intrigue-ident 0.64 → 0.65

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c343530d0b5f75f9510eccdebaee5e7298c10227c2c1219ef40a4dac7b775c7
-  data.tar.gz: 06c6b63a5ef06e15d06d7b5070fe994d3689f738e9a4463dc5903542bc74e223
+  metadata.gz: 071013c8c83f621bb6aa3c5d408be244c39364189f294e84f3e824d2085f5ceb
+  data.tar.gz: '00459fb998366550f3e218ca06a4c16cf9df6eceaca04db5e117bbde7e7c1762'
 SHA512:
-  metadata.gz: b58768feee13c33915748a81875f97a48aeb72e18cf415f8089798dfe0aaa7d65760cc7acde6551082897676dbfe50a5a1c97b602447d20a6a36717d2667c33b
-  data.tar.gz: bc243232bbebf945b1206681f036c2845d9c0442776e6eea7895e507fbba326128d0f8de82dd5700fe13911b7d07c20996d4acc670fbc881395dd90b92ba3f1d
+  metadata.gz: 8f905f6d65934b19f643031468e3ea2bb25a029536de663f2b4c7105e84fa7fd7a80d60bb9971c252ebfb1093287244b8cc3861e50efa161b08cc30a5495a5b8
+  data.tar.gz: b9ffe909d98f9ea76678df291b535d783108d57608a00c5c9706b00e16d4f04be496ff4b9d81cffd9568958fd2122defd3f502bbf512eff4891ff1ae1f4429cd

data/lib/checks/automattic.rb

@@ -14,7 +14,7 @@ module Check
           :version => nil,
           :match_type => :content_body,
           :match_content =>  /<meta name="generator" content="WordPress/i,
-          :dynamic_version => lambda { |x|  _first_body_capture x, /<meta name=\"generator\" content=\"WordPress\ (.*)\" \/>/i },
+          :dynamic_version => lambda { |x|  _first_body_capture x, /<meta name=\"generator\" content=\"WordPress\ (.*?)\" \/>/i },
           :hide => false,
           :examples => [
             "http://www.jewelosco.com:80",

data/lib/checks/microsoft.rb

@@ -111,7 +111,17 @@ module Check
             :match_content =>  /via:\ 1.1\ TMGSRVR/,
             :paths => ["#{url}"]
           },
-
+          {
+            :type => "application",
+            :vendor => "Microsoft",
+            :product =>"ISA Server",
+            :version => "2006",
+            :match_type => :content_title,
+            :match_content =>  /^Microsoft ISA Server 2006$/i,
+            :match_details =>"standard title",
+            :paths => ["#{url}"],
+            :examples => ["https://intranet.kbs.gov.my/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=3"]
+          },
           {
             :type => "application",
             :vendor => "Microsoft",

data/lib/checks/telerik.rb

@@ -27,7 +27,7 @@ module Check
             :version => nil,
             :match_type => :content_body,
             :match_content =>  /<meta\ name=\"Generator\"\ content=\"Sitefinity/,
-            :dynamic_version => lambda { |x| _first_body_capture x, /<meta name=\"Generator\" content=\"Sitefinity (.*)\ \/><link/ },
+            :dynamic_version => lambda { |x| _first_body_capture x, /<meta name=\"Generator\" content=\"Sitefinity (.*?)\ \/><link/ },
             :examples => [],
             :paths => ["#{url}"]
           }

data/lib/checks/typo3.rb

@@ -0,0 +1,25 @@
+module Intrigue
+module Ident
+module Check
+    class Typo3 < Intrigue::Ident::Check::Base
+
+      def generate_checks(url)
+        [
+          {
+            :type => "application",
+            :vendor => "Typo3",
+            :product => "CMS",
+            :match_details => "generator tag",
+            :version => nil,
+            :match_type => :content_body,
+            :match_content =>  /<meta name="generator" content="TYPO3 CMS"/i,
+            :paths => ["#{url}"],
+            :examples => ["http://www2.wessmann.com/index.php?id=52"]
+          }
+        ]
+      end
+
+    end
+  end
+  end
+  end

data/lib/intrigue-ident.rb

@@ -14,7 +14,7 @@ include Intrigue::Ident::TraverseExceptions
 module Intrigue
   module Ident
 
-    VERSION=0.64
+    VERSION=0.65
 
     def generate_requests_and_check(url)
 
