intrigue-ident 0.47 → 0.48

data/lib/checks/pardot.rb

@@ -6,11 +6,13 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "Pardot",
-            :description => "Pardot",
+            :type => "application",
+            :vendor =>"Pardot",
+            :product =>"Pardot",
+            :match_details =>"Pardot",
             :version => nil,
-            :type => :content_cookies,
-            :content => /pardot/i,
+            :match_type => :content_cookies,
+            :match_content =>  /pardot/i,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/pfsense.rb

@@ -6,14 +6,16 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "pfSense Firewall",
-            :description => "pfSense is an open source firewall/router " +
+            :type => "application",
+            :vendor => "pfSense",
+            :product =>"pfSense",
+            :match_details =>"pfSense is an open source firewall/router " +
               "computer software distribution based on FreeBSD. It is " +
               "installed on a physical computer or a virtual machine to" +
               "make a dedicated firewall/router for a network",
             :version => nil,
-            :type => :content_body,
-            :content => /Login to pfSense/,
+            :match_type => :content_body,
+            :match_content =>  /Login to pfSense/,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/phpmyadmin.rb

@@ -6,11 +6,13 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "PhpMyAdmin",
-            :description => "PhpMyAdmin",
+            :type => "application",
+            :vendor => "PhpMyAdmin",
+            :product => "PhpMyAdmin",
+            :match_details => "PhpMyAdmin",
             :version => nil,
-            :type => :content_cookies,
-            :content => /phpMyAdmin=/i,
+            :match_type => :content_cookies,
+            :match_content =>  /phpMyAdmin=/i,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/pivotal.rb

@@ -0,0 +1,24 @@
+module Intrigue
+module Ident
+module Check
+    class Pivotal < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "application",
+            :vendor =>"Pivotal",
+            :product =>"Spring Framework",
+            :match_details =>"Standard Spring MVC error page",
+            :match_type => :content_body,
+            :version => nil,
+            :match_content =>  /{"timestamp":\d.*,"status":999,"error":"None","message":"No message available"}/,
+            :paths => ["#{url}/error.json"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/rabbitmq.rb

@@ -6,19 +6,23 @@ module Check
       def generate_checks(url)
         [
            {
-             :name => "RabbitMQ",
-             :description => "RabbitMQ",
-             :type => :content_body,
+             :type => "application",
+             :vendor => "RabbitMQ",
+             :product => "RabbitMQ",
+             :match_details =>"RabbitMQ",
+             :match_type => :content_body,
              :version => nil,
-             :content => /RabbitMQ Management/,
+             :match_content =>  /RabbitMQ Management/,
              :paths => ["#{url}"]
            },
            {
-            :name => "RabbitMQ API",
-            :description => "RabbitMQ API",
-            :type => :content_body,
+            :type => "application",
+            :vendor => "RabbitMQ",
+            :product => "RabbitMQ API",
+            :match_details => "RabbitMQ API",
+            :match_type => :content_body,
             :version => nil,
-            :content => /RabbitMQ Management HTTP API/,
+            :match_content =>  /RabbitMQ Management HTTP API/,
             :paths => ["#{url}/api"]
           }
         ]

data/lib/checks/team_city.rb

@@ -6,11 +6,13 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "TeamCity Continuous Integration",
-            :description => "TeamCity Continuous Integration",
+            :type => "application",
+            :vendor => "TeamCity",
+            :product => "TeamCity",
+            :match_details => "TeamCity Continuous Integration",
             :version => nil,
-            :type => :content_body,
-            :content => /icons\/teamcity.black.svg/i,
+            :match_type => :content_body,
+            :match_content =>  /icons\/teamcity.black.svg/i,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/telerik.rb

@@ -6,12 +6,14 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "Telerik Sitefinity",
-            :description => "Telerik Sitefinity is an ASP.NET 2.0-based Content Management System (CMS)",
+            :type => "application",
+            :vendor => "Telerik",
+            :product =>"Sitefinity",
+            :match_details =>"Telerik Sitefinity is an ASP.NET 2.0-based Content Management System (CMS)",
             :url => "https://www.sitefinity.com/",
             :version => nil,
-            :type => :content_body,
-            :content => /Telerik.Sitefinity.Resources/,
+            :match_type => :content_body,
+            :match_content =>  /Telerik.Sitefinity.Resources/,
             :dynamic_version => lambda { |x|  x["details"]["hidden_response_data"].match(/Version=([\d\.]+),/).captures[0] },
             :verify_sites => [],
             :paths => ["#{url}"]

data/lib/checks/varnish.rb

@@ -6,11 +6,13 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "Varnish",
-            :description => "Varnish Proxy",
+            :type => "application",
+            :vendor =>"Varnish",
+            :product =>"Varnish",
+            :match_details =>"Varnish Proxy",
             :version => nil,
-            :type => :content_headers,
-            :content => /via: [0-9]\.[0-9] varnish/i,
+            :match_type => :content_headers,
+            :match_content =>  /via: [0-9]\.[0-9] varnish/i,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/vmware.rb

