intrigue-ident 0.4 → 0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (103) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +0 -1
  3. data/Gemfile.lock +0 -6
  4. data/data/logos/apache.png +0 -0
  5. data/data/logos/generic.png +0 -0
  6. data/data/logos/oracle_java.png +0 -0
  7. data/data/logos/php.png +0 -0
  8. data/data/logos/varnish.png +0 -0
  9. data/intrigue-ident.gemspec +2 -2
  10. data/lib/checks/acquia.rb +26 -0
  11. data/lib/checks/adobe.rb +38 -0
  12. data/lib/checks/akamai.rb +6 -4
  13. data/lib/checks/amazon.rb +54 -8
  14. data/lib/checks/apache.rb +113 -0
  15. data/lib/checks/aruba.rb +6 -3
  16. data/lib/checks/atlassian.rb +46 -28
  17. data/lib/checks/automattic.rb +189 -0
  18. data/lib/checks/axis.rb +24 -0
  19. data/lib/checks/banu.rb +28 -0
  20. data/lib/checks/base.rb +58 -0
  21. data/lib/checks/checkpoint.rb +55 -0
  22. data/lib/checks/chef.rb +16 -12
  23. data/lib/checks/cisco.rb +85 -12
  24. data/lib/checks/citrix.rb +81 -6
  25. data/lib/checks/cloudflare.rb +40 -30
  26. data/lib/checks/cpanel.rb +8 -6
  27. data/lib/checks/craft.rb +25 -0
  28. data/lib/checks/django.rb +8 -6
  29. data/lib/checks/docuwiki.rb +25 -0
  30. data/lib/checks/drupal.rb +25 -8
  31. data/lib/checks/f5.rb +35 -7
  32. data/lib/checks/fastly.rb +22 -7
  33. data/lib/checks/generic.rb +34 -6
  34. data/lib/checks/gitlab.rb +12 -6
  35. data/lib/checks/google.rb +19 -6
  36. data/lib/checks/grafana.rb +8 -6
  37. data/lib/checks/groovy.rb +24 -0
  38. data/lib/checks/heroku.rb +27 -0
  39. data/lib/checks/hp.rb +25 -0
  40. data/lib/checks/ibm.rb +77 -0
  41. data/lib/checks/ivanti.rb +27 -0
  42. data/lib/checks/jamf.rb +26 -0
  43. data/lib/checks/jekyll.rb +28 -0
  44. data/lib/checks/jenkins.rb +24 -18
  45. data/lib/checks/jive.rb +25 -0
  46. data/lib/checks/jobvite.rb +25 -0
  47. data/lib/checks/joomla.rb +9 -6
  48. data/lib/checks/jupyter.rb +26 -0
  49. data/lib/checks/lighttpd.rb +28 -0
  50. data/lib/checks/limesuvey.rb +8 -6
  51. data/lib/checks/lithium.rb +15 -11
  52. data/lib/checks/lotus.rb +27 -0
  53. data/lib/checks/magento.rb +8 -6
  54. data/lib/checks/mailchimp.rb +25 -0
  55. data/lib/checks/mcafee.rb +8 -6
  56. data/lib/checks/mediawiki.rb +31 -32
  57. data/lib/checks/microsoft.rb +240 -34
  58. data/lib/checks/microtik.rb +27 -0
  59. data/lib/checks/nagios.rb +8 -6
  60. data/lib/checks/new_relic.rb +25 -0
  61. data/lib/checks/nginx.rb +40 -0
  62. data/lib/checks/okta.rb +25 -0
  63. data/lib/checks/ookla.rb +27 -0
  64. data/lib/checks/openresty.rb +25 -0
  65. data/lib/checks/oracle.rb +208 -17
  66. data/lib/checks/palo_alto.rb +6 -4
  67. data/lib/checks/pantheon.rb +26 -0
  68. data/lib/checks/pardot.rb +8 -6
  69. data/lib/checks/perfectsense.rb +27 -0
  70. data/lib/checks/pfsense.rb +8 -9
  71. data/lib/checks/php.rb +41 -0
  72. data/lib/checks/phpmyadmin.rb +8 -6
  73. data/lib/checks/ping_identity.rb +27 -0
  74. data/lib/checks/pivotal.rb +24 -0
  75. data/lib/checks/plesk.rb +41 -0
  76. data/lib/checks/pulse_secure.rb +27 -0
  77. data/lib/checks/rabbitmq.rb +15 -11
  78. data/lib/checks/restlet.rb +28 -0
  79. data/lib/checks/ruckus_wireless.rb +24 -0
