intrigue-ident 0.55 → 0.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/lib/checks/apache.rb +12 -0
  3. data/lib/checks/axis.rb +24 -0
  4. data/lib/checks/checkpoint.rb +29 -1
  5. data/lib/checks/cisco.rb +43 -1
  6. data/lib/checks/citrix.rb +47 -1
  7. data/lib/checks/ibm.rb +14 -0
  8. data/lib/checks/lithium.rb +2 -2
  9. data/lib/checks/mediawiki.rb +15 -2
  10. data/lib/checks/microtik.rb +27 -0
  11. data/lib/checks/ookla.rb +27 -0
  12. data/lib/checks/oracle.rb +70 -26
  13. data/lib/checks/plesk.rb +41 -0
  14. data/lib/checks/pulse_secure.rb +27 -0
  15. data/lib/checks/restlet.rb +1 -1
  16. data/lib/checks/sap.rb +43 -0
  17. data/lib/checks/vmware.rb +15 -1
  18. data/lib/checks/webmin.rb +41 -0
  19. data/lib/checks/yaws.rb +29 -0
  20. data/lib/checks/zendesk.rb +13 -0
  21. data/lib/intrigue-ident.rb +1 -1
  22. metadata +10 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c5a196eeaef456f3e87603aa30e79660de9ea33399fcf07848a3a274574a612
4
- data.tar.gz: 2f14d719d150986307142c501e58fe3d71f95d057b5cf8ddd68c13e8846c49d7
3
+ metadata.gz: e1c9207e2e33297b590d8750d681ca4d4596ce08da81742425b41c070fd32f98
4
+ data.tar.gz: 4f47cfd03bee058851314b1b8b2a5540dd9d0860fe81d8e6aa67633c308b1681
5
5
  SHA512:
6
- metadata.gz: b0394663390d12ddb496f347dd0ee87e1afda4dd928b336951ce8aaf5ba3c4ea1cfce2d915222cc84bc611fa70b84aede5a11b7878862f9ce1dd770ca30f2360
7
- data.tar.gz: 95cbfa13c55eec6da6ebd7bee2902e7d38c6bf9a17da36815af305a5c2fbb28d6aad694aa036974dd0206a412ceba500e9bcaec2aa8986b9e35b7f0db68d4d75
6
+ metadata.gz: 33bffe27cd64e8569dc535b88edec091726d88d6c61d69cea59967a617d58304ad64a887a003c7eb065adc2df96b0865665fc1eb5332be90118c361c2b0d2d7b
7
+ data.tar.gz: 7eeb8a06a4eef2e9be0337977ced244690996e1ec3f35a8241a5630775efd0c918fcbb12323a19d9490e337240bf198d3f6e9456418addf758b32d8450cfd6d0
data/lib/checks/apache.rb CHANGED
@@ -5,6 +5,18 @@ class Apache < Intrigue::Ident::Check::Base
5
5
 
6
6
  def generate_checks(url)
7
7
  [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Apache",
11
+ :product =>"Ambari",
12
+ :match_details =>"page title",
13
+ :version => nil,
14
+ :match_type => :content_body,
15
+ :match_content => /<title>Ambari<\/title>/i,
16
+ :examples => ["http://12.42.205.114:8080"],
17
+ :verify => "aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTIuNDIuMjA1LjExNDo4MDgw",
18
+ :paths => ["#{url}"]
19
+ },
8
20
  {
9
21
  :type => "application",
10
22
  :vendor => "Apache",
data/lib/checks/axis.rb ADDED
@@ -0,0 +1,24 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Axis < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Axis",
11
+ :tags => ["tech:webcam"],
12
+ :product => "Webcam",
13
+ :match_details =>"default redirect uri",
14
+ :version => nil,
15
+ :match_type => :content_body,
16
+ :match_content => /<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=\/view\/viewer_index.shtml?id=/,
17
+ :paths => ["#{url}"]
18
+ }
19
+ ]
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
data/lib/checks/checkpoint.rb CHANGED
@@ -8,7 +8,7 @@ module Check
8
8
  {
9
9
  :type => "application",
10
10
  :vendor => "Checkpoint",
11
- :tags => [],
11
+ :tags => ["tech:vpn"],
12
12
  :product =>"GO",
13
13
  :match_details =>"page title",
14
14
  :references => ["https://en.wikipedia.org/wiki/Check_Point_GO"],
