intrigue-ident 0.4 → 0.6

data/lib/checks/gitlab.rb

@@ -3,15 +3,21 @@ module Ident
 module Check
     class Gitlab < Intrigue::Ident::Check::Base
 
-      def generate_checks(uri)
+      def generate_checks(url)
         [
           {
-            :name => "Gitlab",
-            :description => "Gitlab",
+            :type => "application",
+            :vendor => "Gitlab",
+            :product => "Gitlab",
+            :match_details => "Gitlab",
             :version => nil,
-            :type => :content_cookies,
-            :content => /_gitlab_session/i,
-            :paths => ["#{uri}"]
+            :match_type => :content_cookies,
+            :match_content =>  /_gitlab_session/i,
+            :dynamic_version => lambda{ |x|
+                _first_body_capture(x,/window.gon={};gon.api_version=\"v([0-9\.])\"/i)
+            },
+            :examples => [ ],
+            :paths => ["#{url}"]
           }
         ]
       end

data/lib/checks/google.rb

@@ -3,16 +3,29 @@ module Ident
 module Check
     class Google < Intrigue::Ident::Check::Base
 
-      def generate_checks(uri)
+      def generate_checks(url)
         [
           {
-            :name => "Google",
-            :description => "Google Missing Page",
-            :type => :content_body,
+            :type => "service",
+            :vendor => "Google",
+            :product => "Hosted",
+            :match_details => "Google Missing Page",
+            :match_type => :content_body,
             :version => "",
-            :content => /The requested URL <code>\/<\/code> was not found on this server\./,
+            :match_content =>  /The requested URL <code>\/<\/code> was not found on this server\./,
             :hide => true,
-            :paths => ["#{uri}"]
+            :paths => ["#{url}"]
+          },
+          {
+            :type => "application",
+            :vendor => "Google",
+            :product =>"Search Appliance",
+            :match_details =>"server header reports google search appliance",
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /server: Google Search Appliance/i,
+            :paths => ["#{url}"],
+            :examples => ["http://161.107.1.43:80"]
           }
         ]
       end

data/lib/checks/grafana.rb

@@ -3,15 +3,17 @@ module Ident
 module Check
     class Grafana < Intrigue::Ident::Check::Base
 
-      def generate_checks(uri)
+      def generate_checks(url)
         [
           {
-            :name => "Grafana",
-            :description => "Grafana",
+            :type => "application",
+            :vendor => "Grafana",
+            :product =>"Grafana",
+            :match_details =>"Grafana",
             :version => nil,
-            :type => :content_cookies,
-            :content => /grafana_sess/i,
-            :paths => ["#{uri}"]
+            :match_type => :content_cookies,
+            :match_content =>  /grafana_sess/i,
+            :paths => ["#{url}"]
           }
         ]
       end

data/lib/checks/groovy.rb

@@ -0,0 +1,24 @@
+module Intrigue
+module Ident
+module Check
+    class Groovy < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "application",
+            :vendor => "Groovy",
+            :product =>"Groovy",
+            :match_details =>"Groovy error page",
+            :match_type => :content_body,
+            :version => nil,
+            :match_content =>  /Error processing GroovyPageView:/i,
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/heroku.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+    class Heroku < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "service",
+            :vendor => "Heroku",
+            :product =>"Heroku",
+            :match_details =>"Heroku",
+            :tags => ["hosting_provider"],
+            :version => nil,
+            :match_type => :content_body,
+            :match_content =>  /herokucdn.com\/error-pages\/no-such-app.html/,
+            :hide => true,
+            :examples => ["http://54.209.64.71:80"],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/hp.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+    class Hp < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "application",
+            :vendor => "HP",
+            :product =>"Printer",
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /server: HP-ChaiSOE\/1.0/i,
+            :match_details =>"Generic HP Printer match",
+            :examples => ["http://69.162.52.20:80"],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/ibm.rb

