosoftOfficeWebServer" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-23
  @version = "0.2"
  @description = "Microsoft Office Web Server"
  @website = "http://microsoft.com/"

  # About 233,672 ShodanHQ results for MicrosoftOfficeWebServer: @ 2010-10-23

  # Passive #
  def passive(target)
    m = []

    # MicrosoftOfficeWebServer HTTP Header
    m << { version: target.headers["microsoftofficewebserver"].to_s } unless target.headers["microsoftofficewebserver"].nil?

    # Return passive matches
    m
  end
end

#MikroTikObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 remove :certainty & :name Version 0.3 Uses :version=>// Version 0.4 Added md5 match for 401 page



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/mikrotik-router.rb', line 16

WhatWeb::Plugin.define "MikroTik" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "MikroTik router"
  @website = "http://www.mikrotik.com"

  # identifying strings
  # <title>mikrotik routeros > administration</title>
  # <div class="top">mikrotik routeros 3.20 configuration page</div>
  # <div class="top">mikrotik routeros 2.9.27 configuration page</div>

  # Dorks #
  @dorks = [
    'intitle:"mikrotik routeros > administration" "Winbox is the graphical configuration application for RouterOS."'
  ]

  # Matches #
  @matches = [

    { text: "<title>mikrotik routeros > administration</title>" },
    { version: /<div class="top">mikrotik routeros ([^ ]+) configuration page</, name: "mikrotik routeros ([^ ]+) configuration page" },
    { md5: "bacf8a0c6f3e702db9be393989b2a0b5", name: "401 page" }

  ]
end

#MiniBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/minibb.rb', line 9

WhatWeb::Plugin.define "MiniBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "MiniBB is a free standalone open source program for building your own Internet forum."
  @website = "http://www.minibb.com/"

  # Google results as at 2011-02-27 #
  # 210 for "Powered by MiniBB"

  # Dorks #
  @dorks = [
    '"Powered by MiniBB"'
  ]

  # Matches #
  @matches = [

    # Default Copyright HTML Comment
    { text: '<td class="tbTransparent txtR"><!--miniBB Copyright link. You are not allowed to remove it if you have not purchased the Commercial License. Refer to COPYING file for more-->' },

    # Powered by text
    { regexp: /Powered by <a[^>]+href="http:\/\/www.minibb.(com|net)"[^>]*>miniBB[^<]{0,15}<\/a>/i },

    # Version Detection # Powered by text
    { version: /Powered by <a[^>]+href="http:\/\/www.miniBB.(com|net)"[^>]*>miniBB ([^<]{1,7})<\/a>/i, offset: 1 },

  ]
end

#MiniCWBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/minicwb.rb', line 9

WhatWeb::Plugin.define "MiniCWB" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.1"
  @description = "miniCWB is a Content Management Software and is meant to satisfy the needs of those who do not have access to a database, but want a dynamic website, editable through admin area and most of all, based on a FREE solution. The most important aspect about this software is that it is search engine optimised, and thus very popular."
  @website = "http://www.mini-open-cms.com/"

  # 51 results for "powered by MiniCWB" @ 2010-08-28

  # Dorks #
  @dorks = [
    '"powered by MiniCWB"'
  ]

  @matches = [

    # Meta author
    { text: '<meta name="Author" content="GraFX srl - http://www.grafxsoftware.com" />' },

    # HTML text
    { text: '<!--Copyright link. You may not remove it if you use free GPL licence. Refer to ./LICENSE file for more-->' },

    # Powered by text
    { text: '<p>Powered by <a href="http://www.grafxsoftware.com/" class="text" title="Powered by CWB - small Open CMS - Content Management System">CWB</a>' },
    { text: "<a href='http://www.mini-open-cms.com' rel='external'>Powered by miniCWB</a>" },

  ]
end

#MintObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/mint.rb', line 9

WhatWeb::Plugin.define "Mint" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "Mint is an extensible, self-hosted web site analytics program"
  @website = "http://www.haveamint.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["'][^>]*mint\/\?js/i },

  ]
end

#MistCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/mistcms.rb', line 9

WhatWeb::Plugin.define "MistCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "MistCMS is a free Content Management System written in PHP that allows you to dynamically edit the content on your website without having to reupload everything every time you want to make a change."

  # Google results as at 2011-03-03 #
  # 1 for MistCMS intitle:MistCMS inurl:admin Username Password

  # Matches #
  @matches = [

    # Admin Page
    { text: '<div class="page">login</div><form method="post" action="mist.php">' },

    # HTML Comment
    { text: '<!-- Powered by MistCMS @ dvondrake.com -->' },

  ]
end

#MivaMerchantObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/mivamerchant.rb', line 9

WhatWeb::Plugin.define "MivaMerchant" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-10
  @version = "0.1"
  @description = "MivaMerchant is a flexible and powerful eCommerce software that help businesses set up a professional online store, shopping cart system, secure checkout, and more."
  @website = "http://www.mivamerchant.com/"

  # ShodanHQ results as at 2012-06-26 #
  # 1,299 for htscallerid

  # Google results as at 2012-06-26 #
  # 654 for inurl:merchant.mvc ext:mvc

  # Dorks #
  @dorks = [
    'inurl:merchant.mvc ext:mvc'
  ]

  # Matches #
  @matches = [

    # div id="mmcategorytree"
    { text: '<div id="mmcategorytree">' },

    # inurl:merchant.mvc filetype:mvc
    { ghdb: 'inurl:merchant.mvc filetype:mvc' },

    # Set-Cookie # htscallerid
    { search: "headers[set-cookie]", regexp: /htscallerid=/ },

  ]
end

#MJNioHttpDaemonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/mjniohttpdaemon.rb', line 9

WhatWeb::Plugin.define "MJNioHttpDaemon" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-14
  @version = "0.1"
  @description = "MJNioHttpDaemon"
  # Any idea who makes this? Please contact me

  # ShodanHQ results as at 2011-09-14 #
  # 12 for MJNioHttpDaemon
  # 12 for MJNIOHTTPDSESSIONID

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^MJNioHttpDaemon\/([^\s]+)/ },

    # MJNIOHTTPDSESSIONID Cookie
    { search: "headers[set-cookie]", regexp: /MJNIOHTTPDSESSIONID=/ },

  ]
end

#MKPortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/mkportal.rb', line 9

WhatWeb::Plugin.define "MKPortal" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "MKPortal blog and forum software - Homepage [offline] : http://www.mkportal.it/"

  # Google results as at 2011-03-05 #
  # 307 for inurl:"index.php?ind=blog"

  # Dorks #
  @dorks = [
    'inurl:"index.php?ind=blog"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="MKPortal" />' },

    # CSS Comment
    { text: '|   Cascading Style Sheet for MKportal "Forum" Portal Template' },

    # HTML Comment
    { certainty: 25, text: '<!-- end close portal body -->' },

    # Version Detection # Copyright link
    { version: /<a style="text-decoration: none;" href="http:\/\/www.mkportal.it\/" target="_blank">MKPortal<\/a> ([^&^<]+)(<\/b>)? &copy;2003-20[\d]{2}/ },

  ]
end

#MnoGoSearchObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 changed âo .3

Version 0.2 remove :certainty, :name and vulnerability description



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/mno-go-search.rb', line 15

WhatWeb::Plugin.define "MnoGoSearch" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "mnoGoSearch is an opensource website search engine. Homepage http://www.mnogosearch.org"

  # Dorks #
  @dorks = [
    '"Powered by mnoGoSearch"'
  ]

  # Matches #
  @matches = [

    { regexp: /Powered by mnoGoSearch .{3} free web search engine software/ },
    { certainty: 75, regexp: /<title>mnoGoSearch:/ },

  ]
end

#MobilityGuardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/mobilityguard.rb', line 9

WhatWeb::Plugin.define "MobilityGuard" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-05
  @version = "0.1"
  @description = "MobilityGuard is a suite of security products from the company by the same name."
  @website = "http://www.mobilityguard.com/"

  # ShodanHQ results as at 2011-08-05 #
  # 123 for MobilityGuard

  # Matches #
  @matches = [

    # Cookies Required Page # More info link # /mg-local/cookie.html
    { url: "/mg-local/cookie.html", text: '<font size=2>Click here for more information about MobilityGuard.</font></a></center><br>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if /^MobilityGuard/.match?(target.headers["server"])

      m << { name: "HTTP Server Header" }

      if target.headers["server"] =~ /^MobilityGuard v([^\s]+)$/
        m << { version: $1.to_s }
      end
    end

    # Return passive matches
    m
  end
end

#MochiWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/mochiweb.rb', line 12

WhatWeb::Plugin.define "MochiWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-21
  @version = "0.2"
  @description = "MochiWeb is an Erlang library for building lightweight HTTP servers. WebMachine is a REST-based system for building web applications on top of the bit-pushing and HTTP syntax-management provided by MochiWeb, and provides a simple and clean way to connect that to your application's behavior. - Homepages: https://github.com/mochi/mochiweb - https://bitbucket.org/justin/webmachine/wiki/Home"

  # ShodanHQ results as at 2011-06-21 #
  # 190 for MochiWeb
  # 155 for MochiWeb -WebMachine

  @matches = [
    # HTTP Server Header
    { regexp: /^MochiWeb/, search: "headers[server]" },
    # Version Detection
    { version: /^MochiWeb\/([^\s]+)/, search: "headers[server]" },
    # Version Detection # WebMachine Module
    { module: /^MochiWeb.*(WebMachine\/[^\s]+)/, search: "headers[server]" },

  ]
end

#ModernizrObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/modernizr.rb', line 9

WhatWeb::Plugin.define "Modernizr" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "Modernizr adds classes to the <html> element which allow you to target specific browser functionality in your stylesheet. You don't actually need to write any Javascript to use it. [JavaScript]"
  @website = "http://www.modernizr.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["'][^>]*modernizr[^>]*\.js/i },

    # Version Detection # JavaScript Source
    { version: /<script [^>]*src=["'][^>]*modernizr-([^>]+)\.js/i },

  ]
end

#ModLogAnObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/modlogan.rb', line 9

WhatWeb::Plugin.define "ModLogAn" do
  @author = "Brendan Coles <[email protected]>" # 2012-11-11
  @version = "0.1"
  @description = "Modlogan is a modular logfile analyzer which is currently able to parse ftp-, webserver and squid logs."
  @website = "http://modlogan.com/"

  # Google results as at 2012-011-11 #
  # 339 for "Output generated by modlogan"

  # Dorks #
  @dorks = [
    '"Output generated by modlogan"'
  ]

  # Matches #
  @matches = [

    # Stylesheet
    { text: '<link rel="stylesheet" href="modlogan.css" type="text/css" />' },
    { text: '<LINK REL=STYLESHEET HREF="modlogan.css" type="text/css"></HEAD>' },

    # Version Detection # Generated by footer
    { version: /Output generated by <a href="http:\/\/www\.(modlogan\.org|kneschke\.de\/projekte\/modlogan\/)">modlogan ([^\s^<]+)<\/a>/, offset: 1 },

  ]
end

#mojoPortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website parameter and description

Version 0.2 # 2011-03-04 # Added match for setup page



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/whatweb/plugins/mojoportal.rb', line 15

WhatWeb::Plugin.define "mojoPortal" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-09
  @version = "0.3"
  @description = "mojoPortal is Free and Open Source. Create accessible, standards compliant web pages and content right in the browser. Powerful content management, easy to learn, easy to use."
  @website = "http://www.mojoportal.com/"

  # Google results as at 2011-03-04 #
  # 392 for "Powered by mojoPortal"
  # 22  for "Welcome to mojoPortal Setup" intitle:"mojoPortal Setup"

  # Dorks #
  @dorks = [
    '"Powered by mojoPortal"'
  ]

  # Matches #
  @matches = [

    # GHDB: "Powered by mojoPortal"
    { certainty: 25, ghdb: '"Powered by mojoPortal"' },

    # Powered by text
    { text: "<a href='http://www.mojoportal.com' >Powered by mojoPortal</a>" },

    { text: "<a href='http://www.mojoportal.com'  title='mojoPortal.com'>Powered by mojoPortal</a>" },

    # Default Head+Title HTML
    { certainty: 25, regexp: /<head id="ct[0-9]+_Head[0-9]+"><title>/i },

    # Setup Page # Default logo HTML
    { text: '	<img src="../Data/SiteImages/mojoportal-logo-med.gif" alt="mojoPortal Content Management System" />' },

    # Setup Page # Default CSS
    { text: '<link id="Link1" runat="server" rel="stylesheet" href="../Data/style/setup.css" type="text/css"  />' },

  ]
end

#MongoDBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/mongodb.rb', line 10

WhatWeb::Plugin.define "MongoDB" do
  @author = "Steve 'Ashcrow' Milner"
  @version = "0.1"
  @description = "Identifies the admnistration console of MondoDB. http://www.mongodb.org/"

  ##
  # Would be a good idea to find common items in stacktraces which identify
  # the use of mongodb to expand this beyond just administration console.
  ##

  @matches = [

    { name: "Title",
      certainty: 75,
      regexp: /<title>mongod [^<]+<\/title>/ },

    { name: "Commands",
      certainty: 75,
      text: '<a href="/buildInfo?text=1" title="get version #, etc.
    { buildinfo:1 }">buildInfo</a> <a href="/cursorInfo?text=1" title=" example: { cursorInfo : 1 }">cursorInfo</a>' },

    { name: "Info",
      certainty: 100,
      regexp: /<pre>db version v[\d\.]+, pdfile version [\d\.]+\ngit hash:/,
      version: /<pre>db version v([\d\.]+){1}/ },
  ]
end

#MongrelObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/mongrel.rb', line 9

WhatWeb::Plugin.define "Mongrel" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-15
  @version = "0.1"
  @description = "Mongrel is an open-source HTTP library and web server written in Ruby."
  @website = "http://rubyforge.org/projects/mongrel/"

  # ShodanHQ results as at 2011-03-13 #
  # 5,815 for Mongrel

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Mongrel ([\d][^\s]+)/ },

  ]
end

#MonkeyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/monkey.rb', line 12

WhatWeb::Plugin.define "Monkey" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "Monkey is a very small, fast and scalable web server for Linux."
  @website = "http://www.monkey-project.com/"

  # ShodanHQ results as at 2011-06-02 #
  # 41 for Server Monkey Linux

  @matches = [
    # HTTP Server Header
    { regexp: /^Monkey/, search: "headers[server]" },
    # Version Detection # HTTP Server Header
    { version: /^Monkey\/([\d\.]+)/, search: "headers[server]" },

  ]
end

#MoodleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 remove :name & :certainty, updated description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/moodle.rb', line 12

WhatWeb::Plugin.define "Moodle" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "Opensource educational software written in PHP."
  @website = "http://www.moodle.org/"

  # In earlier versions of Moodle, the version number was sometimes available (depending upon the theme used) by hovering over the Moodle logo on the front page. This functionality was removed in Moodle 1.9.7 onwards for security reasons.

  # ShodanHQ results as at 2012-03-02 #
  # 11,952 for MoodleSession
  # 10,431 for MoodleSessionTest
  #  8,529 for MOODLEID_

  # Google results as at 2012-3-02 #
  # 191 for inurl:"login/index.php?MoodleSession"

  # Dorks #
  @dorks = [
    'inurl:"login/index.php?MoodleSession"'
  ]

  # Matches #
  @matches = [

    # Link Title
    { regexp: /<a title="Moodle[^"]+" href="http:\/\/moodle\.org\/">/ },

    # Link Title # Version Detection
    { version: /<a title="Moodle ([\d\.]+[^"]+)" href="http:\/\/moodle\.org\/">/ },

    # Logo HTML
    { name: "moodle logo.gif", certainty: 75, regexp: /<img style="width:100px;height:30px" src="[^"]+\/moodlelogo\.gif" alt="moodlelogo" \/>/ },

    # Set-Cookie # MoodleSession
    { name: "MoodleSession Cookie", search: "headers[set-cookie]", regexp: /MoodleSession=/ },

    # Set-Cookie # MOODLEID_*
    { name: "MOODLEID_ Cookie", search: "headers[set-cookie]", regexp: /MOODLEID_[^\s^=]*=/ },

  ]
end

#MooToolsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/mootools.rb', line 9

WhatWeb::Plugin.define "MooTools" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-02
  @version = "0.1"
  @description = "MooTools is a compact, modular, Object-Oriented JavaScript framework designed for the intermediate to advanced JavaScript developer. It allows you to write powerful, flexible, and cross-browser code with its elegant, well documented, and coherent API."
  @website = "http://mootools.net/"

  # 22 results for ext:js "Copyright (c) 2006-2008 Valerio Proietti" "http://mad4milk.net"

  # Dorks #
  @dorks = [
    'ext:js "Copyright (c) 2006-2008 Valerio Proietti" "http://mad4milk.net"'
  ]

  @matches = [

    # mootools.core.js
    { regexp: /^\/\/ Load your build at: http:\/\/mootools.net\/core\// },

    # Verson Detection # mootools.core.js
    { version: /^MooTools.More[\s]*=[\s]*\{[\s]*version:[\s]*["']?([^\"^\']+)["']?/ },
    { version: /^var MooTools[\s]*=[\s]*\{[\s]*version:[\s]*["']?([^\"^\']+)/ },

    # mootools.more.js
    { regexp: /^\/\/MooTools More, <http:\/\/mootools.net\/more>. Copyright \(c\) 2006-2008 Valerio Proietti, <http:\/\/mad4milk.net>, MIT Style License./ },

  ]
end

#MotoritoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/motorito.rb', line 9

WhatWeb::Plugin.define "Motorito" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-25
  @version = "0.1"
  @description = "Motorito"
  @website = "http://www.motorito.com/"

  # 77 results for inurl:mmod=staticContent @ 2010-09-25

  # Dorks #
  @dorks = [
    'inurl:mmod=staticContent'
  ]

  @matches = [

    # HTML comments
    { text: '<!-- end META_TAGS subst -->' },
    { text: '<!-- CAL POSAR UN DISCRIMINADOR DE NAVEGADORS PER CARREGAR ELS ESTILS ADEQUATS -->' },

  ]
end

#MoxaHttpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/moxahttp.rb', line 12

WhatWeb::Plugin.define "MoxaHttp" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "Device Networking for Industry: device server, industrial ethernet switch."
  @website = "http://www.moxa.com/product/product.aspx"

  # ShodanHQ results as at 2011-05-30 #
  # 3,104 for MoxaHttp

  @matches = [
    # HTTP Server Header
    { regexp: /^MoxaHttp/, search: "headers[server]" },
    # Version Detection # HTTP Server Header
    { version: /^MoxaHttp\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#MRTGObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 by Andrew Horton Replaced matches, replaced Google dork, replaced examples Plugin still needs to be tested on all versions of MRTG



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/mrtg.rb', line 13

WhatWeb::Plugin.define "MRTG" do
  @author = "Aung Khant <http://yehg.net/>" # 2012-02-10
  @version = "0.2"
  @description = "MRTG - Multi Router Traffic Grapher - http://oss.oetiker.ch/mrtg/"

  # Google results as at 2012-08-09 #
  # 8330 for intitle:"MRTG Index Page"

  # Matches #
  @matches = [
    { name: "Title", regexp: /<TITLE>MRTG Index Page<\/TITLE>/i },
    { name: "Logo in footer", regexp: /HREF="http:\/\/oss.oetiker.ch\/mrtg\/"><IMG[\s]*BORDER=0 SRC="mrtg-l.png"/mi },

    { name: "Logo in footer2", regexp: /HREF="http:\/\/www.ee.ethz.ch\/~oetiker\/webtools\/mrtg\/">.*src=mrtg-l.png alt=MRTG/mi },

    { name: "Logo image", url: "/mrtg-l.png", md5: "241244d0d8845dcad7e891e84e79d63f" },
    { version: /<title>MRTG Index Page.*version ([^<]+)<\/font><\/td>/mi }

  ]
end

#MSFWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/msfweb.rb', line 9

WhatWeb::Plugin.define "MSFWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-06
  @version = "0.1"
  @description = "Metasploit Framework Web Console"
  @website = "http://www.metasploit.com/"

  # Matches #
  @matches = [

    # Version Detection # Default Title
    { version: /<title>Metasploit Framework Web Console [v]?([\d\.]{1,6})-(dev|release)<\/title>/ },
    { version: /<title>Metasploit Framework Web Console [v]?([\d\.]{1,6})-(dev|release)<\/title>/, offset: 1 },

    # Meta Author
    { text: '<meta name="Author" content="Mike Whitehead (mwhite22[at]caledonian.ac.uk), Metasploit LLC" />' },

    # Meta Copyright
    { text: '<meta name="Copyright" content="(c) 2007, Mike Whitehead (mwhite22[at]caledonian.ac.uk), (c) 2006-2007 Metasploit LLC" />' },

    # Default JavaScript
    { regexp: /<script>[\r\n\s]*document.writeln('<link rel="stylesheet" type="text\/css" href="' + mainStyle + '">'); \/\/ MSFWeb main stylesheet[\r\n\s]*document.writeln('<link rel="stylesheet" type="text\/css" href="' + windowStyle + '">'); \/\/ Window frame stylesheet[\r\n\s]*<\/script>/ },

  ]
end

#MSGSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/msgs.rb', line 9

WhatWeb::Plugin.define "MSGS" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-20
  @version = "0.1"
  @description = "Mercury Satellite Ground Station is a software system for commanding and controlling a satellite ground station. It's goal is to help enable ubiquitous access to satellite resources via the Internet."
  @website = "Homepage: http://mgsn.sourceforge.net/"

  # Google results as at 2011-05-20 #
  # 2 for intitle:"Mercury Satellite Ground Station"

  # Dorks #
  @dorks = [
    'intitle:"Mercury Satellite Ground Station"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Default Title
    { version: /<title> Mercury Satellite Ground Station: Version ([\d\.]+)<\/title>/ },

  ]
end

#MShiftObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/mshift.rb', line 9

WhatWeb::Plugin.define "MShift" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.1"
  @description = "MShift - Comprehensive Mobile Banking - Over 200 US Financial Institutions are MShift clients. With a base comprised of the largest banks in the world, as well as regional credit unions and local banks, MShift is the standard by which Mobile Banking is measured."
  @website = "http://www.mshift.com/"

  # Google results as at 2011-05-12 #
  # 53 for inurl:msestks

  # Dorks #
  @dorks = [
    'inurl:msestks'
  ]

  # Matches #
  @matches = [

    # Default Page # body
    { text: '<BODY><b>MShift, Inc</b><br>Relevant Mobile Solutions<br>http://www.mshift.com' },

    # Powered by text
    { text: '<td align="center"><font size="-1" color="#FFFFFF">Powered by MShift&reg;</font></td></tr>' },
    { text: '<td align="center"><font size="-1" color=#FFFFFF>Powered by MShift&reg;</font></td></tr>' },
    { text: '<div class="poweredBy">Powered by MShift &reg;</div>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # dcttype cookie
    m << { certainty: 25, name: "dcttype cookie" } if target.headers["set-cookie"] =~ /^dcttype=1$/

    # Return passive matches
    m
  end
end

#MultiPowUploadObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/multipowupload.rb', line 9

WhatWeb::Plugin.define "MultiPowUpload" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "MultiPowUpload is a Flash movie that has been created to replace the classic file uploading via Form in a browser. MultiPowUpload works in a >95% browsers and can also be placed on a web site easily. It offers lots of new possibilities that are not available during the usual upload via Form."
  @website = "http://www.element-it.com/multiple-file-upload/flash-uploader.aspx"

  # Google results as at 2011-02-27 #
  # 5 for inurl:"FileProcessingScripts/PHP/uploadfiles.php"
  # 11 for "Visit MultiPowUpload web site for new release and support information." intitle:"Element-It MultiPowUpload"

  # Dorks #
  @dorks = [
    '"Visit MultiPowUpload web site for new release and support information." intitle:"Element-It MultiPowUpload"'
  ]

  # Matches #
  @matches = [

    # FileProcessingScripts/PHP/uploadfiles.php
    { text: 'Upload result:<br><pre>No files sent. Script is OK!Here is some more debugging info:Array' },

    # Version Detection # Readme
    { version: /		<title>Element-It MultiPowUpload ([\d\.]+) Examples<\/title>/ },
    { version: /		<h2>Element-<font color="#de0000">It<\/font> MultiPowUpload ([\d\.]+) Examples<\/h2>/ },

    # Support info link
    { text: '		Visit <a href="http://www.element-it.com/MultiPowUpload.aspx">MultiPowUpload</a> web site for new release and support information.' },
    { text: '		Visit <a href="http://www.element-it.com/multiple-file-upload/flash-uploader.aspx">MultiPowUpload</a> web site for new release and support information.' },

    # Default param
    { text: '<PARAM NAME="FlashVars" VALUE="uploadUrl=FileProcessingScripts/PHP/uploadfiles.php' },

    # Default embed tag
    { text: '<embed bgcolor=[^>]+src="ElementITMultiPowUpload.swf" quality="high" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"' },

    # Version Detection # embed tag
    { version: /<embed bgcolor=[^>]+src="ElementITMultiPowUpload([\d\.]{1,5}).swf" quality="high" pluginspage="http:\/\/www.macromedia.com\/shockwave\/download\/index.cgi\?P1_Prod_Version=ShockwaveFlash"/ },

  ]
end

#MusicboxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/musicbox.rb', line 9

WhatWeb::Plugin.define "Musicbox" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-27
  @version = "0.1"
  @description = "Musicbox is a web application for managing a songs database."
  @website = "http://www.musicboxv2.com/"

  # Google results as at 2011-07-27 #
  # 111 for inurl:genre_artists.php
  #   5 for "Welcome to Musicbox Version" "Administration Control Panel"

  # Dorks #
  @dorks = [
    'inurl:genre_artists.php'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- THE FOLLOWING IS NEEDED FOR THE AUTO-COMPLETE SEARCH BOX -->' },

    # CSS
    { text: '<link rel="stylesheet" href="template/musicboxv2.css" type="text/css">' },

    # HTML Comment
    { text: '<!-- Please dont edit this unless you are advanced coder -->' },

    # Version Detection # Footer
    { version: /<tr><td align="center"> <a href="http:\/\/www\.musicboxv2\.com" target="_blank">Musicbox<\/a> Version ([^\s]+)&copy; 20[\d]{2}/ },

    # Admin Page # My Account Link
    { text: "<tr><td align='left'><a href='../userinfo.php?user=admin' target='_blank'>My Account</a></td>" },

    # Admin Page # Version Detection # Heading
    { version: /<div id='logomain'><div id='logotopmain'><div style='font-weight:bold;font-size:12px;color:#000;padding-top:14px;padding-left:4px'>Welcome to Musicbox Version ([^\s]+) Administration Control Panel<\/div>/ },

    # Admin Page # Version Detection # Footer
    { version: /<div id='tdrow5' align=center><br>Musicbox Version ([^\s]+) @ 20[\d]{2} - <a href="http:\/\/www\.MusicboxV2\.com">MusicboxV2\.com<\/a> - Shalwan Entperises<\/div><br><br>/ },

  ]
end

#MyBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/mybb.rb', line 9

WhatWeb::Plugin.define "MyBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-26
  @version = "0.1"
  @description = "MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. MyBB has been designed with the end users in mind, you and your subscribers. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles and themes to the ultimate customization of your forums using the template system."
  @website = "http://mybb.com/"

  # Google results as at 2011-02-26 #
  # 289 for "Powered By MyBB"

  # Dorks #
  @dorks = [
    '"Powered By MyBB"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '				<!-- MyBB is free software developed and maintained by a volunteer community. ' },
    { text: '				<!-- You may NOT remove, modify or hinder the visibility of the MyBB copyright at any time.' },
    { text: '<!-- The following piece of code allows MyBB to run scheduled tasks. DO NOT REMOVE --><img' },

    # Powered by text
    { regexp: /Powered By <a href="http:\/\/(mybb.com\/|www.mybboard.net)" target="_blank">MyBB<\/a>, &copy; 2002-20[\d]{2} <a href="http:\/\/(mybb.com\/|www.mybboard.net)" target="_blank">MyBB Group<\/a>./ },

    # Simple powered by text
    { text: 'Powered By <a href="http://www.mybboard.com" target="_blank">MyBB</a>' },

  ]
end

#MyHobbySiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-16 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/myhobbysite.rb', line 12

WhatWeb::Plugin.define "MyHobbySite" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-12
  @version = "0.2"
  @description = "MyHobbySite is a website Content Management System (CMS) programmed in PHP and tailored specifically for collectors of live music. Like any other CMS, MyHobbySite supports page creation, file management, and dynamic text editing via a WYSIWYG editor."
  @website = "http://www.myhobbysite.net/"

  # Google results as at 2010-09-12 #
  # 71 for "Powered by MyHobbySite"

  # Dorks #
  @dorks = [
    '"Powered by MyHobbySite"'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: ' (Powered by MyHobbySite)</title>' },

    # HTML comment
    { text: '					<!-- Removing the copyright notice without purchasing the MyHobbySite Copyright Removal License voids the MyHobbySite End User License Agreement -->' },

    # HTML comment
    { text: '		<a name="top"></a> <!-- Necessary for the "jump to the top of the page" links -->' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.myhobbysite.net" target="_blank">MyHobbySite<\/a> ([\d\.]+) / },

  ]
end

#MyShellObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/myshell.rb', line 9

WhatWeb::Plugin.define "MyShell" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-21
  @version = "0.1"
  @description = "MyShell - PHP powered shell"

  # 4 for intitle:"MyShell 1.1.0 build 20010923" -intitle

  # Dorks #
  @dorks = [
    'intitle:"MyShell 1.1.0 build 20010923" -intitle'
  ]

  # Matches #
  @matches = [

    # Default copyright footer
    { text: '&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a>' },

    # Version Detection # Title
    { version: /<title>MyShell ([\d\.]+ build [\d]{8})<\/title>/ },

  ]
end

#MySqlDumperObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/mysqldumper.rb', line 9

WhatWeb::Plugin.define "MySqlDumper" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.1"
  @description = "MySQLDumper is a free PHP/Perl script to backup your important MySQL-Data safe and secure and restore them in the case of an emergency."
  @website = "http://www.mysqldumper.net/"

  # Google results as at 2011-05-12 #
  # 102 for inurl:sql_statement inurl:sql.php intitle:MySqlDumper
  # 25 for inurl:mysqldumper/sql.php

  # ShodanHQ results as at 2011-05-12 #
  # 5 for MySQLDumper

  # Dorks #
  @dorks = [
    'inurl:sql_statement inurl:sql.php intitle:MySqlDumper'
  ]

  # Matches #
  @matches = [

    # Select HTML
    { text: '<select class="SQLCombo" name="tablecombo" onchange="this.form.sqltextarea.value=this.options[this.selectedIndex].value;this.form.execsql.click();">' },

    # Warning HTML
    { text: 'align="center">The execution of SQL Statements can manipulate data. TAKE CARE! The Authors don\'t accept any liability for damaged or lost data.</div>' },

    # Select Database link
    { text: '<a title="Select Database / Datebase functions / Import - Export " href="sql.php?db=&amp;dbid=0&amp;context=3' },

  ]

  # Passive #
  def passive(target)
    m = []

    # MySQLDumper Cookie
    m << { name: "MySQLDumper Cookie" } if target.headers["set-cookie"] =~ /MySQLDumper=[a-z\d]{16,32}/

    # WWW-Authenticate realm
    m << { name: "WWW-Authenticate realm" } if target.headers["www-authenticate"] =~ /^Basic realm="MySQLDumper"$/

    # Return passive matches
    m
  end
end

#MySQLManObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/mysqlman.rb', line 9

WhatWeb::Plugin.define "MySQLMan" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-21
  @version = "0.1"
  @description = "MySQLMan is a web based MySQL database manager."
  @website = "http://www.gossamer-threads.com/products/archive.html"

  # Google results as at 2011-09-21 #
  # 8 for inurl:"mysql.cgi?do="

  # Dorks #
  @dorks = [
    'inurl:"mysql.cgi?do="'
  ]

  # Matches #
  @matches = [

    # Create Link
    { text: '| <A href="mysql.cgi?do=top_level_op&data_source=&action=create_db">Create</A>' },

    # Version Detection # Powered by link
    { version: /<p align="right"><a href="http:\/\/www\.gossamer-threads\.com\/scripts\/"><font face="Verdana, Arial, Helvetica" size="1">MySQLMan[\s]+v\. ([^\s^<]+)<br>/ },

  ]
end

#MyWebFTPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/mywebftp.rb', line 9

WhatWeb::Plugin.define "MyWebFTP" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-20
  @version = "0.1"
  @description = "MyWebFTP web FTP client. MyWebFTP is designed for a professional web developer to do all your daily online file management tasks from one place. Install MyWebFTP on one of your websites, and it will allow you to quickly and efficiently manage files of all your websites via FTP."
  @website = "http://mywebftp.com/"

  # 6 for intitle:mywebftp "Please enter your password" -intitle

  # Dorks #
  @dorks = [
    'intitle:mywebftp "Please enter your password" -intitle'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 75, text: '<TITLE>MyWebFTP</TITLE>' },

    # Form
    { text: '<FORM METHOD=post NAME="mwForm" ENCTYPE="multipart/form-data" ACTION="' },

    # Version Detection
    { version: /^<P><B>MyWebFTP (Hoster|Free)<\/B> Version ([\d\.]+)/, offset: 1 },

    # Year Detection
    { string: /<BR>Copyright &copy 2000-(20[\d]{2}) <A HREF="http:\/\/www\.mywebftp\.com\/">MyWebFTP<\/A>/ },

    # CSS
    { text: '<LINK REL="stylesheet" TYPE="text/css" HREF=\'mwftp/common/mwftp.css\'>' },

    # JavaScript
    { text: '<SCRIPT LANGUAGE=JAVASCRIPT SRC=\'mwftp/common/mwftp.js\'></SCRIPT>' },

  ]
end

#MyZoneObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/myzone.rb', line 10

WhatWeb::Plugin.define "MyZone" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "Mobile 3G WiFi Rrouter"
  @website = "www.netcomm.com.au"

  @matches = [
    { regexp: /<title>MyZone<\/title>.*www\.netcomm\.com\.au/m }
  ]
end

#NabbleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/nabble.rb', line 9

WhatWeb::Plugin.define "Nabble" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-16
  @version = "0.1"
  @description = "Freed embeddable web apps"
  @website = "http://www.nabble.com/"

  # Google results as at 2011-05-16 #
  # 480 for "powered by Nabble"

  # Dorks #
  @dorks = [
    '"powered by Nabble"'
  ]

  # Matches #
  @matches = [

    # Error Page # div class "nabble"
    { text: '<div class="nabble" id="nabble">' },

    # Error Page # Powered by link
    { text: 'Powered by <a href="http://www.nabble.com/" target="_top" title="Free forum and other embeddable web apps">Nabble</a>' },

    # table class "footer-table shaded-bg-color"
    { text: '<table class="footer-table shaded-bg-color">' },

  ]
end

#NamazuObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/namazu.rb', line 9

WhatWeb::Plugin.define "Namazu" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-30
  @version = "0.1"
  @description = "Namazu is a full-text search engine intended for easy use. Not only does it work as a small or medium scale Web search engine, but also as a personal search system for email or other files."
  @website = "http://www.namazu.org/"

  # Google results as at 2011-03-30 #
  # 259 for "powered by Namazu"

  # Dorks #
  @dorks = [
    '"powered by Namazu"'
  ]

  # Matches #
  @matches = [

    # Powered by footer
    { regexp: /This search system is powered by[\s]+<strong><a href="http:\/\/www\.namazu\.org\/">Namazu<\/a><\/strong>/ },
    { regexp: /Powered by <a href="http:\/\/www\.namazu\.(org|cc)\/[^"]*" target="_blank">(N|n)amazu<\/a>/ },

    # HTML Comment and strong tags
    { regexp: /<p><strong> Total <!-- HIT -->[\d]+<!-- HIT --> documents matching your query.<\/strong><\/p>/ },

    # Version Detection # HTML Comment
    { version: /<strong><a href="http:\/\/www\.namazu\.org\/">Namazu<\/a> <!-- VERSION --> v([\d\.]+) <!-- VERSION --><\/strong>/i },
    { version: /This search system is powered by <a href="http:\/\/www\.namazu\.org\/">Namazu<\/a> <!-- VERSION --> v([\d\.]+) <!-- VERSION --><\/p>/i },

  ]
end

#NaviCOPAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/navicopa.rb', line 12

WhatWeb::Plugin.define "NaviCOPA" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-25
  @version = "0.2"
  @description = "The NaviCOPA Web Server Software installs on any version of the Microsoft Windows operating system from 98 and up, including Windows Vista, and automatically configures itself for instant HTTP access. NaviCOPA does not limit the number of connections and comfortably serves 1000's of simultaneous connections"
  @website = "http://www.navicopa.com/"

  # ShodanHQ results as at 2011-03-25 #
  # 4 for InterVations

  @matches = [

    # HTTP Server Header
    { regexp: /^InterVations NaviCOPA/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^InterVations NaviCOPA Version ([\d\.]+) [\d]{1,2}[a-z]{2} [A-Z][a-z]+ [\d]{4}$/, search: "headers[server]" },

    # Set-Cookie
    { name: "NaviCopaSession Cookie", regexp: /^NaviCopaSession/, search: "headers[set-cookie]" },

  ]
end

#net2ftpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/net2ftp.rb', line 9

WhatWeb::Plugin.define "net2ftp" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-30
  @version = "0.1"
  @description = "net2ftp is a web based FTP client"
  @website = "http://www.net2ftp.com/"

  # Google results as at 2011-10-30 #
  # 211 for intitle:"net2ftp" "Clear cookies"
  # 133 for intitle:"net2ftp" "Clear cookies" "Passive mode"
  #  81 for "Powered by net2ftp - a web based FTP client" intitle:"net2ftp - a web based FTP client" "Clear cookies"

  # Dorks #
  @dorks = [
    'intitle:"net2ftp" "Clear cookies"',
    '"Powered by net2ftp - a web based FTP client" intitle:"net2ftp - a web based FTP client" "Clear cookies"'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 25, text: '<title>net2ftp - a web based FTP client</title>' },

    # Version Detection # HTML Comment
    { version: /<!-- net2ftp version ([^\s]+) -->/ },

    # HTML Comment
    { text: '<!-- End of net2ftp login form -->' },

  ]
end

#Net2PhoneObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/net2phone.rb', line 9

WhatWeb::Plugin.define "Net2Phone" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-19
  @version = "0.1"
  @description = "Net2Phone CommCenter is software that allows you to make phone calls and send faxes to anywhere in the world."
  @website = "http://www.net2phone.com/"

  # Google dorks as at 2011-04-19 #
  # 3 for intitle:"Net2Phone Init Page" "Net2Phone, Inc. All Rights Reserved."

  # Dorks #
  @dorks = [
    'intitle:"Net2Phone Init Page" "Net2Phone, Inc. All Rights Reserved."'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '<HTML><HEAD><TITLE>Net2Phone Init Page</TITLE>' },

    # Model Detection
    { model: /<P align=center><IMG border=0[\s]+src="([a-zA-Z]{2}[\d]+[a-zA-Z]?)\.gif" width="/ },

  ]
end

#netboardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/netboard.rb', line 9

WhatWeb::Plugin.define "netboard" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "netboard forum"

  # 70 for inurl:cgi-sys/netboard.cgi ext:cgi

  # Dorks #
  @dorks = [
    'inurl:cgi-sys/netboard.cgi ext:cgi'
  ]

  # Matches #
  @matches = [

    # URL pattern
    { ghdb: 'inurl:"cgi-sys/netboard.cgi" filetype:cgi' },

    # Form tags
    { text: '<td><form method=post action="netboard.cgi">' },
    { text: '<td><form method=post action=netboard.cgi>' },

  ]
end

#NetBoxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-21 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/netbox.rb', line 12

WhatWeb::Plugin.define "NetBox" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.2"
  @description = "NetBox HTTP server [Chinese]"
  @website = "http://www.netbox.cn/"

  # ShodanHQ results as at 2011-03-14 #
  # 1,778 for NetBox -realm

  @matches = [
    # HTTP Server Header
    { regexp: /^NetBox/, search: "headers[server]" },
    # Version Detection # HTTP Server Header
    { version: /^NetBox Version (.+)$/, search: "headers[server]" },

  ]
end

#NetjukeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/netjuke.rb', line 9

WhatWeb::Plugin.define "Netjuke" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-13
  @version = "0.1"
  @description = "Netjuke is a Web-Based Audio Streaming Jukebox"
  @website = "http://sourceforge.net/projects/netjuke"

  # Google results as at 2012-07-13 #
  # 13 for inurl:"search.php?do=list.tracks"

  # Dorks #
  @dorks = [
    'inurl:"search.php?do=list.tracks"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- Start Primary Header -->' },
    { text: '<!-- Begin Primary Footer -->' },

    # JavaScript # onClick
    { text: "onClick=\"window.open('alphabet.php?do=alpha.artists','NetjukeRemote'" },

  ]
end

#NetPortObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/netport.rb', line 12

WhatWeb::Plugin.define "NetPort" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "NetPort server - used by several routers."

  # ShodanHQ results as at 2011-05-30 #
  # 83,817 for NetPort

  @matches = [

    # HTTP Server Header
    { regexp: /^NetPort Software/, search: "headers[server]" },

    # Version Detection
    { version: /^NetPort Software ([^\s]+)$/, search: "headers[server]" },

    # Netport HTTP Header # Netport: Power by NetPort
    { name: "Netport HTTP Header", regexp: /^Power by NetPort$/, search: "headers[netport]" },

  ]
end

#NetPresenzObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/netpresenz.rb', line 12

WhatWeb::Plugin.define "NetPresenz" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "NetPresenz is a Classic Macintosh implementation of the WWW, Gopher and FTP server protocols. It is compatible with most web browsers and FTP clients. It allows your Mac to act as an FTP server so you (and others) can access your files from anywhere around the world. You can also host a web site directly from your computer."
  @website = "http://www.stairways.com/main/netpresenz"

  # ShodanHQ results as at 2011-06-04 #
  # 26 for netpresenz

  @matches = [
    # HTTP Server Header
    { regexp: /^NetPresenz/, name: "HTTP Server Header", search: "headers[server]" },

    # Version Detection
    { version: /^NetPresenz\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#NetqueryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/netquery.rb', line 9

WhatWeb::Plugin.define "Netquery" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-20
  @version = "0.1"
  @description = "Netquery is a complete PHP/SQL open-source toolkit of network utilities. Available as a standalone application and as a module for the following CMSs: e107, PHP-Fusion, Xaraya, Xoops and Zikula."
  @website = "http://virtech.org/tools/"

  # 89 results for inurl:"nquser.php" filetype:php -inurl

  # Dorks #
  @dorks = [
    'inurl:"nquser.php" filetype:php -inurl'
  ]

  # Matches #
  @matches = [

    # Default form
    { text: '<form class="nquser" action="nquser.php" method="post">' },

    # Default link + img class
    { text: '<a href="nquser.php?querytype=countries"><img class="gobuttonup"' },

    # legend tag
    { certainty: 75, text: '<legend>NQ User Interface</legend>' },

    # Top countries link
    { certainty: 75, text: '<br /><a href="nquser.php?formtype=countries">Top Countries' },

    # Admin link
    { text: '<a href="nqadmin.php"><img class="gobutton" src="images/btn_adm.gif" alt="Administration" /></a>' },

    # Error # Could not retrieve Netquery configuration data from the database.
    { md5: "24a75ccc492b5a9118a4d226c25895c1" },

  ]
end

#NetrefObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added description

Version 0.2 # 2011-02-15 # Updated version detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/netref.rb', line 15

WhatWeb::Plugin.define "Netref" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-03
  @version = "0.3"
  @description = "Website used to be http://www.netref.net/"

  # Google results as at 2011-02-15 #
  # 197 for "powered by Netref"
  # 29 for "Powered by Netref 5"

  # Dorks #
  @dorks = [
    '"powered by Netref"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: 'Annuaire Netref : http://www.netref.net' },

    # Version Detection # Powered by text
    { version: /<a href=['|"]?http:\/\/www.netref.(fr|net)['|"]? class=['|"]?lienp['|"]?[^>]*>Powered by Netref ([\d\.]+) &copy; [0-9]{4}<\/a>/, offset: 1 },

  ]
end

#NetsweeperObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/whatweb/plugins/netsweeper.rb', line 9

WhatWeb::Plugin.define "Netsweeper" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.1"
  @description = "Netsweeper provides internet content filtering and web threat management solutions that foster employee productivity, student safety and secure Internet access."
  @website = "http://www.netsweeper.com/"

  # Google results as at 2011-05-12 #
  # 11 for inurl:"8080/webadmin/deny/index.php"

  # ShodanHQ results as at 2011-05-12 #
  # 27 for 8080/webadmin/deny/index.php

  # Dorks #
  @dorks = [
    'inurl:"8080/webadmin/deny/index.php"'
  ]

  # Matches #
  @matches = [

    # overDiv
    { text: '<DIV id="overDiv" style="position:absolute; visibility:hidden; z-index:104;"></DIV>' },
    { text: '<div id="overDiv" style="position:absolute; visibility:hidden; z-index:104;"></div>' },

    # HTML Comment
    { text: "<!-- Body of content starts here -->" },

    # footer span class
    { text: "<BR><SPAN class='netsweepersmbtextatbottomofloginscreen'>" },
    { text: "<br><span class='netsweepersmbtextatbottomofloginscreen'>" },

    # Redirect page # HTML comment
    { text: "<!-- full_page_header.html START -->" },
    { text: "<!-- full_page_footer.html START-->" },

    # Redirect page # continue link
    { text: '<a target=_parent href="../" >Please click <u>here</u> to continue.</a>' },

    # powered by footer
    { text: '<a href="http://www.poweredbynetsweeper.com"><img src="http://www.poweredbynetsweeper.com/images/deny/global/poweredbynetsweeper.gif" border="0" alt="" align="top" /></a></td>' },
    { text: '<a href="http://www.poweredbynetsweeper.com"><img align=top border=0 src="http://www.poweredbynetsweeper.com/images/deny/global/poweredbynetsweeper.gif"></a>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # webadmin cookie
    m << { name: "webadmin cookie" } if target.headers["set-cookie"] =~ /webadmin=[a-z\d]{26}/

    # Redirect location header
    m << { name: "Redirect location header" } if target.headers["location"] =~ /\/webadmin\/deny\/index\.php\?dpid=[\d]+&dpruleid=[\d]+&/

    # Return passive matches
    m
  end
end

#NetVehicleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/netvehicle.rb', line 12

WhatWeb::Plugin.define "NetVehicle" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-08
  @version = "0.2"
  @description = "Fujitsu NetVehicle router [Japanese]"
  @website = "http://fenics.fujitsu.com/products/netvehicle/"

  # ShodanHQ results as at 2011-03-08 #
  # 9 for NetVehicle

  # Matches #
  @matches = [

    # Default Title
    { text: "<HEAD><TITLE>Welcome to NetVehicle</TITLE></HEAD>" },

    # Logo
    { url: "/nv_logo.gif", md5: "efff3142fb8f4e34836ca5b38ca40512" },

    # HTTP Server Header
    { regexp: /^NetVehicle/, search: "headers[server]" },

    # Model Detection
    { model: /^NetVehicle-([A-Z\d]{1,3})/, search: "headers[server]" },

  ]
end

#NetworXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/networx.rb', line 9

WhatWeb::Plugin.define "NetworX" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-19
  @version = "0.1"
  @description = "NetworX is PHP-based open source interactive social networking platform - Hompage: http://www.socialabc.com/"

  # Google results as at 2012-04-19 #
  # 12 for "powered by networx" "Privacy Policy Terms of Use About Us Contact Us"

  # Dorks #
  @dorks = [
    '"powered by networx" "Privacy Policy Terms of Use About Us Contact Us"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://www.socialabc.com">NetworX</a>' },

  ]
end

#NewscoopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/newscoop.rb', line 9

WhatWeb::Plugin.define "Newscoop" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-09
  @version = "0.1"
  @description = "Open content management system for professional journalists & online newspapers."
  @website = "http://www.sourcefabric.org/en/newscoop/"

  # Google results as at 2012-04-10 #
  # 49 for intitle:"Login" inurl:admin "Newscoop" "the open content management system for professional journalists."

  # Dorks #
  @dorks = [
    'intitle:"Login" inurl:admin "Newscoop" "the open content management system for professional journalists."'
  ]

  # Matches #
  @matches = [

    # /admin/ # Admin Page # Version Detection
    { version: /<a href="http:\/\/newscoop\.sourcefabric\.org\/" target="_blank">\s+Newscoop<\/a>&nbsp;([\d\.]+)[^,]*,\s+the open content management system for professional journalists\./ },

    # Powered by text
    { text: 'Powered by Newscoop, the open content management system for professional journalists.<br />' },
    { text: 'Powered by <a href="http://newscoop.sourcefabric.org/" target="_blank">Newscoop</a>, the open content management system for professional journalists.' },

    # Meta Generator
    { text: '<meta name="generator" content="Newscoop" />' },

  ]
end

#newswallObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/newswall.rb', line 9

WhatWeb::Plugin.define "newswall" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-12
  @version = "0.1"
  @description = "newswall"
  @website = "http://newswall.mayoco.de/"

  # Google results as at 2012-08-12 #
  # 121 for "There's no newswall without javascript - please activate"
  #   5 for "There's no newswall without javascript - please activate" inurl:newswall

  # Dorks #
  @dorks = [
    '"There\'s no newswall without javascript - please activate" inurl:newswall'
  ]

  # Matches #
  @matches = [

    # NoScript
    { regexp: /<div id="screen"><noscript><p class="js">\s*There's no newswall without javascript - please activate\.\.\.\s*<\/p><\/noscript><\/div>/ },

  ]
end

#NexusPHPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/nexusphp.rb', line 9

WhatWeb::Plugin.define "NexusPHP" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-01
  @version = "0.1"
  @description = "BitTorrent private tracker scripts written in PHP"
  @website = "http://sourceforge.net/projects/nexusphp/"

  # Google results as at 2011-07-01 #
  # 353 for "Powered by NexusPHP"
  #  31 for "Powered by NexusPHP" inurl:aboutnexus.php

  # Dorks #
  @dorks = [
    '"Powered by NexusPHP"',
    '"Powered by NexusPHP" inurl:aboutnexus.php'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="generator" content="NexusPHP"[\s]?\/>/ },

    # Cookies required message # English
    { text: '<p><b>Note</b>: You need cookies enabled to log in or switch language.<br /> [<b>' },

    # HTTPS mode input box # Multiple languages
    { text: '<tr><td class="rowhead">SSL (HTTPS):</td><td class="rowfollow" align="left"><input class="checkbox" type="checkbox" name="ssl" value="yes"' },

    # Year Detection # Powered by footer
    { string: /<\/a> (20[\d]{2})-20[\d]{2} Powered by <a href="aboutnexus\.php">NexusPHP<\/a>/ },

  ]
end

#nginxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/nginx.rb', line 9

WhatWeb::Plugin.define "nginx" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "Nginx (Engine-X) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server."
  @website = "http://nginx.net/"

  # ShodanHQ results as at 2011-03-13 #
  # 289,545 for nginx

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^nginx$/ },

    # Version Detection
    { search: "headers[server]", version: /^nginx\/([^\s]+).*$/ },

  ]
end

#NinkoBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/ninkobb.rb', line 9

WhatWeb::Plugin.define "NinkoBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "NinkoBB"
  @website = "http://ninkobb.com/"

  # Google results as at 2011-02-27 #
  # 55 for "Powered by NinkoBB"

  # Dorks #
  @dorks = [
    '"Powered by NinkoBB"'
  ]

  # Matches #
  @matches = [

    # Default Stylesheet
    { regexp: /<link href="[^"]*\/assets\/css\/ninko.css" rel="stylesheet" type="text\/css" \/>/ },

    # Powered by text
    { text: 'Powered by <a href="http://ninkobb.com">NinkoBB</a>' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/ninkobb.com\/">NinkoBB<\/a> v. ([\d\.]{1,5}) t./ },

  ]
end

#nopCommerceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/whatweb/plugins/nopcommerce.rb', line 9

WhatWeb::Plugin.define "nopCommerce" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.1"
  @description = "nopCommerce is an open source e-commerce solution that contains both a catalog frontend and an administration tool backend. nopCommerce is a fully customizable shopping cart. It's stable and highly usable. "
  @website = "http://www.nopcommerce.com/"

  # Google results as at 2011-03-14 #
  # 422 results for "powered by nopCommerce" "You have no items in your shopping cart."

  # Dorks #
  @dorks = [
    '"powered by nopCommerce" "You have no items in your shopping cart."'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 75, ghdb: '"powered by nopCommerce" "You have no items in your shopping cart."' },

    # HTML Comment # Powered by
    { text: '<!--Powered by nopCommerce - http://www.nopCommerce.com-->' },

    # If you have not purchased a valid "Copyright notice removal license" for nopCommerce, the copyright notice at the footer of your store must remain intact, unedited and clearly visible.

    # Powered by link
    { text: 'Powered by <a href="http://www.nopcommerce.com/">nopCommerce</a>' },

    # Powered by link # target _blank
    { text: 'Powered by <a href="http://www.nopcommerce.com" target="_blank">nopCommerce</a>' },

    # Admin Page # Login Button
    { text: '<input type="submit" name="LoginForm$LoginButton" value="Log in" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;LoginForm$LoginButton&quot;, &quot;&quot;, true, &quot;LoginForm&quot;, &quot;&quot;, false, false))" id="LoginForm_LoginButton" class="adminButtonBlue" />' },

    # Admin Page # Remember Me
    { text: '<input id="LoginForm_RememberMe" type="checkbox" name="LoginForm$RememberMe" checked="checked" /><label for="LoginForm_RememberMe">Remember me</label>' },

    # Admin Page # JavaScript
    { text: 'var LoginForm_UserNameOrEmailRequired = document.all ? document.all["LoginForm_UserNameOrEmailRequired"] : document.getElementById("LoginForm_UserNameOrEmailRequired");' },

  ]
end

#NoticeBoardProObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/noticeboardpro.rb', line 9

WhatWeb::Plugin.define "NoticeBoardPro" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "NoticeBoardPro is an online, web-based, notice board system"
  @website = "http://www.noticeboardpro.com/"

  # Google results as at 2011-05-19 #
  # 5 for inurl:viewAll.php?startnum
  # 7 for +noticeboard "View All Items" "View Items by Category"
  # 4 for inurl:viewAllOutline.php

  # Dorks #
  @dorks = [
    '"noticeboard" "View All Items" "View Items by Category"'
  ]

  # Matches #
  @matches = [

    # Version Detection # copyright footer
    { version: /<td align="center" colspan="4" height="38" width="572" bgcolor="#f5f5dc"><p class="copy">Version ([\d\.]+) -/ },

    # Register link
    { text: '<A HREF="registerOutline.php" CLASS="Xref" style="margin-right:10">[Register]</A>' },

    # Log in link
    { text: '<A HREF="loginOutline.php" CLASS="Xref" style="margin-left:165; margin-right:10">[Sign In]</A>' },

  ]
end

#noVNCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/novnc.rb', line 9

WhatWeb::Plugin.define "noVNC" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support."
  @website = "https://github.com/kanaka/noVNC"

  # Google results as at 2011-08-25 #
  # 6 for intitle:"noVNC" inurl:vnc_auto.html +Loading "Canvas not supported."

  # Dorks #
  @dorks = [
    'intitle:"noVNC" inurl:vnc_auto.html "Loading" "Canvas not supported."'
  ]

  # Matches #
  @matches = [

    # div id="VNC_status_bar" class="VNC_status_bar" # Automatically connect example
    { module: "Auto", text: '<div id="VNC_status_bar" class="VNC_status_bar" style="margin-top: 0px;">' },

    # Year Detection # Automatically connect example
    { module: "Auto", string: /<html>[\s]+<!-- [\s]+noVNC Example: Automatically connect on page load\.[\s]+Copyright \(C\) (20[\d]{2}) Joel Martin[\s]+Licensed under LGPL-3 \(see LICENSE\.txt\)[\s]+Connect parameters are provided in query string:[\s]+http:\/\/example\.com\/\?host=HOST&port=PORT&encrypt=1&true_color=1[\s]+-->[\s]+<head>[\s]+<title>noVNC<\/title>/ },

    # Year Detection # simple example using default UI
    { module: "Simple", string: /<html>[\s]+<!-- [\s]+noVNC example: simple example using default UI[\s]+Copyright \(C\) (20[\d]{2}) Joel Martin[\s]+Licensed under LGPL-3 \(see LICENSE\.txt\)[\s]+-->[\s]+<head>[\s]+<title>noVNC<\/title>/ },

  ]
end

#NSFocusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/nsfocus.rb', line 12

WhatWeb::Plugin.define "NSFocus" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-10
  @version = "0.2"
  @description = "NSFOCUS Web Application Firewall"
  @website = "http://www.nsfocus.com/"
  # Manual: http://www.nsfocus.com/jp/3_products/090714WAF.pdf

  # ShodanHQ results as at 2011-03-13 #
  # 25 for nsfocus # All results are from China

  # Matches #
  @matches = [

    # Default Page
    { md5: "4a6a68c719d64f1dd153a94122287f54" },

    # HTTP Server Header
    { regexp: /^NSFocus/, search: "headers[server]" },

    # Version Detection
    { version: /^NSFocus\/([^\s]+) \( NSFOCUS \)/, search: "headers[server]" },

  ]
end

#ntopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/ntop.rb', line 9

WhatWeb::Plugin.define "ntop" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-12
  @version = "0.1"
  @description = "ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does."
  @website = "http://www.ntop.org/products/ntop/"

  # Interesting Info # /textinfo.html

  # ShodanHQ results as at 2012-09-12 #
  # 72 for ntop

  # Google results as at 2012-09-12 #
  # 35 for intitle:"Global Traffic Statistics" "Name" "Device" "Type"

  # Dorks #
  @dorks = [
    'intitle:"Global Traffic Statistics" "Name" "Device" "Type"'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header # Version Detection
    { search: "headers[server]", version: /^ntop\/([^\s]+)/ },

    # RSS Feed Links
    { text: '<link rel="alternate" type="application/rss+xml" title="ntop RSS Feed" href="http://www.ntop.org/blog/?feed=rss2" />' },

    # Title
    { certainty: 75, text: '<TITLE>Global Traffic Statistics</TITLE>' },

    # WWW-Authenticate: Basic realm="NTOP"
    { search: "headers[www-authenticate]", text: 'Basic realm="NTOP"' },

  ]
end

#NucleusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/nucleus.rb', line 9

WhatWeb::Plugin.define "Nucleus" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.1"
  @description = "Nucleus Webserver"

  # About 146037 ShodanHQ results for "server: Nucleus" @ 2010-10-26

  # HTTP Header
  def passive(target)
    m = []

    # Server
    m << { version: target.headers["server"].to_s.scan(/^[\s]*Nucleus\/([^\s^\r^\n]+)/i).flatten } if target.headers["server"].to_s =~ /^[\s]*Nucleus\/([^\s^\r^\n]+)/i

    m
  end
end

#NukeditObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/nukedit.rb', line 12

WhatWeb::Plugin.define "Nukedit" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-25
  @version = "0.2"
  @description = "Nukedit CMS"
  @website = "http://www.nukedit.com/"

  # Google results as at 2010-07-25 #
  # 122 for "powered by Nukedit"

  # Dorks #
  @dorks = [
    '"powered by Nukedit"'
  ]

  # Matches #
  @matches = [

    { regexp: /Powered by Nukedit - <a href="(http:\/\/www.|http:\/\/)nukedit.com" target=_blank title="[^"]*"><span class=footer><u>(Web Content Management|Open Source CMS)<\/u><\/a><br>/ },

    # Powered by text
    { text: '<a href="http://www.nukedit.com" target=_blank title="Fast web portal, friendly with search engines">Powered by Nukedit</a>' },

    # HTML Comment
    { text: '							You can move it anywhere you want. -->' },

    # Powered by text
    { text: '<a href="http://www.nukedit.com" target=_blank title="Fast web portal, friendly with search engines"><span class="footer">Powered by Nukedit</span></a><span class="footer"> |' },

    # Version Detection # Powered by text
    { version: /				Powered by <a href="http:\/\/www.nukedit.com" target="_blank" title="Fast web portal, friendly with search engines">Nukedit<\/a> ([\d\.]+) / },

    # Version Detection # Powered by footer
    { version: /					<span class=footer><center>Powered by Nukedit ([\d\.]+)<\/a> -/ },

  ]
end

#ObjectObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/object.rb', line 9

WhatWeb::Plugin.define "Object" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "HTML object tag. This can be audio, video, Flash, ActiveX, Python, etc. More info: http://www.w3schools.com/tags/tag_object.asp"

  # Exmples #

  # Matches #
  @matches = [

    { regexp: /<object/i },

    # object tag # classid
    { module: /<object [^>]*classid\s*=\s*['"]([^"']+)['"]/i, offset: 0, name: "classid" },
    { module: /<object [^>]*classid\s*=\s*([^\s>'"]+)/i, offset: 0, name: "classid" },

    # object tag
    { string: /<object [^>]*(codebase|codetype|type)\s*=\s*['"]([^"']+)['"]/i, offset: 1 },
    { string: /<object [^>]*(codebase|codetype|type)\s*=\s*([^\s>'"]+)/i, offset: 1 },

  ]
end

#OBMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/obm.rb', line 9

WhatWeb::Plugin.define "OBM" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-28
  @version = "0.1"
  @description = "OBM is a free messaging and collaboration software including Groupware, Messaging, CRM, LDAP, Domain management, Smartphones and PDA synchronization"
  @website = "http://obm.org/"

  # ShodanHQ results as at 2011-12-28 #
  # 4 for OBM_Session

  # Google results as at 2011-12-28 #
  # 16 for intitle:"Login - OBM" "OBM.org"

  # Dorks #
  @dorks = [
    'intitle:"Login - OBM" "OBM.org"'
  ]

  # Matches #
  @matches = [

    # Login Page # Title # Version Detection
    { certainty: 75, version: /<title>Login - OBM ([^\s^<]+)<\/title>/ },

    # Login Page # body + p tags and omb.org link
    { regexp: /<body>[\s]+[\s]+<p id="aliasource">[\s]+<a href="http:\/\/www\.obm\.org">OBM\.org<\/a>[\s]+<\/p>[\s]+<h1>/ },

    # Set-Cookie # OBM_Session
    { search: "headers[set-cookie]", regexp: /OBM_Session=[\s]+;/ },

  ]
end

#ocPortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/ocportal.rb', line 12

WhatWeb::Plugin.define "ocPortal" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.2"
  @description = "Cutting-edge CMS for building and maintaining a sophisticated social website. Fully flexible, themeable and extendible: suitable for building almost any kind of website."
  @website = "http://ocportal.com"

  # ShodanHQ results as at 2011-05-12 #
  # 24 for X-Powered-By ocPortal

  # Matches #
  @matches = [

    # html id
    { text: '<html id="main_website_html" xmlns="http://www.w3.org/1999/xhtml"' },

    # Meta Generator
    { text: '<meta name="GENERATOR" content="ocPortal" />' },

    # Version Detection # HTML Comment
    { version: /<!--\nPowered by ocPortal\n([^\n]+) version\nCopyright ocProducts Limited\nhttp:\/\/ocportal\.com\n-->/ },

    # X-Powered-By ocPortal
    { version: /^ocPortal ([^\(]+) \(PHP/, search: "headers[x-powered-by]" },

    # ocp_session cookie
    { name: "ocp_session cookie", regexp: /ocp_session=[\d]+;/, search: "headers[set-cookie]" },

  ]
end

#OctopussyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/octopussy.rb', line 9

WhatWeb::Plugin.define "Octopussy" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-12
  @version = "0.1"
  @description = "Perl/XML Logs Analyzer, Alerter & Reporter."
  @website = "http://www.8pussy.org/"

  # Google results as at 2012-09-12 #
  # 1 for intitle:"Octopussy Login"

  # Dorks #
  @dorks = [
    'intitle:"Octopussy Login"'
  ]

  # Matches #
  @matches = [

    # input box
    { text: '<input type="submit" name="submit" value="Connect to Octopussy"></td>' },

    # Version Detection
    { version: /<td class="box" align="center" >Octopussy ([^\s^<]+)<\/td>/ },

    # Logo HTML
    { text: '<img border="0" src="IMG/octo_login1.png" alt="Octopussy Logo"></td>' },

    # Title
    { text: '<title>Octopussy Login</title>' },

    # Icon HTML
    { text: '<link rel="icon" type="image/gif" href="IMG/octopussy.gif">' },

  ]
end

#OLATObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/olat.rb', line 9

WhatWeb::Plugin.define "OLAT" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.1"
  @description = "OLAT - Online Learning And Training. OLAT offers a flexible online course system along with extensive features to guarantee learning and teaching independent of time and place. It has been created especially for public institutions such as universities, academies or colleges, but it is also suitable for other businesses."
  @website = "http://www.olat.org/website/en/html/index.html"

  # Google results as at 2011-06-04 #
  # 13 for intitle:"OLAT - Online Learning And Training" "OLAT password"

  # Dorks #
  @dorks = [
    'intitle:"OLAT - Online Learning And Training" "OLAT password"'
  ]

  # Matches #
  @matches = [

    # Version Detection # div id="b_footer_version"
    { version: /<div id="b_footer_version">[\s]+<a href="http:\/\/www\.olat\.org"  title="Homepage of Open Source LMS OLAT" target="_blank">OLAT ([^<]+)<\/a>/ },

    # Version Detection # div id="o_footer_version"
    { version: /<div id="o_footer_version">[\s]+<a href="http:\/\/www\.olat\.org"  title="Homepage of Open Source LMS OLAT" target="_blank">[\s]+OLAT ([^<^\n]+)[\s]+<\/a>/ },

    # Meta DC tags
    { certainty: 25, text: '<meta name="DC.creator" content="University of Zurich - http://www.uzh.ch" />' },
    { certainty: 75, text: '<meta name="DC.subject" content="OLAT - Online Learning And Training - Your Open Source Learning Management System" />' },
    { text: '<meta name="DC.contributor" content="see http://www.olat.org/website/en/html/download_license.html" />' },

    # Title
    { text: '<title>OLAT - Online Learning And Training</title></head>' },
    { text: '<title>OLAT - Online Learning And Training </title>' },

    # Body
    { certainty: 75, text: '<body onload="b_start();" id="b_body" class="b_lang_en">' },
    { certainty: 75, text: '<body onload="b_start();" id="b_body">' },
    { certainty: 75, text: '<body onload="o2start();" class="o_body">' },

    # HTML Comment
    { text: '<!-- START olatContentPanel -->' },

    # Malformed HTML # Present on older versions ~5.x
    { text: '<a accesskey="2" href="#content" title="Go to "Content""></a>' },

  ]
end

#OneFileCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/onefilecms.rb', line 9

WhatWeb::Plugin.define "OneFileCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-22
  @version = "0.1"
  @description = "OneFileCMS is a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script."
  @website = "http://onefilecms.com/"

  # Google results as at 2011-08-22 #
  # 32 for "This site powered by OneFileCMS"

  # Dorks #
  @dorks = [
    '"This site powered by OneFileCMS"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<p>This site powered by <a href="http://onefilecms.com/">OneFileCMS</a>. [<a href="onefilecms.php?f=index.php">Admin</a>]</p>' },

  ]
end

#OpenCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/opencart.rb', line 9

WhatWeb::Plugin.define "OpenCart" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-11
  @version = "0.1"
  @description = "OpenCart - Open Source Shopping Cart Solution"
  @website = "http://www.opencart.com/"

  # Google results as at 2012-04-11 #
  # 308 for intitle:"Powered By OpenCart"
  #  74 for intitle:"Administration" "Please enter your login details" "Username" "Password" "OpenCart"

  # Dorks #
  @dorks = [
    'intitle:"Administration" "Please enter your login details" "Username" "Password" "OpenCart"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { regexp: /<!--\s+OpenCart is open source software and you are free to remove the powered by OpenCart if you want, but its generally accepted practise to make a small donation\./ },

    # Powered by link
    { regexp: /<div id="powered">Powered By <a href="http:\/\/www\.opencart\.com"( title="OpenCart")?>OpenCart<\/a>/ },

    # ./admin/ # Admin Page # Footer # Version Detection
    { version: /<div id="footer">\s*<a href="http:\/\/www\.opencart\.com">OpenCart<\/a> &copy; 2009(-20[\d]{2})? All Rights Reserved\.<br \/>Version ([^<]+)<\/div>/, offset: 1 },

    # ./admin/ # Admin Page # Footer # Version Detection
    { version: /All Rights Reserved\.<br \/>OpenCart Version ([^<]+)\<\/div>/ },

    # ./admin/ # Admin Page
    { text: '/admin/index.php?route=common/login" method="post" enctype="multipart/form-data" id="form">' },

  ]
end

#OpenCmsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.3 # 2011-03-21 # Brendan Coles <[email protected]> Updated regex

Version 0.2 # 2011-03-06 # Andrew Horton fixed examples= bug



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/opencms.rb', line 18

WhatWeb::Plugin.define "OpenCms" do
  @author = "Emilio Casbas" # mostly
  @version = "0.4"
  @description = "OpenCms, professional and easy to use CMS."
  @website = "http://www.opencms.org/"

  # ShodanHQ results as at 2011-03-21 #
  # 528 for opencms

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="generator"[^>]+content="OpenCms"( \/)?>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator"[^>]+content="Opencms version ([\d\.]+)"( \/)?>/ },

