intrigue-ident 0.48 → 0.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/lib/checks/acquia.rb +26 -0
  3. data/lib/checks/amazon.rb +4 -4
  4. data/lib/checks/apache.rb +64 -1
  5. data/lib/checks/atlassian.rb +3 -7
  6. data/lib/checks/automattic.rb +115 -117
  7. data/lib/checks/base.rb +48 -0
  8. data/lib/checks/chef.rb +1 -1
  9. data/lib/checks/cisco.rb +4 -2
  10. data/lib/checks/citrix.rb +13 -0
  11. data/lib/checks/cloudflare.rb +5 -5
  12. data/lib/checks/drupal.rb +15 -2
  13. data/lib/checks/f5.rb +15 -2
  14. data/lib/checks/fastly.rb +2 -2
  15. data/lib/checks/groovy.rb +24 -0
  16. data/lib/checks/heroku.rb +1 -1
  17. data/lib/checks/jenkins.rb +2 -2
  18. data/lib/checks/jobvite.rb +25 -0
  19. data/lib/checks/lotus.rb +3 -1
  20. data/lib/checks/mediawiki.rb +18 -34
  21. data/lib/checks/microsoft.rb +46 -25
  22. data/lib/checks/new_relic.rb +25 -0
  23. data/lib/checks/nginx.rb +16 -2
  24. data/lib/checks/okta.rb +25 -0
  25. data/lib/checks/oracle.rb +38 -6
  26. data/lib/checks/php.rb +28 -0
  27. data/lib/checks/restlet.rb +28 -0
  28. data/lib/checks/sailpoint.rb +27 -0
  29. data/lib/checks/telerik.rb +17 -4
  30. data/lib/checks/wp_engine.rb +2 -1
  31. data/lib/checks/zscaler.rb +28 -0
  32. data/lib/intrigue-ident.rb +29 -22
  33. data/util/check.rb +20 -0
  34. metadata +12 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 264d2dff52cd74c3d85add304baf8169b40c8671b001b7b87ea63a761fa700f7
4
- data.tar.gz: cd0b6bae16f4e063d9fa33e23783b15664255497dc1091c83b2dc30190366af9
3
+ metadata.gz: 8d58d63bdc512c08643f0f899a2fb93c8c7c31fd878c58e0b4109017f0273114
4
+ data.tar.gz: 2fdf907897a3984d45c4409b154d0ad17dcfd6dfa82e626bfcb2f1953b96fe18
5
5
  SHA512:
6
- metadata.gz: 89b68a83d6d4ef217322a7a6d732aeef346b23714fba4886d701bab22c869b681a5ba3aeb27aa38a54147b5e9acb7c226ef4c16284b539e8b08a8add5aac2282
7
- data.tar.gz: 7effd8183d7d2673bfc71f96e4c23daf5f61fdedf5e83fa6b3349321a1013b9e4151831ff1fdb836a2860e577fcfb150aa639debf5f951ba39ccd6093bc377d1
6
+ metadata.gz: 9bba27d33b8e9ac30a10da3b76b35290951d099bc3812360fdeb6f357eb2634cf5888356b7e6bf5ea12b93fa1685d830c6d52e37a5e896e5d525b1385bda9dd9
7
+ data.tar.gz: c7492be298f8481bb2991a8b8d5b454e561aa24dfc6e59c5636fa7be0fa3ce409b15504e74510bd484e34994103ce67ca1d142f5f1999885cea719e17e332d91
data/lib/checks/acquia.rb ADDED
@@ -0,0 +1,26 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Acquia < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "service",
10
+ :vendor => "Acquia",
11
+ :product => "Acquia",
12
+ :references => ["https://docs.acquia.com/acquia-cloud/performance/varnish/headers/"],
13
+ :version => nil,
14
+ :match_type => :content_headers,
15
+ :match_content => /X-AH-Environment:/i,
16
+ :match_details => "Header contains Acquia environment that provides the page response (usually prod, but could also be dev or stage)",
17
+ :hide => false,
18
+ :examples => ["http://netgear.gcs-web.com:80"],
19
+ :paths => ["#{url}"]
20
+ }
21
+ ]
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
data/lib/checks/amazon.rb CHANGED
@@ -6,7 +6,7 @@ class Amazon < Intrigue::Ident::Check::Base
6
6
  def generate_checks(url)
7
7
  [
8
8
  {
9
- :type => "application",
9
+ :type => "service",
10
10
  :vendor => "Amazon",
11
11
  :product =>"Cloudfront - Error (Body)",
12
12
  :match_details =>"Cloudfront - no configured hostname",
@@ -17,7 +17,7 @@ class Amazon < Intrigue::Ident::Check::Base
17
17
  :paths => ["#{url}"]
18
18
  },
