def checkLBCookie(host, port, ssl, useragent, timeout, f5enumeration, progOptions, url=""):
f5 = 0
lbdetected = ""
try:
utils.printMessage("[*] Looking for known load balancers cookies", "info", progOptions)
cookie = utils.getHTTPHeader(host, port, ssl, "set-cookie", useragent, timeout, progOptions, url)
if cookie:
# Lookup for some known cookies - Send me yours!
if re.search("BIGipServer", cookie) or re.search('\d{8,10}\.\d{1,5}\.\d{4}', cookie):
lbdetected = " [+] F5 load balancer detected"
f5 = 1
elif re.search("KEMPID=", cookie):
lbdetected = " [+] KEMP Technologies load balancer detected"
elif re.search("ROUTEID:", cookie) or re.search("sticky-session=", cookie) or re.search("BALANCEID", cookie):
lbdetected = " [+] mod_proxy_balancer load balancer detected"
elif re.search("SERVERID=", cookie):
lbdetected = " [+] HAProxy load balancer detected"
elif re.search("ACE-Insert=", cookie):
lbdetected = " [+] Cisco ACE load balancer detected"
if re.search("Cisco Acceleration", cookie):
lbdetected = " [+] Cisco ACE load balancer detected"
if lbdetected != "":
utils.printMessage(lbdetected, "plus", progOptions)
if f5:
utils.printMessage(" [*] Going to enumerate some internal IPs", "info", progOptions)
try:
for x in range(0, int(f5enumeration)):
cookie = utils.getHTTPHeader(host, port, ssl, "set-cookie", useragent, timeout, progOptions)
BIGIPCookieDecoder(cookie, progOptions)
except NameError, e:
utils.printMessage(" [-] Encoded cookie didn't have encoded info", "less", progOptions)
if lbdetected == "":
utils.printMessage(" [-] No known load balancer cookie detected", "less", progOptions)
def analyzeServerBanner(host, port, ssl, useragent, timeout, progOptions):
"""It makes few HTTP Get requests and look for known Server headers used in load balancers
:param host: Host a analizar
"""
lb_detected = ""
try:
# Make x requests to get "server" header
server_header = utils.getHTTPHeader(host, port, ssl, "server", useragent, timeout, progOptions)
# A set is an unordered collection with no duplicate elements.
# Basic uses include membership testing and eliminating duplicate entries (Python DOC)
if server_header == "Cisco Acceleration":
lb_detected = "Cisco ACE Accelerator"
elif server_header == "BigIP":
lb_detected = "F5 BigIP"
except Exception, e:
raise e
def analyzeHTTPTimestamp(host, port, ssl, nrequests, useragent, timeout, verbose, progOptions, url=""):
try:
utils.printMessage("[*] Looking for HTTP timestamps inconsistencies", "info", progOptions)
timestamps = []
found = 0
utc_old = datetime.strptime('Thu, 03 Nov 1666 01:36:28', '%a, %d %b %Y %H:%M:%S')
# Make x requests to detect inconsistencies
for x in range(0,int(nrequests)):
# Get only 'date' header
header = utils.getHTTPHeader(host, port, ssl, "date", useragent, timeout, progOptions, url)
if header:
timestamp = re.search("(.+ \d{0,2}:\d{0,2}:\d{0,2})", header).group(1)
# Convert date header to struct_time
utc = datetime.strptime(timestamp, '%a, %d %b %Y %H:%M:%S')
# If timestamp is greater than last then it's from another host
if utc < utc_old:
found = 1
utc_old = utc
timestamps.append(utc)
if len(timestamps) == 0:
utils.printMessage(" [-] No HTTP timestamps received", "less", progOptions)
return
if not found:
utils.printMessage(" [-] No HTTP timestamps inconsitencies found", "less", progOptions)
else:
utils.printMessage(" [+] Timestamp inconsistency found", "plus", progOptions)
# Convert datetime to UNIX timestamp
for index, timestamp in enumerate(timestamps):
timestamps[index] = int(time.mktime(timestamp.timetuple()))
if verbose:
utils.printMessage(" [v] Timestamps received: %s" %str(timestamps), "verbose", progOptions)
except KeyboardInterrupt:
utils.printMessage("[!] Aborted by user...", "error", progOptions)
sys.exit()
except Exception, e:
print str(e)
sys.exit()
def analyzeServerBannerDiff(host, port, ssl, nrequests, useragent, timeout, progOptions, url=""):
servers = []
try:
utils.printMessage("[*] Looking for banner inconsistencies", "info", progOptions)
# Make x requests to get "server" header
for x in range(0,nrequests):
header = utils.getHTTPHeader(host, port, ssl, "server", useragent, timeout, progOptions, url)
if header:
servers.append(header.rstrip())
# A set is an unordered collection with no duplicate elements.
# Basic uses include membership testing and eliminating duplicate entries (Python DOC)
if len(set(servers)) > 1:
utils.printMessage(" [+] Multiple HTTP server banners found", "plus", progOptions)
for server in servers:
utils.printMessage(" <-> %s" %server, "plus", progOptions)
else:
utils.printMessage(" [-] No banner inconsistencies found", "less", progOptions)
except KeyboardInterrupt:
utils.printMessage("[!] Aborted by user...", "error", progOptions)
sys.exit()
except Exception, e:
print str(e)
sys.exit()