    # Relative link or img tag # /(opencms|export)/(sites|system)/
    { certainty: 75, regexp: /<(link|img)[^>]+(href|src)="[^"^:]*\/(opencms|export)\/(sites|system)\/[^"]+"[^>]*>/ },

    # Relative link or img tag # /opencms/
    { certainty: 25, regexp: /<(link|img)[^>]+(href|src)="[^"^:]*\/opencms\/[^"]+"[^>]*>/ },

    # HTTP Server Header
    { regexp: /^OpenCms/, search: "headers[server]" },

    # Version Detection
    { version: /^OpenCms\/([a-z\d\.]+)/, search: "headers[server]" },

  ]
end

#OpenConfObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/openconf.rb', line 9

WhatWeb::Plugin.define "OpenConf" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-03
  @version = "0.1"
  @description = "OpenConf is an abstract and peer-review management system that greatly facilitates the submission and review processes for conferences, workshops, and symposia."
  @website = "http://www.openconf.com/"

  # ShodanHQ results as at 2012-05-03 #
  # 25 for OPENCONF

  # Google results as at 2012-05-03 #
  # 377 for "Powered by OpenConf"
  #  63 for inurl:"chair/signin.php?OPENCONF="

  # Dorks #
  @dorks = [
    '"Powered by OpenConf"'
  ]

  # Matches #
  @matches = [

    # Footer # Powered by link
    { text: 'Powered by <a href="http://www.OpenConf.org" target="_blank">OpenConf</a>' },

    # Footer # Powered by link # Version Detection
    { version: /<div class="powered">Powered by <a href="http:\/\/www\.OpenConf\.com" target="_blank">OpenConf<\/a>(<sup>&reg;<\/sup>)?<!--([^\s]+)-->/, offset: 1 },

    # JavaScript # Version Detection
    { version: /<script type="text\/javascript" src="openconf\.js\?v=([^\s^"]+)"><\/script>/ },

    # Set-Cookie # OPENCONF
    { search: "headers[set-cookie]", regexp: /OPENCONF=[^;]+;/ },

  ]
end

#OpenDocManObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/opendocman.rb', line 9

WhatWeb::Plugin.define "OpenDocMan" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-26
  @version = "0.1"
  @description = "OpenDocMan - Open Source Document Management System - Requires PHP"
  @website = "http://www.opendocman.com/"

  # Google results as at 2012-08-26 #
  # 29 for "OpenDocMan" "Stephen Lawrence" intitle:"Document Repository"

  # Dorks #
  @dorks = [
    '"OpenDocMan" "Stephen Lawrence" intitle:"Document Repository"'
  ]

  # Matches #
  @matches = [

    # Version Detection
    { version: /<a href="http:\/\/www\.opendocman\.com\/" target="_new">OpenDocMan v([^"^\s]+)<\/a>/ },

    # Logo HTML
    { text: '<td align="left"><img src="images/logo.gif" alt="Site Logo" border=0></td>' },

    # Welcome text
    { regexp: /<td valign="top">\s+Welcome to OpenDocMan\.?\s+<p>/ },

  ]
end

#OpenEMRObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/openemr.rb', line 9

WhatWeb::Plugin.define "OpenEMR" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-20
  @version = "0.1"
  @description = "OpenEMR is a Free and Open Source electronic health records and medical practice management application."
  @website = "http://www.open-emr.org/"

  # ShodanHQ results as at 2011-10-20 #
  # 1 for OpenEMR

  # Google results as at 2011-10-20 #
  # 38 for inurl:"interface/login/login_frame.php" ext:php

  # Dorks #
  @dorks = [
    'inurl:"interface/login/login_frame.php" ext:php'
  ]

  # Matches #
  @matches = [

    # GHDB # URL Pattern
    { certainty: 25, ghdb: 'inurl:interface/login/login_frame.php filetype:php' },

    # Redirect Page
    { regexp: /<body ONLOAD="javascript:top\.location\.href='interface\/login\/login_frame\.php(\?site=default)?';">/ },

    # Version Detection # /interface/login/login_title.php
    { version: /type="text\/css">[\s]+<\/head>[\s]+<body class="body_title">[\s]+<span class="title_bar">[^<]+ v([^\s^<]+)<\/span><br>/ },

    # Login Page # Frameset # HTML Comment
    { regexp: /<!--<frame src="\/[^\/]+\/interface\/login\/filler\.php" name="Filler Bottom" scrolling="no" noresize frameborder="NO">-->/ },

    # OpenEMR Cookie
    { certainty: 75, search: "headers[set-cookie]", regexp: /OpenEMR=[^\s]+;/ },

  ]
end

#openEngineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/openengine.rb', line 9

WhatWeb::Plugin.define "openEngine" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-02
  @version = "0.1"
  @description = "openEngine - Content Management System (CMS)"
  @website = "http://www.openengine.de/"

  # ShodanHQ results as at 2011-10-02 #
  # 71 for "CMS by openEngine"
  # 47 for inurl:"cms/openengine" intitle:"openEngine"
  # 26 for inurl:"admin=login" "Open Source Web Content Management System"
  # 16 for inurl:"cms/website.php?id=" inurl:"admin=login"

  # Dorks #
  @dorks = [
    'inurl:"cms/openengine" intitle:"openEngine"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- openEngine Comment START -->' },

    # lt/lte IE7 confitional HTML Comment
    { regexp: /<!--\[if lte? IE 7\]>[\s]+<script src="system\/([^\/^>]+\/)*script\/IE7\/ie7-standard-p\.js" type="text\/javascript"><\/script>/ },

    # Version Detection # Admin Page
    { version: /<p class="adminText" style="font-size:9px;">[\s]+openEngine ([^\s]+)( - [\d]+)? - Open Source Web Content Management System<br>/ },

    # Logo HTML
    { regexp: /<a href="http:\/\/www\.openengine\.de" target="_blank"><img src="system\/([^\/^>]+\/)*\/img\/oes_logo\.png" alt="openEngine Homepage"><\/a><\/p>/ },

  ]
end

#OpenfilerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/openfiler.rb', line 9

WhatWeb::Plugin.define "Openfiler" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-06
  @version = "0.1"
  @description = "Openfiler is an Open Source Network Attached Storage and Storage Area Network Solution."
  @website = "http://www.openfiler.com/ "

  # Default Login # openfiler/password
  # Default Port  # 446 (HTTPS)

  # Matches #
  @matches = [

    # /uptime.html
    { url: "/uptime.html", text: '<div id="uptimeDiv" class="uptimeDiv"><span style="line-height: 10px;" id="uptimeData"></span> </div></body>' },

    # /uptime.html
    { url: "/uptime.html", text: '<body bgcolor="#4c555a" style="margin: 0; padding: 0" onload="getSysUptime()">' },

    # / # Version Detection
    { version: /<div><p style="font-size: 90%; color: #aaa; line-height: 14px;"><strong>Distro Release:&nbsp;<\/strong>Openfiler [EN]SA ([^\s]+)/ },

    # / # GUI Version Detection
    { string: /<strong>GUI Version:&nbsp;<\/strong>([^<^\s]+)<\/p><\/div>/ },

    # / # Year Detection
    { string: /&copy; 2001 - (2[\d]{3}) <a href="http:\/\/www\.openfiler\.com\/">Openfiler<\/a>\. All rights reserved\.<br \/>/ },

  ]
end

#OpenIObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/whatweb/plugins/openi.rb', line 9

WhatWeb::Plugin.define "OpenI" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-04
  @version = "0.1"
  @description = "OpenI is a Business Intelligence web application for on-demand or SaaS deployments. OpenI enables simple and clean data visualization from OLAP and RDBMS, so users can intuitively build and publish interactive reports, analyses, and dashboards."
  @website = "http://openi.org/"

  # Google results as at 2011-08-04 #
  # 4 for "Openi Intelligence Portal" +Username +Password

  # Dorks #
  @dorks = [
    '"Openi Intelligence Portal" "Username" "Password"'
  ]

  # Matches #
  @matches = [

    # Version Detection
    { version: /<span class="big-title">Openi ([^\s^<]+)<\/span><br/ },

    # Product Detection
    { string: /<span class="big-title">Openi-(Jasper)<\/span><br/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection
    if /<span class="big-subtitle">Openi Intelligence Portal<\/span>/.match?(target.body)
      m << { name: "big-subtitle" }

      if target.body =~ /<td align="right" style="font-size: 11px;">([^&^<]+)&nbsp;<\/td>/
        m << { version: $1.to_s }
      end
    end

    # Return passive matches
    m
  end
end

#OpenIDObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/whatweb/plugins/openid.rb', line 10

WhatWeb::Plugin.define "OpenID" do
  @author = "Caleb Anderson"
  @version = "0.1"
  @description = "openid detection"

  @matches = [
    { name: "openid",
      regexp: /<link [^>]*rel=['"](openid\.server|openid\.delegate)['"][^>]*>/i },

  ]
end

#OpenKMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/openkm.rb', line 9

WhatWeb::Plugin.define "OpenKM" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-09
  @version = "0.1"
  @description = "OpenKM - Open Source Electronic Document Management System"
  @website = "http://www.openkm.com/en/"

  # Google results as at 2012-01-09 #
  # 17 for "Welcome to OpenKM" intitle:"OpenKM login"

  # Dorks #
  @dorks = [
    '"Welcome to OpenKM" intitle:"OpenKM login"'
  ]

  # Matches #
  @matches = [

    # Login Page # Form
    { text: '<form name="login" method="post" action="j_security_check" onsubmit="setCookie()">' },

    # Login Page # Title
    { regexp: /<title>OpenKM Login<\/title>[\s]+<\/head>[\s]+<body onload="document\.forms\[0\]\.elements\[0\]\.focus\(\)">/ },

  ]
end

#OpenLabyrinthObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/openlabyrinth.rb', line 9

WhatWeb::Plugin.define "OpenLabyrinth" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-03
  @version = "0.1"
  @description = "OpenLabyrinth is a web application for authoring and delivering virtual patient and other decision path and maze-like activities. It is written in ASP/VBScript and requires an ODBC SQL database."
  @website = "http://sourceforge.net/projects/openlabyrinth/"

  # Google results as at 2011-08-03 #
  # 12 for inurl:mstartnode.asp?mapid=

  # Dorks #
  @dorks = [
    'inurl:mstartnode.asp?mapid='
  ]

  # Matches #
  @matches = [

    # Logo HTML
    { text: '/images/openlabyrinth-logo.jpg" alt="Labyrinth Identity" border="0" width="150" height="150"></a>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # Form
    if /^<form method="post" action="logpass\.asp">$/.match?(target.body)

      m << { certainty: 25, name: "Form Tag" }

      # Version Detection
      if target.body =~ /<h5><font color="#000000">v([^\s^<]+)</
        m << { version: $1.to_s }
      end
    end

    # Return passive matches
    m
  end
end

#OpenLookupObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/openlookup.rb', line 9

WhatWeb::Plugin.define "OpenLookup" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-12
  @version = "0.1"
  @description = "OpenLookup is a public, administratively decentralized key-value datastore. It offers an XML-RPC interface compatible with OpenDHT, but it is not a DHT. Instead, it fully replicates the datastore among service providers."
  @website = "http://openlookup.googlecode.com/"

  # Google results as at 2011-06-12 #
  # 10 for "OpenLookup Node Status" intitle:Openlookup "To query a node via round-robin DNS"

  # Dorks #
  @dorks = [
    '"OpenLookup Node Status" intitle:Openlookup "To query a node via round-robin DNS"'
  ]

  # Matches #
  @matches = [

    # h2 Headinge
    { text: '<h2>OpenLookup Node Status</h2>' },

    # Version Detection
    { version: /<p><a href="http:\/\/openlookup\.googlecode\.com\/">Source code and\n	further information<\/a> are available\.  This is OpenLookup V([^<]+)\.<\/p>/ },

  ]
end

#OpenNewsletterObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/opennewsletter.rb', line 9

WhatWeb::Plugin.define "OpenNewsletter" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "Open source mailing list manager with builds from Self Exile, NetMeans.Net and Quadro.Net"

  # Google results as at 2011-03-15 #
  # 9 for "This is a Free & Open Source mailing list manager" -dork

  # Dorks #
  @dorks = [
    '"This is a Free & Open Source mailing list manager" -dork'
  ]

  # Matches #
  @matches = [

    # Self Exile
    { text: 'This is a <a href=fsw.php>Free</a> & <a href=osd.php>Open Source</a> mailing list manager developed by <a href=selfexile.php>Self Exile</a> and distributed under the <a href=gpl.php>GPL</a>.', string: "Build: Self Exile" },
    { text: 'This is a <a href=fsw.php>Free</a> & <a href=osd.php>Open Source</a> mailing list manager developed by <a href=feedback.php>Self Exile</a> and distributed under the <a href=gpl.php>GPL</a>.', string: "Build: Self Exile" },

    # NetMeans.Net
    { text: 'This is a Free & Open Source mailing list manager developed by <a href="http://netmeans.net">NetMeans.Net</a> and distributed under the LGPL license. This software is based on the OpenNewsletter project by <a href="http://www.selfexile.com" target="_blank">Self Exile</a>.', string: "Build: NetMeans.Net" },

    # Quadro.Net
    { text: 'This is a Free & Open Source mailing list manager developed by <a href="http://www.quadronet.net">Quadro Net</a> and distributed under the LGPL license. This software is based on the OpenNewsletter project by <a href="http://www.selfexile.com" target="_blank">Self Exile</a> and NmnNewsletter by <a href="http://netmeans.net">NetMeans.Net</a>.', string: "Build: Quadro.Net" },

  ]
end

#OpenNMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/opennms.rb', line 9

WhatWeb::Plugin.define "OpenNMS" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-25
  @version = "0.1"
  @description = "OpenNMS - Enterprise-Grade Network Management Application Platform"
  @website = "http://www.opennms.com/"

  # Source: http://sourceforge.net/projects/opennms/
  # Default Port: 8980
  # Default Login: admin/admin

  # Google results as at 2012-04-25 #
  # 25 for intitle:"OpenNMS Web Console" "User" "Password" "OpenNMS Copyright"

  # Dorks #
  @dorks = [
    'intitle:"OpenNMS Web Console" "User" "Password" "OpenNMS Copyright"'
  ]

  # Matches #
  @matches = [

    # Login Page # Logo HTML
    { regexp: /<h1 id="headerlogo"><a href="[^"]*index\.jsp"><img src="[^"]*images\/logo\.png" alt="OpenNMS Web Console Home"\/><\/a><\/h1>/ },

    # Login Page # Footer # Year Detection
    { string: /<p>\s+OpenNMS <a href="(support|help)\/about\.jsp">Copyright<\/a> &copy; 2002-(20[\d]{2})\s+/, offset: 1 },

    # Login Page # Remember me link
    { regexp: /<p><input type="checkbox" name="_(spring|acegi)_security_remember_me"> Don't ask for my password for two weeks<\/p>/ },

  ]
end

#OpenSearchObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-05 # Updated string detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/open_search.rb', line 12

WhatWeb::Plugin.define "OpenSearch" do
  @author = "Caleb Anderson"
  @version = "0.2"
  @description = "This plugin identifies open search and extracts the URL. OpenSearch is a collection of simple formats for the sharing of search results."
  # More Info: http://www.opensearch.org/

  # Matches #
  @matches = [

    # Link tag
    { name: "open search",
      regexp: /<link[^>]+type=["']?application\/opensearchdescription\+xml['"]?[^>]*>/i },

    # Extract URL
    { string: /<link[^>]+href[\s]*=[\s]*["']([^'^"^>]+)["'][^>]+type[\s]*=[\s]*["']?application\/opensearchdescription\+xml['"]?[^>]*>/i },

    { string: /<link[^>]+type[\s]*=[\s]*["']?application\/opensearchdescription\+xml['"]?[^>]+href[\s]*=[\s]*["']([^'^"^>]+)["'][^>]*>/i },

  ]
end

#OpenSSLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/openssl.rb', line 12

WhatWeb::Plugin.define "OpenSSL" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-25
  @version = "0.2"
  @description = "The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library."
  @website = "http://www.openssl.org/"

  # 2159865 ShodanHQ results for "Server: OpenSSL"

  @matches = [
    # HTTP Server header
    { regexp: /OpenSSL/, search: "headers[server]" },

    # Version detection
    { version: /[^\r^\n]*OpenSSL\/([^\s^\r^\n]+)/, search: "headers[server]" },

  ]
end

#OpenWrtObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/openwrt.rb', line 9

WhatWeb::Plugin.define "OpenWrt" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-07
  @version = "0.1"
  @description = "A GNU/Linux based firmware program for embedded devices such as residential gateways and routers."
  @website = "http://openwrt.org/"

  # ShodanHQ results as at 2011-03-07 #
  # 417 for OpenWRT realm
  # 69 for OpenWRT -realm

  # Matches #
  @matches = [

    # Default Title
    { text: '<title>OpenWrt Administrative Console</title>' },

    # Redirect Page
    { text: 'OpenWrt Administrative Console<br />Redirecting to : <a style="color: inherit;" href="/cgi-bin/webif.sh">main page</a></p>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # WWW-Authenticate: Basic realm="OpenWrt"
    m << { name: "realm OpenWrt" } if target.headers["www-authenticate"] =~ / realm="OpenWrt"/

    # Return passive matches
    m
  end
end

#OpenXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/openx.rb', line 9

WhatWeb::Plugin.define "OpenX" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-15
  @version = "0.1"
  @description = "OpenX (aka phpAdsNew) is an open-source ad server, with an integrated banner management interface and tracking system for gathering statistics. With OpenX you can easily rotate paid banners and your own in-house advertisements."
  @website = "http://www.openx.org/"

  # Dorks #
  @dorks = [
    'intitle:OpenX "Welcome to OpenX" "Forgot your password" "Authentication"'
  ]

  # Matches #
  @matches = [

    # body
    { text: '<body class="hasInterface hasGradient hasSidebar " onload="initPage();">' },

    # div id="oaHeaderBranding" class="brandingAdServer"
    { text: '<div id="oaHeaderBranding" class="brandingAdServer">OpenX</div>' },

    # Welcome to OpenX
    { text: '<span class="tab-s">Welcome to OpenX</span><br />' },

    # Version Detection
    { version: /<meta name="generator" content="OpenX v([^\s]+) - http:\/\/www\.openx\.org"( \/)?>/ },

  ]
end

#OrangeHRMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/orangehrm.rb', line 9

WhatWeb::Plugin.define "OrangeHRM" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-18
  @version = "0.1"
  @description = "OrangeHRM - Open Source Human Resource Management Software (HRMS)"
  @website = "http://www.orangehrm.com/"

  # ShodanHQ results as at 2012-05-18 #
  # 5 for symfony/web/index.php/auth/login

  # Google results as at 2012-05-18 #
  # 242 for "OrangeHRM ver" "OrangeHRM Inc." "All rights reserved."
  #  25 for "OrangeHRM ver" "OrangeHRM Inc." "All rights reserved." intitle:"OrangeHRM Web Installation Wizard"
  #  13 for inurl:"symfony/web/index.php/auth/login"

  # Dorks #
  @dorks = [
    '"OrangeHRM ver" "OrangeHRM Inc." "All rights reserved."'
  ]

  # Matches #
  @matches = [

    # Install Page # Heading # Version Detection
    { version: /<div id="content">\s+<h2>Welcome to the OrangeHRM ver ([^\s]+) Setup Wizard<\/h2>/ },

    # Install Page # Footer # Web Installation Wizard Version Detection
    { module: /<div id="footer"><a href="http:\/\/www\.orangehrm\.com" target="_blank" tabindex="[^"^>]*">OrangeHRM<\/a> (Web Installation Wizard ver [^\s]+) &copy; OrangeHRM Inc/ },

    # Login Page # input hdnUserTimeZoneOffset
    { text: '<input type="hidden" name="hdnUserTimeZoneOffset" id="hdnUserTimeZoneOffset" value="0" />' },

    # Login Page # Footer # Version Detection
    { version: /<div id="divFooter" >\s+<span id="spanCopyright">\s+<a href="http:\/\/www\.orangehrm\.com" target="_blank">OrangeHRM<\/a>\s+ver ([^&]+) &copy; OrangeHRM Inc/ },

    # Login Page # Footer # Version Detection # Old Versions # Probably < 2.x
    { version: /<td align="center"><a href="http:\/\/www\.orangehrm\.com" target="_blank">OrangeHRM<\/a> ver ([^\s]+) &copy; OrangeHRM Inc/ },

  ]
end

#OrenosvObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/orenosv.rb', line 12

WhatWeb::Plugin.define "Orenosv" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-09
  @version = "0.2"
  @description = "Orenosv is a stable, reliable and high performance HTTP/FTP/FTPS file server that can operate in 24H/365D. Orenosv runs on Windows platforms (NT, 2000, XP and 2003) and Linux x86. "
  @website = "http://www.orenosv.com/orenosv_en.html"

  # ShodanHQ results as at 2011-06-09 #
  # 18 for orenosv
  # All results are from Japan

  @matches = [

    # HTTP Server Header
    { version: /^orenosv/, search: "headers[server]" },

    # Version Detection
    { version: /^orenosv\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#OSCommerceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2011-07-07 # updated regex and added google dorks

Version 0.3 remove :certainty and :name



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/oscommerce.rb', line 15

WhatWeb::Plugin.define "OSCommerce" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "Open Source Ecommerce System in PHP. It was first released in March 2000 as 'The Exchange Project'. Branched projects include : Ian's Loaded, ZenCart, CRE Loaded,   http://www.oscommerce.com. This plugin recognises security warnings for file permissions and the installation directory. Aggressive plugin attempts to get version from /admin/login.php page."

  # ShodanHQ results #
  # 9,154 for cookie_test=please_accept_for_session

  # Google results #
  # 800 for "Powered by osCommerce"
  # 69 for inurl:"extras/update.php" -display
  # 22 for inurl:"/admin/configuration.php?" Mystore
  # 14 for intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com

  # Dorks #
  @dorks = [
    '"Powered by osCommerce"',
    'inurl:"extras/update.php" -display'
  ]

  # Matches #
  @matches = [

    # 'osCsid=' in link tag, length 26|32
    { regexp: /<[^>]+(src|href)\s*=\s*[^>]\bosCsid=([a-z0-9]{26}|[a-z0-9]{32})/ },

    # The Exchange Project - Community Made Shopping!
    { certainty: 25, text: 'The Exchange Project - Community Made Shopping!' },

    # Security Warning
    { string: "warning", text: '<td class="messageStackWarning"><img src="images/icons/warning.gif"' },

    # Version Detection # /admin/login.php
    { version: /<img src="images\/oscommerce.png" border="0" alt="osCommerce ([^"]+)"/, url: "/admin/login.php", name: "admin page version" },

    # Powered by text
    { text: 'Powered by <a href="http://www.oscommerce.com" target="_blank">osCommerce</a>' },

    # cookie_test Cookie
    { search: "headers[set-cookie]", text: 'cookie_test=please_accept_for_session;' },

    # osCsid Cookie
    { search: "headers[set-cookie]", regexp: /osCsid=[a-z0-9]{32};/ },

  ]
end

#OSSIMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/ossim.rb', line 9

WhatWeb::Plugin.define "OSSIM" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "AlienVault OSSIM (Open Source Security Information Management). Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc."
  @website = "http://alienvault.com/community"

  # ShodanHQ results as at 2011-04-15 #
  # 152 for OSSIM

  # Google results as at 2011-04-15 #
  # 5 for intitle:"AlienVault - Open Source SIM" Maximized User Password

  # Dorks #
  @dorks = [
    'intitle:"AlienVault - Open Source SIM" Maximized User Password'
  ]

  # Matches #
  @matches = [

    # Default Title
    { text: '<title> AlienVault - Open Source SIM </title>' },

    # Table HTML
    { text: '<table align="center" style="padding:1px;background-color:#f2f2f2;border-color:#aaaaaa" class=nobborder><tr><td class="nobborder">' },

    # Table HTML
    { text: '<table align="center" cellspacing=4 cellpadding=2 style="background-color:#eeeeee;border-color:#dedede">' },

  ]
end

#osTicketObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/osticket.rb', line 9

WhatWeb::Plugin.define "osTicket" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-24
  @version = "0.1"
  @description = "osTicket is a widely-used open source support ticket system - Requires: PHP and MySQL"
  @website = "http://www.osticket.com/"

  # Google results as at 2011-08-24 #
  # 511 for "SUPPORT TICKET SYSTEM" +Home "Ticket Status" "New Ticket" "Welcome to the support center"
  #  33 for intitle:"osTicket Installer" "osTicket version" "osTicket web path and title"

  # Dorks #
  @dorks = [
    '"SUPPORT TICKET SYSTEM" "Home" "Ticket Status" "New Ticket" "Welcome to the support center"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Install Page # ./setup/install.php
    { version: /<div id="nav">[\s]+<ul id="sub_nav">[\s]+<li>osTicket version ([^\-^<]+) - Basic installation<\/li>[\s]+<\/ul>[\s]+<\/div>/ },

    # Install Page # Title # ./setup/install.php
    { regexp: /<title>osTicket Installer<\/title>[\s]+<link rel="stylesheet" href="style\.css" media="screen">/ },

    # Powered by image HTML
    { regexp: /<a id="powered_by" href="http:\/\/osticket\.com"><img src="\.\/images\/poweredby\.jpg" width="126" height="23" alt="Powered by osTicket"><\/a><\/div>/ },

  ]
end

#OurDisclaimerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/ourdisclaimer.rb', line 9

WhatWeb::Plugin.define "OurDisclaimer" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "OurDisclaimer.com - Third party disclaimer service."
  @website = "http://ourdisclaimer.com/"

  # 59 results for inurl:"ourdisclaimer.com/?i=" @ 2010-10-14

  @matches = [

    # Get URL # Link & Image method
    { version: /<a[^>]+href[\s]*=[\s]*"http:\/\/ourdisclaimer.com\/\?i=([^\"]+)/i },

    # Get URL # Iframe method
    { version: /<iframe[^>]+src[\s]*=[\s]*"http:\/\/ourdisclaimer.com\/\?i=([^\"]+)/i },

  ]
end

#OvBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/ovbb.rb', line 9

WhatWeb::Plugin.define "OvBB" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-26
  @version = "0.2"
  @description = "Written in PHP and powered by MySQL, OvBB is a light-weight and fast discussion board system that mimics vBulletin 2 in both look and behavior while incorporating new features and functionality."
  @website = "http://sourceforge.net/projects/ovbb/"

  # Google results for 2010-09-26 #
  # 34 for "powered by OvBB"

  # Dorks #
  @dorks = [
    '"powered by OvBB"'
  ]

  # Matches #
  @matches = [

    # Default title
    { regexp: /<title>[^:]+:: Powered by OvBB<\/title>/ },

    # Default logo HTML
    { regexp: /<img src="images\/ovbb.png" align="middle" border="0" alt="[^:]+:: Powered by OvBB" \/><\/a>/ },

    # Default favicon
    { md5: "8dd1c74458a43d658a9136333893a999", url: "/favicon.ico" },

    # Database error page
    { text: '<p>Please try again by pressing the <a href="javascript:window.location=window.location;">refresh</a> button in your browser. An e-mail message has been dispatched to the <a href="mailto:' },

    # Version Detection
    { version: /<a style="color: #EEEEFF;" href="http:\/\/www.ovbb.org">Powered by OvBB V([\d\.a-z]+)<\/a><br \/><br \/>/ },

  ]
end

#OwnServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/ownserver.rb', line 12

WhatWeb::Plugin.define "OwnServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-16
  @version = "0.2"
  @description = "OwnServer is a web server used as a webserver for watching security cameras remotly. It allows broadcasting live streaming video on the web through the built-in webserver."
  @website = "http://www.anteco.co.il/"

  # ShodanHQ results as at 2011-05-16 #
  # 26,527 for OwnServer

  @matches = [
    # HTTP Server Header
    { regexp: /^OwnServer/, search: "headers[server]" },

    # Version Detection
    { version: /^OwnServer([\d\.]+)$/, search: "headers[server]" },

  ]
end

#PacketShaperObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/packetshaper.rb', line 9

WhatWeb::Plugin.define "PacketShaper" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-19
  @version = "0.1"
  @description = "The Blue Coat PacketShaper provides application performance monitoring for an accurate picture of network traffic and ensures business-critical applications have the resources they need to operate effectively"
  @website = "http://www.bluecoat.com/products/packetshaper"
  # Datasheet: http://www.bluecoat.com/doc/7941

  # ShodanHQ results as at 2011-04-19 #
  # 47 for PSlcV310

  # Google results as at 2011-04-19 #
  # 29 for (intitle:"PacketShaper Login")|(intitle:"PacketShaper Customer Login") -intitle

  # Dorks #
  @dorks = [
    '(intitle:"PacketShaper Login")|(intitle:"PacketShaper Customer Login") -intitle'
  ]

  # Matches #
  @matches = [

    # Default title
    { text: '<title>PacketShaper Customer Login</title>' },

    # JavaScript
    { text: '<SCRIPT LANGUAGE=JavaScript SRC="/libmd5.js"></SCRIPT>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # PScfgstr cookie
    if /^PScfgstr=/.match?(target.headers['set-cookie'])

      m << { name: "PScfgstr cookie" }

      # Model Detection
      m << { model: target.body.scan(/desc \+= '<FONT SIZE=\+2><I>PacketShaper ([\d\.]+)<\/I><\/FONT>';/) } if target.body =~ /desc \+= '<FONT SIZE=\+2><I>PacketShaper ([\d\.]+)<\/I><\/FONT>';/

    end

    # Return passive matches
    m
  end
end

#PacketWaveObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/packetwave.rb', line 9

WhatWeb::Plugin.define "PacketWave" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-11
  @version = "0.1"
  @description = "Some sort of wireless broadband contraption from Aperto Networks"
  @website = "http://www.apertonet.com/products/pmax_productline.html"

  # ShodanHQ results as at 2011-05-11 #
  # 73 for PacketWave

  # Matches #
  @matches = [

    # input button # goto
    { text: '<td bgcolor="#cccccc" colspan=2 align="center"><input type="button" name="goto" value="Log On" onClick="encode_submit(this.form)">' },

  ]
end

#PantheonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/pantheon.rb', line 9

WhatWeb::Plugin.define "Pantheon" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-29
  @version = "0.1"
  @description = "Pantheon"
  @website = "https://www.getpantheon.com/"

  # ShodanHQ results as at 2012-09-29 #
  # 17 for x-pantheon-edge-server

  # Matches #
  @matches = [

    # x-pantheon-edge-server Header
    { search: "headers[x-pantheon-edge-server]", string: /^(.*)$/ },

    # 404 message
    { search: "headers", regexp: /HTTP\/1\.[01] 404 Unknown site\!/ },

  ]
end

#ParatureObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/parature.rb', line 9

WhatWeb::Plugin.define "Parature" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-29
  @version = "0.1"
  @description = "Parature - web-based customer service software combine"
  @website = "http://www.parature.com/"

  # Google results as at 2012-07-29 #
  # 379 for "Help Desk and Customer Support Software by Parature" inurl:"ics/support/default.asp"

  # Dorks #
  @dorks = [
    '"Help Desk and Customer Support Software by Parature" inurl:"ics/support/default.asp"'
  ]

  # Matches #
  @matches = [

    # NoScipt
    { text: 'This Website requires your browser to be JavaScript enabled. Please enable JavaScript  and click <a href="/ics/default.asp">here</a> to continue.' },

    # HTML Comment
    { string: /<\!\-\- \*\*\*\*\*\* (PRODAPP[^\s]+) *\*\*\*\*\* \-\->/ },

    # JavaScript
    { version: /<!--<script src="\.\.\/ic1Browser\.js\?ver=([^"]+)"><\/script>-->/ },

    # JavaScript # RedirectPortalURL
    { certainty: 75, text: "RedirectPortalURL('/ics/support/custhandler.asp?task=signOut&redirectURL=' + encodeURI('" },

    # Frame title="Left Navigation"
    { text: '<frame title="Left Navigation" name="cypLeft" src="KBFolder.asp?deptID=' },

    # Invalid deptID in URL. Please make sure you have the entire, correct URL.
    { md5: "5b5120dc4f0bb058180da4361ac8fd70" },

  ]
end

#PassengerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/passenger.rb', line 12

WhatWeb::Plugin.define "Passenger" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-10
  @version = "0.2"
  @description = 'Phusion Passenger - a.k.a. mod_rails or mod_rack - makes deployment of Ruby web applications, such as those built on the revolutionary Ruby on Rails web framework, a breeze. It follows the usual Ruby on Rails conventions, such as "Dont-Repeat-Yourself""
  @website = "http://www.modrails.com/'

  # ShodanHQ results as at 2011-03-10 #
  # 83,668 for Phusion_Passenger

  @matches = [

    # Server
    { regexp: /.*Phusion_Passenger/, search: "headers[server]" },

    # Server # Version
    { version: /[\s]+Phusion_Passenger\/([\d\.]+)/, search: "headers[server]" },

    # X-Powered-By: Phusion Passenger (mod_rails/mod_rack)
    { version: /Phusion Passenger \(mod_rails\/mod_rack\) ([\d\.]+)/, search: "headers[x-powered-by]" },

  ]
end

#PassportObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/passport.rb', line 9

WhatWeb::Plugin.define "Passport" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-09
  @version = "0.1"
  @description = "This plugin detects instances of Microsoft Live Passport servers using the MSNSERVER, X-MSNSERVER and PPServer HTTP headers."
  # More info: http://code.entersources.com/f/Generate-Valid-MSNP9-ClientTicket_2_3254_0.aspx

  # 1036 ShodanHQ results for MSNSERVER @ 2011-01-09
  # 214 ShodanHQ results for PPServer @ 2011-01-09

  # Passive #
  def passive(target)
    m = []

    # PPServer HTTP Header # Retrieve local host name
    m << { string: target.headers["ppserver"].to_s.scan(/H: ([\w\-\.]+) /).flatten } if target.headers["ppserver"] =~ /H: ([\w\-\.]+) /

    # MSNServer HTTP Header # Retrieve local host name
    m << { string: target.headers["msnserver"].to_s.scan(/H: ([\w\-\.]+) /).flatten } if target.headers["msnserver"] =~ /H: ([\w\-\.]+) /

    # X-MSNServer HTTP Header # Retrieve local host name
    m << { string: target.headers["x-msnserver"].to_s } unless target.headers["x-msnserver"].nil?

    m
  end
end

#PasswordFieldObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/password_field.rb', line 10

WhatWeb::Plugin.define "PasswordField" do
  @author = "Caleb Anderson"
  @version = "0.1"
  @description = "find password fields"

  # Matches #
  @matches = [

    { name: "input type", regexp: /<input [^>]*?type=["']password["'][^>]*>/i },

  ]

  # Passive #
  def passive(target)
    m = []
    fields = target.body.scan(/<input [^>]*?type=["']password["'][^>]*>/i)
    fields.each do |field|
      name = begin
               field.scan(/name=["'](.*?)["']/i).first.first
             rescue StandardError
               nil
             end
      m << { name: "field name", string: name } if name
    end
    m
  end
end

#Pc4UploaderObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/pc4uploader.rb', line 12

WhatWeb::Plugin.define "Pc4Uploader" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.2"
  @description = "File upload web app"
  @website = "http://www.pc4arb.com/"

  # Google results as at 2010-09-17 #
  # 266 results for "powered by Pc4Uploader"

  # Dorks #
  @dorks = [
    '"powered by Pc4Uploader"'
  ]

  # Matches #
  @matches = [

    # Default javascript in version 10.x
    { text: 'eval("page" + id + " = window.open(URL, \'" + id + "\', \'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=650,height=400,left = 199.5,top = 196.5\');");', version: "10.x" },

    # Version Detection # Version 9
    { version: /Pc4Uploader <font color="#000080"> <b>v([\d\.]+)<\/b><\/font>/ },

    # Version Detection # Pro # Version 9
    { version: /Pc4Uploader <font color="#000080"> <b>v([\d\.]+) Pro<\/b><\/font>/, string: "Pro" },

    # Version Detection # Powered by text
    { version: /<p id="legal" style="text-align: center">Powered by Pc4Uploader v<span lang="en-us">([\d\.]+)<\/span><\/p>/ },

    # Version Detection # Version 10
    { version: /Powered by Pc4Uploader <b>v([\d\.]+)<\/b>&nbsp; Copyright <b>/ },

    # Version Detection # Pro # Version 10
    { version: /Powered by Pc4Uploader <b>v([\d\.]+) Pro<\/b>&nbsp; Copyright <b>/, string: "Pro" },

  ]
end

#pcextremeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/pcextreme.rb', line 9

WhatWeb::Plugin.define "pcextreme" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-07
  @version = "0.1"
  @description = "pcextreme server"
  @website = "http://www.pcextreme.nl/"

  # ShodanHQ results as at 2011-03-07 #
  # 17 for Server PCX -PCX3000 -apache -IIS
  # All results are from Netherlands

  # Matches #
  @matches = [

    # Header Image
    { url: "/img/header_normal.png", md5: "f6803df276fd181667f3e6975b12b3dc" },

    # This server is owned by text
    { text: '<p class="content" align="center">Deze server is eigendom van <a href="http://www.pcextreme.nl/">PCextreme B.V.</a></p>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTP Server Header
    if /^PCX\/(No-Cache|Dynamic)/.match?(target.headers["server"])

      # Server: PCX/No-Cache # Server: PCX/Dynamic
      m << { name: "HTTP Server Header" }

      # PHP Version Detection
      m << { string: "PHP:" + target.body.scan(/<td class="content">([^\s]+) \(<a href=".\/phpinfo.php" target="_blank">phpinfo<\/a>\)<\/td>/).flatten } if target.body =~ /<td class="content">([^\s]+) \(<a href=".\/phpinfo.php" target="_blank">phpinfo<\/a>\)<\/td>/

    end

    # Return passive matches
    m
  end
end

#PEARObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/pear.rb', line 9

WhatWeb::Plugin.define "PEAR" do
  @author = "Brendan Coles <[email protected]>" # 2012-11-16
  @version = "0.1"
  @description = "PEAR - PHP Extension and Application Repository - PEAR is a framework and distribution system for reusable PHP components."
  @website = "http://pear.php.net/"

  # Google results as at 2012-011-16 #
  # 47 for intitle:"PEAR :: PEAR_Info" "auto_discover"

  # Dorks #
  @dorks = [
    'intitle:"PEAR :: PEAR_Info" "auto_discover"'
  ]

  # Matches #
  @matches = [

    # Detect Number of Installed Packages
    { string: /<h2><a id="top0">([\d]+ Installed Packages), Channel / },

    # Module Detection
    { module: /<h2><a id="pkg_([^\s^\"]+)"><\/a><a/ },

    # Title
    { certainty: 75, text: '<title>PEAR :: PEAR_Info()</title>' },

    # Filepath Detection
    { filepath: /<tr class="v">\s+<td class="e">www_dir<\/td>\s+<td>([^<]+)<\/td>\s+<\/tr>/ },

  ]
end

#PegaRULESObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/whatweb/plugins/pegarules.rb', line 9

WhatWeb::Plugin.define "PegaRULES" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "PegaRULES Process Commander is BPM software from Pega. Many of the world's leading organizations use Pega to drive revenue growth, improve customer experience, and enhance operational efficiency. Pega's unified offering is recognized by industry analysts as a leader in CRM, BPM, case management and business rules"
  @website = "http://www.pega.com/"

  # extra URLs /prweb/

  # Google results as at 2012-10-06 #
  # 4 for inurl:"prweb/PRServlet" intitle:"Welcome to PegaRULES"

  # ShodanHQ results as at 2012-10-06 #
  # 3 for prweb/PRServlet

  # Dorks #
  @dorks = [
    'intitle:"Welcome to PegaRULES"',
    'inurl:/prweb/PRServlet/'
  ]

  # Matches #
  @matches = [

    # Pega-RULES Cookie
    { name: 'cookie', search: "headers[set-cookie]", text: "Pega-RULES" },

    # Title
    { name: 'title', text: '<title> Welcome to PegaRULES </title>' },

    # Footer
    { name: 'copyright footer', regexp: /<span>[^<]+Copyright[^<]+Pegasystems Inc/m },

    # favicon
    { name: 'shortcut icon', text: '<LINK REL="SHORTCUT ICON" HREF="images/pzPegaIcon.ico">' },

    # Version Detection
    { version: /td style="text-align: center;"><span id="ProductVersion" class="ProductVersion">Version ([^<]+)<\/span><\/td/ },

    # Login Page # HTML Comment
    { text: '<!-- B-12380 avoid reuse/repost of username/password -->' },

    # Error Page
    { text: '<HEAD><H3>Unable to logon to the PegaRULES system.</H3></HEAD>' },

    # 403 Forbidden Page
    { regexp: /<TR><TD>\s+<FONT face="Helvetica">\s+Your system policy has denied access to the requested URL\.\s+<\/FONT>/ },

  ]
end

#PerlObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Added content-type application/perl match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/perl.rb', line 12

WhatWeb::Plugin.define "Perl" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.2"
  @description = "Perl is a highly capable, feature-rich programming language with over 22 years of development."
  @website = "http://www.perl.org/"

  # About 309934 ShodanHQ results for "server: perl/v" @ 2010-10-26

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    m << { version: target.headers["server"].to_s.scan(/[^\r^\n]*Perl\/v([^\s^\r^\n]+)/i).flatten } if target.headers["server"].to_s =~ /[^\r^\n]*Perl\/v([^\s^\r^\n]+)/i

    # HTTP Content-Type Header
    m << { name: "application/perl" } if target.headers["content-type"] =~ /application\/perl/i

    m
  end
end

#PhilBoardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection and ghdb match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/philboard.rb', line 12

WhatWeb::Plugin.define "PhilBoard" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-27
  @version = "0.2"
  @description = "PhilBoard - ASP powered forum"
  @website = "http://www.philboards.com/"

  # 47 results for "powered by philboard" -Vulnerabilities -Vulnerability @ 2010-06-27

  @matches = [

    # GHDB Match
    { ghdb: '"powered by philboard" inurl:philboard.asp', certainty: 75 },

    # Version detection # Default logo HTML
    { version: /<img src="images\/philboard_small.gif" alt="powered by philboard [v]*([\d\.]+)" width="76" height="21" border="0" align="middle">/ },

  ]
end

#PhorumObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/phorum.rb', line 9

WhatWeb::Plugin.define "Phorum" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-25
  @version = "0.1"
  @description = "Phorum - Forum - Requires PHP and MySQL"
  @website = "http://www.phorum.org/"

  # Google results as at 2011-10-25 #
  # 364 for "This forum is powered by Phorum."

  # Dorks #
  @dorks = [
    '"This forum is powered by Phorum."'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { regexp: /powered by <a href="http:\/\/www\.phorum\.org\/"( target="_blank")?>Phorum<\/a>\./ },

    # HTML Comment
    { certainty: 75, text: '<!-- end of div id=user-info -->' },

  ]
end

#PhotoStoreObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/photostore.rb', line 9

WhatWeb::Plugin.define "PhotoStore" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-05
  @version = "0.1"
  @description = "PhotoStore allows you to setup a complete photo selling website on your server or hosting space and in just minutes you can start selling photos on your website."
  @website = "http://www.ktools.net/photostore/sell-photos-online/"

  # 339 for "Powered By PhotoStore" "Sell Photos Online by Ktools.net LLC"
  #   8 for "PhotoStore Version" inurl:login.php

  # Dorks #
  @dorks = [
    '"Powered By PhotoStore" "Sell Photos Online by Ktools.net LLC"'
  ]

  # Matches #
  @matches = [

    # PhotoStore # Powered by text
    { text: 'Powered By <a href="http://www.ktools.net/photostore/index.php" title="Sell your photos online with PhotoStore, online proofing and sales." target="_blank"><u>PhotoStore | Sell Photos Online</u></a> by <a href="http://www.ktools.net" title="Ktools LLC" target="_blank"><u>Ktools.net LLC</u></a>' },

    # PhotoShow # Powered by text
    { text: 'Powered By <a href="http://www.ktools.net/photoshow/index.php" title="Show your photos online with PhotoShow, an online photo gallery." target="_blank"><u>PhotoShow | Photo Gallery</u></a> by <a href="http://www.ktools.net" title="Ktools LLC" target="_blank"><u>Ktools.net LLC</u></a>' },

    # Search input
    { text: '<b>Search:</b> <input type="textbox" name="search" class="search_box">' },

    # Version Detection # Login Page
    { version: /<td align="center" class="footer">PhotoStore Version[\s]+<b>([^<^\s]+)<\/b> Installed<\/td>/ },

    # Login Page # form action="mgr_actions.php?pmode=login"
    { text: '<form action="mgr_actions.php?pmode=login" name="login_form" method="post">' },

    # Login Page # body
    { text: '<body bgcolor="#13387E" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" onLoad="document.login_form.username.focus();">' },

  ]
end

#PHPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.6 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.5 # 2011-08-23 # Andrew Horton

Version 0.4 # 2011-05-25 # Brendan Coles <[email protected]> Merged php-error plugin and PHP plugin Added aggressive version detection using PHP credits page Added detection for “PHP Warning” HTTP header

Version 0.3 # 2011-03-26 # Brendan Coles <[email protected]> Added module detection

Version 0.2 # 2011-01-19 # Brendan Coles <[email protected]> Updated regex matches



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/whatweb/plugins/php.rb', line 25

WhatWeb::Plugin.define "PHP" do
  @author = "Andrew Horton & Brendan Coles" # 2010-10-26
  @version = "0.6"
  @description = "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. This plugin identifies PHP errors, modules and versions and extracts the local file path and username if present."
  @website = "http://www.php.net/"

  # ShodanHQ results as at 2011-05-25 #
  # 5,345,848 for "server: PHP"
  # 3,565,299 for "X-Powered-By: PHP"
  # 189 for php-warning
  # 30 for Error parsing on line

  # Google results as at 2011-05-25 #
  # 478 for PHP warning|error "in /home/*.php on line" ext:php -forum
  # 463 for warning|error PHP inurl:error_log "in /home/*.php on line"
  # 33 for PHP warning|error "in C:\Documents and Settings\*.php on line" ext:php -forum

  # Dorks #
  @dorks = [
    'PHP warning|error "in /home/*.php on line" ext:php -forum',
    'warning|error PHP inurl:error_log "in /home/*.php on line"'
  ]

  # Matches #
  @matches = [

    # Aggressive # Version Detection # Credits Page
    { url: "/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000", version: /<tr class="h"><th colspan="2">PHP (\d) Authors<\/th><\/tr>/ },
    { url: "/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000", version: /<tr class="h"><th>PHP ([\d\.]+) Quality Assurance Team<\/th><\/tr>/ },

    # PHP-Error # Extract local file path
    { filepath: /<b>(Warning|Fatal error)<\/b>: .* in <b>([^<]+)<\/b> on line <b>[0-9]+<\/b><br \/>/, offset: 1 },

    # PHP-Error # Extract username from unix style file path
    { account: /<b>(Warning|Fatal error)<\/b>: .* in <b>\/home\/([^<^\/]+)\/[^<]*<\/b> on line <b>[0-9]+<\/b><br \/>/, offset: 1 },

    # PHP-Error # Extract username from windows style file path
    { account: /<b>(Warning|Fatal error)<\/b>: .* in <b>[A-Z]{1}:\\(Documents and Settings|Users)\\([^<^\\]+)\\[^<]*<\/b> on line <b>[0-9]+<\/b><br \/>/i, offset: 2 },

    # HTTP # Server # Version Detection
    { version: /[^\r^\n]*PHP\/([^\s^\r^\n]+)/, search: "headers[server]" },

    # HTTP # Server # Module Detection
    { module: /[^\r^\n]*PHP\/[^\s^\r^\n]+ with (Hardening-Patch|Suhosin-Patch)/, search: "headers[server]" },

    # HTTP # X-Powered-By
    { version: /[^\r^\n]*PHP\/([^\s^\r^\n]+)/, search: "headers[x-powered-by]" },

    # HTTP # X-Powered-By # Module Detection
    { module: /[^\r^\n]*PHP\/[^\s^\r^\n]+ with (Hardening-Patch|Suhosin-Patch)/, search: "headers[x-powered-by]" },

    # PHP Error # PHP HTTP Header
    { regexp: /^Error parsing (.+) on line [\d]+$/, search: "headers[php]" },

    # Local Filethpath Detection # PHP HTTP Header
    { filepath: /^Error parsing (.+) on line [\d]+$/, search: "headers[php]" },

    # Account Detection # PHP HTTP Header
    { filepath: /^Error parsing \/home\/([^\/]+)\/.+ on line [\d]+$/, search: "headers[php]" },

    # PHP Warning Header
    { name: "PHP Warning Header", regexp: //, search: "headers[php warning]" },

  ]
end

#PHP121Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/php121.rb', line 9

WhatWeb::Plugin.define "PHP121" do
  @author = "Brendan Coles <[email protected]>" # 2010-12-28
  @version = "0.1"
  @description = "PHP121 is a web based instant messenger - written entirely in PHP. This means that it will work in any browser on any operating system including Windows and Linux, anywhere! If traditional messaging programs like MSN Messenger or Yahoo! Messenger are blocked at your school or workplace, PHP121 will still work."

  # 112 results for "Powered by PHP121" @ 2010-12-28

  # Dorks #
  @dorks = [
    '"Powered by PHP121"'
  ]

  @matches = [

    # Default title
    { text: '<title>PHP121 - Please login or register</title>' },
    { text: '<title>PHP121 - New User</title>' },

    # Version detection # Powered by footer
    { version: /<center>Powered by <a target="_blank" style="TEXT-DECORATION: none; COLOR: #000066; FONT-SIZE: 10px" href="http:\/\/www.php121.com"><U>PHP121<\/U><\/a> v([\d\.]+)<\/center>/ },

  ]
end

#phpATMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/phpatm.rb', line 9

WhatWeb::Plugin.define "phpATM" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-22
  @version = "0.1"
  @description = "phpATM (PHP Advanced Transfer Manager) is a free, open source, PHP based Upload and Download manager. But unlike most other of its kind it stores the data in flat text files and therefore does not require a database like MySQL installed on the web server."
  @website = "http://phpatm.org/"

  # 304 for "Powered by phpATM"
  # 91 for "Powered by phpATM" inurl:"viewer_bottom.php"

  # Dorks #
  @dorks = [
    '"Powered by phpATM" inurl:"viewer_bottom.php"'
  ]

  # Matches #
  @matches = [

    # Frameserv
    { text: '<frame name="viewer_bottom" src="viewer_bottom.php?file=' },

    # Version Detection # Powered by footer
    { version: /<div id="phpatm">(<br>)?<a href="http:\/\/phpatm\.org\/" target="_blank" title="Powered by PHP Advanced Transfer Manager v([^"]+)">Powered by phpATM<\/a><br><\/div>/, offset: 1 },

  ]
end

#phpBazarObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpbazar.rb', line 9

WhatWeb::Plugin.define "phpBazar" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-29
  @version = "0.1"
  @description = "PHP3/PHP4/mySql Classified AD and/or Matchmaking"
  @website = "http://www.smartisoft.com/"

  # Google results as at 2011-01-29 #
  # 12 for intitle:"phpBazar-AdminPanel" -intitle

  # Dorks #
  @dorks = [
    'intitle:"phpBazar-AdminPanel" -intitle'
  ]

  # Matches #
  @matches = [

    # Default Title
    { text: "<title>phpBazar-AdminPanel</title>", module: "Admin Page" },

    # Default login message
    { text: "<br>Login to phpBazar with Admin- or Moderator-Level & use the Administration-Functions! ->" },

    # Version Detection # Footer text
    { version: /<p><div class="footer">phpBazar Ver. ([\d\.]+) &copy 2001\-[\d]{4} by <a href="http:\/\/www.smartisoft.com[\/]?" target="_blank">SmartISoft<\/a><\/div>/ },

  ]
end

#phpBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # Fixed Changelog version detection now prefixed with >

Version 0.2 # remove :certainty and :name, change :regexp to :text



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/whatweb/plugins/phpbb.rb', line 15

WhatWeb::Plugin.define "phpBB" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "phpBB is a free forum"
  @website = "http://phpbb.org/"

  # Dorks #
  @dorks = [
    '"Powered by phpBB"'
  ]

  #
  # Set-Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; expires=Monday, 22-Nov-10 12:21:54 GMT; path=/
  # Set-Cookie: phpbb2mysql_sid=8e6085bf4b138a7576f3701370e4d2b3; path=/
  #
  # Set-Cookie: ghfv3_u=1; expires=Mon, 22-Nov-2010 12:22:08 GMT; path=/; domain=.globalhardstyle.com; HttpOnly
  # Set-Cookie: ghfv3_k=; expires=Mon, 22-Nov-2010 12:22:08 GMT; path=/; domain=.globalhardstyle.com; HttpOnly
  # Set-Cookie: ghfv3_sid=77a3fe24f8b5c3327c6bdcf11e6a51dd; expires=Mon, 22-Nov-2010 12:22:08 GMT; path=/; domain=.globalhardstyle.com; HttpOnly
  #
  # Set-Cookie: phpbb3_bzhya_u=1; expires=Mon, 22-Nov-2010 12:20:58 GMT; path=/; domain=.sgscwelisten.com; HttpOnly
  # Set-Cookie: phpbb3_bzhya_k=; expires=Mon, 22-Nov-2010 12:20:58 GMT; path=/; domain=.sgscwelisten.com; HttpOnly
  # Set-Cookie: phpbb3_bzhya_sid=1148a65e6041640b22c3b16044125469; expires=Mon, 22-Nov-2010 12:20:58 GMT; path=/; domain=.sgscwelisten.com; HttpOnly

  # Matches #
  @matches = [

    { text: '<!-- link rel="stylesheet" href="templates/subSilver/subSilver.css' },
    { text: '/images/logo_phpBB.gif', certainty: 75 },
    { text: 'We request you retain the full copyright notice below including the link to www.phpbb.com.' },

    { name: "Powered by...",
      regexp: /Powered by <a href="http:\/\/www.phpbb.com\/"( target="_phpbb")?( class="copyright")?>phpBB<\/a>[ ]+&copy;[ 0-9,\.]+ phpBB Group/ },

    # Powered by <a href="http://www.phpbb.com/" target="_phpbb">phpBB</a>  &copy; phpBB Group<br />
    # Powered by <a href="http://www.phpbb.com/">phpBB</a> &copy; 2000, 2002, 2005, 2007 phpBB Group
    # Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a>  &copy; 2001, 2002 phpBB Group
    # Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> &copy; 2001, 2005 phpBB Group

    { name: "folder icons",
      regexp: /<td width="20" align="center"><img src="[^"]+images\/folder_new_big.gif" alt="New posts"\/><\/td>/ }, # "

    { name: "In total there are x users online ::",
      regexp: /In total there are <b>[0-9]+<\/b> users online :: [0-9]+ Registered, [0-9]+ Hidden and [0-9]+ Guests/ },

    # Version Detection # Cookie
    { search: "headers[set-cookie]", version: /phpbb([\d])mysql_(data=a%3A|sid=[a-f\d]{32};)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    if /([^ ]+)_u=1; expires/.match?(target.headers["set-cookie"])
      p = target.headers["set-cookie"].scan(/([^ ]+)_u=1; expires/).flatten.first
      m << { name: "phpbb3 _u, _k, _sid cookies", version: "3" } if target.headers["set-cookie"] =~ /#{p}_u=.*#{p}_k=.*#{p}_sid=[0-9a-z]{32}/
    end

    # Return passive matches
    m
  end

  # Aggressive #
  def aggressive(target)
    m = []

    url = URI.join(target.uri.to_s, "docs/CHANGELOG.html").to_s
    new_target = WhatWeb::Target.new(url)

    unless new_target.body.nil?
      # /docs/CHANGELOG.html
      # <li><a href="#v303">Changes since 3.0.3</a></li>
      # <li><a href="#2018">Changes since 2.0.18</a></li>
      if /<li><a href="[^"]+">Changes since ([0-9\.]+)<\/a><\/li>/.match?(new_target.body)
        v = new_target.body.scan(/<li><a href="[^"]+">Changes since ([0-9\.]+)<\/a><\/li>/).flatten.first
        m << { name: "phpbb changelog", version: ">" + v }
      end
    end

    # Return aggressive matches
    m
  end
end

#PHPCityportalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/phpcityportal.rb', line 9

WhatWeb::Plugin.define "PHPCityportal" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-07
  @version = "0.1"
  @description = "PHPCityportal - build your own business portal - Requires PHP and MySQL"
  @website = "http://phpcityportal.com/"

  # Google results as at 2011-12-07 #
  # 28 for "Powered by PHPCityPortal.com" inurl:"login.php"

  # Dorks #
  @dorks = [
    '"Powered by PHPCityPortal.com" inurl:"login.php"'
  ]

  # Matches #
  @matches = [

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="Cr8Soft" />' },

    # Powered by link
    { text: '<center><a href="http://phpcityportal.com">Powered by PHPCityPortal.com</a></center><p>' },

    # Powered by link # Older Versions
    { text: '<center><a href="http://www.phpcityportal.com/index.php">Powered by PHPCityPortal.com</a></center>' },

    # frm_login_left
    { text: '<form id="frm_login_left" name="frm_login_left" action="includes/check_user.php" method="post">' },

    # frm_login_left # Older Versions
    { text: '<form id="frm_login_left" name="frm_login_left" action="includes/check_user.php.inc" method="post">' },

  ]
end

#phpCollabObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/phpcollab.rb', line 9

WhatWeb::Plugin.define "phpCollab" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "phpCollab is an open source internet-enabled system for use in projects that require collaboration over the internet."
  @website = "http://www.php-collab.org/"

  # Google results as at 2011-04-17 #
  # 10 for "PhpCollab" inurl:/general/login.php

  # Dorks #
  @dorks = [
    '"PhpCollab" inurl:/general/login.php'
  ]

  # Matches #
  @matches = [

    # Version Detection # HTML Comment
    { version: /^<!-- Powered by PhpCollab v([\d\.]+) \/\/-->$/ },

    # Version Detection # footer text
    { version: /^<p id="footer">PhpCollab v([\d\.]+)[\s]*<\/p>$/ },

  ]
end

#PHPCowObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/phpcow.rb', line 9

WhatWeb::Plugin.define "PHPCow" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-16
  @version = "0.1"
  @description = "PHPCow news publishing content management system - Homepage [offline] : http://www.phpcow.com/"

  # Google results as at 2011-03-16 #
  # 129 for "powered by PHPCow.com"

  # Dorks #
  @dorks = [
    '"powered by PHPCow.com"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    # $395 to remove the "Powered by PHPCOW" (unconfirmed)
    { text: '<b>Powered by</b>: <a href="http://www.phpcow.com" target="_blank" style="color: #000000">PHPCow.com</a>' },
    { text: '<b>Powered by</b>: <a href="http://www.phpcow.com" target="_blank" style="color: #000000" title="PHPCow news publishing script, content management system">PHPCow.com</a>' },

    # Meta Description
    { text: '<meta name="Description" content="PHPCow news publishing content management system" />' },

    # Meta Keywords
    { text: '<meta name="Keywords" content="phpcow, news publishing, article publishing, cms" />' },

  ]
end

#phpDealerLocatorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpdealerlocator.rb', line 9

WhatWeb::Plugin.define "phpDealerLocator" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-16
  @version = "0.1"
  @description = "phpDealerLocator is a full featured zip code locator software - Requires: PHP and MySQL"
  @website = "http://www.yourphppro.com/version/en-us/content/page_4.html"

  # Google results as at 2011-08-16 #
  # 7 for inurl:Locator/record.php?Dealer_ID

  # Dorks #
  @dorks = [
    'inurl:Locator/record.php?Dealer_ID'
  ]

  # Matches #
  @matches = [

    # select class="PythonSelect"
    { text: '<select class="PythonSelect" name="s_Dealer_Radius">' },

    # record.php
    { text: "</td></tr></table><b>Database error:</b> Invalid SQL: SELECT Cat_Text FROM ( dealer_category_matrix RIGHT JOIN dealers ON dealers.Dealer_ID = dealer_category_matrix.DCM_Dealer_ID ) RIGHT JOIN category ON dealer_category_matrix.DCM_Cat_ID = category.Cat_ID WHERE Dealer_ID =  AND (Dealer_Publish = 'Y') AND (Dealer_Approved = 'Y')<br>" },

    # label for="Dealer_Radiuss_Dealer_Zip"
    { text: '<td><label for="Dealer_Radiuss_Dealer_Zip">Zipcode/Postal Code</label></td>' },

  ]
end

#phpDenoraObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpdenora.rb', line 9

WhatWeb::Plugin.define "phpDenora" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "phpDenora is the Web Frontend to the Denora Stats Server and provides a complete, nice looking and solid Interface featuring detailed network, channel and user statistics, graphical outputs, multilanguage and template systems, all by following modern web standards. Requires PHP 4.3.1+ and PHP MySQL module"
  @website = "http://denorastats.org/"

  # Google results as at 2011-03-13 #
  # 253 for "powered by phpDenora" intitle:"phpDenora"

  # Dorks #
  @dorks = [
    '"powered by phpDenora" intitle:"phpDenora"'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 25, ghdb: '"powered by phpDenora" intitle:"phpDenora"' },

    # Network Detection # Meta Description
    { string: /<meta name="Description" content="IRC Statistics for (.+) powered by phpDenora" \/>/ },

    # Version Detection # Powered by link
    { version: /<td><h6 class="right">Powered by <a href="http:\/\/(phpdenora.pimpmylinux.org|denorastats.org)\/">phpDenora<\/a> v([^<]+)<\/h6><\/td>/, offset: 1 },

  ]
end

#PHPDirectorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-19 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/phpdirector.rb', line 12

WhatWeb::Plugin.define "PHPDirector" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-24
  @version = "0.2"
  @description = "PHPDirector is a content management system that allows users to create there own video sharing websites."
  @website = "http://www.phpdirector.co.uk/"

  # Google results as at 2010-07-24 #
  # 181 for "powered by PHP Director"

  # Dorks #
  @dorks = [
    '"powered by PHP Director"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /<a href="http:\/\/www.phpdirector.co.uk\/">Powered by PHP Director ([\d\.]+)<\/a>/ },

  ]
end

#phpDocumentorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/phpdocumentor.rb', line 9

WhatWeb::Plugin.define "phpDocumentor" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-20
  @version = "0.1"
  @description = "phpDocumentor, sometimes referred to as phpdoc or phpdocu, is the current standard auto-documentation tool for the php language. Similar to Javadoc, and written in php, phpDocumentor can be used from the command line or a web interface to create professional documentation from php source code."

  # Google results as at 2011-05-20 #
  # 10 for intitle:"docBuilder - phpDocumentor web interface"
  #  8 for intitle:"docBuilder - phpDocumentor web interface" -svn

  # Dorks #
  @dorks = [
    'intitle:"docBuilder - phpDocumentor web interface"'
  ]

  # Matches #
  @matches = [

    # Default title
    { certainty: 75, text: '<title>docBuilder - phpDocumentor web interface</title>' },

    # Frameset # Meta Description
    # Note the "phpDcoumentor" typo # several websites used this meta description
    # It does not seem to be unique to a particular version
    { text: '<meta name="Description" content="Frameset for phpDcoumentor docBuilder web interface">' },

    # Frameset # Meta Description
    { text: '<meta name="Description" content="Frameset for phpDocumentor docBuilder web interface">' },

    # docbuilder/actions.php # extract local file path
    { filepath: /<input type="text" name="fileName" value="([^"]+)" size="60" class="text" \/>/ },

    # docbuilder/config.php # Version Detection # title
    { version: /	<title>\n		Form to submit to phpDocumentor v([^\s]+)	<\/title>/ },

    # docbuilder/top.php # Version Detection
    { version: /<span class="title"><strong>docBuilder<\/strong> :: phpDocumentor v([^\s]+) Web Interface<\/span>/ },

  ]
end

#PHPEasyDataObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website parameter and description

Version 0.2 # Updated regex and version detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/php-easy-data.rb', line 15

WhatWeb::Plugin.define "PHPEasyData" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-16
  @version = "0.3"
  @description = "PHPEasyData is a French Content Management System"
  @website = "http://www.phpeasydata.com/"
  # Dorks #
  @dorks = [
    '"powered by PHPEasyData"'
  ]

  # 12 results for "powered by PHPEasyData" @ 2010-08-15

  @matches = [

    # Admin page
    { text: "<div id='phpeasydata_container'  >" },
    { text: '  <head><title>PhpEasyData login page</title>' },

    # Version detection # Powered by text
    { version: /<a[^>]*href="http:\/\/www.(phpeasydata.com|freewebmaster-scripts.com\/phpeasydata)[^>]*>PHPEasyData[\s]*([^<]+)<\/a>/ },
    { version: /n main de pages dynamiques. " target="_blank"[\s]*>PhpEasyData[\s]*([^<]+)<\/a><\/b>/ },

  ]
end

#PHPFMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website parameter and updated description

Version 0.2 # 2011-02-24 # Updated version detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpfm.rb', line 15

WhatWeb::Plugin.define "PHPFM" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-09
  @version = "0.3"
  @description = "PHP-Fusion is a lightweight open source content management system (CMS). It uses PHP and MySQL."
  @website = "http://www.php-fusion.co.uk/"

  # Google results as at 2010-06-09 #
  # 36,400 for "powered by PHPFM" -username

  # Dorks #
  @dorks = [
    '"powered by PHPFM" -username'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /Powered by <a href='http:\/\/phpfm.zalon.dk\/' target='_new' class='bottom'>PHPFM<\/a> ([\d\.]+)<\/td>/ },

  ]
end

#phpFoxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/phpfox.rb', line 9

WhatWeb::Plugin.define "phpFox" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-21
  @version = "0.1"
  @description = "phpFox is a featured packed social networking solution that creates communities with features found on major social networking websites like Facebook and MySpace."
  @website = "http://www.phpfox.com/"

  # 336 for "Powered By phpFox Version"

  # Dorks #
  @dorks = [
    '"Powered By phpFox Version"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /Powered By <a href="http:\/\/www\.phpfox\.com\/"[^>]*>phpFoX<\/a> Version ([\d\.]+)/ },
    { version: /<a href="http:\/\/www\.phpfox\.com\/"[^>]*>Powered by phpFoX Version ([\d\.]+)<\/a>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Meta Generator (is base64 of "phpFox") or Meta Author
    if target.body =~ /<meta name="generator" content="cGhwRm94" \/>/ || target.body =~ /<meta name="author" content="phpFox" \/>/

      m << { name: "Meta Tags" }

      # Version Detection # Meta Version # base64 encoded
      if /<meta name="version" content="([^"]+)" \/>/.match?(target.body)
        version = target.body.scan(/<meta name="version" content="([^"]+)" \/>/).flatten.first
        m << { version: Base64.decode64(version).to_s }
      end
    end

    # phpfox(x)visit cookie
    if /phpfox[\d]visit=[\d]+;/.match?(target.headers["set-cookie"])
      m << { name: "phpfox(x)visit cookie" }
    end

    # Return passive matches
    m
  end
end

#phpFreeChatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated GHDB match and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/phpfreechat.rb', line 12

WhatWeb::Plugin.define "phpFreeChat" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-12
  @version = "0.2"
  @description = "phpFreeChat is a free, simple to install, fast, customizable and multi languages chat that uses a simple filesystem for message and nickname storage."
  @website = "http://www.phpfreechat.net/"

  # About 434,000 results for "powered by phpfreechat" @ 2010-06-12

  # Dorks #
  @dorks = [
    '"powered by phpfreechat"'
  ]

  @matches = [

    # GHDB Match
    { ghdb: '"powered by phpfreechat"', certainty: 75 },

    # Version detection # Default logo HTML
    { version: /<img src="http:\/\/www.phpfreechat.net\/pub\/logo[2]*_80x15.gif" alt="PHP FREE CHAT \[powered by phpFreeChat-([\d\.\-a-z]*)\]"/ },

  ]
end

#PHPGradeBookObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/phpgradebook.rb', line 9

WhatWeb::Plugin.define "PHPGradeBook" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-23
  @version = "0.1"
  @description = "PHP_GradeBook is a program for teachers to input students points for assignments and keep a running online tally for the students to view online."
  @website = "http://sourceforge.net/projects/php-gradebook/"

  # Google results as at 2012-03-23 @
  # 3 for inurl:"admin" intitle:"phpGradeBook"

  # Dorks #
  @dorks = [
    'inurl:"admin" intitle:"phpGradeBook"'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 75, text: '<title>phpGradeBook</title> ' },

    # Homepage Link # Version Detection
    { version: /<a href='http:\/\/phpGradeBook\.com'>PHP_GradeBook<\/a> ([^C^\n]+) Created by Robert/ },

    # Footer # Version Detection
    { version: /<small>PHP_GradeBook ([^C^\n]+) Created by Robert/ },

    # It appears that phpGradeBook's Database has not been installed yet.
    { md5: "9761e989848ed31a7d7a5a5411197281" },

  ]
end

#phpGraphyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/phpgraphy.rb', line 9

WhatWeb::Plugin.define "phpGraphy" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-06
  @version = "0.1"
  @description = "phpGraphy is a free PHP photo gallery script released under GPL license."
  @website = "http://phpgraphy.sourceforge.net/"

  # Google results as at 2011-05-06 #
  # 397 for "This site is using phpGraphy" -intitle
  # 389 for "This site is using phpGraphy" -intitle intitle:"my phpGraphy site"

  # Dorks #
  @dorks = [
    '"This site is using phpGraphy" -intitle'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<title>my phpGraphy site</title>' },

    # Version Detection # Powered by footer
    { version: /This site is using <a href="http:\/\/phpgraphy\.sourceforge\.net\/">phpGraphy<\/a>\n([^\s]+) - Page generated in [\d\.]+s\.<\/div><!--\/\/footer-->/ },

  ]
end

#phpGreetCardsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/phpgreetcards.rb', line 9

WhatWeb::Plugin.define "phpGreetCards" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-01
  @version = "0.1"
  @description = "PHP greeting card mailer"
  @website = "http://www.w2b.ru/webapplications/index.php"

  # Dorks #
  @dorks = [
    '"Powered by phpGreetCards"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<td align="right"><font color="#b8c2cc">Powered by <a href="http://www.w2b.ru/webapplications/index.php" target="_blank">phpGreetCards</a>, ' },
    { text: '<td align="right"><font color="#b8c2cc">Powered by <a href="http://www.w2bpm.com/index.php?cat=phpGreetCards" target="_blank">phpGreetCards</a>, ' },

  ]
end

#phPhotoAlbumObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-21 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phphotoalbum.rb', line 12

WhatWeb::Plugin.define "phPhotoAlbum" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-14
  @version = "0.2"
  @description = "PHP Photo Album"
  @website = "http://www.phphq.net/?script=phPhotoAlbum"

  # Google results as at 2010-08-14 #
  # 4 for "powered by PHPhotoalbum" intitle:My Picture Album"

  # Dorks #
  @dorks = [
    '"powered by PHPhotoalbum" intitle:My Picture Album"'
  ]

  # Matches #
  @matches = [

    # Default Title
    { text: '<title>My Picture Album</title>', certainty: 75 },

    # Version Detection # powered by footer text
    { version: /<td align="right"><font style="font-face:Verdana; font-size:9; font-color:#000000;">Powered By: <a href="http:\/\/www.phphq.net\/\?script=phPhotoAlbum" target="_blank"><b>phPhotoAlbum v([\d\.]+)<\/b><\/a><\/font><\/td>/ },

  ]
end

#phpinfoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-06 # Updated OS detection

Version 0.2 # 2011-01-21 # Updated version detection Updated examples Added OS detection Added document root detection Added cpanel credentials detection



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/whatweb/plugins/phpinfo.rb', line 19

WhatWeb::Plugin.define "phpinfo" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-07
  @version = "0.3"
  @description = "This plugin detects instances of phpinfo() results and extracts the operating system, PHP version, document root and remote cpanel credentials."

