Class: Yawast::Scanner::Apache

Inherits:
Object
  • Object
show all
Defined in:
lib/scanner/apache.rb

Class Method Summary collapse

Class Method Details

.check_all(uri, head) ⇒ Object 



38
39
40
41
42
43
44
45
 
# File 'lib/scanner/apache.rb', line 38

def self.check_all(uri, head)
  #this check for @apache may yield false negatives.. meh.
  if @apache
    #run all the defined checks
    check_server_status(uri.copy)
    check_server_info(uri.copy)
  end
end

.check_banner(banner) ⇒ Object 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/scanner/apache.rb', line 4

def self.check_banner(banner)
  #don't bother if this doesn't look like Apache
  return if !banner.include? 'Apache'
  @apache = true

  modules = banner.split(' ')
  server = modules[0]

  #hack - fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
  # if we don't do this, it triggers a false positive on the module check
  if /\(\w*\)/.match modules[1]
    server += " #{modules[1]}"
    modules.delete_at 1
  end

  #print the server info no matter what we do next
  Yawast::Utilities.puts_info "Apache Server: #{server}"
  modules.delete_at 0

  if modules.count > 0
    Yawast::Utilities.puts_warn 'Apache Server: Module listing enabled'
    modules.each { |mod| Yawast::Utilities.puts_warn "\t\t#{mod}" }
    puts ''

    #check for special items
    modules.each do |mod|
      if mod.include? 'OpenSSL'
        Yawast::Utilities.puts_warn "OpenSSL Version Disclosure: #{mod}"
        puts ''
      end
    end
  end
end

.check_server_info(uri) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/scanner/apache.rb', line 59

def self.check_server_info(uri)
  uri.path = '/server-info'
  uri.query = '' if uri.query != nil

  ret = Yawast::Shared::Http.get(uri)

  if ret.include? 'Apache Server Information'
    Yawast::Utilities.puts_vuln "Apache Server Info page found: #{uri}"
    puts ''
  end
end

.check_server_status(uri) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/scanner/apache.rb', line 47

def self.check_server_status(uri)
  uri.path = '/server-status'
  uri.query = '' if uri.query != nil

  ret = Yawast::Shared::Http.get(uri)

  if ret.include? 'Apache Server Status'
    Yawast::Utilities.puts_vuln "Apache Server Status page found: #{uri}"
    puts ''
  end
end