@@ -18,6 +18,34 @@ module Check
18
18
  :examples => ["http://192.234.138.61:80"],
19
19
  :verify => ["eGNlbGVuZXJneSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovLzE5Mi4yMzQuMTM4LjYxOjgw"],
20
20
  :paths => ["#{url}"]
21
+ },
22
+ {
23
+ :type => "application",
24
+ :vendor => "Checkpoint",
25
+ :tags => ["tech:vpn"],
26
+ :product =>"GO",
27
+ :match_details =>"server header",
28
+ :references => ["https://en.wikipedia.org/wiki/Check_Point_GO"],
29
+ :version => nil,
30
+ :match_type => :content_headers,
31
+ :match_content => /server: CPWS/i,
32
+ :examples => ["http://200.142.200.1:80"],
33
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMjAwLjE0Mi4yMDAuMTo4MA=="],
34
+ :paths => ["#{url}"]
35
+ },
36
+ {
37
+ :type => "application",
38
+ :vendor => "Checkpoint",
39
+ :tags => ["tech:vpn"],
40
+ :product =>"SSL Network Extender",
41
+ :match_details =>"server header",
42
+ :references => [],
43
+ :version => nil,
44
+ :match_type => :content_headers,
45
+ :match_content => /server: Check Point SVN foundation/i,
46
+ :examples => ["https://www.cora.ro:8443"],
47
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovL3d3dy5jb3JhLnJvOjg0NDM="],
48
+ :paths => ["#{url}"]
21
49
  }
22
50
  ]
23
51
  end
data/lib/checks/cisco.rb CHANGED
@@ -5,6 +5,34 @@ module Check
5
5
 
6
6
  def generate_checks(url)
7
7
  [
8
+ {
9
+ :type => "application",
10
+ :vendor => "Cisco",
11
+ :product => "Adaptive Security Device Manager",
12
+ :match_details => "page title",
13
+ :version => nil,
14
+ :dynamic_version => lambda {|x| _first_body_capture(x,/<title>Cisco ASDM (.*?)<\/title>/)},
15
+ :match_type => :content_body,
16
+ :match_content => /<title>Cisco ASDM/,
17
+ :hide => false,
18
+ :examples => ["https://194.107.112.4:443"],
19
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzE5NC4xMDcuMTEyLjQ6NDQz"],
20
+ :paths => ["#{url}"]
21
+ },
22
+ {
23
+ :type => "hardware",
24
+ :vendor => "Cisco",
25
+ :product => "Email Security Appliance",
26
+ :match_details => "page title",
27
+ :version => nil,
28
+ :dynamic_version => lambda {|x| _first_body_capture(x,/Email Security Appliance (.*?) \(/)},
29
+ :match_type => :content_body,
30
+ :match_content => /<title> Cisco Email Security Appliance/,
31
+ :hide => false,
32
+ :examples => ["https://200.142.198.180:443"],
33
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzIwMC4xNDIuMTk4LjE4MDo0NDM="],
34
+ :paths => ["#{url}"]
35
+ },
8
36
  {
9
37
  :type => "hardware",
10
38
  :vendor => "Cisco",
@@ -54,7 +82,21 @@ module Check
54
82
  :match_content => /server: cisco-IOS/,
55
83
  :hide => false,
56
84
  :paths => ["#{url}"]
57
- }
85
+ },
86
+ {
87
+ :type => "application",
88
+ :vendor => "Cisco",
89
+ :product =>"vManage",
90
+ :match_details => "page title",
91
+ :tags => [],
92
+ :version => nil,
93
+ :match_type => :content_body,
94
+ :match_content => /<title>Cisco vManage/,
95
+ :examples => ["http://129.41.171.244:80"],
96
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTI5LjQxLjE3MS4yNDQ6ODA="],
97
+ :hide => false,
98
+ :paths => ["#{url}"]
99
+ },
58
100
  ]
59
101
  end
60
102
 
data/lib/checks/citrix.rb CHANGED
@@ -42,8 +42,54 @@ module Check
42
42
  :hide => false,
43
43
  :paths => ["#{url}"],
44
44
  :examples => ["http://204.29.196.116:80"]
45
+ },
46
