rabid 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +18 -16
  3. data/LICENSE.txt +1 -1
  4. data/README.md +1 -0
  5. data/docs/CHANGELOG.md +6 -0
  6. data/docs/why.md +2 -0
  7. data/lib/bigipcookie.rb +2 -1
  8. data/lib/bigipcookie/version.rb +1 -1
  9. data/test/test_bigipcookie.rb +10 -0
  10. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bc6129ff43ec4e9cf11036b001c0dbd6526089038692a7f30708f62249933efe
4
- data.tar.gz: 715442b0e16c1148450038d5582ffcb87188a054b5659582a8caf3196fc2fca0
3
+ metadata.gz: 9d404056c0f595ca4ba95787c5f7c0c59933d34ab3396d2d36e5cbc3093fb875
4
+ data.tar.gz: e5509152258eece3829cfd628bd4b2087d94fa52573b0424428cbc021e214ce3
5
5
  SHA512:
6
- metadata.gz: 8a41f95d9ca6bf5070251ece01ff2e118788e96f703b51b77bdf8092333ea356b1641ac8ebcfb47b61b2f2d27aaff27b137052842ce17cdb99c69c74b58dc8df
7
- data.tar.gz: a2b796a96e55137452605b5b6b52641d38e577208e5c444d12d14bf9ff9e581b68a4bbea2df49c28d77ee6cdfe65820f0cc18904534662f7be71757dcca06d18
6
+ metadata.gz: 0d23f1b376126a7f4e83c300a1a208ae5b582b9b4e135955e0675c2311c0a31e33a1f636d509dec8fcfbd1ae1b5d00f365f9cf18c71e473859b319103e27aa44
7
+ data.tar.gz: 030321261fd98b0f1f0fa347ad750929fe7df04804b712e96749793b4da4d76fb8e2e0d2aa220ba38e8a76577affd69e9612d09f8f23acebf15f784faa96731b
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rabid (0.0.4)
4
+ rabid (0.0.5)
5
5
  docopt (~> 0.6)
6
6
  paint (~> 2.1)
7
7
 
@@ -9,34 +9,36 @@ GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
11
  ast (2.4.0)
12
- commonmarker (0.20.1)
12
+ commonmarker (0.21.0)
13
13
  ruby-enum (~> 0.5)
14
14
  concurrent-ruby (1.1.5)
15
15
  docopt (0.6.1)
16
16
  github-markup (3.0.4)
17
- i18n (1.6.0)
17
+ i18n (1.8.2)
18
18
  concurrent-ruby (~> 1.0)
19
- jaro_winkler (1.5.3)
20
- minitest (5.11.3)
21
- paint (2.1.1)
22
- parallel (1.17.0)
23
- parser (2.6.3.0)
19
+ jaro_winkler (1.5.4)
20
+ minitest (5.14.0)
21
+ paint (2.1.0)
22
+ parallel (1.19.1)
23
+ parser (2.7.0.2)
24
24
  ast (~> 2.4.0)
25
25
  rainbow (3.0.0)
26
- rake (12.3.2)
27
- redcarpet (3.4.0)
28
- rubocop (0.73.0)
26
+ rake (13.0.1)
27
+ redcarpet (3.5.0)
28
+ rexml (3.2.4)
29
+ rubocop (0.80.0)
29
30
  jaro_winkler (~> 1.5.1)
30
31
  parallel (~> 1.10)
31
- parser (>= 2.6)
32
+ parser (>= 2.7.0.1)
32
33
  rainbow (>= 2.2.2, < 4.0)
34
+ rexml
33
35
  ruby-progressbar (~> 1.7)
34
36
  unicode-display_width (>= 1.4.0, < 1.7)
35
37
  ruby-enum (0.7.2)
36
38
  i18n
37
39
  ruby-progressbar (1.10.1)
38
- unicode-display_width (1.6.0)
39
- yard (0.9.20)
40
+ unicode-display_width (1.6.1)
41
+ yard (0.9.24)
40
42
 
41
43
  PLATFORMS
42
44
  ruby
@@ -47,10 +49,10 @@ DEPENDENCIES
47
49
  github-markup (~> 3.0)
48
50
  minitest (~> 5.11)
49
51
  rabid!
50
- rake (~> 12.3)
52
+ rake (~> 13.0)
51
53
  redcarpet (~> 3.4)
52
54
  rubocop (~> 0.63)
53
55
  yard (~> 0.9)
54
56
 
55
57
  BUNDLED WITH
56
- 2.0.2
58
+ 2.1.4
data/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2019 Alexandre ZANNI
3
+ Copyright (c) 2019-2020 Alexandre ZANNI
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -5,6 +5,7 @@
5
5
  [![GitHub forks](https://img.shields.io/github/forks/Orange-Cyberdefense/rabid)](https://github.com/Orange-Cyberdefense/rabid/network)
6
6
  [![GitHub stars](https://img.shields.io/github/stars/Orange-Cyberdefense/rabid)](https://github.com/Orange-Cyberdefense/rabid/stargazers)
7
7
  [![GitHub license](https://img.shields.io/github/license/Orange-Cyberdefense/rabid)](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
8
+ [![Rawsec's CyberSecurity Inventory](https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.rawsec.ml/tools.html#Rabid)
8
9
 
