RubyGems - intrigue-ident - Versions diffs - 0.1 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

data/lib/checks/atlassian.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module Intrigue
+module Ident
+module Check
+class Atlassian < Intrigue::Ident::Check::Base
+  def generate_checks(uri)
+    [
+      {
+        :name => "Atlassian BitBucket",
+        :description => "Atlassian BitBucket",
+        :version => nil,
+        :type => :content_body,
+        :content => /com.atlassian.bitbucket.server/i,
+        :paths => ["#{uri}"]
+      },
+      {
+        :name => "Atlassian Confluence",
+        :description => "Atlassian Confluence",
+        :version => nil,
+        :type => :content_headers,
+        :content => /X-Confluence-Request-Time/i,
+        :paths => ["#{uri}"]
+      },
+      {
+        :name => "Atlassian Crucible",
+        :description => "Atlassian Crucible",
+        :version => nil,
+        :type => :content_body,
+        :content => /FishEye and Crucible/,
+        :dynamic_version => lambda{|x|
+          if x.body.scan(/Log in to FishEye and Crucible (.*)\</)[0]
+            x.body.scan(/Log in to FishEye and Crucible (.*)\</)[0].first
+          end
+        },
+        :paths => ["#{uri}"]
+      },
+      {
+        :name => "Atlassian Jira",
+        :description => "Atlassian Jira",
+        :version => nil,
+        :type => :content_cookies,
+        :content => /atlassian.xsrf.token/i,
+        :dynamic_version => lambda{ |x|
+          if x.body.scan(/<span id="footer-build-information">(.*)-<span/)[0]
+            x.body.scan(/<span id="footer-build-information">(.*)-<span/)[0].first.gsub("(","")
+          end
+        },
+        :paths => ["#{uri}"]
+      }
+    ]
+  end
+end
+end
+end
+end

data/lib/checks/base.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Intrigue
+module Ident
+module Check
+class Base
+  def self.inherited(base)
+    CheckFactory.register(base)
+  end
+end
+end
+end
+end

data/lib/checks/chef.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Intrigue
+module Ident
+module Check
+    class Chef < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Chef Server",
+            :description => "Chef Server",
+            :version => nil,
+            :type => :content_body,
+            :content => /<title>Chef Server<\/title>/,
+            :dynamic_version => lambda{|x| x.body.scan(/Version\ (.*)\ &mdash;/)[0].first },
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Chef Server",
+            :description => "Chef Server",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /chef-manage/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/cisco.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Intrigue
+module Ident
+module Check
+    class Cisco < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Cisco SSL VPN",
+            :description => "Cisco SSL VPN",
+            :tags => ["tech:vpn"],
+            :version => nil,
+            :type => :content_cookies,
+            :content => /webvpn/,
+            :hide => false,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cisco Router",
+            :description => "Cisco Router",
+            :version => nil,
+            :type => :content_headers,
+            :content => /server: cisco-IOS/,
+            :hide => false,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/citrix.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Intrigue
+module Ident
+module Check
+    class Citrix < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Citrix Netscaler Gateway",
+            :description => "Citrix Netscaler Gateway",
+            :tags => ["tech:vpn"],
+            :version => nil,
+            :type => :content_body,
+            :content => /<title>Netscaler Gateway/,
+            :hide => false,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/cloudflare.rb ADDED Viewed

@@ -0,0 +1,59 @@
+module Intrigue
+module Ident
+module Check
+    class Cloudflare < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Cloudflare",
+            :description => "Cloudflare Accelerated Page",
+            :version => "",
+            :type => :content_cookies,
+            :content => /__cfduid/i,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudflare",
+            :description => "Cloudflare Server",
+            :version => "",
+            :type => :content_headers,
+            :content => /cloudflare-nginx/i,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudflare",
+            :description => "Cloudflare - Direct IP Access",
+            :tags => ["error_page"],
+            :version => "",
+            :type => :content_body,
+            :content => /<title>Direct IP access not allowed \| Cloudflare/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudflare",
+            :description => "Cloudflare Error",
+            :tags => ["error_page"],
+            :version => "",
+            :type => :content_body,
+            :content => /cferror_details/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudflare",
+            :description => "Cloudfront Error - Direct IP Access",
+            :version => "",
+            :type => :content_body,
+            :content => /403\ Forbidden<\/h1><\/center>\n<hr><center>cloudflare<\/center>/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/cloudfront.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module Intrigue
+module Ident
+module Check
+    class Cloudfront < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Cloudfront - Error (Body)",
+            :description => "Cloudfront - no configured hostname",
+            :version => "",
+            :type => :content_body,
+            :content => /ERROR: The request could not be satisfied/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudfront - Error (Headers)",
+            :description => "Cloudfront - no configured hostname",
+            :version => "",
+            :type => :content_headers,
+            :content => /Error from cloudfront/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Cloudfront - 403 (Body)",
+            :description => "Cloudfront - 403",
+            :version => "",
+            :type => :content_body,
+            :content => /<h1>403 Forbidden<\/h1><\/center>\n<hr><center>cloudflare/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/cpanel.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Intrigue
+module Ident
+module Check
+    class Cpanel < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "cPanel Hosted - Missing Page",
+            :description => "cPanel Hosted, but either misconfigured, or accessed via ip vs hostname?",
+            :version => nil,
+            :type => :content_body,
+            :content => /URL=\/cgi-sys\/defaultwebpage.cgi/,
+            :hide => true,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/django.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Django < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Django",
+            :description => "Django Admin Page",
+            :version => nil,
+            :type => :content_body,
+            :content => /<title>Log in \| Django site admin<\/title>/,
+            :paths => ["#{uri}/admin"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/drupal.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Intrigue
+module Ident
+module Check
+    class Drupal < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Drupal",
+            :description => "Drupal CMS",
+            :version => nil,
+            :type => :content_body,
+            :content => /Drupal/,
+            :dynamic_version => lambda { |x|
+              version = x.body.scan(/^(Drupal.*)[ ,<\.].*$/)[0]
+              return version.first.gsub("Drupal ","").gsub(",","").chomp if version
+            },
+            :paths => ["#{uri}/CHANGELOG.txt"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/f5.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Intrigue
+module Ident
+module Check
+    class F5 < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "F5 BIG-IP APM",
+            :description => "F5 BIG-IP APM",
+            :tags => ["tech:vpn"],
+            :version => nil,
+            :type => :content_cookies,
+            :content => /MRHSession/,
+            :hide => false,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/fastly.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Fastly < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Fastly",
+            :description => "",
+            :version => "",
+            :type => :content_headers,
+            :content => /x-fastly-backend-reqs/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/generic.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Intrigue
+module Ident
+module Check
+    class Generic < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Content Missing (404)",
+            :description => "Content Missing (404) - Could be an API, or just serving something at another location. TODO ... is this ECS-specific? (check header)",
+            :tags => ["error_page"],
+            :version => nil,
+            :type => :content_body,
+            :content => /<title>404 - Not Found<\/title>/,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/gitlab.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Gitlab < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Gitlab",
+            :description => "Gitlab",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /_gitlab_session/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/google.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Intrigue
+module Ident
+module Check
+    class Google < Intrigue::Ident::Check::Base
+      def generate_checks(uri)
+        [
+          {
+            :name => "Google",
+            :description => "Google Missing Page",
+            :type => :content_body,
+            :version => "",
+            :content => /The requested URL <code>\/<\/code> was not found on this server\./,
+            :hide => true,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

intrigue-ident 0.1