@@ -6,11 +6,13 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "VMWare Horizon",
-            :description => "VMWare Horizon",
+            :type => "application",
+            :vendor => "VMWare",
+            :product =>"Horizon",
+            :match_details =>"VMWare Horizon",
             :version => nil,
-            :type => :content_body,
-            :content => /<title>VMware Horizon/,
+            :match_type => :content_body,
+            :match_content =>  /<title>VMware Horizon/,
             :paths => ["#{url}"]
           }
         ]

data/lib/checks/wp_engine.rb

@@ -6,11 +6,14 @@ module Check
       def generate_checks(url)
         [
           {
-            :name => "WPEngine",
-            :description => "WPEngine - Access site by IP",
+            :type => "application",
+            :vendor =>"WPEngine",
+            :tags => ["hosting_provider"],
+            :product =>"WPEngine",
+            :match_details =>"WPEngine - Access site by IP",
             :version => nil,
-            :type => :content_body,
-            :content => /This domain is successfully pointed at WP Engine, but is not configured for an account on our platform./,
+            :match_type => :content_body,
+            :match_content =>  /This domain is successfully pointed at WP Engine, but is not configured for an account on our platform./,
             :paths => ["#{url}"]
           }
         ]

data/lib/intrigue-ident.rb

@@ -11,7 +11,7 @@ Dir["#{check_folder}/*.rb"].each { |file| require_relative file }
 module Intrigue
   module Ident
 
-    VERSION=0.47
+    VERSION=0.48
 
     def generate_requests_and_check(url)
 
@@ -78,41 +78,53 @@ module Intrigue
     results.compact
     end
 
+
     private
 
+    def _match_to_cpe(m)
+      out = "cpe:/#{m[:type]}:#{m[:vendor]}:#{m[:product]}"
+      out << ":#{m[:version]}" if m[:version]
+    out
+    end
+
     def _construct_match_response(check, data)
       {
+        :type => check[:type],
+        :vendor => check[:vendor],
+        :product => check[:product],
         :version => (check[:dynamic_version].call(data) if check[:dynamic_version]) || check[:version],
-        :name => check[:name],
         :tags => check[:tags],
-        :match => check[:type],
+        :matched_content => check[:match_content],
+        :match_type => check[:match_type],
+        :match_details => check[:match_details],
         :hide => check[:hide]
       }
     end
 
     def _match_uri(check,data)
 
+      #puts "Trying to match #{check[:vendor]} #{check[:product]}: #{data["details"]["cookies"][0..10]}"
+
       # data[:body] => page body
       # data[:headers] => block of text with headers, one per line
       # data[:cookies] => set_cookie header
       # data[:body_md5] => md5 hash of the body
       # if type "content", do the content check
 
-
-      if check[:type] == :content_body
+      if check[:match_type] == :content_body
         if data["details"]["hidden_response_data"]
-          match = _construct_match_response(check,data) if data["details"]["hidden_response_data"] =~ check[:content]
+          match = _construct_match_response(check,data) if data["details"]["hidden_response_data"] =~ check[:match_content]
         end
-      elsif check[:type] == :content_headers
+      elsif check[:match_type] == :content_headers
         if data["details"]["headers"]
-          match = _construct_match_response(check,data) if data["details"]["headers"].join("\n") =~ check[:content]
+          match = _construct_match_response(check,data) if data["details"]["headers"].join("\n") =~ check[:match_content]
         end
-      elsif check[:type] == :content_cookies
+      elsif check[:match_type] == :content_cookies
         # Check only the set-cookie header
         if data["details"]["cookies"]
-          match = _construct_match_response(check,data) if data["details"]["cookies"] =~ check[:content]
+          match = _construct_match_response(check,data) if data["details"]["cookies"] =~ check[:match_content]
         end
-      elsif check[:type] == :checksum_body
+      elsif check[:match_type] == :checksum_body
         if data["details"]["response_data_hash"]
           match = _construct_match_response(check,data) if Digest::MD5.hexdigest(data["details"]["response_data_hash"]) == check[:checksum]
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: intrigue-ident
 version: !ruby/object:Gem::Version
-  version: '0.47'
+  version: '0.48'
 platform: ruby
 authors:
 - jcran
@@ -66,15 +66,15 @@ files:
 - lib/checks/adobe.rb
 - lib/checks/akamai.rb
 - lib/checks/amazon.rb
+- lib/checks/apache.rb
 - lib/checks/aruba.rb
-- lib/checks/asp_net.rb
 - lib/checks/atlassian.rb
+- lib/checks/automattic.rb
 - lib/checks/base.rb
 - lib/checks/chef.rb
 - lib/checks/cisco.rb
 - lib/checks/citrix.rb
 - lib/checks/cloudflare.rb
-- lib/checks/cloudfront.rb
 - lib/checks/cpanel.rb
 - lib/checks/django.rb
 - lib/checks/drupal.rb
@@ -84,6 +84,7 @@ files:
 - lib/checks/gitlab.rb
 - lib/checks/google.rb
 - lib/checks/grafana.rb
+- lib/checks/heroku.rb
 - lib/checks/hp.rb
 - lib/checks/jenkins.rb
 - lib/checks/joomla.rb
@@ -101,14 +102,12 @@ files:
 - lib/checks/pardot.rb
 - lib/checks/pfsense.rb
 - lib/checks/phpmyadmin.rb
+- lib/checks/pivotal.rb
 - lib/checks/rabbitmq.rb
-- lib/checks/spring.rb
 - lib/checks/team_city.rb
 - lib/checks/telerik.rb
-- lib/checks/tomcat.rb
 - lib/checks/varnish.rb
 - lib/checks/vmware.rb
-- lib/checks/wordpress.rb
 - lib/checks/wp_engine.rb
 - lib/intrigue-ident.rb
 homepage: https://intrigue.io