  # Google Results as at 2011-01-21 #
  # 52 for intitle:"phpinfo()" "mysql.default_password" "Zend Scripting Language Engine"
  # 33 for inurl:"phpinfo.php" intitle:"phpinfo()" "mysql.default_password"

  # Dorks #
  @dorks = [
    'intitle:"phpinfo()" "mysql.default_password" "Zend Scripting Language Engine"',
    'inurl:"phpinfo.php" intitle:"phpinfo()" "mysql.default_password"'
  ]

  # Passive #
  def passive(target)
    m = []

    # Check if the document is a valid phpinfo() file
    if target.body =~ /<title>phpinfo\(\)<\/title>/ && (target.body =~ /<h1 class="p">PHP Version [^<]{3,40}<\/h1>/ || target.body =~ /<h1>PHP Version [^<]{3,40}<\/h1>/)

      # PHP Version Detection
      m << { version: target.body.scan(/<h1 class="p">PHP Version ([^<]{3,40})<\/h1>/).flatten.first } if target.body =~ /<h1 class="p">PHP Version [^<]{3,40}<\/h1>/
      m << { version: target.body.scan(/<h1>PHP Version ([^<]{3,40})<\/h1>/).flatten.first } if target.body =~ /<h1>PHP Version [^<]{3,40}<\/h1>/

      # OS Detection
      m << { os: target.body.scan(/<tr><td class="e">System[\s]?<\/td><td class="v">([^<]{10,256})[\s]?<\/td><\/tr>/).flatten.first } if target.body =~ /<tr><td class="e">System[\s]?<\/td><td class="v">[^<]{10,256}[\s]?<\/td><\/tr>/

      # cpanel Detection
      m << { module: "cpanel" } if target.body =~ /<tr><td class="e">SERVER_SOFTWARE[\s]?<\/td><td class="v">cpaneld[\s]?<\/td><\/tr>/

      # REMOTE_PASSWORD
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">REMOTE_PASSWORD[\s]?<\/td><td class="v">([^<]{3,256})[\s]?<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">REMOTE_PASSWORD[\s]?<\/td><td class="v">[^<]{3,256}[\s]?<\/td><\/tr>/
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">[_A-Z]{3,16}\["REMOTE_PASSWORD"\]<\/td><td class="v">([^<]{3,256})<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">[_A-Z]{3,16}\["REMOTE_PASSWORD"\]<\/td><td class="v">[^<]{3,256}<\/td><\/tr>/

      # REMOTE_USER
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">REMOTE_USER[\s]?<\/td><td class="v">([^<]{3,256})[\s]?<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">REMOTE_USER[\s]?<\/td><td class="v">([^<]{3,256})[\s]?<\/td><\/tr>/
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">[_A-Z]{3,16}\["REMOTE_USER"\]<\/td><td class="v">([^<]{3,256})<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">[_A-Z]{3,16}\["REMOTE_USER"\]<\/td><td class="v">[^<]{3,256}<\/td><\/tr>/

      # REMOTE_HOST
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">REMOTE_HOST[\s]?<\/td><td class="v">([^<]{3,256})[\s]?<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">REMOTE_HOST[\s]?<\/td><td class="v">[^<]{3,256}[\s]?<\/td><\/tr>/
      m << { module: "cpanel", account: target.body.scan(/<tr><td class="e">[_A-Z]{3,16}\["REMOTE_HOST"\]<\/td><td class="v">([^<]{3,256})<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">[_A-Z]{3,16}\["REMOTE_HOST"\]<\/td><td class="v">[^<]{3,256}<\/td><\/tr>/

      # DOCUMENT_ROOT
      m << { filepath: target.body.scan(/<tr><td class="e">DOCUMENT_ROOT[\s]?<\/td><td class="v">([^<]{3,256})[\s]?<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">DOCUMENT_ROOT[\s]?<\/td><td class="v">[^<]{3,256}[\s]?<\/td><\/tr>/
      m << { filepath: target.body.scan(/<tr><td class="e">[_A-Z]{3,16}\["DOCUMENT_ROOT"\]<\/td><td class="v">([^<]{3,256})<\/td><\/tr>/).flatten } if target.body =~ /<tr><td class="e">[_A-Z]{3,16}\["DOCUMENT_ROOT"\]<\/td><td class="v">[^<]{3,256}<\/td><\/tr>/

    end

    m
  end
end

#PHPKITObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/phpkit.rb', line 9

WhatWeb::Plugin.define "PHPKIT" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-30
  @version = "0.1"
  @description = "PHPKIT WCMS - Web content management system to easily create your personal homepage, blog or business website."
  @website = "http://www.phpkit.com/"

  # Google results as at 2011-01-30 #
  # 11,700,000 for "PHPKIT ist eine eingetragene Marke der mxbyte GbR"
  # 12,000,000 for "Diese Website wurde mit PHPKIT WCMS erstellt"

  # Dorks #
  @dorks = [
    '"PHPKIT ist eine eingetragene Marke der mxbyte GbR"',
    '"Diese Website wurde mit PHPKIT WCMS erstellt"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="generator" content="PHPKIT WCMS \- Web Content Managment System \- mxbyte GbR copyright [\d]{4}\-[\d]{4}" \/>/ },
    { regexp: /<meta name="generator" content="PHPKIT WCMS Web Content Management System" \/>/ },

    # Meta Author
    { text: '<meta name="author" content="PHPKIT WCMS - Web Content Management System - Copyright mxbyte GbR" />' },

    # Copyright HTML
    { text: '<div id="pkcopyright"><a class="none" href="http://www.phpkit.com">PHPKIT ist eine eingetragene Marke der mxbyte GbR &copy;' },

    # Admin Page # Meta Description
    { text: '<meta name="description" content="PHPKIT, WCMS, Web Content Management System, Administration" />', module: "Admin Page" },

  ]
end

#phpLDAPadminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/phpldapadmin.rb', line 9

WhatWeb::Plugin.define "phpLDAPadmin" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-01
  @version = "0.1"
  @description = "phpLDAPadmin (also known as PLA) is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. "
  @website = "http://phpldapadmin.sourceforge.net/"

  # Google results as at 2011-08-01 #
  # 227 for "Home" "Purge caches" intitle:phpLDAPadmin

  # Dorks #
  @dorks = [
    '"Home" "Purge caches" intitle:phpLDAPadmin'
  ]

  # Matches #
  @matches = [

    # Version Detection # Frameset # Seen on versions 0.9.x and not 1.x
    { version: /<head><title>phpLDAPadmin - ([^\s^<]+)[\s]?<\/title><\/head>/ },

    # Version Detection # tree.php # Seen on versions 0.9.x and not 1.x
    { version: /<h3 class="subtitle" style="margin:0px">phpLDAPadmin - ([^\s^<]+)/ },

    # Version Detection # Title
    { version: /<title>phpLDAPadmin \(([^\s^\)]+)\) - <\/title>/ },

    # Version Detection # div id="ajFOOT"
    { version: /<div id="ajFOOT">([^\s^<]+)<\/div><a href="https:\/\/sourceforge\.net\/projects\/phpldapadmin">/ },

    # LDAP Server Name Detection
    { string: /<td class="icon"><img src="images\/[^\/^"]*\/server.png" alt="Server" \/><\/td><td class="name" colspan="2">([^<]+)<\/td><\/tr>/ },

  ]
end

#phplistObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/phplist.rb', line 9

WhatWeb::Plugin.define "phplist" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-04
  @version = "0.1"
  @description = "phplist is the world's most popular open source email campaign manager."
  @website = "http://www.phplist.com/"

  # 248 for "powered by phplist version" intitle:phplist

  # Dorks #
  @dorks = [
    '"powered by phplist version" intitle:phplist'
  ]

  # Matches #
  @matches = [

    # Misconfigured
    { text: '<html><head><title>Nothing here</title></head><body>' },
    { text: '<p>You probably want to be <a href="../">here</a> or <a href="admin/">here</a>.</p>' },

    # Meta Author
    { text: '<meta name="Author" content="Michiel Dethmers - http://www.phplist.com" />' },

    # Version Detection # Meta Powered By
    { version: /<meta name="Powered-By" content="phplist version ([^"]+)" \/>/ },

    # Version Detection # Powered by link
    { version: /<span class="urhere">phplist powered by <\/span><a class="urhere" href="http:\/\/www\.phplist\.com" target="_blank">phplist<\/a> - version ([^<]+)<\/td>/ },

  ]
end

#phpMailShareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/phpmailshare.rb', line 9

WhatWeb::Plugin.define "phpMailShare" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-18
  @version = "0.1"
  @description = "phpMailShare is a small php script that allows you to share emails with your friends. It uses IMAP to access your mail account and can be used with any mail server that provides IMAP access, including Gmail."
  @website = "tekreaders.com/blog/phpmailshare/"

  # Google results as at 2012-02-18 #
  # 1 for "Powered by phpMailShare"

  # Matches #
  @matches = [

    # Powered by link # Version Detection
    { version: /<div align="center">Powered by <a href="http:\/\/tekreaders\.com\/blog\/phpmailshare\/" target="_blank">phpMailShare<\/a> ([^<]+[\d\.\sa-z])<\/div>/ },

    # inbox link
    { text: '<a href="index.php?action=viewbox&amp;box=0">' },

  ]
end

#PhpMesFilmsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter and description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/php-mes-films.rb', line 12

WhatWeb::Plugin.define "PhpMesFilms" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.2"
  @description = "Film database powered by PHP. Website used to be http://phpmesfilms.dyndns.org/"

  # 21 results for "powered by PhpMesFilms" @ 2001-08-21

  # Dorks #
  @dorks = [
    '"powered by PhpMesFilms"'
  ]

  @matches = [

    { text: '		<title>PhpMesFilms - Administration</title>' },
    { text: '		<title>PhpMesFilms - Liste</title>' },
    { text: '		<title>PhpMesFilms - Fiche film</title>' },
    { text: '				powered by <a href="http://phpmesfilms.dyndns.org/">PhpMesFilms</a>' },

  ]
end

#phpMoneyBooksObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/phpmoneybooks.rb', line 9

WhatWeb::Plugin.define "phpMoneyBooks" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-23
  @version = "0.1"
  @description = "phpMoneyBooks - Open Source Financial Software - Requires: PHP/MySQL"
  @website = "http://phpmoneybooks.com/"

  # Google results as at 2011-03-23 #
  # 2 for "phpMoneyBooks" "Account ID" "password"

  # Dorks #
  @dorks = [
    '"phpMoneyBooks" "Account ID" "password"'
  ]

  # Matches #
  @matches = [

    # Login + Remember Me input
    { text: '<tr><td><center><input type="submit" name="B1" value="  Login  " class="button"></center></td><td><input type="checkbox" name="remember" value="1"> Remember Me</td></tr>' },

    # Footer # Version Detection
    { version: /<b>phpMoneyBooks: ([^\s]+) - Star Host Design, LLC &copy 20[\d]{2} <\/b><\/div>/ },
    { version: /<b><a href='http:\/\/phpMoneyBooks\.com'>phpMoneyBooks<\/a>: ([^\s]+) - <a href='http:\/\/StarHostDesign\.com'>Star Host Design, LLC &copy<\/a> 20[\d]{2} <\/b><\/div>/ },

  ]
end

#phpMumbleAdminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/phpmumbleadmin.rb', line 9

WhatWeb::Plugin.define "phpMumbleAdmin" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-08
  @version = "0.1"
  @description = "Php Mumble Admin is an administration panel control for murmur 1.2.0 and higher. It's communicate over ICE and It's designed for multiple servers."
  @website = "http://phpmumbleadmin.sourceforge.net/"

  # ShodanHQ results as at 2011-04-08 #
  # 101 for phpMumbleADMIN

  # Passive #
  def passive(target)
    m = []

    # Set-Cookie: phpMumbleADMIN_session
    m << { name: "phpMumbleADMIN_session Cookie" } if target.headers["set-cookie"] =~ /^phpMumbleADMIN_session=/

    # Return passive matches
    m
  end
end

#phpMyAdminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2016-05-1 # Brendan Coles Updated phpMyAdmin Cookie

Version 0.4 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array

Version 0.3 # 2011-04-06 # Added aggressive md5 matches

Version 0.2 # Updated regex Added version detection Added favicon md5 hash Added cookie matches



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/whatweb/plugins/phpmyadmin.rb', line 24

WhatWeb::Plugin.define "phpMyAdmin" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-01
  @version = "0.5"
  @description = "phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web."
  @website = "http://www.phpmyadmin.net/home_page/index.php"

  # Google results as at 2010-10-26 #
  # 3,490 for +intitle:phpMyAdmin +"Language: Afrikaans" +"Welcome to phpMyAdmin"

  # ShodanHQ results as at 2010-10-26 #
  # 1,868 for pma_theme=original

  # Dorks #
  @dorks = [
    'intitle:phpMyAdmin "Language: Afrikaans" "Welcome to phpMyAdmin"',
    'inurl:main.php "Welcome to phpMyAdmin"'
  ]

  # Matches #
  @matches = [

    # GHDB Match
    { certainty: 75, ghdb: 'intitle:phpMyAdmin "Language: Afrikaans" "Welcome to phpMyAdmin"' },

    # Version Detection # Default Title
    { version: /<title>phpMyAdmin ([^\s^<]+)[^<]*<\/title>/ },

    # Version Detection # Default heading HTML
    { version: /<h2>Welcome to  phpMyAdmin ([^<]+)<\/h2>/ },

    # Default Logo HTML
    { text: '<img src="./themes/original/img/logo_right.png" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" /></a>' },

    # Default logo
    { md5: "d037ef2f629a22ddadcf438e6be7a325", url: "favicon.ico" },

    # Login page # Default form HTML
    { regexp: /<form method="post" action="index\.php" target="_(top|parent)"><input type="hidden" name="phpMyAdmin" value="/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Cookies
    m << { name: "phpMyAdmin Cookie" } if target.headers["set-cookie"] =~ /phpMyAdmin=[a-z0-9]+/
    m << { name: "pma_theme Cookie" } if target.headers["set-cookie"] =~ /pma_theme=original/

    # Return passive matches
    m
  end

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [
      { version: '2.10.0', md5: '4c06efa60065abe716e32229fc273c01', path: "README" },
      { version: '2.10.0.1', md5: 'a45ea22038859ea43ca3939e48095994', path: "README" },
      { version: '2.10.0.2', md5: 'fb5ed3d88acf3597286f99852e355d8e', path: "README" },
      { version: '2.10.1',  md5: '7af790f225d73a9ce817cca8e37691b3', path: "README" },
      { version: '2.10.2',  md5: 'edd3f3669d6164e50046eedf3c753279', path: "README" },
      { version: '2.10.3',  md5: '5b1f00a05f693c3e13806afe431d6487', path: "README" },
      { version: '2.11.0',  md5: '55947bd70e5c25272121e390fcf8c897', path: "README" },
      { version: '2.11.1',  md5: '35dd8265cee0571d3b322d1f2e787b75', path: "README" },
      { version: '2.11.1.1', md5: '278d9a6aeb935f770bb89e1dfe412719', path: "README" },
      { version: '2.11.1.2', md5: '0d861d29b2e2048a63ac051f36a3f361', path: "README" },
      { version: '2.11.10', md5: '4d9578575978d5d8ed4a47756c01c3ca', path: "README" },
      { version: '2.11.2',  md5: '18b673f7ef447040b49e16f6b976eec6', path: "README" },
      { version: '2.11.2.1', md5: 'aa29c13828d254bee5e48bba193cbe29', path: "README" },
      { version: '2.11.2.2', md5: 'c0f2ca0bb9bc877a0c58656b1de8e153', path: "README" },
      { version: '2.11.3',  md5: '05c87ad89a504992db504f0bf95bc11f', path: "README" },
      { version: '2.11.4',  md5: 'fa26c5c4b46d9f1b59b0d5ee83815b19', path: "README" },
      { version: '2.11.5',  md5: '16335f02ce528df4b606ac238b024988', path: "README" },
      { version: '2.11.5.1', md5: '4e91eceb7ce42b1642d10d81e93b9230', path: "README" },
      { version: '2.11.5.2', md5: '29f019f69ea21678a5d5f2eb2bd6dfe4', path: "README" },
      { version: '2.11.6',  md5: '02f9f9e2fd8edab7feaae9e571ca593a', path: "README" },
      { version: '2.11.7',  md5: 'c7a5c33922615b9f180967f5c921c3c5', path: "README" },
      { version: '2.11.7.1', md5: 'cdd7ef1b46ab6c078a33eacf158481b0', path: "README" },
      { version: '2.11.8', md5: '2cb1d469710c7f12b948551b6984010b', path: "README" },
      { version: '2.11.8.1', md5: '11e77de74849fd026cd473e9c88ddd94', path: "README" },
      { version: '2.11.9', md5: 'c8b1da9b3680e561e74502df451a35c7', path: "README" },
      { version: '2.11.9.1', md5: '664f52aaf2dd92bf1a5f8f60bbcdd4b7', path: "README" },
      { version: '2.11.9.2', md5: 'bc6f08397c045689b24a1fab8fb9e549', path: "README" },
      { version: '2.11.9.3', md5: '4743249c31f5de1752cbc08b1599c045', path: "README" },
      { version: '2.11.9.4', md5: '254e8e8d4296528a3508a9dd7c5f44b2', path: "README" },
      { version: '2.11.9.5', md5: 'de4786ec584fd2b9eaae86bf6a9e7857', path: "README" },
      { version: '2.11.9.6', md5: '9469b91f4b2bb119bf904a9765510c56', path: "README" },
      { version: '2.11.11.3', md5: '37897ebc2d024c7d113a957a1b5ea782', path: "README" },
      { version: '2.2.0',   md5: '9f1f13d075044b51b247a767b313cb2d', path: "README" },
      { version: '2.2.x',   md5: '229f99fde3366a8f952ef5fc46d027b0', path: "README" },
      { version: '2.2.1 - 2.2.5', md5: '6482a96f3e86cfa7f056b5ade23b8ecb', path: "README" },
      { version: '2.2.6', md5: 'e7006399103e0126a2badc4acf7845cb', path: "README" },
      { version: '2.2.7pl1', md5: '11c7c0a0bdd3a225d60269cf74d2b331', path: "README" },
      { version: '2.3.0', md5: 'c98c4eaf0da9222c2c06d02d585fd023', path: "README" },
      { version: '2.3.1 - 2.5.2', md5: 'f0ad142b2ef7ea53964d05ccdeb52035', path: "README" },
      { version: '2.5.3', md5: '1d90d370466f7a52136adde0c6bfb108', path: "README" },
      { version: '2.5.3-rc3', md5: '29de96781e63cbb4af6951796d12c5bf', path: "README" },

      { version: '2.5.4',   md5: '469c3c2cd68859b62f1653ffffc95cd4', path: "README" },
      { version: '2.5.4',   md5: 'cd5fd08b00f36b08b272131440e326c5', path: "README" },

      { version: '2.5.5-pl1', md5: '3d8de5d32895269e7f04d44016eb2028', path: "README" },
      { version: '2.5.6', md5: 'f168cb1403bbfad7ab2cbbfed747a152', path: "README" },

      { version: '2.5.7-pl1', md5: '07ed831d01abf90cf2211fdb5ad10d60', path: "README" },
      { version: '2.5.7-pl1', md5: '861e09a07e2e1c502362b36589aa5eeb', path: "README" },

      { version: '2.6.0-pl3', md5: 'c4b88ca54187fb1d54dcbefe2f6627de', path: "README" },
      { version: '2.6.1', md5: '4c8aa8016b9e3c73ef792f46053a53cc', path: "README" },

      { version: '2.6.1-pl3', md5: 'b76786f301a739be5495cb8c843ecde7', path: "README" },
      { version: '2.6.1-pl3', md5: 'cb1dd403025b43b603266e048ec6eb20', path: "README" },

      { version: '2.6.2', md5: '9388aa6172a45d99921f75af2555ec4e', path: "README" },

      { version: '2.6.2-pl1', md5: '5d4c438de835d784d4c8280f585434fb', path: "README" },
      { version: '2.6.2-pl1', md5: 'dd4386d57907669bce9d10817104af58', path: "README" },

      { version: '2.6.3-pl1', md5: '0842c25861357b5e535b4ac93a862f09', path: "README" },
      { version: '2.6.3-pl1', md5: '343b4a43789d98472dd388e42b809675', path: "README" },

      { version: '2.6.4-pl1', md5: '8ff307e9122053b8f14650d348c04119', path: "README" },
      { version: '2.6.4-pl4', md5: 'b981f65409134362ce0441c02983a500', path: "README" },
      { version: '2.7.0-pl2', md5: '6f18db3f3e9d4ae425e96c8c58398a42', path: "README" },
      { version: '2.8.0.3', md5: '89a0f6c94833a0c502a83e5a8defcdbd', path: "README" },
      { version: '2.8.0.4', md5: '51eba4598063b26ea2d5ac091d5cc21b', path: "README" },
      { version: '2.8.1',   md5: '9f0fb027d48fdc5c308f504430cd08db', path: "README" },
      { version: '2.8.2.4', md5: 'fd9ebbd6a011f5c068e3fede5bf3e8c0', path: "README" },
      { version: '2.9.0',   md5: 'f006341b331ca5fbc86e05f8054f08cf', path: "README" },
      { version: '2.9.0.1', md5: '065f4a7e6a2cf4937232d9bece285bcf', path: "README" },
      { version: '2.9.0.2', md5: '9961106d6d6b87c95d1ccb7114d69626', path: "README" },
      { version: '2.9.0.3', md5: 'a23133f8890ef36cf177e39096c4defc', path: "README" },
      { version: '2.9.1.1', md5: '17333514823c2fab1587988940fa16fd', path: "README" },
      { version: '2.9.2',   md5: 'c11bdc89e1f8d5f3aa66b3c479b2bd7c', path: "README" },
      { version: '3.0.0',   md5: '14a3933f1f0f6dea11c4471f616039c5', path: "README" },
      { version: '3.0.1',   md5: 'b32b9f3e08ff848adcd4c172d35ca1af', path: "README" },
      { version: '3.0.1.1', md5: 'aa7c4a696752d466f64fde54686c0569', path: "README" },
      { version: '3.1.0',   md5: '999b10c93f593d1378af0751759c3670', path: "README" },
      { version: '3.1.1',   md5: '8eec96ced6f4802906611c1c0ed2aa98', path: "README" },
      { version: '3.1.2',   md5: 'c12c9f4087a50a7050fee87be17d11b9', path: "README" },
      { version: '3.1.3',   md5: 'fe9aebf3468d3bfc3a709ba41d6e191a', path: "README" },
      { version: '3.1.3.1', md5: 'a4e63bea00c15b0f294e76f427de0131', path: "README" },
      { version: '3.1.3.2', md5: 'a762a17361517f63e384a8d0d1169362', path: "README" },
      { version: '3.1.4',   md5: 'c0c2091119b7ba461c115230d08eb883', path: "README" },
      { version: '3.1.5',   md5: '2ba54b620a956ad7c3fd84246b6dbb58', path: "README" },
      { version: '3.2.0',   md5: 'e1f67893278797cb1f5b0406d31ca8fc', path: "README" },
      { version: '3.2.0-beta1', md5: '8943be66720f7a1b0aff984385e27942', path: "README" },
      { version: '3.2.0-rc1', md5: '0d8f87ce919fadc5ca61104017eecd42', path: "README" },
      { version: '3.2.0.1', md5: '9b72351e14fba81418e91daccdfe6c00', path: "README" },
      { version: '3.2.1',   md5: '0c4a45f27334416679ca94a2ec31b6f4', path: "README" },
      { version: '3.2.2',   md5: 'e79743b0ce7e3d729e8a6216ea082a4c', path: "README" },
      { version: '3.2.2.1', md5: 'eddb65b391a790007cbfb6403a9d3c59', path: "README" },
      { version: '3.2.3',   md5: '03b2591998bfe265766c8744796a2d2d', path: "README" },
      { version: '3.2.4',   md5: 'fdff087103e3cd763446bc7336decbaf', path: "README" },
      { version: '3.3.4-rc1', md5: 'ce8bee6859e51915a83c27183cf6c1ea', path: "README" },
      { version: '3.3.7', md5: '71168994d7bce6ce5351c5bd51f885d4', path: "README" },
      { version: '3.3.9', md5: 'd28393c2956e278570e6876fad3fce2e', path: "README" },
      { version: '3.3.9.2', md5: '6fa959ab76b2eebedc21c1f5056415a4', path: "README" },
      { version: '3.3.10', md5: 'faced5f008177dacea61ed953ec799e2', path: "README" },
      { version: '3.3.11-dev', md5: '3493c96f533215e62409dd8ab07126b8', path: "README" },
      { version: '3.4.0-beta4', md5: '1ee74431ac623654fd9a3dc2a3717c45', path: "README" },

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    unless version.nil?
      m << { name: "md5 sums of files", version: version }
    end

    # Extract version from Documentation.html (README is not present in debian package)
    url = URI.join(target.uri.to_s, "Documentation.html").to_s
    new_target = WhatWeb::Target.new(url)

    if /<title>phpMyAdmin ([^\s^<]+)[^<]*<\/title>/.match?(new_target.body)
      version = new_target.body.scan(/<title>phpMyAdmin ([^\s^<]+)[^<]*<\/title>/)[0].to_s
      m << { name: "Documentation version", version: version }
    end

    # Return aggressive matches
    m
  end
end

#phpMyBackupProObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/phpmybackuppro.rb', line 9

WhatWeb::Plugin.define "phpMyBackupPro" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-30
  @version = "0.1"
  @description = "phpMyBackup Pro is a very easy to use, free, web-based MySQL backup application, licensed under the GNU GPL."
  @website = "http://www.phpmybackuppro.net/"

  # Matches #
  @matches = [

    # WWW-Authenticate # Realm
    { search: "headers[www-authenticate]", regexp: /[bB]asic realm="phpMyBackupPro"/ },

    # Login message
    { text: 'Please login (use your MySQL username and password): <a href="index.php?login=TRUE">Login</a>' },

  ]
end

#phpMyBibleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/phpmybible.rb', line 9

WhatWeb::Plugin.define "phpMyBible" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-24
  @version = "0.1"
  @description = "phpMyBible is an online collaborative project to make an e-book of the Holy Bible."
  @website = "http://sourceforge.net/projects/phpmybible/"

  # Google results as at 2012-04-24 #
  # 8 for inurl:"index.php?book=" inurl:"version=" inurl:"chapter="

  # Dorks #
  @dorks = [
    'inurl:"index.php?book=" inurl:"version=" inurl:"chapter="'
  ]

  # Matches #
  @matches = [

    # div class='randomverse'
    { text: "<div class='randomverse'>" },

    # div class='fleft' and div class='chaphead'
    { text: "<div class='fleft'><div class='chaphead'>" },

  ]
end

#phpMyFAQObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/phpmyfaq.rb', line 9

WhatWeb::Plugin.define "phpMyFAQ" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-12
  @version = "0.1"
  @description = "phpMyFAQ - The FAQ system"
  @website = "http://faq.phpmyfaq.de/"

  # 308 results for intitle:"powered by phpMyFAQ" @ 2010-10-12

  # Dorks #
  @dorks = [
    'intitle:"powered by phpMyFAQ"'
  ]

  @matches = [

    # Version detection # Default title
    { version: /<meta name="generator" content="phpMyFAQ ([\d\.]+)" \/>/ },

    # Version detection # Powered by text
    { version: /<p id="copyrightnote">powered by <a href="http:\/\/www.phpmyfaq.de[\/]*" target="_blank">phpMyFAQ<\/a> ([\d\.]+)/ },

    # Default logo
    { md5: "8390bf2d1fe24799bbd381d1b7d6d00b",  url: "template/favicon.ico" },
    { md5: "8390bf2d1fe24799bbd381d1b7d6d00b",  url: "template/default/favicon.ico" },

  ]
end

#phpMyRealtyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/phpmyrealty.rb', line 9

WhatWeb::Plugin.define "phpMyRealty" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-19
  @version = "0.1"
  @description = "phpMyRealty - customizable real estate web application - Requires: PHP"
  @website = "http://www.phpmyrealty.com/"

  # Google results as at 2011-08-19 #
  # 374 for intext:Sort By: Submission Date | Bedrooms | Bathrooms |  Price (ASC) | Price (DESC)
  # 241 for "Powered by phpMyRealty Professional"

  # Dorks #
  @dorks = [
    '"Powered by phpMyRealty Professional"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- Main Content table : stop -->' },

    # Powered by text
    { text: 'Powered by <a href="http://www.phpmyrealty.com" target="_blank" style="font-size: 12px; font-family: arial">phpMyRealty Professional</a>' },

    # Admin page
    { text: '<span class="table_header_text"> &nbsp;Administrator Control Panel</span>' },

  ]
end

#phpMySportObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/phpmysport.rb', line 9

WhatWeb::Plugin.define "phpMySport" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-01
  @version = "0.1"
  @description = "PhpMySport is an open source software designed for all sport clubs and leagues which want to easily create and manage their website."
  @website = "phpmysport.sourceforge.net"

  # Google results as at 2011-02-01 #
  # 9 for intext:"Powered by phpMySport" -intext

  # Dorks #
  @dorks = [
    'intext:"Powered by phpMySport" -intext'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by phpMySport <a href="http://phpmysport.sourceforge.net" title="phpMySport">' },

    # Powered by logo HTML
    { text: '<a href="http://phpmysport.sourceforge.net" title="phpMySport">', certainty: 25 },

    # Powered by footer
    { text: '<div id="footer">R&eacute;alisation phpMySport' },

    # Default logo HTML
    { text: '/tpl_image/by_phpmysport.gif" border="0"' },

  ]
end

#phpMyTourneyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter and description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/phpmytourney.rb', line 12

WhatWeb::Plugin.define "phpMyTourney" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-04
  @version = "0.2"
  @description = "phpMyTourney is a PHP and MySQL script provide tournament hosting. Websites used to be http://phpmytourney.sourceforge.net/ and http://phpmytourney.servegame.com/"
  @website = "https://sourceforge.net/projects/phpmytourney/"
  # 23 results for "Powered by phpmytourney" +Version @ 2010-08-29

  # Dorks #
  @dorks = [
    '"Powered by phpmytourney" "Version"'
  ]

  @matches = [

    # Powered by text
    { text: "Powered by <a href=\"http://phpmytourney.sourceforge.net/\"><font face='Arial' size='1'>phpMyTourney</font> </a>" },

    # Error page
    { text: 'ERROR : page not properly called' },

  ]

  # Version detection using powered by text
  def passive(target)
    m = []

    if /Powered by <a href="http:\/\/phpmytourney.sourceforge.net\/"[^>]+>phpMyTourney<\/a>./.match?(target.body)
      if /Version ([\d\.a-z]+)/.match?(target.body)
        version = target.body.scan(/Version ([\d\.a-z]+)/)[0][0]
        m << { version: version }
      end
    end

    if /Powered by <a href="[http:\/\/]*phpmytourney.sourceforge.net\/"><font color="#999933">phpMyTourney<\/font><\/a>.Version [\d\.a-z]+/.match?(target.body)
      version = target.body.scan(/Powered by <a href="[http:\/\/]*phpmytourney.sourceforge.net\/"><font color="#999933">phpMyTourney<\/font><\/a>.Version ([\d\.a-z]+)/)[0][0]
      m << { version: version }
    end

    m
  end
end

#PHPNukeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2011-03-06 # Brendan Coles <[email protected]> Updated module detection

Version 0.3 uses :module

Version 0.2 remove :certainty



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/php-nuke.rb', line 18

WhatWeb::Plugin.define "PHPNuke" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "PHP-Nuke is a free CMS"
  @website = "phpnuke.org. The plugin passively recognises modules. An obvious improvement would be to aggresively discover modules and discover the phpnuke version"

  # Google results as at 2011-03-06 #
  # 497 for allinurl:"modules.php?name=Your_Account"
  # 305 for "powered by phpnuke"
  #  88 for allinurl:phpnuke/modules.php?name=Search

  # Matches #
  @matches = [

    { name: "meta generator tag with PHP-Nuke",
      regexp: /<meta name="generator" content="[^"]+(PHP-Nuke|http:\/\/phpnuke.org)/i },

    { certainty: 75,
      text: "<a href=\"modules.php?name=Your_Account\">" },

    # this also appears in DotNetNuke
    { certainty: 25,
      text: "<META NAME=\"RATING\" CONTENT=\"GENERAL\">" },

    { certainty: 75,
      text: "<a href=\"http://phpnuke.org/files/gpl.txt\">" },

    { name: "Feedback link",
      certainty: 75,
      text: "<a href=\"modules.php?name=Feedback\">Feedback</a>" },

    { name: "modules.php?name links",
      certainty: 25,
      regexp: /<a href="[^"]*modules.php\?name=[a-zA-Z0-9_]+[^"]*">/ },

    { name: "engine code is copyright of PHP-Nuke",
      text: "<a href='http://www.phpnuke.org'><img src='images/powered/phpnuke.gif' title=\"The engine code is copyright of PHP-Nuke.\" border='0'></a>" },

    # Module Detection
    { certainty: 75, module: /<a href="[^"]*modules.php\?name=([a-zA-Z0-9_]+)[^"]*">/ },

  ]
end

#PHPOpenChatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/phpopenchat.rb', line 9

WhatWeb::Plugin.define "PHPOpenChat" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-23
  @version = "0.1"
  @description = "PHPOpenChat is a high performance php-based chat server software for a live chat-room"
  @website = "http://www.phpopenchat.org/"

  # Google results as at 2011-08-23 #
  # 13 for intitle:"PHPOpenChat Installation" inurl:"admin/install.php"
  # 10 for "You don't read the INSTALL instructions!" "Use the PHPOpenChat-Installer to install and configure your chat." inurl:html

  # Dorks #
  @dorks = [
    'intitle:"PHPOpenChat Installation" inurl:"admin/install.php"'
  ]

  # Matches #
  @matches = [

    # ./html/
    { regexp: /<html><body bgcolor="white">[\s]+You don't read the INSTALL instructions!<br>[\s]+Use the <a href="admin\/install\.php">PHPOpenChat-Installer<\/a>[\s]+to install and configure your chat\.[\s]+<\/body><\/html>/ },

    # ./html/admin/install.php
    { regexp: /<html>[\s]+<head>[\s]+<title>PHPOpenChat Installation<\/title>[\s]+<\/head>[\s]+<body>[\s]+<h2>PHPOpenChat Installer<\/h2>[\s]+Step: [\s]+&nbsp;<b><font color="red">1<\/font><\/b>&nbsp;&nbsp;<b>2<\/b>&nbsp;&nbsp;<b>3<\/b>&nbsp;&nbsp;<b>4<\/b>&nbsp;&nbsp;<b>5<\/b>&nbsp;[\s]+<table border=1>[\s]+<form action="install\.php" method="post">/ },

  ]
end

#PHPortfolioObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/phportfolio.rb', line 9

WhatWeb::Plugin.define "PHPortfolio" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-23
  @version = "0.1"
  @description = "PHPortfolio is a simple system for photographers to publish a portfolio. Requirements: Unix/Linux, Apache 1.3.x, PHP 4.2+ with GD 2 libraries, and MySQL 3.23+. PHP will need to have short_tags enabled (it usually is)."
  @website = "http://www.outshine.com/software/phportfolio/index.php"

  # Google results as at 2011-05-23 #
  # 63 for "Powered by PHPortfolio" -Dork -D0rk
  # 36 for "Powered by PHPortfolio" inurl:photo.php

  # Dorks #
  @dorks = [
    '"Powered by PHPortfolio" inurl:photo.php'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /style="color:gray;font-size:smaller">Powered by <a href="http:\/\/www\.outshine\.com\/phportfolio\/"[^>]*>PHPortfolio<\/a>\./ },

  ]
end

#phpPgAdminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/phppgadmin.rb', line 9

WhatWeb::Plugin.define "phpPgAdmin" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-14
  @version = "0.1"
  @description = "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services"
  @website = "http://phppgadmin.sourceforge.net/"
  # Source: https://github.com/xzilla/phppgadmin

  # Dorks #
  @dorks = [
    'inurl:"phppgadmin/intro.php"'
  ]

  # Matches #
  @matches = [

    { name: "PPA_ID Cookie", search: "headers[set-cookie]", regexp: /^PPA_ID=[a-z0-9]+/ },

    # intro.php
    { text: '<td><span class="appname">phpPgAdmin</span></td>' },
    { version: %r{<span class="appname">phpPgAdmin</span> <span class="version">([\d\.]+)</span>} },

  ]
end

#phpQuestionnaireObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-21 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/phpquestionnaire.rb', line 12

WhatWeb::Plugin.define "phpQuestionnaire" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.2"
  @description = "phpQuestionnaire"
  @website = "http://www.chumpsoft.com/products/phpq/"

  # Google results as at 2010-08-21 #
  # 56 for "powered by phpQuestionnaire"

  # Dorks #
  @dorks = [
    '"powered by phpQuestionnaire"'
  ]

  # Matches #
  @matches = [

    # Survey list page
    { text: '<tr><td></td><td colspan="2"><h2>Survey List</h2></td></tr>' },
    { text: '	<tr><td colspan="2"><hr size="1" noshade /></td></tr><tr><td colspan="2">Currently no available surveys.</td></tr>	</table>' },

    # CSS
    { text: '   TEXTAREA      { font-family: verdana,arial,helvetica; font-size: 12px; width: 400px; height: 60px; }' },
    { text: '   TEXTAREA      { font-family: verdana,arial,helvetica; font-size: 10px; width: 400px; height: 60px; }' },

    # powered by text
    { text: '			<td align="right">powered by <a href="http://www.chumpsoft.com">phpQuestionnaire</a></td>' },
    { text: '			<td align="right">powered by phpQuestionnaire</td>' },

    # default logo
    { md5: 'feae34c62729c85af0b4114bd02d634a', url: 'templates/default/images/logo.gif' },

    # Version Detection # default link HTML
    { version: /      <TD ALIGN=right><NOBR><B><A HREF="http:\/\/www.chumpsoft.com\/products\/phpq\/" class=link>phpQuestionnaire<\/A> ([\d\.]+) &copy [0-9]{4}-[0-9]{4}/ },

  ]
end

#phpRaidObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-21 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/phpraid.rb', line 12

WhatWeb::Plugin.define "phpRaid" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-16
  @version = "0.2"
  @description = "phpRaid is a raid management tool for World of Warcraft - a MMORPG developed by Blizzard."
  @website = "http://www.spiffyjr.com/"

  # Google results as at 2010-06-16 #
  # 32,800 for "Raid Management Provided by phpRaid"

  # Matches #
  @matches = [

    # Provided by text
    { certainty: 75, text: 'Raid Management Provided by phpRaid' },

    # Version Detection # provided by text
    { version: /Raid Management Provided by <a href="http:\/\/www.spiffyjr.com\/">phpRaid<\/a> v([\d\.]+)/ },

  ]
end

#phpRechnungObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/phprechnung.rb', line 9

WhatWeb::Plugin.define "phpRechnung" do
  @author = "Brendan Coles <[email protected]>" # 2010-12-28
  @version = "0.1"
  @description = "phpRechnung is easy-to-use Web-based multilingual accounting software"
  @website = "http://www.loenshotel.de/phpRechnung/"

  # 4 results for phpRechnung "Edy Corak . All rights reserved." @ 2010-12-28

  # Dorks #
  @dorks = [
    'phpRechnung "Edy Corak . All rights reserved."'
  ]

  @matches = [

    # Powered by link
    { text: "<a class='slink' title='phpInvoice Home' href='http://www.ecorak.de/phpRechnung/' target='_blank'>" },

    # Version detection # Title
    { version: /<title>phpRechnung ([^-]+) - Login<\/title>/ },
    { version: /<title>phpInvoice ([^-]+) - Login<\/title>/ },

  ]
end

#phpRemoteViewObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpremoteview.rb', line 9

WhatWeb::Plugin.define "phpRemoteView" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-24
  @version = "0.1"
  @description = "phpRemoteView - web backdoor - allows users to browse the filesystem, edit files on the server, execute PHP code, or Shell commands, etc. Works on Windows and Unix servers"
  @website = "http://php.spb.ru/remview/"

  # Google results as at 2011-05-24 #
  # 72 for intitle:"phpRemoteView: " +perms

  # Dorks #
  @dorks = [
    'intitle:"phpRemoteView: " "perms"'
  ]

  # Matches #
  @matches = [

    # Filepath Detection
    { certainty: 75, filepath: /<title>phpRemoteView: ([^<]+)<\/title>/ },

    # Version Detection
    { version: /<font size=1 style='Font: 8pt Verdana'>phpRemoteView &copy; Dmitry Borodin \(version ([\d]{4}-[\d]{2}-[\d]{2})\)<br>/ },

    # Index of HTML
    { certainty: 75, text: "'><font face=fixedsys size=+2>*</font></a><font size=5><b>Index of</b></font>" },

  ]
end

#phpScheduleItObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/phpscheduleit.rb', line 12

WhatWeb::Plugin.define "phpScheduleIt" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-01
  @version = "0.2"
  @description = "A web-based resource scheduling system that allows administered management of reservations on any number of resources. Typical applications are conference room or machine reservation management. Written in PHP and tested on MySQL. "
  @website = "http://phpscheduleit.sourceforge.net"
  # Default login: admin/admin

  # Google results as at 2010-08-01 #
  # 9 for "powered by phpScheduleIt"

  # Dorks #
  @dorks = [
    '"powered by phpScheduleIt"'
  ]

  # Matches #
  @matches = [

    # Default Logo
    { text: '<div align="left"><img src="img/phpScheduleIt.png" alt="logo" vspace="5"/></div>' },

    # Powered by text
    { text: '<p align="center">Powered by <a href="http://phpscheduleit.sourceforge.net">phpScheduleIt</a></p>' },
    { text: '<p align="right"><a href="http://phpscheduleit.sourceforge.net">Powered By phpScheduleIt' },
    { text: '<br>Powered By: phpScheduleIt</p>', certainty: 75 },

    # Version Detection # Powered by text
    { version: /<p align="center">[<!\-]*<a href="http:\/\/phpscheduleit.sourceforge.net">[\->]*Powered By phpScheduleIt v([\d\.]+)[<!\-]*<\/a>[\->]*<\/p>/ },

    { version: /<p align="center"><a href="http:\/\/phpscheduleit.sourceforge.net">phpScheduleIt v([\d\.]+)<\/a><\/p>/ },

    { version: /<p align="center">Powered by <a href="http:\/\/phpscheduleit.sourceforge.net">phpScheduleIt v([\d\.]+)<\/a><\/p>/ },

    { version: /[P|p]?owered by <a href="http:\/\/phpscheduleit.sourceforge.net"[^>]*>phpScheduleIt v([\d\.]+)<\/a>/ },

  ]
end

#PHPShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phpshop.rb', line 9

WhatWeb::Plugin.define "PHPShop" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-26
  @version = "0.1"
  @description = "PHPShop - A shopping cart application. Documentation, download, demo, and forums are provided. (PHP,MySQL)"
  @website = "http://code.google.com/p/phpshop/"

  # Google results as at 2011-02-26 #
  # 243 for "powered by PHPShop"

  # Dorks #
  @dorks = [
    '"powered by PHPShop"'
  ]

  # Matches #
  @matches = [

    # GHDB Match
    { certainty: 25, regexp: /Powered by phpShop/i },

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/www.phpshop.org"[^>]*>phpShop<\/a>/i },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.phpshop.org"[^>]*>phpShop<\/a>[\r\n\s]+([\d\.]+) / },

  ]
end

#phpSysInfoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2016-04-17 # Andrew Horton Added website parameter

Version 0.3 # 2011-02-25 # Updated OS detection

Version 0.2 # Updated version detection. Added OS extraction.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/whatweb/plugins/phpsysinfo.rb', line 18

WhatWeb::Plugin.define "phpSysInfo" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-12
  @version = "0.4"
  @description = "PHPSysInfo is a customizable PHP Script that parses /proc, and formats information nicely. It will display information about system facts like Uptime, CPU, Memory, PCI devices, SCSI devices, IDE devices, Network adapters, Disk usage, and more."
  @website = "http://phpsysinfo.sourceforge.net/"

  # Google results as at 2010-06-09 #
  # 16,400 for "Created by phpSysInfo"

  # Matches #
  @matches = [

    # GHDB Match
    { ghdb: '"Created by phpSysInfo"', certainty: 25 },

    # Redirect page # Default JavaScript
    { text: 'var sTargetURL = "index.php?disp=dynamic";' },

    # Version detection # Redirect page # Generated by text
    { version: /Generated by[\s&nbsp;]*<a href="http:\/\/phpsysinfo.sourceforge.net[^>]*>[\s&nbsp;]*phpSysInfo[\s&nbsp;]*-[\s&nbsp;]*([^<]+)<\/a>/ },

    # Version detection # Redirect page # Created by text
    { version: /Created by[\s&nbsp;]*<a href="http:\/\/phpsysinfo.sourceforge.net[^>]*>[\s&nbsp;]*phpSysInfo[\s&nbsp;]*-[\s&nbsp;]*([^<]+)<\/a>/ },

    # Version detection # index.php?disp=static # Created by text
    { version: /<span>Created by <\/span><a href="http:\/\/phpsysinfo.sourceforge.net\/"><span>phpSysInfo - <\/span><span>([^<]+)<\/span>/ },

    # Operating System Kernel Version Detection # phpSysInfo 3.x # index.php?disp=static
    { os: /<td style="width:160px; "><span>Kernel Version<\/span><\/td><td>([^<]+)<\/td><\/tr>/ },

    # Operating System Detection # index.php?disp=static
    { os: /<td valign="top"><font size="-1">Distro Name<\/font><\/td>[\r\n\s]*<td><img[^>]+>[\s&nbsp;]*<font size="-1">([^<]+)<\/font><\/td>/ },

    # Operating System Kernel Version Detection # index.php?disp=static
    { os: /<td valign="top"><font size="-1">Kernel Version<\/font><\/td>[\r\n\s]*<td><font size="-1">([^<]+)<\/font><\/td>/ },

  ]
end

#phpVIDObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/phpvid.rb', line 9

WhatWeb::Plugin.define "phpVID" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-04
  @version = "0.1"
  @description = "phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com."
  @website = "http://www.vastal.com/phpvid-the-video-sharing-software.html"

  # No results for "Powered By phpVID" @ 2010-09-04

  # Dorks #
  @dorks = [
    '"Powered By phpVID"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: "<div align=\"center\" class='powered_by_a'>Powered By <a href='http://www.vastal.com/' target='_blank' class='powered_by_a'>" },

  ]
end

#phpVMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/phpvms.rb', line 9

WhatWeb::Plugin.define "phpVMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "phpVMS is apparently the most popular, free, virtual airline software, with support for various ACARS applications (kACARS, FSACARS, XAcars, FS Flight Keeper, and FSPassengers)"
  @website = "http://www.phpvms.net/"

  # Google results as at 2011-08-25 #
  # 235 for "powered by phpVMS" inurl:"index.php/registration"
  #   5 for intitle:"phpVMS Installer" "Welcome to the phpVMS installer"

  # Dorks #
  @dorks = [
    '"powered by phpVMS" inurl:"index.php/registration"'
  ]

  # Matches #
  @matches = [

    # div class="jqmWindow" id="jqmdialog"
    { certainty: 75, text: '<div class="jqmWindow" id="jqmdialog"></div>' },

    # Version Detection # Install Page # ./install/install.php
    { version: /<a href="http:\/\/www\.phpvms\.net\/docs\/license">License & About<\/a> \|[\s]+Version ([^\s]+)[\s]+<\/div>/ },

    # HTML Comment
    { regexp: /<!-- Please retain this!! It's part of the phpVMS license\. You must display a[\s]+"powered by phpVMS" somewhere on your page\. Thanks! -->/ },

    # Powered by link
    { text: '<a href="http://www.phpvms.net" target="_blank">powered by phpVMS</a>' },

  ]
end

#phpwcmsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/phpwcms.rb', line 9

WhatWeb::Plugin.define "phpwcms" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-03
  @version = "0.1"
  @description = " is a robust and simple but yet powerful web based content management system running under PHP and MySQL."
  @website = "http://www.phpwcms.de/"

  # 244 results for "template powered by phpWCMS-templates.de" @ 2010-09-03

  @matches = [

    # HTML comment
    { text: '	phpwcms is copyright 2003-2010 of Oliver Georgi. Extensions are copyright of' },
    { text: '	created by Oliver Georgi (oliver at phpwcms dot de) and licensed under GNU/GPL.' },

  ]

  # Version detection using html comment
  def passive(target)
    m = []

    if /phpwcms \| open source web content management system/.match?(target.body)
      if /Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/.match?(target.body)
        version = target.body.scan(/Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/)[0][0]
        m << { version: version }
      end
    end
    m
  end
end

#PHPWindObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/phpwind.rb', line 9

WhatWeb::Plugin.define "PHPWind" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-18
  @version = "0.1"
  @description = "BBS [Chinese]"
  @website = "http://www.phpwind.net/"

  # Google results as at 2011-03-18 #
  # 602 for "Powered by PHPWind"

  # Dorks #
  @dorks = [
    '"Powered by PHPWind"'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 25, regexp: /<title>[^<]+ - (powered by phpwind.net|Powered by PHPWind)<\/title>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="PHPWind [v]?([^"^\(]+)(\([\d]+\))?" \/>/i },

    # Powered by text
    { text: 'Powered by <a href="http://www.phpwind.net/" target="_blank"><b>PHPWind</b></a>' },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/www.phpwind.net\/" target="_blank"><b>PHPWind<\/b><\/a>[\s]*<a href="http:\/\/www.phpwind.net\/" target="_blank"><b style="color:#FF9900">v([\d\.]+)<\/b><\/a>/ },

  ]
end

#phxEventManagerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/phxeventmanager.rb', line 9

WhatWeb::Plugin.define "phxEventManager" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-03
  @version = "0.1"
  @description = "phxEventManager is an event resource calendar system designed to manage all aspects of an occasion."
  @website = "http://phxeventmanager.com/"

  # Google results as at 2012-03-03 #
  # 114 for intext:"Powered by phxEventManager" -intext

  # Dorks #
  @dorks = [
    'intext:"Powered by phxEventManager" -intext'
  ]

  # Matches #
  @matches = [

    # div class="minicalmonth"
    { text: '<td><div class="minicalmonth"><a href="/?y=' },

    # JavaScript
    { certainty: 75, text: '<script type="text/javascript" src="pem-includes/xajax/xajax_js/xajax_core.js"></script>' },

    # Footer # Version Detection
    { version: /<div id="footer">\s+Copyright &copy; 20[\d]{2}[^\n]+\s+Powered by phxEventManager ([^<]+)<br \/>/ },

  ]
end

#Pi3WebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/pi3web.rb', line 12

WhatWeb::Plugin.define "Pi3Web" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment."
  @website = "http://pi3web.sourceforge.net/pi3web/"

  # ShodanHQ results as at 2011-06-02 #
  # 74 for Pi3Web

  @matches = [
    # HTTP Server Header
    { regexp: /^Pi3Web/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Pi3Web\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#PieCrustObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/piecrust.rb', line 9

WhatWeb::Plugin.define "PieCrust" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-12
  @version = "0.1"
  @description = "PieCrust is a static website generator and lightweight CMS that's all managed with text files."
  @website = "http://bolt80.com/piecrust/"

  # Dorks #
  @dorks = [
    '"Baked with PieCrust"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="PieCrust" />' },

    # Meta Generator # Version Detection
    { version: /<meta name="generator" content="PieCrust ([^\s^"]+)" \/>/ },

    # Footer # Version Detection
    { version: /Baked with <em><a href="http:\/\/bolt80\.com\/piecrust\/">PieCrust<\/a> ([^\s^<]+)<\/em>\.<\/p>/ },

  ]
end

#PithCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/pithcms.rb', line 9

WhatWeb::Plugin.define "PithCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "PithCMS - requirements: Linux, PHP 4.4.4-8"
  @website = "http://pithcms.altervista.org/index.php?pagina=data/info.php"

  # 23 results for "powered by pithcms" @ 2010-10-14

  # Dorks #
  @dorks = [
    '"powered by pithcms"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<p class="admin">Powered by <a href="http://pithcms.altervista.org/index.php?pagina=data/info.php">PithCMS</a>' },

    # Admin page # Default logo and welcome text
    { text: '/icons/admin48.png"><br />Welcome Admin.<br /><br />', path: 'login.asp' },

  ]
end

#PivotObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/pivot.rb', line 9

WhatWeb::Plugin.define "Pivot" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-18
  @version = "0.1"
  @description = "Pivot is a web-based tool to help you maintain dynamic sites, like weblogs or online journals."
  @website = "http://www.pivotlog.net/"

  # 26 for "Set up the Administrator User" +Username +"Password (confirm)" +confirm +Email +Nickname

  # Dorks #
  @dorks = [
    '"Set up the Administrator User" "Username" "Password (confirm)" "confirm" "Email" "Nickname"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { certainty: 25, text: "<!-- Includes for Thickbox script -->" },

    # Default Title
    { text: '<title>Pivot &#187; setup</title>' },

    # Pivot Powered default input value
    { text: '<td width=\'75%\'><input type="text" name="sitename" value="Pivot Powered" size="40" class="input" /></td>' },

    # Version Detection
    { version: /<a href="http:\/\/www\.pivotlog\.net\/\?ver=Pivot[^"]+" target="_blank" title="Pivot - ([^:]+): '[^']+'"><img[^>]+alt="Pivot - [^"]+" \/><\/a>/ },

  ]
end

#PivotXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/pivotx.rb', line 9

WhatWeb::Plugin.define "PivotX" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-18
  @version = "0.1"
  @description = "PivotX - blog software"
  @website = "http://pivotx.net/"

  # Google results as at 2012-05-18 #
  # 131 for inurl:"pivotx/ajaxhelper.php"

  # Dorks #
  @dorks = [
    'inurl:"pivotx/ajaxhelper.php"'
  ]

  # Matches #
  @matches = [

    # Login Page # HTML Comment
    { text: '<!-- PivotX -->' },

    # Login Page # JavaScript
    { text: '<script src="includes/js/pivotx.js" type="text/javascript"></script>' },

    # Login Page # Logo HTML
    { text: '<img src="templates_internal/assets/pivotx.png" alt="PivotX" /></a>' },

    # Login Page # Footer # Version Detection
    { version: /<em>PivotX - ([^<]+)<\/em> &nbsp; - &nbsp; &copy; 20[\d]{2}/ },

    # Meta Generator
    { text: '<meta name="generator" content="PivotX" />' },

    # Meta Generator + HTML Comment # Version Detection
    { version: /<meta name="generator" content="PivotX" \/><!-- version: PivotX - ([^\s]+) -->/ },

  ]
end

#PiwigoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/piwigo.rb', line 9

WhatWeb::Plugin.define "Piwigo" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-12
  @version = "0.1"
  @description = "Piwigo is a photo gallery software for the web, built by an active community of users and developers."
  @website = "http://piwigo.org/"

  # Google results as at 2010-09-12 #
  # 271 results for "powered by piwigo"

  # Dorks #
  @dorks = [
    '"powered by piwigo"'
  ]

  # Matches #
  @matches = [

    # Meta generator
    { text: '<meta name="generator" content="Piwigo (aka PWG), see piwigo.org">' },
    { text: '<meta name="generator" content="Piwigo, piwigo.org">' },

    # div id="copyright" # a name="EoP" # HTML Comment
    { regexp: /<div id="copyright">\s+<a name="EoP"><\/a>\s+<!-- End of Page -->/ },

    # Powered by
    { regexp: /Powered by\s+<a href="http:\/\/piwigo\.org" class="Piwigo">/ },

  ]
end

#PiwikObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/piwik.rb', line 12

WhatWeb::Plugin.define "Piwik" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-06
  @version = "0.2"
  @description = "Piwik is a downloadable, open source (GPL licensed) real time web analytics software program."
  @website = "http://piwik.org/"

  # Google results as at 2010-06-06 #
  # 250,000 for +intitle:Piwik "JavaScript must be enabled in order for you to use Piwik in standard view"

  # Dorks #
  @dorks = [
    'intitle:Piwik "JavaScript must be enabled in order for you to use Piwik in standard view"'
  ]

  # Matches #
  @matches = [

    # GHDB Match
    { certainty: 75, ghdb: '+intitle:Piwik "JavaScript must be enabled in order for you to use Piwik in standard view"' },

    # Default title
    { text: '<title>Piwik &rsaquo; Web Analytics Reports</title>' },

    # Default loading image
    { text: '<img src="themes/default/images/loading-blue.gif" alt="" /> Loading data' },

    # Version Detection # Meta Generator
    { version: /<meta name=\"generator\"[^>]*content=\"Piwik ([0-9\.]+)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # PIWIK_SESSID Cookie
    m << { name: "PIWIK_SESSID Cookie" } if target.headers["set-cookie"] =~ /PIWIK_SESSID/

    # Return passive matches
    m
  end
end

#PixelpostObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/pixelpost.rb', line 9

WhatWeb::Plugin.define "Pixelpost" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Requirements: PHP 4.3 or greater (w/ GD-lib) and MySQL 3.23.58 or greater"
  @website = "http://www.pixelpost.org/"

  # 382 results for "powered by pixelpost" @ 2010-09-18

  # Dorks #
  @dorks = [
    '"powered by pixelpost"'
  ]

  @matches = [

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/www.pixelpost.org[\/]*"[\ title="Powered by Pixelpost"]*>Pixelpost<\/a>/i },
    { text: 'Powered by <a onclick="window.open(this.href); return false;" href="http://pixelpost.org/" title="Pixelpost">Pixelpost</a>' },

  ]
end

#PixieObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/pixie.rb', line 12

WhatWeb::Plugin.define "Pixie" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-18
  @version = "0.2"
  @description = "pixie is a free, open source web application that will help you quickly create your own website"
  @website = "http://www.getpixie.co.uk/"

  # Google results as at 2010-07-18 #
  # 5 for +"powered by pixie" -"Powered by Pixie Dust" +theme

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /href="http:\/\/www.getpixie.co.uk" title="Get Pixie">(Pixie Powered|Powered by Pixie|Pixie)<\/a>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="Pixie ([\d\.]+) - Copyright \(C\) [\d]{4} - [\d]{4}\." \/>/ },

  ]
end

#PJIRCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/pjirc.rb', line 9

WhatWeb::Plugin.define "PJIRC" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-28
  @version = "0.1"
  @description = "PJIRC is the best free java irc client available. It can be run as an applet or stand alone and it is fully opensource."
  @website = "http://www.pjirc.it/"

  # Google results as at 2011-02-28 #
  # 25 for "Chat Room" "Applet Style" "Nickname" ext:php

  # Dorks #
  @dorks = [
    '"Chat Room" "Applet Style" "Nickname" ext:php'
  ]

  # Matches #
  @matches = [

    # Default body tag
    { text: '<body onload="document.login.nick.focus();" style="margin: 5px;">' },

    # Default JavaScript
    { text: '					document.writeln(\'<input name="jsenabled" type="hidden" value="1" \/>\');' },

    # Default form tag
    { regexp: /				<form name="login" action="[^"]*index\.php" method="post" onsubmit="return CheckForm\('[^']*index\.php\?page=advanced'\)">/ },

    # Version Detection # Login Page
    { version: /	<td align="left">PJIRC Login Page Version ([\d\.]{1,5})<\/td>/ },

  ]
end

#PlandoraObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/plandora.rb', line 9

WhatWeb::Plugin.define "Plandora" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-04
  @version = "0.1"
  @description = "Web-based project management suite including time track, dashboard gadgets, requests, BSC (KPI), knowledge base, risks, agile board, resource capacity, surveys, SVN integration and gantt chart."
  @website = "http://www.plandora.org/"

  # 2 for "Plandora Project" +User +Password +Login inurl:pandora/do

  # Dorks #
  @dorks = [
    '"Plandora Project" "User" "Password" "Login" inurl:"pandora/do"'
  ]

  # Matches #
  @matches = [

    # area tag
    { text: '<area shape="rect" coords="180,1,215,30" href="javascript:void(0);" onClick="closeFloatPanel();" />' },

  ]

  # Passive #
  def passive(target)
    m = []

    # td background
    if /<td background="\.\.\/images\/footer_backg\.png" class="footerNote">/.match?(target.body)

      m << { name: "td background" }

      # Version Detection
      if target.body =~ / 2004-20[\d]{2}&nbsp;v([\d\.]+)/
        m << { version: $1.to_s }
      end

    end

    # Return passive matches
    m
  end
end

#playSMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/playsms.rb', line 9

WhatWeb::Plugin.define "playSMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-10
  @version = "0.1"
  @description = "Free and Open Source SMS Gateway"
  @website = "http://playsms.org/"

  # Dorks #
  @dorks = [
    'intitle:"SMS" "Username" "Password" "Register an account" "Forgot password"'
  ]

  # Matches #
  @matches = [

    # Login page # div id="wraplogin" + table
    { certainty: 25, regexp: /<div id="wraplogin">[\s]+<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">/ },

    # Login page # HTML Comment
    { regexp: /<!--td background="https?:\/\/[^>^"]+\/plugin\/themes\/km2\/images\/header-4\.png"-->/ },

    # Login page # Register link
    { text: "<a href='index.php?app=page&inc=register'>Register an account</a>" },

    # Login page # Forgot password link
    { text: "<a href='index.php?app=page&inc=forgot'>Forgot password</a>" },

    # ./plugin/themes/km2/images/header-login.jpg
    # { :url=>"plugin/themes/km2/images/header-login.jpg", :md5=>"23c11687e660e8550505f18ab4f3e4e8" },

  ]
end

#PleskObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 convert :regexp to :text, remove :certainty=>100

Version 0.3 added more matches for 1999- 2007 version, improved existing matches

Version 0.4 # 2011-09-15 # Brendan Coles <[email protected]> Minor match updates Added version detection Added matches for favicon, redirect page and headers



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/whatweb/plugins/plesk.rb', line 20

WhatWeb::Plugin.define "Plesk" do
  @author = "Andrew Horton"
  @version = "0.4"
  @description = "Plesk is a web control panel"
  @website = "http://www.parallels.com/products/plesk/"

  # Google results as at 2011-09-15 #
  # 258 for intitle:"Default Parallels Plesk Panel Page"
  #  16 for inurl:"plesk/unilogin.php"

  # ShodanHQ results as at 2011-09-15 #
  # 25,941 for PleskWin
  #  1,881 for PleskLin
  #    26 for sw-cp-server

  # Dorks #
  @dorks = [
    'intitle:"Default Parallels Plesk Panel Page"'
  ]

  # 2006
  # <img src='def_plesk_logo.gif' alt="Plesk logo">
  # <h1>This is the Plesk&#153; default page</h1>
  # <p>For more information please contact <!--@adminemail@-->

  # newer
  # img/common/def_plesk_logo.gif
  # <p>For more information please contact <!--@adminemail@-->

  # 192.47.116.250
  # <a target="_blank" href="http://www.parallels.com"><img src="img/common/parallels_powered.gif" title="Powered by Parallels&trade;"></a>

  # http://202.89.57.34
  # 1999-2006 version
  # <title>Default PLESK Page</title>
  # <img src='def_plesk_logo.gif' alt="Plesk logo" width="161" height="41">
  #  <h1>This is the Plesk&#153; default page</h1>

  # http://119.47.118.185/
  # -2009 version
  # <title>Default Parallels Plesk Panel Page</title>
  # <h1><a class="product-logo" href="http://www.parallels.com/plesk/" title="Parallels Plesk Panel">Parallels Plesk Panel</a></h1>
  # &copy; Copyright 1999-2009, Parallels<br />
  # <p><strong>This page is generated by <a href="http://www.parallels.com/plesk/">Parallels Plesk Panel</a>
  # This page was generated by <a href="http://www.parallels.com/en/products/plesk/">Parallels Plesk Panel</a>

  # 1999- 2007 version
  # This page is autogenerated by <a target="_blank" href="http://www.swsoft.com/en/products/plesk/">Plesk
  # <div class="poweredBy"><a target="_blank" href="http://www.swsoft.com/en/products/plesk/"><img src="img/common/pb_plesk.gif"
  # if (window.plesk_promo.virtuozzo) {

  # Matches #
  @matches = [

    # /favicon.ico
    { url: "favicon.ico", md5: "2cee5e3ce2f5c4640a68fc208c286494" },

    # X-Powered-By: PleskLin # X-Powered-By: PleskWin
    { search: "headers[x-powered-by]", string: /Plesk([WL]in)/ },

    # HTTP Server Header
    { certainty: 75, search: "headers[server]", regexp: /sw-cp-server/ },

    # Logo HTML
    { name: "logo gif", regexp: /<img src='def_plesk_logo\.gif' alt="Plesk logo"/ },

    # HTML Comment
    { text: '<p>For more information please contact <!--@adminemail@-->' },

    # Powered by
    { name: "poweredBy parallels",
      regexp: /<a target="_blank" href="http:\/\/www\.parallels\.com"><img src="[^"]+\/parallels_powered\.gif" title="Powered by Parallels&trade;"><\/a>/ }, # "
    { text: '<div class="poweredBy"><a target="_blank" href="http://www.swsoft.com/en/products/plesk/' },

    # Title
    { text: '<title>Default PLESK Page</title>' },
    { text: '<title>Default Parallels Plesk Panel Page</title>' },

    # Heading
    { text: '<h1>This is the Plesk&#153; default page</h1>' },
    { name: "h1 plesk link",
      text: '<h1><a class="product-logo" href="http://www.parallels.com/plesk/" title="Parallels Plesk Panel">Parallels Plesk Panel</a></h1>' },

    # Copyright
    { name: "copyright parallels", certainty: 25, regexp: /&copy; Copyright [\d]{4}\-[\d]{4}, Parallels</ },

    # This page generated by plesk
    { regexp: /This page (was|is) generated by <a href="http:\/\/www\.parallels\.com\/(en\/products\/)?plesk\/">Parallels Plesk Panel<\/a>/ },
    { text: 'This page is autogenerated by <a target="_blank" href="http://www.swsoft.com/en/products/plesk/">Plesk' },

    # JavaScript
    { certainty: 25, text: 'if (window.plesk_promo.virtuozzo) {' },

    # Redirect Page # HTML Comment
    { url: "/", text: '</html><!--______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________IE error page size limitation______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________-->' },

    # Redirect Page # Version Detection # JavaScript
    { url: "/", version: /<script language="javascript" type="text\/javascript" src="\/javascript\/common\.js\?plesk_version=psa-([^\s^"]+)"\/?>/ },

  ]
end

#PloggerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/plogger.rb', line 9

WhatWeb::Plugin.define "Plogger" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Plogger is the next generation in open-source photo gallery systems."
  @website = "http://www.plogger.org/"

  # 328 results for "powered by Plogger" @ 2010-09-18

  # Dorks #
  @dorks = [
    '"powered by Plogger"'
  ]

  @matches = [

    # Default title
    { regexp: /<title>[^powered]+powered by Plogger Gallery<\/title>/ },

    # Powered by text
    { regexp: /<a[\ title="Powered by Plogger"]* href="http:\/\/www.plogger.org\/">Powered by Plogger[!]*<\/a>/ },

  ]
end

#PloneObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 remove :certainty=>100



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/whatweb/plugins/plone.rb', line 12

WhatWeb::Plugin.define "Plone" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "Plone Content Management System (CMS)"
  @website = "http://plone.org"

  # Dorks #
  @dorks = [
    '"powered by plone"',
    'inurl:"acl_users/credentials_cookie_auth/require_login?came_from"'
  ]

  # Matches #
  @matches = [

    # URL Pattern
    { name: "URL Pattern", certainty: 75, ghdb: 'inurl:"acl_users/credentials_cookie_auth/require_login?came_from"' },

    # Meta Generator
    { name: "meta generator tag",
      regexp: /<meta name="generator" content="[^>]*http:\/\/plone.org" \/>/ },

    # StyleSheet HTML
    { name: "plone css",
      regexp: /(@import url|text\/css)[^>]*portal_css\/.*plone.*css(\)|")/ }, # "

    # JavaScript
    { name: "plone javascript",
      regexp: /src="[^"]*ploneScripts[0-9]+.js"/ }, # "

    # <div class="visualIcon contenttype-plone-site">
    { text: '<div class="visualIcon contenttype-plone-site">' },

    # <div id="visual-portal-wrapper">
    { name: "div tag, visual-portal-wrapper",
      certainty: 75,
      text: '<div id="visual-portal-wrapper">' },

    # X-Caching-Rule-Id: plone-content-types
    { name: "X-Caching-Rule-Id: plone-content-types", search: "headers[x-caching-rule-id]", regexp: /plone-content-types/i },

    # X-Cache-Rule: plone-content-types
    { name: "X-Cache-Rule: plone-content-types", search: "headers[x-cache-rule]", regexp: /plone-content-types/i },

  ]
end

#PluXmlObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2012-05-18 # Added a couple of matches, google dorks and example urls



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/pluxml.rb', line 12

WhatWeb::Plugin.define "PluXml" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.2"
  @description = "PluXml - PHP powered CMS [French]"
  @website = "http://pluxml.org/"

  # Google results as at 2012-05-18 #
  # 150 results for "powered by PluXml" @ 2010-10-14
  #  72 for "par Pluxml en" "Valide xHTML"
  #   5 for intitle:"PluXml - Page d'authentification" inurl:"auth.php"

  # Dorks #
  @dorks = [
    '"powered by PluXml"',
    '"par Pluxml en" "Valide xHTML"'
  ]

  # Matches #
  @matches = [

    # Version detection
    { version: /<a href="http:\/\/pluxml.org" title="Blog ou Cms sans base de donn&eacute;es">Pluxml<\/a>[\s]+([\d\.]+)/ },

    # Login page # Powered by text
    { text: 'par <a href="http://pluxml.org">Pluxml</a></p>' },
    { regexp: /Powered by <a href="http:\/\/pluxml\.org/ },

    # Login page # Default title
    { text: "<title>PluXml - Page d'authentification</title>" },

    # Login page # Default HTML
    { text: '<p class="auth_return"><a href="../../">Retour au site</a>' },

    # Footer Link
    { text: 'G&eacute;n&eacute;r&eacute; par <a href="http://pluxml.org" title="Blog ou Cms sans base de donn&eacute;es">PluXml</a>' },

    # ./admin/auth.php?p=/core/admin/ # Login Page # Footer Link
    { text: 'G&eacute;n&eacute;r&eacute; par <a href="http://pluxml.org">PluXml</a></p>' },

  ]
end

#PmWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/pmwiki.rb', line 9

WhatWeb::Plugin.define "PmWiki" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-18
  @version = "0.1"
  @description = "PmWiki is a wiki-based system for collaborative creation and maintenance of websites."
  @website = "http://www.pmwiki.org/"

  # ShodanHQ results as at 2012-03-18 #
  # 30 for imstime

  # Matches #
  @matches = [

    # Set-Cookie # imstime
    { search: "headers[set-cookie]", regexp: /imstime=[\d]+;/ },

    # HTML Comment
    { text: '<!--PageLeftFmt-->' },

    # span class='commentout-pmwikiorg'
    { text: "<span class='commentout-pmwikiorg'>" },

    # StyleSheet
    { regexp: /<link rel='stylesheet' href='[^']*\/pmwiki\/pub\/skins\/pmwiki\/pmwiki\.css' type='text\/css' \/>/ },

  ]
end

#PnPSCADAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/pnpscada.rb', line 9

WhatWeb::Plugin.define "PnPSCADA" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-23
  @version = "0.1"
  @description = "Plug 'n' Play SCADA (PnPSCADA) - Hosted service or run on site"
  @website = "http://www.pnpscada.com/productoffering.html"

  # Google results as at 2011-09-23 #
  # 7 for intitle:"PnPSCADA Login" "Note: This site uses Cookies, JavaScript and Popups"
  # 6 for intitle:"Welcome to Plug and Play Scada"

  # Dorks #
  @dorks = [
    'intitle:"PnPSCADA Login" "Note: This site uses Cookies, JavaScript and Popups"'
  ]

  # Matches #
  @matches = [

    { text: '<TITLE>Welcome to Plug and Play Scada</TITLE>' },
    { text: '<TITLE>Login - PnPSCADA</TITLE>' },

    { version: /<CENTER><SPAN style='font-family:arial;font-size:10px'>PNPSCADA ([^\s]+) &copy;20[\d]{2} SDG Technologies cc\. All rights strictly reserved\. Please review our <A target='_blank' style='font-family:arial;font-size:10px' href='termsandconditions\.html'>Terms and Conditions<\/A>\. <\/SPAN><\/CENTER>/ },

  ]
end

#podPressObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/podpress.rb', line 9

WhatWeb::Plugin.define "podPress" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-17
  @version = "0.1"
  @description = "podPress - A dream plugin for Podcastrs using WordPress."
  @website = "http://www.mightyseek.com/podpress"

  # Google results as at 2011-03-17 #
  # 523 for "Podcast powered by podPress"

  # Dorks #
  @dorks = [
    '"Podcast powered by podPress"'
  ]

  # Matches #
  @matches = [

    # Version Detection # cite powered by
    { version: /<cite>Podcast Powered by <a href="http:\/\/www.mightyseek.com\/podpress\/" title="podPress, the dream plugin for podcasting with WordPress"><strong>podPress \(v([\d\.]+)\)<\/strong><\/a><\/cite>/ },

    # Version Detection # podPress_footer
    { version: /<div id="podPress_footer">Podcast powered by <a href="http:\/\/wordpress.org\/extend\/plugins\/podpress\/" title="podPress, a plugin for podcasting with WordPress"><strong>podPress v([\d\.]+)<\/strong><\/a><\/div>/ },

  ]
end

#PogoplugObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/pogoplug.rb', line 9

WhatWeb::Plugin.define "Pogoplug" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-05
  @version = "0.1"
  @description = "Pogoplug is a device that connects your USB drive to the Internet so you can easily share and access your files from anywhere. To set it up, all that is needed is to plug it into a wall socket, connect the device to your router using an etherent cable and plug a USB drive into the other side of the pogoplug. No network setup is required."
  @website = "http://www.pogoplug.com/products.html"

  # Default SSH login credentials #
  # root:ceadmin

  # ShodanHQ results as at 2011-08-05 #
  # 193 for HBHTTP

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if target.headers["server"] =~ /^HBHTTP ([A-Z\d]+) - ([\d\.]+) - Linux$/
      m << { string: $1.to_s }
      m << { version: $2.to_s }
    end

    # Return passive matches
    m
  end
end

#poMMoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/pommo.rb', line 9

WhatWeb::Plugin.define "poMMo" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-11
  @version = "0.1"
  @description = "poMMo is versatile mass mailing software - Requires PHP"
  @website = "http://pommo.org/Main_Page"

  # Google results as at 2012-11-04 #
  # 413 for "Page fueled by poMMo mailing management software"

  # Dorks #
  @dorks = [
    '"Page fueled by poMMo mailing management software"'
  ]

  # Matches #
  @matches = [

    # Fueled by link
    { text: 'Page fueled by <a href="http://www.pommo.org/">poMMo</a> mailing management software' },
    { text: 'Page fueled by <a href="http://pommo.sourceforge.net/">poMMo</a> mailing management software' },

    # Title
    { text: '<title>. ..poMMo.. .</title>' },

  ]
end

#PortalAppObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/portalapp.rb', line 9

WhatWeb::Plugin.define "PortalApp" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-10
  @version = "0.1"
  @description = "PortalApp is a fast, flexible, configurable CMS and portal system that can be used to create everything from Blogs to Web sites."
  @website = "http://www.portalapp.com/"

  # 155 results for "powered by PortalApp" -exploit @ 2010-07-10

  # Dorks #
  @dorks = [
    '"powered by PortalApp" -exploit'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /<img src='[\/]*images\/palogo_gr_17.gif' height=23 alt='powered by PortalApp' align=[\'|\"]*[center|middle]+[\'|\"]*><\/A>/ },

    { regexp: /<meta name=[\'|\"]*generator[\'|\"]* content=[\'|\"]*aspapp.com[\'|\"]*[\ \/]*>/ },
  ]
end

#PosterousObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/whatweb/plugins/posterous.rb', line 9

WhatWeb::Plugin.define "Posterous" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "Posterous publishing platform. If you can email, you can manage a website and share it with small groups or the world using Posterous. - https://posterous.com/"

  # ShodanHQ results as at 2011-05-19 #
  # 13 for _sharebymail_session_id

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="Posterous" />' },

    # div class "posterous_site_data"
    { text: '<div class="posterous_site_data" data-post-id="' },

    # Account Detection
    { account: /<meta property="og:site_name" content="([^"]+)'s posterous" \/>/ },

    # Protected Page
    { text: '<li class="first"><a href="http://posterous.com/login?jumpto=http' },

    # Redirect Page
    { regexp: /<html><body>You are being <a href="http:\/\/([^"]+)\.posterous\.com\/">redirected<\/a>\.<\/body><\/html>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # _sharebymail_session_id cookie
    m << { name: "_sharebymail_session_id cookie" } if target.headers["set-cookie"] =~ /^_sharebymail_session_id=/

    # x-posteroushostname header
    m << { name: "x-posteroushostname header" } unless target.headers["x-posteroushostname"].nil?

