rabid 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +18 -16
- data/LICENSE.txt +1 -1
- data/README.md +1 -0
- data/docs/CHANGELOG.md +6 -0
- data/docs/why.md +2 -0
- data/lib/bigipcookie.rb +2 -1
- data/lib/bigipcookie/version.rb +1 -1
- data/test/test_bigipcookie.rb +10 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d404056c0f595ca4ba95787c5f7c0c59933d34ab3396d2d36e5cbc3093fb875
|
|
4
|
+
data.tar.gz: e5509152258eece3829cfd628bd4b2087d94fa52573b0424428cbc021e214ce3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0d23f1b376126a7f4e83c300a1a208ae5b582b9b4e135955e0675c2311c0a31e33a1f636d509dec8fcfbd1ae1b5d00f365f9cf18c71e473859b319103e27aa44
|
|
7
|
+
data.tar.gz: 030321261fd98b0f1f0fa347ad750929fe7df04804b712e96749793b4da4d76fb8e2e0d2aa220ba38e8a76577affd69e9612d09f8f23acebf15f784faa96731b
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rabid (0.0.
|
|
4
|
+
rabid (0.0.5)
|
|
5
5
|
docopt (~> 0.6)
|
|
6
6
|
paint (~> 2.1)
|
|
7
7
|
|
|
@@ -9,34 +9,36 @@ GEM
|
|
|
9
9
|
remote: https://rubygems.org/
|
|
10
10
|
specs:
|
|
11
11
|
ast (2.4.0)
|
|
12
|
-
commonmarker (0.
|
|
12
|
+
commonmarker (0.21.0)
|
|
13
13
|
ruby-enum (~> 0.5)
|
|
14
14
|
concurrent-ruby (1.1.5)
|
|
15
15
|
docopt (0.6.1)
|
|
16
16
|
github-markup (3.0.4)
|
|
17
|
-
i18n (1.
|
|
17
|
+
i18n (1.8.2)
|
|
18
18
|
concurrent-ruby (~> 1.0)
|
|
19
|
-
jaro_winkler (1.5.
|
|
20
|
-
minitest (5.
|
|
21
|
-
paint (2.1.
|
|
22
|
-
parallel (1.
|
|
23
|
-
parser (2.
|
|
19
|
+
jaro_winkler (1.5.4)
|
|
20
|
+
minitest (5.14.0)
|
|
21
|
+
paint (2.1.0)
|
|
22
|
+
parallel (1.19.1)
|
|
23
|
+
parser (2.7.0.2)
|
|
24
24
|
ast (~> 2.4.0)
|
|
25
25
|
rainbow (3.0.0)
|
|
26
|
-
rake (
|
|
27
|
-
redcarpet (3.
|
|
28
|
-
|
|
26
|
+
rake (13.0.1)
|
|
27
|
+
redcarpet (3.5.0)
|
|
28
|
+
rexml (3.2.4)
|
|
29
|
+
rubocop (0.80.0)
|
|
29
30
|
jaro_winkler (~> 1.5.1)
|
|
30
31
|
parallel (~> 1.10)
|
|
31
|
-
parser (>= 2.
|
|
32
|
+
parser (>= 2.7.0.1)
|
|
32
33
|
rainbow (>= 2.2.2, < 4.0)
|
|
34
|
+
rexml
|
|
33
35
|
ruby-progressbar (~> 1.7)
|
|
34
36
|
unicode-display_width (>= 1.4.0, < 1.7)
|
|
35
37
|
ruby-enum (0.7.2)
|
|
36
38
|
i18n
|
|
37
39
|
ruby-progressbar (1.10.1)
|
|
38
|
-
unicode-display_width (1.6.
|
|
39
|
-
yard (0.9.
|
|
40
|
+
unicode-display_width (1.6.1)
|
|
41
|
+
yard (0.9.24)
|
|
40
42
|
|
|
41
43
|
PLATFORMS
|
|
42
44
|
ruby
|
|
@@ -47,10 +49,10 @@ DEPENDENCIES
|
|
|
47
49
|
github-markup (~> 3.0)
|
|
48
50
|
minitest (~> 5.11)
|
|
49
51
|
rabid!
|
|
50
|
-
rake (~>
|
|
52
|
+
rake (~> 13.0)
|
|
51
53
|
redcarpet (~> 3.4)
|
|
52
54
|
rubocop (~> 0.63)
|
|
53
55
|
yard (~> 0.9)
|
|
54
56
|
|
|
55
57
|
BUNDLED WITH
|
|
56
|
-
2.
