Skip to content

Commit

Permalink
Merge branch 'main' into redirection-data-grab
Browse files Browse the repository at this point in the history
  • Loading branch information
Duarte Mateus committed Jul 10, 2021
2 parents ac38198 + 5ea25ae commit 98f5911
Show file tree
Hide file tree
Showing 27 changed files with 372 additions and 43 deletions.
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ PATH
GEM
remote: https://rubygems.org/
specs:
bindata (2.4.9)
bindata (2.4.10)
bson (4.12.0)
coderay (1.1.3)
diff-lcs (1.4.4)
Expand Down
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,22 @@ For Check Writers:

Check types can be written against supported protocols:
- AMQP
- Apache Zookeeper Atomic Broadcast (Raw)
- Cisco Smart Install
- DNS
- Elasticsearch
- FTP
- Ganglia (Raw)
- HTTP / HTTPS
- Memcached (Raw)
- Mongodb
- Mysql
- Oracle IIOP (Raw)
- Oracle T3 (Raw)
- Pop3
- RDP (Raw)
- Redis
- SAP NI (Raw)
- SMB
- SMTP
- SNMP
Expand Down
22 changes: 20 additions & 2 deletions checks/http/accellion.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ module Intrigue
module Ident
module Check
class Accellion < Intrigue::Ident::Check::Base

def generate_checks(url)
[
{
Expand All @@ -24,11 +24,29 @@ def generate_checks(url)
hide: false,
paths: [ { path: "#{url}", follow_redirects: true } ],
inference: false
},
{
type: "fingerprint",
category: "application",
tags: ["Appliance"],
vendor: "Accellion",
product: "Kiteworks",
references: [ "https://www.accellion.com/kiteworks/" ],
match_logic: :all,
matches: [
{
match_type: :content_title,
match_content: /^kiteworks$/,
}
],
description: "page title",
hide: false,
paths: [ { path: "#{url}/index.html", follow_redirects: true } ],
inference: false
}
]
end
end
end
end
end