19
19
  {
20
- :type => "application",
20
+ :type => "service",
21
21
  :vendor => "Amazon",
22
22
  :product =>"Cloudfront - Error (Headers)",
23
23
  :match_details =>"Cloudfront - no configured hostname",
@@ -28,7 +28,7 @@ class Amazon < Intrigue::Ident::Check::Base
28
28
  :paths => ["#{url}"]
29
29
  },
30
30
  {
31
- :type => "application",
31
+ :type => "service",
32
32
  :vendor => "Amazon",
33
33
  :product =>"Cloudfront - 403 (Body)",
34
34
  :match_details =>"Cloudfront - 403",
@@ -40,7 +40,7 @@ class Amazon < Intrigue::Ident::Check::Base
40
40
  },
41
41
  {
42
42
  :tags => ["error_page","hosting_provider"],
43
- :type => "application",
43
+ :type => "service",
44
44
  :url => "https://aws.amazon.com/elasticloadbalancing/",
45
45
  :vendor => "Amazon",
46
46
  :product => "Elastic Load Balancer",
data/lib/checks/apache.rb CHANGED
@@ -5,6 +5,63 @@ class Apache < Intrigue::Ident::Check::Base
5
5
 
6
6
  def generate_checks(url)
7
7
  [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Apache",
11
+ :product =>"Apache",
12
+ :match_details =>"Apache web server - server header - with versions",
13
+ :version => nil,
14
+ :match_type => :content_headers,
15
+ :match_content => /server:\ Apache[\s|\/]+[0-9]+/i,
16
+ :dynamic_version => lambda { |x|
17
+ _first_header_capture(x,/[s|S]erver:\s?Apache[\s|\/](.*)$/,["Apache","/","(Ubuntu)"])
18
+ },
19
+ :examples => [
20
+ "http://124.6.226.249:8081"
21
+ ],
22
+ :paths => ["#{url}"]
23
+ },
24
+ {
25
+ :type => "application",
26
+ :vendor => "Apache",
27
+ :product =>"Apache",
28
+ :match_details =>"Apache web server - server header - no version",
29
+ :version => nil,
30
+ :match_type => :content_headers,
31
+ :match_content => /server:\ Apache$/i,
32
+ :examples => [
33
+ "http://207.87.195.160:80"
34
+ ],
35
+ :paths => ["#{url}"]
36
+ },
37
+ {
38
+ :type => "application",
39
+ :vendor => "Apache",
40
+ :product =>"Coyote",
41
+ :match_details =>"Apache coyote application server - server header",
42
+ :version => nil,
43
+ :match_type => :content_headers,
44
+ :match_content => /server:\ Apache-Coyote/i,
45
+ :dynamic_version => lambda { |x|
46
+ _first_header_capture(x,/server: Apache-Coyote\/(.*)/i)
47
+ },
48
+ :examples => [ "http://15.224.214.203:80" ],
49
+ :paths => ["#{url}"]
50
+ },
51
+ {
52
+ :type => "application",
53
+ :vendor => "Apache",
54
+ :product => "Tomcat",
55
+ :match_details =>"Tomcat Application Server",
56
+ :match_type => :content_body,
57
+ :version => 6,
58
+ :match_content => /<title>Tomcat 6 Welcome Page/,
59
+ :examples => [
60
+ "https://15.139.248.81:443"
61
+ ],
62
+ :paths => ["#{url}"]
63
+ },
64
+
8
65
  {
9
66
  :type => "application",
10
67
  :vendor => "Apache",
@@ -13,7 +70,13 @@ class Apache < Intrigue::Ident::Check::Base
13
70
  :match_type => :content_body,
14
71
  :version => nil,
15
72
  :match_content => /<title>Apache Tomcat/,
16
- :dynamic_version => lambda{|x| x["details"]["hidden_response_data"].scan(/<title>(.*)<\/title>/)[0].first.gsub("Apache Tomcat/","").gsub(" - Error report","").chomp },
73
+ :dynamic_version => lambda{ |x|
74
+ _first_body_capture(x, /<title>(.*)<\/title>/,["Apache Tomcat/"," - Error report"])
75
+ },
76
+ :examples => [
77
+ "http://15.216.136.207:80",
78
+ "http://15.224.214.203:80"
79
+ ],
17
80
  :paths => ["#{url}"]
18
81
  }
19
82
  ]
data/lib/checks/atlassian.rb CHANGED
@@ -33,10 +33,8 @@ class Atlassian < Intrigue::Ident::Check::Base
33
33
  :version => nil,
