RubyGems - yawast - Versions diffs - 0.6.0.beta2 → 0.6.0.beta3 - Mend

yawast 0.6.0.beta2 → 0.6.0.beta3

Files changed (24) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/Dockerfile +12 -0
data/README.md +122 -67
data/bin/yawast +11 -0
data/lib/commands/dns.rb +16 -0
data/lib/scanner/core.rb +18 -5
data/lib/scanner/generic.rb +34 -3
data/lib/scanner/plugins/dns/caa.rb +44 -45
data/lib/scanner/plugins/servers/apache.rb +171 -0
data/lib/scanner/plugins/servers/iis.rb +64 -0
data/lib/scanner/plugins/servers/nginx.rb +17 -0
data/lib/scanner/plugins/servers/python.rb +17 -0
data/lib/shared/http.rb +12 -0
data/lib/version.rb +1 -1
data/test/test_scan_apache_banner.rb +5 -5
data/test/test_scan_apache_server_info.rb +1 -1
data/test/test_scan_apache_server_status.rb +1 -1
data/test/test_scan_iis_headers.rb +3 -3
data/test/test_scan_nginx_banner.rb +1 -1
metadata +8 -5
data/lib/scanner/apache.rb +0 -146
data/lib/scanner/iis.rb +0 -60
data/lib/scanner/nginx.rb +0 -13

data/lib/scanner/apache.rb DELETED Viewed

@@ -1,146 +0,0 @@
-require "base64"
-module Yawast
-  module Scanner
-    class Apache
-      def self.check_banner(banner)
-        #don't bother if this doesn't look like Apache
-        return unless banner.include? 'Apache'
-        @apache = true
-        modules = banner.split(' ')
-        server = modules[0]
-        #fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
-        # if we don't do this, it triggers a false positive on the module check
-        if /\(\w*\)/.match modules[1]
-          server += " #{modules[1]}"
-          modules.delete_at 1
-        end
-        #print the server info no matter what we do next
-        Yawast::Utilities.puts_info "Apache Server: #{server}"
-        modules.delete_at 0
-        if modules.count > 0
-          Yawast::Utilities.puts_warn 'Apache Server: Module listing enabled'
-          modules.each { |mod| Yawast::Utilities.puts_warn "\t\t#{mod}" }
-          puts ''
-          #check for special items
-          modules.each do |mod|
-            if mod.include? 'OpenSSL'
-              Yawast::Utilities.puts_warn "OpenSSL Version Disclosure: #{mod}"
-              puts ''
-            end
-          end
-        end
-      end
-      def self.check_all(uri)
-        #run all the defined checks
-        check_server_status(uri.copy)
-        check_server_info(uri.copy)
-        check_tomcat_manager(uri.copy)
-        check_tomcat_version(uri.copy)
-      end
-      def self.check_server_status(uri)
-        check_page_for_string uri, '/server-status', 'Apache Server Status'
-      end
-      def self.check_server_info(uri)
-        check_page_for_string uri, '/server-info', 'Apache Server Information'
-      end
-      def self.check_tomcat_version(uri)
-        begin
-          req = Yawast::Shared::Http.get_http(uri)
-          req.use_ssl = uri.scheme == 'https'
-          headers = Yawast::Shared::Http.get_headers
-          res = req.request(Xyz.new('/', headers))
-          if res.body != nil && res.body.include?('Apache Tomcat') && res.code == '501'
-            #check to see if there's a version number
-            version = /Apache Tomcat\/\d*.\d*.\d*\b/.match res.body
-            if version != nil && version[0] != nil
-              Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
-              puts "\t\t\"curl -X XYZ #{uri}\""
-              puts ''
-            end
-          end
-        end
-      end
-      def self.check_tomcat_manager(uri)
-        check_tomcat_manager_paths uri, 'manager', 'Manager'
-        check_tomcat_manager_paths uri, 'host-manager', 'Host Manager'
-      end
-      def self.check_tomcat_manager_paths(uri, base_path, manager)
-        uri.path = "/#{base_path}/html"
-        uri.query = '' if uri.query != nil
-        ret = Yawast::Shared::Http.get(uri)
-        if ret.include? '<tt>conf/tomcat-users.xml</tt>'
-          #this will get Tomcat 7+
-          Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
-          check_tomcat_manager_passwords uri, manager
-          puts ''
-        else
-          #check for Tomcat 6 and below
-          uri.path = "/#{base_path}"
-          ret = Yawast::Shared::Http.get(uri)
-          if ret.include? '<tt>conf/tomcat-users.xml</tt>'
-            Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
-            check_tomcat_manager_passwords uri, manager
-            puts ''
-          end
-        end
-      end
-      def self.check_tomcat_manager_passwords(uri, manager)
-        #check for known passwords
-        check_tomcat_manager_pwd_check uri, manager, 'tomcat:tomcat'
-        check_tomcat_manager_pwd_check uri, manager, 'tomcat:password'
-        check_tomcat_manager_pwd_check uri, manager, 'tomcat:'
-        check_tomcat_manager_pwd_check uri, manager, 'admin:admin'
-        check_tomcat_manager_pwd_check uri, manager, 'admin:password'
-        check_tomcat_manager_pwd_check uri, manager, 'admin:'
-      end
-      def self.check_tomcat_manager_pwd_check(uri, manager, credentials)
-        ret = Yawast::Shared::Http.get(uri, {'Authorization' => "Basic #{Base64.encode64(credentials)}"})
-        if ret.include?('<font size="+2">Tomcat Web Application Manager</font>') ||
-            ret.include?('<font size="+2">Tomcat Virtual Host Manager</font>')
-          Yawast::Utilities.puts_vuln "Apache Tomcat #{manager} weak password: #{credentials}"
-        end
-      end
-      def self.check_page_for_string(uri, path, search)
-        uri.path = path
-        uri.query = '' if uri.query != nil
-        ret = Yawast::Shared::Http.get(uri)
-        if ret.include? search
-          Yawast::Utilities.puts_vuln "#{search} page found: #{uri}"
-          puts ''
-        end
-      end
-    end
-    #Custom class to allow using the XYZ verb
-    class Xyz < Net::HTTPRequest
-      METHOD = 'XYZ'
-      REQUEST_HAS_BODY = false
-      RESPONSE_HAS_BODY = true
-    end
-  end
-end

