Add httphdr filter for CLI & Web UI

ivre · Apr 4, 2018 · 05eae3b · 05eae3b
1 parent c488ee0
commit 05eae3b
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 4 deletions.
diff --git a/doc/WEBUI.md b/doc/WEBUI.md
@@ -177,6 +177,8 @@ single or double quotes.
     the `sa` account.
   - `mysqlemptypwd` look for MySQL servers with an empty password for
     the `root` account.
+  - `httphdr`, `httphdr:[header]`, `httphdr:[header]:[value]` look for
+    HTTP headers.
   - `owa` look for OWA (Outlook Web App) servers.
   - `phpmyadmin` look for phpMyAdmin servers.
   - `smb.dnsdomain:[FQDN]` search results with SMB service in a
@@ -244,5 +246,5 @@ single or double quotes.
 
 ---
 
-This file is part of IVRE. Copyright 2011 - 2015
+This file is part of IVRE. Copyright 2011 - 2018
 [Pierre LALET](mailto:pierre.lalet@cea.fr)
diff --git a/ivre/db/__init__.py b/ivre/db/__init__.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # This file is part of IVRE.
-# Copyright 2011 - 2017 Pierre LALET <pierre.lalet@cea.fr>
+# Copyright 2011 - 2018 Pierre LALET <pierre.lalet@cea.fr>
 #
 # IVRE is free software: you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -347,6 +347,7 @@ def __init__(self, output_mode="json", output=sys.stdout):
         self.argparser.add_argument('--nfs', action='store_true')
         self.argparser.add_argument('--x11', action='store_true')
         self.argparser.add_argument('--xp445', action='store_true')
+        self.argparser.add_argument('--httphdr')
         self.argparser.add_argument('--owa', action='store_true')
         self.argparser.add_argument('--vuln-boa', '--vuln-intersil',
                                     action='store_true')
@@ -1050,6 +1051,19 @@ def parse_args(self, args, flt=None):
             flt = self.flt_and(flt, self.searchx11access())
         if args.xp445:
             flt = self.flt_and(flt, self.searchxp445())
+        if args.httphdr is not None:
+            if not args.httphdr:
+                flt = self.flt_and(flt, self.searchhttphdr())
+            elif ":" in args.httphdr:
+                name, value = args.httphdr.split(':', 1)
+                name = utils.str2regexp(name.lower())
+                value = utils.str2regexp(value)
+                flt = self.flt_and(flt, self.searchhttphdr(name=name,
+                                                           value=value))
+            else:
+                flt = self.flt_and(flt, self.searchhttphdr(
+                    name=utils.str2regexp(args.httphdr.lower())
+                ))
         if args.owa:
             flt = self.flt_and(flt, self.searchowa())
         if args.vuln_boa:

diff --git a/ivre/web/utils.py b/ivre/web/utils.py
@@ -432,6 +432,18 @@ def add_unused(neg, param, value):
                     **{subfield: utils.str2regexp(value)}))
             else:
                 add_unused(neg, param, value)
+        elif not neg and param == 'httphdr':
+            if value is None:
+                flt = db.nmap.flt_and(flt, db.nmap.searchhttphdr())
+            elif ':' in value:
+                name, value = (utils.str2regexp(string) for
+                               string in value.split(':', 1))
+                flt = db.nmap.flt_and(flt, db.nmap.searchhttphdr(name=name,
+                                                                 value=value))
+            else:
+                flt = db.nmap.flt_and(flt, db.nmap.searchhttphdr(
+                    name=utils.str2regexp(value)
+                ))
         elif not neg and param == 'owa':
             flt = db.nmap.flt_and(flt, db.nmap.searchowa())
         elif param == 'phpmyadmin':

diff --git a/web/dokuwiki/doc/webui.txt b/web/dokuwiki/doc/webui.txt
@@ -105,6 +105,7 @@ If your command includes spaces, you need to protect it by using single or doubl
   * ''%%nis%%'', ''%%yp%%'' look for NIS servers.
   * ''%%mssqlemptypwd%%'' look for MS-SQL servers with an empty password for the ''%%sa%%'' account.
   * ''%%mysqlemptypwd%%'' look for MySQL servers with an empty password for the ''%%root%%'' account.
+  * ''%%httphdr%%'', ''%%httphdr:[header]%%'', ''%%httphdr:[header]:[value]%%'' look for HTTP headers.
   * ''%%owa%%'' look for OWA (Outlook Web App) servers.
   * ''%%phpmyadmin%%'' look for phpMyAdmin servers.
   * ''%%smb.dnsdomain:[FQDN]%%'' search results with SMB service in a specific DNS domain.
@@ -152,5 +153,5 @@ If your command includes spaces, you need to protect it by using single or doubl
 
 ----
 
-This file is part of IVRE. Copyright 2011 - 2015 [[mailto:pierre.lalet@cea.fr|Pierre LALET]]
+This file is part of IVRE. Copyright 2011 - 2018 [[mailto:pierre.lalet@cea.fr|Pierre LALET]]
 
diff --git a/web/static/ivre/content.js b/web/static/ivre/content.js
@@ -1,6 +1,6 @@
 /*
  * This file is part of IVRE.
- * Copyright 2011 - 2015 Pierre LALET <pierre.lalet@cea.fr>
+ * Copyright 2011 - 2018 Pierre LALET <pierre.lalet@cea.fr>
  *
  * IVRE is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by
@@ -205,6 +205,11 @@ var HELP_FILTERS = {
 	    "title": "mysqlemptypwd",
 	    "content": "Look for MySQL servers with an empty password for the <code>root</code> account.",
 	},
+        "httphdr": {
+	    "title": "httphdr<b>(:[header](:[value]))</b>",
+            "title": "httphdr",
+            "content": "Look for HTTP headers."
+        },
 	"owa": {
 	    "title": "owa",
 	    "content": "Look for OWA (Outlook Web App) servers.",