yawast 0.6.0.beta2 → 0.6.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Dockerfile +12 -0
- data/README.md +122 -67
- data/bin/yawast +11 -0
- data/lib/commands/dns.rb +16 -0
- data/lib/scanner/core.rb +18 -5
- data/lib/scanner/generic.rb +34 -3
- data/lib/scanner/plugins/dns/caa.rb +44 -45
- data/lib/scanner/plugins/servers/apache.rb +171 -0
- data/lib/scanner/plugins/servers/iis.rb +64 -0
- data/lib/scanner/plugins/servers/nginx.rb +17 -0
- data/lib/scanner/plugins/servers/python.rb +17 -0
- data/lib/shared/http.rb +12 -0
- data/lib/version.rb +1 -1
- data/test/test_scan_apache_banner.rb +5 -5
- data/test/test_scan_apache_server_info.rb +1 -1
- data/test/test_scan_apache_server_status.rb +1 -1
- data/test/test_scan_iis_headers.rb +3 -3
- data/test/test_scan_nginx_banner.rb +1 -1
- metadata +8 -5
- data/lib/scanner/apache.rb +0 -146
- data/lib/scanner/iis.rb +0 -60
- data/lib/scanner/nginx.rb +0 -13
data/lib/scanner/apache.rb
DELETED
@@ -1,146 +0,0 @@
|
|
1
|
-
require "base64"
|
2
|
-
|
3
|
-
module Yawast
|
4
|
-
module Scanner
|
5
|
-
class Apache
|
6
|
-
def self.check_banner(banner)
|
7
|
-
#don't bother if this doesn't look like Apache
|
8
|
-
return unless banner.include? 'Apache'
|
9
|
-
@apache = true
|
10
|
-
|
11
|
-
modules = banner.split(' ')
|
12
|
-
server = modules[0]
|
13
|
-
|
14
|
-
#fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
|
15
|
-
# if we don't do this, it triggers a false positive on the module check
|
16
|
-
if /\(\w*\)/.match modules[1]
|
17
|
-
server += " #{modules[1]}"
|
18
|
-
modules.delete_at 1
|
19
|
-
end
|
20
|
-
|
21
|
-
#print the server info no matter what we do next
|
22
|
-
Yawast::Utilities.puts_info "Apache Server: #{server}"
|
23
|
-
modules.delete_at 0
|
24
|
-
|
25
|
-
if modules.count > 0
|
26
|
-
Yawast::Utilities.puts_warn 'Apache Server: Module listing enabled'
|
27
|
-
modules.each { |mod| Yawast::Utilities.puts_warn "\t\t#{mod}" }
|
28
|
-
puts ''
|
29
|
-
|
30
|
-
#check for special items
|
31
|
-
modules.each do |mod|
|
32
|
-
if mod.include? 'OpenSSL'
|
33
|
-
Yawast::Utilities.puts_warn "OpenSSL Version Disclosure: #{mod}"
|
34
|
-
puts ''
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
def self.check_all(uri)
|
41
|
-
#run all the defined checks
|
42
|
-
check_server_status(uri.copy)
|
43
|
-
check_server_info(uri.copy)
|
44
|
-
check_tomcat_manager(uri.copy)
|
45
|
-
check_tomcat_version(uri.copy)
|
46
|
-
end
|
47
|
-
|
48
|
-
def self.check_server_status(uri)
|
49
|
-
check_page_for_string uri, '/server-status', 'Apache Server Status'
|
50
|
-
end
|
51
|
-
|
52
|
-
def self.check_server_info(uri)
|
53
|
-
check_page_for_string uri, '/server-info', 'Apache Server Information'
|
54
|
-
end
|
55
|
-
|
56
|
-
def self.check_tomcat_version(uri)
|
57
|
-
begin
|
58
|
-
req = Yawast::Shared::Http.get_http(uri)
|
59
|
-
req.use_ssl = uri.scheme == 'https'
|
60
|
-
headers = Yawast::Shared::Http.get_headers
|
61
|
-
res = req.request(Xyz.new('/', headers))
|
62
|
-
|
63
|
-
if res.body != nil && res.body.include?('Apache Tomcat') && res.code == '501'
|
64
|
-
#check to see if there's a version number
|
65
|
-
version = /Apache Tomcat\/\d*.\d*.\d*\b/.match res.body
|
66
|
-
|
67
|
-
if version != nil && version[0] != nil
|
68
|
-
Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
|
69
|
-
puts "\t\t\"curl -X XYZ #{uri}\""
|
70
|
-
|
71
|
-
puts ''
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
def self.check_tomcat_manager(uri)
|
78
|
-
check_tomcat_manager_paths uri, 'manager', 'Manager'
|
79
|
-
check_tomcat_manager_paths uri, 'host-manager', 'Host Manager'
|
80
|
-
end
|
81
|
-
|
82
|
-
def self.check_tomcat_manager_paths(uri, base_path, manager)
|
83
|
-
uri.path = "/#{base_path}/html"
|
84
|
-
uri.query = '' if uri.query != nil
|
85
|
-
|
86
|
-
ret = Yawast::Shared::Http.get(uri)
|
87
|
-
|
88
|
-
if ret.include? '<tt>conf/tomcat-users.xml</tt>'
|
89
|
-
#this will get Tomcat 7+
|
90
|
-
Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
|
91
|
-
check_tomcat_manager_passwords uri, manager
|
92
|
-
|
93
|
-
puts ''
|
94
|
-
else
|
95
|
-
#check for Tomcat 6 and below
|
96
|
-
uri.path = "/#{base_path}"