    # Return passive matches
    m
  end
end

#PowerAlertObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/poweralert.rb', line 9

WhatWeb::Plugin.define "PowerAlert" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-23
  @version = "0.1"
  @description = "PowerAlert monitors and controls UPS Systems, PDUs, sensors, and the computers and equipment they support."
  @website = "http://www.tripplite.com/en/products/poweralert-software.cfm"

  # ShodanHQ results as at 2011-05-23 #
  # 771 for PowerAlert Login
  #  50 for PowerAlert -Login

  # Matches #
  @matches = [

    # Protected Object # This might be used by other software running on Netsilicon
    { certainty: 25, text: '<h1>Protected Object</h1>This object on the Netsilicon is protected.<p>Return to <A TARGET="_top" HREF="index.html">Last page</A><p>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    m << { name: "HTTP Server Header" } if target.headers["server"] =~ /^PowerAlert HTTP server, powered by Allegro-Software-RomPager$/

    # WWW-Authenticate Header
    m << { name: "WWW-Authenticate Header" } if target.headers["www-authenticate"] =~ /^Basic realm="PowerAlert [\d]+ Login"$/
    m << { name: "WWW-Authenticate Header" } if target.headers["www-authenticate"] =~ /^Basic realm="PowerAlert Access Realm[\d]+"$/

    # Return passive matches
    m
  end
end

#PowerDNSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/powerdns.rb', line 9

WhatWeb::Plugin.define "PowerDNS" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-20
  @version = "0.1"
  @description = "PowerDNS is a high performance, non-BIND nameserver written in c++"
  @website = "http://www.powerdns.com/"

  # ShodanHQ results as at 2011-05-20 #
  # 12 for PowerDNS

  # Passive #
  def passive(target)
    m = []

    # WWW-Authenticate: Basic realm="PowerDNS"
    m << { name: "WWW-Authenticate realm" } if target.headers["www-authenticate"] =~ /^Basic realm="PowerDNS"$/

    # Return passive matches
    m
  end
end

#PoweredByObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-02-15 # Brendan Coles < bcoles at gmail dot com > Updated regex match

Version 0.2 removed :certainty



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/powered-by.rb', line 15

WhatWeb::Plugin.define "PoweredBy" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "This plugin identifies instances of 'Powered by x' text and attempts to extract the value for x."

  # Google results as at 2011-02-15 #
  # 11,360,000,000 for allintext:"powered by"

  # Matches could be improved by:
  #   Stripping HTML and CSS tags
  #   Handling whitespace more effectively

  # Matches #
  @matches = [

    # Powered by text
    { string: /powered[ -]?by[ ]?([^\s<>'".]+)/i },

  ]
end

#PowerMTAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/powermta.rb', line 9

WhatWeb::Plugin.define "PowerMTA" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-14
  @version = "0.1"
  @description = "PowerMTA - email gateway software (SMTP server) that makes it easy for senders to adopt the latest authentication specifications (SenderID, SPF, Domain Keys and DKIM) and comply with policies for accountable outbound email delivery."
  @website = "http://www.port25.com/"

  # ShodanHQ results as at 2011-09-14 #
  # 4 for PowerMTA

  # Matches #
  @matches = [

    # target.body
    { status: 403, text: "<html><body>Access denied.  Please consult the http-access directive in the User's Guide for more information.</body></html>" },

    # WWW-Authenticate: Basic realm="PowerMTA"
    { certainty: 25, search: "headers[www-authenticate]", regexp: /^Basic realm="PowerMTA"$/ },

  ]
end

#PowerSchoolObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/powerschool.rb', line 9

WhatWeb::Plugin.define "PowerSchool" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-08
  @version = "0.1"
  @description = "PowerSchool is the fastest-growing, most widely used web-based student information system, supporting more than 8.5 million students in 50 states and over 50 countries."
  @website = "http://www.pearsonschoolsystems.com/products/powerschool/"

  # ShodanHQ results as at 2011-04-08 #
  # 3,328 for PowerSchool

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^PowerSchool$/ },

  ]
end

#PowerWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/powerweb.rb', line 12

WhatWeb::Plugin.define "PowerWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "PowerWeb is a full 128-bit secure server with unlimited RSA encryption using industry standard SSL 3.0 (and 2.0), providing HTTP, FTP, SMTP and POP3 services, with many extensions for rapid database application development and dynamic page content."
  @website = "http://www.compusource.co.za/powerweb/"

  # ShodanHQ results as at 2011-06-04 #
  # 1 for PowerWeb/4

  @matches = [

    # HTTP Server Header
    { regexp: /^PowerWeb/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^PowerWeb\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#pragmaMxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/pragmamx.rb', line 9

WhatWeb::Plugin.define "pragmaMx" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-29
  @version = "0.1"
  @description = "pragmaMx - CMS"
  @website = "http://www.pragmamx.org/"

  # Google results as at 2012-05-29 #
  # 325 for "Diese Webseite basiert auf pragmaMx"

  # Dorks #
  @dorks = [
    '"Diese Webseite basiert auf pragmaMx"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { text: '<!-- COPYRIGHT www.pragmamx.ca / Ne touchez pas / Do not touch -->' },

    # Meta Generator # Version Detection
    { version: /<meta name="generator" content="pragmaMx ([^\s]+) - by http:\/\/pragmaMx\.org" \/>/ },

    # pmx-templatesystem # Module # HTML Comment
    { module: /<!-- (pmx-templatesystem v[^\s^\/]+)\/20[\d]{2}-[\d]{2}-[\d]{2} -->/ },

    # Footer # Version Detection
    { version: /<p>Diese Webseite basiert auf pragmaMx ([^\s]+)\.<\/p>/ },

  ]
end

#PressflowObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/pressflow.rb', line 9

WhatWeb::Plugin.define "Pressflow" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-18
  @version = "0.1"
  @description = "Pressflow is a distribution of Drupal with integrated performance, scalability, availability, and testing enhancements."
  @website = "http://pressflow.org/"

  # 67 results for +"powered by Pressflow" +"an open source content management system" @ 2010-07-18

  # Dorks #
  @dorks = [
    '"powered by Pressflow" "an open source content management system"'
  ]

  @matches = [

    { regexp: /<a href="http:\/\/drupal.org"><img src="[\/a-zA-Z0-9\-\_+]*\/misc\/powered-blue-80x15.png" alt="Powered by Pressflow, an open source content management system" title="Powered by Pressflow, an open source content management system" width="80" height="15" \/><\/a>/ },

    { text: '<title>Drupal already installed | Pressflow</title>', version: "Install Page" },

  ]
end

#PrestaShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

WhatWeb plugin by NetAgence.com



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/whatweb/plugins/prestashop.rb', line 12

WhatWeb::Plugin.define "PrestaShop" do
  @author = "Chris, NetAgence.com"
  @version = "1.0"
  @description = "Ecommerce CMS Prestashop."
  @website = "http://www.prestashop.com/"

  # Google results as at 2011-07-19 #
  # 989 for inurl:id_cms

  # Dorks #
  @dorks = [
    'inurl:id_cms'
  ]

  # identifying strings
  # <meta name="description" content="Boutique propuls&eacute;e par PrestaShop" />
  # <meta name="generator" content="PrestaShop" />
  # <meta name="description" content="Shop powered by PrestaShop" />

  # Matches #
  @matches = [

    { name: "PrestaShop-powered meta generator",
      regexp: /<meta name="generator"[^>]*content="PrestaShop/ },

    { string: "FR",
      name: "PrestaShop-Powered meta description",
      regexp: /<meta name="description"[^>]*content="par PrestaShop/ },

    { string: "EN",
      name: "PrestaShop-Powered meta description",
      regexp: /<meta name="description"[^>]*content="Shop powered by PrestaShop/ },

    { name: "html comment",
      regexp: /<!-- \/Block permanent links module HEADER -->/ }

    # {:text=>"<meta name=\"description\" content=\"Boutique propuls&eacute;e par PrestaShop\" />", :name=>"PrestaShop-Powered meta description (FR)"},
    # {:text=>"<meta name=\"description\" content=\"Shop powered by PrestaShop\" />", :name=>"PrestaShop-Powered meta description (EN)"},
    # {:text=>"<meta name=\"generator\" content=\"PrestaShop\" />", :name=>"PrestaShop-Powered meta generator"}
    # { :text=>'<!-- /Block permanent links module HEADER -->' }

  ]
end

#PRITLOGObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/pritlog.rb', line 9

WhatWeb::Plugin.define "PRITLOG" do
  @author = "Brendan Coles <[email protected]>" # 2012-05-01
  @version = "0.1"
  @description = "PRITLOG is an extremely simple, small and powerful blog system. Requires SQLite"
  @website = "http://pritlog.com/fossil.cgi/home"

  # Google results as at 2012-05-01 #
  # 25 for "Please enable Javascript for full functionality." "Powered by Pritlog"
  #  3 for inurl:"pritlog/index.php/archives"

  # Dorks #
  @dorks = [
    '"Please enable Javascript for full functionality." "Powered by Pritlog"',
    'inurl:"pritlog/index.php/archives"'
  ]

  # Matches #
  @matches = [

    # No JavaScript Message
    { text: '<em id="jserror">Please enable Javascript for full functionality.</em>' },

    # Powered by link
    { text: 'Powered by <a href="http://pritlog.com/">Pritlog</a>' },

  ]
end

#ProcessMakerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/processmaker.rb', line 9

WhatWeb::Plugin.define "ProcessMaker" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-23
  @version = "0.1"
  @description = "ProcessMaker - Open source web based workflow software and Business Process Management software."
  @website = "http://www.processmaker.com/"

  # Google results as at 2012-06-23 #
  # 49 for "User" "Password" "Language" "System Information" "Colosa, Inc. All rights reserved."

  # Dorks #
  @dorks = [
    '"User" "Password" "Language" "System Information" "Colosa, Inc. All rights reserved."'
  ]

  # Matches #
  @matches = [

    # Footer # Version Detection
    { version: /<div class="x-pm-footer-text">\s+ProcessMaker Ver\. ([^\s]+)<br\/>/ },

    # Logo HTML
    { text: '<div class="companyLogo"><img src="/images/processmaker2.logo2.png"/></div>' },

    # Powered by link
    { text: '<a href="http://www.processmaker.com" alt="Powered by ProcessMaker - Open Source Workflow & Business Process Management (BPM) Management Software" title="Powered by ProcessMaker" target="_blank">' },

    # Copyright Footer
    { text: '<div class="content"><a href="#" onclick="openInfoPanel();return false;" class="FooterLink">| System Information |</a><br /><br />Copyright &copy; 2003-2012 <a href="http://www.colosa.com" alt="Colosa, Inc." target="_blank">Colosa, Inc.</a> All rights reserved.' },

    # Redirect Page
    { text: '<meta http-equiv="REFRESH" content="0;URL=/sys/en/classic/login/login.html" />' },

  ]
end

#ProScanObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/proscan.rb', line 12

WhatWeb::Plugin.define "ProScan" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-13
  @version = "0.2"
  @description = "Streams audio"
  @website = "http://www.proscan.org/"

  # ShodanHQ results as at 2011-05-13 #
  # 12 for ProScan

  @matches = [
    # HTTP Server Header
    { regexp: /^ProScan/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^ProScan ([^\s]+)$/, search: "headers[server]" },

    # icy-notice2 Header
    { name: "icy-notice2 header", regexp: /^ProScan/, search: "headers[icy-notice2]" },

  ]
end

#PTCPayObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/ptcpay.rb', line 9

WhatWeb::Plugin.define "PTCPay" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "PTCPay is a sofware development company that develops and supports the GeN4 Security+ GPT/PTC/Bux script."
  @website = "http://ptcpay.com/"

  # Google results as at 2011-02-27 #
  # 7 for "Login into your admin panel" "PTCPay.Com" inurl:"admin"

  # Dorks #
  @dorks = [
    '"Login into your admin panel" "PTCPay.Com" inurl:"admin"'
  ]

  # Matches #
  @matches = [

    # GHDB Match # Powered by text
    { certainty: 25, ghdb: '"powered by PTCPay"' },

    # Default logo HTML
    { text: '<div class="left"><img src="pre/images/ic_support.png" width="23" height="23" alt="" /></div>' },

    # Powered by text
    { text: '<p>Powered by <a href="http://www.ptcpay.com" target="_blank">GeN4 Security+</a>' },

    # Version Detection # Admin Page # Powered by text
    { version: /<\/div><div class="foot">GeN4 Secur(ity|e)\+ ([\d\.]{1,6})  &copy; 2009 - 20[\d]{2} <a href="http:\/\/www.ptcpay.com" target="_blank">PTCPay.Com<\/a><\/div>/, offset: 1 },

  ]
end

#PulseCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/pulsecms.rb', line 9

WhatWeb::Plugin.define "PulseCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-08
  @version = "0.1"
  @description = "Manage Content, Simply. Pulse is a simple CMS designed for small websites. It enables you to add content management to an existing site in five minutes."
  @website = "http://pulsecms.com/"

  # Google results as at 2011-02-08 #
  # 9 for intitle:"Pulse Content Manager" +Pulse +CMS +Password +Login

  # Dorks #
  @dorks = [
    'intitle:"Pulse Content Manager" "Pulse" "CMS" "Password" "Login"'
  ]

  # Matches #
  @matches = [

    # Login Page # Default logo HTML
    { text: '<img src="img/new-logo.png" alt="Pulse CMS">' },

    # Login Page # Default Password HTML
    { text: '<input type="password" size="27" name="mpass_pass">' },

    # Login Page # Default Title
    { text: '<title>Pulse Content Manager</title>' },

    # Login Page # Body HTML
    { text: '<body id="login-page" onload="document.login.mpass_pass.focus()">' },

    # Default Logo
    { url: "img/new-logo.png", md5: "079d0b95c76564c1bb450650f17c3e7f" },
    { url: "img/new-logo.png", md5: "652807728bfb1cd7ffba4a5d40c4e374" },

  ]
end

#PunBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/whatweb/plugins/punbb.rb', line 12

WhatWeb::Plugin.define "PunBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-06
  @version = "0.2"
  @description = "PunBB is a fast and lightweight PHP-powered discussion board. It is released under the GNU General Public License."
  @website = "http://punbb.informer.com/"

  # Google results as at 2011-04-06
  # 302 for "Powered by PunBB, supported by Informer Technologies"

  # Dorks #
  @dorks = [
    '"Powered by PunBB, supported by Informer Technologies"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { certainty: 25, text: '<!-- forum_debug -->' },

    # brd-index div
    { text: '<div id="brd-index" class="brd-page basic-page">' },

    # Powered by link
    { text: '<p id="copyright">Powered by <strong><a href="http://punbb.informer.com/">PunBB</a></strong>, supported by <strong><a href="http://www.informer.com/">Informer Technologies, Inc</a></strong>.</p>' },

    # Module Detection
    { module: /<p style="clear: both; ">Currently installed <span id="extensions-used" title="([^"]+)\.">[\d]+ official extensions<\/span>\. Copyright &copy; 2003&ndash;/ },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [
      { version: '1.0', path: "docs/install.html", md5: 'd2748bb3397ec0de230ed0b6f460d307' },
      { version: '1.0.1',  path: "docs/install.html", md5: '578fa4261a4a8bb35389d07c112b924b' },
      { version: '1.2',    path: "docs/install.html", md5: 'd5eda4db7271483b563213747a7fcd65' },
      { version: '1.2.1',  path: "docs/install.html", md5: 'e39950020c0102948ceccdd30e01f8d3' },
      { version: '1.2.10', path: "docs/install.html", md5: 'a96ce1acc811fa2dc99368185f1550a6' },
      { version: '1.2.11', path: "docs/install.html", md5: '2f686cf8cb8d4f32aa4f921a7b3ae3e9' },
      { version: '1.2.12', path: "docs/install.html", md5: 'a88d9f44bdc1057ccdf488e9442944b2' },
      { version: '1.2.13', path: "docs/install.html", md5: '8b9553a0b9894e1488b97d6e8721ad3e' },
      { version: '1.2.14', path: "docs/install.html", md5: 'b9754e06ddb051f3d7e66710cab79f90' },
      { version: '1.2.15', path: "docs/install.html", md5: 'e47a0ae180d2428c20232cb641ca474f' },
      { version: '1.2.16', path: "docs/install.html", md5: 'd50e093e34251b0a7c03ac3d45f64616' },
      { version: '1.2.17', path: "docs/install.html", md5: 'ea5696cb9d85e692f0241565dd7cf007' },
      { version: '1.2.2',  path: "docs/install.html", md5: '8cf393c2a65c6d6865663f8335b49727' },
      { version: '1.2.3',  path: "docs/install.html", md5: '17c33dd4020226c34254956b71789991' },
      { version: '1.2.4',  path: "docs/install.html", md5: '1469f7c2d8647453d3a82294f9b000e5' },
      { version: '1.2.5',  path: "docs/install.html", md5: '2f683a8dc5c790364d9a1cdc337d460b' },
      { version: '1.2.6',  path: "docs/install.html", md5: '76b7473156af95d8df10f27510734f81' },
      { version: '1.2.7',  path: "docs/install.html", md5: '310e902cfb9f77a403fec67f03214cd8' },
      { version: '1.2.8',  path: "docs/install.html", md5: '7cb6e4e22b6795ea40f081ee846a2674' },
      { version: '1.2.9',  path: "docs/install.html", md5: '9159987d634a9d0cc678b9d51e84b466' },

      { version: '1.1.x', path: "img/smilies/sad.png", md5: '1be05e25934491d75e8f8af7609e56e2' },
      { version: '1.2.x', path: "img/smilies/sad.png", md5: 'bdf6c4d929f95b28f4e33623797aaeb0' },
      { version: '1.3.x', path: "img/smilies/sad.png", md5: '02526986b095d2d745397efe5db47076' },

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    m << { name: "md5 sums of files", version: version } if version

    # Return aggressive matches
    m
  end
end

#PuridiomObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/puridiom.rb', line 9

WhatWeb::Plugin.define "Puridiom" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-14
  @version = "0.1"
  @description = "Puridiom - eProcurement software"
  @website = "http://www.puridiom.com/"

  # Google results as at 2011-07-14 #
  # 5 for intitle:"Enabling Self-Service Procurement" "Loading Page"

  # Dorks #
  @dorks = [
    'intitle:"Enabling Self-Service Procurement" "Loading Page"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<TITLE>Puridiom, Enabling Self-Service Procurement</TITLE>' },

    # Title # Xpress
    { string: "Xpress", text: '<TITLE>Puridiom Xpress, Enabling Self-Service Procurement</TITLE>' },

    # iframe id="getInfoFrame"
    { text: '<iframe id="getInfoFrame" name="getInfoFrame" src="/puridiom/system/processing.jsp"' },

    # Loading Page
    { text: '<tr><td width=100% align=center valign=top><br><b>Loading Page... Please wait.</b><br><br><br><img src="/puridiom' },

    # Version Detection # Title
    { version: /<TITLE>Puridiom ([\d\.]+), Enabling Self-Service Procurement<\/TITLE>/ },

    # Meta Description
    { text: '<META NAME="Description" Content="/puridiom/system/header.jsp">' },

    # Meta Description # Xpress
    { string: "Xpress", text: '<META NAME="Description" Content="/puridiomx/system/header.jsp">' },

  ]
end

#PygopherdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/pygopherd.rb', line 9

WhatWeb::Plugin.define "Pygopherd" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-19
  @version = "0.1"
  @description = "An open source multi-protocol gopher server written in Python. Also works as an HTTP and WAP server."
  @website = "http://quux.org:70/devel/gopher/pygopherd"

  # Google results as at 2011-11-19 #
  # 40 for "server top" "view with gopher" "Generated by Pygopherd"

  # Dorks #
  @dorks = [
    '"server top" "view with gopher" "Generated by Pygopherd"'
  ]

  # Matches #
  @matches = [

    # Generated by link
    { text: '<BR>Generated by <A HREF="http://www.quux.org/devel/gopher/pygopherd">PyGopherd</A>' },

    # Error Page
    { regexp: /<HTML><HEAD><TITLE>Selector Not Found<\/TITLE>[\s]+<H1>Selector Not Found<\/H1>/ },

  ]
end

#PythonObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/python.rb', line 9

WhatWeb::Plugin.define "Python" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.1"
  @description = "Python is a programming language that lets you work more quickly and integrate your systems more effectively. You can learn to use Python and see almost immediate gains in productivity and lower maintenance costs."
  @website = "http://www.python.org/"

  # About 170076 ShodanHQ results for "server: python" @ 2010-10-26

  # HTTP Header
  def passive(target)
    m = []

    # Server # Version Detection
    m << { version: target.headers["server"].to_s.scan(/[^\r^\n]* Python\/([^\s^\r^\n]+)/).flatten } if target.headers["server"].to_s =~ /[^\r^\n]* Python\/([^\s^\r^\n]+)/

    m
  end
end

#qdPMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/qdpm.rb', line 9

WhatWeb::Plugin.define "qdPM" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-15
  @version = "0.1"
  @description = "qdPM is a free web-based project management tool suitable for a small team working on multiple projects."
  @website = "http://qdpm.net/"

  # ShodanHQ results as at 2012-06-15 #
  # 8 for Set-Cookie qdpm

  # Google results as at 2012-06-15 #
  # 62 for "qdPM" "is redistributable under the GNU General Public License" "Login" "Email" "Password"

  # Dorks #
  @dorks = [
    '"qdPM" "is redistributable under the GNU General Public License" "Login" "Email" "Password"'
  ]

  # Matches #
  @matches = [

    # Login Page # Footer # Version Detection
    { version: /qdPM ([^\s]+) &nbsp;is redistributable under the\s+<a class="footer-text"/ },

    # Login Page # Footer # Year Detection
    { string: /Copyright @ (20[\d]{2}) <a class="footer-text" target="_blank"( title="open source project management software")? href="http:\/\/(www\.qds-team\.com|qdpm\.net\/)">/ },

    # Set-Cookie # qdp or qdpm_extended
    { search: "headers[set-cookie]", regexp: /qdpm(_extended)?=[^;]+;/ },

  ]
end

#qTranslateObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/qtranslate.rb', line 9

WhatWeb::Plugin.define "qTranslate" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-09
  @version = "0.1"
  @description = "qTranslate Wordpress plugin"
  @website = "http://www.qianqin.de/qtranslate/"

  # ShodanHQ results as at 2012-03-09 #
  # 1,437 for qtrans_cookie_test

  # Matches #
  @matches = [

    # Set-Cookie # qtrans_cookie_test
    { search: "headers[set-cookie]", regexp: /qtrans_cookie_test=[^\+]+\+Cookie\+Test;/ },

  ]
end

#Quick_CmsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/quick.cms.rb', line 12

WhatWeb::Plugin.define "Quick_Cms" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-30
  @version = "0.2"
  @description = "Freeware, fast and easy to customize Content Management System."
  @website = "http://opensolution.org/quick.cms,en,10.html"

  # Google results as at 2010-08-30 #
  # 298 for "powered by Quick.Cms"

  # Dorks #
  @dorks = [
    '"powered by Quick.Cms"'
  ]

  # Matches #
  @matches = [

    # Admin Page # Default Title
    { text: '  <title>Admin - Quick.Cms - simple content management system</title>' },

    # Admin Page # Default JavaScript
    { text: '    var cfLangNoWord      = "Please fill in all required fields";' },

    # Powered by text
    { text: '      <div class="foot" id="powered"><a href="http://opensolution.org/">Powered by <strong>Quick.Cms</strong></a></div>' },

    # HTML comment text
    { text: '        LICENSE REQUIREMENTS - DONT DELETE/HIDE LINK "powered by Quick.Cms" TO www.OpenSolution.org' },

    # Meta author
    { text: '  <meta name="Author" content="OpenSolution.org" />' },

    # Version Detection # Admin Page # Version Footer
    { version: /      <div id="version"><a href="http:\/\/opensolution.org\/">Quick.Cms v([\d\.]+)<\/a><\/div>/ },

  ]
end

#QuickerSiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/quickersite.rb', line 9

WhatWeb::Plugin.define "QuickerSite" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-04
  @version = "0.1"
  @description = "QuickerSite is a Content Management System for Windows Servers. It is written in ASP/VBScript with an optional pinch of ASP.NET for true image-resizing capabilities."
  @website = "http://www.quickersite.com/"

  # Google results as at 2011-03-04 #
  # 111 for "Powered by QuickerSite"

  # Dorks #
  @dorks = [
    '"Powered by QuickerSite"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta content="QuickerSite CMS - visit www.quickersite.com" name="generator" \/>/i },

    { regexp: /<meta name="generator" content="QuickerSite CMS - visit www.quickersite.com">/i },

  ]
end

#QuickWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/quickweb.rb', line 9

WhatWeb::Plugin.define "QuickWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "QuickWeb [Italian]"

  # Google results as at 2011-03-24 #
  # 52 for -intitle:"QWScript Error" filetype:qws
  # 38 for intitle:"QWScript Error" filetype:qws

  # Dorks #
  @dorks = [
    'intitle:"QWScript Error" filetype:qws'
  ]

  # Matches #
  @matches = [

    # Error Page # Title
    { text: "<HTML><HEAD><TITLE>QWScript Error</TITLE></HEAD>" },

  ]
end

#QuiXplorerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/quixplorer.rb', line 9

WhatWeb::Plugin.define "QuiXplorer" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-16
  @version = "0.1"
  @description = "QuiXplorer is a multi-user, web-based file-manager. It allows you to manage and/or share files over the internet, or an intranet."
  @website = "http://quixplorer.sourceforge.net/"

  # Google results as at 2011-05-16 #
  # 77 for "QuiXplorer" +Username +Password +"the QuiX project"

  # Dorks #
  @dorks = [
    '"QuiXplorer" "Username" "Password" "the QuiX project"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Default Title
    { version: /<title>QuiXplorer ([^\s]+) - the QuiX project<\/title>/ },

    # Version Detection # Footer link
    { version: /<A class="title" href="http:\/\/quixplorer\.sourceforge\.net" target="_blank">QuiXplorer ([^<]+)<\/A> - <A href="http:\/\/quix\.tk" target="_blank">the QuiX project<\/A><\/SMALL>/ },

    # Footer link
    { text: '<A class="title" href="http://quixplorer.sourceforge.net" target="_blank">QuiXplorer</A> - <A href="http://quix.tk" target="_blank">the QuiX project</A></SMALL>' },

  ]
end

#RaidenHTTPDObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/raidenhttpd.rb', line 9

WhatWeb::Plugin.define "RaidenHTTPD" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-16
  @version = "0.1"
  @description = "RaidenHTTPD is a fully featured web server software for Windows platform."
  @website = "http://www.raidenhttpd.com/en/"

  # ShodanHQ results as at 2011-09-16 #
  # 542 for RaidenHTTPD

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^RaidenHTTPD\/([^\s]+) \([^\)]+\)$/ },

    # Edition Detection # HTTP Server Header
    { search: "headers[server]", string: /^RaidenHTTPD\/[^\s]+ \(([^\)]+)\)$/ },

  ]
end

#RailoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/railo.rb', line 9

WhatWeb::Plugin.define "Railo" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-27
  @version = "0.1"
  @description = "Railo is an Open Source ColdFusion Markup Language (CFML) server."
  @website = "http://getrailo.com/"

  # More Info #
  # http://en.wikipedia.org/wiki/Railo

  # ShodanHQ results as at 2011-07-27 #
  # 523 for Railo-Version

  # Google results as at 2011-07-27 #
  # 128 for inurl:railo-context ext:cfm
  #  20 for inurl:railo-context/admin/ ext:cfm
  #  11 for +Password (intitle:"Railo Web Administrator"| intitle:"Railo Server Administrator") "All Rights Reserved"

  # Dorks #
  @dorks = [
    'inurl:railo-context/admin/ ext:cfm'
  ]

  # Matches #
  @matches = [

    # JavaScript
    { text: '<script language = "JavaScript" type="text/javascript" src="/railo-context/form.cfm"></script><script language = "JavaScript" type="text/javascript">' },

  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Railo-Version Header
    m << { version: target.headers["railo-version"].to_s } if target.headers["railo-version"] =~ /^[\d\.]+$/

    # Return passive matches
    m
  end
end

#RainmailObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/rainmail.rb', line 9

WhatWeb::Plugin.define "Rainmail" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-27
  @version = "0.1"
  @description = "Rainmail Intranet Server is integrated software for providing complete Intranet and Network Infrastructure to enterprises."
  @website = "http://www.carizen.com/carizen/index.php?task=ris"

  # Google results as at 2011-09-27 #
  # 24 for intitle:"Rainmail Intranet Page"

  # Dorks #
  @dorks = [
    'intitle:"Rainmail Intranet Page"'
  ]

  # Matches #
  @matches = [

    # form
    { certainty: 25, text: "<form action='/cgi-bin/openwebmail/openwebmail.pl'" },

    # HTML Comment
    { certainty: 75, text: '<!--  SCRIPT CONFIGURATION SECTION -->' },

    # Rainmail is a product of
    { text: '<TD width=50%><font color="ffffff" size="1"face="Verdana, Helvetica">Rainmail is a product of :</font>' },

    # Rainmail Intranet Login heading
    { text: '<div align="center">.: <b>Rainmail Intranet Login </b> :.</div>' },

    # /chpasswd.php
    { url: '/chpasswd.php', text: '<TD><font color="ffffff" size="1"face="Verdana, Arial, Helvetica, sans-serif">Rainmail is a product of :</font></TD>' },

  ]
end

#RapidleechObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/rapidleech.rb', line 9

WhatWeb::Plugin.define "Rapidleech" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-19
  @version = "0.1"
  @description = "Rapid Leech is a free server transfer script for use on various popular upload/download sites such as megaupload.com, Rapidshare.com and more than 45 others. The famous Rapidleech script transfers files from Rapidshare, Megaupload, Depositfiles.com, Easy-share.com, etc, via your fast servers connection speed and dumps the file on your server. You may then download these files from your server anytime later. Rapidleech script has being used by more than 5 million users worldwide and has being installed on more than 2000 servers."
  @website = "http://code.google.com/p/rapidleech/"

  # Google results as at 2010-12-30 #
  # 137 for "Credits to Pramode & Checkmate & Kloon" "RapidleechHost Offical Hosting" intitle:"Rapidleech"

  # Matches #
  @matches = [

    # Default credits footer
    { regexp: /<small[^>]+>Credits to Pramode &amp; Checkmate &amp; Kloon<\/small><br/ },

    # PlugMod # Default credits footer
    { regexp: /<small[^>]+>Credits to Pramode &amp; Checkmate &amp; Kloon. Mod by: MsNeil &amp; Idoenk<\/small><br/, module: "PlugMod" },

  ]
end

#RapidSiteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/rapidsite.rb', line 12

WhatWeb::Plugin.define "RapidSite" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-08
  @version = "0.2"
  @description = "RapidSite is the world's largest and most experienced Web hosting entity."
  @website = "http://www.rapidsite.net/"

  # ShodanHQ results as at 2011-03-08 #
  # 166,648 for Rapidsite/Apa
  #
  #  United States 101,473
  #  Japan 55,903
  #  Germany 7,032
  #  Switzerland 1,138
  #  Spain 1,100

  @matches = [
    # HTTP Server Header
    { regexp: /^Rapidsite/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    if /^Rapidsite\/Apa\/([\d\.]+)/.match?(target.headers["server"])
      m << { string: "Apache/" + target.headers["server"].scan(/Rapidsite\/Apa\/([\d\.]+)/).flatten }
    elsif /^Rapidsite\/Apa$/.match?(target.headers["server"])
      m << { string: "Apache" }
    end

    # Return passive matches
    m
  end
end

#RCTToolsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/rcttools.rb', line 9

WhatWeb::Plugin.define "RCTTools" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-11
  @version = "0.1"
  @description = "RCTTools - SecureSOHO Web configuration Tools"
  @website = "[offline] http://www.redsonic.com/"

  # ShodanHQ results as at 2012-04-11 #
  # 1,394 for RCTTools (SecureSOHO Web configuration Tools)

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^RCTTools \(SecureSOHO Web configuration Tools\) v([^\s]+)$/ },

  ]
end

#RealVNCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/realvnc.rb', line 12

WhatWeb::Plugin.define "RealVNC" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.2"
  @description = "RealVNC provides remote control software which lets you see and interact with desktop applications across any network."
  @website = "http://www.realvnc.com/"

  # ShodanHQ results as at 2011-03-13 #
  # 872 for RealVNC

  @matches = [
    # HTTP Server Header
    { regexp: /^RealVNC/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^RealVNC\/(.+)$/, search: "headers[server]" },

  ]
end

#reCAPTCHAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/recaptcha.rb', line 9

WhatWeb::Plugin.define "reCAPTCHA" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows."
  @website = "http://www.google.com/recaptcha"

  # Matches #
  @matches = [

    # NoScript iframe
    { regexp: /<noscript>[\s]*<iframe src="http:\/\/www\.google\.com\/recaptcha\/api\/noscript\?k=/ },

  ]
end

#RedaxscriptObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/redaxscript.rb', line 9

WhatWeb::Plugin.define "Redaxscript" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-22
  @version = "0.1"
  @description = "Redaxscript is a free, PHP and MySQL driven website engine for small business and private websites. It's ultra lightweight, simple and customizable."
  @website = "http://redaxscript.com/"

  # Google results as at 2011-06-22 #
  # 51 for "Powered by Redaxscript"

  # Dorks #
  @dorks = [
    '"Powered by Redaxscript"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://redaxscript.com">Redaxscript</a>' },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="Redaxscript ([^\s^"]+)" \/>/ },

    # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/redaxscript\.com" title="Redaxscript">Redaxscript<\/a> ([^\s^<]+)</ },

  ]
end

#RedmineObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/redmine.rb', line 9

WhatWeb::Plugin.define "Redmine" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-15
  @version = "0.1"
  @description = "Redmine is a flexible project management web application. Written using Ruby on Rails framework, it is cross-platform and cross-database."

  # ShodanHQ results as at 2011-09-15 #
  # 1,394 for _redmine_session

  # Google results as at 2011-09-15 #
  # 295 for "Powered by Redmine"
  #  25 for inurl:"redmine/login?back_url="

  # Dorks #
  @dorks = [
    '"Powered by Redmine"'
  ]

  # Matches #
  @matches = [

    # _redmine_session Cookie
    { search: "headers[set-cookie]", regexp: /_redmine_session=/ },

    # Year Detection # Powered by link
    { string: /Powered by <a href="http:\/\/www\.redmine\.org\/">Redmine<\/a> &copy; 2006-(20[\d]{2}) Jean-Philippe Lang/ },

    # Meta Description
    { certainty: 25, text: '<meta name="description" content="Redmine" />' },

    # Error Page
    { status: 404, text: '<title>redMine 404 error</title>' },

  ]
end

#RedShopObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/redshop.rb', line 9

WhatWeb::Plugin.define "RedShop" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-12
  @version = "0.1"
  @description = "ASP Powered shopping cart software [Chinese]"
  @website = "http://www.rednetcms.com/redshop/"

  # 1 result for "Powered by Redshop" @ 2010-10-12

  @matches = [

    # Powered by text
    { text: 'Powered by:<a href="http://www.rednetcms.com/redshop" target="_blank">Redshop</a>' },

    # Default CSS # CSS file in the images folder o_0
    { text: '<link href="images/redcms.css" rel="stylesheet" type="text/css" />' },

  ]
end

#ReinvigorateObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/reinvigorate.rb', line 9

WhatWeb::Plugin.define "Reinvigorate" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-20
  @version = "0.1"
  @description = "Reinvigorate measures your influence on the web in real-time. Simple, real-time web analytics + heatmaps."
  @website = "http://www.reinvigorate.net/"

  # Matches #
  @matches = [

    # HTML Comment
    { certainty: 10, text: "<!-- Reinvigorate -->" },

    # JavaScript src
    { text: '<script type="text/javascript" src="http://include.reinvigorate.net/re_.js"></script>' },

    # Extract Account # JavaScript
    { certainty: 25, string: /reinvigorate\.track\("([a-z\d]{5}-[a-z\d]{10})"\);/ },
    { certainty: 10, string: /re_\("([a-z\d]{5}-[a-z\d]{10})"\);/ },

  ]
end

#RemotelyAnywhereObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/remotelyanywhere.rb', line 12

WhatWeb::Plugin.define "RemotelyAnywhere" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-08 #
  @version = "0.2"
  @description = "A small HTTP daemon, which enables you to access and manage services, processes, users, and files on the remote computer over the network."
  @website = "http://www.remotelyanywhere.com/"

  # ShodanHQ results as at 2011-04-08 #
  # 213 for RemotelyAnywhere

  @matches = [
    # HTTP Server Header
    { regexp: /^RemotelyAnywhere/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^RemotelyAnywhere\/([\d\.]+)$/, search: "headers[server]" },

  ]
end

#ReOSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/reos.rb', line 9

WhatWeb::Plugin.define "ReOS" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-04
  @version = "0.1"
  @description = "REOS is hi-end software solution designed to help real estate agents, brokers and offices to easily present their properties on the internet."
  @website = "http://www.reosonline.com/"

  # Google results as at 2011-02-04 #
  # 125 for "powered by reos"

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://reos.elazos.com">ReOS</a>' },

    # 2.x, 3.x # Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/reos.elazos.com">ReOS ([\d\.]+)<\/a> and released under the <a href="http:\/\/www.fsf.org\/licensing\/licenses\/agpl\-3\.0\.html">GNU\/AGPLv3 License.<\/a>/ },

    # 1.x #  Version Detection # Powered by text
    { version: /Powered by <a href="http:\/\/reos.elazos.com">ReOS ([\d\.]+)<\/a> and released under the <a href="http:\/\/creativecommons.org\/licenses\/GPL\/2.0\/">GNU\/GPL License.<\/a>/ },

  ]
end

#ResinObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.2 # 2011-03-11 # Updated version detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/resin.rb', line 15

WhatWeb::Plugin.define "Resin" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.3"
  @description = "Resin provides a reliable, fast Web server which can also be used as a load balancer. Resin can operate as a standalone server or as a fast servlet runner for IIS or Apache"
  @website = "http://www.caucho.com/resin/admin/http-server.xtp"

  # Resin provides a fast servlet runner for IIS, allowing IIS to run servlets and JSP files :
  # http://www.caucho.com/resin/admin/starting-resin-iis-7.xtp
  # Resin provides a fast servlet runner for Apache 1.3 or greater, allowing Apache to run servlets and JSP files :
  # http://www.caucho.com/resin/admin/starting-resin-apache.xtp

  # ShodanHQ results as at 2011-02-24 #
  # 25,565 for server Resin

  @matches = [
    # Version Detection # HTTP Server Header # Standalone
    { regexp: /^Resin/, search: "headers[server]" },

    # Version Detection # HTTP Server Header # Standalone
    { string: "Standalone", version: /^Resin\/([^\s]+)/, search: "headers[server]" },

    # Version Detection # HTTP Server Header # Plugin
    { string: "Plugin", version: /[\s]+Resin\/([^\s]+)/, search: "headers[server]" },

  ]
end

#RevSenseObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/revsense.rb', line 9

WhatWeb::Plugin.define "RevSense" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.1"
  @description = "RevSense is an online pay per click ad-market. Publicise your ads to a large community using RevSense advertiser account."
  @website = "http://www.revsense.com/"

  # 106 results for "powered by RevSense" -Vulnerability @ 2010-08-21

  # Dorks #
  @dorks = [
    '"powered by RevSense" -Vulnerability'
  ]

  @matches = [

    { text: '				<li><a href="http://www.revsense.com.au/"><strong>RevSense</strong> - Powered by RevSense Ads</a></li>' },

    { text: '	<!-- You cannot remove this powered by link without receiving permission from W3matter.com -->' },

    { regexp: /	<font size=1><a>Powered by Revsense &trade;<\/a> &copy; [0-9]{4} W3matter LLC<\/font>/ },

    { regexp: /	<font size=1><a href="http:\/\/www.w3matter.com">Powered by Revsense &trade;<\/a> &copy; [0-9]{4} W3matter LLC<\/font>/ },

  ]
end

#RiOSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/rios.rb', line 9

WhatWeb::Plugin.define "RiOS" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-26
  @version = "0.1"
  @description = "Riverbed Optimization System (RiOS)"
  @website = "http://www.riverbed.com/"

  # Technical Overview #
  # http://www.riverbed.com/assets/fr/media/documents/briefs/TechOverview-Riverbed-RiOS_6.0.pdf

  # ShodanHQ results as at 2012-08-26 #
  # 286 for X-RBT-Optimized-By

  # Matches #
  @matches = [

    # X-RBT-Optimized-By Header
    { search: "headers[x-rbt-optimized-by]", version: /\(RiOS ([^\s]+)\)/ },

    # X-RBT-Optimized-By Header
    { search: "headers[x-rbt-optimized-by]", string: /(.+) \(RiOS/ },

  ]
end

#RIPSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/rips.rb', line 9

WhatWeb::Plugin.define "RIPS" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-25
  @version = "0.1"
  @description = "RIPS - A static source code analyser for vulnerabilities in PHP scripts"
  @website = "http://sourceforge.net/projects/rips-scanner/"

  # Google results as at 2012-03-25 #
  # 4 for intitle:"RIPS - A static source code analyser for vulnerabilities in PHP scripts" "Quickstart" "Locate your PHP path/file"

  # Dorks #
  @dorks = [
    'intitle:"RIPS - A static source code analyser for vulnerabilities in PHP scripts" "Quickstart" "Locate your PHP path/file"'
  ]

  # Matches #
  @matches = [

    # Version Detection
    { version: /<div class="logo"><a id="logo" href="http:\/\/sourceforge\.net\/projects\/rips-scanner\/files\/" target="_blank" title="get latest version">([^<^\s]+)<\/a><\/div>/ },

    # input type="checkbox" id="subdirs"
    { text: '<td nowrap><input type="checkbox" id="subdirs" value="1" title="check to scan subdirectories" />subdirs</td>' },

  ]
end

#robots_txtObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-23 # Removed aggressive section

Version 0.2 # Added aggressive ‘/robots.txt` retrieval



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/robots.txt.rb', line 15

WhatWeb::Plugin.define "robots_txt" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-22
  @version = "0.3"
  @description = "This plugin identifies robots.txt files and extracts both allowed and disallowed directories. - More Info: http://www.robotstxt.org/"

  # Google results as at 2011-03-23 #
  # 920 for inurl:robots.txt filetype:txt

  # Passive #
  def passive(target)
    m = []

    # Extract directories if current file is robots.txt
    if (target.uri.path.to_s == "/robots.txt") && target.body =~ /^User-agent:/i

      # File Exists
      m << { name: "File Exists" }

      # Disallow
      if /^Disallow:[\s]*(.+)$/i.match?(target.body)
        m << { string: target.body.scan(/^Disallow:[\s]*(.+)/i) }
      end

      # Allow
      if /^Allow:[\s]*(.+)$/i.match?(target.body)
        m << { string: target.body.scan(/^Allow:[\s]*(.+)/i) }
      end

    end

    # Return passive matches
    m
  end
end

#RobPollObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/robpoll.rb', line 9

WhatWeb::Plugin.define "RobPoll" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-20
  @version = "0.1"
  @description = "RobPoll - CGI poll system"
  @website = "Offline"
  # Default password: robpoll

  # Google results as at 2011-04-20 #
  # 38 for inurl:robpoll.cgi filetype:cgi

  # Dorks #
  @dorks = [
    'inurl:robpoll.cgi filetype:cgi'
  ]

  # Matches #
  @matches = [

    # GHDB # URL pattern
    { ghdb: 'inurl:"robpoll.cgi?start" filetype:cgi' },

    # Admin Page # Title
    { text: '<head><title>RobPoll Admin</title></head>' },

    # Default form html
    { regexp: /<form action="[^"]*\/robpoll\.cgi" method="post">/ },

  ]
end

#RoSporaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/rospora.rb', line 9

WhatWeb::Plugin.define "RoSpora" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.1"
  @description = "Spora The Burning Crusade Edition Means RoSpora - web script build for MaNGOS Free MMORPG Server. Revolution of Simple Page Of Registration of Accounts"
  @website = "http://code.google.com/p/rospora/"

  # Google results as at 2011-02-24 #
  # 5 for "This server supports only 2.2.3 clients" "1x Quest XP , 1x Kill XP , 1x Discovery XP"
  # 1 for "LET'S INSTALL YOUR ROSPORA!" ext:txt

  # Matches #
  @matches = [

    # Default Shortcut Icon HTML
    { text: '<link rel="Shortcut Icon" href="img/wowlogoanim.gif" type="image/gif">' },

    # Configuration # Configuration.php
    { text: "<li>This server supports only 2.2.3 clients<br><li>1x Quest XP , 1x Kill XP , 1x Discovery XP" },

  ]
end

#RouterObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2011-05-30 # Updated regex

Version 0.3 # 2011-03-02 # Removed false positives

Version 0.2 # 2011-01-09 # Updated model detection



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/whatweb/plugins/unknown-router.rb', line 18

WhatWeb::Plugin.define "Router" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-03
  @version = "0.4"
  @description = "This plugin identifies routers for which the vendor is unknown or where fingerprinting is exceptionally difficult."

  # Matches #
  @matches = [

    # Arris Touchstone Device # Default Favicon
    { model: 'Arris Touchstone Device', url: "/favicon.ico", md5: "a8fe5b8ae2c445a33ac41b33ccc9a120" },

    # ST 605 # Default Favicon
    { model: 'ST 605', url: "/favicon.ico", md5: "d16a0da12074dae41980a6918d33f031" },

    # Unknown Router # Login page
    { md5: "d8d705cef8dbf67357ee908f42fd1baa", url: "/favicon.ico" },
    { md5: "129f914b2570b50374ebeb8f1306617d", url: "/login/keys.png" },

  ]

  # Passive #
  def passive(target)
    m = []

    # About 62 ShodanHQ results for WWW-Authenticate: Basic realm="LOGIN Enter Password (default is private)"
    # Probably D-Link # HTTP Server Header and WWW-Authenticate Realm
    if target.headers["server"] =~ /Boa\/[\d\.]+ \(with Intersil Extensions\)/ && target.headers["www-authenticate"] =~ /Basic realm="LOGIN Enter Password \(default is private\)"/
      m << { certainty: 25, model: "D-Link", name: "HTTP Server Header and WWW-Authenticate Realm" }
    end

    # Unknown Router 0001 # Check HTTP Server Header
    # 3020 ShodanHQ results for set-cookie: niagara_audit=guest; path=/
    if /Niagara Web Server\/([\d\.]+)/.match?(target.headers["server"])
      m << { certainty: 75, name: "niagara_audit=guest Cookie" } if target.headers["set-cookie"] =~ /niagara_audit=guest; path=\//
    end

    # Unknown Router 0002 # ADSL2+ # HTTP Server and WWW Authenticate Realm
    # 3361 ShodanHQ results for Server: RomPager WWW-Authenticate: Basic realm="Default Admin.= admin/admin"
    # Find model info: /status/status_deviceinfo.htm
    if target.headers["www-authenticate"] =~ /Basic realm="Default Admin.= admin\/admin"/ && target.headers["server"] =~ /RomPager/i
      m << { certainty: 25, model: "ADSL2+" }
    end

    # HTTP Server Header # 320 ShodanHQ results for thttpd-alphanetworks
    # Alpha Networks was founded as a spin-off from the D-Link Corporation
    # thttpd-alphanetworks is used by D-Link & Planex routers + others
    if /^thttpd-alphanetworks\/([\d\.]+)$/.match?(target.headers["server"])

      # Version Detection
      m << { version: target.headers["server"].scan(/^thttpd-alphanetworks\/([\d\.]+)$/) }

      # Model Detection
      m << { model: target.headers["www-authenticate"].scan(/Basic realm="([^\s^"]+)"/) } if target.headers["www-authenticate"] =~ /Basic realm="([^\s^"]+)"/

    end

    # Return passive matches
    m
  end
end

#RoxenObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/roxen.rb', line 9

WhatWeb::Plugin.define "Roxen" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "Roxen WebServer is a full-featured open-source web server distributed under the GPL license."
  @website = "http://www.roxen.com/products/webserver/"

  # ShodanHQ results as at 2011-04-17 #
  # 1,051 for Roxen

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Roxen$/ },

    # Version Detection
    { search: "headers[server]", version: /^Roxen\/([^\s]+)$/ },

  ]
end

#RubyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.2 # 2011-05-24 # Added WEBrick detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/ruby.rb', line 15

WhatWeb::Plugin.define "Ruby" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.3"
  @description = "Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write."
  @website = "http://www.ruby-lang.org/"

  # ShodanHQ results as at 2011-05-24 #
  # 22,172 for server: ruby
  #    822 for WEBrick

  @matches = [

    # Ruby Server
    { regexp: /Ruby/, search: "headers[server]" },

    # Server # Version Detection
    { version: /Ruby\/([^\s^\/^\(]+)/, search: "headers[server]" },

    # WEBrick Server
    { regexp: /^WEBrick/, search: "headers[server]" },

    # WEBrick Server # Version Detection
    { version: /^(WEBrick\/[\d\.]+) \(Ruby\/[\d\.]+\/[\d]{4}-[\d]{2}-[\d]{2}\)/, search: "headers[server]" },

    # WEBrick Server # Ruby Version Detection
    { version: /^WEBrick\/[\d\.]+ \(Ruby\/([\d\.]+)\/[\d]{4}-[\d]{2}-[\d]{2}\)/, search: "headers[server]" },

  ]
end

#RunCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-02 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/runcms.rb', line 12

WhatWeb::Plugin.define "RunCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-11
  @version = "0.2"
  @description = "RunCms is Ease Of Use for webmasters. One of the worlds finest free CMS systems."
  @website = "www.runcms.org/"

  # Google results as at 2010-07-11 #
  # 57 for "powered by RunCMS" -Vulnerability -exploit inurl:module inurl:viewcat.php

  # Dorks #
  @dorks = [
    '"powered by RunCMS" -Vulnerability -exploit inurl:module inurl:viewcat.php'
  ]

  # Matches #
  @matches = [

    # GHDB Match
    { ghdb: '"powered by RunCMS" inurl:module inurl:viewcat.php' },

    # Version Detection # Powered by text
    { version: /<div align='center'><a href='http:\/\/www.runcms.org\/' target='_blank'> Powered by  RunCms ([\d\.a-z]+)[^&]* &copy; [\d]{4}-[\d]{4} / },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="[\s^"]*RUNCMS ([\d\.a-z]+)[^"]*"/i },

  ]
end

#ruTorrentObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/rutorrent.rb', line 9

WhatWeb::Plugin.define "ruTorrent" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-13
  @version = "0.1"
  @description = "ruTorrent is a front-end for the popular Bittorrent client rTorrent."
  @website = "http://code.google.com/p/rutorrent/"

  # ShodanHQ results as at 2011-05-13 #
  # 62 for ruTorrent

  # Passive #
  def passive(target)
    m = []

    # WWW-Authenticate realm
    m << { name: "WWW-Authenticate realm" } if target.headers["www-authenticate"] =~ /^Basic realm="My ruTorrent web site"$/

    # Return passive matches
    m
  end
end

#SABnzbdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/sabnzbd.rb', line 9

WhatWeb::Plugin.define "SABnzbd" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-05
  @version = "0.1"
  @description = "SABnzbd is an Open Source Binary Newsreader written in Python."
  @website = "http://sabnzbd.org/"

  # Google results as at 2011-03-05 #
  # 13 for inurl:"sabnzbd" intitle:Login username password
  # 7 for inurl:":8080/sabnzbd"

  # ShodanHQ results as at 2011-03-05 #
  # 155 for realm SABnzbd

  # Matches #
  @matches = [

    # Default form tag
    { regexp: /    <form action="\/sabnzbd\/[^"]*" method="POST">/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # WWW-Authenticate # realm="SABnzbd"
    m << { name: 'HTTP WWW Authenticate header' } if target.headers['www-authenticate'] =~ /realm="SABnzbd"/

    # Return passive matches
    m
  end
end

#sabros_usObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/sabros.us.rb', line 12

WhatWeb::Plugin.define "sabros_us" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-06
  @version = "0.2"
  @description = "sabros.us  is a CMS to put your bookmarks online with folksonomy support; just like del.icio.us, but the big diference is you will have the complete control of the source code."
  @website = "http://sabros.us/"

  # Google results as at 2010-08-06 #
  # 81 for "Powered by sabros.us"

  # Matches #
  @matches = [

    # Default Title
    { text: '	<title>sabros.us/' },

    # Powered By Text
    { text: '		<p class="powered">powered by: <a title="sabros.us" href="http://sabros.us/">sabros.us</a></p>', version: "1.8" },
    { text: '		<p class="powered">powered by: <a title="sabros.us" href="http://sourceforge.net/projects/sabrosus/">sabros.us</a></p>', version: "1.7" },

    # Version Detection # Meta Generator
    { version: /	<meta name="generator" content="sabros.us ([\d\.]+)" \/>/ },

  ]
end

#samPHPwebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/samphpweb.rb', line 9

WhatWeb::Plugin.define "samPHPweb" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-29
  @version = "0.1"
  @description = "samPHPweb is a web feature that is included with the installation of SAM Broadcaster. It allows you to run a PHP driven site from your web host that communicates with your SAM Database."
  @website = "http://www.spacialaudio.com/?page=sam-broadcaster&tab=tab-sam-broadcaster-overview"

  @matches = [

    # 334 results @ 2010-06-29
    { certainty: 75, ghdb: '"This page was produced using SAM Broadcaster" "Copyright Spacial Audio Solutions"' },

    # loading page
    { certainty: 75, text: '<meta HTTP-EQUIV="REFRESH" CONTENT="0;url=playing.html">' },

    # powered by links
    { text: '<a href="http://www.spacialaudio.com/products/sambroadcaster/" target="_blank"><img src="images/sam-bc.gif" border="0" alt="Powered by SAM Broadcaster" width="120" height="60" />' },

    { text: '<a href="http://www.spacialaudio.com/products/sambroadcaster/" target="_blank"><img src="images/sam-bc.gif" width="120" height="60" border="0" alt="Powered by SAM Broadcaster">' },

    { text: 'This page was produced using <a target="_blank" href="http://www.spacialaudio.com/products/sambroadcaster/">SAM Broadcaster</a>. © Copyright <a target="_blank" href="http://www.spacialaudio.com">Spacial Audio Solutions, LLC</a>' },

    # default javascript
    { text: ' songwin = window.open("songinfo.php?songid="+songid, "songinfowin", "location=no,status=no,menubar=no,scrollbars=yes,resizeable=yes,height=400,width=650");' },

  ]
end

#SARGObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/sarg.rb', line 9

WhatWeb::Plugin.define "SARG" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-22
  @version = "0.1"
  @description = "Squid Analysis Report Generator (SARG) is a tool that allow you to view where your users are going to on the Internet."
  @website = "http://sarg.sourceforge.net/sarg.php"

  # 195 for inurl:sarg inurl:siteuser.html ext:html
  #  59 for inurl:sarg inurl:siteuser.html ext:html "Squid User Access Report"

  # Dorks #
  @dorks = [
    'inurl:sarg inurl:siteuser.html ext:html'
  ]

  # Matches #
  @matches = [

    # Title
    { text: "<title>Squid User's Access Report</title>" },

    # Logo + Link HTML
    { text: '<tr><th class="logo"><a href="http://sarg.sourceforge.net"><img src="./images/sarg.png" border="0" align="absmiddle" title="SARG, Squid Analysis Report Generator. Logo by Osamu Matsuzaki"></a>&nbsp;<font class="logo">Squid Analysis Report Generator</font></th></tr>' },
    { text: '<tr><th class="logo"><a href="http://sarg.sourceforge.net"><img src="../images/sarg.png" border="0" align="absmiddle" title="SARG, Squid Analysis Report Generator. Logo by Osamu Matsuzaki"></a>&nbsp;<font class="logo">Squid Analysis Report Generator</font></th></tr>' },
    { text: '<tr><th><a href="http://sarg.sourceforge.net"><img src="./images/sarg.png" title="SARG, Squid Analysis Report Generator. Logo by Osamu Matsuzaki" alt="Sarg"></a>&nbsp;Squid Analysis Report Generator</th></tr>' },

    # Table Title
    { regexp: /<tr><th (align="center" )?class="title(_c)?">Squid User Access Reports?<\/th><\/tr>/ },

    # Version Detection # Generated by footer
    { version: /<(div|td) class="info">(Generated by|Gerado por)? <a href='http:\/\/sarg\.sourceforge\.net'>(<font class="info">)?sarg-([^\s]+)/, offset: 3 },

  ]
end

#SavantObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/savant.rb', line 9

WhatWeb::Plugin.define "Savant" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-06
  @version = "0.1"
  @description = "Savant is a freeware open source web server that runs on Windows 9x, ME, NT, 2000, and XP."
  @website = "http://savant.sourceforge.net/"

  # ShodanHQ results as at 2011-08-06 #
  # 65 for Savant

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if target.headers["server"] =~ /^Savant\/([^\s]+)$/
      m << { version: $1.to_s }
    end

    # Return passive matches
    m
  end
end

#SawmillObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/sawmill.rb', line 9

WhatWeb::Plugin.define "Sawmill" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-20
  @version = "0.1"
  @description = "Sawmill is a universal log analysis/reporting tool for almost any log including web, media, email, security, network and application logs."
  @website = "http://www.sawmill.net/"

  # ShodanHQ results as at 2012-03-20 #
  # 130 for Sawmill

  # Google results as at 2012-03-20 #
  # 7 for intitle:"Sawmill Login" "Sawmill Login" "Please enter your username and password."

  # Dorks #
  @dorks = [
    'intitle:"Sawmill Login" "Sawmill Login" "Please enter your username and password."'
  ]

  # Matches #
  @matches = [

    # Old Versions # <=6.x ???
    { regexp: /<tr><td>Username:<\/td><td>Administrator<input type="hidden" name="cgionly_authentication_username" value="([^\"]+)"><\/td><\/tr>/ },

    # New Versions # >=7.x ???
    { text: '<td><input id="password" class="username-psw text" type="password" value="" /><div id="password:error" class="form-error"></div></td>' },

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Sawmill\/([^\s]+)/ },

  ]
end

#SazCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/sazcart.rb', line 9

WhatWeb::Plugin.define "SazCart" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.1"
  @description = "SazCart is a simple & powerful shopping cart script. With SazCart you can quickly and easily setup an online store. Then customize it to exactly how you want it to work & look."
  @website = "http://www.sazcart.com/"

  # 24 results for "powered by SazCart" @ 2010-08-22

  # Dorks #
  @dorks = [
    '"powered by SazCart"'
  ]

  @matches = [

    # Default title
    { regexp: /[^&]+&raquo; Powered by SazCart<\/title>/ },

    # License Agreement (extract):
    # Full License to remove "Powered by SazCart" in the browser title and "Powered by SazCart - Copyright © 2005 SazCart.com" text per domain: $29.95 (Subject to change without notice)
    { text: '<a href="http://www.sazcart.com">Powered by SazCart</a> | <a href="http://www.sazcart.com">Copyright &#169; 2005 - 2006 SazCart.com</a>  </div>' },

  ]
end

#ScriptObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/script.rb', line 9

WhatWeb::Plugin.define "Script" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "This plugin detects instances of script HTML elements and returns the script language/type."