data/lib/checks/asp_net.rb

@@ -1,64 +0,0 @@
-module Intrigue
-module Ident
-module Check
-class AspNet < Intrigue::Ident::Check::Base
-
-  def generate_checks(uri)
-    [
-      {
-        :name => "ASP.NET",
-        :description => "ASP.Net Error Message",
-        :version => nil,
-        :tags => ["error_page"],
-        :type => :content_body,
-        :content => /^.*ASP.NET is configured.*$/i,
-        :dynamic_version => lambda{|x| x["details"]["hidden_response_data"].scan(/ASP.NET Version:(.*)$/)[0].first.chomp },
-        :paths => ["#{uri}"]
-      },
-      {
-        :name => "ASP.NET",
-        :description => "X-AspNet Header",
-        :version => nil,
-        :type => :content_headers,
-        :content => /^x-aspnet-version:.*$/i,
-        :dynamic_version => lambda{|x| x["details"]["hidden_response_data"].scan(/ASP.NET Version:(.*)$/i)[0].first.chomp if x["details"]["hidden_response_data"].scan(/ASP.NET Version:(.*)$/i)[0] },
-        :paths => ["#{uri}"]
-      },
-      {
-        :name => "ASP.NET",
-        :description => "Asp.Net Default Cookie",
-        :version => nil,
-        :type => :content_cookies,
-        :content => /ASPSESSIONID.*$/i,
-        :paths => ["#{uri}"]
-      },
-      {
-        :name => "ASP.NET",
-        :description => "Asp.Net Default Cookie",
-        :version => nil,
-        :type => :content_cookies,
-        :content => /ASP.NET_SessionId.*$/i,
-        :paths => ["#{uri}"]
-      },
-      {
-        :name => "ASP.NET MVC",
-        :description => "Asp.Net MVC Header",
-        :version => nil,
-        :type => :content_headers,
-        :content => /x-aspnetmvc-version/i,
-        :paths => ["#{uri}"]
-      },
-      {
-        :name => "ASP.NET",
-        :description => "WebResource.axd link in the page",
-        :version => nil,
-        :type => :content_body,
-        :content => /WebResource.axd?d=/i,
-        :paths => ["#{uri}"]
-      }
-    ]
-  end
-end
-end
-end
-end

data/lib/checks/cloudfront.rb

@@ -1,41 +0,0 @@
-module Intrigue
-module Ident
-module Check
-    class Cloudfront < Intrigue::Ident::Check::Base
-
-      def generate_checks(url)
-        [
-          {
-            :name => "Cloudfront - Error (Body)",
-            :description => "Cloudfront - no configured hostname",
-            :version => "",
-            :type => :content_body,
-            :content => /ERROR: The request could not be satisfied/,
-            :hide => true,
-            :paths => ["#{url}"]
-          },
-          {
-            :name => "Cloudfront - Error (Headers)",
-            :description => "Cloudfront - no configured hostname",
-            :version => "",
-            :type => :content_headers,
-            :content => /Error from cloudfront/,
-            :hide => true,
-            :paths => ["#{url}"]
-          },
-          {
-            :name => "Cloudfront - 403 (Body)",
-            :description => "Cloudfront - 403",
-            :version => "",
-            :type => :content_body,
-            :content => /<h1>403 Forbidden<\/h1><\/center>\n<hr><center>cloudflare/,
-            :hide => true,
-            :paths => ["#{url}"]
-          }
-        ]
-      end
-
-    end
-  end
-  end
-  end

data/lib/checks/spring.rb

@@ -1,22 +0,0 @@
-module Intrigue
-module Ident
-module Check
-    class Spring < Intrigue::Ident::Check::Base
-
-      def generate_checks(url)
-        [
-          {
-            :name => "Spring",
-            :description => "Standard Spring MVC error page",
-            :type => :content_body,
-            :version => nil,
-            :content => /{"timestamp":\d.*,"status":999,"error":"None","message":"No message available"}/,
-            :paths => ["#{url}/error.json"]
-          }
-        ]
-      end
-
-    end
-  end
-  end
-  end