Skip to content
Permalink
Browse files

Add splunk info disclosure

  • Loading branch information
jcran committed Mar 20, 2019
1 parent 9826524 commit a3900456ae7bc286440dd94cac8f820d373464d0
Showing with 24 additions and 17 deletions.
  1. +6 −0 lib/tasks/uri_brute_focused_content.rb
  2. +18 −17 lib/tasks/uri_check_subdomain_hijack.rb
@@ -128,6 +128,11 @@ def run
#{ path: "/_vti_bin/", regex: nil },
]

splunk_list = [
{ path: "/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json",
regex: /os_name_extended/, severity: 4, status: "confirmed" },
]

# https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Management%20Interface
spring_boot_list =[
{ path: "/trace", severity: 4, regex: nil, status: "potential" },
@@ -217,6 +222,7 @@ def run
php_list.each { |x| work_q.push x } if is_product? "PHP"
sharepoint_list.each { |x| work_q.push x } if is_product? "Sharepoint"
sap_netweaver_list.each { |x| work_q.push x } if is_product? "NetWeaver"
splunk_list.each {|x| work_q.push x } if is_product? "Splunk"
spring_boot_list.each { |x| work_q.push x } if is_product? "Spring Boot"
tomcat_list.each { |x| work_q.push x } if is_product? "Tomcat"
vmware_horizon_list.each { |x| work_q.push x } if (
@@ -26,23 +26,24 @@ def run
uri = _get_entity_name
response = http_request(:get, uri)

if response =~ /The specified bucket does not exist/
_hijackable_subdomain "AWS S3", uri, "potential"
elsif response =~ /No such app/
_hijackable_subdomain "Heroku", uri, "potential"
elsif response =~ /No settings were found for this company:/
_hijackable_subdomain "Help Scout", uri, "potential"
elsif response =~ /We could not find what you're looking for./
_hijackable_subdomain "Help Juice", uri, "potential"
elsif response =~ /is not a registered InCloud YouTrack/
_hijackable_subdomain "JetBrains", uri, "potential"
elsif response =~ /Unrecognized domain/
_hijackable_subdomain "Mashery", uri, "potential"
elsif response =~ /Project doesnt exist... yet!/
_hijackable_subdomain "Readme.io", uri, "potential"
elsif response =~ /This domain is successfully pointed at WP Engine, but is not configured/
_hijackable_subdomain "WPEngine", uri, "potential"
end
if response =~ /The specified bucket does not exist/
_hijackable_subdomain "AWS S3", uri, "potential"
elsif response =~ /No such app/
_hijackable_subdomain "Heroku", uri, "potential"
elsif response =~ /No settings were found for this company:/
_hijackable_subdomain "Help Scout", uri, "potential"
elsif response =~ /We could not find what you're looking for./
_hijackable_subdomain "Help Juice", uri, "potential"
elsif response =~ /is not a registered InCloud YouTrack/
_hijackable_subdomain "JetBrains", uri, "potential"
elsif response =~ /Unrecognized domain/
_hijackable_subdomain "Mashery", uri, "potential"
elsif response =~ /Project doesnt exist... yet!/
_hijackable_subdomain "Readme.io", uri, "potential"
elsif response =~ /This domain is successfully pointed at WP Engine, but is not configured/
_hijackable_subdomain "WPEngine", uri, "potential"
end

end #end run

def _hijackable_subdomain type, uri, status

0 comments on commit a390045

Please sign in to comment.
You can’t perform that action at this time.