+ {
47
+ :type => "application",
48
+ :vendor => "Citrix",
49
+ :product => "Netscaler Gateway",
50
+ :match_details => "cookie",
51
+ :tags => ["tech:vpn"],
52
+ :references => ["https://support.citrix.com/article/CTX131488"],
53
+ :version => nil,
54
+ :match_type => :content_cookies,
55
+ :match_content => /citrix_ns_id=/,
56
+ :hide => false,
57
+ :paths => ["#{url}"],
58
+ :verify => ["dW5kZXJhcm1vdXIjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly8yMDQuMjkuMTk2LjEwMjo4MA=="],
59
+ :examples => ["http://204.29.196.102:80"]
60
+ },
61
+ {
62
+ :type => "application",
63
+ :vendor => "Citrix",
64
+ :product => "XenServer",
65
+ :match_details => "page title",
66
+ :tags => ["tech:hypervisor"],
67
+ :references => [""],
68
+ :version => nil,
69
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<title>XenServer (.*?)<\/title>/) },
70
+ :match_type => :content_body,
71
+ :match_content => /<title>XenServer/,
72
+ :hide => false,
73
+ :paths => ["#{url}"],
74
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTU4Ljg1LjE3My4zNzo4MA=="],
75
+ :examples => ["http://158.85.173.37:80"]
76
+ },
77
+ {
78
+ :type => "application",
79
+ :vendor => "Citrix",
80
+ :product => "XenServer",
81
+ :match_details => "page title",
82
+ :tags => ["tech:hypervisor"],
83
+ :references => [""],
84
+ :version => nil,
85
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<title>Welcome to Citrix XenServer (.*?)<\/title>/) },
86
+ :match_type => :content_body,
87
+ :match_content => /<title>Welcome to Citrix XenServer/,
88
+ :hide => false,
89
+ :paths => ["#{url}"],
90
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzIzLmRjLjU1OWUuaXA0LnN0YXRpYy5zbC1yZXZlcnNlLmNvbTo0NDM="],
91
+ :examples => ["https://23.dc.559e.ip4.static.sl-reverse.com:443"]
45
92
  }
46
-
47
93
  ]
48
94
  end
49
95
 
data/lib/checks/ibm.rb CHANGED
@@ -5,6 +5,20 @@ module Check
5
5
 
6
6
  def generate_checks(url)
7
7
  [
8
+ {
9
+ :type => "application",
10
+ :vendor => "IBM",
11
+ :product =>"Axway SecureTranspor",
12
+ :references => ["https://www-356.ibm.com/partnerworld/gsd/solutiondetails.do?&solution=47052"],
13
+ :version => nil,
14
+ :dynamic_version => lambda {|x| _first_header_capture(x,/SecureTransport (.*) (build:.*)/)},
15
+ :match_type => :content_headers,
16
+ :match_content => /server: SecureTransport/i,
17
+ :match_details =>"server header - build is avail too",
18
+ :examples => ["https://dhebpcb01.boulder.ibm.com:443"],
19
+ :verify => ["xaWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovL2RoZWJwY2IwMS5ib3VsZGVyLmlibS5jb206NDQz"],
20
+ :paths => ["#{url}"]
21
+ },
8
22
  {
9
23
  :type => "application",
10
24
  :vendor => "IBM",
data/lib/checks/lithium.rb CHANGED
@@ -8,7 +8,7 @@ module Check
8
8
  {
9
9
  :type => "application",
10
10
  :vendor => "Lithium",
11
- :product =>"Lithum",
11
+ :product =>"Lithium",
12
12
  :match_details =>"Lithium Community Management",
13
13
  :match_type => :content_cookies,
14
14
  :version => nil,
@@ -18,7 +18,7 @@ module Check
18
18
  {
19
19
  :type => "application",
20
20
  :vendor => "Lithium",
21
- :product =>"Lithum",
21
+ :product =>"Lithium",
22
22
  :match_details =>"Lithium Community Management",
23
23
  :match_type => :content_cookies,
24
24
  :version => nil,
data/lib/checks/mediawiki.rb CHANGED
