示例#1
0
 def check_rule(self, ip, port, values, conf):
   t = Triage()
   c = ConfParser(conf)
   p = ScanParser(port, values)
   
   domain  = p.get_domain()
   module  = p.get_module()
   product = p.get_product()
   
   if not 'F5 BIG-IP' in product or not 'BigIP' in product:
     return
       
   resp = t.http_request(ip, port, uri='/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd')
   
   if resp is None:
     return
   
   if 'root:x:0:0' in resp.text:
     self.rule_details = 'F5 BIGIP Vulnerability - CVE-2020-5902'
     js_data = {
               'ip':ip,
               'port':port,
               'domain':domain,
               'rule_id':self.rule,
               'rule_sev':self.rule_severity,
               'rule_desc':self.rule_description,
               'rule_confirm':self.rule_confirm,
               'rule_details':self.rule_details,
               'rule_mitigation':self.rule_mitigation
     }
             
     rds.store_vuln(js_data)
   
   return
示例#2
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' in module:
            for uri, values in self.rule_match_string.items():
                app_name = values['app']
                app_title = values['title']

                resp = t.http_request(ip, port, uri=uri)

                if resp is not None:
                    for match in values['match']:
                        if match in resp.text:
                            self.rule_details = 'Exposed {} at {}'.format(
                                app_title, uri)
                            js_data = {
                                'ip': ip,
                                'port': port,
                                'domain': domain,
                                'rule_id': self.rule,
                                'rule_sev': self.rule_severity,
                                'rule_desc': self.rule_description,
                                'rule_confirm': self.rule_confirm,
                                'rule_details': self.rule_details,
                                'rule_mitigation': self.rule_mitigation
                            }
                            rds.store_vuln(js_data)
                            break

        return
示例#3
0
  def check_rule(self, ip, port, values, conf):
    t = Triage()
    p = ScanParser(port, values)
    
    domain = p.get_domain()
    module = p.get_module()
    
    if 'http' not in module:
      return
    
    resp = t.http_request(ip, port, uri='/.svn/text-base')

    if resp and 'Index of /' in resp.text:
      self.rule_details = 'SVN Repository exposed at {}'.format(resp.url)
      rds.store_vuln({
        'ip':ip,
        'port':port,
        'domain':domain,
        'rule_id':self.rule,
        'rule_sev':self.rule_severity,
        'rule_desc':self.rule_description,
        'rule_confirm':self.rule_confirm,
        'rule_details':self.rule_details,
        'rule_mitigation':self.rule_mitigation
      })
    
    return
示例#4
0
 def check_rule(self, ip, port, values, conf):
   c = ConfParser(conf)
   t = Triage()
   p = ScanParser(port, values)
   
   domain  = p.get_domain()
   
   if port in ssh_ports and t.is_ssh(ip, port):
     output = t.run_cmd('ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'.format(ip, port))
     if output and 'password' in str(output): 
       self.rule_details = p.get_product()
       
       js_data = {
         'ip':ip,
         'port':port,
         'domain':domain,
         'rule_id':self.rule,
         'rule_sev':self.rule_severity,
         'rule_desc':self.rule_description,
         'rule_confirm':self.rule_confirm,
         'rule_details':self.rule_details,
         'rule_mitigation':self.rule_mitigation
       }
       
       rds.store_vuln(js_data)
   
   return
示例#5
0
 def check_rule(self, ip, port, values, conf):
   c = ConfParser(conf)
   p = ScanParser(port, values)
   t = Triage()
   
   domain = p.get_domain()
   module = p.get_module()
   
   if 'http' not in module:
     return
  
   resp = t.http_request(ip, port)
   
   for app, val in self.rule_match_string.items():
     app_name = val['app']
     app_title = val['title']
           
     for match in val['match']:  
       if resp and t.string_in_headers(resp, match):
         self.rule_details = '{} - ({})'.format(app, app_title)
         js_data = {
             'ip':ip,
             'port':port,
             'domain':domain,
             'rule_id':self.rule,
             'rule_sev':self.rule_severity,
             'rule_desc':self.rule_description,
             'rule_details':self.rule_details,
             'rule_mitigation':self.rule_mitigation
           }
         rds.store_vuln(js_data)
   return 
  def check_rule(self, ip, port, values, conf):
    t = Triage()
    p = ScanParser(port, values)
    
