yawast 0.6.0.beta2 → 0.6.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/Dockerfile +12 -0
  4. data/README.md +122 -67
  5. data/bin/yawast +11 -0
  6. data/lib/commands/dns.rb +16 -0
  7. data/lib/scanner/core.rb +18 -5
  8. data/lib/scanner/generic.rb +34 -3
  9. data/lib/scanner/plugins/dns/caa.rb +44 -45
  10. data/lib/scanner/plugins/servers/apache.rb +171 -0
  11. data/lib/scanner/plugins/servers/iis.rb +64 -0
  12. data/lib/scanner/plugins/servers/nginx.rb +17 -0
  13. data/lib/scanner/plugins/servers/python.rb +17 -0
  14. data/lib/shared/http.rb +12 -0
  15. data/lib/version.rb +1 -1
  16. data/test/test_scan_apache_banner.rb +5 -5
  17. data/test/test_scan_apache_server_info.rb +1 -1
  18. data/test/test_scan_apache_server_status.rb +1 -1
  19. data/test/test_scan_iis_headers.rb +3 -3
  20. data/test/test_scan_nginx_banner.rb +1 -1
  21. metadata +8 -5
  22. data/lib/scanner/apache.rb +0 -146
  23. data/lib/scanner/iis.rb +0 -60
  24. data/lib/scanner/nginx.rb +0 -13
data/lib/scanner/apache.rb DELETED
@@ -1,146 +0,0 @@
1
- require "base64"
2
-
3
- module Yawast
4
- module Scanner
5
- class Apache
6
- def self.check_banner(banner)
7
- #don't bother if this doesn't look like Apache
8
- return unless banner.include? 'Apache'
9
- @apache = true
10
-
11
- modules = banner.split(' ')
12
- server = modules[0]
13
-
14
- #fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
15
- # if we don't do this, it triggers a false positive on the module check
16
- if /\(\w*\)/.match modules[1]
17
- server += " #{modules[1]}"
18
- modules.delete_at 1
19
- end
20
-
21
- #print the server info no matter what we do next
22
- Yawast::Utilities.puts_info "Apache Server: #{server}"
23
- modules.delete_at 0
24
-
25
- if modules.count > 0
26
- Yawast::Utilities.puts_warn 'Apache Server: Module listing enabled'
27
- modules.each { |mod| Yawast::Utilities.puts_warn "\t\t#{mod}" }
28
- puts ''
29
-
30
- #check for special items
31
- modules.each do |mod|
32
- if mod.include? 'OpenSSL'
33
- Yawast::Utilities.puts_warn "OpenSSL Version Disclosure: #{mod}"
34
- puts ''
35
- end
36
- end
37
- end
38
- end
39
-
40
- def self.check_all(uri)
41
- #run all the defined checks
42
- check_server_status(uri.copy)
43
- check_server_info(uri.copy)
44
- check_tomcat_manager(uri.copy)
45
- check_tomcat_version(uri.copy)
46
- end
47
-
48
- def self.check_server_status(uri)
49
- check_page_for_string uri, '/server-status', 'Apache Server Status'
50
- end
51
-
52
- def self.check_server_info(uri)
53
- check_page_for_string uri, '/server-info', 'Apache Server Information'
54
- end
55
-
56
- def self.check_tomcat_version(uri)
57
- begin
58
- req = Yawast::Shared::Http.get_http(uri)
59
- req.use_ssl = uri.scheme == 'https'
60
- headers = Yawast::Shared::Http.get_headers
61
- res = req.request(Xyz.new('/', headers))
62
-
63
- if res.body != nil && res.body.include?('Apache Tomcat') && res.code == '501'
64
- #check to see if there's a version number
65
- version = /Apache Tomcat\/\d*.\d*.\d*\b/.match res.body
66
-
67
- if version != nil && version[0] != nil
68
- Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
69
- puts "\t\t\"curl -X XYZ #{uri}\""
70
-
71
- puts ''
72
- end
73
- end
74
- end
75
- end
76
-
77
- def self.check_tomcat_manager(uri)
78
- check_tomcat_manager_paths uri, 'manager', 'Manager'
79
- check_tomcat_manager_paths uri, 'host-manager', 'Host Manager'
80
- end
81
-
82
- def self.check_tomcat_manager_paths(uri, base_path, manager)
83
- uri.path = "/#{base_path}/html"
84
- uri.query = '' if uri.query != nil
85
-
86
- ret = Yawast::Shared::Http.get(uri)
87
-
88
- if ret.include? '<tt>conf/tomcat-users.xml</tt>'
89
- #this will get Tomcat 7+
90
- Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
91