@@ -9,15 +9,28 @@ module Check
9
9
  :type => "application",
10
10
  :vendor =>"MediaWiki",
11
11
  :product =>"MediaWiki",
12
- :match_details =>"MediaWiki",
12
+ :match_details =>"powered by tag",
13
13
  :match_type => :content_body,
14
14
  :version => nil,
15
15
  :match_content => /<a href="\/\/www.mediawiki.org\/">Powered by MediaWiki<\/a>/,
16
16
  :paths => ["#{url}"]
17
+ },
18
+ {
19
+ :type => "application",
20
+ :vendor =>"MediaWiki",
21
+ :product =>"MediaWiki",
22
+ :match_details =>"generator tag",
23
+ :match_type => :content_body,
24
+ :match_content => /<meta name=\"generator\" content=\"MediaWiki/,
25
+ :version => nil,
26
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<meta name=\"generator\" content=\"MediaWiki\ (.*?)\"\/>/) },
27
+ :examples => ["http://2004.appsecusa.org:80"],
28
+ :verify => ["b3dhc3AjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly8yMDA0LmFwcHNlY3VzYS5vcmc6ODA="],
29
+ :paths => ["#{url}"]
17
30
  }
18
31
  ]
19
32
  end
20
-
33
+
21
34
  end
22
35
  end
23
36
  end
data/lib/checks/microtik.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Microtik < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Microtik",
11
+ :product =>"RouterOS",
12
+ :match_details => "page title",
13
+ :match_type => :content_body,
14
+ :match_content => /<title>RouterOS router configuration page/,
15
+ :version => nil,
16
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<h1>RouterOS v(.*?)<\/h1>/) },
17
+ :examples => ["http://91.211.58.34:80"],
18
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vOTEuMjExLjU4LjM0Ojgw"],
19
+ :paths => ["#{url}"]
20
+ }
21
+ ]
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/checks/ookla.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Ookla < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Ookla",
11
+ :product =>"Speedtest Server",
12
+ :match_details => "page title",
13
+ :match_type => :content_body,
14
+ :references => ["https://support.ookla.com/hc/en-us/articles/234578568-How-To-Install-Submit-Server"],
15
+ :match_content => /<title>OoklaServer/,
16
+ :version => nil,
17
+ :examples => ["http://91.211.56.179:8081"],
18
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vOTEuMjExLjU2LjE3OTo4MDgx"],
19
+ :paths => ["#{url}"]
20
+ }
21
+ ]
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/checks/oracle.rb CHANGED
@@ -28,38 +28,42 @@ module Check
28
28
  {
29
29
  :type => "application",
30
30
  :vendor => "Oracle",
31
- :product =>"HTTP Server",
32
- :match_details =>"server header",
33
- :references => [],
31
+ :product =>"Fusion Middleware",
32
+ :match_details =>"page title & docs link... should give us a version",
34
33
  :version => nil,
35
- :match_type => :content_headers,
36
- :match_content => /Oracle-HTTP-Server/,
37
- :hide => false,
38
34
  :dynamic_version => lambda { |x|
39
- _first_header_capture(x,/Oracle-HTTP-Server\/(.*?)\ /)
35
+ doc_version = _first_body_capture(x,/download.oracle.com\/docs\/cd\/(.*?)\/index.htm/)
36
+ case doc_version
37
+ when "E15217_01"
38
+ fmw_version = "10.1.4.3"
39
+ when "E15051_01"
40
+ fmw_version = "11.1.1.0"
41
+ when "E12839_01"
42
+ fmw_version = "11.1.1.1"
43
+ when "E15523_01"
44
+ fmw_version = "11.1.1.2"
45
+ when "E14571_01"
46
+ fmw_version = "11.1.1.3"
47
+ when "E17904_01"
