def checkLBCookie(host, port, ssl, useragent, timeout, f5enumeration, progOptions, url=""): f5 = 0 lbdetected = "" try: utils.printMessage("[*] Looking for known load balancers cookies", "info", progOptions) cookie = utils.getHTTPHeader(host, port, ssl, "set-cookie", useragent, timeout, progOptions, url) if cookie: # Lookup for some known cookies - Send me yours! if re.search("BIGipServer", cookie) or re.search('\d{8,10}\.\d{1,5}\.\d{4}', cookie): lbdetected = " [+] F5 load balancer detected" f5 = 1 elif re.search("KEMPID=", cookie): lbdetected = " [+] KEMP Technologies load balancer detected" elif re.search("ROUTEID:", cookie) or re.search("sticky-session=", cookie) or re.search("BALANCEID", cookie): lbdetected = " [+] mod_proxy_balancer load balancer detected" elif re.search("SERVERID=", cookie): lbdetected = " [+] HAProxy load balancer detected" elif re.search("ACE-Insert=", cookie): lbdetected = " [+] Cisco ACE load balancer detected" if re.search("Cisco Acceleration", cookie): lbdetected = " [+] Cisco ACE load balancer detected" if lbdetected != "": utils.printMessage(lbdetected, "plus", progOptions) if f5: utils.printMessage(" [*] Going to enumerate some internal IPs", "info", progOptions) try: for x in range(0, int(f5enumeration)): cookie = utils.getHTTPHeader(host, port, ssl, "set-cookie", useragent, timeout, progOptions) BIGIPCookieDecoder(cookie, progOptions) except NameError, e: utils.printMessage(" [-] Encoded cookie didn't have encoded info", "less", progOptions) if lbdetected == "": utils.printMessage(" [-] No known load balancer cookie detected", "less", progOptions)
def analyzeServerBanner(host, port, ssl, useragent, timeout, progOptions): """It makes few HTTP Get requests and look for known Server headers used in load balancers :param host: Host a analizar """ lb_detected = "" try: # Make x requests to get "server" header server_header = utils.getHTTPHeader(host, port, ssl, "server", useragent, timeout, progOptions) # A set is an unordered collection with no duplicate elements. # Basic uses include membership testing and eliminating duplicate entries (Python DOC) if server_header == "Cisco Acceleration": lb_detected = "Cisco ACE Accelerator" elif server_header == "BigIP": lb_detected = "F5 BigIP" except Exception, e: raise e
def analyzeHTTPTimestamp(host, port, ssl, nrequests, useragent, timeout, verbose, progOptions, url=""): try: utils.printMessage("[*] Looking for HTTP timestamps inconsistencies", "info", progOptions) timestamps = [] found = 0 utc_old = datetime.strptime('Thu, 03 Nov 1666 01:36:28', '%a, %d %b %Y %H:%M:%S') # Make x requests to detect inconsistencies for x in range(0,int(nrequests)): # Get only 'date' header header = utils.getHTTPHeader(host, port, ssl, "date", useragent, timeout, progOptions, url) if header: timestamp = re.search("(.+ \d{0,2}:\d{0,2}:\d{0,2})", header).group(1) # Convert date header to struct_time utc = datetime.strptime(timestamp, '%a, %d %b %Y %H:%M:%S') # If timestamp is greater than last then it's from another host if utc < utc_old: found = 1 utc_old = utc timestamps.append(utc) if len(timestamps) == 0: utils.printMessage(" [-] No HTTP timestamps received", "less", progOptions) return if not found: utils.printMessage(" [-] No HTTP timestamps inconsitencies found", "less", progOptions) else: utils.printMessage(" [+] Timestamp inconsistency found", "plus", progOptions) # Convert datetime to UNIX timestamp for index, timestamp in enumerate(timestamps): timestamps[index] = int(time.mktime(timestamp.timetuple())) if verbose: utils.printMessage(" [v] Timestamps received: %s" %str(timestamps), "verbose", progOptions) except KeyboardInterrupt: utils.printMessage("[!] Aborted by user...", "error", progOptions) sys.exit() except Exception, e: print str(e) sys.exit()
def analyzeServerBannerDiff(host, port, ssl, nrequests, useragent, timeout, progOptions, url=""): servers = [] try: utils.printMessage("[*] Looking for banner inconsistencies", "info", progOptions) # Make x requests to get "server" header for x in range(0,nrequests): header = utils.getHTTPHeader(host, port, ssl, "server", useragent, timeout, progOptions, url) if header: servers.append(header.rstrip()) # A set is an unordered collection with no duplicate elements. # Basic uses include membership testing and eliminating duplicate entries (Python DOC) if len(set(servers)) > 1: utils.printMessage(" [+] Multiple HTTP server banners found", "plus", progOptions) for server in servers: utils.printMessage(" <-> %s" %server, "plus", progOptions) else: utils.printMessage(" [-] No banner inconsistencies found", "less", progOptions) except KeyboardInterrupt: utils.printMessage("[!] Aborted by user...", "error", progOptions) sys.exit() except Exception, e: print str(e) sys.exit()