intrigue-ident 0.1

data/lib/checks/rabbitmq.rb

@@ -0,0 +1,29 @@
+module Intrigue
+module Ident
+module Check
+    class Rabbitmq < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+           {
+             :name => "RabbitMQ",
+             :description => "RabbitMQ",
+             :type => :content_body,
+             :version => nil,
+             :content => /RabbitMQ Management/,
+             :paths => ["#{uri}"]
+           },
+           {
+            :name => "RabbitMQ API",
+            :description => "RabbitMQ API",
+            :type => :content_body,
+            :version => nil,
+            :content => /RabbitMQ Management HTTP API/,
+            :paths => ["#{uri}/api"]
+          }
+        ]
+      end
+    end
+  end
+  end
+  end

data/lib/checks/spring.rb

@@ -0,0 +1,31 @@
+module Intrigue
+module Ident
+module Check
+    class Spring < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Spring",
+            :description => "Standard Spring Error Message",
+            :type => :content_body,
+            :version => nil,
+            :content =>  /{"timestamp":\d.*,"status":999,"error":"None","message":"No message available"}/,
+            :references => ["https://github.com/spring-projects/spring-boot"],
+            :paths => ["#{uri}/donotbealarmedthisisjusttestingagenericerrorpage"]
+          },
+          {
+            :name => "Spring",
+            :description => "Standard Spring MVC error page",
+            :type => :content_body,
+            :version => nil,
+            :content => /{"timestamp":\d.*,"status":999,"error":"None","message":"No message available"}/,
+            :paths => ["#{uri}/error.json"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/team_city.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class TeamCity < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "TeamCity Continuous Integration",
+            :description => "TeamCity Continuous Integration",
+            :version => nil,
+            :type => :content_body,
+            :content => /icons\/teamcity.black.svg/i,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/telerik.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+    class Telerik < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Telerik Sitefinity",
+            :description => "Telerik Sitefinity is an ASP.NET 2.0-based Content Management System (CMS)",
+            :url => "https://www.sitefinity.com/",
+            :version => nil,
+            :type => :content_body,
+            :content => /Telerik.Sitefinity.Resources/,
+            :dynamic_version => lambda { |x| x.body.match(/Version=([\d\.]+),/).captures[0] },
+            :verify_sites => [],
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/tomcat.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class Tomcat < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Apache Tomcat",
+            :description => "Tomcat Application Server",
+            :type => :content_body,
+            :version => nil,
+            :content => /<title>Apache Tomcat/,
+            :dynamic_version => lambda{|x| x.body.scan(/<title>(.*)<\/title>/)[0].first.gsub("Apache Tomcat/","").gsub(" - Error report","").chomp },
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+    end
+end
+end
+end

data/lib/checks/varnish.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+    class Varnish < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Varnish",
+            :description => "Varnish Proxy",
+            :version => nil,
+            :type => :content_headers,
+            :content => /via: [0-9]\.[0-9] varnish/i,
+            :dynamic_version => lambda{ |x|
+              m = nil
+              x.each_header{|h,v| m = v if (h == "via" && v =~ /varnish/) }
+              m.gsub("varnish ","") if m
+            },
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+end
+end
+end