  80. data/lib/checks/sailpoint.rb +27 -0
  81. data/lib/checks/sap.rb +43 -0
  82. data/lib/checks/tableau.rb +26 -0
  83. data/lib/checks/team_city.rb +8 -6
  84. data/lib/checks/telerik.rb +23 -8
  85. data/lib/checks/varnish.rb +8 -11
  86. data/lib/checks/vmware.rb +38 -0
  87. data/lib/checks/webmin.rb +41 -0
  88. data/lib/checks/wp_engine.rb +10 -6
  89. data/lib/checks/yaws.rb +29 -0
  90. data/lib/checks/zeit.rb +28 -0
  91. data/lib/checks/zendesk.rb +39 -0
  92. data/lib/checks/zimbra.rb +24 -0
  93. data/lib/checks/zscaler.rb +28 -0
  94. data/{ident.rb → lib/intrigue-ident.rb} +66 -32
  95. data/lib/traverse_exceptions.rb +196 -0
  96. data/util/check.rb +20 -0
  97. data/util/list.rb +9 -0
  98. metadata +58 -9
  99. data/lib/checks/asp_net.rb +0 -70
  100. data/lib/checks/cloudfront.rb +0 -41
  101. data/lib/checks/spring.rb +0 -31
  102. data/lib/checks/tomcat.rb +0 -22
  103. data/lib/checks/wordpress.rb +0 -120
data/lib/checks/joomla.rb CHANGED
@@ -3,16 +3,19 @@ module Ident
3
3
  module Check
4
4
  class Joomla < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "Joomla!",
10
- :description => "Known Joomla Admin Page",
11
- :type => :content_body,
9
+ :type => "application",
10
+ :vendor => "Joomla!",
11
+ :tags => ["CMS"],
12
+ :product =>"Joomla!",
13
+ :match_details =>"Known Joomla Admin Page",
14
+ :match_type => :content_body,
12
15
  :version => nil,
13
- :content => /files_joomla/i,
16
+ :match_content => /files_joomla/i,
14
17
  :references => ["https://twitter.com/GreyNoiseIO/status/987547246538391552"],
15
- :paths => ["#{uri}/administrator/manifests/files/joomla.xml"]
18
+ :paths => ["#{url}/administrator/manifests/files/joomla.xml"]
16
19
  }
17
20
  ]
18
21
  end
data/lib/checks/jupyter.rb ADDED
@@ -0,0 +1,26 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Jupyter < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Jupyter",
11
+ :tags => [],
12
+ :product =>"Notebook",
13
+ :match_details =>"matched jupyterhub header",
14
+ :match_type => :content_headers,
15
+ :version => nil,
16
+ :dynamic_version => lambda { |x| _first_header_capture(x,/^x-jupyterhub-version: (.*)$/) },
17
+ :match_content => /x-jupyterhub-version:/i,
18
+ :examples => ["https://18.18.154.11:443"],
19
+ :paths => ["#{url}"]
20
+ }
21
+ ]
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
data/lib/checks/lighttpd.rb ADDED
@@ -0,0 +1,28 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Lighttpd < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Lighttpd",
11
+ :tags => [],
12
+ :product =>"Lighttpd",
13
+ :match_details =>"server header",
14
+ :version => nil,
15
+ :match_type => :content_headers,
16
+ :match_content => /server: lighttpd/i,
17
+ :dynamic_version => lambda { |x|
18
+ _first_header_capture(x,/server: lighttpd\/(.*)/i,)
19
+ },
20
+ :examples => ["http://98.99.246.234:80"],
21
+ :paths => ["#{url}"]
22
+ }
23
+ ]
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
data/lib/checks/limesuvey.rb CHANGED
@@ -3,15 +3,17 @@ module Ident
3
3
  module Check
4
4
  class LimeSurvey < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "LimeSurvey",
10
- :description => "LimeSurvey",