  # Google results as at 2010-10-14 #
  # 384 for "your browser does not support javascript"

  # Matches #
  @matches = [

    # <script> tag
    { regexp: /<script(\s|>)/i },

    # <script> tag # Detect type/language
    { string: /<script[^>]+(language|type)\s*=\s*['"]?([^'^"^\s]+)['"]?/, offset: 1 },

  ]
end

#ScrutinizerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/scrutinizer.rb', line 9

WhatWeb::Plugin.define "Scrutinizer" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-10
  @version = "0.1"
  @description = "Scrutinizer NetFlow - monitoring solution"
  @website = "http://www.plixer.com/products/netflow-sflow/scrutinizer-netflow-sflow.php"

  # Google results as at 2012-07-10 #
  # 1 for intitle:"Scrutinizer" "For the best Scrutinizer experience possible, please address the issues below"

  # Dorks #
  @dorks = [
    'intitle:"Scrutinizer" "For the best Scrutinizer experience possible, please address the issues below"'
  ]

  # Matches #
  @matches = [

    # div id='testAlertDivTitle' # Version Detection
    { version: /<div id='testAlertDivTitle'>Scrutinizer ([^<]+)<\/div>/ },

    # link id='scrutStyle'
    { regexp: /<link id='scrutStyle' rel="stylesheet" href="\/css\/classic\.css/ },

    # div id='testAlertHdrMsg'
    { regexp: /<div id='testAlertHdrMsg'>For the best Scrutinizer experience possible, please address the issues below:<\/div>/ },

  ]
end

#SDCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/sdcms.rb', line 9

WhatWeb::Plugin.define "SDCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-10-29
  @version = "0.1"
  @description = "SDCMS - CMS - Requires ASP and Access/MsSql"
  @website = "http://www.sdcms.cn/"

  # Google results as at 2011-10-29 #
  # 410 for "Powered By SDCMS"

  # Dorks #
  @dorks = [
    '"Powered By SDCMS"'
  ]

  # Matches #
  @matches = [

    # Powered by link # Version Detection
    { version: /<br>Powered By <a href=['"]http:\/\/www\.sdcms\.cn['"] target=['"]_blank['"]>SDCMS ([^<]+)<\/a>/ },

    # dl id="con_three_1" class="index_photo"
    { text: '<dl id="con_three_1" class="index_photo">' },

  ]
end

#SeditioObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/seditio.rb', line 9

WhatWeb::Plugin.define "Seditio" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.1"
  @description = "Seditio"
  @website = "http://www.neocrome.net"

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="Seditio by Neocrome http://www.neocrome.net" />' },

    # Powered by text
    # A Seditio Licence is required if you running a commercial or profitable website, and/or to remove the link "Powered by Seditio" in the footer

    { text: '<a href="http://www.neocrome.net">Powered by Seditio</a><br />' },
    { text: '<br />Powered by <a href="http://www.neocrome.net" target="_blank">Seditio</a>' },

  ]
end

#SegPubObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-06 # Updated OS detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/segpub.rb', line 12

WhatWeb::Plugin.define "SegPub" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-19
  @version = "0.2"
  @description = "SegPub, a hosting solutions provider based in Sydney, Australia"
  @website = "http://segpub.net/"

  # ShodanHQ resuls as at 2011-02-19 #
  # 458 for Server SegPache
  # 299 for X-Powered-By SegPub
  # 273 for X-Powered-By SegPub Server SegPache
  # 4   for X-Powered-By SegPod

  # Passive #
  def passive(target)
    m = []

    # Server: SegPache
    m << { os: "FreeBSD7" } if target.headers['server'] =~ /SegPache/

    # X-Powered-By: SegPub
    m << { os: "FreeBSD7" } if target.headers['x-powered-by'] =~ /SegPub/

    # X-Powered-By: SegPod
    m << { os: "FreeBSD7" } if target.headers['x-powered-by'] =~ /SegPod/

    # Return passive matches
    m
  end
end

#SemaphoreObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/semaphore.rb', line 9

WhatWeb::Plugin.define "Semaphore" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-19
  @version = "0.1"
  @description = "Bridging the gap between layman's terms and official language to provide users with more accurate search results."
  @website = "http://www.smartlogic.com/poweredbysemaphore"

  # Google results as at 2011-03-19 #
  # 40 for "Powered by Semaphore" inurl:semaphoreserver.exe filetype:exe

  # Dorks #
  @dorks = [
    '"Powered by Semaphore" inurl:semaphoreserver.exe filetype:exe'
  ]

  # Matches #
  @matches = [

    # GHDB
    { ghdb: '"Powered by Semaphore" inurl:semaphoreserver.exe filetype:exe' },

    # Error Page
    { text: "<html><head><title>Semaphore server Error</title></head><body>" },

    # HTML Comment
    { text: '<!-- Display the "Powered by Semaphore" logo -->' },

    # Powered by logo HTML
    { regexp: /<a href="http:\/\/www.smartlogic.com\/poweredbysemaphore"><img src="[^"^>]+\/semaphore\/semaphore_small\.gif"[^>]+alt="Powered by Semaphore" title="Powered by Semaphore" \/><\/a>/ },

  ]
end

#SeminoleObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/seminole.rb', line 9

WhatWeb::Plugin.define "Seminole" do
  @author = "Brendan Coles <[email protected]>" # 2012-12-05
  @version = "0.1"
  @description = "Seminole is an embeddable webserver toolkit designed to be non-invasive and easily retrofitted to existing applications, lightweight with low resource consumption, and highly reliable with proper standards compliance and security safeguards. "
  @website = "http://gladesoft.com/products/seminole/"

  # ShodanHQ results as at 2012-12-05 #
  # 260 for Seminole

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Seminole\/([^\s]+)/ },

  ]
end

#SendcardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/sendcard.rb', line 9

WhatWeb::Plugin.define "Sendcard" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-15
  @version = "0.1"
  @description = "Sendcard is a multi-database (It currently supports 9 different databases!) ecards script or virtual postcard program written in PHP. Suitable for large or small sites, it is very easy to setup, and comes with an installation wizard."
  @website = "http://www.sendcard.org/"

  # Google results as at 2011-03-15 #
  # 255 for scscsc320
  # 141 for "Powered by sendcard - an advanced PHP e-card program" -dork

  # Dorks #
  @dorks = [
    '"scscsc320"',
    '"Powered by sendcard - an advanced PHP e-card program" -dork'
  ]

  # Matches #
  @matches = [

    # Powered by logo link
    { regexp: /<a href="http:\/\/(sendcard.sf.net|www.sendcard.org)\/"( title="download your own PHP e-card script")?><img src="poweredbysendcard102x47.gif"[^>]+alt="Powered by sendcard - an advanced PHP e-card program"[^>]*><\/a>/ },

    # Powered by logo
    { certainty: 25, regexp: /<img src="poweredbysendcard102x47.gif"[^>]+alt="Powered by sendcard - an advanced PHP e-card program">/ },

    # HTML Comment
    { text: "<!-- The following line should allow me to search on google and find sendcard installations -->" },

    # "scscsc320" string provided for Google hackers as per HTML comment:
    # <!-- The following line should allow me to search on google and find sendcard installations -->
    { text: '<div style="display: none; color: White;">scscsc320</div>' },

  ]
end

#SentinelServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/sentinelserver.rb', line 9

WhatWeb::Plugin.define "SentinelServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-15
  @version = "0.1"
  @description = "Monitor application performance and availability"
  @website = "http://www.ymor.eu/"

  # ShodanHQ results as at 2011-09-15 #
  # 6 for SentinelServer

  # Google results as at 2011-09-15 #
  # 3 for intitle:"SentinelServer Login" "SentinelServer Login"

  # Dorks #
  @dorks = [
    'intitle:"SentinelServer Login" "SentinelServer Login"'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^SentinelServer/ },

  ]
end

#SePortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/seportal.rb', line 9

WhatWeb::Plugin.define "SePortal" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "SePortal - The Weblog System"
  @website = "http://www.seportal.org/"

  # Google results as at 2011-03-03 #
  # 89 for "Powered by SePortal"

  # Dorks #
  @dorks = [
    '"Powered by SePortal"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /<p align="center">[\r\n]*  Powered by <b>SePortal<\/b> ([\d\.]{1,5})[\r\n]*  <br \/>[\r\n]*  Copyright &copy; 20[\d]{2}-20[\d]{2} <a href="http:\/\/www.seportal.org" target="_blank">SePortal.org<\/a>[\r\n]*<\/p>/ },

    # Install Page # Default Title
    { text: '  <title>SePortal Installer</title>' },

    # favicon.ico
    { url: "favicon.ico", md5: "9749740151cf551f80983ccebc6189f4" },

  ]
end

#SerendipityObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2014-10-12 # Napz Added Serendipity text search

Version 0.3 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array

Version 0.2 # 2011-04-09 # Brendan Coles <bcoles at gmail dot com> Added aggressive md5 matches



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/whatweb/plugins/serendipity.rb', line 18

WhatWeb::Plugin.define "Serendipity" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.3"
  @description = "Serendipity - a PHP Weblog/Blog software. Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage."
  @website = "http://www.s9y.org"

  # Google results as at 2011-02-24 #
  # 342 for "powered by Serendipity"
  # 299 for "My weblog is proudly powered by Serendipity"

  # ShodanHQ results as at 2011-02-24 #
  # 339 for X-blog: Serendipity
  # 26 for x-serendipity-interfacelang
  # 12 for X-serendipity-ml-sl-reset
  # 5 for x-serendipity-contentlang

  # Dorks #
  @dorks = [
    '"powered by Serendipity"',
    '"My weblog is proudly powered by Serendipity"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Powered-By
    { version: /<meta name="Powered-By" content="Serendipity v.([^"]+)" \/>/i },

    # Version Detection # Proudly powered by text
    { version: /My weblog is proudly powered by <a href="http:\/\/www.s9y.org">Serendipity ([^<]+)<\/a>.<br \/>/ },

    # Powered by text
    { text: '<p>Powered by <a href="http://www.s9y.org" target="_blank">Serendipity</a>' },

    # Copyright text
    { text: '<div class="copyright">Powered by <a href="http://www.s9y.org" title="a PHP Weblog/Blog software">Serendipity</a>' },

    { text: 'serendipity_entry_body' },

    { text: 'serendipity_entry_author_Admin' },

    { text: 'serendipity_entryFooter' },

    { text: '<div id="serendipityLeftSideBar">' },
  ]

  # Passive #
  def passive(target)
    m = []

    # x-serendipity-interfacelang
    m << { name: 'x-serendipity-interfacelang' } unless target.headers['x-serendipity-interfacelang'].nil?

    # x-serendipity-contentlang
    m << { name: 'x-serendipity-contentlang' } unless target.headers['x-serendipity-contentlang'].nil?

    # x-blog: serendipity
    m << { name: 'x-blog: serendipity' } if target.headers['x-blog'] =~ /^Serendipity$/

    # Return passive matches
    m
  end

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [

      { md5: '79c1b6a769935747118a677ef7aa3982', version: '0.3.x - 0.5.x', path: 'serendipity_editor.js' },
      { md5: '74eaef55e0951e216421bb01cc92082a', version: '0.6-pl3', path: 'serendipity_editor.js' },
      { md5: 'c9fd7b9fb103678b44a922bffda02fea', version: '0.7.x', path: 'serendipity_editor.js' },
      { md5: 'f1751045478704d6c4bc2cf0207cbb9b', version: '0.8', path: 'serendipity_editor.js' },
      { md5: 'd2e8aba1ed100c6ec1e36101b5aa24e4', version: '0.8.1', path: 'serendipity_editor.js' },
      { md5: '36c4f911d9ca31a272203187d1878957', version: '0.8.2', path: 'serendipity_editor.js' },
      { md5: '74c5736300bbfd11429858e990d7e864', version: '0.8.3', path: 'serendipity_editor.js' },
      { md5: '8f21fdb6a1d9b9ceacc06ee627389bde', version: '0.8.4', path: 'serendipity_editor.js' },
      { md5: '9c484f7fe5b24c1d9a6332e67b6fbbd5', version: '0.8.5', path: 'serendipity_editor.js' },
      { md5: '802d4efbc2f518811cc6ab0b80c16d31', version: '0.9.x', path: 'serendipity_editor.js' },
      { md5: 'e3e676fdc4554fe78132db6622548363', version: '1.0', path: 'serendipity_editor.js' },
      { md5: '970ac406dfd81ad78f3e09a75b423682', version: '1.0.1 - 1.0.4a', path: 'serendipity_editor.js' },
      { md5: '20c00879135d75de0e0e1fb787e0ccc6', version: '1.1.x', path: 'serendipity_editor.js' },
      { md5: '6f53ddcda7b56d71424473cb336452af', version: '1.2.x', path: 'serendipity_editor.js' },
      { md5: '28268a9cfaa70503d5240e871be8f323', version: '1.3.x - 1.4.x', path: 'serendipity_editor.js' },
      { md5: '4f641152c6e24d29816e839c361c2b88', version: '1.5.x', path: 'serendipity_editor.js' },

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    unless version.nil?
      m << { name: "md5 sums of files", version: version }
    end

    # Return aggressive matches
    m
  end
end

#ShareThisObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/sharethis.rb', line 9

WhatWeb::Plugin.define "ShareThis" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "ShareThis is a utility that makes it easy to share articles to social media websites like Digg or Facebook [JavaScript]"
  @website = "http://sharethis.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["|'][^"^']+w\.sharethis\.com\//i },

  ]
end

#ShopExObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/shopex.rb', line 9

WhatWeb::Plugin.define "ShopEx" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-19
  @version = "0.1"
  @description = "eCommerce [Chinese]"
  @website = "http://www.shopex.cn/"

  # Dorks #
  @dorks = [
    '"Powered by ShopEX"'
  ]

  # Matches #
  @matches = [

    # Powered by title
    { certainty: 75, regexp: /<title>[^<]* -- Powered by Shop(e|E)x<\/title>/ },

    # Powered by link
    { text: "<p align=center><font color=black style='font-size:9pt;font-family:Arial'>Powered by </font><a href='http://www.shopex.cn' target='_blank'><font color=navy style='font-size:9pt;font-family:Arial;text-decoration:under-line'>Shop<font><font color=orange style='font-size:9pt;font-family:Arial;text-decoration:under-line'>Ex<font></a>" },

    # CSS
    { regexp: /<link href="syssite\/home\/shop\/[\d]+\/images\/[\d]+\/css\.css" rel="stylesheet" type="text\/css">/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="ShopEx ([\d\.]+)" \/>/ },

  ]
end

#SillySmartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/whatweb/plugins/sillysmart.rb', line 9

WhatWeb::Plugin.define "SillySmart" do
  @author = "Guillaume Delacour <[email protected]>" # 2015-07-09
  @version = "0.1"
  @description = "SillySmart is a lightweight and flexible MVC Framework written in PHP5 based on XML/XSL's parsing."

  # Dorks #
  @dorks = [
    'intext:"var slsBuild ="',
  ]

  # Matches #
  @matches = [
    { certainty: 85, text: 'var slsBuild' },
  ]
end

#SilverStripeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # Pedro Worcel (Security-Assessment.com) <[email protected]> Added agressive scanning. ## Version 0.3 # 2011-03-06 # Brendan Coles <[email protected]> Updated version detection

Version 0.2 removed :certainty=>100 and :name



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/whatweb/plugins/silverstripe.rb', line 18

WhatWeb::Plugin.define "SilverStripe" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "SilverStripe is an opensource CMS written in PHP. It can run on Apache, IIS or lighthttpd."
  @website = "http://www.silverstripe.com"

  # Matches #
  @matches = [

    # Meta Generator
    { regexp: /<meta name="generator"[^>]*content="SilverStripe/ },

    # layout, typography, form css files
    { name: "layout, typography, form css files",
      certainty: 75,
      regexp: /<link[^>]*stylesheet[^>]*layout.css[^>]*>[^<]*<link[^>]*stylesheet[^>]*typography.css[^>]*>[^<]*<link[^>]*stylesheet[^>]*form.css[^>]*>/ },

    # Image HTML
    { certainty: 75, regexp: /<img src="\/assets\/[^\/]+\/_resampled\/[^"]+.jpg"/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator"[^>]*content="SilverStripe ([0-9\.]+)/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Set-Cookie: PastVisitor
    m << { name: "PastVisitor Cookie" } if target.headers["set-cookie"] =~ /PastVisitor=[0-9]+.*/

    # Return passive matches
    m
  end

  def aggressive(target)
    m = []
    versions = Hash[
        "2.4.10" => [
          ["cms/css/layout.css", "5db089786a6d5487e16297ce36ab2421"],
        ],
        "2.4.11" => [
          ["cms/css/layout.css", "5db089786a6d5487e16297ce36ab2421"],
        ],
        "2.4.12" => [
          ["cms/css/layout.css", "5db089786a6d5487e16297ce36ab2421"],
        ],
        "2.4.13" => [
          ["cms/css/layout.css", "5db089786a6d5487e16297ce36ab2421"],
        ],
        "2.4.9" => [
          ["cms/css/layout.css", "5db089786a6d5487e16297ce36ab2421"],
        ],
        "3.0.0" => [
          ["cms/javascript/CMSMain.Tree.js", "090622870dcdad0514940bc3249094af"],
          ["framework/javascript/HtmlEditorField.js", "255ea83eb97ed9634eae66326fb5ec20"],
          ["framework/css/AssetUploadField.css", "78fa54480405595296ea61da2b33c42b"],
          ["framework/css/UploadField.css", "2de8e72eb87b371b61b5204c61a2c3d0"],
        ],
        "3.0.1" => [
          ["cms/javascript/CMSMain.Tree.js", "090622870dcdad0514940bc3249094af"],
          ["framework/javascript/HtmlEditorField.js", "765ad037bca7555ca3b9b71f7bdd4fa6"],
          ["framework/css/AssetUploadField.css", "78fa54480405595296ea61da2b33c42b"],
          ["framework/css/UploadField.css", "2de8e72eb87b371b61b5204c61a2c3d0"],
        ],
        "3.0.10" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.11" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.3" => [
          ["cms/javascript/CMSMain.Tree.js", "ac8d98869ceb76f88999eb149603f1a4"],
          ["framework/javascript/HtmlEditorField.js", "8e0e049b8f8b33e7646de86d5a9661fc"],
          ["framework/css/AssetUploadField.css", "3e02751873aaf1b82813a157511a798e"],
          ["framework/css/UploadField.css", "a5fd3252bbd815a139b7f68e5d63b450"],
        ],
        "3.0.4" => [
          ["cms/javascript/CMSMain.Tree.js", "ac8d98869ceb76f88999eb149603f1a4"],
          ["framework/javascript/HtmlEditorField.js", "000b8ea9d7d97dfea550da9d98117871"],
          ["framework/css/AssetUploadField.css", "3e02751873aaf1b82813a157511a798e"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.5" => [
          ["cms/javascript/CMSMain.Tree.js", "ac8d98869ceb76f88999eb149603f1a4"],
          ["framework/javascript/HtmlEditorField.js", "000b8ea9d7d97dfea550da9d98117871"],
          ["framework/css/AssetUploadField.css", "3e02751873aaf1b82813a157511a798e"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.6" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.7" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.8" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.0.9" => [
          ["cms/javascript/CMSMain.Tree.js", "07fd09b668960bfb50b11168a381e5d7"],
          ["framework/javascript/HtmlEditorField.js", "570fafc969764a6a4d4a262ca68ab3c3"],
          ["framework/css/AssetUploadField.css", "96593622bd92eb2d3349dbb315c2aee4"],
          ["framework/css/UploadField.css", "2f87b4d81b99a72d3adfcfd24a6c630f"],
        ],
        "3.1.0" => [
          ["cms/javascript/CMSMain.Tree.js", "b7d5d25c05391972db3a18d0876c1fcf"],
          ["framework/javascript/HtmlEditorField.js", "89b64a68adbd2d6ed522c2f8add9238a"],
          ["framework/css/AssetUploadField.css", "e1e5a8092f3cf0c4ef1456a969be947c"],
          ["framework/css/UploadField.css", "a0d66636a849b56b56f61402ea9960a8"],
        ],
        "3.1.1" => [
          ["cms/javascript/CMSMain.Tree.js", "b7d5d25c05391972db3a18d0876c1fcf"],
          ["framework/javascript/HtmlEditorField.js", "89b64a68adbd2d6ed522c2f8add9238a"],
          ["framework/css/AssetUploadField.css", "e1e5a8092f3cf0c4ef1456a969be947c"],
          ["framework/css/UploadField.css", "a0d66636a849b56b56f61402ea9960a8"],
        ],
        "3.1.2" => [
          ["cms/javascript/CMSMain.Tree.js", "33e888d268d7b416e8aa67ea6f0a23cf"],
          ["framework/javascript/HtmlEditorField.js", "b1d7740a9df73fffbe00728dc5ca8a05"],
          ["framework/css/AssetUploadField.css", "cc8efd0624a4303cb74b8f62630f7f29"],
          ["framework/css/UploadField.css", "a0d66636a849b56b56f61402ea9960a8"],
        ],
        "3.1.3" => [
          ["cms/javascript/CMSMain.Tree.js", "33e888d268d7b416e8aa67ea6f0a23cf"],
          ["framework/javascript/HtmlEditorField.js", "96171723086e6fe55af56e647f85808f"],
          ["framework/css/AssetUploadField.css", "763746a3e65db5bbe95da9ede2e6565e"],
          ["framework/css/UploadField.css", "e727401b89b6fbf788ea586d2e2d0cf3"],
        ],
        "3.1.4" => [
          ["cms/javascript/CMSMain.Tree.js", "33e888d268d7b416e8aa67ea6f0a23cf"],
          ["framework/javascript/HtmlEditorField.js", "96171723086e6fe55af56e647f85808f"],
          ["framework/css/AssetUploadField.css", "763746a3e65db5bbe95da9ede2e6565e"],
          ["framework/css/UploadField.css", "2df14cdcde6363226f7efdeb938fa543"],
        ],
        "3.1.5" => [
          ["cms/javascript/CMSMain.Tree.js", "33e888d268d7b416e8aa67ea6f0a23cf"],
          ["framework/javascript/HtmlEditorField.js", "96171723086e6fe55af56e647f85808f"],
          ["framework/css/AssetUploadField.css", "763746a3e65db5bbe95da9ede2e6565e"],
          ["framework/css/UploadField.css", "2df14cdcde6363226f7efdeb938fa543"],
        ],
    ]

    v = WhatWeb::Matcher::Version.new("SilverStripe", versions, target.uri)

    version = v.matches_format

    # Set version if present
    unless version.empty?
      version.each { |ver|
        m << { name: "md5 sums of files", version: ver }
      }
    end

    # Return aggressive matches
    m
  end
end

#simpleSAMLphpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/simplesamlphp.rb', line 9

WhatWeb::Plugin.define "simpleSAMLphp" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-18
  @version = "0.1"
  @description = "A PHP implementation of SAML 2.0 service provider and identity provider functionality."
  @website = "http://simplesamlphp.org"

  # Google results as at 2012-01-18 #
  # 29 for intitle:"simpleSAMLphp installation page"
  # 13 for inurl:"module.php/core/frontpage_welcome.php"
  #  9 for intitle:"simpleSAMLphp installation page" "Congratulations, you have successfully installed simpleSAMLphp"

  # Dorks #
  @dorks = [
    'intitle:"simpleSAMLphp installation page"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<title>simpleSAMLphp installation page</title>' },

    # simpleSAMLphp installation page
    { regexp: /<h1><a style="text-decoration: none; color: white" href="[^"]+">simpleSAMLphp installation page<\/a><\/h1>/ },

    # Homepage Link
    { text: '<a href="http://rnd.feide.no/simplesamlphp">SimpleSAMLPhp </a>' },

    # HTML Comment
    { certainty: 75, text: '<!-- Grey header bar below -->' },

  ]
end

#SimplewireObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/simplewire.rb', line 12

WhatWeb::Plugin.define "Simplewire" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.2"
  @description = "Simplewire - Wireless Messaging Network - Simplewire is a premium billing and messaging aggregator. Simplewire's aggregation services provide the most direct and reliable route into each mobile operator's network for the delivery of text-messages, premium content, cross-carrier short-codes, billing transactions and other value-added mobile services."
  @website = "http://www.simplewire.com/"
  # More Info #
  # http://search.cpan.org/~rootlevel/Net-Pager-2.00/lib/Net/Pager.pm
  # http://www.openmarket.com/

  # ShodanHQ results as at 2011-05-31 #
  # 5 for Simplewire

  @matches = [

    # HTTP Server Header
    { regexp: /^Simplewire/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Simplewire\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#SimpNewsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/simpnews.rb', line 12

WhatWeb::Plugin.define "SimpNews" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-11
  @version = "0.2"
  @description = "Simply a News system"
  @website = "http://www.boesch-it.de/"

  # Google results as at 2010-07-11 #
  # 79 for "powered by SimpNews"

  # Dorks #
  @dorks = [
    '"powered by SimpNews"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { version: /<meta name="generator" content="SimpNews v([\d\.]+), \(c\)[\d]{4}[\-,]*[\d]{4} by Boesch EDV-Consulting"[^>]*>/ },

    # Admin Panel
    { version: / href="http:\/\/www.boesch-it.de[\/]*">SimpNews<\/a> V([\d\.]+) &copy;[\d]{4}[\-,]*[\d]{4} B&ouml;sch EDV-Consulting<\/div>/ },

    # Powered by text link
    { version: /<br>Powered by <a class="copyright" target="_blank" href="http:\/\/www.boesch-it.de">SimpNews<\/a> V([\d\.]+) &copy;[\d]{4}[\-,]*[\d]{4} B&ouml;sch EDV-Consulting<\/font><\/td><\/tr><\/table><\/td><\/tr><\/table><\/div>/ },

    # Powered by text
    { version: /<br>Powered by SimpNews V([\d\.]+) &copy;[\d]{4}[\-,]*[\d]{4} B&ouml;sch EDV-Consulting<\/font><\/td><\/tr><\/table><\/td><\/tr><\/table><\/div>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # cookie
    m << { name: "simpnews[lastvisit] Cookie" } if target.headers["set-cookie"] =~ /simpnews\[lastvisit\]=/

    # Return passive matches
    m
  end
end

#SIMSWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/simsweb.rb', line 9

WhatWeb::Plugin.define "SIMSWeb" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "SIMSWeb (Service Information Management System) is a web server which gives your dealers and/or customers access to their accounts, history and other account details via a standard web browser."
  @website = "http://simsware.com/products/software-simsweb.htm"

  # Google results as at 2011-05-31 #
  # 6 for intitle:"SIMSWeb Login"

  # Dorks #
  @dorks = [
    'intitle:"SIMSWeb Login"'
  ]

  # Matches #
  @matches = [

    # Loading Page # Title
    { text: '<title>SIMSWeb Loading.....</title>' },

    # Loading page # Loading message
    { text: 'index.html"><font color="black" face="arial">Loading SIMSWeb, please wait.....</font></a></h2>' },

    # JavaScript
    { text: '<script language="Javascript" src="/SIMSWeb/monitor.js"></script>' },

    # Form HTML
    { text: '<form onSubmit="sendinfo(); return false;" name="LOGON">' },

  ]
end

#Site4Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/site4.rb', line 9

WhatWeb::Plugin.define "Site4" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-01
  @version = "0.1"
  @description = "Site4 is a danish CMS system for webshops and homepages."
  @website = "http://www.Site4.dk/"

  # 4 results for "SITE4.dk is a danish CMS system for webshops and homepages."

  @matches = [

    # Error Page # Default Title # Danish
    { path: "/error.asp", text: '<title>SITE4.dk Site4 Setup Error..</title>' },

    # Error page # Default logo HTML
    { text: '<img src="http://www.site4.dk/images/site4logo.jpg">
    ' },

    # Error page # Error message
    { text: '<div class="caption" align="center"><b>A Site4 event or error occured..</b></div></td>' },

    # Error page # To read more text
    { text: 'To read more about SITE4.dk please <a class="smalltext" style="text-decoration:none;" href="http://www.site4.dk"><b>click here</b></a>' },

  ]
end

#SiteCaddyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/sitecaddy.rb', line 9

WhatWeb::Plugin.define "SiteCaddy" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-10
  @version = "0.1"
  @description = "Site Caddy offers a suite of online tools for marketing, content management, e-commerce and hosting"
  @website = "http://info.sitecaddy.com/mysitecaddy/site3/"

  # Google results as at 2012-04-10 #
  # 258 for inurl:"mysitecaddy/site"|inurl:"mysitecaddy/site3"
  # 207 for "Powered by SiteCaddy.com"

  # More Sites #
  # http://info.sitecaddy.com/mysitecaddy/site3/clientportfolio.htm

  # Dorks #
  @dorks = [
    'inurl:"mysitecaddy/site"|inurl:"mysitecaddy/site3"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- SECTION: bottom branding -->' },
    { text: '<!-- write title and meta tags -->' },

    # ul class siteCaddyMenu
    { text: '<ul class="siteCaddyMenu menuLevel0 bottomNav" id="primaryNav">' },

    # Powered by Link
    { text: '<a href="http://www.sitecaddy.com" title="Powered by SiteCaddy.com">' },

    # Powered by logo
    { text: '<img src="/mysitecaddy/assets3/common/images/poweredbysitecaddy.gif" alt="Powered by SiteCaddy.com">' },

  ]
end

#SitefinityObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2012-03-09 # Added match. Added google dork. Updated version detection.



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/sitefinity.rb', line 12

WhatWeb::Plugin.define "Sitefinity" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-04
  @version = "0.2"
  @description = "sitefinity ASP.NET CMS"
  @website = "http://www.sitefinity.com/"

  # Google results as at 2012-03-09 #
  # 30 for inurl:"/Sitefinity/WebsiteTemplates/"
  # 20 for "Powered by Sitefinity ASP.NET CMS"

  # Dorks #
  @dorks = [
    'inurl:"/Sitefinity/WebsiteTemplates/"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'href="http://www.sitefinity.com" class="poweredBySitefinity" title="Sitefinity ASP.NET CMS">Powered by Sitefinity ASP.NET CMS</a></p>' },
    { text: 'title="Sitefinity ASP.NET CMS" class="poweredBySitefinity" href="http://www.sitefinity.com">Powered by Sitefinity ASP.NET CMS</a></p>' },

    # Version Detection # Meta Generator
    { version: /<meta name="Generator" content="Sitefinity ([\d\.:]{1,20}( [A-Z]+)?)" \/>/ },

    # Link # /SiteFinity
    { certainty: 75, regexp: /<link href="\/[Ss]ite[Ff]inity\/WebsiteTemplates\// },

  ]
end

#siteGENIUSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/sitegenius.rb', line 9

WhatWeb::Plugin.define "siteGENIUS" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.1"
  @description = "siteGENIUS, a custom website builder that lets you create your own website."
  @website = "http://www.sitegenius.com/"

  # Google results as at 2011-08-03 #
  # 67 for inurl:"sitegenius/topic.php?id="

  # Dorks #
  @dorks = [
    'inurl:"sitegenius/topic.php?id="'
  ]

  # Matches #
  @matches = [

    # GHDB
    { certainty: 75, ghdb: 'inurl:"sitegenius/topic.php"' },

    # JavaScript # PortalBrowser Popup
    { regexp: /var PortalBrowser = window.open\('popup.php\?page_type='\+page_type\+'&lang=[A-Z]{2}&page_id='\+pgid(\+addToURL)?, '', myFeatures\); / },

  ]
end

#SiteMajicObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/sitemajic.rb', line 9

WhatWeb::Plugin.define "SiteMajic" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-24
  @version = "0.1"
  @description = "SiteMajic - Web Content Management System service"
  @website = "http://www.sitemajic.com/"

  # Google results as at 2012-04-24 #
  # 293 for "Website Powered by SiteMajic"
  # 194 for inurl:"admin.php?op=login" inurl:"SiteId"

  # Dorks #
  @dorks = [
    '"Website Powered by SiteMajic"'
  ]

  # Matches #
  @matches = [

    # Admin Page
    { text: "<td width=109 align='left'><input type='text' name='UserName' size='20' style='font-family: Arial; font-size: 8pt;' onKeyPress=\"if (event.keyCode == 13) { document.frm.Password.focus(); return false;	} else return true;\" ></td>" },

    # Powered by link
    { text: "Website Powered by <a href='http://www.sitemajic.com' style='text-decoration:none'>SiteMajic</a>" },

  ]
end

#SitePlayerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/siteplayer.rb', line 12

WhatWeb::Plugin.define "SitePlayer" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-12
  @version = "0.2"
  @description = "SitePlayer is an embedded ethernet HTTP server designed to easily and inexpensively web enable any microprocessor-based device. SitePlayer Telnet is an RS232 to Ethernet protocol converter. It allows you to connect legacy RS232 devices to The Internet by providing a TCP/IP telnet session to an RS232 port. There are many devices which can only be controlled via RS232. With SitePlayer you can now control these devices through The Internet."
  @website = "http://netmedia.com/siteplayer/"
  # Data sheets: http://netmedia.com/siteplayer/webserver/documents.html

  # ShodanHQ results as at 2011-05-12 #
  # 24 for SitePlayer

  @matches = [

    # Version Detection # HTTP Server Header
    { model: "Telnet", version: /^SitePlayer Telnet\/([^\s]+)$/, search: "headers[server]" },

    # WWW-Authenticate realm
    { model: "Telnet", name: "WWW-Authenticate realm", regexp: /^Basic realm="SitePlayer Telnet Configuration"$/, search: "headers[www-authenticate]" },

  ]
end

#SkaLinksObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/skalinks.rb', line 9

WhatWeb::Plugin.define "SkaLinks" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-14
  @version = "0.1"
  @description = "SkaLinks - Free Links Exchange software"
  @website = "http://www.skalinks.com/"

  # 305 results for "powered by SkaLinks" "Link Exchange Script" @ 2010-08-14

  @matches = [

    { text: 'Powered by <a class=sub_cat href="http://www.skalinks.com">SkaLinks - Link Exchange Script' },

    { text: 'Powered by <a class=sub_cat href="http://www.skalinks.com" rel="nofollow">SkaLinks - Link Exchange Script' },

    { text: 'Powered by <a class=sub_cat rel="nofollow" href="http://www.skalinks.com">SkaLinks - Link Exchange Script' },

  ]
end

#SkyXObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/skyx.rb', line 12

WhatWeb::Plugin.define "SkyX" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "The Mentat SkyX series were designed for TCP acceleration/compression and high latency link optimization. Mentat was acquired by Packeteer in 2004. Packeteer was acquired by Blue Coat Systems in 2008 and the SkyX series was discontinued"
  @website = "http://www.bluecoat.com/"

  # More Info #
  # http://www.bluecoat.com/landing/packeteer-end-life-matrix
  # http://en.wikipedia.org/wiki/Packeteer

  # ShodanHQ results as at 2011-05-30 #
  # 63 for SkyX HTTPS

  # Matches #
  @matches = [

    # div id="skyx_status"
    { text: '<div id="skyx_status">SkyX status: enhancing</div>' },

    # JavaScript # /skyxgui.js
    { text: '<script language="javascript" type="text/javascript" src="/skyxgui.js"></script>' },

    # Hostname Detection
    { string: /<div id="hostname"><a href="Misc">Hostname<\/a>: ([^\s^<]+)<\/div>/ },

    # HTTP Server Header
    { regxp: /^SkyX /, search: "headers[server]" },

    # Version Detection
    { version: /^SkyX HTTPS ([^\s]+)$/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Server Header
    if /^SkyX /.match?(target.headers["server"])

      # Model Detection
      m << { model: target.body.scan(/<div id="model">Model:([^<]+)<\/div>/) } if target.body =~ /<div id="model">Model:([^<]+)<\/div>/

    end

    # Return passive matches
    m
  end
end

#SlingBoxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/slingbox.rb', line 9

WhatWeb::Plugin.define "SlingBox" do
  @author = "Brendan Coles <[email protected]>" # 2012-11-17
  @version = "0.1"
  @description = "The Slingbox is a TV streaming media device that encodes video for transmission over the Internet"
  @website = "http://slingbox.com/"

  # ShodanHQ results as at 2012-11-17 #
  # 7 for _sling_skey
  # 2 for watch/sling_player

  # Google results as at 2012-11-17 #
  # 2 for intitle:"Slingbox Setup" "Welcome to Slingbox Setup" "We'll help you set up your Slingbox"

  # Dorks #
  @dorks = [
    'intitle:"Slingbox Setup" "Welcome to Slingbox Setup" "We\'ll help you set up your Slingbox"'
  ]

  # Matches #
  @matches = [

    # Set-Cookie # _sling_skey
    { search: "headers[set-cookie]", regexp: /_sling_skey=[^;]+/ },

    # Version Detection
    { version: /<!-- Footer start -->\s+<div id="footer_center">\s+<p>Portal Version:&nbsp;([^,]+), Plugin Version:&nbsp;/ },

  ]
end

#SmartCDSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/smartcds.rb', line 12

WhatWeb::Plugin.define "SmartCDS" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-06
  @version = "0.2"
  @description = "SmartCDS (Content Delivery Server) hardware [Japanese]"
  @website = "http://www.globaldawin.com/product/smartcds.php3"

  # ShodanHQ results as at 2011-07-06 #
  # 420 for SmartCDS
  #  17 for X-SmartCDS-Error

  # Matches #
  @matches = [

    # Error Page
    { text: '<img border=0 src="http://www.globaldawin.com/capcds/refresh.gif" width="13" height="16"' },

    # Server Header
    { regexp: /^smartcds/, search: "headers[server]" },

    # Version Detection # Server Header
    { version: /^smartcds\/([^\s]+)/, search: "headers[server]" },

    # Version Detection # SmartCDS Header
    { version: /^Version:([^\s]+)$/, search: "headers[smartcds]" },

    # Error Detection # X-SmartCDS-Error Header
    { string: /^(.*)$/, search: "headers[x-smartcds-error]" },

  ]
end

#SmarterMailObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/smartermail.rb', line 9

WhatWeb::Plugin.define "SmarterMail" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.1"
  @description = "SmarterMail delivers Exchange-level email server software features for a fraction of the cost. With lower hardware requirements, superior stability and reduced maintenance costs, SmarterMail has significantly lower Total Cost of Ownership (TCO) and is the best-in-class Microsoft Exchange alternative for businesses and hosting companies."
  @website = "http://www.smartertools.com/smartermail/mail-server-software.aspx"

  # Google results as at 2011-03-14 #
  # 326 for intitle:"SmarterMail Login SmarterMail" "Remember me" "SmarterMail Enterprise"|"SmarterMail Professional"|"SmarterMail Free"

  # Matches #
  @matches = [

    # Product Detection # Vendor Link # >= 4.x
    { string: /<a href='http:\/\/www.smartertools.com\/smartermail\/mail-server-software.aspx' target='_blank'>SmarterMail (Enterprise|Professional|Free|FREE) ([\d\.]+)<\/a>( |&nbsp;)\|( |&nbsp;)<a href='http:\/\/www.smartertools.com\/smartermail\/mail-server-software.aspx' target='_blank'>(Windows Mail Server|Email Server Software|Mail Server Software)<\/a>/ },

    # Verson Detection # Vendor Link # >= 4.x
    { version: /<a href='http:\/\/www.smartertools.com\/smartermail\/mail-server-software.aspx' target='_blank'>SmarterMail (Enterprise|Professional|Free|FREE) ([\d\.]+)<\/a>( |&nbsp;)\|( |&nbsp;)<a href='http:\/\/www.smartertools.com\/smartermail\/mail-server-software.aspx' target='_blank'>(Windows Mail Server|Email Server Software|Mail Server Software)<\/a>/, offset: 1 },

    # Product Detection # td bar1inner # <= 3.x
    { string: /										<td class="?bar1inner"?>SmarterMail (Enterprise|Professional|Free|FREE) Edition ([\d\.]+)<\/td>/ },

    # Version Detection # td bar1inner # <= 3.x
    { version: /										<td class="?bar1inner"?>SmarterMail (Enterprise|Professional|Free|FREE) Edition ([\d\.]+)<\/td>/, offset: 1 },

    # Title
    { text: "<title>Login - SmarterMail</title>" },

  ]
end

#SmarterStatsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/smarterstats.rb', line 9

WhatWeb::Plugin.define "SmarterStats" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.1"
  @description = "Complete SEO and Web Analytics for Individuals and Enterprises"
  @website = "http://www.smartertools.com/smarterstats/web-analytics-seo-software.aspx"

  # Google results as at 2011-03-13 #
  # 87 for intitle:"Login - SmarterStats" "Login to SmarterStats"

  # Matches #
  @matches = [

    # Product Detection # Vendor Link # >= 5.x
    { string: /<a href='http:\/\/www.smartertools.com\/smarterstats\/web-analytics-seo-software.aspx' target='_blank'>SmarterStats (Enterprise|Professional|Free) ([\d\.]+)<\/a>( |&nbsp;)\|( |&nbsp;)<a href='http:\/\/www.smartertools.com\/smarterstats\/web-analytics-seo-software.aspx' target='_blank'>Web Log Analytics( & SEO Software)?<\/a>/ },

    # Verson Detection # Vendor Link # >= 5.x
    { version: /<a href='http:\/\/www.smartertools.com\/smarterstats\/web-analytics-seo-software.aspx' target='_blank'>SmarterStats (Enterprise|Professional|Free) ([\d\.]+)<\/a>( |&nbsp;)\|( |&nbsp;)<a href='http:\/\/www.smartertools.com\/smarterstats\/web-analytics-seo-software.aspx' target='_blank'>Web Log Analytics( & SEO Software)?<\/a>/, offset: 1 },

    # Product Detection # Vendor Link # 4.x
    { string: /<a href='http:\/\/www.smartertools.com\/Products\/SmarterStats\/Overview.aspx' target='_blank'>SmarterStats (Enterprise|Professional|Free) ([\d\.]+)<\/a>&nbsp;\|&nbsp;<a href='http:\/\/www.smartertools.com\/' target='_blank'>Windows Web Analytics<\/a>/ },

    # Verson Detection # Vendor Link # 4.x
    { version: /<a href='http:\/\/www.smartertools.com\/Products\/SmarterStats\/Overview.aspx' target='_blank'>SmarterStats (Enterprise|Professional|Free) ([\d\.]+)<\/a>&nbsp;\|&nbsp;<a href='http:\/\/www.smartertools.com\/' target='_blank'>Windows Web Analytics<\/a>/, offset: 1 },

    # Product Detection # td bar1inner # 3.x
    { string: /										<td class=bar1inner>SmarterStats (Enterprise|Professional|Free|FREE) Edition ([\d\.]+)<\/td>/ },

    # Version Detection # td bar1inner # 3.x
    { version: /										<td class=bar1inner>SmarterStats (Enterprise|Professional|Free|FREE) Edition ([\d\.]+)<\/td>/, offset: 1 },

    # Title
    { text: "<title>Login - SmarterStats</title>" },

  ]
end

#SmartThumbsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/smartthumbs.rb', line 9

WhatWeb::Plugin.define "SmartThumbs" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-17
  @version = "0.1"
  @description = "SmartThumbs is a complete tgp script (thumbnail gallery post management script), it makes your work easier and faster by automating gallery preview and thumbnail cropping. Productivity based thumbnail rotation makes your productivity higher and brings fast traffic growth."
  @website = "http://www.smart-scripts.com/?action=smartthumbs"

  # Google results as at 2011-03-17 #
  # 211 for "powered by SMART THUMBS"

  # Matches #
  @matches = [

    # Powered by link
    { regexp: /POWERED[\s]+BY[\s]+<a href="http:\/\/www.smart-scripts.com">SMART THUMBS<\/a>/ },

    { text: 'POWERED BY<span> <a href="http://www.thumbsrotator.com"><b><span style="font-size: 11px; font-family: Verdana, Arial;">SMART THUMBS</span>' },

  ]
end

#SMFObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array

Version 0.4 # 2011-04-09 # Brendan Coles <bcoles at gmail dot com> Added aggressive md5 matches

Version 0.3 # 2011-03-05 # Updated version detection

Version 0.2 removed :certainty=>100



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/whatweb/plugins/smf.rb', line 21

WhatWeb::Plugin.define "SMF" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "SMF (Simple Machines Forum) is an opensource forum written in PHP"
  @website = "www.simplemachines.org"

  # Dorks #
  @dorks = [
    '"Powered by SMF"'
  ]

  # Matches #
  @matches = [

    # Copyright Link
    { name: "copyright link", text: '<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank"' },

    # Default JavaScript
    { name: "javascript", text: 'document.getElementById("upshrink").src = smf_images_url + ' },

    # smflogo
    { name: "smflogo gif", regexp: /<img class="floatright" id="smflogo" src="[^"]*\/images\/smflogo.gif" alt="Simple Machines Forum" \/>/ },

    # Version Detection # Powered by text
    { version: /<a href="http:\/\/www.simplemachines.org\/" title="Simple Machines Forum" target="_blank"( class="new_win")?>Powered by SMF ([^<]+)/, offset: 1 },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [

      { md5: 'ede483ddc2d684d708aee1df7e9de681', version: '1.0', path: 'readme.html' },
      { md5: '3b120ada16b743ce27a810c8105fae40', version: '1.0 RC2', path: 'readme.html' },
      { md5: 'b73b15701372af001176948e62de00ac', version: '1.0.1 or 1.0.2', path: 'readme.html' },
      { md5: 'f60c721e72537b23c1afaf0633401cd5', version: '1.0.3 - 1.0.16', path: 'readme.html' },
      { md5: '3deb358d76a6994aa9983f5ed38836af', version: '1.1', path: 'readme.html' },
      { md5: '1393566c558c1d1d774f0a78f079538a', version: '1.1 beta3p', path: 'readme.html' },
      { md5: 'e93f0023701693407c2286d557c2c2d6', version: '1.1 RC1', path: 'readme.html' },
      { md5: '97689622417fbf14fa3b10ebedb9644f', version: '1.1 RC2', path: 'readme.html' },
      { md5: '3b607dd7ee4357702258bdd22ebdc1f8', version: '1.1 RC3', path: 'readme.html' },
      { md5: '3deb358d76a6994aa9983f5ed38836af', version: '1.1.1 - 1.1.11', path: 'readme.html' },
      { md5: '2f36557b360975451650eec1d48c79bf', version: '2.0 beta3.1p or 2.0 beta3p', path: 'readme.html' },
      { md5: '02da089eaee5a90bb36e37a4e95bc712', version: '2.0 beta4p', path: 'readme.html' },
      { md5: '3aeee6d20350784af068a70b1bfe04fb', version: '2.0 RC1-x', path: 'readme.html' },
      { md5: 'ff976e1647243eaa36a0fba78dae5bdb', version: '2.0 RC2', path: 'readme.html' },
      { md5: 'b7e4578b6d13bfe9a2393e04f8a9c6b5', version: '2.0 RC3', path: 'readme.html' },
      { md5: 'a5d38f19dc72114da004f35f4ab0b1e7', version: '2.0 RC4', path: 'readme.html' },

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    unless version.nil?
      m << { name: "md5 sums of files", version: version }
    end

    # Return aggressive matches
    m
  end
end

#SmodCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/smodcms.rb', line 9

WhatWeb::Plugin.define "SmodCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-16
  @version = "0.1"
  @description = "SmodCMS"
  @website = "http://www.smod.pl/"

  # 13 results for "powered by SmodCMS" @ 2010-08-16

  # Dorks #
  @dorks = [
    '"powered by SmodCMS"'
  ]

  @matches = [

    { text: '<meta name="Generator" content="SmodCMS" />' },
    { text: '<meta name="Authoring_Tool" content="SmodCMS // www.smod.pl" />' },

    { regexp: /[P|p]+owered by <a href="http:\/\/www.smod.pl[\/]+"[^>]+>SmodCMS[\s]*<\/a>/ },

  ]
end

#SmokePingObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/smokeping.rb', line 9

WhatWeb::Plugin.define "SmokePing" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-05
  @version = "0.1"
  @description = "SmokePing keeps track of your network latency"
  @website = "http://oss.oetiker.ch/smokeping/index.en.html"

  # Google results as at 2012-03-05 #
  # 365 for "Probing Targets" inurl:"show.cgi?target="

  # Dorks #
  @dorks = [
    '"Probing Targets" inurl:"show.cgi?target="'
  ]

  # Matches #
  @matches = [

    # td class="menuitem" link
    { text: '<tr><td class="menuitem" colspan="2">&nbsp;-&nbsp;<a class="menulink" HREF="?target=' },

    # Homepage Link # Version Detection
    { version: /<A HREF="http:\/\/oss\.oetiker\.ch\/smokeping\/counter\.cgi\/([^\s^\/^\"]+)"><img border="0" src="[^"]+"><\/a>/ },

  ]
end

#SmugMugObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/smugmug.rb', line 12

WhatWeb::Plugin.define "SmugMug" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-16
  @version = "0.2"
  @description = "SmugMug is a paid digital photo sharing website"
  @website = "http://www.smugmug.com/"

  # ShodanHQ results as at 2011-03-16 #
  # 246 for x-powered-by smugmug

  @matches = [

    # X-Powered-By
    { regexp: /^SmugMug/, search: "headers[x-powered-by]" },

    # Version Detection # X-Powered-By
    { version: /^SmugMug\/([\d\.]+)$/, search: "headers[x-powered-by]" },

    # X-SmugMug-Values
    { name: "X-SmugMug-Values HTTP Header", regexp: //, search: "headers[x-smugmug-values]" },

  ]
end

#SnareObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/snare.rb', line 9

WhatWeb::Plugin.define "Snare" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-12
  @version = "0.1"
  @description = "Snare - Snare Server Remote Control web interface"
  @website = "http://www.intersectalliance.com/projects/"

  # Default Port: 6161

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^SNARE\/([\d\.]+)$/ },

    # WWW-Authenticate realm
    { search: "headers[www-authenticate]", regexp: /Digest realm="SNARE"/ },

    # Version Detection
    { version: /<H2><CENTER>SNARE Version ([\d\.]+) Status Page<\/H2><\/CENTER>/ },

    # 401 Page # Address Tag
    { certainty: 75, text: '<ADDRESS>Snare Server Remote Control facility</ADDRESS>' },

  ]
end

#sNewsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/snews.rb', line 9

WhatWeb::Plugin.define "sNews" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "sNews is a completely free, standards compliant, PHP and MySQL driven Content Management System."
  @website = "http://www.snewscms.com/"

  # Google results as at 2010-10-14 #
  # 326 for "powered by sNews"

  # Dorks #
  @dorks = [
    '"powered by sNews"'
  ]

  @matches = [

    # Powered by text
    { text: '<p>This site is powered by <a href="http://snewscms.com/" title="sNews CMS" onclick="target=\'_blank\';">sNews</a>' },
    { text: 'powered by <a href="http://www.solucija.com/home/snews/" title="sNews">sNews</a>' },
    { text: 'Powered by <a href="http://snews.solucija.com" title="Single file CSS and XHTML valid CMS">sNews</a>' },
    { text: 'Powered by <a href="http://snewscms.com/" title="Single file CMS">sNews</a>' },

    # Meta description
    { text: '<meta name="description" content="sNews CMS" />', certainty: 75 },

    # Login page # /login/ or admin.php # Default form HTML
    { text: '<p><label for="uname">Username</label>:<br /><input type="text" name="uname" id="uname" class="text" value="" /></p><p><label for="pass">Password</label>:<br /><input type="password" name="pass" id="pass" class="text" value="" /></p>' },

    # Version detection # Meta generator
    { version: /<meta name="Generator" content="sNews ([\d\.]+)" \/>/ },

  ]
end

#SnoGrafxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/snografx.rb', line 10

WhatWeb::Plugin.define "SnoGrafx" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Image gallery software"
  @website = "http://snografx.com/"

  # 27 results for "powered by SnoGrafx" @ 2010-09-18

  @matches = [

    # HTML comment
    { regexp: /<!-- Website designed[\ and powered]* by [^\|]+\|\| Visit: http:\/\/snografx.com\/ -->/ },

    # Default Javascript
    { text: 'var snoOff = new Image();snoOff.src = "xfx/snografx0.gif";var snoOn = new Image();snoOn.src = "xfx/snografx2.gif";' },
    { text: 'var snoOff = new Image();snoOff.src = "4fx/00sno.png";var snoOn = new Image();snoOn.src = "4fx/02sno.png";' },

    # Powered by text
    { text: "Website powered by: <a href='http://snografx.com/' target='_blank'>Snöfx</a>" },

  ]
end

#SnomPhoneObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website parameter and description

Version 0.2 removed :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/snom-phone.rb', line 15

WhatWeb::Plugin.define "SnomPhone" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "VoIP phones and teleconferencing systems"
  @website = "http://www.snom.com/"

  # Dorks #
  @dorks = [
    '"You can enter a simple telephone number (e.g. 0114930398330) or URI like [email protected]."'
  ]

  # &copy; 2000-2008 <a href="http://snom.com">snom AG</a><br>
  # <tr><td class="flyoutLink" colspan="2"><b><a href=http://wiki.snom.com/wiki/index.php/snom300>Manual</a>
  # You can enter a simple telephone number (e.g. 0114930398330) or URI like [email protected].
  # <td class="headerText" width="705">Welcome to Your Phone!</td>
  # <tr><td class="flyoutLink" colspan="2"><b><a href=http://www.snom.com/wiki/index.php/snom360>Manual</a>

  # Matches #
  @matches = [

    { name: "copyright snom.com", regexp: /&copy; 2000-20[0-9]+ <a href="http:\/\/snom.com">snom AG<\/a><br>/ },
    { name: "link to manual1", regexp: /<tr><td class="flyoutLink" colspan="2"><b><a href=http:\/\/(wiki|www).snom.com/ },
    { text: 'You can enter a simple telephone number (e.g. 0114930398330) or URI like [email protected].' },
    { certainty: 75, regexp: /<td[^>]+>Welcome to Your Phone!<\/td>/ },

  ]
end

#SocketKBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-31 # Updated regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/socketkb.rb', line 12

WhatWeb::Plugin.define "SocketKB" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-08
  @version = "0.2"
  @description = "Deploy your own professional knowledge base or knowledge repository. Provide your customers the answers to their questions with SocketKB. Increase customer satisfaction and confidence. Easy and fast to install."
  @website = "http://socketkb.com/site/home/"

  # Google results as at 2010-11-08 #
  # 15 for "Powered by SocketKB version" -intext

  # Dorks #
  @dorks = [
    '"Powered by SocketKB version" -intext'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: />Powered by SocketKB version ([\d\.]+)<\/a>/ },

  ]
end

#SocketTimesheetObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/sockettimesheet.rb', line 9

WhatWeb::Plugin.define "SocketTimesheet" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-08
  @version = "0.1"
  @description = "PHP Timesheet web application"
  @website = "http://www.sockettimesheet.com/"

  # 2 Google results for Login Password Template Access "Enter Login and Password to Proceed" ext:php inurl:login

  @matches = [

    # Login page # login.php # Default JavaScript error message
    { text: "alert('You Are Using '+browser+' Version '+version+', a Non-Tested Browser For This Application. Currently Supported Browsers Are:\\n\\n1. Internet Explorer 6 and Above\\n2. Firefox 2 and Above\\n3. Netscape 8 and Above\\n\\nIf You Experience Any Problem, Please Change To The Supported Browser As Listed Above. Thank You.');", version: "3.x" },
    { text: "alert('You Are Using '+browser+', a Non-Supported Browser For This Application\\nCurrently Supported Browsers Are:\\n1. Internet Explorer\\n2. Firefox (with IETab Enabled)\\n\\nSome Critical Functionalities May Not Work With '+browser);", version: "<= 2.x" },

    # Version Detection # login.php
    { version: /<td valign="top" align="left"><img src=login_images\/index_01.gif><\/td><td valign="bottom" nowrap class="td_title" width="100%">v ([\d\.]+)<\/td>/ },

  ]
end

#SocksoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/sockso.rb', line 9

WhatWeb::Plugin.define "Sockso" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-16
  @version = "0.1"
  @description = "Sockso is a free, open-source, personal music host server"
  @website = "http://sockso.pu-gh.com/"

  # ShodanHQ results as at 2012-03-16 #
  # 25 for Sockso

  # Google results as at 2012-03-16 #
  # 33 for "Login" intext:"If you've created an account you can put your info into the form below to login."

  # Dorks #
  @dorks = [
    '"Login" intext:"If you\'ve created an account you can put your info into the form below to login."'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Sockso$/ },

    # Footer # Version Detection
    { version: /<p id="legal">[\s]+<strong>Sockso<\/strong>[\s]+v([^<]+)<br \/>[\s]+&copy; 20[\d]{2}/ },

  ]
end

#SocorroObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/socorro.rb', line 9

WhatWeb::Plugin.define "Socorro" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-07
  @version = "0.1"
  @description = "A server for collecting, processing, and displaying crash reports from clients using the Breakpad libraries"
  @website = "code.google.com/p/socorro/"

  # Google resutls as at 2011-08-07 #
  # 26 for "Powered by Socorro"

  # Dorks #
  @dorks = [
    '"Powered by Socorro"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: 'Powered by <a href="http://code.google.com/p/socorro/">Socorro</a>' },

  ]
end

#SourceBansObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/sourcebans.rb', line 9

WhatWeb::Plugin.define "SourceBans" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-14
  @version = "0.1"
  @description = "SourceBans is a free global administration and banning system for Source engine based servers."
  @website = "http://www.sourcebans.net/"

  # Google results as at 2011-02-14 #
  # 10 for inurl:exportbans.php
  # 14 for inurl:web_upload ext:php +steam

  # Dorks #
  @dorks = [
    'inurl:web_upload ext:php "steam"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by footer HTML # English
    { version: /		<a href="http:\/\/www.sourcebans.net" target="_blank"><img src="images\/sb.png" alt="SourceBans" border="0" \/><\/a><br\/>\n		<div id="footqversion">Version ([\d\.]+) <\/div>/ },

    # Default Logo HTML
    { text: '		<a href="http://www.sourcebans.net" target="_blank"><img src="images/sb.png" alt="SourceBans" border="0" /></a><br/>' },

    # Error Message
    { regexp: /<div class='dbg' id='[0-9a-f]{7}'><span style='font-weight:bold'>Table '[a-z]+\.sb_settings' doesn't exist<\/span> <br \/><br \/><span>SQL Query type: <\/span><span style='font-weight:bold'>EXECUTE<\/span><span><br \/><span>/ },

  ]
end

#SpamTitanObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/spamtitan.rb', line 9

WhatWeb::Plugin.define "SpamTitan" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-17
  @version = "0.1"
  @description = "SpamTitan Anti Spam is a complete software solution to email security offering protection from Spam, Viruses, Trojans, Phishing and unwanted content."
  @website = "http://www.spamtitan.com/products/"

  # 212 for intitle:"SpamTitan" "Language" "Czech (Czech)" "German (German)" "English (English)" "Japanese (Japanese)" "Password" "Email Address"

  # Dorks #
  @dorks = [
    'intitle:"SpamTitan" "Language" "Czech (Czech)" "German (German)" "English (English)" "Japanese (Japanese)" "Password" "Email Address"'
  ]

  # Matches #
  @matches = [

    # ./imgs/logo.gif
    { url: "/imgs/logo.gif", md5: "ab662b52fe52fa13aa13574efa7f490f" },

    # ./imgs/favicon.ico
    { url: "/imgs/favicon.ico", md5: "f9015ac89e34faefe9b4df73901462d9" },

    # Login Page # StyleSheet
    { regexp: /<link rel="stylesheet" type="text\/css" href="\/?styles\/spamtitan(\.[\d]{10})?\.css" title="SpamTitanCSS2">/ },

    # Login Page # Logo HTML
    { text: '<table class="lhead"><tr><td class="img"><img src="/imgs/logo.gif" alt="SpamTitan Logo"></td></tr></table></div>' },

  ]
end

#SpeakkerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/speakker.rb', line 9

WhatWeb::Plugin.define "Speakker" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "Crossbrowser JavaScript audio solution based on HTML5"
  @website = "http://www.speakker.com/"

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- INSTANTIATE SPEAKKER -->' },
    { text: '<!-- INCLUDE SPEAKKER -->' },

    # JavaScript Source
    { regexp: /<script type="text\/javascript" src="[^"]+\/(projekktor|speakker)\.min\.js"><\/script>/ },

  ]
end

#SpeedTouchObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/speedtouch.rb', line 12

WhatWeb::Plugin.define "SpeedTouch" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-30
  @version = "0.2"
  @description = "SpeedTouch is the brand name of a line of networking equipment produced by Alcatel and Technicolor SA. Before 27 January 2010 Technicolor was known as Thomson SA. Under the SpeedTouch name Alcatel and Technicolor retail a variety of equipment including ADSL and ADSL2+ modems, residential gateways, wireless access equipment, VoIP handsets and SHDSL interconnect equipment. They are a major brand in home and business networking products. - More Info: http://en.wikipedia.org/wiki/SpeedTouch"
  # Homepage: http://www.thomsontelecom.com.au/speedtouch/support.htm

  # ShodanHQ results as at 2011-05-30 #
  # 435,213 for SpeedTouch -SIP http

  # Matches #
  @matches = [

    # Default Favicon
    { url: "/favicon.ico", md5: "befcded36aec1e59ea624582fcb3225c" },

    { regexp: /(Basic|Digest) realm="SpeedTouch/, search: "headers[www-authenticate]", name: "WWW-Authenticate realm" },

    # WWW-Authenticate # realm SpeedTouch # MAC Address Detection
    { string: /Basic realm="SpeedTouch \(([\dA-F]{2}\-[\dA-F]{2}\-[\dA-F]{2}\-[\dA-F]{2}\-[\dA-F]{2}\-[\dA-F]{2})\)/,
      search: "headers[www-authenticate]", name: "WWW-Authenticate realm" },

  ]
end

#SphinxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/sphinx.rb', line 9

WhatWeb::Plugin.define "Sphinx" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-04
  @version = "0.1"
  @description = "Sphinx is a tool that makes it easy to create intelligent and beautiful documentation"
  @website = "http://sphinx.pocoo.org/"

  # Google results as at 2011-07-04 #
  # 363 for "Created using Sphinx" +Copyright

  # Dorks #
  @dorks = [
    '"Created using Sphinx" "Copyright"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Created using link
    { version: /Created using <a href="http:\/\/sphinx\.pocoo\.org\/">Sphinx<\/a> ([^\s]+)\./ },

    # div class="sphinxsidebar" and div class="sphinxsidebarwrapper"
    { regexp: /<div class="sphinxsidebar">[\s]+<div class="sphinxsidebarwrapper">/ },

  ]
end

#SpiceworksObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/spiceworks.rb', line 9

WhatWeb::Plugin.define "Spiceworks" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-23
  @version = "0.1"
  @description = "Spiceworks' single, easy-to-use interface combines Network Inventory, Help Desk, Mapping, Reporting, Monitoring and Troubleshooting"
  @website = "http://www.spiceworks.com/product/"

  # ShodanHQ results as at 2011-05-23 #
  # 2,101 for spiceworks_session
  # 20 for -spiceworks_session spiceworks

  # Matches #
  @matches = [

    # Meta Author
    { text: '<meta name="author" content="Spiceworks, Inc." />' },

    # Login Page # compatible browsers message
    { text: '<p>Spiceworks is compatible with <a href="http://community.spiceworks.com/help/Spiceworks_Requirements#Browser">modern browsers</a>, and requires JavaScript, Cookies, and Stylesheets (CSS) to function correctly.</p>' },

    # Login Page # Title
    { text: '<title>Spiceworks - Login Required</title>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # spiceworks_session cookie
    # Session cookie format: URL encoded base64 string beginning with "BAh7"
    # Terminated by "--" then followed by a md5 hash
    m << { name: "spiceworks_session cookie" } if target.headers["set-cookie"] =~ /spiceworks_session=BAh7[^\s]+--/

    # spiceworks cookie
    m << { name: "spiceworks cookie" } if target.headers["set-cookie"] =~ /spiceworks=[a-f\d]{32}; path=\//

    # If a match was found
    unless m.empty?

      # Version Detection # Login Page # Logo HTML
      if /<h1><img alt="Spiceworks" src="\/images\/logos\/large\.png\?([\d]{7})" \/><\/h1>/.match?(target.body)
        m << { version: target.body.scan(/<h1><img alt="Spiceworks" src="\/images\/logos\/large\.png\?([\d]{7})" \/><\/h1>/)[0][0].insert(1, ".").insert(3, ".") } unless version.nil?
      end

      # Version Detection # General stylesheet
      if /<link href="\/stylesheets\/general\.css\?([\d]{7}+)" media="screen" rel="stylesheet" type="text\/css" \/>/.match?(target.body)
        m << { version: target.body.scan(/<link href="\/stylesheets\/general\.css\?([\d]{7})" media="screen" rel="stylesheet" type="text\/css" \/>/)[0][0].insert(1, ".").insert(3, ".") }
      end

    end

    # Return passive matches
    m
  end
end

#SpinnakerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/spinnaker.rb', line 12

WhatWeb::Plugin.define "Spinnaker" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.2"
  @description = "Spinnaker web server - Searchight Software sold Searchlight BBS, along with Spinnaker Web Server, to TeleGrafix Communications in 1998. TeleGrafix Communications, Inc., closed its doors in late 2000."
  @website = "http://www.telegrafix.com/"

  # More Info #
  # http://en.wikipedia.org/wiki/Searchlight_BBS
  # http://www.slbbs.com/files/packages.html

  # ShodanHQ results as at 2011-06-04 #
  # 274 for spinnaker http

  @matches = [

    # HTTP Server Header
    { regexp: /^Spinnaker/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Spinnaker\/([^\s]+)/, search: "headers[server]" },

  ]
end

#SPIPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-11-20 # Replaced passive[] with matches Added google dork and module detection



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/whatweb/plugins/spip.rb', line 13

WhatWeb::Plugin.define "SPIP" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-12
  @version = "0.2"
  @description = "SPIP is a publishing system for the Internet in which great importance is attached to collaborative working, to multilingual environments, and to simplicity of use for web authors."
  @website = "http://www.spip.net/"

  # ShodanHQ results as at 2011-11-20 #
  # 1,825 for Composed-By spip # 1,321 in France
  # 1,531 for x-spip-cache # 1,116 in France
  #    48 for spip.php

  # Google results as at 2011-11-20 #
  # 505 for inurl:"spip.php" "Login (identifiant de connexion au site)"

  # Dorks #
  @dorks = [
    'inurl:"spip.php" "Login (identifiant de connexion au site)"'
  ]

  # Matches #
  @matches = [

    # div class="formulaire_spip formulaire_recherche"
    { text: '<div class="formulaire_spip formulaire_recherche"' },

    # Meta Generator # Version Detection
    # {:version=>/<meta name="generator" content="SPIP ([^\s]+ \[[\d]+\])"( \/)?>/ },
    { version: /<meta name="generator" content="SPIP ([^\s]+) \[[\d]+\]"( \/)?>/ },

    # HTTP Header # Composed-By # Version Detection
    { search: "headers[composed-by]", version: /SPIP ([^@]{1,10}) @ www\.spip\.net/ },

    # HTTP Header # Composed-By # Module Detection
    { search: "headers[composed-by]", module: /SPIP [^@]{1,10} @ www\.spip\.net \+ (.+)/ },

    # HTTP Header # Composed-By
    { search: "headers[composed-by]", regexp: /SPIP @ www\.spip\.net/ },

    # HTTP Header # x-spip-cache
    { search: "headers[x-spip-cache]", regexp: /^.+$/ },

    # a href="spip.php
    { text: '<a href="spip.php' },

    # img src='/spip
    { text: '<img src=\'/spip' },

  ]
end

#SplunkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/whatweb/plugins/splunk.rb', line 9

WhatWeb::Plugin.define "Splunk" do
  @author = "Brendan Coles <[email protected]>" # 2012-04-17
  @version = "0.1"
  @description = "Splunk indexes and makes searchable data from any app, server or network device in real time including logs, config files, messages, alerts, scripts and metrics."
  @website = "http://www.splunk.com"

  # ShodanHQ results as at 2011-04-17 #
  # 18 for session_id_8000

  # Google results as at 2012-04-17 #
  # 29 for intitle:"Login - Splunk" "If you've forgotten your username or password, please contact your Splunk"

  # Dorks #
  @dorks = [
    'intitle:"Login - Splunk" "If you\'ve forgotten your username or password, please contact your Splunk"'
  ]

  # Matches #
  @matches = [

    # Footer # Version Detection
    { version: /<p class="footer">&copy; 2005-20[\d]{2} Splunk Inc\. Splunk ([^<]+)\.<\/p>/ },

    # Forgot your password text
    { text: "<p><span>First time logging in?</span> Splunk's default credentials are </p><p>username: <span>admin</span><br />password: <span>changeme</span></p><p>If you've forgotten your username or password, please contact your Splunk administrator.</p>" },

    # session_id_8000 Cookie
    { search: "headers[set-cookie]", regexp: /session_id_8000=[a-f\d]{32};/ },

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="Splunk Inc." />' },

    # /en-US/favicon.ico
    { url: "/en-US/favicon.ico", md5: "f7728520c81b7a303d8e54d282e13a16" },

    # JavaScript # Install Type
    { string: /var CONFIG = \{"licenseType": "[^\"]+", "os_name": "[^"]+", "locale":[^\}]+"installType": "([^"]+)"/ },

    # JavaScript # OS Detection
    { os: /var CONFIG = \{"licenseType": "[^\"]+", "os_name": "([^"]+)", "locale":/ },

  ]
end

#SputnikObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/sputnik.rb', line 9

WhatWeb::Plugin.define "Sputnik" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-21
  @version = "0.1"
  @description = "Sputnik - An Extensible Wiki Engine in Lua - Sputnik is a content management system designed for extensibility. It works as a wiki out of the box, but can be extended into other things."
  @website = "http://sputnik.freewisdom.org/"

  # 128 for "Powered by Sputnik"

  # Dorks #
  @dorks = [
    '"Powered by Sputnik"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: "Powered by <a href='http://sputnik.freewisdom.org/'>Sputnik</a>" },
    { text: "Powered by <a href='http://spu.tnik.org/'>Sputnik</a>" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Sputnik Cookie
    m << { name: "Sputnik Cookie" } if target.headers["set-cookie"] =~ /^Sputnik_[a-z\d]{32}=/

    # Return passive matches
    m
  end
end

#SQLiteManagerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/whatweb/plugins/sqlitemanager.rb', line 9

WhatWeb::Plugin.define "SQLiteManager" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-14
  @version = "0.1"
  @description = "SQLiteManager - Web-based SQLite administration"
  @website = "http://www.sqlitemanager.org"

  # Google results as at 2012-01-14 #
  # 33 for intitle:"SQLite version" "Welcome to SQLiteManager version"
  # 26 for inurl:"main.php?dbsel="

  # Dorks #
  @dorks = [
    'intitle:"SQLite version" "Welcome to SQLiteManager version"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- SQLiteFunctionProperties.class.php : propView() -->' },
    { text: '<!-- common.lib.php : displayMenuTitle() -->' },

    # Form
    { text: '<td style="white-space: nowrap">	<form name="database" action="main.php" enctype="multipart/form-data" method="POST" onSubmit="checkPath();" target="main">' },

    # h2 class="sqlmVersion"
    { text: '<h2 class="sqlmVersion">Database : <a href="main.php?dbsel=' },

    # Title # SQLite Version Detection
    { string: /<title>(SQLite version [\d\.\s-]+)(undefined)?<\/title>/ },

    # h2 class="sqlmVersion" # Version Detection
    { version: /<h2 class="sqlmVersion">Welcome to <a href="http:\/\/www\.sqlitemanager\.org" target="_blank">SQLiteManager<\/a> version ([^\s^>]+)<\/h2>/ },

    # h4 class="serverInfo" # SQLite Version Detection
    { string: /<h4 class="serverInfo">(SQLite version [\d\.\s-]+)(undefined)? \/ PHP version 5.2.17<\/h4>/ },

    # h4 class="serverInfo" # SQLite Version Detection
    { string: /<h4 class="serverInfo">SQLite version [\d\.\s-]+(undefined)? \/ (PHP version [^\s^<]+)<\/h4>/, offset: 1 },

  ]
end

#SquarespaceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/squarespace.rb', line 9

WhatWeb::Plugin.define "Squarespace" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "A fully hosted, completely managed environment for creating and maintaining a website, blog or portfolio."
  @website = "http://www.squarespace.com/"

  # Google results as at 2011-03-03 #
  # 116 for "This site is completely powered by the Squarespace platform."

  # Matches #
  @matches = [

    # Powered by text
    { certainty: 75, text: "This site is completely powered by the Squarespace platform." },

    # Default JavaScript
    { text: 'new Squarespace.FixedPositionTip("Logout Successful", "You have been successfully logged out.", { xMargin: 15, yMargin: 15, icon: "/universal/images/helptip-info.png", orientation: "upper-right", viewportFixed: true, autoHide: 1800 }).show();' },

    # favicon.ico
    { url: "favicon.ico", md5: "89cc5689b952ee12d13a68e98119183f" },

  ]
end

#SquirrelcartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/squirrelcart.rb', line 9

WhatWeb::Plugin.define "Squirrelcart" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-15
  @version = "0.1"
  @description = "Squirrelcart PHP Shopping Cart software - Requires PHP and MySQL"
  @website = "http://www.squirrelcart.com/"

  # ShodanHQ reuslts as at 2012-06-15 #
  # 274 for SC_referer SC_referral_date

  # Google results as at 2012-06-15 #
  # 238 for "Powered by Squirrelcart" "PHP Shopping Cart Software
  #  57 for intitle:"Squirrelcart" intitle:"Control Panel" "Username" "Password"

  # Dorks #
  @dorks = [
    '"Powered by Squirrelcart" "PHP Shopping Cart Software',
    'intitle:"Squirrelcart" intitle:"Control Panel" "Username" "Password"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: '<div class="sc_link">Powered by <a target="_blank" href="http://www.squirrelcart.com/php_shopping_cart.php">Squirrelcart &copy; PHP Shopping Cart Software</a></div>' },

    # HTML Comment
    { text: '<!-- Template: price_html.tpl.php -->' },

    # ./squirrelcart/ # Title # Version Detection
    { version: /<title>Squirrelcart v([^\s]+) Control Panel<\/title>/ },

    # Set-Cookie # SC_referer
    { search: "headers[set-cookie]", regexp: /SC_referer=/ },

    # Set-Cookie # SC_referral_date
    { search: "headers[set-cookie]", regexp: /SC_referral_date=[\d]{4}\-[0-1][\d]\-[0-3][\d]\+/ },

  ]
end

#StatusNetObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/statusnet.rb', line 9

WhatWeb::Plugin.define "StatusNet" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-21
  @version = "0.1"
  @description = "StatusNet's Open Source social software enables organizations to collaborate, share insights and build relationships in real time."
  @website = "http://status.net/"

  # 104 for "powered by StatusNet version" inurl:"/main/version" -filetype:html
  # 231 for inurl:"index.php" "It runs the StatusNet microblogging software, version *, available under the GNU Affero General Public License. Site content license"

  # Dorks #
  @dorks = [
    '"powered by StatusNet version" inurl:"/main/version" -filetype:html'
  ]

  # Matches #
  @matches = [

    # Version detection # Powered by footer
    { version: /<p>This site is powered by <a href="http:\/\/status\.net\/">StatusNet<\/a> version ([^\s]+),/ },

    # Version detection # GPL footer
    { version: /It runs the <a href="http:\/\/status\.net\/">StatusNet<\/a> microblogging software, version ([^\s]+), available under the <a / },

  ]
end

#StrongholdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/stronghold.rb', line 9

WhatWeb::Plugin.define "Stronghold" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-04
  @version = "0.1"
  @description = "Stronghold was a fork of the Apache HTTP Server. Stronghold was created by C2Net, which was eventually purchased by Red Hat. Red Hat Stronghold products are no longer available for purchase."
  @website = "https://www.redhat.com/software/stronghold/"

  # ShodanHQ results as at 2011-09-04 #
  # 1,179 for Stronghold

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Stronghold$/ },

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Stronghold\/([^\s]+)/ },

    # C2Net String
    { search: "headers[server]", string: /(C2Net[A-Z]{2}\/[^\s]+)/ },

  ]
end

#SubsonicObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/subsonic.rb', line 9

WhatWeb::Plugin.define "Subsonic" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-07
  @version = "0.1"
  @description = "Subsonic is a free, web-based media streamer, providing ubiquitous access to your music. Based on Java technology, Subsonic runs on most platforms, including Windows, Mac, Linux and Unix variants."
  @website = "http://www.subsonic.org/pages/index.jsp"

  # Google results as at 2011-08-07 #
  # 13 for intitle:"Subsonic" +Username +Password "Remember me" inurl:login.view

  # Dorks #
  @dorks = [
    'intitle:"Subsonic" "Username" "Password" "Remember me" inurl:login.view'
  ]

  # Matches #
  @matches = [

    # input type="checkbox" name="_acegi_security_remember_me"
    { text: '<input type="checkbox" name="_acegi_security_remember_me" id="remember" class="checkbox" tabindex="3">' },

    # Form HTML
    { text: '<form action="/j_acegi_security_check" method="POST">' },

  ]
end

#SugarCRMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/sugarcrm.rb', line 9

WhatWeb::Plugin.define "SugarCRM" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-02
  @version = "0.1"
  @description = "Commercial open source customer relationship management (CRM). CRM software for sales force automation and customer support deployed on demand or on site."
  @website = "http://www.sugarcrm.com/crm/"

  # Google results as at 2011-04-02 #
  # 34 for "Welcome to" intitle:SugarCRM "SugarCRM Inc. The Program is provided AS IS, without warranty. Licensed under AGPLv3."

