def scan():
php_inis = [
'/etc/php5/apache2/php.ini',
'/etc/php5/cli/php.ini',
]
if not os.path.isdir('/etc/php5'):
return scanner.Result(scanner.NA, 'PHP not found')
failed = []
passed = []
for php_ini in php_inis:
file(php_ini,
'r').read() # Test file read access. Throws exception if failed.
code = "echo(ini_get('display_errors'));"
res = tools.cmd('php -c %s -r "%s"' % (php_ini, code))
if res['stderr']:
raise scanner.ScanError('%s: %s' %
(php_ini, res['stderr'].replace('\n', '')))
elif len(res['stdout']) > 6:
raise scanner.ScanError('%s: %s' %
(php_ini, res['stdout'].replace('\n', '')))
elif res['stdout'] != '' and res['stdout'] != '0' and res[
'stdout'] != 'STDOUT':
failed.append('%s has display_errors on' % (php_ini))
else:
passed.append('%s does not have display_errors on' % (php_ini))
if failed:
return scanner.Result(scanner.FAIL, ', '.join(failed))
else:
return scanner.Result(scanner.PASS, ', '.join(passed))
def scan():
res = tools.cmd('mysql -u root -h 127.0.0.1 -e "exit" ')
if 'access denied' in res['stderr'].lower():
return scanner.Result(scanner.PASS,
'The MySQL root account has a password')
return scanner.Result(scanner.FAIL,
'The MySQL root account has no password')
def scan():
fc = file('/etc/ssh/sshd_config', 'r').read().lower()
matches = re.findall('.*permitemptypasswords.*', fc)
if matches and matches[0].endswith('yes'):
return scanner.Result(scanner.FAIL, 'The SSH server allows empty passwords')
else:
return scanner.Result(scanner.PASS, 'The SSH server does not allow empty passwords')
def scan():
fc = file('/etc/ssh/sshd_config', 'r').read().lower()
matches = re.findall('.*permitrootlogin.*', fc)
if matches and matches[0].strip().endswith('yes'):
return scanner.Result(scanner.FAIL, 'SSH allows remote root logins')
else:
return scanner.Result(scanner.PASS,
'SSH does not allow remote root logins')
def scan():
connection = httplib.HTTPConnection("127.0.0.1")
connection.request("GET", "/index.html")
response = connection.getresponse()
match = re.match('.*[0-9]+\..*', response.getheader('server', '').lower())
if match:
return scanner.Result(
scanner.FAIL, 'The webserver exposes a header with version number')
return scanner.Result(
scanner.PASS,
'The webserver doesn\'t exposes a header with version number')
def scan():
found = 0
for line in file('/etc/mysql/my.cnf', 'r'):
if line.strip().startswith('#'):
continue
if line.startswith('bind-address') and \
line.strip().endswith('0.0.0.0'):
return scanner.Result(scanner.FAIL, 'MySQL is listening on all addresses')
return scanner.Result(scanner.PASS, 'MySQL is not listening on all addresses')
def scan():
if not hasattr(ssl, 'PROTOCOL_SSLv2'):
return scanner.Result(scanner.ERROR, "SSLv2 Protocol not supported by Python")
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/ca_certs_file", ssl_version=ssl.PROTOCOL_SSLv2)
ssl_sock.connect(('127.0.0.1', 443))
ssl_sock.close()
return scanner.Result(scanner.FAIL, 'The webserver supports SSLv2, which is broken')
except ssl.SSLError, e:
return scanner.Result(scanner.NA, "Can't test for SSLv2: %s" % (str(e)))
def scan():
connection = httplib.HTTPConnection("127.0.0.1")
connection.request("HEAD", "/")
response = connection.getresponse()
fail = False
for header_name, header_value in response.getheaders():