11
- :type => :content_body,
9
+ :type => "application",
10
+ :vendor =>"LimeSurvey",
11
+ :product =>"LimeSurvey",
12
+ :match_details =>"LimeSurvey",
13
+ :match_type => :content_body,
12
14
  :version => nil,
13
- :content => /Donate to LimeSurvey/,
14
- :paths => ["#{uri}"]
15
+ :match_content => /Donate to LimeSurvey/,
16
+ :paths => ["#{url}"]
15
17
  }
16
18
  ]
17
19
  end
data/lib/checks/lithium.rb CHANGED
@@ -3,23 +3,27 @@ module Ident
3
3
  module Check
4
4
  class Lithium < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "Lithum ",
10
- :description => "Lithium Community Management",
11
- :type => :content_cookies,
9
+ :type => "application",
10
+ :vendor => "Lithium",
11
+ :product =>"Lithium",
12
+ :match_details =>"Lithium Community Management",
13
+ :match_type => :content_cookies,
12
14
  :version => nil,
13
- :content => /LithiumVisitor/i,
14
- :paths => ["#{uri}"]
15
+ :match_content => /LithiumVisitor/i,
16
+ :paths => ["#{url}"]
15
17
  },
16
18
  {
17
- :name => "Lithum",
18
- :description => "Lithium Community Management",
19
- :type => :content_cookies,
19
+ :type => "application",
20
+ :vendor => "Lithium",
21
+ :product =>"Lithium",
22
+ :match_details =>"Lithium Community Management",
23
+ :match_type => :content_cookies,
20
24
  :version => nil,
21
- :content => /LiSESSIONID/i,
22
- :paths => ["#{uri}"]
25
+ :match_content => /LiSESSIONID/i,
26
+ :paths => ["#{url}"]
23
27
  }
24
28
  ]
25
29
  end
data/lib/checks/lotus.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Lotus < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Lotus",
11
+ :product =>"Domino",
12
+ :match_details =>"Lotus Domino",
13
+ :match_type => :content_headers,
14
+ :version => nil,
15
+ :match_content => /server: Lotus-Domino/i,
16
+ :examples => [
17
+ "https://12.237.144.251:443"
18
+ ],
19
+ :paths => ["#{url}"]
20
+ }
21
+ ]
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/checks/magento.rb CHANGED
@@ -3,15 +3,17 @@ module Ident
3
3
  module Check
4
4
  class Magento < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "Magento",
10
- :description => "Magento",
11
- :type => :content_body,
9
+ :type => "application",
10
+ :vendor => "Magento",
11
+ :product =>"Magento",
12
+ :match_details =>"Magento",
13
+ :match_type => :content_body,
12
14
  :version => nil,
13
- :content => /Mage.Cookies.path/i,
14
- :paths => ["#{uri}"]
15
+ :match_content => /Mage.Cookies.path/i,
16
+ :paths => ["#{url}"]
15
17
  }
16
18
  ]
17
19
  end
data/lib/checks/mailchimp.rb ADDED
@@ -0,0 +1,25 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Mailchimp < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Mailchimp",
11
+ :product =>"Mandrill",
12
+ :match_details =>"login page",
13
+ :match_type => :content_body,
14
+ :version => nil,
15
+ :match_content => /<title>Log in to Mandrill/i,
16
+ :paths => ["#{url}"],
17
+ :examples => ["http://107.20.49.246:80"]
18
+ }
19
+ ]
20
+ end
21
+
22
+ end
23
+ end
24
+ end
25
+ end
data/lib/checks/mcafee.rb CHANGED
@@ -3,15 +3,17 @@ module Ident
3
3
  module Check
4
4
  class Mcafee < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "McAfee EPolicy Orchestrator",
10
