def check(self):
# Interface 1: admin-console
r = Requester.get('{}/admin-console/login.seam'.format(self.url))
if r.status_code == 200:
self.interface = 'admin-console'
self.interface_url = '{}/admin-console/login.seam'.format(self.url)
logger.info('Jboss authentication interface detected: {}'.format(
self.interface_url))
return True
# Interface 2: jmx-console
auth_type = Requester.get_http_auth_type('{}/jmx-console/'.format(
self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'jmx-console'
self.interface_url = '{}/jmx-console/'.format(self.url)
self.http_auth_type = auth_type
logger.info('Jboss jmx-console interface detected: {}'.format(
self.interface_url))
return True
# Interface 3: web-console
auth_type = Requester.get_http_auth_type('{}/web-console/'.format(
self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'web-console'
self.interface_url = '{}/web-console/'.format(self.url)
self.http_auth_type = auth_type
logger.info('Jboss web-console interface detected: {}'.format(
self.interface_url))
return True
# Interface 4: management
auth_type = Requester.get_http_auth_type('{}/management/'.format(
self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'management'
self.interface_url = '{}/management/'.format(self.url)
self.http_auth_type = auth_type
logger.info('Jboss management interface detected: {}'.format(
self.interface_url))
return True
# Interface 5: management 2
r = Requester.get('{}/console'.format(self.url))
if r.status_code == 200:
tmp = r.url[:r.url.rindex('/')]
self.interface_url = '{0}/management'.format(tmp[:tmp.rindex('/')])
auth_type = Requester.get_http_auth_type(self.interface_url)
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'management'
self.http_auth_type = auth_type
logger.info('Jboss management interface detected: {}'.format(
self.interface_url))
return True
logger.error('No Jboss authentication interface detected')
return False
def check(self):
auth_type = Requester.get_http_auth_type('{}/'.format(self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'htaccess'
self.interface_url = '{}/'.format(self.url)
self.http_auth_type = auth_type
logger.info('HTTP Authentication detected: {}'.format(
self.interface_url))
return True
logger.error('No HTTP authentication interface detected')
return False
def check(self):
auth_type = Requester.get_http_auth_type('{}/management/domain'.format(
self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'glassfish-admin'
self.interface_url = '{}/management/domain'.format(self.url)
self.http_auth_type = auth_type
logger.info('Glassfish admin interface detected: {}'.format(
self.interface_url))
return True
logger.error('No Glassfish authentication interface detected')
return False
def check(self):
auth_type = Requester.get_http_auth_type('{}/manager/html'.format(self.url))
if auth_type is not AuthMode.UNKNOWN:
self.interface = 'tomcat-manager'
self.interface_url = '{}/manager/html'.format(self.url)
self.http_auth_type = auth_type
logger.info('Tomcat Manager interface detected: {}'.format(
self.interface_url))
logger.warning('Warning: By default, Tomcat has an account lockout ' \
'feature (max 5 failures, lockout duration of 300s)')
return True
logger.error('No Tomcat authentication interface detected')
return False