|
97
|
-
ret = Yawast::Shared::Http.get(uri)
|
98
|
-
|
99
|
-
if ret.include? '<tt>conf/tomcat-users.xml</tt>'
|
100
|
-
Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
|
101
|
-
check_tomcat_manager_passwords uri, manager
|
102
|
-
|
103
|
-
puts ''
|
104
|
-
end
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
def self.check_tomcat_manager_passwords(uri, manager)
|
109
|
-
#check for known passwords
|
110
|
-
check_tomcat_manager_pwd_check uri, manager, 'tomcat:tomcat'
|
111
|
-
check_tomcat_manager_pwd_check uri, manager, 'tomcat:password'
|
112
|
-
check_tomcat_manager_pwd_check uri, manager, 'tomcat:'
|
113
|
-
check_tomcat_manager_pwd_check uri, manager, 'admin:admin'
|
114
|
-
check_tomcat_manager_pwd_check uri, manager, 'admin:password'
|
115
|
-
check_tomcat_manager_pwd_check uri, manager, 'admin:'
|
116
|
-
end
|
117
|
-
|
118
|
-
def self.check_tomcat_manager_pwd_check(uri, manager, credentials)
|
119
|
-
ret = Yawast::Shared::Http.get(uri, {'Authorization' => "Basic #{Base64.encode64(credentials)}"})
|
120
|
-
if ret.include?('<font size="+2">Tomcat Web Application Manager</font>') ||
|
121
|
-
ret.include?('<font size="+2">Tomcat Virtual Host Manager</font>')
|
122
|
-
Yawast::Utilities.puts_vuln "Apache Tomcat #{manager} weak password: #{credentials}"
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
|
-
def self.check_page_for_string(uri, path, search)
|
127
|
-
uri.path = path
|
128
|
-
uri.query = '' if uri.query != nil
|
129
|
-
|
130
|
-
ret = Yawast::Shared::Http.get(uri)
|
131
|
-
|
132
|
-
if ret.include? search
|
133
|
-
Yawast::Utilities.puts_vuln "#{search} page found: #{uri}"
|
134
|
-
puts ''
|
135
|
-
end
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
#Custom class to allow using the XYZ verb
|
140
|
-
class Xyz < Net::HTTPRequest
|
141
|
-
METHOD = 'XYZ'
|
142
|
-
REQUEST_HAS_BODY = false
|
143
|
-
RESPONSE_HAS_BODY = true
|
144
|
-
end
|
145
|
-
end
|
146
|
-
end
|
data/lib/scanner/iis.rb
DELETED
@@ -1,60 +0,0 @@
|
|
1
|
-
module Yawast
|
2
|
-
module Scanner
|
3
|
-
class Iis
|
4
|
-
def self.check_banner(banner)
|
5
|
-
#don't bother if this doesn't include IIS
|
6
|
-
return unless banner.include? 'Microsoft-IIS/'
|
7
|
-
@iis = true
|
8
|
-
|
9
|
-
Yawast::Utilities.puts_warn "IIS Version: #{banner}"
|
10
|
-
puts ''
|
11
|
-
end
|
12
|
-
|
13
|
-
def self.check_all(uri, head)
|
14
|
-
#run all the defined checks
|
15
|
-
check_asp_banner(head)
|
16
|
-
check_mvc_version(head)
|
17
|
-
check_asp_net_debug(uri)
|
18
|
-
end
|
19
|
-
|
20
|
-
def self.check_asp_banner(head)
|
21
|
-
check_header_value head, 'x-aspnet-version', 'ASP.NET'
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.check_mvc_version(head)
|
25
|
-
check_header_value head, 'x-aspnetmvc-version', 'ASP.NET MVC'
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.check_header_value(head, search, message)
|
29
|
-
head.each do |k, v|
|
30
|
-
if k.downcase == search
|
31
|
-
Yawast::Utilities.puts_warn "#{message} Version: #{v}"
|
32
|
-
puts ''
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def self.check_asp_net_debug(uri)
|
38
|
-
begin
|
39
|
-
req = Yawast::Shared::Http.get_http(uri)
|
40
|
-
req.use_ssl = uri.scheme == 'https'
|
41
|
-
headers = Yawast::Shared::Http.get_headers
|
42
|
-
headers['Command'] = 'stop-debug'
|
43
|
-
headers['Accept'] = '*/*'
|
44
|
-
res = req.request(Debug.new('/', headers))
|
45
|
-
|
46
|
-
if res.code == 200
|
47
|
-
Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
#Custom class to allow using the DEBUG verb
|
54
|
-
class Debug < Net::HTTPRequest
|
55
|
-
METHOD = 'DEBUG'
|
56
|
-
REQUEST_HAS_BODY = false
|
57
|
-
RESPONSE_HAS_BODY = true
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
data/lib/scanner/nginx.rb
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
module Yawast
|
2
|
-
module Scanner
|
3
|
-
class Nginx
|
4
|
-
def self.check_banner(banner)
|
5
|
-
#don't bother if this doesn't include nginx
|
6
|
-
return unless banner.include? 'nginx/'
|
7
|
-
|
8
|
-
Yawast::Utilities.puts_warn "nginx Version: #{banner}"
|
9
|
-
puts ''
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|