  # Dorks #
  @dorks = [
    '"Welcome to" intitle:SugarCRM "SugarCRM Inc. The Program is provided AS IS, without warranty. Licensed under AGPLv3."'
  ]

  # Matches #
  @matches = [

    # XSRF Warning Message
    { text: "<h3 style='color:red'>Possible Cross Site Request Forgery (XSRF) Attack Detected</h3>" },

    # Login Page # Support link
    { text: '<span>|</span>    <a href=" javascript:void window.open(\'http://support.sugarcrm.com\')">Support</a>' },

    # JavaScript
    { text: "<script>var module_sugar_grp1 = 'Users';</script><script>var action_sugar_grp1 = 'Login';</script><script>jscal_today" },

    # Theme Detection
    { module: /<script type="text\/javascript">[\s]+<!--[\s]+SUGAR\.themes\.theme_name      = '([^']+)';[\s]+SUGAR\.themes\.theme_ie6compat = / },

    # Powered by image
    { text: "<img style='margin-top: 2px' border='0' width='106' height='23' src='include/images/poweredby_sugarcrm.png' alt='Powered By SugarCRM'>" },

    # Year Detection
    { string: /\* SugarCRM is a customer relationship management program developed by[\s]+ \* SugarCRM, Inc\. Copyright \(C\) 2004-([\d]{4}) SugarCRM Inc\./ },

  ]
end

#SVNObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/svn.rb', line 12

WhatWeb::Plugin.define "SVN" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-30
  @version = "0.2"
  @description = "SVN HTTP header."

  # About 85500 ShodanHQ results for "server: SVN" @ 2010-10-30

  @matches = [

    # HTTP Header
    { regexp: /[^\r^\n]*SVN/, search: "headers[server]" },

    # HTTP Header # Version detect
    { version: /[^\r^\n]*SVN\/([^\r^\n^\s]*)/, search: "headers[server]" },

  ]
end

#SweetriceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/sweetrice.rb', line 9

WhatWeb::Plugin.define "Sweetrice" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-26
  @version = "0.1"
  @description = "SweeRice is a simple website management system ,it is not just free and open source, it provides popular functions such as SEO."
  @website = "http://www.basic-cms.org/"

  # Google results as at 2011-02-26 #
  # 25 for Copyright "Powered By Basic CMS SweetRice" -dork

  # Dorks #
  @dorks = [
    '"Powered By Basic CMS SweetRice" -dork'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="SweetRice ([\d\.]{1,5})" \/>/ },

    # Powered by text
    { text: 'Powered By <a href="http://www.basic-cms.org">Basic CMS SweetRice</a>' },

  ]
end

#SwikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/swiki.rb', line 9

WhatWeb::Plugin.define "Swiki" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-24
  @version = "0.1"
  @description = "Swiki is a popular implementation of Ward Cunningham's WikiWikiWeb that runs under Comanche."
  @website = "http://wiki.squeak.org/swiki/"

  # Google results as at 2011-08-24 #
  # 39 for "powered by Squeak" "Squeak * :: Comanche * :: Swiki"

  # Dorks #
  @dorks = [
    '"powered by Squeak" "Squeak * :: Comanche * :: Swiki"'
  ]

  # Matches #
  @matches = [

    # Aggressive # /defaultScheme/comSwiki.gif
    { url: "/defaultScheme/comSwiki.gif", md5: "81d538bed9f676fffbdaedb9d95cdbc1" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Version Detection # Squeak / Comanche / Swiki
    if target.body =~ /<a href="http:\/\/minnow\.cc\.gatech\.edu\/swiki" title="ComSwiki: powered by Squeak"><img src="[^"^>]*\/defaultScheme\/comSwiki\.gif" border=0 width=277 height=88 alt="ComSwiki: powered by Squeak"><\/a><br>[\s]*<em>(Squeak [^\s]+) :: (Comanche [^\s]+) :: Swiki ([^\s]+)<\/em>/
      m << { string: $1.to_s }
      m << { string: $2.to_s }
      m << { version: $3.to_s }
    end

    # Return passive matches
    m
  end
end

#SymfonyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/symfony.rb', line 9

WhatWeb::Plugin.define "Symfony" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-31
  @version = "0.1"
  @description = "Symfony - open-source PHP web framework"
  @website = "http://www.symfony-project.org/"

  # Matches #
  @matches = [

    # GHDB Match
    { ghdb: '"powered by symfony"', certainty: 25 },

    # Powered by text
    { text: 'Powered by <a href="http://www.symfony-project.org/">' },

  ]
end

#SyncrifyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/syncrify.rb', line 9

WhatWeb::Plugin.define "Syncrify" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-29
  @version = "0.1"
  @description = "Syncrify is a fast incremental remote backup that backs up files using the HTTP protocol."
  @website = "http://web.synametrics.com/Syncrify.htm"

  # Google results as at 2012-01-29 #
  # 37 for intitle:"Syncrify - Fast incremental backup" "powered by Syncrify"

  # Matches #
  @matches = [

    # / # Redirect Page
    { md5: "b5a85ee65b5fda5f8180e1f9c2ab0560" },

    # /images/468x60.gif
    { url: "/images/468x60.gif", md5: "2197210023deed6e71c704b6a27867a1" },

    # /app?operation=about # Version Detection
    { version: /<h3>Syncrify - <small>Version: ([\d\.]+ - build [\d]+)<\/small><\/h3>/ },

    # Title # Version Detection
    { version: /<title>[\s]+Syncrify - Fast incremental backup - Version: ([\d\.]+ - build [\d]+) [\s]+<\/title>/ },

    # Meta Keywords
    { text: '<meta NAME="Keywords" CONTENT="Syncrify - Fast incremental backup" />' },

    # Powered by link
    { text: "<p>Powered by <a href='http://www.syncrify.com' >Syncrify</a></p>" },

  ]
end

#SyndeoCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/syndeocms.rb', line 12

WhatWeb::Plugin.define "SyndeoCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-06
  @version = "0.2"
  @description = "A Content Management System (CMS) for primary schools, which helps you manage and maintain your website. It can also be a very usefull CMS for small companies or non profit organizations. "
  @website = "http://www.syndeocms.org"

  # Google results as at 2010-08-06 #
  # 117 for "powered by SyndeoCMS"

  # Dorks #
  @dorks = [
    '"powered by SyndeoCMS"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/www.syndeocms.org[\/]?" target="_blank">/i },
    { regexp: /Powered by <a href="http:\/\/www.syndeocms.org[\/]?" title="SyndeoCMS">/i },
    { regexp: /Powered by <a href="http:\/\/www.syndeocms.org[\/]?"[^>]*>SyndeoCMS<\/a>/i },

    # Site created with text
    { regexp: /Site created with <a href="http:\/\/www.syndeocms.org[\/]?">SyndeoCMS<\/a>/ },

    # Version Detection # Powered by text
    { version: /<div class="meta"><center>Powered by <a href="http:\/\/www.syndeoCMS.org\/" target="_blank">SyndeoCMS ([\d\.]+)<\/a>/ },

    # HTML Comment
    { text: "<!-- Please don't remove my credits! I worked hard to create this theme and distribute it freely. Thanks! -->" },

  ]
end

#syntaxCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/syntaxcms.rb', line 9

WhatWeb::Plugin.define "syntaxCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-15
  @version = "0.1"
  @description = "SyntaxCMS simplifies publishing various types of content to a site, facilitates creating and managing arbitrary relationships among content items, automates and accelerates custom development, and encourages reuse of site components with other SyntaxCMS installations. It is built using PHP and MySQL and is licensed under the Common Public License. "
  @website = "http://www.syntaxcms.org/"

  # 19 results for "powered by syntaxCMS" @ 2010-08-15

  # Dorks #
  @dorks = [
    '"powered by syntaxCMS"'
  ]

  @matches = [

    { text: 'Powered by <a href="http://www.syntaxcms.org">SyntaxCMS</a></div>' },
    { text: 'powered by <a href="http://www.syntaxcms.org/" title="SyntaxCMS">SyntaxCMS</a></div>' },

  ]
end

#SysMasterObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/sysmaster.rb', line 12

WhatWeb::Plugin.define "SysMaster" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.2"
  @description = "SysMaster is a leading vendor of voice, video and wireless products and solutions, serving telecoms and service providers worldwide."
  @website = "http://www.sysmaster.com/"

  # ShodanHQ results as at 2011-05-31 #
  # 181 for SysMaster

  @matches = [

    # HTTP Server Header
    { regexp: /^SysMaster Web Server/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^SysMaster Web Server\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#TangoCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/tangocms.rb', line 9

WhatWeb::Plugin.define "TangoCMS" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-27
  @version = "0.1"
  @description = "TangoCMS is an open source (GNU/GPL 2.1) PHP Content Management System (CMS)."
  @website = "http://tangocms.org/"

  # ShodanHQ results as at 2011-07-27 #
  # 75 for ZULA_6666cd76f96956469e7be39d750cc7d9

  # Google results as at 2011-07-27 #
  # 154 for "Powered by TangoCMS"

  # Dorks #
  @dorks = [
    '"Powered by TangoCMS"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { regexp: /Powered by <a href="http:\/\/(www\.)?tangocms\.org" title="(Open Source CMS|TangoCMS)">TangoCMS<\/a>\./ },

    # Login input
    { text: '<input type="checkbox" id="sessionRemember" name="session[remember]" value="1" checked="checked"> <label class="horizontal" for="sessionRemember">Remember me?</label>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # ZULA_6666cd76f96956469e7be39d750cc7d9 Cookie
    # 6666cd76f96956469e7be39d750cc7d9 is the md5 hash for "/"
    m << { name: "ZULA_6666cd76f96956469e7be39d750cc7d9 Cookie" } if target.headers["set-cookie"] =~ /ZULA_6666cd76f96956469e7be39d750cc7d9=[^;^\s]+;/

    # Return passive matches
    m
  end
end

#TaskFreakObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/taskfreak.rb', line 12

WhatWeb::Plugin.define "TaskFreak" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-10
  @version = "0.2"
  @description = "TaskFreak! Original is a simple but efficient web based task manager written in PHP."
  @website = "http://www.taskfreak.com/original/"

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /<br>Powered by <a href="http:\/\/www.taskfreak.com">TaskFreak <\/a> v([\d\.]+) - Released on [\d\-]+ under GNU General Public License/ },

    # Version Detection # Powered by text
    { version: /    <a href="http:\/\/www.taskfreak.com">TaskFreak! multi user<\/a> v([\d\.]+) - Released on [\d\-]+ under GNU General Public License/ },

  ]
end

#TCExamObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/tcexam.rb', line 9

WhatWeb::Plugin.define "TCExam" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-14
  @version = "0.1"
  @description = "TCExam is a FLOSS Computer-Based Assessment system."
  @website = "http://www.tcexam.org/"

  # Google results as at 2011-07-14 #
  # 307 for "TCExam ver" +Copyright "Nicola Asuni"
  # 227 for "TCExam ver" +Copyright "Nicola Asuni" "Tecnick.com"

  # Dorks #
  @dorks = [
    '"TCExam ver" "Copyright" "Nicola Asuni"'
  ]

  # Matches #
  @matches = [

    # a name="topofdoc" id="topofdoc
    { text: '<a name="topofdoc" id="topofdoc"></a>' },

    # meta name="author"
    { text: '<meta name="author" content="Nicola Asuni - Tecnick.com s.r.l." />' },

    # HTML Comment
    { regexp: /<!-- TCExam \(c\) 2004-20[\d]{2} Nicola Asuni - Tecnick.com s\.r\.l\. - www\.tcexam\.com -->/ },

    # HTML Comment
    { text: '<!-- TCExam19730104 -->' },

    # login link
    { text: '<li><a href="tce_login.php" title="click on this link to access on this system">' },

    # meta name="tcexam_level"
    { text: '<meta name="tcexam_level" content="0" />' },

    # Version Detection # Copyright footer
    { version: /<span class="copyright"><a href="http:\/\/www\.tcexam\.(org|com)">TCExam<\/a> ver\. ([^\s]+) - Copyright &copy; 2004-20[\d]{2} Nicola Asuni - <a href="http:\/\/www\.tecnick\.com">Tecnick.com S\.r\.l\.<\/a><\/span>/, offset: 1 },

  ]
end

#TCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter and description



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/whatweb/plugins/tcms.rb', line 12

WhatWeb::Plugin.define "TCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-29
  @version = "0.2"
  @description = "Content management system by Tanzarine Technology Ltd"
  @website = "http://www.tanzarine.co.uk/Articles/cms.html"

  # 26 results for "powered by TCMS" @ 2010-08-28

  # Dorks #
  @dorks = [
    '"powered by TCMS"'
  ]

  @matches = [
    { ghdb: '"powered by TCMS"', certainty: 75 },
  ]

  def passive(target)
    m = []

    # TCMS_SESS_ID cookie
    m << { name: "TCMS_SESS_ID Cookie" } if target.headers["set-cookie"] =~ /TCMS_SESS_ID=/

    # 2.0+ powered by text
    if /				<a style="color:#999;" href="http:\/\/www.arsmedia-nidda.de">arsmedia<\/a>/.match?(target.body)
      if /powered by TCMS v[0-9\.]+ &copy; [0-9]{4} by/.match?(target.body)
        version = target.body.scan(/powered by TCMS v([\d\.]+) &copy; [0-9]{4} by/).flatten
        m << { version: version }
      end
    end

    # 3.0+ Powered by text
    if /<span class="copyright">Powered by tCMS v[\d\.]+ &copy;[0-9]{4} Tanzarine Technology Ltd<\/span>/.match?(target.body)
      version = target.body.scan(/<span class="copyright">Powered by tCMS v([\d\.]+) &copy;[0-9]{4} Tanzarine Technology Ltd<\/span>/)[0][0]
      m << { version: version }
    end

    m
  end
end

#TeamViewerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/teamviewer.rb', line 9

WhatWeb::Plugin.define "TeamViewer" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-17
  @version = "0.1"
  @description = "TeamViewer - the All-In-One Solution for Remote Access and Support over the Internet"
  @website = "http://www.TeamViewer.com"

  # Matches #
  @matches = [

    # Home Page
    { text: "<html><body>This site is running <a href='http://www.TeamViewer.com'>TeamViewer</a>.</body></html>" },

  ]
end

#TeapotObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/teapot.rb', line 9

WhatWeb::Plugin.define "Teapot" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.1"
  @description = "HTCPCP, a protocol for controlling, monitoring, and diagnosing coffee pots."
  @website = "http://www.apps.ietf.org/rfc/rfc2324.html"

  # ShodanHQ results as at 2011-03-14 #
  # 6 for 418 teapot

  # Passive #
  def passive(target)
    m = []

    # HTCPCP 418 Status Code
    if @status == 418
      m << if /<title>([^<]+)<\/title>/i.match?(target.body)
             { string: target.body.scan(/<title>([^<]+)<\/title>/i) }
           else
             { string: "I'm a teapot" }
           end
    end

    # Return passive matches
    m
  end
end

#TektroniksObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/tektroniks.rb', line 9

WhatWeb::Plugin.define "Tektroniks" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-03
  @version = "0.1"
  @description = "Tektroniks monitoring Solutions, Wireless monitoring Systems, Wireless data loggers & data loggers. Products include Wireless Monitoring System, Gas Leak Detection, Refrigeration Control Systems, DataLogger, Temperature sensors and Hand Held Thermometers."
  @website = "http://www.tek-troniks.com/site/products/"

  # ShodanHQ results as at 2012-06-03 #
  # 55 for Tektroniks

  # Google results as at 2012-06-03 #
  # 2 for intitle:"Login Page" "Registered users sign in on this page"

  # Dorks #
  @dorks = [
    'intitle:"Login Page" "Registered users sign in on this page"'
  ]

  # Matches #
  @matches = [

    # / # Redirect Page # Redirect Message
    { text: '<p>Transfering you to login page in 2 seconds...</p>' },

    # /login.htm # Login Page # label id="AU_LOGIN_ID_label"
    { text: '<td width="100"><label id="AU_LOGIN_ID_label" for="AU_LOGIN_ID" dataType="" required="true">User Name:</label></td>' },

    # /login.htm # Login Page # meta name="Classification" # Device Type Detection
    { url: "/login.htm", model: /<meta name="Classification" content="(Tektroniks|DATAcentre) - ([^"]+)" \/>/, offset: 1 },

    # Meta Copyright # Year Detection
    { string: /<meta name="Copyright" content="&copy;(20[\d\-]+) (Tektroniks|DATAcentre)" \/>/ },

    # Server # Tektroniks # Version Detection
    { search: "headers[server]", version: /^Tektroniks\/([^\s]+)$/ },

    # WWW-Authenticate: Basic realm="Tektroniks"
    { search: "headers[www-authenticate]", text: 'Basic realm="Tektroniks"' },

  ]
end

#TeleFinderObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/telefinder.rb', line 12

WhatWeb::Plugin.define "TeleFinder" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "TeleFinder is a Macintosh-based bulletin-board system written by Spider Island Software, based on a client.server model whose client end provides a Mac-like GUI. - More Info: http://en.wikipedia.org/wiki/TeleFinder"

  # ShodanHQ results as at 2011-06-02 #
  # 8 for telefinder

  @matches = [

    # HTTP Server Header
    { regexp: /^TeleFinder/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^TeleFinder\/([\d\.]+)$/, search: "headers[server]" },

  ]
end

#TestLinkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/testlink.rb', line 9

WhatWeb::Plugin.define "TestLink" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-21
  @version = "0.1"
  @description = "TestLink - open source test management tool"
  @website = "http://www.teamst.org/"

  # Google results as at 2012-02-21 #
  # 26 for intitle:"TestLink" "New User" "Lost Password" "TestLink project Home" "TestLink is licensed under the GNU GPL"

  # Dorks #
  @dorks = [
    'intitle:"TestLink" "New User" "Lost Password" "TestLink project Home" "TestLink is licensed under the GNU GPL"'
  ]

  # Matches #
  @matches = [

    # Meta Author
    { certainty: 75, text: '<meta name="author" content="Martin Havlat" />' },

    # Login Page # Logo HTML # Version Detection
    { version: /\.png" \/>[\s]*<br \/>TestLink ([^\s^<]+)/ },

    # Login Page # homepage link HTML
    { text: 'TestLink project <a href="http://testlink.sourceforge.net/docs/testLink.php">Home</a><br />' },

    # Redirect Page # Expired session
    { regexp: /<html><head><\/head><body><script type='text\/javascript'>location\.href='https?:\/\/[^\'^\?]+\/login\.php\?note=expired';<\/script><\/body><\/html>/ },

  ]
end

#TFTgalleryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/tftgallery.rb', line 9

WhatWeb::Plugin.define "TFTgallery" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-27
  @version = "0.1"
  @description = "TFTgallery is a PHP based web image gallery which doesn't need a database. It uses the directory structure for data storage. The main features are: an on-the-fly thumbnail creation, PDF and ZIP creation, image calendars, EXIF support."
  @website = "http://www.tftgallery.org/"

  # Google results as at 2011-02-27 #
  # 39 for intitle:"TFTgallery administration"

  # Dorks #
  @dorks = [
    'intitle:"TFTgallery administration"'
  ]

  # Matches #
  @matches = [

    # Default select tag
    { text: 'Select an album: <select name="album" onchange="javascript:document.tftnavi.submit();"><option></option>' },

    # Admin Page # Default Title
    { text: "<title>TFTgallery administration</title><link rel='stylesheet' type='text/css' href" },

    # Admin Page # Back to gallery link
    { text: '<div class="login_text"><br /><a href="../index.php">back to the gallery</a></div>' },

    # Default Logo
    { regexp: /<td class='footer_right'><a href='http:\/\/www.tftgallery.org\/' target='_blank'><img src="[^"]*images\/TFTgallery.png" alt="TFTgallery" border="0" \/><\/a><\/td>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="TFTgallery ([\d\.]{1,5}) http:\/\/www.tftgallery.org\/" \/>/ },

  ]
end

#TheHostingToolObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-17 # Andrew Horton Added website parameter and description

Version 0.2 # Fixed bug with returned modules not comma seperated



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/whatweb/plugins/thehostingtool.rb', line 15

WhatWeb::Plugin.define "TheHostingTool" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-12
  @version = "0.3"
  @description = "Free Open-Source hosting tool similar to cPanel"
  @website = "http://thehostingtool.com/"
  # 161 results for "powered by TheHostingTool" @ 2010-10-12

  # Dorks #
  @dorks = [
    '"powered by TheHostingTool"'
  ]

  @matches = [

    # Version detection # Powered by text
    { version: /<div id="footer">Powered by <a href="http:\/\/thehostingtool.com" target="_blank">TheHostingTool<\/a> ([\d\.]*)<\/div>/ },

  ]

  def passive(target)
    m = []

    # PHP Version detection
    if /<td> ([\d\.]+) \(<a href="\?page=status&sub=phpinfo">PHPInfo<\/a>\)<\/td>/.match?(target.body)
      version = target.body.scan(/<td> ([\d\.]+) \(<a href="\?page=status&sub=phpinfo">PHPInfo<\/a>\)<\/td>/).flatten.first
      m << { version: "PHP:" + version }
    end

    # MySQL version detection
    if /<td><strong>MySQL Version:<\/strong><\/td>[\r\n|\n]+<td> ([\d\.]+) <\/td>/.match?(target.body)
      version = target.body.scan(/<td><strong>MySQL Version:<\/strong><\/td>[\r\n|\n]+<td> ([\d\.]+) <\/td>/).flatten.first
      m << { version: "MySQL:" + version }
    end

    # OS detection
    if /<td width="20%"><strong>Server OS:<\/strong><\/td>[\r\n|\n]+<td width="80%"> ([^\ ]+) <\/td>/.match?(target.body)
      version = target.body.scan(/<td width="20%"><strong>Server OS:<\/strong><\/td>[\r\n|\n]+<td width="80%"> ([^\ ]+) <\/td>/).flatten.first
      m << { version: version }
    end

    # Module detection
    if /<td align="center"><strong>([^<]+)<\/strong><\/td>/.match?(target.body)
      modules = target.body.scan(/<td align="center"><strong>([^<]+)<\/strong><\/td>/).flatten
      m << { module: modules }
    end

    m
  end
end

#thinObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/thin.rb', line 9

WhatWeb::Plugin.define "thin" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-13
  @version = "0.1"
  @description = "Thin is a Ruby web server that glues together 3 of the best Ruby libraries in web history: the Mongrel parser, Event Machine, and Rack"
  @website = "http://code.macournoyer.com/thin/"

  # ShodanHQ results as at 2012-03-13 #
  # 86 for thin web server

  # Matches #
  @matches = [

    # HTTP Server Header # Version Detection
    { search: "headers[server]", version: /^thin ([^\s]+) codename (.+)$/ },

    # HTTP Server Header # Server Codename
    { search: "headers[server]", string: /^thin [^\s]+ (codename .+)$/ },

  ]
end

#ThoughtConduitObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/thoughtconduit.rb', line 9

WhatWeb::Plugin.define "ThoughtConduit" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "ThoughtConduit is a groupware application for people who create with sound, video, animation, text and Virtual Reality. ThoughtConduit provides a creative environment on the internet where users have access to cross-platform tools for articulating, organizing, and distributing multimedia. The ThoughtConduit System consists of two primary components: The Web Server Framework and the desktop Client Application. The Web framework allows access to many ThoughtConduit features from virtually any modern web browser. The Client Application provides communication between other clients and the web server."
  @website = "http://www.thoughtconduit.net/"
  # More info: http://www.thoughtconduit.net/cgi-bin/WebObjects/thoughtconduit.woa/wa/doc?id=1

  # Google results as at 2011-05-19 #
  # 56 for "This site runs on ThoughtConduit * by Sensory Research"

  # Dorks #
  @dorks = [
    '"This site runs on ThoughtConduit * by Sensory Research"'
  ]

  # Matches #
  @matches = [

    # Error Page
    { certainty: 10, text: '<html><body>There has been an error</body></html>' },
    { certainty: 25, text: '<html><head><title>Error</title></head><body>Your request produced an error.</body></html>' },

    # Error Page # The resource you are looking for is unavailable.
    { md5: "6554c90f59823801b2791edff3c3998c" },

    # Version Detection # This site runs on footer
    { version: /This site runs on ThoughtConduit v([^\s]+) by <A TARGET=new HREF="http:\/\/www\.sensoryresearch\.com">Sensory Research<\/A><\/FONT><\/I><\/TD><\/TR><\/table><\/body>/ },

  ]
end

#thttpdObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/thttpd.rb', line 9

WhatWeb::Plugin.define "thttpd" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "thttpd - tiny/turbo/throttling HTTP server - thttpd is a simple, small, portable, fast, and secure HTTP server."
  @website = "http://acme.com/software/thttpd/"

  # ShodanHQ results as at 2011-05-31 #
  # 103,691 for thttpd
  #   6,657 for thttpd -2

  # Matches #
  @matches = [

    # HTTP Server Header
    # { :search=>"headers[server]", :regexp=>/^thttpd$/ },

    # Version Detection
    { search: "headers[server]", version: /^thttpd\/([^\s]+)/ },

  ]
end

#TimeLinkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/whatweb/plugins/timelink.rb', line 9

WhatWeb::Plugin.define "TimeLink" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-01
  @version = "0.1"
  @description = "Full-featured web-based Time and Attendance, Workforce Scheduling, Leave Management and Labor Activity software"
  @website = "http://www.timelink.com/productsbyproducts.html"

  # Google results as at 2011-06-01 #
  # 4 for intitle:Timelink +Language +Password +Version -ext:html
  # 3 for inurl:"timelink/login" +version

  # Dorks #
  @dorks = [
    'intitle:Timelink "Language" "Password" "Version" -ext:html'
  ]

  # Matches #
  @matches = [

    # Version Detection # Copyright footer
    { version: /<p>Version ([\d\.]+)&nbsp;&copy; 2003 - 20[\d]{2} Time ?Link International Corp\. All Rights Reserved\.<\/p>/ },

    # shortcut icon HTML
    { text: '<link rel="shortcut icon" type="image/png" href="/timelink/images/favicon.ico"/>' },

    # Aggressive # Enterprise 6.x # images/login-panel-back.png
    { url: "images/login-panel-back.png", md5: "37897a66217e910dd6c67f1d09c5e870", version: "6.x", string: "Enterprise" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Title
    if /<title>Timelink<\/title>/.match?(target.body)

      # Model Detection
      m << { model: target.body.scan(/<td><div class="heading">([A-Z]+)<font class="titlefont">([^<]+)<\/font><\/div><\/td>/).flatten } if target.body =~ /<td><div class="heading">([A-Z]+)<font class="titlefont">([^<]+)<\/font><\/div><\/td>/

    end

    # Return passive matches
    m
  end
end

#TimeLiveObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/timelive.rb', line 9

WhatWeb::Plugin.define "TimeLive" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-29
  @version = "0.1"
  @description = "TimeLive Time and Expense Tracking - TimeLive Web timesheet suite is an integrated suite for time record, time tracking and time billing software."
  @website = "http://www.livetecs.com/"

  # Google results as at 2011-09-29 #
  # 19 for intitle:"TimeLive" "TimeLive LogIn" +Username +Password

  # Dorks #
  @dorks = [
    'intitle:"TimeLive" "TimeLive LogIn" "Username" "Password"'
  ]

  # Matches #
  @matches = [

    # Logo HTML
    { text: '<img id="CtlLogin1_Login1_imgCompanyOwnLogo" src="Images/TopHeader.jpg" alt="CompanyLogo" style="height:50px;border-width:0px;" /></td>' },

    # Year Detection
    { string: /<span id="CtlLogin1_Login1_Label1">Copyright .{1,2} 2007 - (20[\d]{2}) Livetecs LLC\. All rights reserved\.<\/span>/ },

    # Version Detection
    { version: /<td style="width: 15%" align=right>[\s]+<span id="CtlLogin1_Login1_VersionLabel">v ([^<^\s]+)<\/span><\/td>/ },

  ]
end

#TinyBBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/tinybb.rb', line 9

WhatWeb::Plugin.define "TinyBB" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "TinyBB is a free, simple bulletin board script."
  @website = "http://tinybb.net/"

  # Google results as at 2011-04-17 #
  # 41 for "Proudly powered by TinyBB"

  # Dorks #
  @dorks = [
    '"Proudly powered by TinyBB"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: "Proudly powered by <a href='http://tinybb.net'>TinyBB</a>" },

  ]
end

#TinyproxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/tinyproxy.rb', line 9

WhatWeb::Plugin.define "Tinyproxy" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-16
  @version = "0.1"
  @description = "Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems."
  @website = "https://banu.com/tinyproxy/"

  # ShodanHQ results as at 2011-09-16 #
  # 757 for Tinyproxy

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^tinyproxy\/([^\s]+)/ },

  ]
end

#TiVoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/tivo.rb', line 12

WhatWeb::Plugin.define "TiVo" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-21
  @version = "0.2"
  @description = "TiVo is a digital video recorder developed and marketed by TiVo, Inc."
  @website = "http://www.tivo.com/"

  # Google results as at 2011-05-21 #
  # 1 for intitle:"TiVo DVR" "Congratulations" "You've successfully connected your TiVo"

  # ShodanHQ results as at 2011-05-21 #
  # 4,997 for tivo-httpd

  # Dorks #
  @dorks = [
    'intitle:"TiVo DVR" "Congratulations" "You\'ve successfully connected your TiVo"'
  ]

  @matches = [
    # HTTP Server Header
    { regexp: /^tivo-httpd/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^tivo-httpd-[\d]+:(.+)$/, search: "headers[server]" },

  ]
end

#TivoWebPlusObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/tivowebplus.rb', line 12

WhatWeb::Plugin.define "TivoWebPlus" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-21
  @version = "0.2"
  @description = "TivoWebPlus is a web server that runs on your TiVo PVR. It is written in TCL, and has the ability to browse the channel guide, perform searches, and schedule and delete recordings."
  @website = "http://sourceforge.net/projects/tivowebplus/"

  # ShodanHQ results as at 2011-05-21 #
  # 31 for TivoWebPlus

  @matches = [

    # WWW-Authenticate Realm
    { regexp: /TivoWebPlus/, search: "headers[www-authenticate]" },

    # Version Detection # WWW-Authenticate Realm
    { version: /^Basic realm=['"]TivoWebPlus - v([^'^"]+)['"]$/, search: "headers[www-authenticate]" },

  ]
end

#TomatoCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/tomatocart.rb', line 9

WhatWeb::Plugin.define "TomatoCart" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Shopping Cart"
  @website = "http://www.tomatocart.com/"

  # 216 results for "powered by TomatoCart" -Vulnerability @ 2010-09-18

  @matches = [

    # Meta generator
    { text: '<meta name="generator" content="TomatoCart Open Source Shopping Cart Solutions" />' },

    # Powered by text
    { text: 'Powered by <a href="http://www.tomatocart.com" target="_blank">TomatoCart</a>' },

    # Default favicon
    { md5: "600924763aa7af6c968f53e0f6d9e608", url: "/templates/glass_gray/images/tomatocart.ico" },

  ]
end

#TomatoCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/tomatocms.rb', line 9

WhatWeb::Plugin.define "TomatoCMS" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-10
  @version = "0.1"
  @description = "TomatoCMS considers each web page made up of many different elements called widgets. You can easily create, customize the layout of your site like never before through a visual tool called Layout Editor very easy and convenient."
  @website = "http://www.tomatocms.com/"

  # Dorks #
  @dorks = [
    '"powered by TomatoCMS"'
  ]

  @matches = [

    # 9 results for "powered by TomatoCMS" @ 2010-07-10
    { text: '<a href="http://www.tomatocms.com" title="Powered by TomatoCMS" target="_blank">' },

    { text: "	Tomato.Core.Widget.Loader.baseUrl = 'http://" },

    { text: '					<h1>TomatoCMS Install Wizard</h1>', version: "Install Page" },

  ]
end

#TorrentFluxObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/torrentflux.rb', line 9

WhatWeb::Plugin.define "TorrentFlux" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-13
  @version = "0.1"
  @description = "Open source PHP client for web based management of torrents. Features, downloads, forum. - http://www.torrentflux.com/"

  # Google results as at 2011-05-13 #
  # 30 for "TorrentFlux Login" intitle:TorrentFlux +Username +Password

  # ShodanHQ results as at 2011-05-13 #
  # 290 for TorrentFlux

  # Dorks #
  @dorks = [
    '"TorrentFlux Login" intitle:TorrentFlux "Username" "Password"'
  ]

  # Matches #
  @matches = [

    # Login Page # font title
    { text: '<font class="title">TorrentFlux Login</font>' },

    # Login Page # Password field
    { text: '<td><input type="password" name="iamhim" value="" size="15" style="font-family:verdana,helvetica,sans-serif; font-size:9px; color:#000" /></td>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # TorrentFlux cookie
    m << { name: "TorrentFlux cookie" } if target.headers["set-cookie"] =~ /^TorrentFlux=[a-z\d]+; path=\//

    # Return passive matches
    m
  end
end

#TracObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/trac.rb', line 12

WhatWeb::Plugin.define "Trac" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-15
  @version = "0.2"
  @description = "Trac is an enhanced wiki and issue tracking system for software development projects."
  @website = "http://trac.edgewall.org/"

  # About 77,000,000 results for "Powered by Trac" +intitle:Trac' @ 2010-06-14

  # Dorks #
  @dorks = [
    '"Powered by Trac" intitle:Trac'
  ]

  @matches = [

    # GHDB Match
    { ghdb: '"Powered by Trac" +intitle:Trac', certainty: 75 },

    # Version detection # Powered by text
    { version: /Powered by <a[^>]*><strong>Trac ([^<]+)<\/strong><\/a><br \/>/ },

  ]

  # Fingerprint cookie
  def passive(target)
    m = []

    m << { name: "trac_form_token Cookie", probability: 100 } if target.headers["set-cookie"] =~ /trac_form_token=/

    m
  end
end

#TraceWatchObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/tracewatch.rb', line 9

WhatWeb::Plugin.define "TraceWatch" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.1"
  @description = "TraceWatch Real Time Web Stats and Traffic Analysis Lets you keep track of the visitors to your website in real time with detailed statistics and deep analysis using an innovative user interface for FREE and helps you make your website more effective. Can be easily installed on any website supporting PHP and MySQL."
  @website = "http://www.tracewatch.com/"

  # Google results as at 2011-03-24 #
  # 30 for "TraceWatch" "Website Statistics and Traffic Analysis Software" +author

  # Dorks #
  @dorks = [
    '"TraceWatch" "Website Statistics and Traffic Analysis Software" "author"'
  ]

  # Matches #
  @matches = [

    # h1 Heading
    { text: '<h1 class="main"><a href="http://www.tracewatch.com/"><img alt="TraceWatch" title="TraceWatch" src="./base/img/tracewatch' },

    # Version Detection # Copyright Footer
    { version: /<a href="http:\/\/www\.tracewatch\.com\/">TraceWatch<\/a> V?([^\s]+) Copyright &copy;2004-20[\d]{2} Arash Dejkam/ },

  ]
end

#TradingeyeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/whatweb/plugins/tradingeye.rb', line 9

WhatWeb::Plugin.define "Tradingeye" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-13
  @version = "0.1"
  @description = "Tradingeye is a fully-featured web standards compliant Shopping Cart & CMS, built from the ground up with web accessibility and SEO in mind."
  @website = "http://tradingeye.com/"

  # Google results as at 2011-07-13 #
  # 267 for "Powered by Tradingeye" "You are here: Home"

  # Dorks #
  @dorks = [
    '"Powered by Tradingeye" "You are here: Home"'
  ]

  # Matches #
  @matches = [

    # Aggressive # favicon.ico
    { url: "/favicon.ico", md5: "0ec12e5820517d3b62e56b9a8f1ee5bc" },
    { url: "/_assets/img/site/favicon.ico", md5: "0ec12e5820517d3b62e56b9a8f1ee5bc" },

    # Powered by text
    { text: '<p id="credits"><a href="http://www.tradingeye.com/">powered by Tradingeye</a></p>' },

    # Meta Author
    { text: '<meta name="author" content="dpivision.com Ltd" />' },

    # p id="breadcrumbs"
    { certainty: 25, text: '<p id="breadcrumbs">You are here:' },

    # HTML Comment
    { certainty: 25, text: '</div><!-- end body/inner -->' },

    # skip to main content
    { text: '<p id="skip">[<a href="#main">skip to main content</a>]</p>' },

    # Version Detection # Admin Page # Title
    { version: /<title>Tradingeye v([^\s]+) :: Online Admin<\/title>/ },

    # Admin Page # th class="login_bg"
    { text: '<th class="login_bg" colspan="2">Tradingeye Login</th>' },

  ]
end

#TreeNeWSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/treenews.rb', line 9

WhatWeb::Plugin.define "TreeNeWS" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-18
  @version = "0.1"
  @description = "Probably a 3Com Corporation or Trapeze Networks wireless access point"
  # Any idea what this is? Please contact me

  # ShodanHQ results as at 2011-09-18 #
  # 381 for TreeNeWS

  # Matches #
  @matches = [

    # /vendor.js
    { url: "/vendor.js", string: /var _VENDOR_ = "([^"]+)";/ },
    { url: "/vendor.js", model: /var _OTHER_SYSTEM_MANAGEMENT_NAME_ = '([^']+)';/ },

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^TreeNeWS\/([^\s]+)$/ },

  ]
end

#TribiqObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/whatweb/plugins/tribiq.rb', line 9

WhatWeb::Plugin.define "Tribiq" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-17
  @version = "0.1"
  @description = "Tribiq CMS is a content management system for websites. Without needing technical skills, you can edit and grow your website."
  @website = "http://tribiq.com/"

  # 130 results for "powered by Tribiq" @ 2010-09-17

  # Dorks #
  @dorks = [
    '"powered by Tribiq"'
  ]

  @matches = [

    # Default favicon
    { md5: '1d334359c5d0f68de91f33c78581f25c', url: '/favicon.ico' },

    # Powered by text
    { text: 'Powered by <a href="http://tribiq.com/" target="_blank">Tribiq CMS</a>' },
    { text: 'Designed &amp; Powered by <a alt="Tribiq CMS" target="_blank" title="Tribiq CMS" href="http://www.tribiq.com">Tribiq CMS</a>' },
    { regexp: /Designed &amp; Powered by <a href="http:\/\/www.tribiq.com[\/]*[^>]+>Tribiq CMS<\/a>/ },
    { text: 'Powered by <a href="http://tribiq.com" title="TRIBiQ Content Management System" target="_blank">Tribiq</a>' },
    { text: '<a href="http://tribiq.com">Powered by Tribiq CMS</a>' },
    { text: 'Powered by <a href="http://tribiq.com" target="_blank">TRIBiQ</a>' },

    # Admin Page # Default Javascript
    { text: '					document.location.href = "adminlogin.php?sk=" + (hash? hash : "tribiq__content");' },

    # Admin Page # Default HTML
    { text: '				<p><a href="adminlogin.php">Please log in</a></p>' },

    # Login page # Default title
    { text: '<title>Tribiq CMS Administrator Login</title>' },

  ]

  # Version detection
  def passive(target)
    m = []

    # Meta generator
    if /<meta name="generator" content="Tribiq CMS ([\d\.a-z]+)" \/>/.match?(target.body)
      version = target.body.scan(/<meta name="generator" content="Tribiq CMS ([\d\.a-z]+)" \/>/)[0][0]
      m << { version: version }
    end

    # Login page # Powered by text
    if /    			Powered by <a href="http:\/\/tribiq.com[\/]*" target="_blank">Tribiq CMS<\/a>/.match?(target.body)
      if /    			([\d\._a-z]+)    		<\/div>/.match?(target.body)
        version = target.body.scan(/    			([\d\._a-z]+)    		<\/div>/)[0][0]
        m << { version: version }
      end
    end

    m
  end
end

#TruitionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/truition.rb', line 9

WhatWeb::Plugin.define "Truition" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-30
  @version = "0.1"
  @description = "CDC eCommerce - On Demand eCommerce and Online Auction Software - formerly Truition"
  @website = "http://www.truition.com/"

  # Google results as at 2011-01-30 #
  # 28 for "powered by Truition" inurl:ExecMacro inurl:cgi-bin

  # Dorks #
  @dorks = [
    '"powered by Truition" inurl:ExecMacro inurl:cgi-bin'
  ]

  # Matches #
  @matches = [

    # Default Menu HTML
    { text: '<A HREF="/cgi-bin/ncommerce3/ExecMacro/search.d2w/report?wl=151">Search</A>&nbsp;|&nbsp;' },

    # FAQ # HTML Comment
    { text: "<!--Logon Information-faq answers below-->" },

    # URL pattern and extention
    { ghdb: 'inurl:"/cgi-bin/ncommerce3/ExecMacro/static/" filetype:d2w' },

    # Missing file message
    { text: '<li>DTWF050E: Net.Data is unable to locate the HTML block specification in the URL.' },

    # Missing macro message
    { text: '<li>DTWP001E: Net.Data is unable to locate the macro file' },

    # Redirect Page # Default JavaScript
    { text: 'location.href = "/cgi-bin/ncommerce3/ExecMacro/static/' },

  ]
end

#TumblrObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/tumblr.rb', line 9

WhatWeb::Plugin.define "Tumblr" do
  @author = "Brendan Coles <[email protected]>" # 2011-07-30
  @version = "0.1"
  @description = "A feature rich and free blog hosting platform offering professional and fully customizable templates, bookmarklets, photos, mobile apps, and social network"
  @website = "http://www.tumblr.com/"

  # Google results as at 2011-07-30 #
  # 658 for "Powered by Tumblr"

  # Dorks #
  @dorks = [
    '"Powered by Tumblr"'
  ]

  # Matches #
  @matches = [

    # shortcut icon
    { regexp: /<link rel="(shortcut )?icon" href="http:\/\/[\d]{1,2}\.media\.tumblr\.com\/avatar_[a-f\d]{12}_16\.gif"[\s]?\/>/ },

    # meta name="tumblr-theme"
    { regexp: /<meta name="tumblr-theme" content="[\d]+"[\s]?\/>/ },

    # HTML Comment + iframe
    { text: '<!-- BEGIN TUMBLR CODE --><iframe src="http://assets.tumblr.com/iframe.html' },

  ]

  # Passive #
  def passive(target)
    m = []

    # Username Detection # x-tumblr-user Header
    m << { account: target.headers["x-tumblr-user"] } unless target.headers["x-tumblr-user"].nil?

    # Return passive matches
    m
  end
end

#TutorTracObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/whatweb/plugins/tutortrac.rb', line 9

WhatWeb::Plugin.define "TutorTrac" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.1"
  @description = "Online management software for learning, writing, tutoring departments, and academic skills centers for traditional and athletic students. "
  @website = "http://www.go-redrock.com/"

  # ShodanHQ results as at 2011-06-02 #
  # 65 for TutorTrac

  # Google results as at 2011-06-02 #
  # 5 for intitle:"TutorTrac Learning Center Tracking Software"

  # Dorks #
  @dorks = [
    'intitle:"TutorTrac Learning Center Tracking Software"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<TITLE>TutorTrac Learning Center Tracking Software</TITLE>' },

    # Meta Keywords
    { text: '<meta name="keywords" content="tutor,software,scheduling,learning,center,tutoring,assistant,assistance,education,accutrack,tutorial,community,college,university"><meta name="description" content="Web Based Tutor/Learning Center Management/Scheduling Software">' },

    # Version Detection # 3.x
    { version: /<P ALIGN=right><FONT SIZE="-1" FACE="Verdana" COLOR="#CCCCCC">version[\s]+([\d\.]+)[\s]?&copy;Copyright 20[\d]{2}, <\/FONT><A HREF="http:\/\/www\.go-redrock\.com"><FONT SIZE="-1" FACE="Verdana" COLOR="#CCCCCC">RedRock/ },

    # Version Detection # 4.x
    { version: /<P ALIGN=right><FONT COLOR="#CCCCCC">version ([\d\.]+)[\s]+&copy;Copyright 2004-20[\d]{2}<br \/><\/FONT><A HREF="http:\/\/www\.go-redrock\.com"><FONT COLOR="#CCCCCC">RedRock/ },

    # Aggressive # Usually 3.x # /TutorTrac/favicon.ico
    { url: "/TutorTrac/favicon.ico", md5: "c56dda95e69b50c4b3802919aab0e950" },

    # Aggressive # Usually 4.x # /TracWeb40/favicon.ico
    { url: "/TracWeb40/favicon.ico", md5: "365ccabab0c04ec5c6a9721725b76c36" },

  ]

  # Passive #
  def passive(target)
    m = []

    # No server HTTP header
    if target.headers["server"].nil?

      # Location Header # ./TracWeb40/Default.html
      m << { name: "Location Header" } if target.headers["location"] =~ /^\.\/TracWeb40\/Default\.html$/

      # Location Header # TutorTrac/Default.html
      m << { name: "Location Header" } if target.headers["location"] =~ /^TutorTrac\/Default\.html$/

      # InstallCode Cookie
      m << { name: "InstallCode Cookie" } if target.headers["set-cookie"] =~ /InstallCode=[A-Z]+;/

      # ProductCode Cookie
      m << { name: "ProductCode Cookie" } if target.headers["set-cookie"] =~ /ProductCode=RSC[\d]+=[\d]+;/

    end

    # Return passive matches
    m
  end
end

#TVersityObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/tversity.rb', line 12

WhatWeb::Plugin.define "TVersity" do
  @author = "Andrew Horton"
  @version = "0.2"
  @description = "The TVersity Media Server lets you manage your Internet and home media"
  @website = "tversity.com"

  @matches = [
    { md5: "300b5c3f134d7ec0bca862cf113149d8", url: "/favicon.ico" },

    # HTTP Server
    { version: /TVersity Media Server/, search: "headers[server]" },

    # HTTP Server # Version Detection
    { version: /TVersity Media Server\/([\d\.]+)/, search: "headers[server]" },

  ]
end

#TWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/twiki.rb', line 9

WhatWeb::Plugin.define "TWiki" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-13
  @version = "0.1"
  @description = "A flexible, powerful, and easy to use enterprise wiki, enterprise collaboration platform, and web application platform."
  @website = "http://www.twiki.org/"

  @matches = [

    # About 3,070,000 results @ 2010-06-13
    { name: 'GHDB: "powered by twiki"',
      certainty: 75,
      ghdb: '"powered by twiki"' },

    { name: 'default redirect page title',
      text: '<title>Welcome to TWiki - A Web-based Collaboration Platform</title>' },

    # <span class="twikiRight"> <a href="http://twiki.org/"><img src="/p/pub/TWiki05x00/TWikiLogos/T-badge-88x31.gif" alt="This site is powered by the TWiki collaboration platform" width="88" height="31" title="This site is powered by the TWiki collaboration platform" border="0" /></a></span>
    # <span class="twikiRight"> This Wiki powered by TWiki <a href="http://twiki.org/"><img src="/pub/TWiki/TWikiLogos/T-badge-88x31.gif" alt="This Wiki is powered by the TWiki collaboration platform" width="88" height="31" title="This wiki is powered by the TWiki collaboration platform" border="0" /></a></span>
    { name: 'powered by text',
      regexp: /<span class="twikiRight"> <a href="http:\/\/twiki.org\/"><img src="[a-zA-Z0-9\.\-\\\/\+_]+" alt="This site is powered by the TWiki collaboration platform" width="[0-9]+" height="[0-9]+" title="This site is powered by the TWiki collaboration platform" border="0" \/><\/a><\/span>/i },

    { name: 'alternate powered by text',
      regexp: /<span class="twikiRight"> This Wiki powered by TWiki <a href="http:\/\/twiki.org\/"><img src="[a-zA-Z0-9\.\-\\\/\+_]+" alt="This Wiki is powered by the TWiki collaboration platform" width="[0-9]+" height="[0-9]+" title="This wiki is powered by the TWiki collaboration platform" border="0" \/><\/a><\/span>/i }

  ]

  def passive(target)
    m = []
    m << { name: "TWIKISID Cookie" } if target.headers["set-cookie"] =~ /TWIKISID=[0-9a-z]{32}/
    m
  end
end

#TwistedWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
 
# File 'lib/whatweb/plugins/twistedweb.rb', line 9

WhatWeb::Plugin.define "TwistedWeb" do
  @author = "Andrew Horton" # 2015-05-06
  @version = "0.1"
  @description = "Twisted web is the HTTP server provided by Twisted, an event-driven networking engine written in Python and licensed under the open source MIT license. Developed by Twisted Matrix Labs. Homepage - https://twistedmatrix.com/"

  # Matches #
  @matches = [
    # Version in HTTP header
    { version: /TwistedWeb\/?([^ ]+)?/, search: "headers[server]" },
  ]
end

#TwonkyServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/whatweb/plugins/twonkyserver.rb', line 9

WhatWeb::Plugin.define "TwonkyServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-17
  @version = "0.1"
  @description = "Twonky is a line of computer and mobile applications that finds all of your digital media collections and shares them with PCs, TVs, stereos and other devices connected to your network."
  @website = "http://www.twonky.com/"

  # Google results as at 2011-09-17 #
  # 30 for inurl:":9000" PacketVideo corporation (intitle:"TwonkyMedia"|intitle:"TwonkyServer")

  # ShodanHQ results as at 2011-09-17 #
  # 3 for TwonkyMedia UPnP

  # Dorks #
  @dorks = [
    'inurl:":9000" PacketVideo corporation (intitle:"TwonkyMedia"|intitle:"TwonkyServer")'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /TwonkyMedia UPnP/ },

    # Home Page
    { text: '<meta name="description" content="TwonkyMedia Digital Home">' },
    { text: '<td><strong><font color="#294A94" size="2">TwonkyMedia Settings</font></strong></td>' },

    # /webbrowse
    { text: '<html><head><title>TwonkyServer Media Browser</title>' },
    { text: '<html><head><title>TwonkyMedia server media browser</title>' },
    { string: /<div id="copyright" class="copyright">Copyright . 2004-(20[\d]{2}) PacketVideo Corporation\. All rights reserved\.<\/div><\/div><hr>/ },
    { string: /<div id="copyright" class="copyright">Copyright&nbsp;&copy;&nbsp;2004-20(20[\d]{2}) PacketVideo&nbsp;Corporation\. All&nbsp;rights&nbsp;reserved<\/div><\/div><hr>/ },

  ]
end

#TypekitObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/typekit.rb', line 9

WhatWeb::Plugin.define "Typekit" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-17
  @version = "0.1"
  @description = "JavaScript font manager"
  @website = "http://typekit.com/"

  # Matches #
  @matches = [

    # JavaScript Source
    { regexp: /<script [^>]*src=["'][^>]*use\.typekit\.com/i },

  ]
end

#TYPO3Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2012-08-16 # Andrew Horton Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/whatweb/plugins/typo3.rb', line 12

WhatWeb::Plugin.define "TYPO3" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-09
  @version = "0.2"
  @description = "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules."
  @website = "http://typo3.com/"

  # More examples here: http://welovet3.com/

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="TYPO3 ([\d\.]+) CMS"/ },

    # HTML Comment
    { text: '<!--TYPO3SEARCH_end-->', certainty: 75 },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version
    files = [

      { md5: 'fa6bed20b07e72ae7140daf35bf9d194', version: '3.3.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: 'f8cf9f0ee879a5ed1f4cdbda5f66fe42', version: '3.5.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '91679c5cebe4dd2d3c6ef41a01252f56', version: '3.6.x - 3.8.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '65cdbcbfda7bd1512d61033f22919c04', version: '4.0.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '8268823e266152decfb7bb1ba652ab32', version: '4.1.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '21ba8e02551157b345885d9aec091ca2', version: '4.2.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: 'efda8e345a6516ea97a8412875e3b100', version: '4.3.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '4a464632a5a0865009bdf3d48bacbba9', version: '4.4.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '12a91f85007c0deb3f1c798faef7a336', version: '4.5.x', path: 't3lib/jsfunc.evalfield.js' },
      { md5: '7d6f7ccbc4257ca8e0d952e4586a5577', version: '6.1.x', path: 'typo3/js/tree.js' },
      { md5: '36741bfbbf60c3ae3370d1fcacafd562', version: '6.2.x', path: 'typo3/js/tree.js' },
      { md5: '3287390bce962a070d01f0fbc77e8d98', version: '7.0.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '688715e7f2b3e34de595083926b1c5d6', version: '7.1.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '8802bd97763db8c94a46dea8424f8a2f', version: '7.2.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '033d2c5965493bd599526a2ec6c6b1c2', version: '7.3.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: 'e46e25a14c4429e88439ee2ce2cfa8b1', version: '7.4.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '5a581b85d07fd4ab2e9b319a177e09ae', version: '7.5.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '5a581b85d07fd4ab2e9b319a177e09ae', version: '7.6.0/7.6.1/7.6.2', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '1a59c65788fb35d2ae5ef28aa7ed887a', version: '7.6.3/7.6.4', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '51e791e3ac7014583c7d516534991387', version: '7.6.5/7.6.6/7.6.7', path: 'typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js' },
      { md5: '9dbefa9ee5f9ce30f1872e70e27a9604', version: '7.6.8/7.6.9', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngine.js' },
      { md5: 'ab33f4ab2ee1bdc206736de9ab1e9eeb', version: '7.6.10', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngineSuggest.js' },
      { md5: 'a6fc92a1274764f2f08d1029f76a730c', version: '7.6.11', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngineSuggest.js' },
      { md5: '36fe0df4954b1e3fea9c5a0dc98d9ad6', version: '8.0.0', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngine.js' },
      { md5: '4c88b3ea158328242cd6b3f37d40c4e5', version: '8.0.1', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngine.js' },
      { md5: '67a2d028d995e1f393450fcf628a6cd4', version: '8.1.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngine.js' },
      { md5: '142c4e3a8830066cb4cd5843482908d9', version: '8.2.0', path: 'typo3/sysext/backend/Resources/Public/JavaScript/FormEngine.js' },
      { md5: 'f1bbf914a52ad4a1c046c172b75efb5a', version: '8.2.1', path: 'typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js' },
      { md5: '821c0f0e29eb9b95f09cbcc25bc47d38', version: '8.3.x', path: 'typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js' },
      { md5: 'd18a74b735139ee0eed133fc0867f9b8', version: '8.4.0', path: 'typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js' },

    ]

    # Fetch and hash files
    to_download = files.map { |x| x[:path] }.sort.uniq
    downloads = {}
    to_download.each do |d|
      url = URI.join(target.uri.to_s, d).to_s
      new_target = WhatWeb::Target.new(url)
      downloads[d] = { md5sum: new_target.md5sum }
    end

    # Compare file hashes to known hashes
    version = nil
    files.each do |thisfile|
      unless downloads[thisfile[:path]].nil?
        version = thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
      end
    end

    # Set version if present
    unless version.nil?
      m << { name: "md5 sums of files", version: version }
    end

    # Return aggressive matches
    m
  end
end

#UltraseekObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/ultraseek.rb', line 12

WhatWeb::Plugin.define "Ultraseek" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "Ultraseek - web site search engine product information - Homepage [Offline] : http://www.ultraseek.com/"

  # ShodanHQ results as at 2011-06-02 #
  # 350 for Ultraseek

  @matches = [

    # HTTP Server Header
    { regexp: /^Ultraseek/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Ultraseek\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#UltrastatsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-16 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/ultrastats.rb', line 12

WhatWeb::Plugin.define "Ultrastats" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.2"
  @description = "UltraStats is a php based gamelog parser for the famous Call of Duty franchise supporting Call of Duty, Call of Duty: United Office, Call of Duty2, Call of Duty 4: Modern Warfare and Call of Duty: World at War. In order to fully support UltraStats, you need a Apache or IIS Webserver with PHP5 ( PHP4 should still work ) installed. You also need a MySQL Database to store the data into."
  @website = "http://www.ultrastats.org/"

  # Google results as at 2010-08-22 #
  # 50  for "powered by Ultrastats" intitle:Ultrastats
  # 383 for intitle:"Ultrastats :: Home"

  # Dorks #
  @dorks = [
    'intitle:"Ultrastats :: Home"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<DIV align=center>Powered by Ultrastats' },

    # Default logo HTML
    { text: '<img src="./images/main/ultrastatslogo.png" width="300" height="200" name="ultrastats_logo" align="center">' },

    # Default title
    { regexp: /<title>Ultrastats :: [^<]+<\/title>/i },

    # Error page
    { text: '<title>UltraStats :: Critical Error occured</title>' },

    # Version Detection
    { version: / &nbsp;<a href="http:\/\/www.ultrastats.org[\/]?" target="_blank">Ultrastats<\/a> Version ([\d\.]+)/i },

  ]
end

#UmbracoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated matches and version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/whatweb/plugins/umbraco.rb', line 12

WhatWeb::Plugin.define "Umbraco" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-12
  @version = "0.2"
  @description = "umbraco is an open source project with roots back to year 2000 even though it wasn't released as open source until 2004."
  @website = "http://www.umbraco.org"

  # About 24,400 results for "powered by umbraco" @ 2010-06-08
  # 27 results for "site powered by umbraco" @ 2010-06-08
  # 17 results for "site powered by umbraco v4" @ 2010-06-08

  # Dorks #
  @dorks = [
    '"site powered by umbraco"'
  ]

  @matches = [

    # GHDB Match
    { ghdb: '"powered by umbraco"', certainty: 25 },

    # Meta generator
    { text: '<meta name="generator" content="umbraco" />' },

    # Powered by text
    { regexp: /Powered by[^<]*<a[\s]+href="http:\/\/[www.]*umbraco.org[^>]*>Umbraco<\/a>/i },

    # Version detection # Powered by text
    { version: /powered by[^<]*<a[\s]+href="http:\/\/[www.]*umbraco.org[^>]*>umbraco v([^<]+)<\/a>/i },

    # Version detection # Powered by text # 4.x
    { regexp: /powered by[^<]*<a[\s]+href="http:\/\/[www.]*umbraco.org[^>]*>umbraco v4<\/a>/i, version: "4.x" },

    # Version detection # Meta generator
    { version: /<meta name="generator"[^>]*content="umbraco[\s]+([0-9\.]+)"/i },

  ]
end

#UncommonHeadersObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-30 # Andrew Horton Added strict-transport-security

Version 0.2 removed :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/uncommon-headers.rb', line 15

WhatWeb::Plugin.define "UncommonHeaders" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "Uncommon HTTP server headers. The blacklist includes all the standard headers and many non standard but common ones. Interesting but fairly common headers should have their own plugins, eg. x-powered-by, server and x-aspnet-version. Info about headers can be found at www.http-stats.com"

  # Passive #
  def passive(target)
    m = []
    found = []
    normal_headers = %w|accept-ranges age allow cache-control cachecontrol connection content-disposition content-encoding content-language content-length content-location content-md5 content-range content-type date etag expires host last-modified location mime-version p3p pragma proxy-authenticate refresh server set-cookie status strict-transport-security trailer transfer-encoding vary via warning www-authenticate x-aspnet-version x-cache x-cache-lookup x-pad x-powered-by x-runtime x-ua-compatible x-frame-options x-xss-protection x-pingback keep-alive|

    unless target.headers.nil?
      target.headers.each do |x, _y|
        unless normal_headers.include?(x)
          found << x
        end
      end

      unless found.empty?
        m << { name: "headers", string: found.join(",") }
      end

    end
    m
  end
end

#uPortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/whatweb/plugins/uportal.rb', line 12

WhatWeb::Plugin.define "uPortal" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-13
  @version = "0.2"
  @description = "uPortal"

  # About 1,790 results for "powered by uportal" @ 2010-06-13

  # Dorks #
  @dorks = [
    '"powered by uportal"'
  ]

  @matches = [

    # GHDB Match
    { ghdb: '"powered by uportal"', certainty: 75 },

    # Version detection # Default logo HTML
    { version: /<img[^>]*alt="Powered by uPortal ([\d\.]+)"[^>]*>/ },

    # Version detection # Powered by text
    { version: /<a target="_blank" title="Powered by \$" href="http:\/\/www.uportal.org">Powered by uPortal ([^<]+)<\/a>/ },

  ]

  def passive(target)
    m = []

    if /uPortal_rel-([\-0-9]+)/i.match?(target.headers["uportal-version"])
      v = target.headers["uportal-version"].scan(/uPortal_rel-([\-0-9]+)/i)[0][0]
      m << { name: "uportal-version header", version: v }
    end

    m
  end
end

#UrlRewriter_NETObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/urlrewriter.net.rb', line 9

WhatWeb::Plugin.define "UrlRewriter_NET" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-16
  @version = "0.1"
  @description = "Open Source URL Rewriter for .NET / IIS / ASP.NET - UrlRewriter.NET is an open-source, light-weight, highly configurable URL rewriting component for ASP.NET 1.1 . 4.0 which provides similar IIS Rewrite capabilities that the Apache web server provides with mod_rewrite and .htaccess."
  @website = "http://urlrewriter.net/"

  # ShodanHQ results as at 2011-08-16 #
  # 3,892 for UrlRewriter.NET

  # Matches #
  @matches = [

    # Version Detection # X-Powered-By Header
    { search: "headers[x-powered-by]", version: /UrlRewriter\.NET ([^\s]+)/ },

  ]
end

#UseResponseObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/useresponse.rb', line 9

WhatWeb::Plugin.define "UseResponse" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-06
  @version = "0.1"
  @description = "UseResponse is a fully customizable, open-source, self-hosted customer feedback software and support system"
  @website = "http://www.useresponse.com/"

  # Google results as at 2012-06-06 #
  # 55 for "Enter your email (login) to get instructions to recover your password" "All Responses" "Powered by" inurl:"responses"

  # Dorks #
  @dorks = [
    '"Enter your email (login) to get instructions to recover your password" "All Responses" "Powered by" inurl:"responses"'
  ]

  # Matches #
  @matches = [

    # Powered by footer
    { text: 'title="Customer Feedback Software, Community Support System" target="_blank" href="http://www.useresponse.com" class="popup-logo">' },

