Class: Yawast::Scanner::Plugins::Servers::Nginx

Inherits:
Object
  • Object
show all
Defined in:
lib/scanner/plugins/servers/nginx.rb

Class Method Summary collapse

Class Method Details

.check_all(uri) ⇒ Object 



24
25
26
 
# File 'lib/scanner/plugins/servers/nginx.rb', line 24

def self.check_all(uri)
  check_status_page uri.copy
end

.check_banner(banner) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/scanner/plugins/servers/nginx.rb', line 8

def self.check_banner(banner)
  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'nginx_version_exposed',
                                  {vulnerable: false, version: nil}

  # don't bother if this doesn't include nginx
  return unless banner.include? 'nginx/'

  Yawast::Utilities.puts_warn "nginx Version: #{banner}"
  puts ''

  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'nginx_version_exposed',
                                  {vulnerable: true, version: banner}
end

.check_status_page(uri) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/scanner/plugins/servers/nginx.rb', line 28

def self.check_status_page(uri)
  uri.path = '/status'
  uri.query = '' unless uri.query.nil?

  body = Yawast::Shared::Http.get(uri)

  if body.include? 'Active connections:'
    Yawast::Utilities.puts_vuln "Nginx status page found: #{uri}"

    Yawast::Shared::Output.log_hash 'vulnerabilities',
                                    'nginx_status_found',
                                    {vulnerable: true, uri: uri, body: body}

    puts ''
  else
    Yawast::Shared::Output.log_hash 'vulnerabilities',
                                    'nginx_status_found',
                                    {vulnerable: false, uri: uri, body: body}
  end
end