RubyGems - intrigue-ident - Versions diffs - 0.1 → 0.2 - Mend

intrigue-ident 0.1 → 0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b379c724034923eb05671859aaaaa17ad8ee2be348bdf4c272c428c16121d3fb
-  data.tar.gz: 138245f1078a14b88fa1651fbd61fa8be202c7bc92fe13a9cae90abf91934415
+  metadata.gz: 1d05d96fbb44b3e9ea2ed428a0c63873fcfe5679a74882faa3534051ffe51338
+  data.tar.gz: 56e52215528ae59c96cdeb9a832ea2e9a7655a607da986499dc714b9a90fa74d
 SHA512:
-  metadata.gz: e7330591c145a0357ca6ded382d1407bff366fab69146f1cf73b8f1cb9aab1e8fca6c3798c7d462753405870def4d115f524f11a0cf022b4ee57eb82898d7c3a
-  data.tar.gz: 55d7000e202d10a0fb7ce64d34f12163ef73d4caf244ddab04c5d1add173e1db3caba6b5e3ada16bc9b875e74dfc096c0485e53bf60184ca11574f0f75bcf9f5
+  metadata.gz: 17b3fe532217c204bd8ac15f42e395268ea010f409f9b37d623d115f4fa24b5a245b77a0b79e9fd5d1a76fd9558443ad13280245d15e012e3f0180f23e6f4b47
+  data.tar.gz: 664d65996160c1ce2ab55569e76b9342f4574a34a6e2aec92f20810590f31056ec568191b14828a35f6745892f6820e24ab863fff50a62b44aae3ad1e8e794ae

data/Gemfile CHANGED Viewed

@@ -2,3 +2,4 @@ source 'https://rubygems.org'
 ruby '2.5.1'
 gem "rspec"
+gem "pry"

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,12 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    coderay (1.1.2)
     diff-lcs (1.3)
+    method_source (0.9.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -20,6 +25,7 @@ PLATFORMS
   ruby
 DEPENDENCIES
+  pry
   rspec
 RUBY VERSION

data/ident.rb CHANGED Viewed

@@ -11,7 +11,7 @@ Dir["#{check_folder}/*.rb"].each { |file| require_relative file }
 module Intrigue
   module Ident
-    VERSION=0.1
+    VERSION=0.2
     def generate_requests_and_check(url)
@@ -42,7 +42,7 @@ module Intrigue
         if response
           # call each check, collecting the product if it's a match
           ggc.last.each do |check|
-            results << _check_response(check, response)
+            results << _match_http_response(check, response)
           end
         end
       end
@@ -53,54 +53,107 @@ module Intrigue
     private
-    # this method takes a check and returns a ~match object if it matches, otherwise
-    # returns nil.
-    def _check_response(check, response)
-      # if type "content", do the content check
-      if check[:type] == :content_body
-        match = {
-          :version => (check[:dynamic_version].call(response) if check[:dynamic_version]) || check[:version],
-          :name => check[:name],
-          :match => check[:type],
-          :hide => check[:hide]
-        } if "#{response.body}" =~ check[:content]
+    def _construct_match_response(check, data)
+      {
+        :version => (check[:dynamic_version].call(data) if check[:dynamic_version]) || check[:version],
+        :name => check[:name],
+        :tags => check[:tags],
+        :match => check[:type],
+        :hide => check[:hide]
+      }
+    end
-      elsif check[:type] == :content_headers
+    def _match_uri(check,data)
-        # construct the headers into a big string block
-        header_string = ""
-        response.each_header do |h,v|
-          header_string << "#{h}: #{v}\n"
-        end
+      # data[:body] => page body
+      # data[:headers] => block of text with headers, one per line
+      # data[:cookies] => set_cookie header
+      # data[:body_md5] => md5 hash of the body
+      # if type "content", do the content check
-        match = {
-          :version => (check[:dynamic_version].call(response) if check[:dynamic_version]) || check[:version],
-          :name => check[:name],
-          :match => check[:type],
-          :hide => check[:hide]
-        } if header_string =~ check[:content]
+      if check[:type] == :content_body
+        match = _construct_match_response(check,data) if data["details"]["hidden_response_data"] =~ check[:content]
+      elsif check[:type] == :content_headers
+        match = _construct_match_response(check,data) if data["details"]["headers"].join("\n") =~ check[:content]
       elsif check[:type] == :content_cookies
         # Check only the set-cookie header
-        match = {
-          :version => (check[:dynamic_version].call(response) if check[:dynamic_version]) || check[:version],
-          :name => check[:name],
-          :match => check[:type],
-          :hide => check[:hide]
-        } if response.header['set-cookie'] =~ check[:content]
+        match = _construct_match_response(check,data) if data["details"]["cookies"] =~ check[:content]
       elsif check[:type] == :checksum_body
-        match = {
-          :version => (check[:dynamic_version].call(response) if check[:dynamic_version]) || check[:version],
-          :name => check[:name],
-          :match => check[:type],
-          :hide => check[:hide]
-        } if Digest::MD5.hexdigest("#{response.body}") == check[:checksum]
+        match = _construct_match_response(check,data) if Digest::MD5.hexdigest(data["details"]["response_data_hash"]) == check[:checksum]
       end
     match
     end
+    # this method takes a check and a net/http response object and
+    # constructs it into a format that's matchable. it then attempts
+    # to match, and returns a match object if it matches, otherwise
+    # returns nil.
+    def _match_http_response(check, response)
+      # Construct an Intrigue Entity of type Uri so we can match it
+      data  = []
+=begin
+      json = '{
+      	"id": 1572,
+      	"type": "Intrigue::Entity::Uri",
+      	"name": "http://69.162.37.69:80",
+      	"deleted": false,
+      	"hidden": false,
+      	"detail_string": "Server:  | App:  | Title: Index page",
+      	"details": {
+      		"uri": "http://69.162.37.69:80",
+      		"code": "200",
+      		"port": 80,
+      		"forms": false,
+      		"title": "Index page",
+      		"verbs": null,
+      		"headers": ["content-length: 701", "last-modified: Tue, 03 Jul 2018 16:55:36 GMT", "cache-control: no-cache", "content-type: text/html"],
+      		"host_id": 1571,
+      		"scripts": [],
+      		"products": [],
+      		"protocol": "tcp",
+      		"ip_address": "69.162.37.69",
+      		"javascript": [],
+      		"fingerprint": [],
+      		"api_endpoint": false,
+      		"masscan_string": "sudo masscan -p80,443,2004,3389,7001,8000,8080,8081,8443,U:161,U:500 --max-rate 10000 -oL /tmp/masscan20180703-9816-18n0ri --range 69.162.0.0/18",
+      		"app_fingerprint": [],
+      		"hidden_original": "http://69.162.37.69:80",
+      		"response_data_hash": "7o0r6ie5DOrJJnz1sS7RGO4XWsNn3hWykbwGkGnySWU=",
+      		"server_fingerprint": [],
+      		"enrichment_complete": ["enrich/uri"],
+      		"include_fingerprint": [],
+      		"enrichment_scheduled": ["enrich/uri"],
+      		"hidden_response_data": "",
+      		"hidden_screenshot_contents": """
+      	},
+      	"task_results": [{
+      		"id": 32,
+      		"name": "masscan_scan_on_69.162.0.0/18",
+      		"base_entity_name": "69.162.0.0/18",
+      		"base_entity_type": "Intrigue::Entity::NetBlock"
+      	}],
+      	"generated_at": "2018-07-04T03:43:11+00:00"
+      }'
+=end
+      data = {}
+      data["details"] = {}
+      data["details"]["hidden_response_data"] = "#{response.body}"
+      # construct the headers into a big string block
+      headers = []
+      response.each_header do |h,v|
+        headers << "#{h}: #{v}"
+      end
+      data["details"]["headers"] = headers
+      data["details"]["cookies"] = response.header['set-cookie']
+      data["details"]["response_data_hash"] = Digest::SHA256.base64digest("#{response.body}")
+      # call the actual matcher & return
+      _match_uri check, data
+    end
     def _http_request(method, uri_string, credentials=nil, headers={}, data=nil, limit = 10, open_timeout=15, read_timeout=15)
       response = nil
@@ -121,7 +174,6 @@ module Intrigue
         end
         until( found || attempts >= max_attempts)
-         #puts "Getting #{uri}, attempt #{attempts}"
          attempts+=1
          # proxy configuration, disabled for now
@@ -134,8 +186,6 @@ module Intrigue
          proxy_addr = nil
          proxy_port = nil
          # set options
          opts = {}
          if uri.instance_of? URI::HTTPS