- check_tomcat_manager_passwords uri, manager
92
-
93
- puts ''
94
- else
95
- #check for Tomcat 6 and below
96
- uri.path = "/#{base_path}"
97
- ret = Yawast::Shared::Http.get(uri)
98
-
99
- if ret.include? '<tt>conf/tomcat-users.xml</tt>'
100
- Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
101
- check_tomcat_manager_passwords uri, manager
102
-
103
- puts ''
104
- end
105
- end
106
- end
107
-
108
- def self.check_tomcat_manager_passwords(uri, manager)
109
- #check for known passwords
110
- check_tomcat_manager_pwd_check uri, manager, 'tomcat:tomcat'
111
- check_tomcat_manager_pwd_check uri, manager, 'tomcat:password'
112
- check_tomcat_manager_pwd_check uri, manager, 'tomcat:'
113
- check_tomcat_manager_pwd_check uri, manager, 'admin:admin'
114
- check_tomcat_manager_pwd_check uri, manager, 'admin:password'
115
- check_tomcat_manager_pwd_check uri, manager, 'admin:'
116
- end
117
-
118
- def self.check_tomcat_manager_pwd_check(uri, manager, credentials)
119
- ret = Yawast::Shared::Http.get(uri, {'Authorization' => "Basic #{Base64.encode64(credentials)}"})
120
- if ret.include?('<font size="+2">Tomcat Web Application Manager</font>') ||
121
- ret.include?('<font size="+2">Tomcat Virtual Host Manager</font>')
122
- Yawast::Utilities.puts_vuln "Apache Tomcat #{manager} weak password: #{credentials}"
123
- end
124
- end
125
-
126
- def self.check_page_for_string(uri, path, search)
127
- uri.path = path
128
- uri.query = '' if uri.query != nil
129
-
130
- ret = Yawast::Shared::Http.get(uri)
131
-
132
- if ret.include? search
133
- Yawast::Utilities.puts_vuln "#{search} page found: #{uri}"
134
- puts ''
135
- end
136
- end
137
- end
138
-
139
- #Custom class to allow using the XYZ verb
140
- class Xyz < Net::HTTPRequest
141
- METHOD = 'XYZ'
142
- REQUEST_HAS_BODY = false
143
- RESPONSE_HAS_BODY = true
144
- end
145
- end
146
- end
data/lib/scanner/iis.rb DELETED
@@ -1,60 +0,0 @@
1
- module Yawast
2
- module Scanner
3
- class Iis
4
- def self.check_banner(banner)
5
- #don't bother if this doesn't include IIS
6
- return unless banner.include? 'Microsoft-IIS/'
7
- @iis = true
8
-
9
- Yawast::Utilities.puts_warn "IIS Version: #{banner}"
10
- puts ''
11
- end
12
-
13
- def self.check_all(uri, head)
14
- #run all the defined checks
15
- check_asp_banner(head)
16
- check_mvc_version(head)
17
- check_asp_net_debug(uri)
18
- end
19
-
20
- def self.check_asp_banner(head)
21
- check_header_value head, 'x-aspnet-version', 'ASP.NET'
22
- end
23
-
24
- def self.check_mvc_version(head)
25
- check_header_value head, 'x-aspnetmvc-version', 'ASP.NET MVC'
26
- end
27
-
28
- def self.check_header_value(head, search, message)
29
- head.each do |k, v|
30
- if k.downcase == search
31
- Yawast::Utilities.puts_warn "#{message} Version: #{v}"
32
- puts ''
33
- end
34
- end
35
- end
36
-
37
- def self.check_asp_net_debug(uri)
38
- begin
39
- req = Yawast::Shared::Http.get_http(uri)
40
- req.use_ssl = uri.scheme == 'https'
41
- headers = Yawast::Shared::Http.get_headers
42
- headers['Command'] = 'stop-debug'
43
- headers['Accept'] = '*/*'
44
- res = req.request(Debug.new('/', headers))
45
-
46
- if res.code == 200
47
- Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
48
- end
49
- end
50
- end
51
- end
52
-
53
- #Custom class to allow using the DEBUG verb
54
- class Debug < Net::HTTPRequest
55
- METHOD = 'DEBUG'
56
- REQUEST_HAS_BODY = false
57
- RESPONSE_HAS_BODY = true
58
- end
59
- end
60
- end
data/lib/scanner/nginx.rb DELETED
@@ -1,13 +0,0 @@
1
- module Yawast
2
- module Scanner
3
- class Nginx
4
- def self.check_banner(banner)
5
- #don't bother if this doesn't include nginx
6
- return unless banner.include? 'nginx/'
7
-
8
- Yawast::Utilities.puts_warn "nginx Version: #{banner}"
9
- puts ''
10
- end
11
- end
12
- end
13
- end