Class: Watobo::Modules::Passive::Detect_infrastructure

Inherits:
PassiveCheck
  • Object
show all
Defined in:
modules/passive/detect_infrastructure.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Constructor Details

#initialize(project) ⇒ Detect_infrastructure

Returns a new instance of Detect_infrastructure.



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'modules/passive/detect_infrastructure.rb', line 27

def initialize(project)
  @project = project
  super(project)

  @info.update(
  :check_name => 'Infrastructure Information',    # name of check which briefly describes functionality, will be used for tree and progress views
  :description => "Searching for information in response body which may reveal information about Plattform, CMS-Systems, Application Server, ...",   # description of checkfunction
  :author => "Andreas Schmidt", # author of check
  :version => "0.9"   # check version
  )

  @finding.update(
  :threat => 'Information about the underlying infrastructure may help an attacker to perform specialized attacks.',        # thread of vulnerability, e.g. loss of information
  :class => "Infrastructure",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
  :type => FINDING_TYPE_INFO         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
  )

  @pattern_list = []
  @pattern_list << [ 'Server', Regexp.new('<address>(.*)Server at') ]
  @pattern_list << [ 'eZPublish CMS', Regexp.new('title="(eZ Publish)')]
  @pattern_list << [ 'Imperia CMS', Regexp.new('content=[^>]*(IMPERIA [\d\.]*)')]
  @pattern_list << [ 'Typo3 CMS', Regexp.new('content=[^>]*(TYPO3 [\d\.]* CMS)')]
  @pattern_list << [ 'Open Text CMS', Regexp.new('published by[^>]*(Open Text Web Solutions[\-\s\d\.]*)')]
  #<meta name="generator" content="Sefrengo / www.sefrengo.org" >
  #<meta name="author" content="CMS Sefrengo">
  @pattern_list << [ 'Sefrengo CMS', Regexp.new('content=[^>]*(Sefrengo[\s\d\.]*)')]
  @pattern_list << [ 'Tomcat', Regexp.new('(Apache Tomcat\/\d{1,4}\.\d{1,4}\.\d{1,4})') ]
  @pattern_list << [ 'Microsoft-IIS', Regexp.new('<img src="welcome.png" alt="(IIS7)"')]
#          When it’s a SharePoint 2010 site, you will get the result is like this: MicrosoftSharePointTeamServices: 14.0.0.6106
@pattern_list << [ 'SharePoint 2010', Regexp.new('MicrosoftSharePointTeamServices.*14.0.0.6106')]
# And in SharePoint 2007 site, the result is like this: MicrosoftSharePointTeamServices:12.0.0.4518
@pattern_list << [ 'SharePoint 2007', Regexp.new('MicrosoftSharePointTeamServices.*12.0.0.4518')]
  # "vaadinVersion":"7.0.4"
  @pattern_list << [ 'VAADIN }>', Regexp.new('vaadinVersion":"(\d+\.\d+\.\d+)')]
  @pattern_list << [ 'JBoss'    ,Regexp.new('JBoss Web.(\d+\.\d+\.\d+)')]

  #@pattern_list << 'sample code'

end

Instance Method Details

#do_test(chat) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'modules/passive/detect_infrastructure.rb', line 67

def do_test(chat)
  begin
     # puts "running module: #{Module.nesting[0].name}"
    #   puts "body" + chat.response.body.join
    return if chat.response.nil? or chat.response.body.nil?
    if chat.response.content_type =~ /text/ then
        body = chat.response.body.unpack("C*").pack("C*")
        @pattern_list.each do |pat|
          if body =~ /(#{pat[1]})/i then
            #   puts "!!! MATCH !!!"
            match = $1
            addFinding(
            :proof_pattern => "#{match}",
            :chat => chat,
            :title => "[#{pat[0]}] - #{match.slice(0..21)}"
            )
            break
          end
      end
    end
  rescue => bang
    puts "ERROR!! #{Module.nesting[0].name}"
    puts bang
    if $DEBUG
      puts bang.backtrace 
      puts chat.response.join
    end
  end
end