@@ -0,0 +1,77 @@
+module Intrigue
+module Ident
+module Check
+  class Ibm < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "application",
+          :vendor => "IBM",
+          :product =>"Axway SecureTranspor",
+          :references => ["https://www-356.ibm.com/partnerworld/gsd/solutiondetails.do?&solution=47052"],
+          :version => nil,
+          :dynamic_version => lambda {|x| _first_header_capture(x,/SecureTransport (.*) (build:.*)/)},
+          :match_type => :content_headers,
+          :match_content =>  /server: SecureTransport/i,
+          :match_details =>"server header - build is avail too",
+          :examples => ["https://dhebpcb01.boulder.ibm.com:443"],
+          :verify => ["xaWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovL2RoZWJwY2IwMS5ib3VsZGVyLmlibS5jb206NDQz"],
+          :paths => ["#{url}"]
+        },
+        {
+          :type => "application",
+          :vendor => "IBM",
+          :product =>"Datapower",
+          :references => ["https://www.ibm.com/developerworks/community/blogs/HermannSW/entry/datapower_x_backside_transport_transfer_encoding_and_connection_header_fields9?lang=en"],
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /X-Backside-Transport:/i,
+          :match_details =>"header thrown by ibm datapower (on error?)",
+          :examples => ["https://css-ewebsvcs.freddiemac.com:443"],
+          :paths => ["#{url}"]
+        },
+        {
+          :type => "application",
+          :vendor => "IBM",
+          :product =>"IBM Security Access Manager for Web",
+          :references => ["https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/wrp_config/concept/con_sam_intro.html"],
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /www-authenticate: Basic realm=\"IBM Security Access Manager for Web\"/i,
+          :match_details =>"IBM security access manager login prompt",
+          :examples => ["https://161.107.22.69:443"],
+          :paths => ["#{url}"]
+        },
+        {
+          :type => "application",
+          :vendor => "IBM",
+          :product =>"Tivoli Access Manager for e-business",
+          :references => ["https://www.ibm.com/support/knowledgecenter/en/SSPREK_6.1.0/com.ibm.itame.doc_6.1/am61_qsg_en.htm"],
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /<title>Access Manager for e-Business Login/i,
+          :match_details =>"Generic Ibm tivoli copyright",
+          :examples => ["https://161.107.1.22:443"],
+          :paths => ["#{url}"]
+        },
+        {
+          :type => "application",
+          :vendor => "IBM",
+          :product =>"WebSEAL",
+          :references => ["https://www.ibm.com/support/knowledgecenter/en/SSPREK_8.0.1.2/com.ibm.isamw.doc_8.0.1.2/wrp_config/task/tsk_submt_form_data_ws.html"],
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /<form method=\"POST\" action=\"\/pkmslogin.form\">/i,
+          :match_details =>"form action to submit to webseal (on ourselves)",
+          :examples => ["https://pseuat.fmrei.com:443"],
+          :paths => ["#{url}"]
+        }
+
+      ]
+    end
+
+  end
+end
+end
+end

data/lib/checks/ivanti.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+  class Ivanti < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "application",
+          :vendor => "Ivanti",
+          :tags => [],
+          :product =>"LANDESK Appliance",
+          :match_details =>"matched title",
+          :match_type => :content_body,
+          :version => nil,
+          :references => ["https://community.ivanti.com/community/all-products/systems/cloudservices"],
+          :match_content =>  /<title>LANDESK\(R\) Cloud Services Appliance/i,
+          :examples => ["https://techcentral.hormel.com/"],
+          :verify => ["aG9ybWVsZm9vZHMjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vdGVjaGNlbnRyYWwuaG9ybWVsLmNvbTo0NDM="],
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+  end
+end
+end
+end

