intrigue-ident 0.4 → 0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '019bb3aae9b2b3e4edf6504fa032be9c4b9bf1d36c22f2d018203deedaf6351d'
-  data.tar.gz: 94fcf3306b1aa688a9eecf645e67e69fe8ab92f9cfaa892e31c69d113be2117c
+  metadata.gz: cb036d72abc406c70fc7ef521088a456a4e5e6701d472838ac9f8e57bc3c03fa
+  data.tar.gz: e3e46d709da07cbf195e7d6d82bdaa93accb2a371cd79447d47d9708ddbe8dac
 SHA512:
-  metadata.gz: 58c37de0c43313a8c1fe1be664f3bdebf1ab6fc6fdfb3d160a3c650f2e5990fbad79f23c37e5d9a6d7d612b87f6b33c561781800601aa10e2e4827aca653ca2c
-  data.tar.gz: ef636c06cc499e620ba8eb1f2bfe562c05d9dcc68924e035ca229c370723f47f24dc1e7bddec861775308a7b84983e5fe55b02f3e044c219dc9bc45b162b8cad
+  metadata.gz: ad2f1dd6c6816a809a10e32b3b14f0b5d7fab22516d499ed59268366f0cb6e515378d39d9cdba762e76e742228e81d41703757bef0782f1bd47421e206c388a8
+  data.tar.gz: f18be5771baacf1b3af2aaace6052c1f13d141448364213466a151f3205e889720518ee232988f641141e2f350c1006e1bf637b6dd7db2cbf32a0637b679d951

data/Gemfile

@@ -2,4 +2,3 @@ source 'https://rubygems.org'
 ruby '2.5.1'
 
 gem "rspec"
-gem "pry"

data/Gemfile.lock

@@ -1,12 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    coderay (1.1.2)
     diff-lcs (1.3)
-    method_source (0.9.0)
-    pry (0.11.3)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -25,7 +20,6 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  pry
   rspec
 
 RUBY VERSION

data/intrigue-ident.gemspec

@@ -1,5 +1,5 @@
 # coding: utf-8
-require_relative 'ident'
+require_relative 'lib/intrigue-ident'
 
 Gem::Specification.new do |spec|
   spec.name          = "intrigue-ident"
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib","ident.rb"]
+  spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 1.11"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/checks/acquia.rb

@@ -0,0 +1,26 @@
+module Intrigue
+module Ident
+module Check
+class Acquia < Intrigue::Ident::Check::Base
+
+  def generate_checks(url)
+    [
+      {
+        :type => "service",
+        :vendor => "Acquia",
+        :product => "Acquia",
+        :references => ["https://docs.acquia.com/acquia-cloud/performance/varnish/headers/"],
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content => /X-AH-Environment:/i,
+        :match_details => "Header contains Acquia environment that provides the page response (usually prod, but could also be dev or stage)",
+        :hide => false,
+        :examples => ["http://netgear.gcs-web.com:80"],
+        :paths => ["#{url}"]
+      }
+    ]
+  end
+end
+end
+end
+end

data/lib/checks/adobe.rb

@@ -0,0 +1,38 @@
+module Intrigue
+module Ident
+module Check
+class Adobe < Intrigue::Ident::Check::Base
+
+  def generate_checks(url)
+    [
+      {
+        :type => "application",
+        :vendor => "Adobe",
+        :product => "Coldfusion",
+        :version => nil,
+        :match_type => :content_cookies,
+        :match_content => /CFTOKEN=/,
+        :match_details => "Adobe Coldfusion Cookie Match",
+        :hide => false,
+        :examples => ["https://209.235.70.106:443"],
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Adobe",
+        :product => "Experience Manager",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content => /AEM/,
+        :match_details => "Adobe Experience Manager",
+        :hide => false,
+        :examples => ["https://www.ford.com/content/dam/login/core/content/login"],
+        :paths => ["#{url}/libs/granite/core/content/login.html"]
+      }
+
+    ]
+  end
+end
+end
+end
+end

data/lib/checks/akamai.rb

@@ -6,11 +6,13 @@ class Akamai < Intrigue::Ident::Check::Base
   def generate_checks(url)
     [
       {
-        :name => "Akamai",
-        :description => "Akamai Missing Uri",
+        :type => "application",
+        :vendor => "Akamai",
+        :product => "CDN",
         :version => nil,
-        :type => :content_body,
-        :content => /The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>/,
+        :match_type => :content_body,
+        :match_content =>  /The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>/,
+        :match_details =>"Akamai Missing Uri",
         :hide => true,
         :paths => ["#{url}"]
       }

data/lib/checks/amazon.rb

@@ -3,20 +3,66 @@ module Ident
 module Check
 class Amazon < Intrigue::Ident::Check::Base
 