9
10
  [![Packaging status](https://repology.org/badge/vertical-allrepos/rabid.svg)](https://repology.org/project/rabid/versions)
10
11
 
data/docs/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Changelog
2
2
 
3
+ ## [0.0.5]
4
+
5
+ - Fix a case when the encoded IP address in IPv4 pool members was decoded to an odd hexadecimal number resulting in a malformated IP address
6
+ - Fix the regexp for IPv4 pool members cookie were the encoded IP and port length was fix instead of variable
7
+ - Add more test for those cases
8
+
3
9
  ## [0.0.4]
4
10
 
5
11
  - Fix regex in `auto_decode` and `retrieve_pool_name` for base64 encoded cookie (encrypted) - lazy quantifier instead of greedy one to match the first `=` sign
data/docs/why.md CHANGED
@@ -21,6 +21,7 @@ RABID | :heavy_check_mark: | :heavy_check_mark:
21
21
  [drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
22
22
  [f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :o: | :o: | :x: | only on live targets
23
23
  [http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
24
+ [Cookie Decrypter][13] (Burp) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | only on live targets
24
25
 
25
26
  Legend:
26
27
 
@@ -45,3 +46,4 @@ Legend:
45
46
  [10]:https://github.com/drwetter/F5-BIGIP-Decoder
46
47
  [11]:https://www.rapid7.com/db/modules/auxiliary/gather/f5_bigip_cookie_disclosure
47
48
  [12]:https://nmap.org/nsedoc/scripts/http-bigip-cookie.html
49
+ [13]:https://github.com/SolomonSklash/cookie-decrypter
data/lib/bigipcookie.rb CHANGED
@@ -94,6 +94,7 @@ class BigIPCookie
94
94
  end
95
95
 
96
96
  ip = format('%02x', ip) if opts[:ip2hex] == 1 # ip to hex
97
+ ip = '0' + ip if ip.size % 2 == 1 # prepend a 0 when we have an odd number
97
98
  ip = ip.scan(/.{#{opts[:scanby]}}/) # split by n
98
99
  ip.reverse! if opts[:reverse] == 1 # reverse array
99
100
  ip = ip.map { |i| i.to_i(16) } if opts[:hex2ip] == 1 # hex to ip
@@ -176,7 +177,7 @@ class BigIPCookie
176
177
  # @return [Integer] detected cookie code (mapped with {decode_cookie})
177
178
  def detect_cookie_type(cookie)
178
179
  ## IPv4 pool members
179
- return 400 if /[0-9]{10}\.[0-9]{5}\.0000/.match?(cookie)
180
+ return 400 if /[0-9]{1,10}\.[0-9]{1,7}\.0000/.match?(cookie)
180
181
 
181
182
  ## IPv4 pool members in non-default route domains
182
183
  return 401 if /rd([0-9]+)o00000000000000000000ffff([0-9a-zA-Z]{8})o
data/lib/bigipcookie/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Version
4
- VERSION = '0.0.4'
4
+ VERSION = '0.0.5'
5
5
  end
data/test/test_bigipcookie.rb CHANGED
@@ -6,6 +6,7 @@ require 'bigipcookie'
6
6
  class BigIPCookieTest < Minitest::Test
7
7
  # IPv4 pool members, with pool name
8
8
  def test_bigipcookie_decode_ipv4_pm
9
+ # Size (ip/port) 10 + 5
9
10
  bip = BigIPCookie::Decode.new('BIGipServer<pool_name>=1677787402.36895.0000')
10
11
  bip.auto_decode
11
12
  # Decoded cookie
@@ -14,6 +15,15 @@ class BigIPCookieTest < Minitest::Test
14
15
  assert_equal('<pool_name>', bip.pool_name)
15
16
  # Cookie type
16
17
  assert_equal('IPv4 pool members', bip.cookie_type)
18
+ # Test cookie with different encoded lenght
19
+ # Size (ip/port) 9 + 5
20
+ bip = BigIPCookie::Decode.new('135851530.20480.0000')
21
+ bip.auto_decode
22
+ assert_equal('10.238.24.8:80', bip.decoded_cookie)
23
+ # Size (ip/port) 8 + 0
24
+ bip = BigIPCookie::Decode.new('34467338.0.0000')
25
+ bip.auto_decode
26
+ assert_equal('10.238.13.2:0', bip.decoded_cookie)
17
27
  end
18
28
 
19
29
  # IPv4 pool members in non-default route domains, only cookie value
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rabid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandre ZANNI
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-03 00:00:00.000000000 Z
11
+ date: 2020-02-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docopt
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '12.3'
103
+ version: '13.0'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '12.3'
110
+ version: '13.0'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: redcarpet
113
113
  requirement: !ruby/object:Gem::Requirement