intrigue-ident 0.51 → 0.52

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f91b614544db4600d47b6c438d375db720472ba450931c6fe672291a42b01b5f
-  data.tar.gz: 762f2ff05f40d7aef97379be04a5341aca83312d8ff1f859f26336f9e2da7b8f
+  metadata.gz: 9a9d6e4e609205533a0ffd35145fb3ed4b513b3069bb2c3c1aa0d83636d6318c
+  data.tar.gz: b0809ce786a47f93d7ff5d6cb4116043e63cafb4de53b19db977f64d8e38b171
 SHA512:
-  metadata.gz: 6e839dc08186fbfe8261848d939e187efffa985fd0b2af8d99455dccf147b84c2e31df84cfb0a3e180051079a2f06406a1873059d7f6c42b79524dd4b0fa2e8e
-  data.tar.gz: bfe37dc2199e514692f14838097f37d58bb87260d6671bebe873faccbe10233e53c81d47adcfd12690d14378ef54733c8aaced3c3c1d8046f6c197ec889d1a7c
+  metadata.gz: 4862aa7f4b461b07f712cd1982ec24be5082de46b14d1880c2021ffa550cef84348172e7354c47f34de12c87f7a8d6d9257096c7a46fc93b6ada902c4512e244
+  data.tar.gz: d81522d48458032467654d323db6554e941eb7a7e6a1bca677f143cf29427aadd09802bc0aae8ce389334d9454500e6f8d828d773516343e64f24fbc57d6ec4f

data/lib/checks/adobe.rb

@@ -20,7 +20,7 @@ class Adobe < Intrigue::Ident::Check::Base
       {
         :type => "application",
         :vendor => "Adobe",
-        :product => "Experience MAnager",
+        :product => "Experience Manager",
         :version => nil,
         :match_type => :content_body,
         :match_content => /AEM/,

data/lib/checks/checkpoint.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+  class Checkpoint < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "application",
+          :vendor => "Checkpoint",
+          :tags => [],
+          :product =>"GO",
+          :match_details =>"page title",
+          :references => ["https://en.wikipedia.org/wiki/Check_Point_GO"],
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /<title>Check Point Mobile GO/i,
+          :examples => ["http://192.234.138.61:80"],
+          :verify => ["eGNlbGVuZXJneSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovLzE5Mi4yMzQuMTM4LjYxOjgw"],
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+  end
+end
+end
+end

data/lib/checks/fastly.rb

@@ -9,11 +9,24 @@ module Check
             :type => "service",
             :vendor =>"Fastly",
             :product =>"Fastly",
-            :match_details =>"",
+            :match_details =>"header",
             :version => nil,
             :match_type => :content_headers,
             :match_content =>  /x-fastly-backend-reqs/i,
             :paths => ["#{url}"]
+          },
+          {
+            :type => "service",
+            :vendor =>"Fastly",
+            :product =>"Fastly",
+            :match_details =>"error content in page",
+            :version => nil,
+            :hide => true,
+            :match_type => :content_body,
+            :match_content =>  /<title>Fastly error: unknown domain/i,
+            :examples => ["http://151.101.1.224:80"],
+            :verify => ["ZXRzeSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovLzE1MS4xMDEuMS4yMjQ6ODA="],
+            :paths => ["#{url}"]
           }
         ]
       end

data/lib/checks/oracle.rb

@@ -5,22 +5,63 @@ module Check
 
       def generate_checks(url)
         [
-          { # TODO are HTTP-server and application-server the same thing?  
+          {
             :type => "application",
             :vendor => "Oracle",
             :product =>"Application Server",
-            :match_details =>"Oracle app server listed in server header",
+            :match_details =>"server header",
             :references => [],
             :version => nil,
             :match_type => :content_headers,
-            :match_content =>  /server: Oracle-Application-Server/,
+            :match_content =>  /Oracle-Application-Server/,
             :hide => false,
             :dynamic_version => lambda { |x|
-                _first_header_capture(x,/server:.*\/(.*) Oracle-HTTP-Server,/) || _first_header_capture(x,/server: Oracle-Application-Server-(.*)/) },
-            :examples => ["https://63.85.74.53:443","https://rss.tomthumb.com:443"],
+                _first_header_capture(x,/Oracle-Application-Server-[0-9]+[a-z]?\/(.*?)\ /) },
+            :examples => [
+              "https://63.85.74.53:443",
+              "https://rss.tomthumb.com:443",
+              "https://qas.huntsmanservice.com:443"
+            ],
             :verify => ["YWxiZXJ0c29ucyNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cHM6Ly9yc3MudG9tdGh1bWIuY29tOjQ0Mw=="],
             :paths => ["#{url}"]
           },
+          {
+            :type => "application",
+            :vendor => "Oracle",
+            :product =>"HTTP Server",
+            :match_details =>"server header",
+            :references => [],
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /Oracle-HTTP-Server/,
+            :hide => false,
+            :dynamic_version => lambda { |x|
+                _first_header_capture(x,/Oracle-HTTP-Server\/(.*?)\ /)
+            },
+            :examples => [
+              "https://qas.huntsmanservice.com:443"
+            ],
+            :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
+            :paths => ["#{url}"]
+          },
+          {
+            :type => "application",
+            :vendor => "Oracle",
+            :product =>"Web Cache Server",
+            :match_details =>"server header",
+            :references => [],
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /Oracle-Web-Cache/,
+            :hide => false,
+            :dynamic_version => lambda { |x|
+                _first_header_capture(x,/Oracle-Web-Cache-[0-9]+[a-z]?\/(.*?)\ /) },
+            :examples => [
+              "https://qas.huntsmanservice.com:443"
+            ],
+            :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
+            :paths => ["#{url}"]
+          },
           {
             :type => "application",
             :vendor => "Oracle",
@@ -120,6 +161,20 @@ module Check
             :hide => false,
             :examples => ["https://css-ewebsvcs.freddiemac.com:443"],
             :paths => ["#{url}"]
+          },
+          {
+            :type => "application",
+            :vendor => "Oracle",
+            :product =>"Weblogic",
+            :match_details =>"weblogic header",
+            :references => ["https://support.oracle.com/knowledge/Middleware/2100514_1.html"],
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /^x-oracle-dms-ecid:/,
+            :hide => false,
+            :examples => ["https://tmsstg-eem-db.ros.com:443"],
+            :verify => ["cm9zc3N0b3JlcyNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cHM6Ly90bXNzdGctZWVtLWRiLnJvcy5jb206NDQz"],
+            :paths => ["#{url}"]
           }
         ]
       end