data/lib/checks/amazon.rb CHANGED Viewed

@@ -14,7 +14,7 @@ class Amazon < Intrigue::Ident::Check::Base
         :type => :content_headers,
         :content => /awselb\/\d.\d/,
         :hide => true,
-        :dynamic_version => lambda { |x| x["server"].match(/awselb\/(\d.\d)/).captures[0] },
+        :dynamic_version => lambda { |x| x[:headers].match(/awselb\/(\d.\d)/).captures[0] },
         :verify_sites => ["http://52.4.103.22:80"],
         :paths => ["#{uri}"]
       }

data/lib/checks/aruba.rb CHANGED Viewed

@@ -6,7 +6,6 @@ class Aruba < Intrigue::Ident::Check::Base
   def generate_checks(url)
     [
       {
-        :name => "Aruba Wireless Controller",
         :description => "Aruba Wireless Controller",
         :version => nil,
         :type => :content_body,

data/lib/checks/asp_net.rb CHANGED Viewed

@@ -6,6 +6,7 @@ class AspNet < Intrigue::Ident::Check::Base
   def generate_checks(uri)
     [
       {
+        :accept => "Intrigue::Entity::Uri",
         :name => "ASP.NET",
         :description => "ASP.Net Error Message",
         :version => nil,
@@ -16,6 +17,7 @@ class AspNet < Intrigue::Ident::Check::Base
         :paths => ["#{uri}"]
       },
       {
+        :accept => "Intrigue::Entity::Uri",
         :name => "ASP.NET",
         :description => "X-AspNet Header",
         :version => nil,

data/lib/checks/oracle.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Check
             :type => :content_headers,
             :content => /Sun GlassFish Enterprise Server/,
             :hide => true,
-            :dynamic_version => lambda { |x| x["server"].match(/Sun GlassFish Enterprise Server v([\d\.])/).captures[0] },
+            :dynamic_version => lambda { |x| x["details"]["headers"].join("\n").match(/Sun GlassFish Enterprise Server v([\d\.])/).captures[0] },
             :examples => ["http://52.4.12.185/"],
             :paths => ["#{uri}"]
           },
@@ -25,7 +25,7 @@ module Check
             :type => :content_headers,
             :content => /GlassFish Server Open Source Edition/,
             :hide => true,
-            :dynamic_version => lambda { |x| x["server"].match(/GlassFish Server Open Source Edition\s+([\d\.]+)$/).captures[0] },
+            :dynamic_version => lambda { |x| x["details"]["headers"].join("\n").match(/GlassFish Server Open Source Edition\s+([\d\.]+)$/).captures[0] },
             :examples => ["http://52.2.97.57:80"],
             :paths => ["#{uri}"]
           }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: intrigue-ident
 version: !ruby/object:Gem::Version
-  version: '0.1'
+  version: '0.2'
 platform: ruby
 authors:
 - jcran