data/lib/checks/jamf.rb

@@ -0,0 +1,26 @@
+module Intrigue
+module Ident
+module Check
+  class Jamf < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "application",
+          :vendor => "Jamf",
+          :tags => [],
+          :product =>"Pro",
+          :match_details =>"jamf pro login page",
+          :match_type => :content_body,
+          :version => nil,
+          :dynamic_version => lambda { |x| _first_body_capture(x,/<title>Jamf Pro Login - Jamf Pro v(.*)</) },
+          :match_content =>  /<title>Jamf Pro Login - Jamf Pro v/i,
+          :examples => ["https://98.99.248.54:8443"],
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+  end
+end
+end
+end

data/lib/checks/jekyll.rb

@@ -0,0 +1,28 @@
+module Intrigue
+module Ident
+module Check
+    class Jekyll < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "service",
+            :vendor =>"Jekyll",
+            :product =>"Jekyll",
+            :match_details =>"server header for Jekyll",
+            :references => ["https://jekyllrb.com/"],
+            :match_type => :content_body,
+            :match_content =>  /<meta name="generator" content="Jekyll v3.7.3"/i,
+            :dynamic_version => lambda { |x|
+              _first_body_capture(x,/<meta name="generator" content="Jekyll v(.*)"/i)
+            },
+            :examples => ["http://github.io:80"],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/jenkins.rb

@@ -3,33 +3,39 @@ module Ident
 module Check
     class Jenkins < Intrigue::Ident::Check::Base
 
-      def generate_checks(uri)
+      def generate_checks(url)
         [
           { # might need to be its own, but haven't seen it yet outside jenkins
-            :name => "Hudson",
-            :description => "Hudson",
+            :type => "application",
+            :vendor => "Jenkins",
+            :product => "Hudson",
+            :match_details => "Hudson",
             :version => nil,
-            :type => :content_headers,
-            :content => /x-hudson/i,
-            :dynamic_version => lambda { |x| x["x-hudson"] },
-            :paths => ["#{uri}"]
+            :match_type => :content_headers,
+            :match_content =>  /x-hudson/i,
+            :dynamic_version => lambda { |x| _first_header_capture(x, /^x-hudson:(.*)$/) },
+            :paths => ["#{url}"]
           },
           {
-            :name => "Jenkins",
-            :description => "Jenkins",
+            :type => "application",
+            :vendor => "Jenkins",
+            :product =>"Jenkins",
+            :match_details =>"Jenkins",
             :version => nil,
-            :type => :content_headers,
-            :content => /X-Jenkins-Session/i,
-            :paths => ["#{uri}"]
+            :match_type => :content_headers,
+            :match_content =>  /X-Jenkins-Session/i,
+            :paths => ["#{url}"]
           },
           {
-            :name => "Jenkins",
-            :description => "Jenkins",
+            :type => "application",
+            :vendor => "Jenkins",
+            :product =>"Jenkins",
+            :match_details =>"Jenkins",
             :version => nil,
-            :type => :content_headers,
-            :content => /x-jenkins/i,
-            :dynamic_version => lambda { |x| x["x-jenkins"] },
-            :paths => ["#{uri}"]
+            :match_type => :content_headers,
+            :match_content =>  /x-jenkins/i,
+            :dynamic_version => lambda { |x| _first_header_capture(x, /^x-jenkins:(.*)$/) },
+            :paths => ["#{url}"]
           }
         ]
       end

data/lib/checks/jive.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+  class Jive < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "service",
+          :vendor => "Jive",
+          :tags => [],
+          :product =>"Platform",
+          :match_details =>"jive login page",
+          :match_type => :content_cookies,
+          :version => nil,
+          :match_content =>  /jive.login.ts=/i,
+          :examples => ["https://www.gsd.ouroath.com:443"],
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+  end
+end
+end
+end

data/lib/checks/jobvite.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+    class Jobvite < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "service",
+            :vendor =>"Jobvite",
+            :product =>"Jobvite",
+            :match_details =>"jobvite cookie - unconfirmed!!!!",
+            :version => nil,
+            :match_type => :content_cookies,
+            :match_content =>  /ADRUM_BTa/i,
+            :examples => ["http://202.1.239.165:80"],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end