    # HTML Comments
    { regexp: /<!-- DO NOT MODIFY (ABOVE|BELOW) THIS LINE UNLESS PURCHASED BRANDING REMOVAL -->/ },

    # Form HTML
    { text: '<form id="system-form-registration" enctype="application/x-www-form-urlencoded" class="system-form-registration" accept-charset="utf-8"' },

  ]
end

#UshahidiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/ushahidi.rb', line 9

WhatWeb::Plugin.define "Ushahidi" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-05
  @version = "0.1"
  @description = "The Ushahidi Platform is a platform for information collection, visualization and interactive mapping."
  @website = "http://www.ushahidi.com/"

  # ShodanHQ results as at 2011-06-05 #
  # 22 for ushahidi_data

  # Matches #
  @matches = [

    # /favicon.ico
    { md5: "7350c3f75cb80e857efa88c2fd136da5", url: "/favicon.ico" },

  ]

  # Passive #
  def passive(target)
    m = []

    # ushahidi cookie
    m << { name: "ushahidi cookie" } if target.headers["set-cookie"] =~ /ushahidi=[^;]+;/

    # ushahidi_data cookie
    m << { name: "ushahidi_data cookie" } if target.headers["set-cookie"] =~ /ushahidi_data=[^;]+;/

    # Return passive matches
    m
  end
end

#uTorrentObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/whatweb/plugins/utorrent.rb', line 9

WhatWeb::Plugin.define "uTorrent" do
  @author = "Andrew Horton"
  @version = "0.1"
  @description = "The uTorrent GUI is a web interface to the uTorrent BitTorrent client"
  @website = "https://web.utorrent.com/"

  # Passive #
  def passive(target)
    m = []
    m << { name: "Page body is 'invalid request'" } if target.body == "invalid request"
    m << { name: 'Basic realm="uTorrent"' } if target.headers['www-authenticate'] == 'Basic realm="uTorrent"'
    m
  end
end

#VamCartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/vamcart.rb', line 9

WhatWeb::Plugin.define "VamCart" do
  @author = "Brendan Coles <[email protected]>" # 2012-07-18
  @version = "0.1"
  @description = "VamCart - CakePHP Based Open Source Shopping Cart"
  @website = "http://vamcart.com/"

  # Google results as at 2012-07-18 #
  # 5 for "VamCart" "Shipping and Returns" inurl:"page/shipping--returns.html"

  # Dorks #
  @dorks = [
    '# 5 for "VamCart" "Shipping and Returns" inurl:"page/shipping--returns.html"'
  ]

  # Matches #
  @matches = [

    # StyleSheet
    { regexp: /<link type="text\/css" href="[^"]+\/stylesheets\/load\/vamcart\.css" rel="stylesheet"  media="screen"\/>/ },

    # HTML Comment
    { text: '<!-- Powered by: VamCart (http://vamcart.com) -->' },

    # Footer
    { text: '<p><a href="http://vamcart.com/">PHP Shopping Cart</a> <a href="http://vamcart.com/">VamCart</a></p>' },

  ]
end

#VarnishObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/varnish.rb', line 9

WhatWeb::Plugin.define "Varnish" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "Varnish is an HTTP accelerator written in C designed for content-heavy dynamic web sites. In contrast to other HTTP accelerators, such as Squid, which began life as a client-side cache, or Apache, which is primarily an origin server, Varnish was designed from the ground up as an HTTP accelerator."
  @website = "http://www.varnish-cache.org/"

  # ShodanHQ results as at 2011-04-15 #
  # 14,040 for X-Varnish

  # Passive #
  def passive(target)
    m = []

    # X-Varnish Header
    m << { name: "X-Varnish Header" } unless target.headers["x-varnish"].nil?

    # Server Header
    m << { name: "Server Header" } if target.headers["server"] =~ /^Varnish$/

    # Return passive matches
    m
  end
end

#vbPortalObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-24 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/vbportal.rb', line 12

WhatWeb::Plugin.define "vbPortal" do
  @author = "Brendan Coles <[email protected]>"
  @version = "0.2"
  @description = "Portal and CMS for vBulletin"
  @website = "http://www.vbportal.com/"

  # Google results as for 2010-08-27 #
  # 154 for "Portal By vbPortal Version "

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="vbPortal - Copyright 2010" />' },

    # HTML Comment
    { text: '	<!-- Do not remove  or your scheduled tasks will cease to function -->' },

    # Version Detection # Meta generator
    { version: /<meta name="generator" content="vbPortal ([\d\.]+)" \/>/ },

    # Version Detection # Portal by text
    { version: /Portal By vbPortal Version ([\d\.]+)<br \/>/ },

  ]
end

#VCalendarObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/vcalendar.rb', line 9

WhatWeb::Plugin.define "VCalendar" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-03
  @version = "0.1"
  @description = "VCalendar is an open source Web calendar application for posting and maintaining events and schedules online. A free solution for use by online Web communities and any commercial and non-commercial organizations, available in PHP, ASP, C# and VB.NET."
  @website = "http://sourceforge.net/projects/virtualcalendar/"

  # Google results as at 2011-08-03 #
  # 44 for "powered by VCalendar" inurl:event_view.php?event_id=

  # Dorks #
  @dorks = [
    '"powered by VCalendar" inurl:event_view.php?event_id='
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://www.vcalendar.org">VCalendar</a>' },

    # link href="Styles/Basic/Style.css"
    { certainty: 75, text: '<link href="Styles/Basic/Style.css" type="text/css" rel="stylesheet"></head>' },

  ]
end

#vcardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/whatweb/plugins/vcard.rb', line 9

WhatWeb::Plugin.define "vcard" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-07
  @version = "0.1"
  @description = "vCard is a file format standard for electronic business cards. This plugin identifies vcards and extracts the vcard version, name, full name and organization details."
  # More info: http://en.wikipedia.org/wiki/VCard

  # Google results as at 2011-02-07 #
  # 956,000 for filetype:vcf

  # Passive #
  def passive(target)
    m = []

    # Extract vcard Details
    if target.body =~ /^BEGIN:VCARD[\s]*$/i && target.body =~ /^END:VCARD/i

      # Version
      m << { version: target.body.scan(/^BEGIN:VCARD[\s]*$.*^VERSION:([\d\.]{1,3})[\s]*$.*^END:VCARD/im).flatten } if target.body =~ /^BEGIN:VCARD[\s]*$.*^VERSION:([\d\.]{1,3})[\s]*$.*^END:VCARD/im

      # Name
      m << { string: "Name:" + target.body.scan(/^BEGIN:VCARD[\s]*$.*^N:([^\r^\n]+)[\s]*$.*^END:VCARD/im).flatten } if target.body =~ /^BEGIN:VCARD[\s]*$.*^N:([^\r^\n]+)[\s]*$.*^END:VCARD/im

      # Full Name
      m << { string: "Full Name:" + target.body.scan(/^BEGIN:VCARD[\s]*$.*^FN:([^\r^\n]+)[\s]*$.*^END:VCARD/im).flatten } if target.body =~ /^BEGIN:VCARD[\s]*$.*^FN:([^\r^\n]+)[\s]*$.*^END:VCARD/im

      # Oraganization
      m << { string: "Organization:" + target.body.scan(/^BEGIN:VCARD[\s]*$.*^ORG:([^\r^\n]+)[\s]*$.*^END:VCARD/im).flatten } if target.body =~ /^BEGIN:VCARD[\s]*$.*^ORG:([^\r^\n]+)[\s]*$.*^END:VCARD/im

      # Address # 3.x only
      m << { string: "Address:" + target.body.scan(/^BEGIN:VCARD[\s]*$.*^ADR:([^\r^\n]+)[\s]*$.*^END:VCARD/im).flatten } if target.body =~ /^BEGIN:VCARD[\s]*$.*^ADR:([^\r^\n]+)[\s]*$.*^END:VCARD/im

    end

    # Return passive matches
    m
  end
end

#VelazquezObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/velazquez.rb', line 12

WhatWeb::Plugin.define "Velazquez" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-31
  @version = "0.2"
  @description = "Velazquez HTTP Server"

  # ShodanHQ results as at 2011-03-13 #
  # 293 for Velazquez

  @matches = [

    # HTTP Server Header
    { regexp: /^Velazquez/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Velazquez ([\d\.]+)$/, search: "headers[server]" },

  ]
end

#VideoDBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/videodb.rb', line 9

WhatWeb::Plugin.define "VideoDB" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-13
  @version = "0.1"
  @description = "VideoDB is a web application to manage a personal video collection - Requires: PHP and MySQL"
  @website = "http://www.videodb.net/"

  # ShodanHQ results as at 2011-08-13 #
  #  3 for VDBpassword VDBuserid VDBusername

  # Google results as at 2011-08-13 #
  # 27 for inurl:borrow.php?diskid=

  # Dorks #
  @dorks = [
    'inurl:borrow.php?diskid='
  ]

  # Matches #
  @matches = [

    # Export as pdf link
    { text: '<a href="index.php?export=pdf&amp;ext=.pdf"><img src="images/pdfexport.png" /></a>' },

    # HTML Comment
    { text: '<!-- /content --><!-- footer.tpl -->' },

    # VideoDB RSS link
    { text: '<link rel="alternate" type="application/rss+xml" title="VideoDB RSS" href="index.php?export=rss" />' },

    # Meta Description
    { text: "<meta name='description' content='VideoDB' />" },
    { text: '<meta name="description" content="VideoDB" />' },

    # Version Detection # Footer
    { version: /<a href="http:\/\/www\.splitbrain\.org\/go\/videodb" class="splitbrain">v\.([^<]+)<\/a>/ },
    { version: /<div id="footerversion">[\s]*<a href="http:\/\/www\.videodb\.net">v([^<]+)<\/a>[\s]*<\/div>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Cookies
    if target.headers["set-cookie"] =~ /VDBuserid=/ && target.headers["set-cookie"] =~ /VDBusername=/ && target.headers["set-cookie"] =~ /VDBpassword=/
      m << { name: "Cookies" }
    end

    # Return passive matches
    m
  end
end

#VideoShareEnterpriseObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/video-share-enterprise.rb', line 9

WhatWeb::Plugin.define "VideoShareEnterprise" do
  @author = "Brendan Coles <bcoles at gmail dot com>" # 2010-06-20
  @version = "0.1"
  @description = "online video sharing community web application"
  @website = "http://www.alstrasoft.com"

  @matches = [

    # 34 results @ 2010-06-19
    { name: 'GHDB: "Powered By AlstraSoft Video Share Enterprise"',
      certainty: 75,
      ghdb: '"Powered By AlstraSoft Video Share Enterprise"' },

    { name: 'default html comment',
      certainty: 100,
      text: '<!--!!!!!!!!!!!!!!!!!!!!!!!!! Processing SCRIPT !!!!!!!!!!!!!!!!!!!-->' }

  ]
end

#VidiScriptObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/vidiscript.rb', line 9

WhatWeb::Plugin.define "VidiScript" do
  @author = "Brendan Coles <[email protected]>" # 2011-02-24
  @version = "0.1"
  @description = "VidiScript - video sharing script"
  @website = "http://www.VidiScript.com"

  # Google results as at 2011-02-24 #
  # 286 for "powered by VidiScript"

  # Dorks #
  @dorks = [
    '"powered by VidiScript"'
  ]

  # Matches #
  @matches = [

    # Powered by text
    { text: '<span  style="font-size:12px"><a href="http://www.VidiScript.com"><b>Free Open Source Video Script</b></a>&nbsp;Powered By&nbsp;<a href="http://www.VidiScript.com"><b>VidiScript.com</b></a> |    <b>' },

    # Powered by text
    { text: "<a href='http://www.VidiScript.com'><b>Free Video Script</b></a>&nbsp;Powered By&nbsp;<a href='http://www.VidiScript.com'><b>VidiScript.com</b></a>" },

  ]
end

#ViewVCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-03-19 # Added local file path aggressive match



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/whatweb/plugins/viewvc.rb', line 12

WhatWeb::Plugin.define "ViewVC" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-18
  @version = "0.2"
  @description = "ViewVC (formerly known as ViewCVS) is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions."
  @website = "http://viewvc.tigris.org/"

  # Google results as at 2011-03-19 #
  # 288 for "Powered by viewvc"
  # 107 for inurl:viewvc.cgi ext:cgi
  #  99 for inurl:viewcvs.cgi ext:cgi

  # Matches #
  @matches = [

    # Title
    { text: '<title>ViewVC Repository Listing</title>' },

    # HTML Comment
    { text: '<!-- ViewVC :: http://www.viewvc.org/ -->' },
    { text: '<!-- ViewCVS -- http://viewcvs.sourceforge.net/' },

    # Version Detection # Powered by link
    { version: /<td>Powered by <a href="http:\/\/viewvc.tigris.org\/">ViewVC ([^<]+)<\/a><\/td>/ },
    { version: /Powered by <a href="http:\/\/viewcvs.sourceforge.net\/">ViewCVS ([^<]+)<\/a><\/td>/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="ViewVC ([^"]+)" \/>/ },
    { version: /<meta name="generator" content="ViewCVS ([^"]+)">/ },

  ]

  # Aggressive #
  def aggressive(target)
    m = []

    # Local File Path Detection # Find application base path
    if /^[^\n]*\/(viewcvs|viewvc)/i.match?(target.uri.path)

      # Generate Random File Name
      random_fname = rand(36**6).to_s(36)

      # Detect /viewcv/ or /viewcvs/
      target_url = target.uri.path.scan(/^([^\n]*\/viewvc\/|[^\n]*\/viewcvs\/)/i).flatten.first + "/*docroot*/" + random_fname if target.uri.path =~ /^([^\n]*\/viewvc\/|[^\n]*\/viewcvs\/)/i

      # Detect /viewvc or /viewcvs
      target_url = target.uri.path.scan(/^([^\n]*\/viewvc$|^[^\n]*\/viewcvs$)/i).flatten.first + "/*docroot*/" + random_fname if target.uri.path =~ /^([^\n]*\/viewvc$|[^\n]*\/viewcvs$)/i

      # Detect /viewvc.cgi or /viewcvs.cgi
      target_url = target.uri.path.scan(/^([^\n]*\/viewvc\.cgi|[^\n]*\/viewcvs\.cgi)/i).flatten.first + "/*docroot*/" + random_fname if target.uri.path =~ /^([^\n]*\/viewvc\.cgi|[^\n]*\/viewcvs\.cgi)/i

      # Open application base url + "/*docroot*/" + random filename
      unless target_url.nil?

        url = URI.join(target.uri.to_s, target_url).to_s
        new_target = WhatWeb::Target.new(url)

        # Extract local file path
        m << { filepath: new_target.body.scan(/\(\[Errno 2\] No such file or directory: '([^']+)#{random_fname}'\)/).flatten } if body =~ /\(\[Errno 2\] No such file or directory: '([^']+)#{random_fname}'\)/

      end

    end

    # Return aggressive matches
    m
  end
end

#VikingObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/viking.rb', line 12

WhatWeb::Plugin.define "Viking" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-07
  @version = "0.2"
  @description = "Viking is an all-in-one server that provides everything from HTTP and FTP to Gopher, IRC, and NTP; with firewalling, proxying and more"
  @website = "http://www.robtex.com/viking.html"

  # ShodanHQ results as at 2011-03-07 #
  # 22 for Viking -realm -apache -IIS

  @matches = [

    # HTTP Server Header
    { regexp: /^Viking/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Viking\/([^\s]{1,15})/, search: "headers[server]" },

  ]
end

#VimeoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/vimeo.rb', line 9

WhatWeb::Plugin.define "Vimeo" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-22
  @version = "0.1"
  @description = "Vimeo.com video player"
  @website = "http://vimeo.com/"

  # Matches #
  @matches = [

    # param|embed|object Source
    { regexp: /<(param|object|embed) [^>]+vimeo\.com\/moogaloop/i },

    # iframe
    { regexp: /<iframe [^>]*src=['"]https?:\/\/player\.vimeo\.com\/video\// },

  ]
end

#VirtualminObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/virtualmin.rb', line 9

WhatWeb::Plugin.define "Virtualmin" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-14
  @version = "0.1"
  @description = "Virtualmin is a powerful and flexible web server control panel based on the well-known Open Source web-based systems management GUI, Webmin."
  @website = "http://www.virtualmin.com/"

  # Dorks #
  @dorks = [
    '"Forgot your Virtualmin password?"'
  ]

  @matches = [

    # 25 results @ 2010-06-14
    { name: 'GHDB: "Forgot your Virtualmin password?"',
      certainty: 75,
      ghdb: '"Forgot your Virtualmin password?"' },

    # this text is the same for every language
    { name: "virtualmin default text",
      text: '<center><a href=/virtualmin-password-recovery/>Forgot your Virtualmin password?</a></center>' }

  ]
end

#VirtueMartObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/virtuemart.rb', line 9

WhatWeb::Plugin.define "VirtueMart" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-23
  @version = "0.1"
  @description = "VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System (CMS) called Joomla!. Joomla! and VirtueMart are written in PHP and can be used in typical PHP/MySQL environments."
  @website = "http://virtuemart.net/"

  # ShodanHQ results as at 2011-05-23 #
  # 8,747 for virtuemart

  # Matches #
  @matches = [

    # div id vmMainPage
    { certainty: 25, regexp: /<div id=["']vmMainPage/ },

    # Absolute registration URL without Search Engine Friendly (SEF) mode
    { certainty: 75, text: 'href="/index.php?option=com_virtuemart&amp;page=shop.registration">' },

  ]

  # Passive #
  def passive(target)
    m = []

    # virtuemart cookie
    m << { name: "virtuemart cookie" } if target.headers["set-cookie"] =~ /virtuemart=[a-z\d]{26,32}/

    # Return passive matches
    m
  end
end

#ViscachaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/viscacha.rb', line 9

WhatWeb::Plugin.define "Viscacha" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-15
  @version = "0.1"
  @description = "Viscacha is a free bulletin board system with an integrated content management system."
  @website = "http://www.viscacha.org/"

  # 268 results for "powered by Viscacha"
  # 86 for "powered by Viscacha" "The Viscacha Project" inurl:register.php

  # Dorks #
  @dorks = [
    '"powered by Viscacha" "The Viscacha Project" inurl:register.php'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="Viscacha (http://www.viscacha.org)" />' },

    # Meta Copyright
    { text: '<link rel="copyright" href="http://www.viscacha.org" />', certainty: 75 },

    # Version detection # Powered by footer
    { version: /Powered by <strong><a[^>]+href="http:\/\/www\.viscacha\.org" target="_blank">Viscacha ([^<]+)<\/a>/ },

  ]
end

#VisecObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/visec.rb', line 9

WhatWeb::Plugin.define "Visec" do
  @author = "Brendan Coles <[email protected]>" # 2012-06-05
  @version = "0.1"
  @description = "Visec - Surveillance Software"
  @website = "http://www.visec.net/"

  # ShodanHQ results as at 2012-06-05 #
  # 38 for visec

  # Google results as at 2012-06-05 #
  # 1 for intitle:"VISEC - Login" "Please enter a password to log into VISEC"

  # Dorks #
  @dorks = [
    'intitle:"VISEC - Login" "Please enter a password to log into VISEC"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { regexp: /<!--wml-->\s+<!--bad-->/ },

    # /favicon.ico
    { url: "/favicon.ico", md5: "2e5e985fe125e3f8fca988a86689b127" },

    # Server # Version Detection
    { search: "headers[server]", version: /^VISEC\/([^\s]+)$/ },

  ]
end

#VisionWEBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/whatweb/plugins/visionweb.rb', line 9

WhatWeb::Plugin.define "VisionWEB" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-01
  @version = "0.1"
  @description = "VisionWEB - video server web interface - Homepage [offline]: http://www.cieffe.com/"

  # ShodanHQ results as at 2012-09-01 #
  # 463 for IWeb/1.0

  # Google results as at 2012-09-01 #
  # 6 for intitle:"VisionWEB" "Insignis Technologies"

  # Dorks #
  @dorks = [
    'intitle:"VisionWEB" "Insignis Technologies"'
  ]

  # Matches #
  @matches = [

    # HTTP Server Header
    { certainty: 75, search: "headers[server]", regexp: /^IWeb\/([^\s]+)/ },

    # / # Version Detection # JavaScript
    { version: /VarPageTitle="Proxima\d? DVMS VisionWEB v([^\s^"]+)";/ },

    # / # Footer
    { text: '<b>CIEFFE srl</b> - "We power Your eyes"<br' },

    # / # Meta Copyright # Year Detection
    { string: /<meta name="COPYRIGHT" content="&copy; 2001-(2[\d]{3}) Insignis Technologies"/ },

  ]
end

#VisualRouteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/visualroute.rb', line 12

WhatWeb::Plugin.define "VisualRoute" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-02
  @version = "0.2"
  @description = "Traceroute and network diagnostic tool"
  @website = "http://www.visualroute.com/"

  # ShodanHQ results as at 2011-06-02 #
  # 24 for VisualRoute

  @matches = [

    # HTTP Server Header
    { regexp: /^VisualRoute /, search: "headers[server]" },

    # HTTP Server Header # Version Detection
    { version: /^VisualRoute \((tm|R)\) ([^\s]+)$/, offset: 1, search: "headers[server]" },

    # HTTP Server Header # Edition Detection
    { string: /^VisualRoute \((tm|R)\) ([\d]{4} .+ Edition) \(v([^\)]+)\)$/, offset: 1, search: "headers[server]" },

    # HTTP Server Header # Version Detection
    { version: /^VisualRoute \((tm|R)\) ([\d]{4} .+ Edition) \(v([^\)]+)\)$/, offset: 2, search: "headers[server]" },

  ]
end

#VPONObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/vpon.rb', line 9

WhatWeb::Plugin.define "VPON" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-20
  @version = "0.1"
  @description = "Video Picture on Net (VPON) is a remote video web server"
  @website = "http://www.vpon21.com/"
  # Default login: webmonitor/oyo

  # Google results as at 2011-04-20 #
  # 5 for inurl:"start.htm?scrw="

  # ShodanHQ results as at 2011-04-20 #
  # 256 for VPON Server

  # Dorks #
  @dorks = [
    'inurl:"start.htm?scrw="'
  ]

  # Matches #
  @matches = [

    # Version Detection # /ctrl_ver.js
    { url: "/ctrl_ver.js", version: /^var live_video_control_version ="([^"]+)";/ },

    # Model Detection # /ctrl_ver.js
    { url: "/ctrl_ver.js", model: /^var vpon_platform = "([^"]+)";/ },

    # Version Detection
    { search: "headers[server]", version: /^VPON Server\/([\d\.]+)$/ },

  ]
end

#vqServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/vqserver.rb', line 9

WhatWeb::Plugin.define "vqServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-07
  @version = "0.1"
  @description = "vqServer is multi-platform compatible. vqServer is a personal web server with support for password protection, file uploading, Java servlets and CGI scripts."

  # ShodanHQ results as at 2011-08-07 #
  # 7 for vqserver

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if target.headers["server"] =~ /^vqServer\/([^\s]+) The world's most friendly web server$/
      m << { version: $1.to_s }
    end

    # Return passive matches
    m
  end
end

#vTigerCRMObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/vtigercrm.rb', line 9

WhatWeb::Plugin.define "vTigerCRM" do
  @author = "Aung Khant <http://yehg.net/>" # 2011-02-04
  @version = "0.1"
  @description = "vTigerCRM - http://www.vtiger.com/"

  @matches = [

    { name: 'favicon md5', url: '/themes/images/vtigercrm_icon.ico', md5: 'd90cc1762bf724db71d6df86effab63c' },

    { name: 'favicon md5', url: '/include/images/vtigercrm_icon.ico', md5: 'd90cc1762bf724db71d6df86effab63c' },

    { name: 'stats img', text: '<img src=\'http://stats.vtiger.com/stats.php?uid=' },

    { version: /<span style='color: rgb\([\d]{1,3}, [\d]{1,3}, [\d]{1,3}\);'>vtiger CRM ([^<]*)<\/span>/ },

    { name: 'copyright footer', regexp: /&copy; 200[\d]{1}\-\d{4} <a href='http:\/\/www.vtiger.com' target='_blank'>vtiger.com<\/a>/ },

    { name: 'html body favicon', text: '/vtigercrm_icon.ico">' }

  ]
end

#VTSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/vts.rb', line 12

WhatWeb::Plugin.define "VTS" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-02
  @version = "0.2"
  @description = "VTS Server"

  # 123 ShodanHQ results for Server: VTS
  # 103 ShodanHQ results for Set-Cookie: VTS=

  @matches = [

    # Error Page # Default HTML
    { status: 401, regexp: /<html>\r\n<head>\r\n<title>Error Message<\/title>\r\n<link rel="stylesheet" href="\/VTS.css">\r\n\r\n<\/head>\r\n<body class=error>\r\n<h1>Error Message<\/h1>\r\n<p>Error Code 401.\r\n<p>Message: Unauthorized.\r\n<p>Description: 401 = No permission -- see authorization schemes./ },

    # HTTP Server Header
    { regexp: /VTS /, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /VTS ([\d\.]+)/, search: "headers[server]" },

    # Version Detection # HTTP Set-Cookie Header
    { version: /^VTS=([\d\.]+)/, search: "headers[set-cookie]" },

  ]
end

#W3MFCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/w3mfc.rb', line 9

WhatWeb::Plugin.define "W3MFC" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-01
  @version = "0.1"
  @description = "W3Mfc is a collection of MFC classes to implement a Web Server"
  @website = "http://www.naughter.com/w3mfc.html"

  # ShodanHQ results as at 2010-11-01 #
  # 5,486 for "Server: W3MFC"

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^W3MFC\/([\d\.]+)$/ },

  ]
end

#WampServerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/whatweb/plugins/wampserver.rb', line 9

WhatWeb::Plugin.define "WampServer" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-16
  @version = "0.1"
  @description = "WampServer is a Windows web development environment. It allows you to create web applications with Apache, PHP and the MySQL database. It also comes with PHPMyAdmin to easily manage your databases."
  @website = "http://www.wampserver.com/"

  # Google results as at 2011-03-16 #
  # 53 for "Server Configuration" intitle:"WAMPSERVER Homepage"

  # Passive #
  def passive(target)
    m = []

    # Title and h1 heading
    if target.body =~ /<h1><abbr title="Windows">W<\/abbr><abbr title="Apache">A<\/abbr><abbr title="MySQL">M<\/abbr><abbr title="PHP">P<\/abbr><\/h1>/ && target.body =~ /<title>WAMPSERVER Homepage<\/title>/

      m << { name: "Title and h1 heading" }

      # Version Detection
      m << { version: target.body.scan(/<ul class="utility">[\s]*<li>Version ([\d\.]+)[\s]*<\/li>/) } if target.body =~ /<ul class="utility">[\s]*<li>Version ([\d\.]+)[\s]*<\/li>/

    end

    # Return passive matches
    m
  end
end

#WANemObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/wanem.rb', line 9

WhatWeb::Plugin.define "WANem" do
  @author = "Brendan Coles <[email protected]>" # 2012-09-08
  @version = "0.1"
  @description = "WANem is a Wide Area Network emulator designed by Performance Engineering Research Centre, TATA Consultancy Services, Mumbai."
  @website = "http://wanem.sourceforge.net/"

  # Matches #
  @matches = [

    # / # Version Detection # Body Heading
    { version: /<html><body><h1>WANem v([^\s^:]+): It works\!<\/h1><\/body><\/html>/ },

    # /WANem/about.html # Version Detection
    { url: '/WANem/about.html', version: /<b>WANem v([^\s^<]+)<\/b><br>/ },

    # /WANem/title.html # Title
    { url: '/WANem/title.html', text: '<TITLE>Welcome to WANem</TITLE>' },

  ]
end

#WarningObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/warning.rb', line 9

WhatWeb::Plugin.define "Warning" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-07
  @version = "0.1"
  @description = "The warning header contains additional information about the status of a response that might not be reflected by the response status code. According to RFC2616 section 14.46, if a cache returns a stale response, either because of a max-stale directive on a request, or because the cache is configured to override the expiration time of a response, the cache MUST attach a Warning header to the stale response, using Warning 110 (Response is stale)."
  @website = "http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.46"

  # More info #
  # http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
  # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    m << { string: target.headers["warning"].to_s } unless target.headers["warning"].nil?

    # Return passive matches
    m
  end
end

#WeatimagesObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/weatimages.rb', line 9

WhatWeb::Plugin.define "Weatimages" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-28
  @version = "0.1"
  @description = "Weatimages is very easy to use program that allows you to organize powerful web-based photo albums on your website in a minimal time. To publish photo album you just need to put one file from Weatimages distributive to a separate website directory containing your photos or folders (which become sub-albums) with your photos."
  @website = "http://nazarkin.name/projects/weatimages/"

  # 289 results for "powered by Weatimages" @ 2010-08-28
  # 129 results for "powered by Weatimages" intitle:Albums @ 2010-08-28

  @matches = [

    # CSS
    { text: '<div align="center" class="weatimages_toppest_navig" style="text-decoration:underline;">' },

    # Meta generator
    { text: '<meta name="Generator" content="Weatimages"/>' },

    # Powered by text
    { text: 'Powered by <a href="http://nazarkin.name/projects/weatimages/">Weatimages</a>' },

  ]
end

#Web2Object

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/web2.rb', line 12

WhatWeb::Plugin.define "Web2" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-11
  @version = "0.2"
  @description = "A nice web server, easy to setup! lots of features including cgi, ssi, aliasing, virtual domains and more! - Homepage : Way Back Machine [2005-04-01] - http://web.archive.org/web/20050401233601/http://dink.org/"
  # Homepage [Offline] : http://dink.org/web2/

  # ShodanHQ results as at 2011-03-11 #
  # 66 for Web/2 v1
  # 48 for Web/2 v1.3x

  @matches = [

    # HTTP Server Header
    { os: "Mac OS/2", regexp: /^Web\/2 /, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { os: "Mac OS/2", version: /^Web\/2 v([^\r^\n]+)$/, search: "headers[server]" },

  ]
end

#web2ProjectObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/web2project.rb', line 9

WhatWeb::Plugin.define "web2Project" do
  @author = "Brendan Coles <[email protected]>" # 2012-11-02
  @version = "0.1"
  @description = "web2Project is a Free Open Source business-oriented Project Management System (PMS)"
  @website = "http://web2project.net/"

  # ShodanHQ results as at 2012-11-04 #
  # 63 for web2project

  # Google results as at 2012-11-02 #
  # 21 for "Fatal Error. You haven't created a config file yet." "Click Here To Start Installation and Create One! (forwarded in 5 sec.)"
  #  6 for inurl:"install/index.php" "Welcome to the web2Project Update Manager!"
  #  2 for intitle:"web2Project Development :: web2Project Login"

  # Dorks #
  @dorks = [
    '"Fatal Error. You haven\'t created a config file yet." "Click Here To Start Installation and Create One! (forwarded in 5 sec.)"'
  ]

  # Matches #
  @matches = [

    # Title
    { text: '<title>web2Project Development :: web2Project Login</title>' },

    # Install Redirect Page
    { text: "</head><body>Fatal Error. You haven't created a config file yet.<br/><a href=" },

    # Meta Version # Version Detection
    { certainty: 25, version: /<meta name="Version" content="([^"^\s]+)" \/>/ },

    # web2project Cookie
    { search: "headers[set-cookie]", regexp: /web2project=[^;]+;/ },

  ]
end

#Web2pyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

2014-10-13 # Napz



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/web2py.rb', line 11

WhatWeb::Plugin.define "Web2py" do
  @author = "Napz <[email protected]>"
  @version = "0.1"
  @description = "Web2py - Free open source full-stack framework written in Pytho"
  @website = "http://www.web2py.com/"

  # Dorks #
  @dorks = [
    '"powered by Web2py"'
  ]

  # Matches #
  @matches = [

    { search: "headers[x-powered-by]", string: /web2py/ },
    { text: '<div id="serendipityLeftSideBar">' },

  ]
end

#webbackdoorObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

setting passive might produce a lot of false positives



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/whatweb/plugins/webbackdoor.rb', line 11

WhatWeb::Plugin.define "webbackdoor" do
  @author = "Aung Khant, http://yehg.net"
  @version = "0.1"
  @description = "Detect common web doors (asp,jsp,php,jsp,pl,cgi)  using fuzz-db list and others"

  @matches = [
    # generic
    { string: 'michaeldaw.org backdoor collection', text: "<!--    http://michaeldaw.org " },
    { string: 'michaeldaw.org backdoor collection', text: "by DK (http://michaeldaw.org) -->" },
    { string: 'backdoor kit collection', text: "<!--\n\n_KIT\n" },
    { string: 'Woan backdoor kit collection', text: "<!-- Created by Mark Woan (http://www.woany.co.uk) -->" },

    # jsp

    # passive
    { string: 'jsp-reverse.jsp', regexp: /<h1>JSP Backdoor Reverse Shell<\/h1>/ },

    # agressive
    { string: 'browser.jsp', url: 'browser.jsp', regexp: /<input title="Launch command in current directory" type="Submit" class="button" name="Submit" value="Launch command">|<small>jsp File Browser version/ },
    { string: 'cmd.jsp', url: 'cmd.jsp', tag_pattern: "html,body,form,input,input,/form,pre,/pre,/body,/html" },
    { string: 'cmd.jsp', url: 'cmd.jsp', regexp: /<FORM METHOD="GET" NAME="myform" ACTION="">(\r\n|\n)<INPUT TYPE="text" NAME="cmd">(\r\n|\n)<INPUT TYPE="submit" VALUE="Send">/ },
    { string: 'cmdjsp.jsp', url: 'cmdjsp.jsp', regexp: /<FORM METHOD=GET ACTION='cmdjsp.jsp'>(\r\n|\n)<INPUT name='cmd' type=text>(\r\n|\n)<INPUT type=submit value='Run'>(\r\n|\n)<\/FORM>/ },
    { string: 'jsp-reverse.jsp', url: 'jsp-reverse.jsp', regexp: /<h1>JSP Backdoor Reverse Shell<\/h1>/ },
    { string: 'jsp-reverse.jsp', url: 'jsp-reverse.jsp', regexp: /<form method="post">(\r\n|\n)IP Address(\r\n|\n)<input type="text" name="ipaddress" size=30>(\r\n|\n)Port(\r\n|\n)<input type="text" name="port" size=10>(\r\n|\n)<input type="submit" name="Connect" value="Connect">(\r\n|\n)/ },
    { string: 'list.jsp', url: 'list.jsp', regexp: /<HTML><BODY>(\r\n|\n)\t<FORM METHOD="POST" NAME="myform" ACTION="">(\r\n|\n)\t<INPUT TYPE="text" NAME="file">(\r\n|\n)\t<INPUT TYPE="submit" VALUE="Send">(\r\n|\n)\t<\/FORM>/ },
    { string: 'up.jsp', url: 'up.jsp', regexp: /<html>(\r\n|\n)<form name="test" method="post" action="" enctype="multipart\/form-data">(\r\n|\n)<input type="File" name="fichero">(\r\n|\n)<input type="Submit" value="Upload" name="Submit">(\r\n|\n)<\/form>/ },
    { string: 'cmd_win32.jsp', url: 'cmd_win32.jsp', regexp: /<HTML><BODY>(\r\n|\n)<FORM METHOD="POST" NAME="myform" ACTION="">(\r\n|\n)<INPUT TYPE="text" NAME="cmd">(\r\n|\n)<INPUT TYPE="submit" VALUE="Send">(\r\n|\n)<\/FORM>(\r\n|\n)<pre>/ },
    { string: 'up_win32.jsp', url: 'up_win32.jsp', regexp: /<html>(\r\n|\n)<form name="test" method="post" action="" enctype="multipart\/form-data">(\r\n|\n)<input type="File" name="fichero">(\r\n|\n)<input type="Submit" value="Upload" name="Submit">(\r\n|\n)<\/form>(\r\n|\n)<\/html>/ },
    { string: 'CmdServlet', url: 'CmdServlet', tag_pattern: 'html,body,hr,p,form,input,input,/form,hr,/pre,/body,/html' },
    { string: 'ListServlet', url: 'ListServlet', regexp: /<HTML>\n<HEAD>\n<TITLE>Directory Listing<\/TITLE>\n<\/HEAD>\n<BODY>\n<FONT Face=\"Courier New, Helvetica\" Color=\"Black\">\n/ },
    { string: 'UpServlet', url: 'UpServlet', tag_pattern: 'html,body,br,form,input,input,/form,/body,/html' },
    { string: 'UpServlet', url: 'UpServlet', regexp: /<html><body><br><form method="POST" action="" enctype="multipart\/form-data">UPLOAD <input type="file" name="file" size="60"><input type="submit" value="Upload">/ },
    # cfm
    # passive
    # agressive
    { string: 'cfexec.cfm', url: 'cfexec.cfm', regexp: /Notes:<br><br>(\r\n|\n)<ul>(\r\n|\n)<li>Prefix DOS commands with/ },
    { string: 'cmd.cfm', url: 'cmd.cfm', regexp: /<table>(\r\n|\n)<form method="POST" action="">(\r\n|\n) <tr>(\r\n|\n)  <td>Command:<\/td>(\r\n|\n)  <td> < input type=text name="cmd"/ },

    # cgi

    # passive
    { string: 'perlcmd.cgi', text: '<!-- Simple CGI backdoor by DK (http://michaeldaw.org) -->' },
    { string: 'perlcmd.cgi', text: '# <!--    http://michaeldaw.org   2006    -->' },
    { string: 'up.pl', text: '<a href="http://www.muquit.com/muquit/">Muhammad A Muquit' },

    # agressive

    # cgi, pl
    { string: 'cmd.pl', url: 'cmd.pl', tag_pattern: 'html,body,form,input,input,/form,pre,/pre' },
    { string: 'cmd.pl', url: 'cmd.pl', regexp: /<input type="submit" value="Run">(\r\n|\n)<\/form>(\r\n|\n)<pre>/ },
    { string: 'list.pl', url: 'list.pl', regexp: /<input type="submit" value="List">(\r\n|\n)<\/form>(\r\n|\n)Directory/ },
    { string: 'perlcmd.cgi', url: 'perlcmd.cgi', text: '<!-- Simple CGI backdoor by DK (http://michaeldaw.org) -->' },
    { string: 'perlcmd.cgi', url: 'perlcmd.cgi', text: '# <!--    http://michaeldaw.org   2006    -->' },
    { string: 'up.pl', url: 'up.pl', text: '<a href="http://www.muquit.com/muquit/">Muhammad A Muquit' },
    { string: 'cmd.cgi', url: 'cmd.cgi', regexp: /<input type="text" name="cmd">(\r\n|\n)<input type="submit" value="Send">/ },
    { string: 'cmdexe.cgi', url: 'cmdexe.cgi', regexp: /<input type="text" name="cmd">(\r\n|\n)<input type="submit" value="Send">/ },

  ]
end

#WebblerObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/webbler.rb', line 9

WhatWeb::Plugin.define "Webbler" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-05
  @version = "0.1"
  @description = "The Webbler is a powerful tool to build new websites or add additional areas or functionality to your existing website. It is a Content Management System (CMS) and an Application Toolkit that we customise to suit your needs."
  @website = "http://www.tincan.co.uk/Webbler"

  # ShodanHQ results as at 2011-04-05 #
  # 1 for WebblerSession

  # Google results as at 2011-05-04 #
  # 122 for "Powered by the Webbler"

  # Dorks #
  @dorks = [
    '"Powered by the Webbler"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="webbler ([^\s]+) - http:\/\/tincan\.co\.uk\/webbler"  \/?>/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Cookie
    m << { name: "WebblerSession Cookie" } if target.headers["set-cookie"] =~ /WebblerSession=/

    # Return passive matches
    m
  end
end

#WebDAVObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 0.3 # Added Server DAV/+ version detection



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/webdav.rb', line 15

WhatWeb::Plugin.define "WebDAV" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-25
  @version = "0.3"
  @description = "Web-based Distributed Authoring and Versioning (WebDAV) is a set of methods based on the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers. - More Info: http://en.wikipedia.org/wiki/WebDAV"

  # 22354 ShodanHQ results for MS-Author-Via: DAV
  # 323 ShodanHQ results for webdav
  # 110 ShodanHQ results for "DAV: 1,2,<http"

  @matches = [

    # Server DAV
    { regexp: /[^\r^\n]*DAV\//, search: "headers[server]" },

    # Version Detection # Server DAV
    { version: /[^\r^\n]*DAV\/([^\s^\r^\n]*)/, search: "headers[server]" },

    # MS-Author-Via
    { name: "MS-Author-Via HTTP Header", regexp: /^[\s]*DAV/, search: "headers[MS-Author-Via]" },

    # DAV
    { version: /[\s]*1,2,<http:\/\/([^>]+)>/, search: "headers[dav]" },

    # X-WebDAV-Status
    { name: "x-webdav-status HTTP Header", regexp: //, search: "headers[x-webdav-status]" },

  ]
end

#WebduinoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/webduino.rb', line 9

WhatWeb::Plugin.define "Webduino" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "Simple and extensible web server library for the Arduino using the Wiznet-based Ethernet shields."
  @website = "https://code.google.com/p/webduino/"

  # ShodanHQ results as at 2011-08-25 #
  # 19 for Webduino

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Webduino$/ },

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Webduino\/([^\s]+)/ },

  ]
end

#WebDVRObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/webdvr.rb', line 9

WhatWeb::Plugin.define "WebDVR" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-20
  @version = "0.1"
  @description = "Digital video recording system web fronend"

  # 125 Google results for intitle:"WEBDVR" -ext:php -ext:html -ext:asp @ 2010-07-20
  # http://www.hackersforcharity.org/ghdb/?function=detail&id=1352

  @matches = [

    { text: '<title>WebDVR</title>' },

    { text: '<TITLE>WEBDVR</TITLE>' },

    { text: '		alert("Direct Draw Overlay Mode: It is faster than GDI but only available on ATI Video Card and requires Direct 7 or above.\nIf you have other video cards than ATI, you shouldn\'t use this mode.");' },

    { text: '		alert("DirectDraw Video acceleration will be enabled if your VGA card supports Microsoft DirectX 8.1 or later.");' },

    { text: '		window.location="webdvr.html";' },

  ]
end

#webfsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/webfs.rb', line 12

WhatWeb::Plugin.define "webfs" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.2"
  @description = "This is a simple http server for mostly static content.  You can use it to serve the content of a ftp server via http for example."
  @website = "http://linux.bytesex.org/misc/webfs.html"

  # ShodanHQ results as at 2011-05-31 #
  # 4,713 for webfs

  @matches = [

    # HTTP Server Header
    { regexp: /^webfs\//, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^webfs\/([^\s]+)$/, search: "headers[server]" },

  ]
end

#WebgrindObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/webgrind.rb', line 9

WhatWeb::Plugin.define "Webgrind" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-05
  @version = "0.1"
  @description = "Webgrind is an Xdebug profiling web frontend in PHP5. It implements a subset of the features of kcachegrind and installs in seconds and works on all platforms."
  @website = "https://github.com/jokkedk/webgrind"

  # Google results as at 2011-03-05 #
  # 10 for intitle:"Webgrind" "profiling in the browser" +percent +milliseconds +microseconds

  # Dorks #
  @dorks = [
    'intitle:"Webgrind" "profiling in the browser" "percent" "milliseconds" "microseconds"'
  ]

  # Matches #
  @matches = [

    # different functions HTML
    { text: '<span id="invocation_sum"></span> different functions called in <span id="runtime_sum"></span> milliseconds (<span id="runs"></span> runs, <span id="shown_sum"></span> shown)' },

    # reloadFilelist image HTML
    { text: '<img class="list_reload" src="img/reload.png" onclick="reloadFilelist()">' },

    # Version detection # h1 title
    { version: /<h1>webgrind<sup style="font-size:10px">v([^<]+)<\/sup><\/h1>/ },

  ]
end

#WebGuardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2012-02-19 # Brendan Coles <[email protected]> Added aggressive logo match Added version detection Added google dork Removed JavaScript matches

Version 0.2 Removed :certainty=>100 & :name



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/whatweb/plugins/webguard.rb', line 18

WhatWeb::Plugin.define "WebGuard" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "Security surveillance"
  @website = "http://novuscctv.com/"

  # ShodanHQ results as at 2012-02-19 #
  # 618 for gsoap

  # Google results as at 2012-02-19 #
  # 61 for intitle:"WebGuard Login" "[LOGIN] [EXIT]"

  # Dorks #
  @dorks = [
    'intitle:"WebGuard Login" "[LOGIN] [EXIT]"'
  ]

  # Matches #
  @matches = [

    # Title
    { certainty: 75, text: '<title>WebGuard Login</title>' },

    # Login Page # body tag
    { text: '<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="GetInfo()" onResize="fit_center()">' },

    # Login Page # Logo HTML
    { text: '<table id=loginback border="0" cellpadding="0" cellspacing="0" background="images/login_venus_back.gif" width=480 height=175 style=\'POSITION:absolute\'>' },

    # Login Page # Password field
    { text: '<td align="left" valign="middle"><input name="login_passwd" type="password" class="noborder" size="26"></td>' },

    # /UISelect.js # Version Detection
    { url: "/UISelect.js", version: /var _VERSION = "<acronym title='([^']+)'><table border='0'/ },

    # /images/login_back.gif # Login Page Background Image
    { url: "/images/login_back.gif", md5: "4617667f3ec03b31a9971ff1c03da57e" },

    # / # Redirect Page
    { md5: "457dff12099372b8415b29e2e50c3910" },

  ]
end

#WeBidObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-08-23 # Added version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/webid.rb', line 12

WhatWeb::Plugin.define "WeBid" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-17
  @version = "0.1"
  @description = "Open source php/mysql fully featured auction script."
  @website = "http://www.webidsupport.com/"

  # ShodanHQ results as at 2011-06-17 #
  # 26 for WEBID_ONLINE

  # Google results as at 2011-06-17 #
  # 243 for "powered by WeBid"
  # 7 for "WeBid Installer" inurl:"install.php" ext:php

  # Dorks #
  @dorks = [
    '"powered by WeBid"'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="WeBid">' },

    # Year Detection # Powered by footer
    { string: /Powered by <a href="http:\/\/www\.webidsupport\.com\/">WeBid<\/a> &copy; 2008\s?[,-] ([\d]{4}) <a href="http:\/\/www\.webidsupport\.com\/">WeBid<\/a>/ },

    # WEBID_ONLINE cookie
    { search: "headers[set-cookie]", regexp: /WEBID_ONLINE=[a-f\d]{32};/ },

    # Version Detection # ./install/install.php
    { version: /<h1>WeBid Installer v([^\s^>]+)<\/h1>[\s]*<form name="form1" method="post" action="\?step=1">/ },

  ]
end

#WebIISObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/webiis.rb', line 9

WhatWeb::Plugin.define "WebIIS" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-10
  @version = "0.1"
  @description = "WebIIS - Mini ASP Web Server [Chinese]"

  # ShodanHQ results as at 2010-03-10 #
  # 933 for WebIIS: Mini ASP Web WebIIS
  # Most (931) results are from China

  # Passive #
  def passive(target)
    m = []

    # HTTP WebIIS Header
    m << { string: "ASP" } if target.headers["webiis"] =~ /^Mini ASP Web WebIIS$/

    # Return passive matches
    m
  end
end

#WebIssuesObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/webissues.rb', line 9

WhatWeb::Plugin.define "WebIssues" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-29
  @version = "0.1"
  @description = "WebIssues is an open source, multi-platform system for issue tracking and team collaboration."
  @website = "http://webissues.mimec.org/"

  # Google results as at 2012-03-29 #
  # 18 for intitle:"Log in to WebIssues" "Log in to WebIssues" "Manual"

  # Dorks #
  @dorks = [
    'intitle:"Log in to WebIssues" "Log in to WebIssues" "Manual"'
  ]

  # Matches #
  @matches = [

    # Login Page # Version Detection
    { version: /<div id="header-right">[\s]+WebIssues ([^\s]+) \| <a href=/ },

    # field-login-__formId
    { text: '<div><input type="hidden" name="__formId" id="field-login-__formId" value="login" />' },

  ]
end

#WebKnightObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/webknight.rb', line 12

WhatWeb::Plugin.define "WebKnight" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.2"
  @description = "AQTRONIX WebKnight is an application firewall for IIS and other web servers and is released under the GNU General Public License. More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator."
  @website = "http://www.aqtronix.com/?PageID=99"

  # ShodanHQ results as at 2011-03-14 #
  # 276 for WebKnight

  @matches = [

    # HTTP Server Header
    { regexp: /^WebKnight/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^WebKnight\/(.+)$/, search: "headers[server]" },

  ]
end

#WebmaticObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-19 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/webmatic.rb', line 12

WhatWeb::Plugin.define "Webmatic" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-29
  @version = "0.2"
  @description = "Webmatic CMS"
  @website = "http://www.webmatic.it/it/"

  # Google results as at 2010-08-29 #
  # 173 for "powered by Webmatic"

  # Macthes #
  @matches = [

    # Powered by text
    { text: 'Powered&nbsp;by&nbsp;<a href="http://www.webmatic.it">Webmatic</a>' },

    # Version Detection # Powered by text
    { version: / href="http:\/\/www.valarsoft.com"[^>]+>Powered by: Webmatic ([^<]+)<\/a>/i },

  ]
end

#WebObjectsObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/whatweb/plugins/webobjects.rb', line 9

WhatWeb::Plugin.define "WebObjects" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-19
  @version = "0.1"
  @description = "WebObjects is a Java web application server from Apple Inc., and a web application framework that runs on the server."
  @website = "http://www.apple.com/support/webobjects/"

  # ShodanHQ results as at 2011-05-19 #
  # 141 for "200 Apple WebObjects"
  # 143 for x-webobjects-loadaverage

  # Google results as at 2011-05-19 #
  # 88 for ext:woa

  # Dorks #
  @dorks = [
    'ext:woa'
  ]

  # Passive #
  def passive(target)
    m = []

    # x-webobjects-loadaverage
    m << { name: "x-webobjects-loadaverage" } unless target.headers["x-webobjects-loadaverage"].nil?

    # x-apple-application-instance
    m << { name: "x-apple-application-instance" } unless target.headers["x-apple-application-instance"].nil?

    # x-apple-application-site
    m << { name: "x-apple-application-site" } unless target.headers["x-apple-application-site"].nil?

    # x-webobjects-servlet
    m << { name: "x-webobjects-servlet" } unless target.headers["x-webobjects-servlet"].nil?

    # x-webobjects-server-name
    m << { name: "x-webobjects-server-name" } unless target.headers["x-webobjects-server-name"].nil?

    # x-webobjects-request-method
    m << { name: "x-webobjects-request-method" } unless target.headers["x-webobjects-request-method"].nil?

    # x-webobjects-adaptor-version
    m << { name: "x-webobjects-adaptor-version" } unless target.headers["x-webobjects-request-method"].nil?

    # x-webobjects-customenv
    m << { name: "x-webobjects-customenv" } unless target.headers["x-webobjects-customenv"].nil?

    # Return passive matches
    m
  end
end

#WebPAObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/webpa.rb', line 9

WhatWeb::Plugin.define "WebPA" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-25
  @version = "0.1"
  @description = "WebPA is an open source online peer assessment tool that enables every team member to recognise individual contributions to group work."
  @website = "http://www.webpaproject.com/"

  # Google results as at 2012-08-25 #
  # 12 for intitle:"WebPA OS" "Web-PA Login"

  # Dorks #
  @dorks = [
    'intitle:"WebPA OS" "Web-PA Login"'
  ]

  # Matches #
  @matches = [

    # Login Page # Logo HTML
    { string: /<td align="right"><div id="inst_logo"><img src="[^"]+" alt="([^"]*)" \/><\/div>/ },

    # Login Page # keep alive iframe
    { regexp: /<iframe src="https?:\/\/[^\/]+\/keep_alive\.php" height="1" width="1" style="display: none;">keep alive<\/iframe>/ },

    # /images/tool/appbar_webpa_logo.png
    { md5: "4bfb4898e9927666d6d5a35c7570a960", url: "/images/tool/appbar_webpa_logo.png" },

  ]
end

#WebPressObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-25 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/whatweb/plugins/webpress.rb', line 12

WhatWeb::Plugin.define "WebPress" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-18
  @version = "0.2"
  @description = "WebPress is the foundation on which we build web sites. It.s our unique Content Management System (CMS), flexible enough for us to build your dream site, and easy enough for you to maintain it yourself."
  @website = "http://www.goywp.com/view/cms"

  # Google results as at 2010-07-18 #
  # 9 for +"powered by WebPress"

  # Matches #
  @matches = [

    # Powered by text
    { text: 'Powered By <a href="http://www.ecomenterprises.com" target="_blank" class="small_text">WebPress</a><SUP><FONT SIZE="-5">TM</FONT></SUP></td>' },

    { text: 'Powered by <a href="http://goywp.com" id="webpresslink">WebPress</a><br></p></td>' },

    { text: 'Powered by </font><font size="1" color="#000000" face="Arial">YWP</font>' },

    # Version Detection # Powered bt HTML comment
    { version: /<!-- Powered by YWP ([\d\.]+) -->/ },

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="YWP ([\d\.]+)">/ },

  ]
end

#WebSideStoryObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/websidestory.rb', line 9

WhatWeb::Plugin.define "WebSideStory" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "On-Demand Web Analytics For Optimizing Online Business Performance
  HBX Analytics service is a comprehensive on-demand web analytics solution, delivering up-to-the second insight into online visitor and customer behavior."
  @website = "http://www.websidestory.com/"

  # 25 results for "powered by WEBSIDESTORY" @ 2010-10-14

  @matches = [

    # HTML comments
    { text: '<!-- WebSideStory HTML for Search -->' },
    { text: '<!--END WEBSIDESTORY CODE-->' },
    { regexp: /<!--COPYRIGHT 1997-[0-9]{4} WEBSIDESTORY,INC. ALL RIGHTS RESERVED. U.S.PATENT No. 6,393,479B1. MORE INFO:http:\/\/websidestory.com\/privacy-->/ },

    # Version detection # HTML comments
    { version: /<!--WEBSIDESTORY CODE ([^\ ]+) / },

    # Powered by text

    { text: 'Search powered by <a class="external" href="http://www.websidestory.com/">WebSideStory</a>' },
    { text: '<a href="http://websidestory.com/" target="_blank">Powered by WebSideStory</a>' },

  ]
end

#WebSiteProObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/websitepro.rb', line 9

WhatWeb::Plugin.define "WebSitePro" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.1"
  @description = "WebSitePro is an HTTP web server for Microsoft Windows. The 16-bit web server software was originally developed by Bob Denny in 1994 for Windows 3.1. WebSite Professional is now published by Deerfield.com under the name Deerfield WebSite, as of August 20, 2001."
  @website = "http://website.ora.com/"

  # More info #
  # http://en.wikipedia.org/wiki/WebSitePro
  # http://websitepro.com.ua/

  # ShodanHQ results as at 2011-06-04 #
  # 1,344 for WebSitePro

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^WebSitePro\/([^\s]+)/ },

  ]
end

#WebSocketObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/websocket.rb', line 9

WhatWeb::Plugin.define "WebSocket" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-27
  @version = "0.1"
  @description = "WebSocket is a technology providing for bi-directional, full-duplex communications channels, over a single Transmission Control Protocol (TCP) socket. - More info: https://secure.wikimedia.org/wikipedia/en/wiki/WebSocket - Protocol: https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-12"

  # ShodanHQ results as at 2011-08-27 #
  # 48 for Upgrade: websocket
  #  1 for Sec-WebSocket

  # Matches #
  @matches = [

    # Upgrade Header
    { search: "headers[upgrade]", regexp: /^WebSocket$/i },

    # WebSocket-Location Header
    { search: "headers[websocket-location]", string: /^(wss?:\/\/.+)/ },

    # Sec-WebSocket-Location Header
    { search: "headers[sec-websocket-location]", string: /^(wss?:\/\/.+)/ },

    # Sec-WebSocket-Version-Server Header
    { search: "headers[sec-websocket-version-server]", version: /(.+)/ },

    # Sec-WebSocket-Protocol Header
    { search: "headers[sec-websocket-protocol]", module: /(.+)/ },

  ]
end

#webSPELLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2012-02-22 # Added Google dorks Added cookie match



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/whatweb/plugins/webspell.rb', line 13

WhatWeb::Plugin.define "webSPELL" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.2"
  @description = "webSPELL is a free Content Management System which was especially developed for the needs of esport related communities."
  @website = "http://www.webspell.org/"

  # ShodanHQ results as at 2012-02-22 #
  # 326 for ws_session

  # Google results as at 2011-03-14 #
  # 92 for "this site is using the webspell script version" -dork

  # Dorks #
  @dorks = [
    '"this site is using the webspell script version" -dork'
  ]

  # Matches #
  @matches = [

    # Meta Generator
    { text: '<meta name="generator" content="webSPELL" />' },

    # Version Detection # This site is using link
    { version: /This site is using the <a href="http:\/\/www.webspell.org" target="[^"]+">webSPELL (Free Content Management System|script) \(version: ([^\)]+)\)[\s]*<\/a>/, offset: 1 },

    # Version Detection # This site is using link # German
    { version: /Diese Seite benutzt das <a href="http:\/\/www.webspell.org" target="[^"]+">webSPELL Script \(Version: ([^\)]+)\)[\s]*<\/a>/ },

    # ws_session Cookie
    { certainty: 75, search: "headers[set-cookie]", regexp: /ws_session=[a-z\d]+;/ },

  ]
end

#WebspotBloggingObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/webspotblogging.rb', line 9

WhatWeb::Plugin.define "WebspotBlogging" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.1"
  @description = "Old blog"
  @website = "http://www.webspot.co.uk/"

  # 13 results for "powered by WebspotBlogging" @ 2010-08-21

  def passive(target)
    m = []

    if /Powered By <a href='http:\/\/www.webspot.co.uk\/' target='_blank'>WebspotBlogging<\/a> v[\d\.]+<BR>/.match?(target.body)
      version = target.body.scan(/Powered By <a href='http:\/\/www.webspot.co.uk\/' target='_blank'>WebspotBlogging<\/a> v([\d\.]+)<BR>/)[0][0]
      m << { version: version }
    end

    m
  end
end

#WebSVNObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/whatweb/plugins/websvn.rb', line 9

WhatWeb::Plugin.define "WebSVN" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-04
  @version = "0.1"
  @description = "WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view compare two versions of a file so as to see exactly what was changed in a particular revision. Since it's written using PHP, WebSVN is very portable and easy to install."
  @website = "http://www.websvn.info/"

  # ShodanHQ results as at 2011-06-04 #
  # 2 for listing.php repname

  # Google results as at 2011-06-04 #
  # 311 for inurl:"comp.php?repname="
  # 290 for "Powered by WebSVN 2.3.2 and Subversion"
  # 203 for "Powered by WebSVN * and Subversion"

  # Dorks #
  @dorks = [
    'inurl:"comp.php?repname="',
    '"Powered by WebSVN * and Subversion"'
  ]

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta http-equiv="generator" content="WebSVN ([^"]+)"[\s]?\/>/ }, # "

    # WebSVN RSS link
    { text: '<link rel="alternate" type="application/rss+xml" title="WebSVN RSS" href="rss.php?repname=' },
    { text: "<link rel='alternate' type='application/rss+xml' title='WebSVN RSS' href='rss.php?repname=" },

    # Aggressive # templates/BlueGrey/images/favicon.ico
    { md5: "beb816a701a4cee3c2f586171458ceec", url: "templates/BlueGrey/images/favicon.ico" },

    # Aggressive # templates/BlueGrey/images/websvn.png
    { md5: "b2bb1d54c7bab453c0e054b31b6919e4", url: "templates/BlueGrey/images/websvn.png" },

  ]

  # Passive #
  def passive(target)
    m = []

    # Powered by text
    if /Powered by <a href="http:\/\/www\.websvn\.info\/">WebSVN<\/a> ([^\s]+) and <a href="http:\/\/subversion\.tigris\.org">Subversion<\/a> [^\s]+ &nbsp; &nbsp; &#x2713;/.match?(target.body)

      # Version Detection
      m << { version: target.body.scan(/Powered by <a href="http:\/\/www\.websvn\.info\/">WebSVN<\/a> ([^\s]+) and <a href="http:\/\/subversion\.tigris\.org">Subversion<\/a> [^\s]+ &nbsp; &nbsp; &#x2713;/).flatten }

      # Module Detection # Subversion
      m << { module: target.body.scan(/Powered by <a href="http:\/\/www\.websvn\.info\/">WebSVN<\/a> [^\s]+ and <a href="http:\/\/subversion\.tigris\.org">(Subversion)<(\/)a> ([^\s]+) &nbsp; &nbsp; &#x2713;/).flatten }

    end

    # Redirect Location
    if @status.to_s =~ /^302$/ && target.headers["location"] =~ /^listing\.php\?repname=[^\s]+$/
      m << { string: target.headers["location"].scan(/^listing\.php\?repname=([^\s]+)$/).flatten }
    end

    # Return passive matches
    m
  end
end

#WebYepObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/webyep.rb', line 9

WhatWeb::Plugin.define "WebYep" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-03
  @version = "0.1"
  @description = "WebYep is a compact Web Content Management System, making editable Websites extremely easy to create and maintain. Different to bigger WebCMS tools, WebYep offers a low priced alternative for small Websites. Requires: PHP"
  @website = "http://www.obdev.at/products/webyep/index.html"

  # Google results as at 2011-03-03 #
  # 36 for intitle:"WebYep Logon"

  # Matches #
  @matches = [

    # webyep-logon-en.php # Warning text
    { text: '<p class="warning">To edit these pages with WebYep you need to <strong>enable JavaScript</strong> in your Web' },

    # Default HTML Comment
    { text: '<html><!-- InstanceBegin template="/Templates/panels.dwt.php" codeOutsideHTMLIsLocked="false" -->' },

  ]
end

#WerkzeugObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/werkzeug.rb', line 9

WhatWeb::Plugin.define "Werkzeug" do
  @author = "Brendan Coles <[email protected]>" # 2015-04-30
  @version = "0.1"
  @description = "Werkzeug is a WSGI utility library for Python. - Homepage: http://werkzeug.pocoo.org/"

  # About 2667 ShodanHQ results for server:Werkzeug @ 2015-04-30

  @matches = [

    # HTTP Server Header
    { search: "headers[server]", version: /^Werkzeug\/([\d\.]+)/ },

    # 302 Page # Redirect Text
    { status: 302, certainty: 75, text: '<p>You should be redirected automatically to target URL:' },

  ]
end

#WhatsUpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/whatsup.rb', line 12

WhatWeb::Plugin.define "WhatsUp" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-24
  @version = "0.2"
  @description = "WhatsUp - Network and Server Management Software"
  @website = "http://www.whatsupgold.com/"

  # ShodanHQ results as at 2011-03-13 #
  # 1,127 for WhatsUp -Gold
  #   647 for WhatsUp -ipswitch

  @matches = [

    # HTTP Server Header
    { name: "HTTP Server Header", regexp: /^WhatsUp/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { string: "Gold", version: /^WhatsUp_Gold\/([\d\.]+)/, search: "headers[server]" },

    # WWW-Authenticate # HTTP Server Header
    { string: "Gold", certainty: 75, name: "WWW-Authenticate", regexp: /^Basic realm="WhatsUp[\s]?Gold"/, search: "headers[www-authenticate]" },

  ]
end

#WhiteBoardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-19 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/whiteboard.rb', line 12

WhatWeb::Plugin.define "WhiteBoard" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-15
  @version = "0.2"
  @description = "WhiteBoard is a fast, powerful, and free open source discussion board solution."
  @website = "http://sarosoftware.com/"

  # Google rsults as at 2010-08-15 #
  # 21 for "powered by Whiteboard"

  # Matches #
  @matches = [

    # Copyright text
    { text: '			&copy; <a href="http://www.powerwd.com">SaroSoftware</a><br />', certainty: 75 },

    # Version Detection # Powered by text
    { version: /Powered By WhiteBoard ([\d\.]+)<br \/>/ },

    # Version Detection # Powered by text HTML
    { version: /Powered By WhiteBoard <span id="version">([\d\.]+)<\/span><br \/>/ },

  ]
end

#WiFiDogObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/wifidog.rb', line 9

WhatWeb::Plugin.define "WiFiDog" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-23
  @version = "0.1"
  @description = "The Wifidog project is an open source captive portal solution. Requires: PHP and postgresql"
  @website = "http://dev.wifidog.org/"

  # 69 for "I am unable to retrieve the schema version. Either the wifidog database hasn't been created yet, the postgresql server is down, or pg_hba.conf does not allow your web server to connect to the wifidog database." +host +port +dbname
  #  4 for intitle:"Wifidog Auth-server installation and configuration" "Welcome to the WifiDog Auth-Server installation and configuration script"

  # Dorks #
  @dorks = [
    '"I am unable to retrieve the schema version. Either the wifidog database hasn\'t been created yet, the postgresql server is down, or pg_hba.conf does not allow your web server to connect to the wifidog database." "host" "port" "dbname"'
  ]

  # Matches #
  @matches = [

    # Title # Install Page
    { text: '<TITLE>Welcome - Wifidog Auth-server installation and configuration</TITLE>' },

    # Next Link
    { text: "<p><br></p><A HREF=\"#\" ONCLICK=\"document.myform.page.value = 'Prerequisites'; document.myform.action.value = ''; document.myform.submit();\" CLASS=\"submit\">Next</A>" },

    # Error page
    { text: "<html><body><h1>I am unable to retrieve the schema version. Either the wifidog database hasn't been created yet, the postgresql server is down, or pg_hba.conf does not allow your web server to connect to the wifidog database.</h1>" },

  ]
end

#WikidForumObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/wikidforum.rb', line 9

WhatWeb::Plugin.define "WikidForum" do
  @author = "Brendan Coles <[email protected]>" # 2012-03-13
  @version = "0.1"
  @description = "WikidForum is an open source free forum software combined with a Wiki which allows users to convert forum discussions into valuable Wiki articles."
  @website = "http://www.wikidforum.com/"

  # Google results as at 2012-03-13 #
  # 1 for intitle:"WikidForum Community Edition" intitle:"Installer"
  # 1 for "powered by WikidForum"

  # Dorks #
  @dorks = [
    'intitle:"WikidForum Community Edition" intitle:"Installer"',
    '"powered by WikidForum"'
  ]

  # Matches #
  @matches = [

    # Powered by link
    { text: 'Powered by <a href="http://www.wikidforum.com" title="wikidforum.com">WikidForum</a>' },

  ]
end

#WikiWebHelpObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/wikiwebhelp.rb', line 9

WhatWeb::Plugin.define "WikiWebHelp" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-14
  @version = "0.1"
  @description = "wikiWebHelp - Client side is pure Javascript using mostly original code. Backend is PHP. Database is mySQL. Wiki conversion by Wiky.  Diff processing by simpleDiff."
  @website = "http://richardbondi.net/projects.html"

  # 8 results for "powered by WikiWebHelp" @ 2010-10-14

  # Dorks #
  @dorks = [
    '"powered by WikiWebHelp"'
  ]

  @matches = [

    # Default logo HTML
    { text: 'style="float:left;"><img src="theme/default/images/wh32.png"' },

    # Default JavaScript
    { text: '<script type="text/javascript" language="javascript" src="script/wicky/wiky.js" ></script>' },

    # Favicon
    { md5: '18fe76b96d4eae173bf439a9712fa5c1', url: 'favicon.ico' }

  ]
end

#WildcatObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/wildcat.rb', line 9

WhatWeb::Plugin.define "Wildcat" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-04
  @version = "0.1"
  @description = "Wildcat! Interactive Net Server - includes and combines SSL (Secured Socket Layer), WEB, SMTP/POP3 (EMAIL), FTP, TELNET, RADIUS, NNTP (News) Server, PPP server, Terminal Server, direct modem dial up technology with a secured User, Mail and File Database"
  @website = "http://www.santronics.com/index.php"

  # ShodanHQ results as at 2011-09-04 #
  # 165 for wildcat

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^[wW]ildcat\/v([^\s]+)/ },

    # Version Detection # X-Powered-By Header
    { search: "headers[x-powered-by]", version: /Wildcat.Net v([^\s]+)/ },

  ]
end

#WinconnectionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/winconnection.rb', line 12

WhatWeb::Plugin.define "Winconnection" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-14
  @version = "0.2"
  @description = "The Winconnection 6 is a gateway to access the Internet developed within the UTM (Unified Threat Management) philosophy."
  @website = "http://www.winco.com.br/"

  # ShodanHQ results as at 2011-03-14 #
  # 136 for Winconnection
  # All results are from Brazil

  @matches = [

    # HTTP Server Header
    { regexp: /^Winconnection /, search: "headers[server]" },

    # HTTP Server Header # Version Detection
    { version: /^Winconnection V([^\s]+) \(server ([A-Z\d]{6})\)$/, offset: 0, search: "headers[server]" },

    { string: /^Winconnection V([^\s]+) \(server ([A-Z\d]{6})\)$/, offset: 1, search: "headers[server]" },

  ]
end

#WindWebObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/windweb.rb', line 9

WhatWeb::Plugin.define "WindWeb" do
  @author = "Brendan Coles <[email protected]>" # 2010-10-26
  @version = "0.1"
  @description = "WindWeb Webserver"

  # About 21746 ShodanHQ results for "server: WindWeb" @ 2010-10-26

  # HTTP Header
  def passive(target)
    m = []

    # Server
    m << { version: target.headers["server"].to_s.scan(/^[\s]*WindWeb\/([^\s^\r^\n]+)/i).flatten } if target.headers["server"].to_s =~ /^[\s]*WindWeb\/([^\s^\r^\n]+)/i

    m
  end
end

#WinstoneObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/winstone.rb', line 9