- :description => "McAfee EPolicy Orchestrator",
11
- :type => :content_body,
9
+ :type => "application",
10
+ :vendor => "McAfee",
11
+ :product =>"EPolicy Orchestrator",
12
+ :match_details =>"McAfee EPolicy Orchestrator",
13
+ :match_type => :content_body,
12
14
  :version => nil,
13
- :content => /McAfee Agent Activity Log/i,
14
- :paths => ["#{uri}"]
15
+ :match_content => /McAfee Agent Activity Log/i,
16
+ :paths => ["#{url}"]
15
17
  }
16
18
  ]
17
19
  end
data/lib/checks/mediawiki.rb CHANGED
@@ -1,38 +1,37 @@
1
1
  module Intrigue
2
2
  module Ident
3
3
  module Check
4
- class MediaWiki < Intrigue::Ident::Check::Base
5
-
6
- def generate_checks(uri)
7
- [
8
- {
9
- :name => "MediaWiki",
10
- :description => "MediaWiki",
11
- :type => :content_body,
12
- :version => nil,
13
- :content => /<a href="\/\/www.mediawiki.org\/">Powered by MediaWiki<\/a>/,
14
- :paths => ["#{uri}"]
15
- }
16
- ]
17
- end
4
+ class MediaWiki < Intrigue::Ident::Check::Base
18
5
 
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"MediaWiki",
11
+ :product =>"MediaWiki",
12
+ :match_details =>"powered by tag",
13
+ :match_type => :content_body,
14
+ :version => nil,
15
+ :match_content => /<a href="\/\/www.mediawiki.org\/">Powered by MediaWiki<\/a>/,
16
+ :paths => ["#{url}"]
17
+ },
18
+ {
19
+ :type => "application",
20
+ :vendor =>"MediaWiki",
21
+ :product =>"MediaWiki",
22
+ :match_details =>"generator tag",
23
+ :match_type => :content_body,
24
+ :match_content => /<meta name=\"generator\" content=\"MediaWiki/,
25
+ :version => nil,
26
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<meta name=\"generator\" content=\"MediaWiki\ (.*?)\"\/>/) },
27
+ :examples => ["http://2004.appsecusa.org:80"],
28
+ :verify => ["b3dhc3AjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly8yMDA0LmFwcHNlY3VzYS5vcmc6ODA="],
29
+ :paths => ["#{url}"]
30
+ }
31
+ ]
19
32
  end
20
- end
21
- end
22
- end
23
-
24
33
 
25
- =begin
26
- all_checks = [{
27
- :uri => "#{uri}",
28
- :checklist => [
29
- {
30
- :name => "Yoast Wordpress SEO Plugin", # won't be used if we have
31
- :description => "Yoast Wordpress SEO Plugin",
32
- :type => "content",
33
- :content => /<!-- \/ Yoast WordPress SEO plugin. -->/,
34
- :test_site => "https://ip-50-62-231-56.ip.secureserver.net",
35
- :dynamic_name => lambda{|x| x.scan(/the Yoast WordPress SEO plugin v.* - h/)[0].gsub("the ","").gsub(" - h","") }
36
- }
37
- ]},
38
- =end
34
+ end
35
+ end
36
+ end
37
+ end
data/lib/checks/microsoft.rb CHANGED
@@ -3,63 +3,269 @@ module Ident
3
3
  module Check
4
4
  class Microsoft < Intrigue::Ident::Check::Base
5
5
 
6
- def generate_checks(uri)
6
+ def generate_checks(url)
7
7
  [
8
8
  {
9
- :name => "Microsoft Forefront TMG",
10
- :description => "Microsoft Forefront Threat Management Gateway",
9
+ :type => "application",
10
+ :vendor => "Microsoft",
11
+ :product =>"ASP.NET",
11
12
  :version => nil,
12
- :type => :content_cookies,
13
- :content => /<title>Microsoft Forefront TMG/,
14
- :paths => ["#{uri}"]
13
+ :dynamic_version => lambda{|x| _body(x).scan(/ASP.NET Version:(.*)$/)[0].first.chomp },
14
+ :tags => ["error_page"],
15
+ :match_type => :content_body,
16
