[Openvas-commits] r3130 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Sat Apr 18 23:46:42 CEST 2009 

Author: edjenguele
Date: 2009-04-18 23:46:40 +0200 (Sat, 18 Apr 2009)
New Revision: 3130

Added:
   trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added Apache Open For Business (Apache OFBiz) software detection
TODO:
* it's also possible to get the version at the bottom of the page, 
 but the response was truncated, the python equivalent do it very well,
 so I don't know if it's nasl limitation.

* also write the default login/password vulnerability check

I'll commit them soon


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-04-17 19:22:37 UTC (rev 3129)
+++ trunk/openvas-plugins/ChangeLog	2009-04-18 21:46:40 UTC (rev 3130)
@@ -1,3 +1,9 @@
+2009-04-18 Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+	* scripts/remote-detect-ApacheOfbiz.nasl:
+	Added new plugin
+
+
+
 2009-04-17 Michael Meyer <mime at gmx.de>
 	* scripts/atmail_detect.nasl,
 	scripts/atmail_34529.nasl,

Added: trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-17 19:22:37 UTC (rev 3129)
+++ trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-18 21:46:40 UTC (rev 3130)
@@ -0,0 +1,112 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: This script ensure that the Apache Open For Business (Apache OFBiz) is installed and running
+#
+# remote-detect-ApacheOfbiz.nasl
+#
+# Author:
+# Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 and later,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+
+if(description)
+{
+script_id(101019);
+name["english"] = "Apache Open For Business service detection";
+script_name(english:name["english"]);
+ 
+desc["english"] = "
+The remote host is running the Apache OFBiz. 
+Apache OFBiz is an Apache Top Level Project. 
+As automation software it comprises a mature suite of enterprise applications that integrate 
+and automate many of the business processes of an enterprise.
+
+Solution :
+It's recommended to allow connection to this host only from trusted hosts or networks,
+or disable the service if not used.
+
+Risk factor : None";
+
+script_description(english:desc["english"]); 
+
+summary["english"] = "Detect a running Apache Open For Business automation suite";
+
+script_summary(english:summary["english"]);
+
+script_category(ACT_GATHER_INFO);
+
+script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
+family["english"] = "Service detection";
+script_family(english:family["english"]);
+script_dependencies("find_service.nes");
+script_require_ports("Services/www");
+
+
+exit(0);
+
+}
+
+#
+# The script code starts here
+#
+
+include("openvas-https.inc");
+include("misc_func.inc");
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+port = 8443;
+
+request = string(
+    "GET /webtools/control/main", " HTTP/1.0\r\n",
+    "Host: ", get_host_name(), "\r\n\r\n",
+    "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8\r\n",
+    "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
+    "Accept-Encoding: gzip,deflate\r\n",
+    "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n",
+    "Accept-Language: en-us,en;q=0.5\r\n",
+    "Content-Lenght: 16000\r\n",
+    "Keep-Alive: 300\r\n",
+    "Connection: keep-alive\r\n\r\n"
+    );
+
+
+reply = https_req_get(port, request);
+
+response = tolower(reply);
+report = '';
+
+servletContainer = eregmatch(pattern:"Server: Apache-Coyote/([0-9.]+)",string:response, icase:TRUE);
+ofbizTitlePattern = eregmatch(pattern:"<title>([a-zA-Z: ]+)</title>",string:response, icase:TRUE);
+# TODO: also grab ofbiz version
+
+if(ofbizTitlePattern){
+	if('ofbiz' >< ofbizTitlePattern[1])
+		report += "Detected Apache Open For Business Home Page Title[" + ofbizTitlePattern[1] +"]";
+		set_kb_item(name:"ApacheOFBiz/installed", value:TRUE);
+		# TODO: set ofbiz version
+
+		if((servletContainer)){
+			set_kb_item(name:"ApacheCoyote/installed", value:TRUE);
+			set_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
+			report += "\n" + servletContainer[0];
+		}
+}
+if(report)
+	security_note(port:port, data:report);
+

More information about the Openvas-commits mailing list