@@ -60,7 +60,7 @@ module Intrigue
 
       # gather all fingeprints for each product
       # this will look like an array of checks, each with a uri and a SET of checks
-      generated_checks = Intrigue::Ident::CheckFactory.all.map{|x| x.new.generate_checks(url) }.flatten
+      generated_checks = Intrigue::Ident::CheckFactory.all.map{|x| x.new.generate_checks("x") }.flatten
 
       # group by the uris, with the associated checks
       # TODO - this only currently supports the first path of the group!!!!
@@ -87,6 +87,11 @@ module Intrigue
       matches.each do |m|
         next if (m["match_type"] == "content_body" &&
                         m["matched_content"] == "(?-mix:Drupal)")
+
+        next if (m["match_type"] == "content_cookies" &&
+                        m["matched_content"] == "(?i-mx:ADRUM_BTa)" &&
+                        m["product"] == "Jobvite")
+
         passed_matches << m
       end
     passed_matches
@@ -122,11 +127,11 @@ module Intrigue
     def _match_uri_hash(check,data)
       return nil unless check && data
 
-      #puts "Trying to match #{check[:vendor]} #{check[:product]}: #{data["details"]["cookies"][0..10]}"
-
       # data[:body] => page body
       # data[:headers] => block of text with headers, one per line
       # data[:cookies] => set_cookie header
+      # data[:title] => parsed page title
+      # data[:generator] => parsed meta generator tag
       # data[:body_md5] => md5 hash of the body
       # if type "content", do the content check
 
@@ -143,6 +148,16 @@ module Intrigue
         if data["details"] && data["details"]["cookies"]
           match = _construct_match_response(check,data) if data["details"]["cookies"] =~ check[:match_content]
         end
+      elsif check[:match_type] == :content_generator
+        # Check only the set-cookie header
+        if data["details"] && data["details"]["generator"]
+          match = _construct_match_response(check,data) if data["details"]["generator"] =~ check[:match_content]
+        end
+      elsif check[:match_type] == :content_title
+        # Check only the set-cookie header
+        if data["details"] && data["details"]["title"]
+          match = _construct_match_response(check,data) if data["details"]["title"] =~ check[:match_content]
+        end
       elsif check[:match_type] == :checksum_body
         if data["details"] && data["details"]["response_data_hash"]
           match = _construct_match_response(check,data) if Digest::MD5.hexdigest(data["details"]["response_data_hash"]) == check[:checksum]
@@ -174,6 +189,7 @@ module Intrigue
       		"port": 80,
       		"forms": false,
       		"title": "Index page",
+          "generator": "Whatever",
       		"verbs": null,
       		"headers": ["content-length: 701", "last-modified: Tue, 03 Jul 2018 16:55:36 GMT", "cache-control: no-cache", "content-type: text/html"],
       		"host_id": 1571,
@@ -208,6 +224,14 @@ module Intrigue
         headers << "#{h}: #{v}"
       end
       data["details"]["headers"] = headers
+
+      ### grab the page attributes
+      match = response.body.match(/<title>(.*?)<\/title>/i)
+      data["details"]["title"] = match.captures.first if match
+
+      match = response.body.match(/<meta name="generator" content=(.*?)>/i)
+      data["details"]["generator"] = match.captures.first.gsub("\"","") if match
+
       data["details"]["cookies"] = response.header['set-cookie']
       data["details"]["response_data_hash"] = Digest::SHA256.base64digest("#{response.body}")
 
@@ -237,14 +261,9 @@ module Intrigue
         until( found || attempts >= max_attempts)
          attempts+=1
 
-         # proxy configuration, disabled for now
-         #if $config["http_proxy"]
-         # proxy_addr = $config["http_proxy"]["host"]
-         # proxy_port = $config["http_proxy"]["port"]
-         # proxy_user = $config["http_proxy"]["user"]
-         # proxy_pass = $config["http_proxy"]["pass"]
-         #end
+         #proxy_addr = "127.0.0.1"
          proxy_addr = nil
+         #proxy_port = "8080"
          proxy_port = nil
 
