[Openvas-commits] r2947 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Mar 30 14:26:59 CEST 2009 

Author: mime
Date: 2009-03-30 14:26:52 +0200 (Mon, 30 Mar 2009)
New Revision: 2947

Added:
   trunk/openvas-plugins/scripts/cvstrac_detect.nasl
   trunk/openvas-plugins/scripts/phpgroupware_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-03-30 07:49:26 UTC (rev 2946)
+++ trunk/openvas-plugins/ChangeLog	2009-03-30 12:26:52 UTC (rev 2947)
@@ -1,3 +1,8 @@
+2009-03-30 Michael Meyer <mime at gmx.de>
+	* scripts/cvstrac_detect.nasl,
+	scripts/phpgroupware_detect.nasl:
+	Added new plugins
+
 2009-03-29 Michael Meyer <mime at gmx.de>
 	* scripts/ldapsearch.nasl:
 	Bug Fix (nasl_affect: cannot affect to non variable

Added: trunk/openvas-plugins/scripts/cvstrac_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cvstrac_detect.nasl	2009-03-30 07:49:26 UTC (rev 2946)
+++ trunk/openvas-plugins/scripts/cvstrac_detect.nasl	2009-03-30 12:26:52 UTC (rev 2947)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# cvstrac Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking
+  System For CVS, Subversion and GIT.
+
+ See also:
+  http://www.cvstrac.org/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100091);
+ script_version ("1.0");
+
+ script_name(english:"CVSTrac Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of CVSTrac");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port)) exit(0);
+
+dirs = make_list("/cgi-bin/run-cvstrac/","/cvstrac",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/index"); 
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);  
+ if( buf == NULL )continue;
+
+ if(egrep(pattern: '<a href="about">CVSTrac.*version [0-9.]+', string: buf) )
+ { 
+     if(strlen(dir)>0) {
+        install=dir;
+     } else {
+        install=string("/");
+     }  
+
+     vers = string("unknown");
+     version = eregmatch(string: buf, pattern: '<a href="about">CVSTrac.*version ([0-9.]+)');
+
+      if ( !isnull(version[1]) ) {
+        vers=version[1];
+      }  
+    
+    set_kb_item(name: string("www/", port, "/cvstrac"), value: string(vers," under ",install));
+
+    info = string("None\n\nCVSTrac Version '");
+    info += string(vers);
+    info += string("' was detected on the remote host in the following directory(s):\n\n");
+    info += string(install, "\n"); 
+
+    desc = ereg_replace(
+        string:desc["english"],
+        pattern:"None$",
+        replace:info
+    );    
+       
+       security_note(port:port,data:desc);
+       exit(0);
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/cvstrac_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Id

Added: trunk/openvas-plugins/scripts/phpgroupware_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/phpgroupware_detect.nasl	2009-03-30 07:49:26 UTC (rev 2946)
+++ trunk/openvas-plugins/scripts/phpgroupware_detect.nasl	2009-03-30 12:26:52 UTC (rev 2947)
@@ -0,0 +1,117 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# phpgroupware Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  This host is running phpGroupWare, a web based messaging,
+  collaboration and enterprise management platform.
+
+ See also:
+  http://phpgroupware.org/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100092);
+ script_version ("1.0");
+
+ script_name(english:"phpGroupWare Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of phpGroupWare");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port)) exit(0);
+
+dirs = make_list("/phpgroupware",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/login.php"); 
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);  
+ if( buf == NULL )continue;
+
+ if(
+    egrep(pattern: '<meta name="AUTHOR" content="phpGroupWare http://www.phpgroupware.org" />', string: buf) ||
+    egrep(pattern: 'powered by phpGroupWare', string: buf) ||
+    egrep(pattern:'http://www.phpgroupware.org"><img src=.*logo.gif" alt="phpGroupWare"', string:buf) ||
+    (egrep(pattern: ">phpGroupWare [0-9.]<", string: buf) && egrep(pattern: 'type="hidden" name="passwd_type"', string: buf))
+    )
+ { 
+     if(strlen(dir)>0) {
+        install=dir;
+     } else {
+        install=string("/");
+     }  
+
+     vers = string("unknown");
+     version = eregmatch(string: buf, pattern: '<font color="#000000" size="-1">phpGroupWare ([0-9.]+)</font>');
+
+      if ( !isnull(version[1]) ) {
+        vers=version[1];
+      }  else {
+	version = eregmatch(string: buf, pattern: '<font color="000000" size="-1">([0-9.]+)</font>');
+	if ( !isnull(version[1]) ) {
+	  vers=version[1];
+	}  
+      }	
+    
+    set_kb_item(name: string("www/", port, "/cvstrac"), value: string(vers," under ",install));
+
+    info = string("None\n\nphpGroupWare Version '");
+    info += string(vers);
+    info += string("' was detected on the remote host in the following directory(s):\n\n");
+    info += string(install, "\n"); 
+
+    desc = ereg_replace(
+        string:desc["english"],
+        pattern:"None$",
+        replace:info
+    );    
+       
+       security_note(port:port,data:desc);
+       exit(0);
+  }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/phpgroupware_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Id

More information about the Openvas-commits mailing list