2 changes: 1 addition & 1 deletion checks/http/apache.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ def generate_checks(url)
{ path: url.to_s, follow_redirects: true },
{ path: "#{url}/doesntexist-123", follow_redirects: true }
],
inference: true
inference: true,
},
{
type: 'fingerprint',
Expand Down
4 changes: 2 additions & 2 deletions checks/http/centos.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def generate_checks(url)
{
type: 'fingerprint',
category: 'application',
tags: ['Administrative', 'Admin Panel'],
tags: ['Administrative', 'Login Panel'],
vendor: 'Centos',
product: 'CentOS Web Panel',
references: [],
Expand All @@ -44,7 +44,7 @@ def generate_checks(url)
hide: false,
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false,
issue: 'exposed_admin_panel_unauthenticated'
issue: 'exposed_admin_panel_unauthenticated',
}
]
end
Expand Down
8 changes: 4 additions & 4 deletions checks/http/f5.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ def generate_checks(url)
{
type: 'fingerprint',
category: 'application',
tags: ['Networking', 'Load Balancer', 'Admin Panel'],
tags: ['Networking', 'Load Balancer', 'Login Panel'],
vendor: 'F5',
product: 'BIG-IP Access Policy Manager',
website: 'https://www.f5.com/products/security/access-policy-manager',
Expand All @@ -18,11 +18,11 @@ def generate_checks(url)
{
match_type: :content_cookies,
match_content: /MRHSession/,
}
},
],
hide: false,
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
inference: false,
},
{
type: 'fingerprint',
Expand All @@ -42,7 +42,7 @@ def generate_checks(url)
],
hide: false,
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
inference: false,
},
{
type: 'fingerprint',
Expand Down
1 change: 0 additions & 1 deletion checks/http/github.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ def generate_checks(url)
{ path: "#{url}/setup/unlock", follow_redirects: true }
],
inference: false,
test_target: ['https://1.221.184.114:8443/']
}
]
end
Expand Down
4 changes: 2 additions & 2 deletions checks/http/ibm.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def generate_checks(url)
{
type: 'fingerprint',
category: 'application',
tags: ['Administrative', 'Admin Panel', 'COTS'],
tags: ['Administrative', 'Login Panel', 'COTS'],
vendor: 'IBM',
product: 'IBM Security Access Manager for Web',
references: ['https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2.1/com.ibm.isam.doc/wrp_config/concept/con_sam_intro.html'],
Expand All @@ -78,7 +78,7 @@ def generate_checks(url)
],
description: 'IBM security access manager login prompt',
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
inference: false,
},
{
type: 'fingerprint',
Expand Down
2 changes: 1 addition & 1 deletion checks/http/ingram_micro.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def generate_checks(url)
],
version: nil,
paths: [ { path: "#{url}", follow_redirects: true } ],
inference: false
inference: false,
}
]
end
Expand Down
2 changes: 1 addition & 1 deletion checks/http/ivanti.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def generate_checks(url)
],
references: ["https://community.ivanti.com/community/all-products/systems/cloudservices"],
paths: [ { path: "#{url}", follow_redirects: true } ],
inference: false
inference: false,
}
]
end
Expand Down
4 changes: 2 additions & 2 deletions checks/http/jamf.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ def generate_checks(url)
{
type: 'fingerprint',
category: 'application',
tags: ['Administrative', 'Admin Panel', 'COTS'],
tags: ['Administrative', 'Login Panel', 'COTS'],
vendor: 'Jamf',
product: 'Pro',
website: 'https://www.jamf.com/products/jamf-pro/',
Expand All @@ -27,7 +27,7 @@ def generate_checks(url)
_first_body_capture(x, /<title>Jamf Pro Login - Jamf Pro v[\d.]*-(.*)</)
},
paths: [{ path: url.to_s, follow_redirects: true }],
inference: true
inference: true,
}
]
end
Expand Down
167 changes: 167 additions & 0 deletions checks/http/kaseya.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
module Intrigue
module Ident
module Check
module Private
class Kaseya < Intrigue::Ident::Check::Base
def generate_checks(url)
[
{
type: 'fingerprint',
category: 'application',
tags: ['Monitoring', 'Application Server'],
vendor: 'Kaseya',
product: 'Traverse',
website: 'https://www.kaseya.com/products/traverse/',
references: ['https://vuldb.com/?id.150298',
'https://www.cybersecurity-help.cz/vdb/SB2020021813'],
description: 'Kaseya Traverse Application Server',
version: nil,
match_logic: :any,
matches: [
{
match_type: :content_headers,
match_content: /^server:\ Traverse\ Application\ Server$/i
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'application',
tags: ['Monitoring', 'Application Server'],
vendor: 'Kaseya',
product: 'Traverse',
website: 'https://www.kaseya.com/products/traverse/',
description: 'Kaseya Traverse login page',
version: nil,
match_logic: :any,
matches: [
{ match_type: :content_title,
match_content: /^Traverse: Login/i
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'application',
tags: ['Monitoring', 'Application Server'],
vendor: 'Kaseya',
product: 'Traverse',
website: 'https://www.kaseya.com/products/traverse/',
description: 'Kaseya Traverse powered by reference',
version: nil,
match_logic: :any,
matches: [{
match_type: :content_body,
match_content: /Powered\ By:\ Kaseya\ Traverse\ \W\ www\.kaseya\.com/i
}],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'application',
tags: ['Monitoring', 'Management', 'SaaS', 'Login Panel'],
vendor: 'Kaseya',
product: 'Virtual System Administrator',
website: 'https://www.kaseya.com/',
description: 'Kaseya Virtual System Administrator - initial page',
version: nil,
match_logic: :any,
matches: [
{
match_type: :content_body,
match_content: /<p>To continue click <a href="\/vsapres\/web20\/core\/login.aspx">here<\/a><\/p>/i
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'application',
tags: ['Monitoring', 'Management', 'SaaS', 'Login Panel'],
vendor: 'Kaseya',
product: 'Virtual System Administrator',
website: 'https://www.kaseya.com/',
description: 'Kaseya Virtual System Administrator - Login Panel Body Match',
version: nil,
match_logic: :any,
require_product: 'Virtual System Administrator',
matches: [
{
match_type: :content_body,
match_content: /\/access\/VSA_Background\.jpg/i
},
{
match_type: :content_body,
match_content: /<script src="\/vsaPres\/WebResource.axd/i
}
],
paths: [{ path: "#{url.to_s}/vsapres/web20/core/login.aspx", follow_redirects: true }],
dynamic_version: lambda { |x|
_first_body_capture(x, /<span>(\d+\.\d+\.\d+\.\d+)<\/span>/i)
},
inference: true
},
{
type: 'fingerprint',
category: 'service',
tags: ['Monitoring', 'Management', 'SaaS', 'Login Panel'],
vendor: 'Kaseya',
product: 'Kaseya',
website: 'https://www.kaseya.com/',
description: 'Kaseya - Login Panel Body Match',
version: nil,
match_logic: :all,
matches: [
{
match_type: :content_body,
match_content: /logo_kaseya.svg/i
},
{
match_type: :content_body,
match_content: /icon_K1.svg/i
},
{
match_type: :content_body,
match_content: /alt='Kaseya'/i
},
{
match_type: :content_body,
match_content: /Copyright Kaseya Limited/i
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
},
{
type: 'fingerprint',
category: 'service',
tags: ['Monitoring', 'Management', 'SaaS'],
vendor: 'Kaseya',
product: 'Kaseya',
website: 'https://www.kaseya.com/',
description: 'Kaseya - Favicon Hash',
version: nil,
match_logic: :all,
matches: [
{
match_type: :checksum_body_mmh3,
match_content: -1_445_519_482
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false,
test_target: ['https://app.eu.myglue.com/']
}
]
end
end
end
end
end
end
4 changes: 2 additions & 2 deletions checks/http/kibana.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ def generate_checks(url)
{
type: 'fingerprint',
category: 'application',
tags: ["Development", "Database", "Admin Panel"],
tags: ["Development", "Database", "Login Panel"],
vendor: 'Elasticsearch',
product: 'Kibana',
website: 'https://www.elastic.co/kibana',
Expand All @@ -25,7 +25,7 @@ def generate_checks(url)
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
inference: false
inference: false,
},
{
type: 'fingerprint',
Expand Down
4 changes: 4 additions & 0 deletions checks/http/kubernetes.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ def generate_checks(url)
{
match_type: :content_body,
match_content: /^default backend - 404$/,
},
{ # specific to github?
match_type: :content_headers,
match_content: /^x-github-backend: Kubernetes$/,
}
],
paths: [{ path: url.to_s, follow_redirects: true }],
Expand Down
Loading

0 comments on commit 98f5911

Please sign in to comment.