34
34
  :match_type => :content_body,
35
35
  :match_content => /FishEye and Crucible/,
36
- :dynamic_version => lambda{|x|
37
- if x["details"]["hidden_response_data"].scan(/Log in to FishEye and Crucible (.*)\</)[0]
38
- x["details"]["hidden_response_data"].scan(/Log in to FishEye and Crucible (.*)\</)[0].first
39
- end
36
+ :dynamic_version => lambda{ |x|
37
+ _first_body_capture(x, /Log in to FishEye and Crucible (.*)\</)
40
38
  },
41
39
  :paths => ["#{url}"]
42
40
  },
@@ -60,9 +58,7 @@ class Atlassian < Intrigue::Ident::Check::Base
60
58
  :match_type => :content_cookies,
61
59
  :match_content => /atlassian.xsrf.token/i,
62
60
  :dynamic_version => lambda{ |x|
63
- if x["details"]["hidden_response_data"].scan(/<span id="footer-build-information">(.*)-<span/)[0]
64
- x["details"]["hidden_response_data"].scan(/<span id="footer-build-information">(.*)-<span/)[0].first.gsub("(","")
65
- end
61
+ _first_body_capture(x,/<span id="footer-build-information">(.*)-<span/,["("])
66
62
  },
67
63
  :paths => ["#{url}"]
68
64
  }
data/lib/checks/automattic.rb CHANGED
@@ -1,122 +1,121 @@
1
1
  module Intrigue
2
2
  module Ident
3
3
  module Check
4
- class Automattic < Intrigue::Ident::Check::Base
5
-
6
- def generate_checks(url)
7
- [
8
- {
9
- :type => "application",
10
- :vendor => "Automattic",
11
- :product =>"Wordpress",
12
- :match_details =>"Wordpress WP-JSON endpoint",
13
- :version => nil,
14
- :match_type => :content_body,
15
- :match_content => /gmt_offset/,
16
- :paths => ["#{url}/wp-json"]
17
- },
18
- {
19
- :type => "application",
20
- :vendor => "Automattic",
21
- :product =>"Wordpress",
22
- :match_details =>"Wordpress TinyMCE Editor",
23
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
24
- :version => "2.0",
25
- :match_type => :checksum_body,
26
- :checksum => "a306a72ce0f250e5f67132dc6bcb2ccb",
27
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
28
- },
29
- {
30
- :type => "application",
31
- :vendor => "Automattic",
32
- :product =>"Wordpress",
33
- :match_details =>"Wordpress TinyMCE Editor",
34
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
35
- :version => "2.1",
36
- :match_type => :checksum_body,
37
- :checksum => "4f04728cb4631a553c4266c14b9846aa",
38
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
39
- },
40
- {
41
- :type => "application",
42
- :vendor => "Automattic",
43
- :product =>"Wordpress",
44
- :match_details =>"Wordpress TinyMCE Editor",
45
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
46
- :version => "2.2",
47
- :match_type => :checksum_body,
48
- :checksum => "25e1e78d5b0c221e98e14c6e8c62084f",
49
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
50
- },
51
- {
52
- :type => "application",
53
- :vendor => "Automattic",
54
- :product =>"Wordpress",
55
- :match_details =>"Wordpress TinyMCE Editor",
56
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
57
- :version => "2.3",
58
- :match_type => :checksum_body,
59
- :checksum => "83c83d0f0a71bd57c320d93e59991c53",
60
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
61
- },
62
- {
63
- :type => "application",
64
- :vendor => "Automattic",
65
- :product =>"Wordpress",
66
- :match_details =>"Wordpress TinyMCE Editor",
67
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
68
- :version => "2.5",
69
- :match_type => :checksum_body,
70
- :checksum => "7293453cf0ff5a9a4cfe8cebd5b5a71a",
71
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
72
- },
73
- {
74
