Add splunk info disclosure

lib/tasks/uri_brute_focused_content.rb

@@ -128,6 +128,11 @@ def run
       #{ path: "/_vti_bin/", regex: nil },
     ]
 
+    splunk_list = [
+      { path: "/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json", 
+        regex: /os_name_extended/, severity: 4, status: "confirmed" },
+    ]
+
     # https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Management%20Interface
     spring_boot_list =[
       { path: "/trace", severity: 4, regex: nil, status: "potential" },
@@ -217,6 +222,7 @@ def run
     php_list.each { |x| work_q.push x } if is_product? "PHP" 
     sharepoint_list.each { |x| work_q.push x } if is_product? "Sharepoint"
     sap_netweaver_list.each { |x| work_q.push x } if is_product? "NetWeaver"
+    splunk_list.each {|x| work_q.push x } if is_product? "Splunk"
     spring_boot_list.each { |x| work_q.push x } if is_product? "Spring Boot"
     tomcat_list.each { |x| work_q.push x } if is_product? "Tomcat" 
     vmware_horizon_list.each { |x| work_q.push x } if (

lib/tasks/uri_check_subdomain_hijack.rb

@@ -26,23 +26,24 @@ def run
     uri = _get_entity_name
     response = http_request(:get, uri)
 
-      if response =~ /The specified bucket does not exist/
-        _hijackable_subdomain "AWS S3", uri, "potential"
-      elsif response =~ /No such app/
-        _hijackable_subdomain "Heroku", uri, "potential"
-      elsif response =~ /No settings were found for this company:/
-        _hijackable_subdomain "Help Scout", uri, "potential"
-      elsif response =~ /We could not find what you're looking for./
-        _hijackable_subdomain "Help Juice", uri, "potential"
-      elsif response =~ /is not a registered InCloud YouTrack/
-        _hijackable_subdomain "JetBrains", uri, "potential"
-      elsif response =~ /Unrecognized domain/
-        _hijackable_subdomain "Mashery", uri, "potential"
-      elsif response =~ /Project doesnt exist... yet!/
-        _hijackable_subdomain "Readme.io", uri, "potential"
-      elsif response =~ /This domain is successfully pointed at WP Engine, but is not configured/
-        _hijackable_subdomain "WPEngine", uri, "potential"
-      end
+    if response =~ /The specified bucket does not exist/
+      _hijackable_subdomain "AWS S3", uri, "potential"
+    elsif response =~ /No such app/
+      _hijackable_subdomain "Heroku", uri, "potential"
+    elsif response =~ /No settings were found for this company:/
+      _hijackable_subdomain "Help Scout", uri, "potential"
+    elsif response =~ /We could not find what you're looking for./
+      _hijackable_subdomain "Help Juice", uri, "potential"
+    elsif response =~ /is not a registered InCloud YouTrack/
+      _hijackable_subdomain "JetBrains", uri, "potential"
+    elsif response =~ /Unrecognized domain/
+      _hijackable_subdomain "Mashery", uri, "potential"
+    elsif response =~ /Project doesnt exist... yet!/
+      _hijackable_subdomain "Readme.io", uri, "potential"
+    elsif response =~ /This domain is successfully pointed at WP Engine, but is not configured/
+      _hijackable_subdomain "WPEngine", uri, "potential"
+    end
+
   end #end run
 
   def _hijackable_subdomain type, uri, status