data/lib/checks/perfectsense.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+  class Perfectsense < Intrigue::Ident::Check::Base
+
+    def generate_checks(url)
+      [
+        {
+          :type => "application",
+          :vendor => "PerfectSense",
+          :tags => [],
+          :product =>"Brightspot",
+          :match_details =>"server header",
+          :version => nil,
+          :references => [],
+          :match_type => :content_headers,
+          :match_content =>  /x-powered-by: Brightspot/i,
+          :examples => [],
+          :verify => [],
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+  end
+end
+end
+end

data/lib/checks/pfsense.rb

@@ -9,10 +9,7 @@ module Check
             :type => "application",
             :vendor => "pfSense",
             :product =>"pfSense",
-            :match_details =>"pfSense is an open source firewall/router " +
-              "computer software distribution based on FreeBSD. It is " +
-              "installed on a physical computer or a virtual machine to" +
-              "make a dedicated firewall/router for a network",
+            :match_details => "unique body content",
             :version => nil,
             :match_type => :content_body,
             :match_content =>  /Login to pfSense/,

data/lib/checks/ping_identity.rb

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+    class PingIdentiy < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "service",
+            :vendor => "PingIdentity",
+            :product =>"PingFederate",
+            :references => ["https://ping.force.com/Support/PingFederate/Administration/Single-sign-on-no-target796070NEW"],
+            :match_details =>"redirect (may be interesting)",
+            :version => nil,
+            :match_type => :content_headers,
+            :match_content =>  /^location:.*startSSO.ping/,
+            :examples => ["http://192.234.137.107:80"],
+            :verify => ["eGNlbGVuZXJneSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovLzE5Mi4yMzQuMTM3LjEwNzo4MA"],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/checks/zendesk.rb

@@ -0,0 +1,26 @@
+module Intrigue
+module Ident
+module Check
+    class Zendesk < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "service",
+            :vendor =>"Zendesk",
+            :product =>"Zendesk",
+            :match_details =>"unique header",
+            :references => [],
+            :match_type => :content_headers,
+            :match_content =>  /^x-zendesk-origin-server:.*$/i,
+            :examples => ["http://help.etsy.com:80"],
+            :verify => ["ZXRzeSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovL2hlbHAuZXRzeS5jb206ODA="],
+            :paths => ["#{url}"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/intrigue-ident.rb

@@ -11,7 +11,7 @@ Dir["#{check_folder}/*.rb"].each { |file| require_relative file }
 module Intrigue
   module Ident
 
-    VERSION=0.51
+    VERSION=0.52
 
     def generate_requests_and_check(url)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: intrigue-ident
 version: !ruby/object:Gem::Version
-  version: '0.51'
+  version: '0.52'
 platform: ruby
 authors:
 - jcran
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-07-28 00:00:00.000000000 Z
+date: 2018-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -73,6 +73,7 @@ files:
 - lib/checks/automattic.rb
 - lib/checks/banu.rb
 - lib/checks/base.rb
+- lib/checks/checkpoint.rb
 - lib/checks/chef.rb
 - lib/checks/cisco.rb
 - lib/checks/citrix.rb
@@ -118,9 +119,11 @@ files:
 - lib/checks/palo_alto.rb
 - lib/checks/pantheon.rb
 - lib/checks/pardot.rb
+- lib/checks/perfectsense.rb
 - lib/checks/pfsense.rb
 - lib/checks/php.rb
 - lib/checks/phpmyadmin.rb
+- lib/checks/ping_identity.rb
 - lib/checks/pivotal.rb
 - lib/checks/rabbitmq.rb
 - lib/checks/restlet.rb
@@ -133,6 +136,7 @@ files:
 - lib/checks/vmware.rb
 - lib/checks/wp_engine.rb
 - lib/checks/zeit.rb
+- lib/checks/zendesk.rb
 - lib/checks/zimbra.rb
 - lib/checks/zscaler.rb
 - lib/intrigue-ident.rb