class Intrigue::Ident::Check::Oracle

Public Instance Methods

generate_checks(url) click to toggle source
# File lib/checks/oracle.rb, line 6
def generate_checks(url)
  [
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Application Server",
      :match_details =>"server header",
      :references => [],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /Oracle-Application-Server/,
      :hide => false,
      :dynamic_version => lambda { |x|
          _first_header_capture(x,/Oracle-Application-Server-[0-9]+[a-z]?\/(.*?)\ /) },
      :examples => [
        "https://63.85.74.53:443",
        "https://rss.tomthumb.com:443",
        "https://qas.huntsmanservice.com:443"
      ],
      :verify => ["YWxiZXJ0c29ucyNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cHM6Ly9yc3MudG9tdGh1bWIuY29tOjQ0Mw=="],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Fusion Middleware",
      :match_details =>"page title & docs link... should give us a version",
      :version => nil,
      :dynamic_version => lambda { |x|
        doc_version = _first_body_capture(x,/download.oracle.com\/docs\/cd\/(.*?)\/index.htm/)
        case doc_version
          when "E15217_01"
            fmw_version = "10.1.4.3"
          when "E15051_01"
            fmw_version = "11.1.1.0"
          when "E12839_01"
            fmw_version = "11.1.1.1"
          when "E15523_01"
            fmw_version = "11.1.1.2"
          when "E14571_01"
            fmw_version = "11.1.1.3"
          when "E17904_01"
            fmw_version = "11.1.1.4"
          when "E21764_01"
            fmw_version = "11.1.1.5"
          else
            fmw_version = nil
        end
      fmw_version
      },
      :match_type => :content_body,
      :references => [
        "https://en.wikipedia.org/wiki/Oracle_Fusion_Middleware",
        "https://docs.oracle.com/cd/E21764_01/index.htm"
      ],
      :match_content =>  /<title>Welcome to Oracle Fusion Middleware/,
      :hide => false,
      :examples => [
        "http://200.142.198.113:80"
      ],
      :verify => ["aWJtI0ludHJpZ3VlOjpFbnRpdHk6OlVyaSNodHRwOi8vMjAwLjE0Mi4xOTguMTEzOjgw"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Glassfish",
      :match_details =>"Oracle / Sun GlassFish Enterprise Server",
      :references => [],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /Sun GlassFish Enterprise Server/,
      :hide => false,
      :dynamic_version => lambda { |x| _first_header_capture(x,/Sun GlassFish Enterprise Server\sv([\d\.]+)/) },
      :examples => ["http://52.4.12.185/"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Glassfish",
      :match_details =>"Oracle / Sun GlassFish Enterprise Server",
      :references => [],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /GlassFish Server Open Source Edition/,
      :hide => false,
      :dynamic_version => lambda { |x| _first_header_capture(x,/GlassFish Server Open Source Edition\s+([\d\.]+)$/) },
      :examples => ["http://52.2.97.57:80"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"HTTP Server",
      :match_details =>"server header",
      :references => [],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /Oracle-HTTP-Server/,
      :hide => false,
      :dynamic_version => lambda { |x|
          _first_header_capture(x,/Oracle-HTTP-Server\/(.*?)\ /)
      },
      :examples => [
        "https://qas.huntsmanservice.com:443"
      ],
      :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Java",
      :match_details =>"JSESSIONID cookie",
      :references => ["https://javarevisited.blogspot.com/2012/08/what-is-jsessionid-in-j2ee-web.html"],
      :version => nil,
      :match_type => :content_cookies,
      :match_content =>  /JSESSIONID=/,
      :hide => false,
      :examples => ["https://birdcam.xcelenergy.com:443"],
      :paths => ["#{url}"]
    },
    { # TODO - this will tell us J2EE versions, see references!!!
      :type => "application",
      :vendor => "Oracle",
      :product =>"Java Application Server",
      :match_details =>"x-header",
      :references => ["http://www.ntu.edu.sg/home/ehchua/programming/java/javaservlets.html"],
      :version => nil,
      :dynamic_version => lambda { |x| _first_header_capture(x,/^x-powered-by: Servlet\/(.*)JSP.*$/) },
      :match_type => :content_headers,
      :match_content =>  /x-powered-by: Servlet/,
      :hide => false,
      :paths => ["#{url}"],
      :examples => ["http://165.160.15.20/"]
    },
    { # TODO - this will tell us J2EE versions, see references!!!
      :type => "application",
      :vendor => "Oracle",
      :product =>"Java Server Pages",
      :match_details =>"x-header",
      :references => ["http://www.ntu.edu.sg/home/ehchua/programming/java/javaservlets.html"],
      :version => nil,
      :dynamic_version => lambda { |x| _first_header_capture(x,/^x-powered-by: Servlet\/.*JSP\/(.*)$/) },
      :match_type => :content_headers,
      :match_content =>  /x-powered-by: Servlet\/.*JSP.*/,
      :hide => false,
      :paths => ["#{url}"],
      :examples => ["http://165.160.15.20/"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"JavaServer Faces",
      :match_details =>"viewstate inclusion of javaserver faces",
      :references => [
        "http://www.oracle.com/technetwork/java/javaee/javaserverfaces-139869.html",
        "http://www.oracle.com/technetwork/topics/index-090910.html",
        "https://www.owasp.org/index.php/Java_Server_Faces",
        "https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html"
      ],
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /javax.faces.ViewState/,
      :hide => false,
      :examples => ["https://reset.oxy.com:443"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Web Cache Server",
      :match_details =>"server header",
      :references => [],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /Oracle-Web-Cache/,
      :hide => false,
      :dynamic_version => lambda { |x|
          _first_header_capture(x,/Oracle-Web-Cache-[0-9]+[a-z]?\/(.*?)\ /) },
      :examples => [
        "https://qas.huntsmanservice.com:443"
      ],
      :verify => ["aHVudHNtYW4jSW50cmlndWU6OkVudGl0eTo6VXJpI2h0dHBzOi8vcWFzLmh1bnRzbWFuc2VydmljZS5jb206NDQz"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Weblogic",
      :match_details =>"weblogic fault / fail",
      :references => ["https://coderanch.com/t/603067/application-servers/Calling-weblogic-webservice-error"],
      :version => nil,
      :match_type => :content_body,
      :match_content =>  /<faultcode>env:WebServiceFault/,
      :hide => false,
      :examples => ["https://css-ewebsvcs.freddiemac.com:443"],
      :paths => ["#{url}"]
    },
    {
      :type => "application",
      :vendor => "Oracle",
      :product =>"Weblogic",
      :match_details =>"weblogic header",
      :references => [
        "https://support.oracle.com/knowledge/Middleware/2100514_1.html",
        "https://www.qualogy.com/techblog/oracle/how-to-harden-weblogic-and-fusion-middleware-against-worm-attacks"
      ],
      :version => nil,
      :match_type => :content_headers,
      :match_content =>  /^x-oracle-dms-ecid:/,
      :hide => false,
      :examples => ["https://tmsstg-eem-db.ros.com:443"],
      :verify => ["cm9zc3N0b3JlcyNJbnRyaWd1ZTo6RW50aXR5OjpVcmkjaHR0cHM6Ly90bXNzdGctZWVtLWRiLnJvcy5jb206NDQz"],
      :paths => ["#{url}"]
    }
  ]
end