WhatWeb::Plugin.define "Winstone" do
  @author = "Brendan Coles <[email protected]>" # 2012-02-23
  @version = "0.1"
  @description = "Winstone is a servlet container that was written out of a desire to provide servlet functionality without the bloat that full J2EE compliance introduces."
  @website = "http://winstone.sourceforge.net/"

  # ShodanHQ results as at 2012-02-23 #
  # 293 for Winstone Servlet Engine

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Winstone Servlet Engine v([^\s]+)/ },

    # Version Detection # X-Powered-By Header
    { search: "headers[x-powered-by]", version: /Servlet\/[^\s]+ \(Winstone\/([^\)]+)\)/ },

  ]
end

#WiseguyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/whatweb/plugins/wiseguy.rb', line 9

WhatWeb::Plugin.define "Wiseguy" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-07
  @version = "0.1"
  @description = "Wiseguy is a WSGI compliant FastCGI server built on top of python-fastcgi and the Open Market FCGI library. It contains a few patches to deal with various bad behaviors under high load."
  @website = "https://code.google.com/p/msolo/wiki/wiseguy"

  # Passive #
  def passive(target)
    m = []

    # Version Detection # HTTP Server Header
    if target.headers["server"] =~ /^wiseguy\/([^\s]+)$/
      m << { version: $1.to_s }
    end

    # Return passive matches
    m
  end
end

#WolfCMSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/whatweb/plugins/wolfcms.rb', line 10

WhatWeb::Plugin.define "WolfCMS" do
  @author = "Andrew Horton"
  @version = "1.0"
  @description = "WolfCMS is an open-source content management system built with PHP."
  @website = "https://www.wolfcms.org/"

  @matches = [
    { version: /png" \/> Wolf CMS ([^<]+)<\/div>/ },
    { regexp: /href="http:\/\/www.wolfcms.org\/" title="Wolf CMS" rel="noreferrer">Wolf CMS<\/a>[\s]+Inside./ }
  ]
end

#WooFrameworkObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
 
# File 'lib/whatweb/plugins/wooframework.rb', line 9

WhatWeb::Plugin.define "WooFramework" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-19
  @version = "0.1"
  @description = "WooFramework - theme framework - http://www.woothemes.com/wooframework/"

  # Matches #
  @matches = [

    # Version Detection # Meta Generator
    { version: /<meta name="generator" content="WooFramework ([\d\.]+)"/ },

  ]
end

#WordFusionObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/whatweb/plugins/wordfusion.rb', line 9

WhatWeb::Plugin.define "WordFusion" do
  @author = "Brendan Coles <[email protected]>" # 2013-07-25
  @version = "0.1"
  @description = "Zumesoft WordFusion - Enterprise document assembly and automation software"
  @website = "http://www.zumesoft.com/"

  # 1 result for intitle:"WordFusion.Web" intext:"Get Microsoft Silverlight" @ 2013-07-25

  # Dorks #
  @dorks = [
    'intitle:"WordFusion.Web" intext:"Get Microsoft Silverlight"'
  ]

  # Matches #
  @matches = [

    # Title
    { regexp: /<head id="Head"><title>\s+WordFusion\.Web\s+\<\/title>/ },

    # Silverlight param
    { text: '<param name="source" value="ClientBin/WordFusion.Web.xap">' },

  ]
end

#WordPressObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.5 # 2012-03-05 Added regex version detection for /readme.html

Version 0.4 # 2011-04-06 # Added aggressive md5 matches

Version 0.3 Now using :version=>// instead of a passive function, added description, examples and included relative /wp-content/ link detection



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
 
# File 'lib/whatweb/plugins/wordpress.rb', line 18

WhatWeb::Plugin.define "WordPress" do
  @author = "Andrew Horton"
  @version = "0.5"
  @description = "WordPress is an opensource blogging system commonly used as a CMS."
  @website = "http://www.wordpress.org/"

  # Dorks #
  @dorks = [
    '"is proudly powered by WordPress"'
  ]

  # Matches #
  @matches = [

    { text: '<meta name="generator" content="WordPress.com" />' },
    { text: '<a href="http://www.wordpress.com">Powered by WordPress</a>', name: 'powered by link' },
    { text: "<link rel='https://api.w.org/'", name: 'REST API link' },

    { regexp: /"[^"]+\/wp-content\/[^"]+"/, name: "wp-content", certainty: 75 },

    { version: /<meta name="generator" content="WordPress ([0-9\.]+)"/ },

    # url exists, i.e. returns HTTP status 200
    { url: "/wp-cron.php" },

    # {:url=>"/admin/", :full=>true }, # full means that whatweb will run all plugins against this url - this isn't yet implemented as of 0.4.7

    # /wp-login.php  exists & contains a string
    { url: "/wp-login.php", text: '<a title="Powered by WordPress" href="http://wordpress.org/">' },
    { url: "/wp-login.php", text: '<a href="http://wordpress.org/" title="Powered by WordPress">', name: 'wp3 login page' },
    { url: "/wp-login.php", text: 'action=lostpassword' },

    { url: "/wp-login.php", tag_pattern: "!doctype,html,head,title,/title,meta,link,link,script,/script,meta,/head,body,div,h1,a,/a,/h1,form,p,label,br,input,/label,/p,p,label,br,input,/label,/p,p,label,input,/label,/p,p,input,input,input,/p,/form,p,a,/a,/p,p,a,/a,/p,/div,script,/script,/body,/html" }, # note that WP plugins can add script tags. tags are delimited by commas so we can count how close it is
    { url: "favicon.ico", md5: 'f420dc2c7d90d7873a90d82cd7fde315' }, # not common, seen on http://s.wordpress.org/favicon.ico
    { url: "favicon.ico", md5: 'fa54dbf2f61bd2e0188e47f5f578f736', name: 'WordPress.com favicon' }, # on wordpress.com blogs  http://s2.wp.com/i/favicon.ico

    { url: "/readme.html", version: /<h1.*WordPress.*Version ([0-9a-z\.]+).*<\/h1>/m }

  ]

  # Passive #
  def passive(target)
    m = []

    # detect /wp-content/ on this site but don't be confused by links to other sites.
    # <link rel="stylesheet" href="http://bestwebgallery.com/wp-content/themes/master/style.css" type="text/css" />

    if /(href|src)="[^"]*\/wp-content\/[^"]*/.match?(target.body)
      # is it a relative link or on the same site?
      links = target.body.scan(/(href|src)="([^"]*\/wp-content\/[^"]*)/).map { |x| x[1].strip }.flatten
      links.each do |thislink|
        # join this link wtih target, check if host part is ==, if so, it's relative
        joined_uri = URI.join(target.uri.to_s, thislink)

        next unless joined_uri.host == target.uri.host
        # puts "yes, #{joined_uri.to_s} is relative to #{target.uri.to_s}"
        m << { name: "Relative /wp-content/ link" }
        break
      end
    end

    # Return passive matches
    m
  end

  # Aggressive #
  def aggressive(target)
    m = []

    # the paths are relative to the url path if they don't start with /
    # this path, with this md5 = this version

    versions = Hash[
                    "0.71-gold" =>
                    [["readme.html",
                      "0c1e4a01d4ccf6dbedda30bf3c5eeb9e"],
                     ["b2-include/xmlrpc.inc",
                      "14524c5d7f9f72394e04512d9941bc50"]],
                    "0.72-rc1" =>
                    [["readme.html",
                      "dacf325336ae55fffbcd54bd08de55b4"],
                     ["wp-layout.css",
                      "dc04833fd754c0b404ec157e0bb8e7ae"]],
                    "0.72-beta1" =>
                    [["readme.html",
                      "dacf325336ae55fffbcd54bd08de55b4"],
                     ["wp-layout.css",
                      "7edb4d6b89b4625f6e6c6b9e5cd589b6"]],
                    "1.0-rc1" =>
                    [["readme.html",
                      "613b5eca59267b5b62b6e81dd9536b1b"],
                     ["wp-sitetemplates/main/templates/top.html",
                      "120ca99e1b816915e0f27152b7d24a75"]],
                    "1.0-platinium" =>
                    [["readme.html",
                      "6e08f4bfb7f79de78a3278f0f4ad981f"]],
                    "1.0.1-rc1" =>
                    [["readme.html",
                      "11f6a057f13e9413edc98e4614230622"]],
                    "1.0.1-miles" =>
                    [["readme.html",
                      "7ccd56b1c5b7123ed9afb222e6e93924"]],
                    "1.0.2" =>
                    [["readme.html",
                      "c91375254e9f56e45939ffcc28424c72"]],
                    "1.0.2-blakey" =>
                    [["readme.html",
                      "c91375254e9f56e45939ffcc28424c72"]],
                    "1.2-rc1" =>
                    [["readme.html",
                      "790736d62d442117f9d28b64161919a2"]],
                    "1.2-rc2" =>
                    [["readme.html",
                      "790736d62d442117f9d28b64161919a2"]],
                    "1.2-beta" =>
                    [["readme.html",
                      "790736d62d442117f9d28b64161919a2"],
                     ["wp-layout.css",
                      "c3f4bd5f3146770c0cba45b10c385047"]],
                    "1.2-delta" =>
                    [["readme.html",
                      "790736d62d442117f9d28b64161919a2"],
                     ["wp-layout.css",
                      "1bcc9253506c067eb130c9fc4f211a2f"]],
                    "1.2-mingus" =>
                    [["readme.html",
                      "6c3c457ed408be44244edc121cada9a2"],],
                    "1.2.1" =>
                    [["readme.html",
                      "75eaf1c4b267e11fffd42c34e8832567"],
                     ["wp-layout.css",
                      "7140e06c00ed03d2bb3dad7672557510"]],
                    "1.2.2" =>
                    [["readme.html",
                      "6c3c457ed408be44244edc121cada9a2"],
                     ["wp-includes/js/scriptaculous/scriptaculous.js",
                      "d72a1c859799b4e1355ff65e4a1ad148"]],
                    "1.5-strayhorn" =>
                    [["readme.html",
                      "aaa2d12586d9632c76b7b7f03d58a9f6"]],
                    "1.5.1" =>
                    [["readme.html",
                      "c60692ee8e176db0ac0be5ca69ba6c24"]],
                    "1.5.1.1" =>
                    [["readme.html",
                      "c60692ee8e176db0ac0be5ca69ba6c24"]],
                    "1.5.1.2" =>
                    [["readme.html",
                      "c60692ee8e176db0ac0be5ca69ba6c24"]],
                    "1.5.1.3" =>
                    [["readme.html",
                      "aaa2d12586d9632c76b7b7f03d58a9f6"]],
                    "1.5.2" =>
                    [["readme.html",
                      "aaa2d12586d9632c76b7b7f03d58a9f6"]],
                    "2.0" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"],
                     ["wp-content/themes/default/style.css",
                      "f786f66d3a40846aa22dcdfeb44fa562"]],
                    "2.0.1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.1-rc1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.4" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.5" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.5-rc1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.5-beta1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.6" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.6-rc1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.7" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.7-rc1" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.7-rc2" =>
                    [["readme.html",
                      "010ac2a095f4d30b2a650b94cf3f8842"]],
                    "2.0.8" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.8-rc1" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.9" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.9-rc1" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.9-beta" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.10" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.10-rc1" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.10-rc2" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.10-rc3" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.11" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.11-rc1" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.11-rc2" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.0.11-rc3" =>
                    [["readme.html",
                      "ec9a2ffad38a3f0185aa6d9c0b8d6673"]],
                    "2.1" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1-rc1" =>
                    [["readme.html",
                      "1808e8f88b490dffdfe0e3ea0a951e86"]],
                    "2.1-rc2" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1-beta1" =>
                    [["readme.html",
                      "33228916bae952810ca10a09b23bc366"]],
                    "2.1-beta2" =>
                    [["readme.html",
                      "0bb72a5175266c98406b8b42a31114de"]],
                    "2.1-beta3" =>
                    [["readme.html",
                      "1808e8f88b490dffdfe0e3ea0a951e86"],
                     ["wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js",
                      "527706a40c4a6939c1a47db7a6c4dbaf"]],
                    "2.1-beta4" =>
                    [["readme.html",
                      "1808e8f88b490dffdfe0e3ea0a951e86"]],
                    "2.1.1" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.1-rc1" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.1-beta" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.2" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.3" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.3-rc1" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.3-rc2" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.1.3-rc3" =>
                    [["readme.html",
                      "a5bc745849e1971abf8efb9a135ce764"]],
                    "2.2" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2-rc1" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2-rc2" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2.1" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2.1-rc1" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2.1-rc2" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2.2" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.2.3" =>
                    [["readme.html",
                      "939a797929aec1b8e0039014e9a29433"]],
                    "2.3" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3-rc1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3-beta1" =>
                    [["readme.html",
                      "0384d4bdace37e066df6bb7a85b009aa"]],
                    "2.3-beta2" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3-beta3" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.1-rc1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.1-beta1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.2" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.2-rc1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.2-beta1" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.2-beta2" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.2-beta3" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.3.3" =>
                    [["readme.html",
                      "95803b846df1873416ee96c1577b3adf"]],
                    "2.5" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"]],
                    "2.5-rc1" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/autosave.js",
                      "c2fa52e7e956c340da6e2d2d86694cee"]],
                    "2.5-rc2" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/autosave.js",
                      "d275157ac090ce476b4914505f8de24f"]],
                    "2.5-rc3" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"]],
                    "2.5.1" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/tinymce/tiny_mce.js",
                      "a3d05665b236944c590493e20860bcdb"]],
                    "2.6" =>
                    [["readme.html",
                      "5bca147a86a1d277328c298ab06b772b"]],
                    "2.6-rc1" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"]],
                    "2.6-beta1" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/tinymce/tiny_mce.js",
                      "35f98a53dd50907c60b872213da50deb"]],
                    "2.6-beta2" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/tinymce/plugins/wpeditimage/editimage.html",
                      "48a67e901144ce41af63c8e7d680ac74"]],
                    "2.6-beta3" =>
                    [["readme.html",
                      "c3024b888aeb1539f4c29df7b166d483"],
                     ["wp-includes/js/tinymce/plugins/wpeditimage/editimage.html",
                      "e1e9459af693c6076a6d99997d851ab4"]],
                    "2.6.1" =>
                    [["readme.html",
                      "0377751ad219ccbb809d527952ff7325"]],
                    "2.6.1-beta1" =>
                    [["readme.html",
                      "5bca147a86a1d277328c298ab06b772b"],
                     ["wp-includes/js/tinymce/plugins/wpeditimage/editimage.html",
                      "cb6e865aa733445c260ac01899542756"]],
                    "2.6.1-beta2" =>
                    [["readme.html",
                      "5bca147a86a1d277328c298ab06b772b"]],
                    "2.6.2" =>
                    [["readme.html",
                      "0377751ad219ccbb809d527952ff7325"]],
                    "2.6.3" =>
                    [["readme.html",
                      "0377751ad219ccbb809d527952ff7325"]],
                    "2.6.5" =>
                    [["readme.html",
                      "0377751ad219ccbb809d527952ff7325"]],
                    "2.7" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.7-rc1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"],
                     ["wp-includes/js/swfupload/handlers.js",
                      "a16a9cb39d37486aeacd3b2e1701f6aa"]],
                    "2.7-rc2" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.7-beta1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"],
                     ["wp-includes/js/autosave.js",
                      "9ceecef42a279029e0f97b4def8e542b"]],
                    "2.7-beta2" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"],
                     ["wp-includes/js/autosave.js",
                      "c1ea7016092c130a51a44ffe232bc7c9"]],
                    "2.7-beta3" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"],
                     ["wp-includes/js/tinymce/tiny_mce.js",
                      "f73b7c82ff78af24cd7563862084000a"]],
                    "2.7.1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.7.1-rc1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.8" =>
                    [["readme.html",
                      "4a64408bdaaa6c8af7cab9346f0ce380"]],
                    "2.8-rc1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.8-beta1" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.8-beta2" =>
                    [["readme.html",
                      "94c4cdfa20778d1bf9784941f9fca133"]],
                    "2.8.1" =>
                    [["readme.html",
                      "7ed95e0b7ae663cbd0a8e77d787a4637"]],
                    "2.8.1-rc1" =>
                    [["readme.html",
                      "4a64408bdaaa6c8af7cab9346f0ce380"]],
                    "2.8.1-beta1" =>
                    [["readme.html",
                      "4a64408bdaaa6c8af7cab9346f0ce380"],
                     ["wp-includes/js/autosave.js",
                      "40f836bb6cf8fa6007aa2bd335754590"]],
                    "2.8.1-beta2" =>
                    [["readme.html",
                      "4a64408bdaaa6c8af7cab9346f0ce380"],
                     ["wp-includes/js/autosave.js",
                      "8e58ac561fd6f038843395e7e18fbb0f"]],
                    "2.8.2" =>
                    [["readme.html",
                      "ef8665ddd2d87badccb3532705b95992"],
                     ["wp-content/plugins/akismet/readme.txt",
                      "48c52025b5f28731e9a0c864c189c2e7"]],
                    "2.8.3" =>
                    [["readme.html",
                      "de32a1268d126ea71127ad5f9fa8f60d"]],
                    "2.8.4" =>
                    [["readme.html",
                      "7d93c7feb3e2e2c2112474f92e3ee6f8"]],
                    "2.8.5" =>
                    [["readme.html",
                      "f32252ef12c927f6285e4fb29efce04f"]],
                    "2.8.5-beta1" =>
                    [["readme.html",
                      "f32252ef12c927f6285e4fb29efce04f"]],
                    "2.8.6" =>
                    [["readme.html",
                      "027283d03b08abae67279fd17a37760b"]],
                    "2.8.6-beta1" =>
                    [["readme.html",
                      "027283d03b08abae67279fd17a37760b"]],
                    "2.9" =>
                    [["readme.html",
                      "1eaf3b4f4c2d039d26a473c0e0b5622e"]],
                    "2.9-rc1" =>
                    [["readme.html",
                      "f182f41b25a96a12c393e35d9d063ed4"]],
                    "2.9-beta1" =>
                    [["readme.html",
                      "f182f41b25a96a12c393e35d9d063ed4"],
                     ["wp-includes/js/swfupload/handlers.js",
                      "67c19dd1aa288610db84ef258e0fde22"]],
                    "2.9-beta2" =>
                    [["readme.html",
                      "f182f41b25a96a12c393e35d9d063ed4"],
                     ["wp-includes/js/swfupload/handlers.js",
                      "829d0ee86744a34049329f5c461d12d0"]],
                    "2.9.1" =>
                    [["readme.html",
                      "80c4ecc8630395baeb7363a7cf4dad33"]],
                    "2.9.1-rc1" =>
                    [["readme.html",
                      "80c4ecc8630395baeb7363a7cf4dad33"]],
                    "2.9.1-beta1" =>
                    [["readme.html",
                      "1eaf3b4f4c2d039d26a473c0e0b5622e"]],
                    "2.9.2" =>
                    [["readme.html",
                      "6cfb514bbb51d883bb6fece65d5fd450"],
                     ["wp-content/themes/home/rtl.css",
                      "64231a50358031e1d92bb02ffcc5579d"]],
                    "3.0" =>
                    [["readme.html",
                      "9ea06ab0184049bf4ea2410bf51ce402"],
                     ["wp-content/themes/twentyten/languages/twentyten.pot",
                      "2ea37779cc9cbfc274f1a0273a6ea1b5"]],
                    "3.0-rc1" =>
                    [["readme.html",
                      "9ea06ab0184049bf4ea2410bf51ce402"],
                     ["wp-content/themes/twentyten/style.css",
                      "5e86e1dd9c095c1bf8ea8e5ec53bee1e"]],
                    "3.0-rc2" =>
                    [["readme.html",
                      "9ea06ab0184049bf4ea2410bf51ce402"],
                     ["wp-content/themes/twentyten/style.css",
                      "23fd2a602c38ec4c611559fb1552afcd"]],
                    "3.0-rc3" =>
                    [["readme.html",
                      "9ea06ab0184049bf4ea2410bf51ce402"],
                     ["wp-content/themes/twentyten/languages/twentyten.pot",
                      "497963f44fb84e2c7d425c1fd4eed76e"]],
                    "3.0-beta1" =>
                    [["readme.html",
                      "b051ca0b7f06618784dd286da1b3ce95"],
                     ["wp-includes/js/autosave.js",
                      "a27e28943c0ce3e0438c03c83092c919"]],
                    "3.0-beta2" =>
                    [["readme.html",
                      "9ea06ab0184049bf4ea2410bf51ce402"],
                     ["wp-includes/js/autosave.js",
                      "46149fb60863c31931ba3b4c2698bff4"]],
                    "3.0.1" =>
                    [["readme.html",
                      "a73cac84b8b9a99377917a6974c9eea2"]],
                    "3.0.2" =>
                    [["readme.html",
                      "0538342b887f11ed4a306d3e7c7d6ea7"]],
                    "3.0.3" =>
                    [["readme.html",
                      "0eb4f7981c3de98df925b3020c147a61"]],
                    "3.0.4" =>
                    [["readme.html",
                      "c7a01d814ffbbb790ee5f4f8f3631903"]],
                    "3.0.5" =>
                    [["readme.html",
                      "ed20f283f2c1b775219bdb12e5c6ba93"]],
                    "3.0.6" =>
                    [["readme.html",
                      "45119882b8d576a3462f76708b6bc1c5"]],
                    "3.1" =>
                    [["readme.html",
                      "f01635ffca23e49e01f47e98553ea75d"]],
                    "3.1-rc1" =>
                    [["readme.html",
                      "d48f95db161328051787e2f427148f4a"],
                     ["wp-content/themes/twentyten/languages/twentyten.pot",
                      "0aac287d00db838d3bc01a1d6d621d2f"]],
                    "3.1-rc2" =>
                    [["readme.html",
                      "d48f95db161328051787e2f427148f4a"],
                     ["wp-content/themes/twentyten/style.css",
                      "150c80e23ce93ebced5035e00e4d864b"]],
                    "3.1-rc3" =>
                    [["readme.html",
                      "f01635ffca23e49e01f47e98553ea75d"],
                     ["wp-includes/css/admin-bar-rtl.css",
                      "c032baf7fa4ed30d82b46946f75cbc69"]],
                    "3.1-rc4" =>
                    [["readme.html",
                      "f01635ffca23e49e01f47e98553ea75d"]],
                    "3.1-beta1" =>
                    [["readme.html",
                      "7a8b02d6ce7229e33bd64da8bef83ad7"],
                     ["wp-includes/css/admin-bar.css",
                      "d858495789b9a37ef8651f54a9f2e12b"]],
                    "3.1-beta2" =>
                    [["readme.html",
                      "d48f95db161328051787e2f427148f4a"],
                     ["wp-includes/css/admin-bar.css",
                      "912a71bf5137e3a06911d1ebd855c2b7"]],
                    "3.1.1" =>
                    [["readme.html",
                      "5be6140fc3f44126b476dfff5bc0c658"]],
                    "3.1.1-rc1" =>
                    [["readme.html",
                      "5be6140fc3f44126b476dfff5bc0c658"]],
                    "3.1.2" =>
                    [["readme.html",
                      "20f882b08b2804bc7431c0866a8999d1"]],
                    "3.1.3" =>
                    [["readme.html",
                      "ccc403368e01b3c3b0caf28079a710a5"]],
                    "3.1.4" =>
                    [["readme.html",
                      "fbebf5899944a9d7aedd00250bb71745"],
                     ["wp-content/themes/twentyten/languages/twentyten.pot",
                      "0702faf14edacb91bb82681870cb6da0"]],
                    "3.2" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"]],
                    "3.2-rc1" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"],
                     ["wp-content/themes/twentyeleven/style.css",
                      "5a13b9234881621dca42f9430bfdd885"]],
                    "3.2-rc2" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"],
                     ["wp-content/themes/twentyeleven/style.css",
                      "31156206fec3debcc2f9b844ef83d9e1"]],
                    "3.2-rc3" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"],
                     ["wp-content/themes/twentyeleven/style.css",
                      "81b2771858d8ab1ed3ae13d8d5866561"]],
                    "3.2-beta1" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"],
                     ["wp-includes/js/autosave.js",
                      "3bf40ac97632994f5ee6d8d4fc72f0d3"]],
                    "3.2-beta2" =>
                    [["readme.html",
                      "573e79628d2ee07670e889569059669e"],
                     ["wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js",
                      "708373211fb001cba51de1138ff9e748"]],
                    "3.2.1" =>
                    [["readme.html",
                      "98d3f05ff1e321dbd58ad154cc95e569"]],
                    "3.3" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"]],
                    "3.3-rc1" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "304a1620b044cc58cef73349359943b3"]],
                    "3.3-rc2" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "9bb37fe637ee3a53d9274fd2d0301260"]],
                    "3.3-rc3" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"]],
                    "3.3-beta1" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "7d21a462f3b5d5b9ad1f878c45f78e92"]],
                    "3.3-beta2" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "e8af3c520f06153ad674eebd7453971e"]],
                    "3.3-beta3" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "a30deaec087f1eab3183a2b9d50cd19b"]],
                    "3.3-beta4" =>
                    [["readme.html",
                      "e0f97110b60c3a3c71dcd1d4d923495a"],
                     ["wp-includes/css/admin-bar.css",
                      "4e6bda0b7acff641f480c4fd5d5b6910"]],
                    "3.3.1" =>
                    [["readme.html",
                      "c1ed266e26a829b772362d5135966bc3"]],
                    "3.3.2" =>
                    [["readme.html",
                      "628419c327ca5ed8685ae3af6f753eb8"]],
                    "3.3.2-rc1" =>
                    [["readme.html",
                      "628419c327ca5ed8685ae3af6f753eb8"]],
                    "3.3.3" =>
                    [["readme.html",
                      "36b2b72a0f22138a921a38db890d18c1"]],
                    "3.4" =>
                    [["readme.html",
                      "34b3071c2c48f0b1a611c2ee9f1b3516"]],
                    "3.4-rc1" =>
                    [["readme.html",
                      "34b3071c2c48f0b1a611c2ee9f1b3516"],
                     ["wp-includes/js/customize-preview.js",
                      "453a5ccf234fb8d8ce360aca3672ed95"]],
                    "3.4-rc2" =>
                    [["readme.html",
                      "34b3071c2c48f0b1a611c2ee9f1b3516"],
                     ["wp-includes/js/customize-preview.js",
                      "7b1408a3cd59c8287efa8c02bd43356e"]],
                    "3.4-rc3" =>
                    [["readme.html",
                      "34b3071c2c48f0b1a611c2ee9f1b3516"]],
                    "3.4-rc4" =>
                    [["readme.html",
                      "34b3071c2c48f0b1a611c2ee9f1b3516"]],
                    "3.4-beta1" =>
                    [["readme.html",
                      "8df86e1e534c349747292e0b56531f63"],
                     ["wp-includes/js/tinymce/tiny_mce.js",
                      "078bd9e2c8fa7b6c2ab231183f6ee2cb"]],
                    "3.4-beta2" =>
                    [["readme.html",
                      "8df86e1e534c349747292e0b56531f63"]],
                    "3.4-beta3" =>
                    [["readme.html",
                      "8df86e1e534c349747292e0b56531f63"],
                     ["wp-includes/js/customize-preview.js",
                      "e28df79d5eb55f26b46ae88bafadc2b9"]],
                    "3.4-beta4" =>
                    [["readme.html",
                      "8df86e1e534c349747292e0b56531f63"],
                     ["wp-includes/js/customize-preview.js",
                      "a8a259fc5197a78ffe62d6be38dc52f8"]],
                    "3.4.1" =>
                    [["readme.html",
                      "9ecbb128295ac324f63a6adc0b6e78ea"],
                     ["wp-includes/js/customize-preview.js",
                      "617d9fd858e117c7d1d087be168b5643"]],

                    "3.4.2" =>
                    [["readme.html", "c6514a15e04bd9ec96df4d9b78c17bc5"],
                     ["wp-includes/js/customize-preview.js", "617d9fd858e117c7d1d087be168b5643"],
                     ["/wp-admin/css/wp-admin.css", "dc906af62607ada3fe2baac62ac3cceb"]],
                    "3.5" =>
                    [["readme.html", "066cfc0f9b29ae6d491aa342ebfb1b71"],
                     ["wp-admin/css/wp-admin.css", "c8c02c7d0318ddeb985e324f126a19e8"]],
                    "3.5.1" =>
                    [["readme.html", "05d50a04ef19bd4b0a280362469bf22f"],
                     ["wp-admin/css/wp-admin.css", "1906ac1bed40e0c5c7de71f2bc42dc20"]],
                    "3.5.2" =>
                    [["readme.html", "caf7946275c3e885419b1d36b22cb5f3"],
                     ["wp-admin/css/wp-admin.css", "1906ac1bed40e0c5c7de71f2bc42dc20"]],
                    "3.6" =>
                    [["readme.html", "477f1e652f31dae76a38e3559c91deb9"],
                     ["wp-admin/css/wp-admin.css", "25dd20710bf1eec392a00fc892b63fde"]],
                    "3.6.1" =>
                    [["readme.html", "e82f4fe7d3c1166afb4c00856b875f16"],
                     ["wp-admin/css/wp-admin.css", "25dd20710bf1eec392a00fc892b63fde"]],
                    "3.7" =>
                    [["readme.html", "4717bf89e299ff054760ec8b0768c9e1"],
                     ["wp-admin/css/wp-admin.css", "f0894fa9c9733d0e577fc5beddc726cd"]],
                    "3.7.1" =>
                    [["readme.html", "4717bf89e299ff054760ec8b0768c9e1"],
                     ["wp-admin/css/wp-admin.css", "f0894fa9c9733d0e577fc5beddc726cd"]],
                    "3.8" =>
                    [["readme.html", "38ee273095b8f25b9ffd5ce5018fc4f0"],
                     ["wp-admin/css/wp-admin.css", "25554fc81989c307119b7d4818dc3963"]],
                    "3.8.1" =>
                    [["readme.html", "0d0eb101038124a108f608d419387b92"],
                     ["wp-admin/css/wp-admin.css", "68600417d5dc22244168b4eeb84f0af4"]],
                    "3.8.2" =>
                    [["readme.html", "e01a2663475f6a7a8363a7c75a73fe23"],
                     ["wp-admin/css/wp-admin.css", "68600417d5dc22244168b4eeb84f0af4"]],
                    "3.8.3" =>
                    [["readme.html", "c6de8fc70a18be7e5c36198cd0f99a64"],
                     ["wp-admin/css/wp-admin.css", "68600417d5dc22244168b4eeb84f0af4"]],
                    "3.9" =>
                    [["readme.html", "cdbf9b18e3729b3553437fc4e9b6baad"],
                     ["wp-admin/css/wp-admin.css", "ff37a40c48d23ba4ecc09d9a98da1247"]],
                    "3.9.1" =>
                    [["readme.html", "84b54c54aa48ae72e633685c17e67457"],
                     ["wp-admin/css/wp-admin.css", "ff37a40c48d23ba4ecc09d9a98da1247"]],
    ]

    v = WhatWeb::Matcher::Version.new("WordPress", versions, target.uri)

    version = v.matches_format

    # Set version if present
    unless version.empty?
      version.each { |ver|
        m << { name: "md5 sums of files", version: ver }
      }
    end

    # Return aggressive matches
    m
  end
end

#WordPressSpamFreeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-02-18 # Brendan Coles <[email protected]> Updated version detection

Version 0.2 removed :certainty=>100



15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/wordpress-spamfree.rb', line 15

WhatWeb::Plugin.define "WordPressSpamFree" do
  @author = "Andrew Horton"
  @version = "0.3"
  @description = "Wordpress SpamFree module. Get your WordPress Blog Spam-Free with this plugin. Normal users doesnt even know your using it. But it keeps away the spammers."
  @website = "http://wordpress.org/extend/plugins/spam-free/"

  # Matches #
  @matches = [

    # Version Detection # HTML Comments
    { version: /<!-- Protected by \(WP-SpamFree\) v([\d\.]+) :: JS BEGIN -->/ },

  ]
end

#wpQuizObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/wpquiz.rb', line 9

WhatWeb::Plugin.define "wpQuiz" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.1"
  @description = "wpQuiz is a fully-featured quiz script."
  @website = "http://www.wireplastik.com/"

  # 42 results for "powered by wpQuiz" intitle:"Register - wpQuiz" inurl:register.php @ 2010-08-21

  @matches = [

    { regexp: /<title>[^>]*>> [Register|Login]+ - wp[q|Q]+uiz<\/title>/ },
    { text: "<div class='small' style='text-align: center;'>Powered by wpQuiz</div>
    " },

  ]

  def passive(target)
    m = []

    if /<span class='big'><b><img src='img\/mainlogo.png' alt='[^\']+' \/> [\d\.a-z]+<\/b><\/span>/.match?(target.body)
      version = target.body.scan(/<span class='big'><b><img src='img\/mainlogo.png' alt='[^\']+' \/> ([\d\.a-z]+)<\/b><\/span>/)[0][0]
      m << { version: version }
    end

    if /<img src="http:\/\/www.wireplastik.com\/wplog.php\?al=/.match?(target.body)
      if /[\d\.a-z]+ \| [0-9]+ Template/.match?(target.body)
        version = target.body.scan(/([\d\.a-z]+) \| [0-9]+ Template/)[0][0]
        m << { version: version }
      end
    end

    m
  end
end

#WSTOOLObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/wstool.rb', line 9

WhatWeb::Plugin.define "WSTOOL" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-09
  @version = "0.1"
  @description = "WSTOOL is OS-independence Web vulnerability scanner"
  @website = "http://wstool.sourceforge.net/"

  # Google results as at 2012-01-09 #
  # 1 for intitle:"Server Error & SQL Injection Sacnner" "Server info" "Domain or IP"

  # Dorks #
  @dorks = [
    ' intitle:"Server Error & SQL Injection Sacnner" "Server info" "Domain or IP"'
  ]

  # Matches #
  @matches = [

    # Homepage Link # Version Detection
    { version: /<a href="http:\/\/sourceforge\.net\/projects\/wstool" target="_blank">Server Error & SQL Injection Sacnner \(Ver ([^\s^\)]+)\)<\/a>/ },

    # Title # Version Detection
    { version: /<title>Server Error & SQL Injection Sacnner \(Ver ([^\s^\)]+)\)<\/title>/ },

  ]
end

#WWWBoardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-17 # Andrew Horton Added website parameter



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/wwwboard.rb', line 12

WhatWeb::Plugin.define "WWWBoard" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-05
  @version = "0.2"
  @description = "WWWBoard is a threaded World Wide Web discussion forum and message board, which allows users to post new messages, followup to existing ones and more."
  @website = "http://www.scriptarchive.com/wwwboard.html"

  # <html><head><title>WWWAdmin For WWWBoard</title></head>
  # <head><title>WWWAdmin For WWWBoard</title></head>

  @matches = [

    # http://johnny.ihackstuff.com/ghdb/?function=detail&id=625
    # About 45 results @ 2010-06-05
    { name: 'GHDB: inurl:"WWWADMIN.PL" intitle:"wwwadmin"',
      certainty: 75,
      ghdb: 'inurl:"WWWADMIN.PL" intitle:"wwwadmin"' },

    { name: "default title",
      text: '<head><title>WWWAdmin For WWWBoard</title></head>' },

    { name: "default text",
      text: '<center><h1>WWWAdmin For WWWBoard</h1></center>' }

  ]
end

#WWWPhotoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/wwwphoto.rb', line 9

WhatWeb::Plugin.define "WWWPhoto" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-29
  @version = "0.1"
  @description = "WWWPhoto is a tag based web photo gallery for PHP5 with GD-Library and MySQL or PostgreSQL. Since release 0.1.0 the navigation on the user view is Ajax driven by using the JSON implementation for PHP from Michal Migurski, Matt Knapp and Brett Stimmerman (http://pear.php.net/pepr/pepr-proposal-show.php?id=198)"
  @website = "http://www.pburkhalter.net/wwwphoto.php"

  # Matches #
  @matches = [

    # Default Meta Generator
    { text: '		<meta name="generator" content="WWWPhoto cvshead"> <!-- leave this for stats -->' },

    # Powered by text
    { text: '<a href="http://www.pburkhalter.net/wwwphoto.php">powered by wwwphoto-cvshead</a>' },

    # Default JavaScript
    { text: "http_navbar.open('get','navbar.rpc.php?user='+GLOBAL_USER+'&tag='+GLOBAL_TAG+'&id='+GLOBAL_ID+'&marked='+marked+'&timestamp='+new Date().getTime());" },

    # Default HTML Comment
    { text: "<!-- sorry joshua, one little, small table is a must have :-) -->" },

  ]
end

#XAMPPObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.3 # 2011-03-06 # Updated OS detection

Version 0.2 # 2011-01-24 # Updated version detection Added match for 403 error page



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/whatweb/plugins/xampp.rb', line 16

WhatWeb::Plugin.define "XAMPP" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-21
  @version = "0.3"
  @description = "XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start."
  @website = "http://www.apachefriends.org/en/xampp.html"

  # ShodanHQ results as at 2011-01-21 #
  # 21,462 for location xampp

  # Google results as at 2011-01-21 #
  # 15 for "You have successfully installed XAMPP on this system!" intitle:"XAMPP Version"
  # 2 image results for inurl:"head-macosx.gif" xampp
  # 3 image results for inurl:"head-windows.gif" xampp

  # Dorks #
  @dorks = [
    '"You have successfully installed XAMPP on this system!" intitle:"XAMPP Version"'
  ]

  # Matches #
  @matches = [

    # Default meta author
    { text: '<meta name="author" content="Kai Oswald Seidler">', certainty: 75 },

    # Version Detection # Default title
    { version: /<title>XAMPP Version ([^\r^\n^<]+)[\s]*<\/title>/ },

    # OS Detection # Default title
    { os: /<title>XAMPP for ([^\r^\n^<]{5,8}) [\d\.a-z]{3,6}[\s]*<\/title>/ },

    # Windows # Default logo
    { url: "img/head-windows.gif", md5: "567ebe64625942cbb8244eca918b06a0", os: "Windows" },

    # Linux # Default logo
    { url: "img/head-linux.jpg", md5: "bca095ec432fe08f90866d2e6c149590", os: "Linux" },

    # Mac OSX # Default logo
    { url: "img/head-macosx.gif", md5: "1fbd850a328026104cd7caa9e3bdaf4e", os: "Mac OSX" },
    { url: "img/head-macosx.gif", md5: "df859a3c31b7ed2b75d78f78889107b2", os: "Mac OSX" },

    # Solaris # Default logo
    { url: "img/head-solaris.gif", md5: "b18490e1a42d7293cbca353100d6d787", os: "Solaris" },

    # 403 Error page
    { text: '<p style="margin-left: 2.6em; font-size: 1.2em; color: red;">New XAMPP security concept:</p>' },

  ]

  # Passive #
  def passive(target)
    m = []

    # HTTP Redirect Location #
    m << { certainty: 25 } if target.headers["location"] =~ /^http:\/\/[\d\.a-z]{1,256}\/xampp\/$/i

    m
  end

  # An aggressive plugin can get more details from :
  # /xampp/start.php  # Operating System
  # /xampp/phpinfo.php  # phpinfo()
  # /xampp/navi.php  # Installed Apps (phpMyAdmin, Webalizer, FileZilla, etc)

  # Aggressive #
  def aggressive(target)
    m = []

    # Extract details from /phpinfo.php
    url = URI.join(target.uri.to_s, "/xampp/phpinfo.php").to_s
    new_target = WhatWeb::Target.new(url)

    # Check if the document is a valid XAMPP phpinfo() page
    if new_target.body =~ /<title>phpinfo\(\)<\/title>/ && new_target.body =~ /XAMPP/i && (new_target.body =~ /<h1 class="p">PHP Version [^<]{3,40}<\/h1>/ || new_target.body =~ /<h1>PHP Version [^<]{3,40}<\/h1>/)

      # Extract PHP Version
      m << { string: "PHP:" + new_target.body.scan(/<h1 class="p">PHP Version ([^<]{3,40})<\/h1>/).flatten.first } if new_target.body =~ /<h1 class="p">PHP Version [^<]{3,40}<\/h1>/
      m << { string: "PHP:" + new_target.body.scan(/<h1>PHP Version ([^<]{3,40})<\/h1>/).flatten.first } if new_target.body =~ /<h1>PHP Version [^<]{3,40}<\/h1>/

      # OS Detection
      m << { os: new_target.body.scan(/<tr><td class="e">System <\/td><td class="v">([^<]{4,256})[\s]?<\/td><\/tr>/).flatten.first } if new_target.body =~ /<tr><td class="e">System <\/td><td class="v">[^<]{4,256}[\s]?<\/td><\/tr>/

    end

    m
  end
end

#XatafaceObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/whatweb/plugins/xataface.rb', line 9

WhatWeb::Plugin.define "Xataface" do
  @author = "Brendan Coles <[email protected]>" # 2011-09-10
  @version = "0.1"
  @description = "Xataface is a full-featured Web application framework. It automatically generates the appropriate forms, lists, and menus for a user to interact with a MySQL database without having to know any SQL."
  @website = "http://xataface.com/"

  # Google results as at 2011-09-10 #
  # 50 for "Powered by Xataface" inurl:"-table"

  # Dorks #
  @dorks = [
    '"Powered by Xataface" inurl:"-table"'
  ]

  # Matches #
  @matches = [

    # HTML Comments
    { text: '<!-- custom javascripts can go in slot "custom_javascripts" -->' },
    { text: '<!-- Place any other items in the head of the document by filling the "head_slot" slot -->' },

    # Year Detection # div class="fineprint"
    { string: /<div class="fineprint">[\s]+Powered by Xataface<br\/>[\s]+\(c\) 2005-(20[\d]{2}) All rights reserved<\/div>/ },

  ]
end

#XavanteObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/whatweb/plugins/xavante.rb', line 9

WhatWeb::Plugin.define "Xavante" do
  @author = "Brendan Coles <[email protected]>" # 2012-08-26
  @version = "0.1"
  @description = "Xavante is a Lua HTTP 1.1 Web server that uses a modular architecture based on URI mapped handlers."
  @website = "http://keplerproject.github.com/xavante/"

  # ShodanHQ results as at 2012-08-26 #
  # 143 for Xavante

  # Matches #
  @matches = [

    # Version Detection # HTTP Server Header
    { search: "headers[server]", version: /^Xavante (.+)$/ },

  ]
end

#XBMCObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/whatweb/plugins/xbmc.rb', line 9

WhatWeb::Plugin.define "XBMC" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-05
  @version = "0.1"
  @description = "XBMC (formerly 'Xbox Media Center') is a free, open source (GPL) multimedia player that runs on the first-generation Microsoft Xbox, (not the newer Xbox 360), as well as on computers running Linux, Mac OS X, and Windows."

  # ShodanHQ results as at 2011-03-05 #
  # 47 for XBMC -"xbmc.org"
  # 46 for realm XBMC

  # Matches #
  @matches = [

    # HTML Comment
    { text: '		<!-- <link rel="search" href="/provider.xml" type="application/opensearchdescription+xml" title="XBMC Library" /> -->', string: "Insecure" },

    # favicon.ico
    { url: "/favicon.ico", md5: "46b742e6ba5d7ac03f13b312601c113f", certainty: 75 },

  ]

  # Passive #
  def passive(target)
    m = []

    # realm=XBMC # realm="Keimo-XBMC" # realm="XBMC WebServer"
    m << { name: 'HTTP WWW Authenticate header' } if target.headers['www-authenticate'] =~ /realm=["]?XBMC/ || target.headers['www-authenticate'] =~ /realm=["]?Keimo-XBMC/

    # Return passive matches
    m
  end
end

#XchangeBoardObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-19 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/xchangeboard.rb', line 12

WhatWeb::Plugin.define "XchangeBoard" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-21
  @version = "0.2"
  @description = "Old forum"
  @website = "http://www.xchangeboard.de"

  # Google results as at 2010-08-21 #
  # 30 for "powered by XchangeBoard"

  # Matches #
  @matches = [

    # Default CSS
    { text: 'h1,h2,h3,h4,p,ul,ol,li,div,td,th,address,blockquote,nobr,b,i {' },

    # Version Detection # Powered by footer text
    { version: /	<div align="center"><small>Powered by <a href="http:\/\/www.xchangeboard.de">XchangeBoard<\/a> ver ([\d\.a-z]+) - / },

  ]
end

#XenForoObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/whatweb/plugins/xenforo.rb', line 9

WhatWeb::Plugin.define "XenForo" do
  @author = "Brendan Coles <[email protected]>" # 2012-01-16
  @version = "0.1"
  @description = "XenForo is a commercial Internet forum software written in the PHP programming language using the Zend Framework."
  @website = "http://xenforo.com/"

  # ShodanHQ results as at 2012-01-16 #
  # 123 for xf_session

  # Google results as at 2012-01-16 #
  # 202 for "Forum software by XenForo" "XenForo Ltd"

  # Dorks #
  @dorks = [
    '"Forum software by XenForo" "XenForo Ltd"'
  ]

  # Matches #
  @matches = [

    # StyleSheet
    { text: '<link rel="stylesheet" href="css.php?css=xenforo,form,public&amp;style=' },
    { text: '<link rel="stylesheet" type="text/css" href="css.php?css=xenforo,form,public&amp;style=' },

    # html tag
    { text: '<html id="XenForo" ' },

    # Meta Description
    { text: '<meta name="description" content="Forum software by XenForo" />' },

    # HTML Comment
    { certainty: 75, text: '<!-- h1 title, description -->' },

    # Set-Cookie # xf_session
    { certainty: 25, search: "headers[set-cookie]", regexp: /xf_session=[a-f\d]{32};/ },

    # div id="copyright" # Year Detection
    { string: /<div id="copyright">Forum software by XenForo&trade; &copy;(20[\d]{2}) XenForo Ltd\.<\/div>/ },

  ]
end

#XerverObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/whatweb/plugins/xerver.rb', line 12

WhatWeb::Plugin.define "Xerver" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-20
  @version = "0.2"
  @description = "Xerver is an advanced free GNU GPL Web and FTP server."
  @website = "http://www.javascript.nu/xerver/"

  # ShodanHQ results as at 2011-05-20 #
  # 182 for Xerver

  @matches = [

    # HTTP Server Header
    { regexp: /^Xerver/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^Xerver\/([\d\.]+)$/, search: "headers[server]" },

  ]
end

#xGBObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2011-02-19 # Updated version detection



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/whatweb/plugins/xgb.rb', line 12

WhatWeb::Plugin.define "xGB" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-14
  @version = "0.2"
  @description = "xGB guestbook"
  @website = "http://www.x-gfx.de/"

  # Google results as at 2010-08-14 #
  # 126 for allinurl:"xGb.php"

  # Dorks #
  @dorks = [
    'allinurl:"xGb.php"'
  ]

  # Matches #
  @matches = [

    { text: '	<title>xGB</title>' },
    { text: '<!-- start xGB dynamic content -->' },
    { text: "powered by <a href='http://www.x-gfx.de' target='blank' title='Script by x-gfx.de'>xGB" },

    # Version Detection # Powered by footer text
    { version: /<p align='center'><span id='copyright'>\[ powered by <a href='http:\/\/www.x-gfx.de' target='blank' title='Script by x-gfx.de'>xGB ([\d\.]+)<\/a>/ },

  ]
end

#XitamiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/whatweb/plugins/xitami.rb', line 9

WhatWeb::Plugin.define "Xitami" do
  @author = "Brendan Coles <[email protected]>" # 2011-05-31
  @version = "0.1"
  @description = "Xitami - Fast, small, secure, portable web server. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications."
  @website = "http://www.xitami.com/"

  # ShodanHQ results as at 2011-05-31 #
  # 1,777 for Xitami

  # Matches #
  @matches = [

    # HTTP Server Header
    { search: "headers[server]", regexp: /^Xitami$/ },

    # Version Detection
    { search: "headers[server]", version: /^Xitami\/([^\s]+)$/ },

  ]
end

#XOOPSObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/xoops.rb', line 9

WhatWeb::Plugin.define "XOOPS" do
  @author = "Brendan Coles <[email protected]>" # 2011-12-11
  @version = "0.1"
  @description = "eXtensible Object Oriented Portal System (XOOPS) open source CMS and portal system"
  @website = "http://www.xoops.org/"

  # Google results as at 2011-12-11 #
  # 493 for "Powered by XOOPS"

  # Dorks #
  @dorks = [
    '"Powered by XOOPS"'
  ]

  # Matches #
  @matches = [

    # HTML Comment
    { certainty: 75, text: '<!-- RMV: added module header -->' },

    # Meta Generator
    { text: '<meta name="generator" content="XOOPS" />' },

    # Meta Author
    { text: '<meta name="author" content="XOOPS" />' },

    # Powered by text
    { regexp: /Powered by XOOPS [^\s]+ 2001-20[\d]{2} <a href="http:\/\/(xoops\.sourceforge\.net|www\.xoops\.org\/)"/ },

    # Powered by text # Version Detection
    { version: /Powered by XOOPS ([^\s]+) [^\s]+ 2001-20[\d]{2} <a href="http:\/\/(xoops\.sourceforge\.net|www\.xoops\.org\/)"/ },

  ]
end

#xproxyObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/whatweb/plugins/xproxy.rb', line 12

WhatWeb::Plugin.define "xproxy" do
  @author = "Brendan Coles <[email protected]>" # 2011-03-13
  @version = "0.2"
  @description = "xproxy"

  # ShodanHQ results as at 2011-03-13 #
  # 94 for xproxy -apache -IIS -nginx port:80
  # Most results are from Japan

  @matches = [

    # HTTP Server Header
    { regexp: /^xproxy/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /^xproxy\/([^\(]+)\([\d]+\)$/, search: "headers[server]" },

    # Date Detection # HTTP Server Header
    { string: /^xproxy\/[^\(]+\(([\d]+)\)$/, search: "headers[server]" },

  ]
end

#XWikiObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/xwiki.rb', line 9

WhatWeb::Plugin.define "XWiki" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-08
  @version = "0.1"
  @description = "XWiki - Open Source Wiki and Content-Oriented Application Platform"
  @website = "http://www.xwiki.org/"

  # ShodanHQ results as at 2011-11-08 #
  # 143 for location bin/view/Main

  # Google results as at 2011-11-08 #
  # 216 for "XWiki Enterprise * Documentation" inurl:"bin/view/Main"
  # 173 for "XWiki Enterprise * Documentation" "This wiki is licensed under a Creative Commons 2.0 license"

  # Dorks #
  @dorks = [
    '"XWiki Enterprise * Documentation" inurl:"bin/view/Main"'
  ]

  # Matches #
  @matches = [

    # Meta Wiki
    { text: '<meta name="wiki" content="xwiki"/>' },

    # div id="xwikilicence"
    { text: '<div id="xwikilicence">' },

    # Version Detection # div id="xwikiplatformversion"
    { version: /<div id="xwikiplatformversion">(Powered by )?(XWiki Enterprise )?([^\s^<^>]+)/, offset: 2 },

  ]
end

#XyberShieldObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/whatweb/plugins/xybershield.rb', line 9

WhatWeb::Plugin.define "XyberShield" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-25
  @version = "0.1"
  @description = "XyberShield is a web-based, Software as a Service web application security solution delivered as an on-demand service. XyberShield utilizes individual, specialized security modules to defend against the top web application vulnerabilities and OWASP-defined attacks, as well as aid companies pursuing PCI 6.6 compliance requirements."
  @website = "https://www.xybershield.com/default.aspx"

  # ShodanHQ results as at 2011-08-25 #
  # 4 for XyberShieldStatus
  # 4 for XyberShieldSession

  # Matches #
  @matches = [

    # XyberShieldSession Cookie
    { search: "headers[set-cookie]", regexp: /XyberShieldSession=[^\s]+;/ },

    # XyberShieldSession Cookie
    { search: "headers[set-cookie]", regexp: /XyberShieldStatus=[^\s]+;/ },

  ]
end

#YamamahObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/whatweb/plugins/yamamah.rb', line 9

WhatWeb::Plugin.define "Yamamah" do
  @author = "Brendan Coles <[email protected]>" # 2011-01-30
  @version = "0.1"
  @description = "Yamamah - Free photo Gallery"
  @website = "www.yamamah.org/home/"

  # Google results as at 2011-01-29 #
  # 89 for "Powered By : Yamamah Version 1.00" -dork -exploit

  # Dorks #
  @dorks = [
    '"Powered By : Yamamah Version 1.00" -dork -exploit'
  ]

  # Matches #
  @matches = [

    # Version Detection # Powered by text
    { version: /<p>Copyright &copy; [\d]{4}  All rights reserved. Powered By : <a href="http:\/\/www.yamamah.org" title="Yamamah">Yamamah Version ([\d\.]{1,5})<\/a><\/p>/ },

    # Meta Author
    { text: '<meta name="Author" content="Majed Al-Mulihani - [email protected]" />' },

    # Meta Description
    { text: '<meta name="Description" content="Yamamah is free photo gallery cms" />' },

  ]
end

#YouTubeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/whatweb/plugins/youtube.rb', line 9

WhatWeb::Plugin.define "YouTube" do
  @author = "Brendan Coles <[email protected]>" # 2011-04-16
  @version = "0.1"
  @description = "Embedded YouTube video"
  @website = "http://youtube.com/"

  # Matches #
  @matches = [

    # param|object Source
    { regexp: /<(param|embed) [^>]*youtube\.com\/v/i },

    # iframe
    # { :text=>'<iframe class="youtube-player"' },
    { regexp: /<iframe [^>]*src=['"]https?:\/\/(www\.)?youtube\.com\/embed\// },

  ]
end

#ZabbixObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/whatweb/plugins/zabbix.rb', line 9

WhatWeb::Plugin.define "Zabbix" do
  @author = "Brendan Coles <[email protected]>" # 2011-11-25
  @version = "0.1"
  @description = "Zabbix is an enterprise-class open source distributed monitoring solution for networks and applications."
  @website = "http://www.zabbix.com/"

  # Google results as at 2011-11-25 #
  # 229 for "Zabbix * Copyright * by SIA Zabbix"
  # 196 for inurl:"tr_status.php?sid=" intitle:"refreshed every"
  # 122 for inurl:"srv_status.php?sid=" intitle:"refreshed every"

  # Dorks #
  @dorks = [
    '"Zabbix * Copyright * by SIA Zabbix"',
    'inurl:"tr_status.php?sid=" intitle:"refreshed every"'
  ]

  # Matches #
  @matches = [

    # Version Detection # JavaScript
    { version: /<script type="text\/javascript" src="jsLoader\.php\?ver=([^\s&]+)&lang=en_[a-zA-Z]{2}"><\/script>/ },

    # Version Detection # Powered by footer # 1.8.x
    { version: /<td class="page_footer_l">[\s]*<a class="highlight" href="http:\/\/www\.zabbix\.com">Zabbix&nbsp;([^\s&]+)&nbsp;Copyright 2001-20[\d]{2} by&nbsp;SIA Zabbix<\/a><\/td>/ },

    # Version Detection # Powered by footer # 1.9.x+
    { version: /<a class="highlight" href="http:\/\/www\.zabbix\.com">Zabbix ([^\s]+) Copyright 2001-20[\d]{2} by Zabbix SIA<\/a>/ },

    # Version Detection # Powered by footer # early versions
    { version: /<a href="http:\/\/www\.zabbix\.com" class="highlight">ZABBIX ([^\s<]+)<\/a>&nbsp;Copyright 2001-20[\d]{2} by <a href="http:\/\/www\.zabbix\.com" class="highlight">SIA Zabbix<\/a>/ },

  ]
end

#ZendObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.4 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]

Version 3.0 by Andrew Horton new routine for POST requests

Version 2.0 by Andrew Horton Added meta generator match and vendor matches. bug fixes. new random string function

Version 0.1 detection works mainly for default installation state tomatocms is based on zend framework



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/whatweb/plugins/zend.rb', line 22

WhatWeb::Plugin.define "Zend" do
  @author = "Aung Khant <http://yehg.net>"
  @version = "0.4"
  @description = "Zend PHP Framework (http://framework.zend.com/) and Zend Server (http://zend.com) Detection"

  @matches = [
    # 2010-10-14
    # About 1,640,000 results (0.24 seconds)
    # "Powered by Zend Framework" site:www.survivethedeepend.com/
    { name: 'GHDB: "Powered by Zend Framework"', certainty: 75, ghdb: '"Powered by Zend Framework"' },
    { string: 'PoweredBy Image', url: 'images/PoweredBy_ZF.gif', md5: 'eecf384879cde19f8f7f80c768c12295' },
    { string: 'Zend Logo Small', url: 'images/logo_small.gif', md5: '0f76017aa12a3dcb9cabbff26e37ff5c' },
    { string: 'Footer Link', text: ' alt="Powered by Zend Framework!" />' },

    { string: 'Null Controller', url: randstr, text: 'controllers/images/PoweredBy_ZF.gif" alt="Powerd by Zend Framework!" />' },
    { string: 'Null Controller', url: randstr, regexp: /<h1>Controller\/action not found!<\/h1>(\r\n|\n)<p>Controller\/action not found!<\/p>/ },
    { string: 'Zend_Controller_Dispatcher_Exception', url: randstr, text: '( ! )</span> Zend_Controller_Dispatcher_Exception: Invalid controller specified (application) in' },
    { string: 'Zend_Controller_Dispatcher_Exception', url: randstr, text: "<b>Fatal error</b>:  Uncaught exception 'Zend_Controller_Dispatcher_Exception" },
    { string: 'Zend_Controller_Router_Exception', url: randstr, text: "Uncaught exception 'Zend_Controller_Router_Exception' with message 'No route matched the request'" },
    { string: 'Zend_Controller_Router_Exception', url: randstr, text: "/Zend/Controller/Router/Rewrite.php</b> on line <b>" },

    { version: /<meta name="generator" content="Zend.com CMS ([\d\.]+)"/ },
    { text: '<meta name="vendor" content="Zend Technologies' },

    # X-Powered-By=Zend Framework
    # X-Powered-By=Zend Framework 1.10
    # X-Powered-By: Zend Core/2.5.0

    { regexp: /Zend Framework/, search: "headers[x-powered-by]" },
    { version: /Zend Framework ([a-zA-Z0-9\.\/\+\-\(\)]+)/, string: "Framework", search: "headers[x-powered-by]" },
    { version: /Zend Core\/([a-zA-Z0-9\.\/\+\-\(\)]+)/, string: "Core", search: "headers[x-powered-by]" },

    # Server: Zend Core/2.5.0
    { regexp: /^Zend /, search: "headers[server]" },
    { version: /Zend Core\/([a-zA-Z0-9\.\/\+\-\(\)]+)/, string: "Core", search: "headers[server]" },

  ]

  def aggressive(target)
    # when submiting invalid post to valid controller
    # <h1>Application error!</h1>
    # <p>An application error occured!</p>

    m = []

    response = HTTP.post(target.uri.to_s, form: { whatweb: true })
    aggressive_target = WhatWeb::Target.new(target.uri.to_s, response)
    # open_url

    unless aggressive_target.body.nil?
      if /<h1>Application error!<\/h1>(\r\n|\n)<p>An application error occured!<\/p>/.match?(aggressive_target.body)
        m << { string: "Invalid Post Method" }
      end
    end
    m
  end
end

#zFeederObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/whatweb/plugins/zfeeder.rb', line 9

WhatWeb::Plugin.define "zFeeder" do
  @author = "Brendan Coles <[email protected]>" # 2010-08-22
  @version = "0.1"
  @description = "check zFeeder if you want to show other's RSS content (news and much more) on your website, wapsite or use it on your PC (or intranet) as a news reader."
  @website = "http://zvonnews.sourceforge.net/"

  # Google results as at 2010-08-22 #
  # 319 for "powered by zFeeder"
  # 148 for "powered by zFeeder" inurl:zfposition|zfcategory

  # Dorks #
  @dorks = [
    '"powered by zFeeder" inurl:zfposition|zfcategory'
  ]

  # Matches #
  @matches = [

    # From the homepage: please keep the link: "powered by.." or use the logo
    { text: '<span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: xx-small;">powered by <a href="http://zvonnews.sourceforge.net">zFeeder</a></span>' },

  ]
end

#ZikulaObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/zikula.rb', line 9

WhatWeb::Plugin.define "Zikula" do
  @author = "Brendan Coles <[email protected]>" # 2010-06-12
  @version = "0.1"
  @description = "Zikula is a Web Application Toolkit, which allows you to run impressive websites and build powerful online applications."
  @website = "http://zikula.org"

  # Dorks #
  @dorks = [
    '"Powered by Zikula"'
  ]

  # Matches #
  @matches = [

    # <meta name="Generator" content="Zikula - www.zikula.org" />
    # <meta name="generator" content="Zikula Application Framework - http://zikula.de" />
    # <meta name="Generator" content="Zikula - http://zikula.de" />
    { name: 'meta generator',
      text: '<meta name="Generator" content="Zikula - www.zikula.org" />' },

    { name: 'meta generator de',
      text: '<meta name="Generator" content="Zikula - http://zikula.de" />' },

    { name: 'meta generator - full',
      text: '<meta name="generator" content="Zikula Application Framework - http://zikula.de" />' },

    # Powered by <a href="http://www.zikula.org">Zikula</a>
    # <a href="http://community.zikula.org/" title="Powered by Zikula">Zikula</a>
    { name: 'powered by community text',
      text: '<a href="http://community.zikula.org/" title="Powered by Zikula">Zikula</a>' },

    { name: 'powered by text',
      text: 'Powered by <a href="http://www.zikula.org">Zikula</a>' }

  ]
end

#ZomplogObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/zomplog.rb', line 9

WhatWeb::Plugin.define "Zomplog" do
  @author = "Brendan Coles <[email protected]>" # 2010-09-18
  @version = "0.1"
  @description = "Blog"
  @website = "http://www.zomp.nl/zomplog/index.php"

  # 72 results for "powered by Zomplog" -Vulnerability -exploit @ 2010-09-18

  # Dorks #
  @dorks = [
    '"powered by Zomplog" -Vulnerability -exploit'
  ]

  @matches = [

    # Powered by text
    { text: 'Powered by <a href="http://zomplog.zomp.nl" target="_blank">Zomplog</a>' },

    # Login page # Default title
    { text: '<title>Zomplog &rsaquo; Login</title>' },

    # Login page # Copyright text
    { text: '<td width="135"><div align="right"><span class="style1"><a href="http://www.zomp.nl/zomplog/" target="_blank">zomplog &rsaquo;&rsaquo;</a> </span></div></td>' },

    # Meta generator
    { text: '<meta name="generator" content="Zomplog" />' },

    # Default CSS
    { text: '/* Navbar (Zomplog-specific) */' },

  ]
end

#ZoneMinderObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/whatweb/plugins/zoneminder.rb', line 9

WhatWeb::Plugin.define "ZoneMinder" do
  @author = "Brendan Coles <[email protected]>" # 2011-08-01
  @version = "0.1"
  @description = "Linux video camera security and surveillance solution - Web interface - Requires MySQL and PHP"
  @website = "http://www.zoneminder.com/"

  # ShodanHQ results as at 2013-01-22 #
  # 1,020 for ZMSESSID

  # Google results as at 2011-08-01 #
  # 371 for "ZoneMinder Login" +Username +Password
  #  18 for "ZoneMinder Console - Running" intitle:Console inurl:view=console

  # Dorks #
  @dorks = [
    '"ZoneMinder Console - Running" intitle:Console inurl:view=console',
    '"ZoneMinder Login" "Username" "Password" intitle:Login'
  ]

  # Matches #
  @matches = [

    # favicon # /graphics/favicon.ico
    { md5: "e07c0775523271d629035dc8921dffc7", url: "/graphics/favicon.ico" },

    # ZoneMinder Login Heading
    { text: '<tr><td colspan="2" class="smallhead" align="center">ZoneMinder Login</td></tr>' },

    # Detect number of monitors
    { string: /<div id="monitorSummary"><a href="\?view=groups" onclick="createPopup\( '\?view=groups', 'zmGroups', 'groups' \); return\( false \);">([\d]+ Monitors)<\/a><\/div>/ },
    { string: /<a href="javascript: newWindow\( '\/index\.php\?view=groups', 'zmGroups', 400, 220 \);">([\d]+ Monitors)<\/a>/ },

    # Version Detection
    { version: /Running<\/a> - <a href="\?view=version" onclick="createPopup\( '\?view=version', 'zmVersion', 'version' \); return\( false \);">v([^<^\s]+)<\/a><\/h2>/ },
    { version: /Running<\/a> - <a href="javascript: newWindow\( '\/index\.php\?view=version', 'zmVersion', 320, 140 \);">v([^<^\s]+)<\/a>/ },
    { search: "headers[server]", version: /^ZoneMinder Video Server\/([^\s]+)$/ },

    # ZMSESSID Cookie
    { search: "headers[set-cookie]", regexp: /ZMSESSID=[^;]+/ },

  ]

  # Passive #
  def passive(target)
    m = []

    # Combined Match # h1 Heading and Password field
    if target.body =~ /<h1>ZoneMinder Login<\/h1>/ && target.body =~ /<td class="colRight"><input type="password" name="password" value="" size="12"\/><\/td>/

      m << { name: "h1 Heading and Password field" }

    end

    # Return passive matches
    m
  end
end

#ZopeObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/whatweb/plugins/zope.rb', line 9

WhatWeb::Plugin.define "Zope" do
  @author = "Brendan Coles <[email protected]>" # 2010-11-02
  @version = "0.1"
  @description = "Zope is an open source web application server primarily written in the Python programming language. It features a transactional object database which can store not only content and custom data, but also dynamic HTML templates, scripts, a search engine, and relational database (RDBMS) connections and code."
  @website = "http://www.zope.org/"

  # ShodanHQ results as at 2010-11-02 #
  # 6,219 for Server: Zope

  # Google results as at 2012-03-14 #
  # 88 for inurl:"HelpSys" intitle:"Zope Help System"
  # 40 for inurl:"HelpSys?help_url="

  # Dorks #
  @dorks = [
    'inurl:"HelpSys" intitle:"Zope Help System"'
  ]

  # Matches #
  @matches = [

    # Version # HTTP Server Header
    { search: "headers[server]", version: /Zope\/\(([^,]*)/ },

    # Python # HTTP Server Header
    { search: "headers[server]", module: /Zope\/\([^,]*, ([^,]*)/ },

    # OS # HTTP Server Header
    { search: "headers[server]", string: /Zope\/\([^,]*, [^,]*, ([^\)^\s]*)/ },

  ]
end

#ZophObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # Fixed regex



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/whatweb/plugins/zoph.rb', line 12

WhatWeb::Plugin.define "Zoph" do
  @author = "Brendan Coles <[email protected]>" # 2010-07-11
  @version = "0.2"
  @description = "Zoph (Zoph Organizes Photos) is a web based digital image presentation and management system. In other words, a photo album. It is built with PHP, MySQL and Perl."
  @website = "http://www.zoph.org/"

  # Google results as at 2010-07-10 #
  # 26 for inurl:albums.php inurl:parent_album_id

  # Dorks #
  @dorks = [
    'inurl:albums.php inurl:parent_album_id'
  ]

  @matches = [

    # Default menu HTML
    { text: '<li class="selected"><a href="zoph.php">home</a></li><li ><a href="albums.php">albums</a></li><li ><a href="categories.php">categories</a></li><li >' },

    # Default title
    { text: "<title>Zoph - Home</title>" },

  ]

  def passive(target)
    m = []

    # new versions
    if /        <p class="version">/.match?(target.body)
      if /            Zoph ([\d\.a-zA-Z\-]+)/.match?(target.body)
        version = target.body.scan(/            Zoph ([\d\.a-zA-Z\-]+)/)[0][0]
        m << { version: version }
      end
    end

    # old versions
    if /          <td colspan="2" align="center">/.match?(target.body)
      if /            <font size="-1">Zoph ([\d\.a-zA-Z\-]+)<\/font>/.match?(target.body)
        version = target.body.scan(/            <font size="-1">Zoph ([\d\.a-zA-Z\-]+)<\/font>/)[0][0]
        m << { version: version }
      end
    end

    m
  end
end

#ZotonicObject

This file is part of WhatWeb and may be subject to redistribution and commercial restrictions. Please see the WhatWeb web site for more information on licensing and terms of use. www.morningstarsecurity.com/research/whatweb

Version 0.2 # 2016-04-23 # Andrew Horton Moved patterns from passive function to matches[]



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/whatweb/plugins/zotonic.rb', line 12

WhatWeb::Plugin.define "Zotonic" do
  @author = "Brendan Coles <[email protected]>" # 2011-06-21
  @version = "0.2"
  @description = "Zotonic, The Erlang CMS - Zotonic is an open source content management system for people that want a fast, extensible, flexible and complete system for dynamic web sites. It is built from the ground up with rich internet applications and web publishing in mind."
  @website = "http://zotonic.com/"

  # ShodanHQ results as at 2011-06-21 #
  # 15 for z_pid z_sid
  # 13 for Zotonic

  @matches = [

    # Version Detection # HTTP Server Header
    { regexp: /Zotonic/, search: "headers[server]" },

    # Version Detection # HTTP Server Header
    { version: /Zotonic\/([^\s]+)/, search: "headers[server]" },

  ]

  # Passive #
  def passive(target)
    m = []

    # z_pid and z_sid cookies
    if target.headers["set-cookie"] =~ /z_pid=[^;]+;/ && target.headers["set-cookie"] =~ /z_sid=[^;]+;/
      m << { name: "z_pid and z_sid cookies" }
    end

    # Return passive matches
    m
  end
end