-  def generate_checks(uri)
+  def generate_checks(url)
     [
       {
-        :name => "Amazon ELB",
-        :description => "Amazon Elastic Load Balancer",
+        :type => "service",
+        :vendor => "Amazon",
+        :product =>"Cloudfront",
+        :match_details =>"cloudfront cache header",
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /via:.*.cloudfront.net \(CloudFront\)/,
+        :hide => false,
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "service",
+        :vendor => "Amazon",
+        :product =>"Cloudfront",
+        :match_details =>"Cloudfront - no configured hostname error condition",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content =>  /ERROR: The request could not be satisfied/,
+        :hide => true,
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "service",
+        :vendor => "Amazon",
+        :product =>"Cloudfront",
+        :match_details =>"Cloudfront - no configured hostname error condition",
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /Error from cloudfront/,
+        :hide => true,
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "service",
+        :vendor => "Amazon",
+        :product =>"Cloudfront",
+        :match_details =>"Cloudfront - 403 error condition",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content =>  /<h1>403 Forbidden<\/h1><\/center>\n<hr><center>cloudflare/,
+        :hide => true,
+        :paths => ["#{url}"]
+      },
+      {
+        :tags => ["error_page","hosting_provider"],
+        :type => "service",
         :url => "https://aws.amazon.com/elasticloadbalancing/",
+        :vendor => "Amazon",
+        :product => "Elastic Load Balancer",
         :version => nil,
-        :tags => ["error_page"],
-        :type => :content_headers,
-        :content => /awselb\/\d.\d/,
+        :match_type => :content_headers,
+        :match_content =>  /awselb\/\d.\d/,
+        :match_details =>"Amazon Elastic Load Balancer",
         :hide => true,
-        :dynamic_version => lambda { |x| x[:headers].match(/awselb\/(\d.\d)/).captures[0] },
+        :dynamic_version => lambda { |x| x["details"]["headers"].join("\n").match(/awselb\/(\d.\d)/).captures[0] },
         :verify_sites => ["http://52.4.103.22:80"],
-        :paths => ["#{uri}"]
+        :paths => ["#{url}"]
       }
     ]
   end

data/lib/checks/apache.rb

@@ -0,0 +1,113 @@
+module Intrigue
+module Ident
+module Check
+class Apache < Intrigue::Ident::Check::Base
+
+  def generate_checks(url)
+    [
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product =>"Ambari",
+        :match_details =>"page title",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content =>  /<title>Ambari<\/title>/i,
+        :examples => ["http://12.42.205.114:8080"],
+        :verify => "aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTIuNDIuMjA1LjExNDo4MDgw",
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product =>"Apache",
+        :match_details =>"Apache web server - server header - with versions",
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /server:\ Apache[\s|\/]+[0-9]+/i,
+        :dynamic_version => lambda { |x|
+          _first_header_capture(x,/[s|S]erver:\s?Apache[\s|\/](.*)$/,["Apache","/","(Ubuntu)"])
+        },
+        :examples => [
+          "http://124.6.226.249:8081"
+        ],
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product =>"Apache",
+        :match_details =>"Apache web server - server header - no version",
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /server:\ Apache$/i,
+        :examples => [
+          "http://207.87.195.160:80"
+        ],
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product =>"Coyote",
+        :match_details =>"Apache coyote application server - server header",
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /server:\ Apache-Coyote/i,
+        :dynamic_version => lambda { |x|
+          _first_header_capture(x,/server: Apache-Coyote\/(.*)/i)
+        },
+        :examples => [ "http://15.224.214.203:80" ],
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product =>"Sling",
+        :references => ["https://sling.apache.org/"],
+        :match_details =>"Apache Sling™ is a framework for RESTful web-applications based on an extensible content tree. also note that this may be related to apache experience manager",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content =>  /<address>Apache Sling<\/address>/i,
+        :examples => [
+          "https://assets.microncpg.com/"
+        ],
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product => "Tomcat",
+        :match_details =>"Tomcat Application Server",
+        :match_type => :content_body,
+        :version => 6,
+        :match_content =>  /<title>Tomcat 6 Welcome Page/,
+        :examples => [
+          "https://15.139.248.81:443"
+        ],
+        :paths => ["#{url}"]
+      },
+
+      {
+        :type => "application",
+        :vendor => "Apache",
+        :product => "Tomcat",
+        :match_details =>"Tomcat Application Server",
+        :match_type => :content_body,
+        :version => nil,
+        :match_content =>  /<title>Apache Tomcat/,
+        :dynamic_version => lambda{ |x|
+          _first_body_capture(x, /<title>(.*)<\/title>/,["Apache Tomcat/"," - Error report"])
+        },
+        :examples => [
+          "http://15.216.136.207:80",
+          "http://15.224.214.203:80"
+        ],
+        :paths => ["#{url}"]
+      }
+    ]
+  end
+end
+end
+end
+end