|
|
58
|
+
2.1.4
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
[](https://github.com/Orange-Cyberdefense/rabid/network)
|
|
6
6
|
[](https://github.com/Orange-Cyberdefense/rabid/stargazers)
|
|
7
7
|
[](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
|
|
8
|
+
[](https://inventory.rawsec.ml/tools.html#Rabid)
|
|
8
9
|
|
|
9
10
|
[](https://repology.org/project/rabid/versions)
|
|
10
11
|
|
data/docs/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.0.5]
|
|
4
|
+
|
|
5
|
+
- Fix a case when the encoded IP address in IPv4 pool members was decoded to an odd hexadecimal number resulting in a malformated IP address
|
|
6
|
+
- Fix the regexp for IPv4 pool members cookie were the encoded IP and port length was fix instead of variable
|
|
7
|
+
- Add more test for those cases
|
|
8
|
+
|
|
3
9
|
## [0.0.4]
|
|
4
10
|
|
|
5
11
|
- Fix regex in `auto_decode` and `retrieve_pool_name` for base64 encoded cookie (encrypted) - lazy quantifier instead of greedy one to match the first `=` sign
|
data/docs/why.md
CHANGED
|
@@ -21,6 +21,7 @@ RABID | :heavy_check_mark: | :heavy_check_mark:
|
|
|
21
21
|
[drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
|
|
22
22
|
[f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :o: | :o: | :x: | only on live targets
|
|
23
23
|
[http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
24
|
+
[Cookie Decrypter][13] (Burp) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | only on live targets
|
|
24
25
|
|
|
25
26
|
Legend:
|
|
26
27
|
|
|
@@ -45,3 +46,4 @@ Legend:
|
|
|
45
46
|
[10]:https://github.com/drwetter/F5-BIGIP-Decoder
|
|
46
47
|
[11]:https://www.rapid7.com/db/modules/auxiliary/gather/f5_bigip_cookie_disclosure
|
|
47
48
|
[12]:https://nmap.org/nsedoc/scripts/http-bigip-cookie.html
|
|
49
|
+
[13]:https://github.com/SolomonSklash/cookie-decrypter
|
data/lib/bigipcookie.rb
CHANGED
|
@@ -94,6 +94,7 @@ class BigIPCookie
|
|
|
94
94
|
end
|
|
95
95
|
|
|
96
96
|
ip = format('%02x', ip) if opts[:ip2hex] == 1 # ip to hex
|
|
97
|
+
ip = '0' + ip if ip.size % 2 == 1 # prepend a 0 when we have an odd number
|
|
97
98
|
ip = ip.scan(/.{#{opts[:scanby]}}/) # split by n
|
|
98
99
|
ip.reverse! if opts[:reverse] == 1 # reverse array
|
|
99
100
|
ip = ip.map { |i| i.to_i(16) } if opts[:hex2ip] == 1 # hex to ip
|
|
@@ -176,7 +177,7 @@ class BigIPCookie
|
|
|
176
177
|
# @return [Integer] detected cookie code (mapped with {decode_cookie})
|
|
177
178
|
def detect_cookie_type(cookie)
|
|
178
179
|
## IPv4 pool members
|
|
179
|
-
return 400 if /[0-9]{10}\.[0-9]{
|
|
180
|
+
return 400 if /[0-9]{1,10}\.[0-9]{1,7}\.0000/.match?(cookie)
|
|
180
181
|
|
|
181
182
|
## IPv4 pool members in non-default route domains
|
|
182
183
|
return 401 if /rd([0-9]+)o00000000000000000000ffff([0-9a-zA-Z]{8})o
|
data/lib/bigipcookie/version.rb
CHANGED
data/test/test_bigipcookie.rb
CHANGED
|
@@ -6,6 +6,7 @@ require 'bigipcookie'
|
|
|
6
6
|
class BigIPCookieTest < Minitest::Test
|
|
7
7
|
# IPv4 pool members, with pool name
|
|
8
8
|
def test_bigipcookie_decode_ipv4_pm
|
|
9
|
+
# Size (ip/port) 10 + 5
|
|
9
10
|
bip = BigIPCookie::Decode.new('BIGipServer<pool_name>=1677787402.36895.0000')
|
|
10
11
|
bip.auto_decode
|
|
11
12
|
# Decoded cookie
|
|
@@ -14,6 +15,15 @@ class BigIPCookieTest < Minitest::Test
|
|
|
14
15
|
assert_equal('<pool_name>', bip.pool_name)
|
|
15
16
|
# Cookie type
|
|
16
17
|
assert_equal('IPv4 pool members', bip.cookie_type)
|
|
18
|
+
# Test cookie with different encoded lenght
|
|
19
|
+
# Size (ip/port) 9 + 5
|
|
20
|
+
bip = BigIPCookie::Decode.new('135851530.20480.0000')
|
|
21
|
+
bip.auto_decode
|
|
22
|
+
assert_equal('10.238.24.8:80', bip.decoded_cookie)
|
|
23
|
+
# Size (ip/port) 8 + 0
|
|
24
|
+
bip = BigIPCookie::Decode.new('34467338.0.0000')
|
|
25
|
+
bip.auto_decode
|
|
26
|
+
assert_equal('10.238.13.2:0', bip.decoded_cookie)
|
|
17
27
|
end
|
|
18
28
|
|
|
19
29
|
# IPv4 pool members in non-default route domains, only cookie value
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-02-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: docopt
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '
|
|
103
|
+
version: '13.0'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '
|
|
110
|
+
version: '13.0'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: redcarpet
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|