def check(self): # Interface 1: admin-console r = Requester.get('{}/admin-console/login.seam'.format(self.url)) if r.status_code == 200: self.interface = 'admin-console' self.interface_url = '{}/admin-console/login.seam'.format(self.url) logger.info('Jboss authentication interface detected: {}'.format( self.interface_url)) return True # Interface 2: jmx-console auth_type = Requester.get_http_auth_type('{}/jmx-console/'.format( self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'jmx-console' self.interface_url = '{}/jmx-console/'.format(self.url) self.http_auth_type = auth_type logger.info('Jboss jmx-console interface detected: {}'.format( self.interface_url)) return True # Interface 3: web-console auth_type = Requester.get_http_auth_type('{}/web-console/'.format( self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'web-console' self.interface_url = '{}/web-console/'.format(self.url) self.http_auth_type = auth_type logger.info('Jboss web-console interface detected: {}'.format( self.interface_url)) return True # Interface 4: management auth_type = Requester.get_http_auth_type('{}/management/'.format( self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'management' self.interface_url = '{}/management/'.format(self.url) self.http_auth_type = auth_type logger.info('Jboss management interface detected: {}'.format( self.interface_url)) return True # Interface 5: management 2 r = Requester.get('{}/console'.format(self.url)) if r.status_code == 200: tmp = r.url[:r.url.rindex('/')] self.interface_url = '{0}/management'.format(tmp[:tmp.rindex('/')]) auth_type = Requester.get_http_auth_type(self.interface_url) if auth_type is not AuthMode.UNKNOWN: self.interface = 'management' self.http_auth_type = auth_type logger.info('Jboss management interface detected: {}'.format( self.interface_url)) return True logger.error('No Jboss authentication interface detected') return False
def check(self): auth_type = Requester.get_http_auth_type('{}/'.format(self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'htaccess' self.interface_url = '{}/'.format(self.url) self.http_auth_type = auth_type logger.info('HTTP Authentication detected: {}'.format( self.interface_url)) return True logger.error('No HTTP authentication interface detected') return False
def check(self): auth_type = Requester.get_http_auth_type('{}/management/domain'.format( self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'glassfish-admin' self.interface_url = '{}/management/domain'.format(self.url) self.http_auth_type = auth_type logger.info('Glassfish admin interface detected: {}'.format( self.interface_url)) return True logger.error('No Glassfish authentication interface detected') return False
def check(self): auth_type = Requester.get_http_auth_type('{}/manager/html'.format(self.url)) if auth_type is not AuthMode.UNKNOWN: self.interface = 'tomcat-manager' self.interface_url = '{}/manager/html'.format(self.url) self.http_auth_type = auth_type logger.info('Tomcat Manager interface detected: {}'.format( self.interface_url)) logger.warning('Warning: By default, Tomcat has an account lockout ' \ 'feature (max 5 failures, lockout duration of 300s)') return True logger.error('No Tomcat authentication interface detected') return False