48
+ fmw_version = "11.1.1.4"
49
+ when "E21764_01"
50
+ fmw_version = "11.1.1.5"
51
+ else
52
+ fmw_version = nil
53
+ end
54
+ fmw_version
40
55
  },
41
- :examples => [
42
- "https://qas.huntsmanservice.com:443"
56
+ :match_type => :content_body,
57
+ :references => [
58
+ "https://en.wikipedia.org/wiki/Oracle_Fusion_Middleware",
59
+ "https://docs.oracle.com/cd/E21764_01/index.htm"
43
60
  ],
44
- :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
45
- :paths => ["#{url}"]
46
- },
47
- {
48
- :type => "application",
49
- :vendor => "Oracle",
50
- :product =>"Web Cache Server",
51
- :match_details =>"server header",
52
- :references => [],
53
- :version => nil,
54
- :match_type => :content_headers,
55
- :match_content => /Oracle-Web-Cache/,
61
+ :match_content => /<title>Welcome to Oracle Fusion Middleware/,
56
62
  :hide => false,
57
- :dynamic_version => lambda { |x|
58
- _first_header_capture(x,/Oracle-Web-Cache-[0-9]+[a-z]?\/(.*?)\ /) },
59
63
  :examples => [
60
- "https://qas.huntsmanservice.com:443"
64
+ "http://200.142.198.113:80"
61
65
  ],
62
- :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
66
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMjAwLjE0Mi4xOTguMTEzOjgw"],
63
67
  :paths => ["#{url}"]
64
68
  },
65
69
  {
@@ -90,6 +94,25 @@ module Check
90
94
  :examples => ["http://52.2.97.57:80"],
91
95
  :paths => ["#{url}"]
92
96
  },
97
+ {
98
+ :type => "application",
99
+ :vendor => "Oracle",
100
+ :product =>"HTTP Server",
101
+ :match_details =>"server header",
102
+ :references => [],
103
+ :version => nil,
104
+ :match_type => :content_headers,
105
+ :match_content => /Oracle-HTTP-Server/,
106
+ :hide => false,
107
+ :dynamic_version => lambda { |x|
108
+ _first_header_capture(x,/Oracle-HTTP-Server\/(.*?)\ /)
109
+ },
110
+ :examples => [
111
+ "https://qas.huntsmanservice.com:443"
112
+ ],
113
+ :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
114
+ :paths => ["#{url}"]
115
+ },
93
116
  {
94
117
  :type => "application",
95
118
  :vendor => "Oracle",
@@ -149,6 +172,24 @@ module Check
149
172
  :examples => ["https://reset.oxy.com:443"],
150
173
  :paths => ["#{url}"]
151
174
  },
175
+ {
176
+ :type => "application",
177
+ :vendor => "Oracle",
178
+ :product =>"Web Cache Server",
179
+ :match_details =>"server header",
180
+ :references => [],
181
+ :version => nil,
182
+ :match_type => :content_headers,
183
+ :match_content => /Oracle-Web-Cache/,
184
+ :hide => false,
185
+ :dynamic_version => lambda { |x|
186
+ _first_header_capture(x,/Oracle-Web-Cache-[0-9]+[a-z]?\/(.*?)\ /) },
187
+ :examples => [
188
+ "https://qas.huntsmanservice.com:443"
189
+ ],
190
+ :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
191
+ :paths => ["#{url}"]
192
+ },
152
193
  {
153
194
  :type => "application",
154
195
  :vendor => "Oracle",
@@ -167,7 +208,10 @@ module Check
167
208
  :vendor => "Oracle",
168
209
  :product =>"Weblogic",
169
210
  :match_details =>"weblogic header",
170
- :references => ["https://support.oracle.com/knowledge/Middleware/2100514_1.html"],
211
+ :references => [
212
+ "https://support.oracle.com/knowledge/Middleware/2100514_1.html",
213
+ "https://www.qualogy.com/techblog/oracle/how-to-harden-weblogic-and-fusion-middleware-against-worm-attacks"
214
+ ],
171
215
  :version => nil,