if 'powered-by' in header_name.lower():
return scanner.Result(
scanner.FAIL,
'The webserver exposes backend software via X-Powered-By headder'
)
return scanner.Result(
scanner.PASS,
'The webserver does not exposes backend software via X-Powered-By headder'
)
def scan():
vm = False
vm_detect_map = [
('lspci', '.*vmware.*', ''),
('lspci', '.*virtualbox.*', 'VBoxService'),
('lscpu', '.*xen.*', ''),
('lscpu', '.*microsoft.*', ''),
]
for cmd, regex, agent_proc in vm_detect_map:
res = tools.cmd(cmd)
match = re.match(regex, res['stdout'], flags=re.IGNORECASE | re.DOTALL)
if match:
res_pidof = tools.cmd('pidof %s' % (agent_proc))
if res_pidof['exitcode'] != 0:
return scanner.Result(scanner.PASS, 'A vm agent is running')
else:
return scanner.Result(scanner.PASS, 'No vm agent is running')
return scanner.Result(scanner.NA, 'This doesn\'t appear to be a vm')
def scan():
tmp_dirs = [
'/tmp',
'/var/tmp',
]
result = scanner.Result()
for tmp_dir in tmp_dirs:
if not os.path.isdir(tmp_dir):
continue
tmp_dir_found = False
for line in file('/proc/mounts', 'r'):
if line.split()[1] == tmp_dir:
tmp_dir_found = True
if tmp_dir_found:
result.add(scanner.PASS, '%s is mounted separately' % tmp_dir)
else:
result.add(scanner.FAIL, '%s is not mounted separately' % tmp_dir)
return result
def scan():
tmp_dirs = [
'/tmp',
'/var/tmp',
]
result = scanner.Result()
for tmp_dir in tmp_dirs:
path = os.path.join(tmp_dir, 'whatswrong_tmp_tst')
try:
f = file(path, 'w')
f.write('#!/bin/sh\necho "test"')
f.close()
os.chmod(path, 0755)
res = tools.cmd(path)
if 'test' in res['stdout']:
result.add(scanner.FAIL,
'Executable files possible in: %s' % tmp_dir)
except IOError, e:
pass
if os.path.exists(path):
os.unlink(path)
def scan():
res = tools.cmd('pidof ntpd')
if res['exitcode'] != 0:
return scanner.Result(scanner.FAIL, 'NTPd is not running')
else:
return scanner.Result(scanner.PASS, 'NTPd is running')
import scanner
import httplib
import ssl
import socket
__ident__ = 'web::ssl::v2'
__severity__ = 5
__impact__ = 3
__cost_to_fix__ = 1
__fail_msg__ = 'The webserver supports SSLv2, which is broken'
__explanation__ = '''SSL v2 is no longer secure and should not be enabled'''
def scan():
if not hasattr(ssl, 'PROTOCOL_SSLv2'):
return scanner.Result(scanner.ERROR, "SSLv2 Protocol not supported by Python")
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/ca_certs_file", ssl_version=ssl.PROTOCOL_SSLv2)
ssl_sock.connect(('127.0.0.1', 443))
ssl_sock.close()
return scanner.Result(scanner.FAIL, 'The webserver supports SSLv2, which is broken')
except ssl.SSLError, e:
return scanner.Result(scanner.NA, "Can't test for SSLv2: %s" % (str(e)))
return scanner.Result(scanner.PASS, 'The webserver doesn\'t support SSLv3')
def scan():
tmp_dirs = [
'/tmp',
'/var/tmp',
]
result = scanner.Result()
for tmp_dir in tmp_dirs:
path = os.path.join(tmp_dir, 'whatswrong_tmp_tst')
try:
f = file(path, 'w')
f.write('#!/bin/sh\necho "test"')
f.close()
os.chmod(path, 0755)
res = tools.cmd(path)
if 'test' in res['stdout']:
result.add(scanner.FAIL,
'Executable files possible in: %s' % tmp_dir)
except IOError, e:
pass
if os.path.exists(path):
os.unlink(path)
if result:
return result
else:
return scanner.Result(scanner.PASS,
'No executables possible in tmp dirs')