def scan(): php_inis = [ '/etc/php5/apache2/php.ini', '/etc/php5/cli/php.ini', ] if not os.path.isdir('/etc/php5'): return scanner.Result(scanner.NA, 'PHP not found') failed = [] passed = [] for php_ini in php_inis: file(php_ini, 'r').read() # Test file read access. Throws exception if failed. code = "echo(ini_get('display_errors'));" res = tools.cmd('php -c %s -r "%s"' % (php_ini, code)) if res['stderr']: raise scanner.ScanError('%s: %s' % (php_ini, res['stderr'].replace('\n', ''))) elif len(res['stdout']) > 6: raise scanner.ScanError('%s: %s' % (php_ini, res['stdout'].replace('\n', ''))) elif res['stdout'] != '' and res['stdout'] != '0' and res[ 'stdout'] != 'STDOUT': failed.append('%s has display_errors on' % (php_ini)) else: passed.append('%s does not have display_errors on' % (php_ini)) if failed: return scanner.Result(scanner.FAIL, ', '.join(failed)) else: return scanner.Result(scanner.PASS, ', '.join(passed))
def scan(): res = tools.cmd('mysql -u root -h 127.0.0.1 -e "exit" ') if 'access denied' in res['stderr'].lower(): return scanner.Result(scanner.PASS, 'The MySQL root account has a password') return scanner.Result(scanner.FAIL, 'The MySQL root account has no password')
def scan(): fc = file('/etc/ssh/sshd_config', 'r').read().lower() matches = re.findall('.*permitemptypasswords.*', fc) if matches and matches[0].endswith('yes'): return scanner.Result(scanner.FAIL, 'The SSH server allows empty passwords') else: return scanner.Result(scanner.PASS, 'The SSH server does not allow empty passwords')
def scan(): fc = file('/etc/ssh/sshd_config', 'r').read().lower() matches = re.findall('.*permitrootlogin.*', fc) if matches and matches[0].strip().endswith('yes'): return scanner.Result(scanner.FAIL, 'SSH allows remote root logins') else: return scanner.Result(scanner.PASS, 'SSH does not allow remote root logins')
def scan(): connection = httplib.HTTPConnection("127.0.0.1") connection.request("GET", "/index.html") response = connection.getresponse() match = re.match('.*[0-9]+\..*', response.getheader('server', '').lower()) if match: return scanner.Result( scanner.FAIL, 'The webserver exposes a header with version number') return scanner.Result( scanner.PASS, 'The webserver doesn\'t exposes a header with version number')
def scan(): found = 0 for line in file('/etc/mysql/my.cnf', 'r'): if line.strip().startswith('#'): continue if line.startswith('bind-address') and \ line.strip().endswith('0.0.0.0'): return scanner.Result(scanner.FAIL, 'MySQL is listening on all addresses') return scanner.Result(scanner.PASS, 'MySQL is not listening on all addresses')
def scan(): if not hasattr(ssl, 'PROTOCOL_SSLv2'): return scanner.Result(scanner.ERROR, "SSLv2 Protocol not supported by Python") try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/ca_certs_file", ssl_version=ssl.PROTOCOL_SSLv2) ssl_sock.connect(('127.0.0.1', 443)) ssl_sock.close() return scanner.Result(scanner.FAIL, 'The webserver supports SSLv2, which is broken') except ssl.SSLError, e: return scanner.Result(scanner.NA, "Can't test for SSLv2: %s" % (str(e)))
def scan(): connection = httplib.HTTPConnection("127.0.0.1") connection.request("HEAD", "/") response = connection.getresponse() fail = False for header_name, header_value in response.getheaders(): if 'powered-by' in header_name.lower(): return scanner.Result( scanner.FAIL, 'The webserver exposes backend software via X-Powered-By headder' ) return scanner.Result( scanner.PASS, 'The webserver does not exposes backend software via X-Powered-By headder' )
def scan(): vm = False vm_detect_map = [ ('lspci', '.*vmware.*', ''), ('lspci', '.*virtualbox.*', 'VBoxService'), ('lscpu', '.*xen.*', ''), ('lscpu', '.*microsoft.*', ''), ] for cmd, regex, agent_proc in vm_detect_map: res = tools.cmd(cmd) match = re.match(regex, res['stdout'], flags=re.IGNORECASE | re.DOTALL) if match: res_pidof = tools.cmd('pidof %s' % (agent_proc)) if res_pidof['exitcode'] != 0: return scanner.Result(scanner.PASS, 'A vm agent is running') else: return scanner.Result(scanner.PASS, 'No vm agent is running') return scanner.Result(scanner.NA, 'This doesn\'t appear to be a vm')
def scan(): tmp_dirs = [ '/tmp', '/var/tmp', ] result = scanner.Result() for tmp_dir in tmp_dirs: if not os.path.isdir(tmp_dir): continue tmp_dir_found = False for line in file('/proc/mounts', 'r'): if line.split()[1] == tmp_dir: tmp_dir_found = True if tmp_dir_found: result.add(scanner.PASS, '%s is mounted separately' % tmp_dir) else: result.add(scanner.FAIL, '%s is not mounted separately' % tmp_dir) return result
def scan(): tmp_dirs = [ '/tmp', '/var/tmp', ] result = scanner.Result() for tmp_dir in tmp_dirs: path = os.path.join(tmp_dir, 'whatswrong_tmp_tst') try: f = file(path, 'w') f.write('#!/bin/sh\necho "test"') f.close() os.chmod(path, 0755) res = tools.cmd(path) if 'test' in res['stdout']: result.add(scanner.FAIL, 'Executable files possible in: %s' % tmp_dir) except IOError, e: pass if os.path.exists(path): os.unlink(path)
def scan(): res = tools.cmd('pidof ntpd') if res['exitcode'] != 0: return scanner.Result(scanner.FAIL, 'NTPd is not running') else: return scanner.Result(scanner.PASS, 'NTPd is running')
import scanner import httplib import ssl import socket __ident__ = 'web::ssl::v2' __severity__ = 5 __impact__ = 3 __cost_to_fix__ = 1 __fail_msg__ = 'The webserver supports SSLv2, which is broken' __explanation__ = '''SSL v2 is no longer secure and should not be enabled''' def scan(): if not hasattr(ssl, 'PROTOCOL_SSLv2'): return scanner.Result(scanner.ERROR, "SSLv2 Protocol not supported by Python") try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/ca_certs_file", ssl_version=ssl.PROTOCOL_SSLv2) ssl_sock.connect(('127.0.0.1', 443)) ssl_sock.close() return scanner.Result(scanner.FAIL, 'The webserver supports SSLv2, which is broken') except ssl.SSLError, e: return scanner.Result(scanner.NA, "Can't test for SSLv2: %s" % (str(e))) return scanner.Result(scanner.PASS, 'The webserver doesn\'t support SSLv3')
def scan(): tmp_dirs = [ '/tmp', '/var/tmp', ] result = scanner.Result() for tmp_dir in tmp_dirs: path = os.path.join(tmp_dir, 'whatswrong_tmp_tst') try: f = file(path, 'w') f.write('#!/bin/sh\necho "test"') f.close() os.chmod(path, 0755) res = tools.cmd(path) if 'test' in res['stdout']: result.add(scanner.FAIL, 'Executable files possible in: %s' % tmp_dir) except IOError, e: pass if os.path.exists(path): os.unlink(path) if result: return result else: return scanner.Result(scanner.PASS, 'No executables possible in tmp dirs')