class Intrigue::Ident::Check::Microsoft

Public Instance Methods

generate_checks(url) click to toggle source
# File lib/checks/microsoft.rb, line 6
def generate_checks(url)
  [
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :version => nil,
      :dynamic_version => lambda{|x| _body(x).scan(/ASP.NET Version:(.*)$/)[0].first.chomp },
      :tags => ["error_page"],
      :match_type => :content_body,
      :match_content =>  /^.*ASP.NET is configured.*$/i,
      :match_details =>"ASP.Net Error Message",
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :version => nil,
      :dynamic_version => lambda{|x| _body(x).scan(/ASP.NET Version:(.*)$/i)[0].first.chomp if _body(x).scan(/ASP.NET Version:(.*)$/i)[0] },
      :match_type => :content_headers,
      :match_content =>  /^x-aspnet-version:.*$/i,
      :match_details =>"X-AspNet Header",
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :match_details =>"Asp.Net Default Cookie",
      :version => nil,
      :match_type => :content_cookies,
      :match_content =>  /ASPSESSIONID.*$/i,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :match_details =>"Asp.Net Default Cookie",
      :version => nil,
      :match_type => :content_cookies,
      :match_content =>  /ASP.NET_SessionId.*$/i,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :match_details =>"ASPXAUTH cookie",
      :version => nil,
      :references => ["https://www.sitefinity.com/developer-network/forums/developing-with-sitefinity-/claims-auth---aspxauth-cookie-remains"],
      :match_type => :content_cookies,
      :match_content =>  /ASPXAUTH=/i,
      :examples => ["https://marketplace.overdrive.com/Account/Login"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET MVC",
      :match_details =>"Asp.Net MVC Header",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /x-aspnetmvc-version/i,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :match_details =>"WebResource.axd link in the page",
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /WebResource.axd?d=/i,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ASP.NET",
      :match_details =>"Microsoft ASP.NET",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /x-powered-by: ASP.NET/,
      :examples => [],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"Forefront TMG",
      :match_details =>"Microsoft Forefront Threat Management Gateway",
      :version => nil,
      :match_type => :content_cookies,
      :match_content =>  /<title>Microsoft Forefront TMG/,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"Forefront TMG",
      :match_details =>"Microsoft Forefront Threat Management Gateway",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /via:\ 1.1\ TMGSRVR/,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"ISA Server",
      :version => "2006",
      :match_type => :content_title,
      :match_content =>  /^Microsoft ISA Server 2006$/i,
      :match_details =>"standard title",
      :paths => ["#{url}"],
      :examples => ["https://intranet.kbs.gov.my/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=3"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product => "IIS",
      :match_details =>"server header",
      :version => nil,
      :dynamic_version => lambda { |x|
        _first_header_capture x, /server: Microsoft-IIS\/(.*)/
      },
      :match_type => :content_headers,
      :match_content =>  /server: Microsoft-IIS\//,
      :examples => ["http://168.75.243.138:80","http://freightmanager.nucornet.com:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft IIS 8.0",
      :version => "8.0",
      :match_type => :content_body,
      :match_content =>  /<img src=\"iis-8.png\"/,
      :examples => ["http://66.162.2.18:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft IIS 8.5",
      :version => "8.5",
      :match_type => :content_body,
      :match_content =>  /<img src=\"iis-85.png\"/,
      :examples => ["http://103.1.221.151:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS (Not Configured)",
      :match_details =>"Microsoft-HTTPAPI/2.0",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /server: Microsoft-HTTPAPI\/2.0/i,
      :examples => ["http://110.173.57.3/"],
      :paths => ["#{url}"]
    },

    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft IIS Unauthorized (403)",
      :tags => ["error_page"],
      :version => nil,
      :match_type => :content_body,
      :hide => true,
      :match_content =>  /Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator \(URL\)/,
      :examples => ["http://199.233.74.45:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft IIS Missing Resource (404)",
      :tags => ["error_page"],
      :version => nil,
      :match_type => :content_body,
      :hide => true,
      :match_content =>  /HTTP Error 404. The requested resource is not found./,
      :examples => ["http://66.162.2.74:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft IIS Generic Error - 403",
      :tags => ["error_page"],
      :version => nil,
      :match_type => :content_body,
      :hide => true,
      :match_content =>  /403 Forbidden. The server denied the specified Uniform Resource Locator (URL)/,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"IIS",
      :match_details =>"Microsoft Generic Error - 503",
      :tags => ["error_page"],
      :version => nil,
      :match_type => :content_body,
      :hide => true,
      :match_content =>  /HTTP Error 503. The service is unavailable./,
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor =>"Microsoft",
      :product =>"Kestrel",
      :references => ["https://stackify.com/what-is-kestrel-web-server/"],
      :match_details =>"kestrel in server header",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /server: Kestrel/i,
      :examples => ["http://partner-staging.jet.com:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "service",
      :vendor =>"Microsoft",
      :product =>"Office 365 API",
      :match_details =>"office 365 api auth cookie",
      :version => nil,
      :match_type => :content_cookies,
      :match_content =>  /x-ms-gateway-slice/i,
      :examples => ["http://autodiscover.jet.com:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "service",
      :vendor =>"Microsoft",
      :product =>"Office 365",
      :match_details =>"office 365 fronted by okta",
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /ok3static.oktacdn.com\/assets\/img\/logos\/office365/i,
      :examples => ["http://outlook.newscorp.com:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"Outlook Web Access",
      :match_details =>"Microsoft Outlook Web Access",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /x-owa-version/,
      :dynamic_version => lambda { |x| _first_header_capture(x, /x-owa-version:(.*)/) },
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"Outlook Web Access",
      :match_details =>"Microsoft Outlook Web Access",
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /OwaPage\ =\ ASP.auth_logon_aspx/,
      :dynamic_version => lambda { |x| _first_body_capture x, /href=\"\/owa\/auth\/(.*)\/themes\/resources\/favicon.ico/ },
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Microsoft",
      :product =>"Sharepoint",
      :match_details =>"Sharepoint cookie",
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /sprequestguid/,
      :dynamic_version => lambda { |x| _first_header_capture(x,/microsoftsharepointteamservices:(.*)/) },
      :examples => ["http://sharepoint.edghelp.realogyfg.com:80"],
      :paths => ["#{url}"]
    },
  ]
end