data/lib/scanner/iis.rb DELETED Viewed

@@ -1,60 +0,0 @@
-module Yawast
-  module Scanner
-    class Iis
-      def self.check_banner(banner)
-        #don't bother if this doesn't include IIS
-        return unless banner.include? 'Microsoft-IIS/'
-        @iis = true
-        Yawast::Utilities.puts_warn "IIS Version: #{banner}"
-        puts ''
-      end
-      def self.check_all(uri, head)
-        #run all the defined checks
-        check_asp_banner(head)
-        check_mvc_version(head)
-        check_asp_net_debug(uri)
-      end
-      def self.check_asp_banner(head)
-        check_header_value head, 'x-aspnet-version', 'ASP.NET'
-      end
-      def self.check_mvc_version(head)
-        check_header_value head, 'x-aspnetmvc-version', 'ASP.NET MVC'
-      end
-      def self.check_header_value(head, search, message)
-        head.each do |k, v|
-          if k.downcase == search
-            Yawast::Utilities.puts_warn "#{message} Version: #{v}"
-            puts ''
-          end
-        end
-      end
-      def self.check_asp_net_debug(uri)
-        begin
-          req = Yawast::Shared::Http.get_http(uri)
-          req.use_ssl = uri.scheme == 'https'
-          headers = Yawast::Shared::Http.get_headers
-          headers['Command'] = 'stop-debug'
-          headers['Accept'] = '*/*'
-          res = req.request(Debug.new('/', headers))
-          if res.code == 200
-            Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
-          end
-        end
-      end
-    end
-    #Custom class to allow using the DEBUG verb
-    class Debug < Net::HTTPRequest
-      METHOD = 'DEBUG'
-      REQUEST_HAS_BODY = false
-      RESPONSE_HAS_BODY = true
-    end
-  end
-end

data/lib/scanner/nginx.rb DELETED Viewed

@@ -1,13 +0,0 @@
-module Yawast
-  module Scanner
-    class Nginx
-      def self.check_banner(banner)
-        #don't bother if this doesn't include nginx
-        return unless banner.include? 'nginx/'
-        Yawast::Utilities.puts_warn "nginx Version: #{banner}"
-        puts ''
-      end
-    end
-  end
-end