class Yawast::Scanner::Plugins::Servers::Nginx

Public Class Methods

check_all(uri) click to toggle source
# File lib/scanner/plugins/servers/nginx.rb, line 24
def self.check_all(uri)
  check_status_page uri.copy
end
check_banner(banner) click to toggle source
# File lib/scanner/plugins/servers/nginx.rb, line 8
def self.check_banner(banner)
  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'nginx_version_exposed',
                                  {vulnerable: false, version: nil}

  # don't bother if this doesn't include nginx
  return unless banner.include? 'nginx/'

  Yawast::Utilities.puts_warn "nginx Version: #{banner}"
  puts ''

  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'nginx_version_exposed',
                                  {vulnerable: true, version: banner}
end
check_status_page(uri) click to toggle source
# File lib/scanner/plugins/servers/nginx.rb, line 28
def self.check_status_page(uri)
  uri.path = '/status'
  uri.query = '' unless uri.query.nil?

  body = Yawast::Shared::Http.get(uri)

  if body.include? 'Active connections:'
    Yawast::Utilities.puts_vuln "Nginx status page found: #{uri}"

    Yawast::Shared::Output.log_hash 'vulnerabilities',
                                    'nginx_status_found',
                                    {vulnerable: true, uri: uri, body: body}

    puts ''
  else
    Yawast::Shared::Output.log_hash 'vulnerabilities',
                                    'nginx_status_found',
                                    {vulnerable: false, uri: uri, body: body}
  end
end