Class: Yawast::Scanner::Iis

Inherits:

Object

• Object
• Yawast::Scanner::Iis

Defined in:

lib/scanner/iis.rb

Class Method Summary

• .check_all(uri, head) ⇒ Object
• .check_asp_banner(head) ⇒ Object
• .check_asp_net_debug(uri) ⇒ Object
• .check_banner(banner) ⇒ Object
• .check_mvc_version(head) ⇒ Object

Class Method Details

.check_all(uri, head) ⇒ Object

# File 'lib/scanner/iis.rb', line 13

def self.check_all(uri, head)
  return if !@iis

  #run all the defined checks
  check_asp_banner(head)
  check_mvc_version(head)
  check_asp_net_debug(uri)
end

.check_asp_banner(head) ⇒ Object

# File 'lib/scanner/iis.rb', line 22

def self.check_asp_banner(head)
  head.each do |k, v|
    if k.downcase == 'x-aspnet-version'
      Yawast::Utilities.puts_warn "ASP.NET Version: #{v}"
      puts ''
    end
  end
end

.check_asp_net_debug(uri) ⇒ Object

# File 'lib/scanner/iis.rb', line 40

def self.check_asp_net_debug(uri)
  begin
    req = Yawast::Shared::Http.get_http(uri)
    req.use_ssl = uri.scheme == 'https'
    headers = Yawast::Shared::Http.get_headers
    headers['Command'] = 'stop-debug'
    headers['Accept'] = '*/*'
    res = req.request(Debug.new('/', headers))

    if res.code == 200
      Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
    end
  end
end

.check_banner(banner) ⇒ Object

# File 'lib/scanner/iis.rb', line 4

def self.check_banner(banner)
  #don't bother if this doesn't include IIS
  return if !banner.include? 'Microsoft-IIS/'
  @iis = true

  Yawast::Utilities.puts_warn "IIS Version: #{banner}"
  puts ''
end

.check_mvc_version(head) ⇒ Object

# File 'lib/scanner/iis.rb', line 31

def self.check_mvc_version(head)
  head.each do |k, v|
    if k.downcase == 'x-aspnetmvc-version'
      Yawast::Utilities.puts_warn "ASP.NET MVC Version: #{v}"
      puts ''
    end
  end
end