data/lib/checks/wordpress.rb

@@ -0,0 +1,120 @@
+module Intrigue
+module Ident
+module Check
+    class Wordpress < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "Wordpress",
+            :description => "Wordpress WP-JSON endpoint",
+            :version => nil,
+            :type => :content_body,
+            :content => /gmt_offset/,
+            :paths => ["#{uri}/wp-json"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.0",
+            :type => :checksum_body,
+            :checksum => "a306a72ce0f250e5f67132dc6bcb2ccb",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.1",
+            :type => :checksum_body,
+            :checksum => "4f04728cb4631a553c4266c14b9846aa",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.2",
+            :type => :checksum_body,
+            :checksum => "25e1e78d5b0c221e98e14c6e8c62084f",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.3",
+            :type => :checksum_body,
+            :checksum => "83c83d0f0a71bd57c320d93e59991c53",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.5",
+            :type => :checksum_body,
+            :checksum => "7293453cf0ff5a9a4cfe8cebd5b5a71a",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.6",
+            :type => :checksum_body,
+            :checksum => "61740709537bd19fb6e03b7e11eb8812",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.7",
+            :type => :checksum_body,
+            :checksum => "e6bbc53a727f3af003af272fd229b0b2",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.7.1",
+            :type =>:checksum_body,
+            :checksum => "e6bbc53a727f3af003af272fd229b0b2",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          },
+          {
+            :name => "Wordpress",
+            :description => "Wordpress TinyMCE Editor",
+            :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
+            :version => "2.9.1",
+            :type => :checksum_body,
+            :checksum => "128e75ed19d49a94a771586bf83265ec",
+            :paths => ["#{uri}/wp-includes/js/tinymce/tiny_mce.js"]
+          }
+        ]
+      end
+
+
+=begin
+all_checks = [{
+  :uri => "#{uri}",
+  :checklist => [
+  {
+    :name => "Yoast Wordpress SEO Plugin", # won't be used if we have
+    :description => "Yoast Wordpress SEO Plugin",
+    :type => "content",
+    :content => /<!-- \/ Yoast WordPress SEO plugin. -->/,
+    :test_site => "https://ip-50-62-231-56.ip.secureserver.net",
+    :dynamic_name => lambda{|x| x.scan(/the Yoast WordPress SEO plugin v.* - h/)[0].gsub("the ","").gsub(" - h","") }
+  }
+]},
+=end
+
+
+    end
+end
+end
+end

data/lib/checks/wp_engine.rb

@@ -0,0 +1,22 @@
+module Intrigue
+module Ident
+module Check
+    class WpEngine < Intrigue::Ident::Check::Base
+
+      def generate_checks(uri)
+        [
+          {
+            :name => "WPEngine",
+            :description => "WPEngine - Access site by IP",
+            :version => nil,
+            :type => :content_body,
+            :content => /This domain is successfully pointed at WP Engine, but is not configured for an account on our platform./,
+            :paths => ["#{uri}"]
+          }
+        ]
+      end
+
+    end
+end
+end
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: intrigue-ident
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- jcran
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-07-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Fingerprinter for Intrigue Data
+email:
+- jcran@intrigue.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- ident.rb
+- intrigue-ident.gemspec
+- lib/check_factory.rb
+- lib/checks/akamai.rb
+- lib/checks/amazon.rb
+- lib/checks/aruba.rb
+- lib/checks/asp_net.rb
+- lib/checks/atlassian.rb
+- lib/checks/base.rb
+- lib/checks/chef.rb
+- lib/checks/cisco.rb
+- lib/checks/citrix.rb
+- lib/checks/cloudflare.rb
+- lib/checks/cloudfront.rb
+- lib/checks/cpanel.rb
+- lib/checks/django.rb
+- lib/checks/drupal.rb
+- lib/checks/f5.rb
+- lib/checks/fastly.rb
+- lib/checks/generic.rb
+- lib/checks/gitlab.rb
+- lib/checks/google.rb
+- lib/checks/grafana.rb
+- lib/checks/jenkins.rb
+- lib/checks/joomla.rb
+- lib/checks/limesuvey.rb
+- lib/checks/lithium.rb
+- lib/checks/magento.rb
+- lib/checks/mcafee.rb
+- lib/checks/mediawiki.rb
+- lib/checks/microsoft.rb
+- lib/checks/nagios.rb
+- lib/checks/oracle.rb
+- lib/checks/palo_alto.rb
+- lib/checks/pardot.rb
+- lib/checks/pfsense.rb
+- lib/checks/phpmyadmin.rb
+- lib/checks/rabbitmq.rb
+- lib/checks/spring.rb
+- lib/checks/team_city.rb
+- lib/checks/telerik.rb
+- lib/checks/tomcat.rb
+- lib/checks/varnish.rb
+- lib/checks/wordpress.rb
+- lib/checks/wp_engine.rb
+homepage: https://intrigue.io
+licenses:
+- BSD
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Fingerprinter for Intrigue Data
+test_files: []