intrigue-ident 0.1

data/lib/checks/grafana.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Grafana < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Grafana",
+            :description => "Grafana",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /grafana_sess/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/jenkins.rb

@@ -0,0 +1,40 @@
+module Intrigue
+module Ident
+module Check
+    class Jenkins < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          { # might need to be its own, but haven't seen it yet outside jenkins
+            :name => "Hudson",
+            :description => "Hudson",
+            :version => nil,
+            :type => :content_headers,
+            :content => /x-hudson/i,
+            :dynamic_version => lambda { |x| x["x-hudson"] },
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Jenkins",
+            :description => "Jenkins",
+            :version => nil,
+            :type => :content_headers,
+            :content => /X-Jenkins-Session/i,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Jenkins",
+            :description => "Jenkins",
+            :version => nil,
+            :type => :content_headers,
+            :content => /x-jenkins/i,
+            :dynamic_version => lambda { |x| x["x-jenkins"] },
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/joomla.rb

@@ -0,0 +1,23 @@
+module Intrigue
+module Ident
+module Check
+    class Joomla < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Joomla!",
+            :description => "Known Joomla Admin Page",
+            :type => :content_body,
+            :version => nil,
+            :content => /files_joomla/i,
+            :references => ["https://twitter.com/GreyNoiseIO/status/987547246538391552"],
+            :paths => ["#{uri}/administrator/manifests/files/joomla.xml"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/limesuvey.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class LimeSurvey < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "LimeSurvey",
+            :description => "LimeSurvey",
+            :type => :content_body,
+            :version => nil,
+            :content => /Donate to LimeSurvey/,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/lithium.rb

@@ -0,0 +1,30 @@
+module Intrigue
+module Ident
+module Check
+    class Lithium < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Lithum ",
+            :description => "Lithium Community Management",
+            :type => :content_cookies,
+            :version => nil,
+            :content => /LithiumVisitor/i,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Lithum",
+            :description => "Lithium Community Management",
+            :type => :content_cookies,
+            :version => nil,
+            :content => /LiSESSIONID/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/magento.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Magento < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Magento",
+            :description => "Magento",
+            :type => :content_body,
+            :version => nil,
+            :content => /Mage.Cookies.path/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/mcafee.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Mcafee < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "McAfee EPolicy Orchestrator",
+            :description => "McAfee EPolicy Orchestrator",
+            :type => :content_body,
+            :version => nil,
+            :content => /McAfee Agent Activity Log/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/mediawiki.rb

@@ -0,0 +1,38 @@
+module Intrigue
+module Ident
+module Check
+    class MediaWiki < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "MediaWiki",
+            :description => "MediaWiki",
+            :type => :content_body,
+            :version => nil,
+            :content => /<a href="\/\/www.mediawiki.org\/">Powered by MediaWiki<\/a>/,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end
+
+
+=begin
+all_checks = [{
+  :uri => "#{uri}",
+  :checklist => [
+  {
+    :name => "Yoast Wordpress SEO Plugin", # won't be used if we have
+    :description => "Yoast Wordpress SEO Plugin",
+    :type => "content",
+    :content => /<!-- \/ Yoast WordPress SEO plugin. -->/,
+    :test_site => "https://ip-50-62-231-56.ip.secureserver.net",
+    :dynamic_name => lambda{|x| x.scan(/the Yoast WordPress SEO plugin v.* - h/)[0].gsub("the ","").gsub(" - h","") }
+  }
+]},
+=end

data/lib/checks/microsoft.rb

@@ -0,0 +1,69 @@
+module Intrigue
+module Ident
+module Check
+    class Microsoft < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Microsoft Forefront TMG",
+            :description => "Microsoft Forefront Threat Management Gateway",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /<title>Microsoft Forefront TMG/,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Microsoft IIS 8.0",
+            :description => "Microsoft IIS 8.0",
+            :version => nil,
+            :type => :content_body,
+            :content => /<img src=\"iis-8.png\"/,
+            :examples => ["http://66.162.2.18:80"],
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Microsoft IIS 8.5",
+            :description => "Microsoft IIS 8.5",
+            :version => nil,
+            :type => :content_body,
+            :content => /<img src=\"iis-85.png\"/,
+            :examples => ["http://103.1.221.151:80"],
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Microsoft Outlook Web Access",
+            :description => "Microsoft Outlook Web Access",
+            :version => nil,
+            :type => :content_headers,
+            :content => /x-owa-version/,
+            :dynamic_version => lambda { |x| x["x-owa-version"] },
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Microsoft Generic Error - 403",
+            :description => "Microsoft Generic Error - 403",
+            :tags => ["error_page"],
+            :version => nil,
+            :type => :content_body,
+            :hide => true,
+            :content => /403 Forbidden. The server denied the specified Uniform Resource Locator (URL)/,
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Microsoft Generic Error - 503",
+            :description => "Microsoft Generic Error - 503",
+            :tags => ["error_page"],
+            :version => nil,
+            :type => :content_body,
+            :hide => true,
+            :content => /HTTP Error 503. The service is unavailable./,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/nagios.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Nagios < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Nagios",
+            :description => "Nagios",
+            :version => nil,
+            :type => :content_headers,
+            :content => /nagios/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/oracle.rb

@@ -0,0 +1,38 @@
+module Intrigue
+module Ident
+module Check
+    class Oracle < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Oracle Glassfish",
+            :description => "Oracle / Sun GlassFish Enterprise Server",
+            :url => "",
+            :version => nil,
+            :type => :content_headers,
+            :content => /Sun GlassFish Enterprise Server/,
+            :hide => true,
+            :dynamic_version => lambda { |x| x["server"].match(/Sun GlassFish Enterprise Server v([\d\.])/).captures[0] },
+            :examples => ["http://52.4.12.185/"],
+            :paths => ["#{uri}"]
+          },
+          {
+            :name => "Oracle Glassfish",
+            :description => "Oracle / Sun GlassFish Enterprise Server",
+            :url => "",
+            :version => nil,
+            :type => :content_headers,
+            :content => /GlassFish Server Open Source Edition/,
+            :hide => true,
+            :dynamic_version => lambda { |x| x["server"].match(/GlassFish Server Open Source Edition\s+([\d\.]+)$/).captures[0] },
+            :examples => ["http://52.2.97.57:80"],
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/palo_alto.rb

@@ -0,0 +1,23 @@
+module Intrigue
+module Ident
+module Check
+    class PaloAlto < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Palo Alto Networks GlobalProtect Portal",
+            :tags => ["tech:vpn"],
+            :description => "Pardot",
+            :version => nil,
+            :type => :content_body,
+            :content => /global-protect\/login.esp/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/pardot.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Pardot < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Pardot",
+            :description => "Pardot",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /pardot/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/pfsense.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+    class Pfsense < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "pfSense Firewall",
+            :description => "pfSense is an open source firewall/router " +
+              "computer software distribution based on FreeBSD. It is " +
+              "installed on a physical computer or a virtual machine to" +
+              "make a dedicated firewall/router for a network",
+            :version => nil,
+            :type => :content_body,
+            :content => /Login to pfSense/,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/phpmyadmin.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class PhpMyAdmin < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "PhpMyAdmin",
+            :description => "PhpMyAdmin",
+            :version => nil,
+            :type => :content_cookies,
+            :content => /phpMyAdmin=/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end