arachni 0.2.2.1

data/modules/recon/grep/cvs_svn_users.rb

@@ -0,0 +1,73 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Modules
+
+#
+# CVS/SVN users recon module.
+#
+# Scans every page for CVS/SVN users.
+#
+# @author: morpheuslaw <msidagni@nopsec.com>
+# @version: 0.1
+#
+class CvsSvnUsers < Arachni::Module::Base
+
+    def initialize( page )
+        @page = page
+    end
+
+    def run
+        regexps = [
+            /\$Author: (.*) \$/,
+            /\$Locker: (.*) \$/,
+            /\$Header: .* (.*) (Exp )?\$/,
+            /\$Id: .* (.*) (Exp )?\$/
+        ]
+
+        matches = regexps.map {
+            |regexp|
+            @page.html.scan( regexp )
+        }.flatten.reject{ |match| !match || match =~ /Exp/ }.map{ |match| match.strip }.uniq
+
+        matches.each {
+            |match|
+            log(
+                :regexp  => regexps.to_s,
+                :match   => match,
+                :element => Issue::Element::BODY
+            )
+        }
+
+    end
+
+    def self.info
+        {
+            :name           => 'CVS/SVN users',
+            :description    => %q{Scans every page for CVS/SVN users.},
+            :author         => 'morpheuslaw <msidagni@nopsec.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{CVS/SVN user disclosure.},
+                :description => %q{A CVS or SVN user is disclosed in the body of the HTML page.},
+                :cwe         => '200',
+                :severity    => Issue::Severity::LOW,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{Remove all CVS and SVN users from the body of the HTML page.},
+                :remedy_code => '',
+            }
+        }
+    end
+
+end
+end
+end

data/modules/recon/grep/emails.rb

@@ -0,0 +1,59 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Modules
+
+#
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class EMails < Arachni::Module::Base
+
+    def initialize( page )
+        @page = page
+    end
+
+    def run( )
+        @@_logged ||= Set.new
+
+        regexp = /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}/i
+        match_and_log( regexp ){
+            |email|
+            return false if @@_logged.include?( email )
+            @@_logged << email
+        }
+    end
+
+    def self.info
+        {
+            :name           => 'E-mail address',
+            :description    => %q{Greps pages for disclosed e-mail addresses.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Disclosed e-mail address.},
+                :description => %q{An e-mail address is being disclosed.},
+                :cwe         => '200',
+                :severity    => Issue::Severity::INFORMATIONAL,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{},
+                :remedy_code => '',
+            }
+        }
+    end
+
+end
+end
+end

data/modules/recon/grep/html_objects.rb

@@ -0,0 +1,53 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Modules
+
+#
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class HTMLObjects < Arachni::Module::Base
+
+    def initialize( page )
+        @page = page
+    end
+
+    def run( )
+        regexp = /\<object(.*)\>(.*)\<\/object\>/im
+        match_and_log( regexp )
+    end
+
+    def self.info
+        {
+            :name           => 'HTML objects',
+            :description    => %q{Greps pages for HTML objects.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Found an HTML object.},
+                :description => %q{},
+                :cwe         => '200',
+                :severity    => Issue::Severity::INFORMATIONAL,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{},
+                :remedy_code => '',
+            }
+        }
+    end
+
+end
+end
+end

data/modules/recon/grep/private_ip.rb

@@ -0,0 +1,54 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Modules
+
+#
+# Private IP address recon module.
+#
+# Scans every page for prvate IP addresses.
+#
+# @author: morpheuslaw <msidagni@nopsec.com>
+# @version: 0.1
+#
+class PrivateIP < Arachni::Module::Base
+
+    def initialize( page )
+        @page = page
+    end
+
+    def run( )
+        regexp = /(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)(?!\.)/
+        match_and_log( regexp )
+    end
+
+    def self.info
+        {
+            :name           => 'Private IP address finder',
+            :description    => %q{Scans pages for private IP addresses.},
+            :author         => 'morpheuslaw <msidagni@nopsec.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Private IP address disclosure.},
+                :description => %q{A private IP address is disclosured in the body of the HTML page},
+                :cwe         => '200',
+                :severity    => Issue::Severity::LOW,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{Remove private IP addresses from the body of the HTML pages.},
+                :remedy_code => '',
+            }
+        }
+    end
+
+end
+end
+end