    domain  = p.get_domain()
    module  = p.get_module()
    
    if 'http' not in module:
      return
    
    resp = None
    
    if domain:
      resp = t.http_request(domain, port, headers={'Origin':'null'})
    else:
      resp = t.http_request(ip, port, headers={'Origin':'null'})
    
    if resp is None:
      return
    
    if 'Access-Control-Allow-Origin' in resp.headers and resp.headers['Access-Control-Allow-Origin'] == 'null':
      self.rule_details = 'Remote Server accepted a NULL origin. Header used: "Origin: null"'
      rds.store_vuln({
                'ip':ip,
                'port':port,
                'domain':domain,
                'rule_id':self.rule,
                'rule_sev':self.rule_severity,
                'rule_desc':self.rule_description,
                'rule_confirm':self.rule_confirm,
                'rule_details':self.rule_details,
                'rule_mitigation':self.rule_mitigation
              })

    return
示例#7
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if port in ssh_ports and 'ssh' in module.lower():
            output = t.run_cmd(
                'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'
                .format(ip, port))
            if output and 'password' in str(output):
                self.rule_details = 'Server accepts passwords as an authentication option'
                rds.store_vuln({
                    'ip': ip,
                    'port': port,
                    'domain': domain,
                    'rule_id': self.rule,
                    'rule_sev': self.rule_severity,
                    'rule_desc': self.rule_description,
                    'rule_confirm': self.rule_confirm,
                    'rule_details': self.rule_details,
                    'rule_mitigation': self.rule_mitigation
                })

        return
示例#8
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        payload = '%0d%0aset-cookie:foo=inserted_by_vulnscannerflask'
        resp = t.http_request(ip,
                              port,
                              follow_redirects=False,
                              uri='/' + payload)

        if resp is None:
            return

        if 'set-cookie' in resp.headers and 'inserted_by_vulnscannerflask' in resp.headers[
                'set-cookie']:
            self.rule_details = 'Identified CRLF Injection by inserting a Set-Cookie header'
            rds.store_vuln({
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            })

        return
示例#9
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = t.http_request(ip, port, uri='/xmlrpc.php')
        if resp is not None and resp.status_code == 405:
            self.rule_details = 'Server responded to a GET request at /xmlrpc.php with status code: 405'
            rds.store_vuln({
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            })

        return
示例#10
0
  def check_rule(self, ip, port, values, conf):
    c = ConfParser(conf)
    t = Triage()
    p = ScanParser(port, values)
    
    module = p.get_module()
    domain = p.get_domain()

    if 'http' not in module: 
      return
    resp = None

    for uri in self.uris:
      resp = t.http_request(ip, port, uri=uri)
      if resp:
        for match in ('C=N;O=D', 'Index of /'):
          if match in resp.text:
            self.rule_details = 'Found Open Directory at {}'.format(uri)
            js_data = {
              'ip':ip,
              'port':port,
              'domain':domain,
              'rule_id':self.rule,
              'rule_sev':self.rule_severity,
              'rule_desc':self.rule_description,
              'rule_confirm':self.rule_confirm,
              'rule_details':self.rule_details,
              'rule_mitigation':self.rule_mitigation
            }
            rds.store_vuln(js_data)
            break
    
    return
示例#11
0
    def check_rule(self, ip, port, values, conf):
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if port != 6379 or module == 'redis':
            return

        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((ip, port))
            s.sendall(b'INFO\n')
            data = s.recv(1024)

            if data and 'redis_version' in str(data):
                self.rule_details = 'Redis is open and exposes the following: ..snip.. {} ..snip..'.format(
                    str(data)[0:100])
                rds.store_vuln({
                    'ip': ip,
                    'port': port,
                    'domain': domain,
                    'rule_id': self.rule,
                    'rule_sev': self.rule_severity,
                    'rule_desc': self.rule_description,
                    'rule_confirm': self.rule_confirm,
                    'rule_details': self.rule_details,
                    'rule_mitigation': self.rule_mitigation
                })
                return
        except:
            pass

        return
示例#12
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()