+ :match_content => /^.*ASP.NET is configured.*$/i,
17
+ :match_details =>"ASP.Net Error Message",
18
+ :paths => ["#{url}"]
15
19
  },
16
20
  {
17
- :name => "Microsoft IIS 8.0",
18
- :description => "Microsoft IIS 8.0",
21
+ :type => "application",
22
+ :vendor => "Microsoft",
23
+ :product =>"ASP.NET",
19
24
  :version => nil,
20
- :type => :content_body,
21
- :content => /<img src=\"iis-8.png\"/,
22
- :examples => ["http://66.162.2.18:80"],
23
- :paths => ["#{uri}"]
25
+ :dynamic_version => lambda{|x| _body(x).scan(/ASP.NET Version:(.*)$/i)[0].first.chomp if _body(x).scan(/ASP.NET Version:(.*)$/i)[0] },
26
+ :match_type => :content_headers,
27
+ :match_content => /^x-aspnet-version:.*$/i,
28
+ :match_details =>"X-AspNet Header",
29
+ :paths => ["#{url}"]
30
+ },
31
+ {
32
+ :type => "application",
33
+ :vendor => "Microsoft",
34
+ :product =>"ASP.NET",
35
+ :match_details =>"Asp.Net Default Cookie",
36
+ :version => nil,
37
+ :match_type => :content_cookies,
38
+ :match_content => /ASPSESSIONID.*$/i,
39
+ :paths => ["#{url}"]
40
+ },
41
+ {
42
+ :type => "application",
43
+ :vendor => "Microsoft",
44
+ :product =>"ASP.NET",
45
+ :match_details =>"Asp.Net Default Cookie",
46
+ :version => nil,
47
+ :match_type => :content_cookies,
48
+ :match_content => /ASP.NET_SessionId.*$/i,
49
+ :paths => ["#{url}"]
24
50
  },
25
51
  {
26
- :name => "Microsoft IIS 8.5",
27
- :description => "Microsoft IIS 8.5",
52
+ :type => "application",
53
+ :vendor => "Microsoft",
54
+ :product =>"ASP.NET",
55
+ :match_details =>"ASPXAUTH cookie",
28
56
  :version => nil,
29
- :type => :content_body,
30
- :content => /<img src=\"iis-85.png\"/,
57
+ :references => ["https://www.sitefinity.com/developer-network/forums/developing-with-sitefinity-/claims-auth---aspxauth-cookie-remains"],
58
+ :match_type => :content_cookies,
59
+ :match_content => /ASPXAUTH=/i,
60
+ :examples => ["https://marketplace.overdrive.com/Account/Login"],
61
+ :paths => ["#{url}"]
62
+ },
63
+ {
64
+ :type => "application",
65
+ :vendor => "Microsoft",
66
+ :product =>"ASP.NET MVC",
67
+ :match_details =>"Asp.Net MVC Header",
68
+ :version => nil,
69
+ :match_type => :content_headers,
70
+ :match_content => /x-aspnetmvc-version/i,
71
+ :paths => ["#{url}"]
72
+ },
73
+ {
74
+ :type => "application",
75
+ :vendor => "Microsoft",
76
+ :product =>"ASP.NET",
77
+ :match_details =>"WebResource.axd link in the page",
78
+ :version => nil,
79
+ :match_type => :content_body,
80
+ :match_content => /WebResource.axd?d=/i,
81
+ :paths => ["#{url}"]
82
+ },
83
+ {
84
+ :type => "application",
85
+ :vendor => "Microsoft",
86
+ :product =>"ASP.NET",
87
+ :match_details =>"Microsoft ASP.NET",
88
+ :version => nil,
89
+ :match_type => :content_headers,
90
+ :match_content => /x-powered-by: ASP.NET/,
91
+ :examples => [],
92
+ :paths => ["#{url}"]
93
+ },
94
+ {
95
+ :type => "application",
96
+ :vendor => "Microsoft",
97
+ :product =>"Forefront TMG",
98
+ :match_details =>"Microsoft Forefront Threat Management Gateway",
99
+ :version => nil,
100
+ :match_type => :content_cookies,
101
+ :match_content => /<title>Microsoft Forefront TMG/,
102
+ :paths => ["#{url}"]
103
+ },
104
+ {
105