data/modules/recon/grep/ssn.rb

@@ -0,0 +1,53 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Modules
+
+#
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class SSN < Arachni::Module::Base
+
+    def initialize( page )
+        @page = page
+    end
+
+    def run( )
+        regexp = /^(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$/
+        match_and_log( regexp )
+    end
+
+    def self.info
+        {
+            :name           => 'SSN',
+            :description    => %q{Greps pages for disclosed US Social Security Numbers.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Disclosed US Social Security Number.},
+                :description => %q{A US Social Security Number is being disclosed.},
+                :cwe         => '200',
+                :severity    => Issue::Severity::HIGH,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{Remove all SSN occurences from the page.},
+                :remedy_code => '',
+            }
+        }
+    end
+
+end
+end
+end

data/modules/recon/htaccess_limit.rb

@@ -0,0 +1,82 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+module Modules
+
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Htaccess < Arachni::Module::Base
+
+    include Arachni::Module::Utilities
+
+    def initialize( page )
+        super( page )
+    end
+
+    def run( )
+        return if @page.code != 401
+
+        @http.post( @page.url ).on_complete {
+            |res|
+            __log_results( res ) if res.code == 200
+        }
+    end
+
+    def self.info
+        {
+            :name           => '.htaccess LIMIT misconfiguration',
+            :description    => %q{Checks for misconfiguration in LIMIT directives that blocks
+                GET requests but allows POST.},
+            :elements       => [ ],
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :references     => {},
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Misconfiguration in LIMIT directive of .htaccess file.},
+                :description => %q{The .htaccess file blocks GET requests but allows POST.},
+                :tags        => [ 'htaccess', 'server', 'limit' ],
+                :cwe         => '',
+                :severity    => Issue::Severity::HIGH,
+                :cvssv2       => '',
+                :remedy_guidance    => '',
+                :remedy_code => '',
+            }
+        }
+    end
+
+    def __log_results( res )
+
+        issue = Issue.new( {
+            :url          => res.effective_url,
+            :method       => res.request.method.to_s.upcase,
+            :elem         => Issue::Element::SERVER,
+            :response     => res.body,
+            :headers      => {
+                :request    => res.request.headers,
+                :response   => res.headers,
+            }
+        }.merge( self.class.info ) )
+
+        # register our results with the system
+        register_results( [issue] )
+
+        print_ok( 'Request was accepted: ' + res.effective_url )
+    end
+
+end
+end
+end

data/modules/recon/http_put.rb

@@ -0,0 +1,95 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+module Modules
+
+#
+# HTTP PUT recon module.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.1
+#
+class HTTP_PUT < Arachni::Module::Base
+
+    include Arachni::Module::Utilities
+
+    def initialize( page )
+        super( page )
+
+        @@__checked ||= Set.new
+    end
+
+    def run( )
+
+        path = get_path( @page.url ) + 'Arachni-' + seed.to_s[0..4].to_s
+
+        return if @@__checked.include?( path )
+        @@__checked << path
+
+        body = 'Created by Arachni. PUT' + seed
+
+        @http.request( path, :method => :put, :body => body ).on_complete {
+            |res|
+            next if res.code != 201
+            @http.get( path ).on_complete {
+                |res|
+                __log_results( res ) if res.body && res.body.substring?( 'PUT' + seed )
+            }
+        }
+    end
+
+    def self.info
+        {
+            :name           => 'HTTP PUT',
+            :description    => %q{Checks if uploading files is possible using the HTTP PUT method.},
+            :elements       => [ ],
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1.1',
+            :references     => {},
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{HTTP PUT is enabled.},
+                :description => %q{3rd parties can upload files to the web-server.},
+                :tags        => [ 'http', 'methods', 'put', 'server' ],
+                :cwe         => '650',
+                :severity    => Issue::Severity::HIGH,
+                :cvssv2       => '',
+                :remedy_guidance    => '',
+                :remedy_code => '',
+            }
+        }
+    end
+
+    def __log_results( res )
+
+        issue = Issue.new( {
+            :url          => res.effective_url,
+            :method       => res.request.method.to_s.upcase,
+            :elem         => Issue::Element::SERVER,
+            :response     => res.body,
+            :headers      => {
+                :request    => res.request.headers,
+                :response   => res.headers,
+            }
+        }.merge( self.class.info ) )
+
+        # register our results with the system
+        register_results( [issue] )
+
+        print_ok( 'File has been created: ' + res.effective_url )
+    end
+
+end
+end
+end