- :type => "application",
75
- :vendor => "Automattic",
76
- :product =>"Wordpress",
77
- :match_details =>"Wordpress TinyMCE Editor",
78
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
79
- :version => "2.6",
80
- :match_type => :checksum_body,
81
- :checksum => "61740709537bd19fb6e03b7e11eb8812",
82
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
83
- },
84
- {
85
- :type => "application",
86
- :vendor => "Automattic",
87
- :product =>"Wordpress",
88
- :match_details =>"Wordpress TinyMCE Editor",
89
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
90
- :version => "2.7",
91
- :match_type => :checksum_body,
92
- :checksum => "e6bbc53a727f3af003af272fd229b0b2",
93
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
94
- },
95
- {
96
- :type => "application",
97
- :vendor => "Automattic",
98
- :product =>"Wordpress",
99
- :match_details =>"Wordpress TinyMCE Editor",
100
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
101
- :version => "2.7.1",
102
- :match =>:checksum_body,
103
- :checksum => "e6bbc53a727f3af003af272fd229b0b2",
104
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
105
- },
106
- {
107
- :type => "application",
108
- :vendor => "Automattic",
109
- :product =>"Wordpress",
110
- :match_details =>"Wordpress TinyMCE Editor",
111
- :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
112
- :version => "2.9.1",
113
- :match_type => :checksum_body,
114
- :checksum => "128e75ed19d49a94a771586bf83265ec",
115
- :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
116
- }
117
- ]
118
- end
4
+ class Automattic < Intrigue::Ident::Check::Base
119
5
 
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Automattic",
11
+ :product =>"Wordpress",
12
+ :match_details =>"Wordpress WP-JSON endpoint",
13
+ :version => nil,
14
+ :match_type => :content_body,
15
+ :match_content => /gmt_offset/,
16
+ :paths => ["#{url}/wp-json"]
17
+ },
18
+ {
19
+ :type => "application",
20
+ :vendor => "Automattic",
21
+ :product =>"Wordpress",
22
+ :match_details =>"Wordpress TinyMCE Editor",
23
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
24
+ :version => "2.0",
25
+ :match_type => :checksum_body,
26
+ :checksum => "a306a72ce0f250e5f67132dc6bcb2ccb",
27
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
28
+ },
29
+ {
30
+ :type => "application",
31
+ :vendor => "Automattic",
32
+ :product =>"Wordpress",
33
+ :match_details =>"Wordpress TinyMCE Editor",
34
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
35
+ :version => "2.1",
36
+ :match_type => :checksum_body,
37
+ :checksum => "4f04728cb4631a553c4266c14b9846aa",
38
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
39
+ },
40
+ {
41
+ :type => "application",
42
+ :vendor => "Automattic",
43
+ :product =>"Wordpress",
44
+ :match_details =>"Wordpress TinyMCE Editor",
45
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
46
+ :version => "2.2",
47
+ :match_type => :checksum_body,
48
+ :checksum => "25e1e78d5b0c221e98e14c6e8c62084f",
49
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
50
+ },
51
+ {
52
+ :type => "application",
53
+ :vendor => "Automattic",
54
+ :product =>"Wordpress",
55
+ :match_details =>"Wordpress TinyMCE Editor",
56
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
57
+ :version => "2.3",
58
+ :match_type => :checksum_body,
59
+ :checksum => "83c83d0f0a71bd57c320d93e59991c53",
60
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
61
+ },
62
+ {
63
+ :type => "application",
64