+ :type => "application",
106
+ :vendor => "Microsoft",
107
+ :product =>"Forefront TMG",
108
+ :match_details =>"Microsoft Forefront Threat Management Gateway",
109
+ :version => nil,
110
+ :match_type => :content_headers,
111
+ :match_content => /via:\ 1.1\ TMGSRVR/,
112
+ :paths => ["#{url}"]
113
+ },
114
+
115
+ {
116
+ :type => "application",
117
+ :vendor => "Microsoft",
118
+ :product => "IIS",
119
+ :match_details =>"server header",
120
+ :version => nil,
121
+ :dynamic_version => lambda { |x|
122
+ _first_header_capture x, /server: Microsoft-IIS\/(.*)/
123
+ },
124
+ :match_type => :content_headers,
125
+ :match_content => /server: Microsoft-IIS\//,
126
+ :examples => ["http://168.75.243.138:80","http://freightmanager.nucornet.com:80"],
127
+ :paths => ["#{url}"]
128
+ },
129
+ {
130
+ :type => "application",
131
+ :vendor => "Microsoft",
132
+ :product =>"IIS",
133
+ :match_details =>"Microsoft IIS 8.0",
134
+ :version => "8.0",
135
+ :match_type => :content_body,
136
+ :match_content => /<img src=\"iis-8.png\"/,
137
+ :examples => ["http://66.162.2.18:80"],
138
+ :paths => ["#{url}"]
139
+ },
140
+ {
141
+ :type => "application",
142
+ :vendor => "Microsoft",
143
+ :product =>"IIS",
144
+ :match_details =>"Microsoft IIS 8.5",
145
+ :version => "8.5",
146
+ :match_type => :content_body,
147
+ :match_content => /<img src=\"iis-85.png\"/,
31
148
  :examples => ["http://103.1.221.151:80"],
32
- :paths => ["#{uri}"]
149
+ :paths => ["#{url}"]
33
150
  },
34
151
  {
35
- :name => "Microsoft Outlook Web Access",
36
- :description => "Microsoft Outlook Web Access",
152
+ :type => "application",
153
+ :vendor => "Microsoft",
154
+ :product =>"IIS",
155
+ :match_details =>"Microsoft IIS Unauthorized (403)",
156
+ :tags => ["error_page"],
37
157
  :version => nil,
38
- :type => :content_headers,
39
- :content => /x-owa-version/,
40
- :dynamic_version => lambda { |x| x["x-owa-version"] },
41
- :paths => ["#{uri}"]
158
+ :match_type => :content_body,
159
+ :hide => true,
160
+ :match_content => /Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator \(URL\)/,
161
+ :examples => ["http://199.233.74.45:80"],
162
+ :paths => ["#{url}"]
42
163
  },
43
164
  {
44
- :name => "Microsoft Generic Error - 403",
45
- :description => "Microsoft Generic Error - 403",
165
+ :type => "application",
166
+ :vendor => "Microsoft",
167
+ :product =>"IIS",
168
+ :match_details =>"Microsoft IIS Missing Resource (404)",
46
169
  :tags => ["error_page"],
47
170
  :version => nil,
48
- :type => :content_body,
171
+ :match_type => :content_body,
49
172
  :hide => true,
50
- :content => /403 Forbidden. The server denied the specified Uniform Resource Locator (URL)/,
51
- :paths => ["#{uri}"]
173
+ :match_content => /HTTP Error 404. The requested resource is not found./,
174
+ :examples => ["http://66.162.2.74:80"],
175
+ :paths => ["#{url}"]
52
176
  },
53
177
  {
54
- :name => "Microsoft Generic Error - 503",
55
- :description => "Microsoft Generic Error - 503",
178
+ :type => "application",
179
+ :vendor => "Microsoft",
180
+ :product =>"IIS",
181
+ :match_details =>"Microsoft IIS Generic Error - 403",
56
182
  :tags => ["error_page"],
57
183