        if port in ftp_ports:
            self.rule_details = 'Open Port: {} ({})'.format(
                port, ftp_ports[port])

            js_data = {
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            }

            rds.store_vuln(js_data)

        return
示例#13
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = None

        for uri in self.uris:
            resp = t.http_request(ip, port, uri=uri + '/.git/HEAD')

            if resp and resp.text.startswith('ref:'):
                self.rule_details = 'Identified a git repository at {}'.format(
                    resp.url)
                rds.store_vuln({
                    'ip': ip,
                    'port': port,
                    'domain': domain,
                    'rule_id': self.rule,
                    'rule_sev': self.rule_severity,
                    'rule_desc': self.rule_description,
                    'rule_confirm': self.rule_confirm,
                    'rule_details': self.rule_details,
                    'rule_mitigation': self.rule_mitigation
                })

        return
示例#14
0
    def check_rule(self, ip, port, values, conf):
        h = Helper()
        p = ScanParser(port, values)

        domain = p.get_domain()

        known = False

        for ports in known_ports:
            if port in ports:
                known = True

        if not known:
            self.rule_details = 'Server is listening on remote port: {} ({})'.format(
                port, h.portTranslate(port))
            rds.store_vuln({
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            })

        return
示例#15
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()
        cpe = p.get_cpe()

        if not cpe:
            return

        if not c.get_cfg_allow_inet():
            return

        if 'http' not in module:
            return

        if t.has_cves(cpe):
            self.rule_details = 'List of Vulnerabilities for this version: https://nvd.nist.gov/vuln/search/results?cpe_version={}'.format(
                cpe)
            js_data = {
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            }
            rds.store_vuln(js_data)

        return
示例#16
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()
        product = p.get_product()

        if module == 'http' or port in http_ports:
            resp = t.http_request(ip, port, follow_redirects=False)

            if resp:
                form = self.contains_password_form(resp.text)
                if form:
                    if not resp.url.startswith('https://'):
                        self.rule_details = 'Login Page over HTTP'
                        js_data = {
                            'ip': ip,
                            'port': port,
                            'domain': domain,
                            'rule_id': self.rule,
                            'rule_sev': self.rule_severity,
                            'rule_desc': self.rule_description,
                            'rule_confirm': self.rule_confirm,
                            'rule_details': self.rule_details,
                            'rule_mitigation': self.rule_mitigation
                        }
                        rds.store_vuln(js_data)
                        return
示例#17
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        module = p.get_module()
        domain = p.get_domain()

        if 'http' in module:
            resp = t.http_request(ip,
                                  port,
                                  uri='/server.js',
                                  follow_redirects=False)

            if resp is None:
                return

            for i in self.rule_match_string:
                if i in resp.text:
                    self.rule_details = 'Identified a NodeJS Leakage Indicator: {}'.format(
                        i)
                    js_data = {
                        'ip': ip,
                        'port': port,
                        'domain': domain,
                        'rule_id': self.rule,
                        'rule_sev': self.rule_severity,
                        'rule_desc': self.rule_description,
                        'rule_confirm': self.rule_confirm,
                        'rule_details': self.rule_details,
                        'rule_mitigation': self.rule_mitigation
                    }

                    rds.store_vuln(js_data)
        return
示例#18
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        for uri in self.rule_doc_roots:

            resp = t.http_request(ip, port, uri=uri)

            if resp is not None and resp.status_code == 401:
                if 'WWW-Authenticate' in resp.headers:
                    header = resp.headers['WWW-Authenticate']
                    if header.startswith('Basic'):
                        self.rule_details = '{} at {}'.format(
                            self.rule_confirm, uri)
                        js_data = {
                            'ip': ip,
                            'port': port,
                            'domain': domain,
                            'rule_id': self.rule,
                            'rule_sev': self.rule_severity,
                            'rule_desc': self.rule_description,
                            'rule_confirm': self.rule_confirm,
                            'rule_details': self.rule_details,
                            'rule_mitigation': self.rule_mitigation
                        }
                        rds.store_vuln(js_data)

        return
示例#19
0
  def check_rule(self, ip, port, values, conf):
    t = Triage()
    p = ScanParser(port, values)