          # set options
@@ -255,7 +274,7 @@ module Intrigue
          end
 
          http = Net::HTTP.start(uri.host, uri.port, proxy_addr, proxy_port, opts)
-         #http.set_debug_output($stdout) if _get_system_config "debug"
+         #http.set_debug_output($stdout)
          http.read_timeout = 20
          http.open_timeout = 20
 

data/lib/traverse_exceptions.rb

@@ -81,6 +81,7 @@ module TraverseExceptions
             entity_name =~ /^.*eloqua.com(:[0-9]*)?$/                    ||
             entity_name =~ /^.*exacttarget.com(:[0-9]*)?$/               ||
             entity_name =~ /^.*facebook.com(:[0-9]*)?$/                  ||
+            entity_name =~ /^.*fastly.net(:[0-9]*)?$/                    ||
             entity_name =~ /^.*feeds2.feedburner.com(:[0-9]*)?$/         ||
             entity_name =~ /^.*footprintdns.com(:[0-9]*)?$/              ||
             entity_name =~ /^.*force.com(:[0-9]*)?$/                     ||

data/util/check.rb

@@ -16,5 +16,5 @@ if debug
 end
 
 puts "Results: "
-matches.each{|x| puts " - #{x[:cpe]}" } if matches
+matches.each{|x| puts " - #{x["cpe"]}" } if matches
 puts "Done! #{matches.count} matches"

data/util/list.rb

@@ -6,4 +6,4 @@ def list_checks
   Intrigue::Ident::CheckFactory.all.map{|x| x.new.generate_checks("x") }.flatten
 end
 
-list_checks.sort_by{|c| "#{c[:vendor]}"}.each {|c| puts " - #{c[:vendor]} #{c[:product]} #{c[:version]} #{"(dynamic version detection)" if c[:dynamic_version] != nil }"}
+list_checks.sort_by{|c| "#{c[:vendor]}"}.each {|c| puts " - #{c[:vendor]} #{c[:product]}"}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: intrigue-ident
 version: !ruby/object:Gem::Version
-  version: '0.64'
+  version: '0.65'
 platform: ruby
 authors:
 - jcran
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-12 00:00:00.000000000 Z
+date: 2018-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -61,11 +61,50 @@ extra_rdoc_files: []
 files:
 - Gemfile
 - Gemfile.lock
-- data/logos/apache.png
+- data/logos/.DS_Store
+- data/logos/acquia.png
+- data/logos/amazon_cloudfront.png
+- data/logos/apache_coyote.png
+- data/logos/apache_tomcat.png
+- data/logos/atlassian_bamboo.png
+- data/logos/atlassian_bitbucket.png
+- data/logos/atlassian_confluence.png
+- data/logos/atlassian_crowd.png
+- data/logos/atlassian_crucible.png
+- data/logos/atlassian_fisheye.png
+- data/logos/atlassian_jira.png
+- data/logos/atlassian_sourcetree.png
+- data/logos/automattic_wordpress.png
+- data/logos/cisco_ssl_vpn.png
+- data/logos/citrix_netscaler_gateway.png
+- data/logos/cloudflare_cdn.png
+- data/logos/drupal.png
+- data/logos/f5_big-ip.png
+- data/logos/f5_big-ip_apm.png
+- data/logos/fastly.png
 - data/logos/generic.png
-- data/logos/oracle_java.png
-- data/logos/php.png
-- data/logos/varnish.png
+- data/logos/gitlab.png
+- data/logos/ibm_axway_securetransport.png
+- data/logos/lithium.png
+- data/logos/microsoft_asp.net.png
+- data/logos/microsoft_iis.png
+- data/logos/microsoft_outlook_web_access.png
+- data/logos/microsoft_sharepoint.png
+- data/logos/microtik_routeros.png
+- data/logos/mikrotik_routeros.png
+- data/logos/newrelic.png
+- data/logos/nginx.png
+- data/logos/okta.png
+- data/logos/oracle_glassfish.png
+- data/logos/oracle_java_application_server.png
+- data/logos/oracle_java_server_pages.png
+- data/logos/oracle_weblogic.png
+- data/logos/phpmyadmin.png
+- data/logos/tableau.png
+- data/logos/vmware_esxi.png
+- data/logos/vmware_horizon.png
+- data/logos/zendesk.png
+- data/logos/zimbra_server.png
 - intrigue-ident.gemspec
 - lib/check_factory.rb
 - lib/checks/acquia.rb
@@ -143,6 +182,7 @@ files:
 - lib/checks/tableau.rb
 - lib/checks/team_city.rb
 - lib/checks/telerik.rb
+- lib/checks/typo3.rb
 - lib/checks/varnish.rb
 - lib/checks/vmware.rb
 - lib/checks/webmin.rb