+ :vendor => "Automattic",
65
+ :product =>"Wordpress",
66
+ :match_details =>"Wordpress TinyMCE Editor",
67
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
68
+ :version => "2.5",
69
+ :match_type => :checksum_body,
70
+ :checksum => "7293453cf0ff5a9a4cfe8cebd5b5a71a",
71
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
72
+ },
73
+ {
74
+ :type => "application",
75
+ :vendor => "Automattic",
76
+ :product =>"Wordpress",
77
+ :match_details =>"Wordpress TinyMCE Editor",
78
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
79
+ :version => "2.6",
80
+ :match_type => :checksum_body,
81
+ :checksum => "61740709537bd19fb6e03b7e11eb8812",
82
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
83
+ },
84
+ {
85
+ :type => "application",
86
+ :vendor => "Automattic",
87
+ :product =>"Wordpress",
88
+ :match_details =>"Wordpress TinyMCE Editor",
89
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
90
+ :version => "2.7",
91
+ :match_type => :checksum_body,
92
+ :checksum => "e6bbc53a727f3af003af272fd229b0b2",
93
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
94
+ },
95
+ {
96
+ :type => "application",
97
+ :vendor => "Automattic",
98
+ :product =>"Wordpress",
99
+ :match_details =>"Wordpress TinyMCE Editor",
100
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
101
+ :version => "2.7.1",
102
+ :match =>:checksum_body,
103
+ :checksum => "e6bbc53a727f3af003af272fd229b0b2",
104
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
105
+ },
106
+ {
107
+ :type => "application",
108
+ :vendor => "Automattic",
109
+ :product =>"Wordpress",
110
+ :match_details =>"Wordpress TinyMCE Editor",
111
+ :references => ["https://dcid.me/texts/fingerprinting-web-apps.html"],
112
+ :version => "2.9.1",
113
+ :match_type => :checksum_body,
114
+ :checksum => "128e75ed19d49a94a771586bf83265ec",
115
+ :paths => ["#{url}/wp-includes/js/tinymce/tiny_mce.js"]
116
+ }
117
+ ]
118
+ end
120
119
 
121
120
  =begin
122
121
  all_checks = [{
@@ -133,8 +132,7 @@ all_checks = [{
133
132
  ]},
134
133
  =end
135
134
 
136
-
137
- end
135
+ end
138
136
  end
139
137
  end
140
138
  end
data/lib/checks/base.rb CHANGED
@@ -7,6 +7,54 @@ class Base
7
7
  CheckFactory.register(base)
8
8
  end
9
9
 
10
+ private
11
+
12
+ # matching helpers
13
+ def _first_body_match(content, regex)
14
+ content["details"]["hidden_response_data"].match(regex)
15
+ end
16
+
17
+ def _first_body_capture(content, regex, filter=[])
18
+ x = content["details"]["hidden_response_data"].match(regex)
19
+ if x
20
+ x = x.captures.first.strip
21
+ filter.each{|f| x.gsub!(f,"") }
22
+ x = x.strip
23
+ return x if x.length > 0
24
+ end
25
+ nil
26
+ end
27
+
28
+ def _first_header_match(content, regex)
29
+ content["details"]["headers"].match(regex).first
30
+ end
31
+
32
+ def _first_header_capture(content,regex, filter=[])
33
+ x = content["details"]["headers"].join("\n").match(regex)
34
+ if x
35
+ x = x.captures.first
36
+ filter.each{|f| x.gsub!(f,"") }
37
+ x = x.strip
38
+ return x if x.length > 0
39
+ end
40
+ nil
41
+ end
42
+
43
+ def _first_cookie_match(content, regex)
44
+ content["details"]["cookies"].match(regex).first
45
+ end
46
+
47
+ def _first_cookie_capture(content, regex, filter=[])
48
+ x = content["details"]["cookies"].match(regex)
49
+ if x
50
+ x = x.captures.first.strip
51
+ filter.each{|f| x.gsub!(f,"") }
52
+ x = x.strip
53
+ return x if x.length > 0
54
+ end
55
+ nil
56
+ end
57
+
10
58
  end
11
59
  end
12
60
  end