172
216
  :match_type => :content_headers,
173
217
  :match_content => /^x-oracle-dms-ecid:/,
data/lib/checks/plesk.rb ADDED
@@ -0,0 +1,41 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Plesk < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Plesk",
11
+ :product =>"Plesk",
12
+ :match_details => "page title",
13
+ :match_type => :content_body,
14
+ :references => ["https://en.wikipedia.org/wiki/Plesk"],
15
+ :match_content => /<title>Plesk (.*?)<\/title>/,
16
+ :version => nil,
17
+ :dynamic_version => lambda { |x| _first_body_capture(x,/<title>Plesk (.*?)<\/title>/) },
18
+ :examples => ["https://158.85.134.112:8443"],
19
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzE1OC44NS4xMzQuMTEyOjg0NDM="],
20
+ :paths => ["#{url}"]
21
+ },
22
+ {
23
+ :type => "application",
24
+ :vendor =>"Plesk",
25
+ :product =>"Plesk",
26
+ :match_details => "server header",
27
+ :match_type => :content_headers,
28
+ :references => ["https://en.wikipedia.org/wiki/Plesk"],
29
+ :match_content => /server: sw-cp-server/,
30
+ :version => nil,
31
+ :examples => ["https://158.85.134.112:8443"],
32
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzE1OC44NS4xMzQuMTEyOjg0NDM="],
33
+ :paths => ["#{url}"]
34
+ }
35
+ ]
36
+ end
37
+
38
+ end
39
+ end
40
+ end
41
+ end
data/lib/checks/pulse_secure.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class PulseSecure < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Pulse Secure",
11
+ :product =>"Junos VPN",
12
+ :match_details => "page title",
13
+ :match_type => :content_body,
14
+ :references => [],
15
+ :match_content => /<title>Junos Pulse Secure Access Service/,
16
+ :version => nil,
17
+ :examples => ["https://193.240.34.79:443"],
18
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzE5My4yNDAuMzQuNzk6NDQz"],
19
+ :paths => ["#{url}"]
20
+ },
21
+ ]
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/checks/restlet.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Intrigue
2
2
  module Ident
3
3
  module Check
4
- class Zscaler < Intrigue::Ident::Check::Base
4
+ class Restlet < Intrigue::Ident::Check::Base
5
5
 
6
6
  def generate_checks(url)
7
7
  [
data/lib/checks/sap.rb ADDED
@@ -0,0 +1,43 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Sap < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"SAP",
11
+ :product =>"NetWeaver",
12
+ :match_details =>"cookie",
13
+ :references => [
14
+ "https://apps.support.sap.com/sap/support/knowledge/preview/en/2082323",
15
+ "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/sap/sap_soap_rfc_pfl_check_os_file_existence.rb"
16
+ ],
17
+ :match_type => :content_cookies,
18
+ :match_content => /sap-usercontext=sap-language=/i,
19
+ :examples => ["http://204.29.196.102:80"],
20
+ :verify => ["dW5kZXJhcm1vdXIjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly8yMDQuMjkuMTk2LjEwMjo4MA=="],
21
+ :paths => ["#{url}"]
22
+ },
23
+ {
24
+ :type => "application",
25
+ :vendor =>"SAP",
26
+ :product =>"NetWeaver",
27
+ :match_details =>"location header",
28
+ :references => [
29
+ "https://blogs.sap.com/2016/05/19/hp-loadrunner-scripts-for-webui/"
30
+ ],
31
+ :match_type => :content_headers,
32
+ :match_content => /bD1lbiZjPTEwMCZkPW1pbg==/i,
33
+ :examples => ["http://onlinepaymentstest.underarmour.com:80"],
34