data/lib/checks/aruba.rb

@@ -6,10 +6,13 @@ class Aruba < Intrigue::Ident::Check::Base
   def generate_checks(url)
     [
       {
-        :description => "Aruba Wireless Controller",
+        :type => "application",
+        :vendor => "Aruba",
+        :product => "Wireless Controller",
         :version => nil,
-        :type => :content_body,
-        :content => /arubalp=/,
+        :match_type => :content_body,
+        :match_content =>  /arubalp=/,
+        :match_details =>"Matches an aruba link, generic identifier",
         :paths => ["#{url}"]
       }
     ]

data/lib/checks/atlassian.rb

@@ -3,49 +3,67 @@ module Ident
 module Check
 class Atlassian < Intrigue::Ident::Check::Base
 
-  def generate_checks(uri)
+  def generate_checks(url)
     [
       {
-        :name => "Atlassian BitBucket",
-        :description => "Atlassian BitBucket",
+        :type => "application",
+        :vendor => "Atlassian",
+        :product =>"BitBucket",
+        :match_details =>"Atlassian BitBucket",
         :version => nil,
-        :type => :content_body,
-        :content => /com.atlassian.bitbucket.server/i,
-        :paths => ["#{uri}"]
+        :match_type => :content_body,
+        :match_content =>  /com.atlassian.bitbucket.server/i,
+        :paths => ["#{url}"]
       },
       {
-        :name => "Atlassian Confluence",
-        :description => "Atlassian Confluence",
+        :type => "application",
+        :vendor => "Atlassian",
+        :product =>"Confluence",
+        :match_details =>"Atlassian Confluence",
         :version => nil,
-        :type => :content_headers,
-        :content => /X-Confluence-Request-Time/i,
-        :paths => ["#{uri}"]
+        :match_type => :content_headers,
+        :match_content =>  /X-Confluence-Request-Time/i,
+        :paths => ["#{url}"]
       },
       {
-        :name => "Atlassian Crucible",
-        :description => "Atlassian Crucible",
+        :type => "application",
+        :vendor => "Atlassian",
+        :product =>"Crucible",
+        :match_details =>"Atlassian Crucible",
         :version => nil,
-        :type => :content_body,
-        :content => /FishEye and Crucible/,
-        :dynamic_version => lambda{|x|
-          if x.body.scan(/Log in to FishEye and Crucible (.*)\</)[0]
-            x.body.scan(/Log in to FishEye and Crucible (.*)\</)[0].first
-          end
+        :match_type => :content_body,
+        :match_content =>  /FishEye and Crucible/,
+        :dynamic_version => lambda{ |x|
+          _first_body_capture(x, /Log in to FishEye and Crucible (.*)\</)
         },
-        :paths => ["#{uri}"]
+        :paths => ["#{url}"]
+      },
+      {
+        :type => "application",
+        :vendor => "Atlassian",
+        :product =>"Hipchat",
+        :match_details =>"Atlassian Hipchat",
+        :version => nil,
+        :match_type => :content_body,
+        :match_content =>  /\$\(document\).trigger\('hipchat.load'\);/,
+        :examples => ["https://api.appfire.com:443"],
+        :paths => ["#{url}"]
       },
       {
-        :name => "Atlassian Jira",
-        :description => "Atlassian Jira",
+        :type => "application",
+        :vendor => "Atlassian",
+        :product =>"Jira",
+        :match_details =>"Atlassian Jira",
         :version => nil,
-        :type => :content_cookies,
-        :content => /atlassian.xsrf.token/i,
+        :match_type => :content_cookies,
+        :match_content =>  /atlassian.xsrf.token=/i,
         :dynamic_version => lambda{ |x|
-          if x.body.scan(/<span id="footer-build-information">(.*)-<span/)[0]
-            x.body.scan(/<span id="footer-build-information">(.*)-<span/)[0].first.gsub("(","")
-          end
+            _first_body_capture(x,/<meta name="ajs-version-number" content="(.*)">/)
         },
-        :paths => ["#{uri}"]
+        :examples => [
+          "http://jira.understood.org/",
+          "http://jira.londonandpartners.com:80"],
+        :paths => ["#{url}"]
       }
     ]
   end