    domain = p.get_domain()
    module = p.get_module()

    if 'http' not in module:
      return

    resp = t.http_request(ip, port, uri='/_vti_inf.html')
    
    if not resp:
      return
    
    if 'Content-Length' in resp.headers and resp.headers['Content-Length'] == '247':
      self.rule_details = 'Exposed FrontPage at {}'.format(resp.url)
      rds.store_vuln({
        'ip': ip,
        'port': port,
        'domain': domain,
        'rule_id': self.rule,
        'rule_sev': self.rule_severity,
        'rule_desc': self.rule_description,
        'rule_confirm': self.rule_confirm,
        'rule_details': self.rule_details,
        'rule_mitigation': self.rule_mitigation
      })

    return
示例#20
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = t.http_request(ip, port, uri='/')

        if resp is None:
            return

        for app, val in self.rule_match_string.items():
            app_title = val['title']

            for match in val['match']:
                if match in resp.text:
                    self.rule_details = 'Identified a default page: {} Indicator: "{}" ({})'.format(
                        resp.url, match, app_title)
                    rds.store_vuln({
                        'ip': ip,
                        'port': port,
                        'domain': domain,
                        'rule_id': self.rule,
                        'rule_sev': self.rule_severity,
                        'rule_desc': self.rule_description,
                        'rule_confirm': self.rule_confirm,
                        'rule_details': self.rule_details,
                        'rule_mitigation': self.rule_mitigation
                    })

        return
示例#21
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = t.http_request(ip, port, uri='/wp-content/uploads/')

        if resp and 'Index of /wp-content/uploads' in resp.text:
            self.rule_details = 'Found Uploads Directory at {}'.format(
                resp.url)
            rds.store_vuln({
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            })

        return
示例#22
0
    def check_rule(self, ip, port, values, conf):
        p = ScanParser(port, values)
        t = Triage()

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = t.http_request(ip, port)

        for _, val in self.rule_match_string.items():
            app_title = val['title']

            for match in val['match']:
                if resp and t.string_in_headers(resp, match):
                    self.rule_details = 'Exposed {} at {}'.format(
                        app_title, resp.url)
                    rds.store_vuln({
                        'ip': ip,
                        'port': port,
                        'domain': domain,
                        'rule_id': self.rule,
                        'rule_sev': self.rule_severity,
                        'rule_desc': self.rule_description,
                        'rule_details': self.rule_details,
                        'rule_mitigation': self.rule_mitigation
                    })
                    break
        return
示例#23
0
 def check_rule(self, ip, port, values, conf):
   c = ConfParser(conf)
   p = ScanParser(port, values)
   
   domain = p.get_domain()
   module = p.get_module()
   
   if not c.get_cfg_allow_bf():
     return
   
   if port != 21 or 'ftp' not in module:
     return
   
   usernames = c.get_cfg_usernames() + known_users
   passwords = c.get_cfg_passwords() + known_weak
   
   for username in usernames:
     for password in passwords:
       if self.ftp_attack(ip, username, password):
         self.rule_details = 'FTP Server Credentials are set to: {}:{}'.format(username, password)
         rds.store_vuln({
           'ip':ip,
           'port':port,
           'domain':domain,
           'rule_id':self.rule,
           'rule_sev':self.rule_severity,
           'rule_desc':self.rule_description,
           'rule_confirm':self.rule_confirm,
           'rule_details':self.rule_details,
           'rule_mitigation':self.rule_mitigation
         })
     
   return
示例#24
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()
        module = p.get_module()

        if 'http' not in module:
            return

        resp = None

        for uri in self.uris:
            resp = t.http_request(ip, port, uri=uri + '/.idea/workspace.xml')
            if resp:
                for match in self.rule_match_string:
                    if match in resp.text:
                        self.rule_details = 'Found Intelli IDEA files at {}/.idea/workspace.xml'.format(
                            uri)
                        js_data = {
                            'ip': ip,
                            'port': port,
                            'domain': domain,
                            'rule_id': self.rule,
                            'rule_sev': self.rule_severity,
                            'rule_desc': self.rule_description,
                            'rule_confirm': self.rule_confirm,
                            'rule_details': self.rule_details,
                            'rule_mitigation': self.rule_mitigation
                        }
                        rds.store_vuln(js_data)
        return
示例#25
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()