+ :verify => ["dW5kZXJhcm1vdXIjSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHA6Ly9vbmxpbmVwYXltZW50c3Rlc3QudW5kZXJhcm1vdXIuY29tOjgw"],
35
+ :paths => ["#{url}"]
36
+ }
37
+ ]
38
+ end
39
+
40
+ end
41
+ end
42
+ end
43
+ end
data/lib/checks/vmware.rb CHANGED
@@ -8,8 +8,22 @@ module Check
8
8
  {
9
9
  :type => "application",
10
10
  :vendor => "VMWare",
11
+ :tags => ["tech:hypervisor"],
12
+ :product =>"ESXi",
13
+ :match_details =>"unique page string",
14
+ :version => nil,
15
+ :match_type => :content_body,
16
+ :match_content => /document.write\(\"<title>\"\ \+\ ID_EESX_Welcome/,
17
+ :paths => ["#{url}"],
18
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTIuNDIuMjA1LjEyNzo4MA=="],
19
+ :examples => ["http://12.42.205.127:80"]
20
+ },
21
+ {
22
+ :type => "application",
23
+ :vendor => "VMWare",
24
+ :tags => ["tech:hypervisor"],
11
25
  :product =>"Horizon",
12
- :match_details =>"VMWare Horizon",
26
+ :match_details =>"page title",
13
27
  :version => nil,
14
28
  :match_type => :content_body,
15
29
  :match_content => /<title>VMware Horizon/,
data/lib/checks/webmin.rb ADDED
@@ -0,0 +1,41 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Webmin < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Webmin",
11
+ :product =>"MiniServ",
12
+ :match_details => "server header",
13
+ :match_type => :content_headers,
14
+ :references => [],
15
+ :match_content => /server: MiniServ/,
16
+ :version => nil,
17
+ :dynamic_version => lambda {|x| _first_header_capture(x,/server: MiniServ\/(.*)/)},
18
+ :examples => ["http://158.85.208.126:8080"],
19
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTU4Ljg1LjIwOC4xMjY6ODA4MA=="],
20
+ :paths => ["#{url}"]
21
+ },
22
+ {
23
+ :type => "application",
24
+ :vendor =>"Webmin",
25
+ :product =>"Webmin",
26
+ :match_details => "page title",
27
+ :match_type => :content_body,
28
+ :references => [],
29
+ :match_content => /<title>Login to Webmin/,
30
+ :version => nil,
31
+ :examples => ["http://158.85.208.126:8080"],
32
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMTU4Ljg1LjIwOC4xMjY6ODA4MA=="],
33
+ :paths => ["#{url}"]
34
+ }
35
+ ]
36
+ end
37
+
38
+ end
39
+ end
40
+ end
41
+ end
data/lib/checks/yaws.rb ADDED
@@ -0,0 +1,29 @@
1
+ module Intrigue
2
+ module Ident
3
+ module Check
4
+ class Yaws < Intrigue::Ident::Check::Base
5
+
6
+ def generate_checks(url)
7
+ [
8
+ {
9
+ :type => "application",
10
+ :vendor =>"Yaws",
11
+ :product =>"Yaws",
12
+ :match_details =>"server header",
13
+ :references => ["https://en.wikipedia.org/wiki/Yaws_(web_server)"],
14
+ :match_type => :content_headers,
15
+ :match_content => /server: Yaws/i,
16
+ :dynamic_version => lambda { |x|
17
+ _first_header_capture(x,/server: Yaws (.*)/i)
18
+ },
19
+ :examples => ["https://158.85.224.176:443"],
20
+ :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwczovLzE1OC44NS4yMjQuMTc2OjQ0Mw=="],
21
+ :paths => ["#{url}"]
22
+ }
23
+ ]
24
+ end
25
+
26
+ end
27
+ end
28
+ end
29
+ end
data/lib/checks/zendesk.rb CHANGED
@@ -16,6 +16,19 @@ module Check
16
16
  :examples => ["http://help.etsy.com:80"],
17
17
  :verify => ["ZXRzeSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovL2hlbHAuZXRzeS5jb206ODA="],
18
18
  :paths => ["#{url}"]
19
+ },
20
+ { # TODO - this might catch valid (closed) helpdesk uris too.