  :version => nil,
58
- :type => :content_body,
184
+ :match_type => :content_body,
59
185
  :hide => true,
60
- :content => /HTTP Error 503. The service is unavailable./,
61
- :paths => ["#{uri}"]
62
- }
186
+ :match_content => /403 Forbidden. The server denied the specified Uniform Resource Locator (URL)/,
187
+ :paths => ["#{url}"]
188
+ },
189
+ {
190
+ :type => "application",
191
+ :vendor => "Microsoft",
192
+ :product =>"IIS",
193
+ :match_details =>"Microsoft Generic Error - 503",
194
+ :tags => ["error_page"],
195
+ :version => nil,
196
+ :match_type => :content_body,
197
+ :hide => true,
198
+ :match_content => /HTTP Error 503. The service is unavailable./,
199
+ :paths => ["#{url}"]
200
+ },
201
+ {
202
+ :type => "application",
203
+ :vendor =>"Microsoft",
204
+ :product =>"Kestrel",
205
+ :references => ["https://stackify.com/what-is-kestrel-web-server/"],
206
+ :match_details =>"kestrel in server header",
207
+ :version => nil,
208
+ :match_type => :content_headers,
209
+ :match_content => /server: Kestrel/i,
210
+ :examples => ["http://partner-staging.jet.com:80"],
211
+ :paths => ["#{url}"]
212
+ },
213
+ {
214
+ :type => "service",
215
+ :vendor =>"Microsoft",
216
+ :product =>"Office 365 API",
217
+ :match_details =>"office 365 api auth cookie",
218
+ :version => nil,
219
+ :match_type => :content_cookies,
220
+ :match_content => /x-ms-gateway-slice/i,
221
+ :examples => ["http://autodiscover.jet.com:80"],
222
+ :paths => ["#{url}"]
223
+ },
224
+ {
225
+ :type => "service",
226
+ :vendor =>"Microsoft",
227
+ :product =>"Office 365",
228
+ :match_details =>"office 365 fronted by okta",
229
+ :version => nil,
230
+ :match_type => :content_body,
231
+ :match_content => /ok3static.oktacdn.com\/assets\/img\/logos\/office365/i,
232
+ :examples => ["http://outlook.newscorp.com:80"],
233
+ :paths => ["#{url}"]
234
+ },
235
+ {
236
+ :type => "application",
237
+ :vendor => "Microsoft",
238
+ :product =>"Outlook Web Access",
239
+ :match_details =>"Microsoft Outlook Web Access",
240
+ :version => nil,
241
+ :match_type => :content_headers,
242
+ :match_content => /x-owa-version/,
243
+ :dynamic_version => lambda { |x| _first_header_capture(x, /x-owa-version:(.*)/) },
244
+ :paths => ["#{url}"]
245
+ },
246
+ {
247
+ :type => "application",
248
+ :vendor => "Microsoft",
249
+ :product =>"Outlook Web Access",
250
+ :match_details =>"Microsoft Outlook Web Access",
251
+ :version => nil,
252
+ :match_type => :content_body,
253
+ :match_content => /OwaPage\ =\ ASP.auth_logon_aspx/,
254
+ :dynamic_version => lambda { |x| _first_body_capture x, /href=\"\/owa\/auth\/(.*)\/themes\/resources\/favicon.ico/ },
255
+ :paths => ["#{url}"]
256
+ },
257
+ {
258
+ :type => "application",
259
+ :vendor => "Microsoft",
260
+ :product =>"Sharepoint",
261
+ :match_details =>"Sharepoint cookie",
262
+ :version => nil,
263
+ :match_type => :content_headers,
264
+ :match_content => /sprequestguid/,
265
+ :dynamic_version => lambda { |x| _first_header_capture(x,/microsoftsharepointteamservices:(.*)/) },
266
+ :examples => ["http://sharepoint.edghelp.realogyfg.com:80"],
267
+ :paths => ["#{url}"]
268
+ },
63
269
  ]
64
270
  end
65
271