def check_rule(self, ip, port, values, conf): c = ConfParser(conf) p = ScanParser(port, values) domain = p.get_domain() module = p.get_module() if not c.get_cfg_allow_bf(): return if port != 21 or 'ftp' not in module: return usernames = c.get_cfg_usernames() + known_users passwords = c.get_cfg_passwords() + known_weak for username in usernames: for password in passwords: if self.ftp_attack(ip, username, password): self.rule_details = 'FTP Server Credentials are set to: {}:{}'.format(username, password) rds.store_vuln({ 'ip':ip, 'port':port, 'domain':domain, 'rule_id':self.rule, 'rule_sev':self.rule_severity, 'rule_desc':self.rule_description, 'rule_confirm':self.rule_confirm, 'rule_details':self.rule_details, 'rule_mitigation':self.rule_mitigation }) return
def check_rule(self, ip, port, values, conf): c = ConfParser(conf) t = Triage() p = ScanParser(port, values) domain = p.get_domain() module = p.get_module() # When MongoDB authentication is enabled name=mongodb, when authentication is not enabled name=mongodb if port != 27017 or 'mongodb' not in module: return usernames = c.get_cfg_usernames() + known_users passwords = c.get_cfg_passwords() + known_weak # Check if MongoDB is configured with or without authentication if self.mongodb_attack(ip, port, None, None): js_data = { 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': 'Remote server with no authentication on MongoDB', 'rule_details': 'MongoDB is configured with no authentication', 'rule_mitigation': self.rule_mitigation } rds.store_vuln(js_data) return if not c.get_cfg_allow_bf(): return for username in usernames: for password in passwords: if self.mongodb_attack(ip, port, username, password): self.rule_details = 'MongoDB Credentials are set to: {}:{}'.format( username, password) js_data = { 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': self.rule_confirm, 'rule_details': self.rule_details, 'rule_mitigation': self.rule_mitigation } rds.store_vuln(js_data) return return
def check_rule(self, ip, port, values, conf): t = Triage() c = ConfParser(conf) p = ScanParser(port, values) module = p.get_module() domain = p.get_domain() if not c.get_cfg_allow_bf(): return if 'http' not in module: return usernames = c.get_cfg_usernames() + known_users passwords = c.get_cfg_passwords() + known_weak for uri in self.rule_doc_roots: resp = t.http_request(ip, port, uri=uri) if resp is not None and resp.status_code == 401: if 'WWW-Authenticate' in resp.headers and resp.headers[ 'WWW-Authenticate'].startswith('Basic'): for username in usernames: for password in passwords: auth_attempt = requests.get(resp.url, auth=HTTPBasicAuth( username, password)) if auth_attempt is not None and auth_attempt.status_code == 200: self.rule_details = 'Basic Authentication Credentials are set to {}:{} at {}'.format( username, password, uri) rds.store_vuln({ 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': self.rule_confirm, 'rule_details': self.rule_details, 'rule_mitigation': self.rule_mitigation }) return
def check_rule(self, ip, port, values, conf): c = ConfParser(conf) t = Triage() p = ScanParser(port, values) domain = p.get_domain() module = p.get_module() if not c.get_cfg_allow_bf(): return if port in ssh_ports or 'ssh' in module: usernames = c.get_cfg_usernames() + known_users passwords = c.get_cfg_passwords() + known_weak output = t.run_cmd( 'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"' .format(ip, port)) if output and 'password' in str(output): for username in usernames: for password in passwords: if self.ssh_attack(ip, port, username, password): self.rule_details = 'SSH Server Credentials are set to {}:{}'.format( username, password) rds.store_vuln({ 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': self.rule_confirm, 'rule_details': self.rule_details, 'rule_mitigation': self.rule_mitigation }) return