21
+ :type => "service",
22
+ :vendor =>"Zendesk",
23
+ :product =>"Zendesk",
24
+ :match_details =>"zendesk access by IP / invalid hostname",
25
+ :references => [],
26
+ :hide => true,
27
+ :match_type => :content_body,
28
+ :match_content => /<title>Help Center Closed \| Zendesk/i,
29
+ :examples => ["http://192.161.147.1:80"],
30
+ :verify => ["a2VubmFzZWN1cml0eSNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cDovLzE5Mi4xNjEuMTQ3LjE6ODA="],
31
+ :paths => ["#{url}"]
19
32
  }
20
33
  ]
21
34
  end
data/lib/intrigue-ident.rb CHANGED
@@ -11,7 +11,7 @@ Dir["#{check_folder}/*.rb"].each { |file| require_relative file }
11
11
  module Intrigue
12
12
  module Ident
13
13
 
14
- VERSION=0.55
14
+ VERSION=0.56
15
15
 
16
16
  def generate_requests_and_check(url)
17
17
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: intrigue-ident
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.55'
4
+ version: '0.56'
5
5
  platform: ruby
6
6
  authors:
7
7
  - jcran
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-07-29 00:00:00.000000000 Z
11
+ date: 2018-07-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -71,6 +71,7 @@ files:
71
71
  - lib/checks/aruba.rb
72
72
  - lib/checks/atlassian.rb
73
73
  - lib/checks/automattic.rb
74
+ - lib/checks/axis.rb
74
75
  - lib/checks/banu.rb
75
76
  - lib/checks/base.rb
76
77
  - lib/checks/checkpoint.rb
@@ -110,10 +111,12 @@ files:
110
111
  - lib/checks/mcafee.rb
111
112
  - lib/checks/mediawiki.rb
112
113
  - lib/checks/microsoft.rb
114
+ - lib/checks/microtik.rb
113
115
  - lib/checks/nagios.rb
114
116
  - lib/checks/new_relic.rb
115
117
  - lib/checks/nginx.rb
116
118
  - lib/checks/okta.rb
119
+ - lib/checks/ookla.rb
117
120
  - lib/checks/openresty.rb
118
121
  - lib/checks/oracle.rb
119
122
  - lib/checks/palo_alto.rb
@@ -125,16 +128,21 @@ files:
125
128
  - lib/checks/phpmyadmin.rb
126
129
  - lib/checks/ping_identity.rb
127
130
  - lib/checks/pivotal.rb
131
+ - lib/checks/plesk.rb
132
+ - lib/checks/pulse_secure.rb
128
133
  - lib/checks/rabbitmq.rb
129
134
  - lib/checks/restlet.rb
130
135
  - lib/checks/ruckus_wireless.rb
131
136
  - lib/checks/sailpoint.rb
137
+ - lib/checks/sap.rb
132
138
  - lib/checks/tableau.rb
133
139
  - lib/checks/team_city.rb
134
140
  - lib/checks/telerik.rb
135
141
  - lib/checks/varnish.rb
136
142
  - lib/checks/vmware.rb
143
+ - lib/checks/webmin.rb
137
144
  - lib/checks/wp_engine.rb
145
+ - lib/checks/yaws.rb
138
146
  - lib/checks/zeit.rb
139
147
  - lib/checks/zendesk.rb
140
148
  - lib/checks/zimbra.rb