        if not domain:
            return

        resp = t.http_request(domain, port)

        if resp is None:
            return

        if resp.status_code == 404 and 'NoSuchBucket' in resp.text:
            self.rule_details = 'S3 Takeover at {}'.format(domain)
            js_data = {
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            }
            rds.store_vuln(js_data)

        return
示例#26
0
    def check_rule(self, ip, port, values, conf):
        c = ConfParser(conf)
        t = Triage()
        h = Helper()
        p = ScanParser(port, values)

        domain = p.get_domain()

        known = False

        for ports in known_ports:
            if port in ports:
                known = True

        if not known:
            self.rule_details = 'Open Port: {} ({})'.format(
                port, h.portTranslate(port))

            js_data = {
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            }
            rds.store_vuln(js_data)

        return
示例#27
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        domain = p.get_domain()

        if port != 10043:
            return

        resp = t.http_request(
            ip,
            port,
            uri=
            '/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession'
        )

        if resp is None:
            return

        if 'var fgt_lang =' in resp.text:
            self.rule_details = 'Fortinet SSL VPN CVE-2018-13379 Vulnerability at {}'.format(
                resp.url)
            rds.store_vuln({
                'ip': ip,
                'port': port,
                'domain': domain,
                'rule_id': self.rule,
                'rule_sev': self.rule_severity,
                'rule_desc': self.rule_description,
                'rule_confirm': self.rule_confirm,
                'rule_details': self.rule_details,
                'rule_mitigation': self.rule_mitigation
            })

        return
示例#28
0
  def check_rule(self, ip, port, values, conf):
    p = ScanParser(port, values)
    
    domain = p.get_domain()

    if port in self.rule_match_port:
      try:
        ftp = FTP(ip)
        res = ftp.login()
        if res:
          if '230' in res or 'user logged in' in res or 'successful' in res:
            self.rule_details = 'FTP with Anonymous Access Enabled'
            rds.store_vuln({
              'ip':ip,
              'port':port,
              'domain':domain,
              'rule_id':self.rule,
              'rule_sev':self.rule_severity,
              'rule_desc':self.rule_description,
              'rule_confirm':self.rule_confirm,
              'rule_details':self.rule_details,
              'rule_mitigation':self.rule_mitigation
            })
      except:
        pass
    
    return
示例#29
0
    def check_rule(self, ip, port, values, conf):
        t = Triage()
        p = ScanParser(port, values)

        module = p.get_module()
        domain = p.get_domain()

        if 'http' not in module:
            return

        for uri, values in self.rule_match_string.items():
            app_title = values['title']

            resp = t.http_request(ip, port, uri=uri)

            if resp is not None:
                for match in values['match']:
                    if match in resp.text:
                        self.rule_details = 'Laravel Misconfiguration - {} at {}'.format(
                            app_title, resp.url)
                        rds.store_vuln({
                            'ip': ip,
                            'port': port,
                            'domain': domain,
                            'rule_id': self.rule,
                            'rule_sev': self.rule_severity,
                            'rule_desc': self.rule_description,
                            'rule_confirm': self.rule_confirm,
                            'rule_details': self.rule_details,
                            'rule_mitigation': self.rule_mitigation
                        })
        return
示例#30
0
  def check_rule(self, ip, port, values, conf):
    c = ConfParser(conf)
    t = Triage()
    p = ScanParser(port, values)
    
    domain = p.get_domain()
    module = p.get_module()

    if 'http' not in module: 
      return
    
    resp = t.http_request(ip, port, uri='/xmlrpc.php')
    
    if resp is None:
      return
    
    if resp.status_code == 405:
      self.rule_details = 'Server Allows XMLRPC Connections'
      js_data = {
        'ip':ip,
        'port':port,
        'domain':domain,
        'rule_id':self.rule,
        'rule_sev':self.rule_severity,
        'rule_desc':self.rule_description,
        'rule_confirm':self.rule_confirm,
        'rule_details':self.rule_details,
        'rule_mitigation':self.rule_mitigation
      }
      rds.store_vuln(js_data)
    
    return