Class: Yawast::Scanner::Plugins::Http::Generic

Inherits:
Object
  • Object
show all
Defined in:
lib/scanner/plugins/http/generic.rb

Class Method Summary collapse

Class Method Details

.check_options(uri) ⇒ Object 



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/scanner/plugins/http/generic.rb', line 58

def self.check_options(uri)
  begin
    req = Yawast::Shared::Http.get_http(uri)
    req.use_ssl = uri.scheme == 'https'
    headers = Yawast::Shared::Http.get_headers
    res = req.request(Options.new('/', headers))

    unless res['Public'].nil?
      Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
      Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']

      puts ''
    end

    unless res['Allow'].nil?
      Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
      Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']

      puts ''
    end
  end
end

.check_propfind(uri) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/scanner/plugins/http/generic.rb', line 8

def self.check_propfind(uri)
  begin
    req = Yawast::Shared::Http.get_http(uri)
    req.use_ssl = uri.scheme == 'https'
    headers = Yawast::Shared::Http.get_headers
    res = req.request(Propfind.new('/', headers))

    if res.code.to_i <= 400 && res.body.length.positive? && res['Content-Type'] == 'text/xml'
      Yawast::Utilities.puts_warn 'Possible Info Disclosure: PROPFIND Enabled'
      puts "\t\t\"curl -X PROPFIND #{uri}\""

      puts ''

      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'http_propfind_enabled',
                                      {vulnerable: true, body: res.body, code: res.code,
                                       content_type: res['Content-Type'], length: res.body.length}
    else
      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'http_propfind_enabled',
                                      {vulnerable: false, body: res.body, code: res.code,
                                       content_type: res['Content-Type'], length: res.body.length}
    end
  end
end

.check_trace(uri) ⇒ Object 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/scanner/plugins/http/generic.rb', line 34

def self.check_trace(uri)
  begin
    req = Yawast::Shared::Http.get_http(uri)
    req.use_ssl = uri.scheme == 'https'
    headers = Yawast::Shared::Http.get_headers
    res = req.request(Trace.new('/', headers))

    if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
      Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
      puts "\t\t\"curl -X TRACE #{uri}\""

      puts ''

      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'http_trace_enabled',
                                      {vulnerable: true, body: res.body, code: res.code}
    else
      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'http_trace_enabled',
                                      {vulnerable: false, body: res.body, code: res.code}
    end
  end
end