Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

added new plugins

  • Loading branch information...
commit 7094a21b6adc4d1759d8537a2e01fbd12e7561bd 1 parent b10215e
@yehgdotnet authored
Showing with 2,002 additions and 0 deletions.
  1. +99 −0 all-contributed-plugins/barracuda-load-balancer.rb
  2. +62 −0 all-contributed-plugins/binarysec-firewall.rb
  3. +69 −0 all-contributed-plugins/citrix-netscaler.rb
  4. +90 −0 all-contributed-plugins/cloudflare.rb
  5. +28 −0 all-contributed-plugins/evercookie.rb
  6. +218 −0 all-contributed-plugins/f5-bigip-loadbalancer.rb
  7. +76 −0 all-contributed-plugins/juniper-load-balancer.rb
  8. +79 −0 all-contributed-plugins/juniper-netscreen-secure-access.rb
  9. +97 −0 all-contributed-plugins/microsoft-outlook-web-access.rb
  10. +45 −0 all-contributed-plugins/profense-firewall.rb
  11. +47 −0 all-contributed-plugins/vtigercrm.rb
  12. +91 −0 all-contributed-plugins/watchguard-firewal.rb
  13. +99 −0 new-plugins/barracuda-load-balancer.rb
  14. +62 −0 new-plugins/binarysec-firewall.rb
  15. +69 −0 new-plugins/citrix-netscaler.rb
  16. +90 −0 new-plugins/cloudflare.rb
  17. +28 −0 new-plugins/evercookie.rb
  18. +218 −0 new-plugins/f5-bigip-loadbalancer.rb
  19. +76 −0 new-plugins/juniper-load-balancer.rb
  20. +79 −0 new-plugins/juniper-netscreen-secure-access.rb
  21. +97 −0 new-plugins/microsoft-outlook-web-access.rb
  22. +45 −0 new-plugins/profense-firewall.rb
  23. +47 −0 new-plugins/vtigercrm.rb
  24. +91 −0 new-plugins/watchguard-firewal.rb
View
99 all-contributed-plugins/barracuda-load-balancer.rb
@@ -0,0 +1,99 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "Barracuda-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Barracuda Load Balancer - http://www.barracudanetworks.com/ns/products/balancer_overview.php"
+
+examples %w|
+http://109.232.67.68/
+http://12.4.189.29/
+http://122.1.75.132/
+http://122.220.200.187/
+http://157.238.223.214/
+http://158.217.205.24/
+http://163.150.129.104/
+http://168.143.96.143/
+http://180.149.11.28/
+http://184.2.45.17/
+http://184.2.45.4/
+http://184.2.45.5/
+http://184.2.45.8/
+http://193.1.214.21/
+http://194.228.3.162
+http://195.35.81.215/
+http://200.14.64.8/
+http://208.252.18.162/
+http://208.252.18.199/
+http://208.99.198.73/
+http://216.125.140.65/
+http://216.144.187.12/
+http://217.13.207.152/
+http://62.82.110.13/
+http://62.82.110.18/
+http://64.142.111.225/
+http://64.142.111.236/
+http://64.142.111.244/
+http://64.142.111.245/
+http://66.23.243.108/
+http://66.77.147.233/
+http://66.77.49.205/
+http://66.77.49.207/
+http://66.77.49.214/
+http://68.111.3.121/
+http://69.10.231.91/
+http://76.75.201.54/
+http://79.123.57.18/
+http://79.123.57.21/
+http://81.246.17.182/
+http://84.246.228.135/
+http://ebiznet.nimc.co.in/
+http://moodle.learnnc.org/
+http://www.mediadirect.ro/
+http://www.nycgo.com/
+http://www1.siliconexpert.com/
+https://www.eonweb.org/
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+
+ if @meta["set-cookie"] =~ /BNI__BARRACUDA_LB_COOKIE/i
+ m << {:name=>"BNI__BARRACUDA_LB_COOKIE cookie" }
+ elsif @meta["set-cookie"] =~ /BARRACUDA_LB_COOKIE/i
+ m << {:name=>"BARRACUDA_LB_COOKIE cookie" }
+ end
+
+
+
+ if @meta["set-cookie"] =~ /BARRACUDA_LB_COOKIE=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i
+ internal_ip = @meta["set-cookie"].scan(/BARRACUDA_LB_COOKIE=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i)
+ m << {:string=>'Internal IP: ' + internal_ip.to_s}
+ end
+
+ m
+
+end
+
+
+end
+
+
View
62 all-contributed-plugins/binarysec-firewall.rb
@@ -0,0 +1,62 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "BinarySec-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "BinarySec Web Application Firewall - http://www.binarysec.com"
+
+examples %w|
+www.binarysec.com
+195.98.231.142
+91.121.97.83
+87.98.160.245
+213.223.138.13
+87.98.130.144
+87.98.221.237
+91.121.62.246
+hug.re
+www.hoteldugolfetizzano.com
+antennereunion.fr
+vity.fr
+www.rer.re
+www.occasions-guadeloupe.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+
+ m << {:name=>"X-BinarySEC-Via header "} if @meta.keys.include?("X-BinarySEC-Via".downcase())
+ m << {:name=>"X-BinarySEC-NoCache header "} if @meta.keys.include?("X-BinarySEC-NoCache".downcase())
+
+ m << {:name=>"server header "} if @meta['server'] =~ /BinarySec/i
+
+ if @meta['server'] =~ /BinarySEC\/(\d{1,3}\.\d{1,4}\.\d{1,4})/i
+ version = @meta['server'].scan(/BinarySEC\/(\d{1,3}\.\d{1,4}\.\d{1,4})/i)
+ m << {:version=> version.to_s}
+ end
+ m
+
+end
+
+
+end
+
+
View
69 all-contributed-plugins/citrix-netscaler.rb
@@ -0,0 +1,69 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "Citrix-NetScaler" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Citrix NetScaler - http://www.citrix.com/netscaler"
+
+examples %w|
+
+http://147.1.245.144/
+http://169.204.191.193/
+http://169.204.191.210/
+http://192.8.30.16/
+http://193.27.194.212/
+http://198.238.212.10/
+http://200.186.47.207/
+http://203.25.1.143/
+http://216.248.195.194/
+http://216.99.133.22/
+http://62.122.9.84/
+http://62.237.243.27/
+http://62.237.243.29/
+http://62.237.243.7/
+http://62.69.179.83/
+http://62.69.179.91/
+http://63.172.231.32/
+http://65.192.185.146/
+http://74.123.7.30/
+http://74.217.169.24/
+http://84.16.167.16/
+http://94.126.240.118/
+http://pipeline.cenex.com/
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"http via" } if @meta["via"] =~ /NS\-CACHE/i
+
+
+ if @meta["via"] =~ /NS\-CACHE\-(\d{1,4}\.\d{1,4}):/i
+ version = @meta["via"].scan(/NS\-CACHE\-(\d{1,4}\.\d{1,4})/i)
+ m << {:string=>'version: ' + version.to_s}
+ end
+
+ m
+
+end
+
+
+end
+
+
View
90 all-contributed-plugins/cloudflare.rb
@@ -0,0 +1,90 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "cloudflare" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "ClouldFlare - https://www.cloudflare.com/"
+
+examples %w|
+http://yehg.net/
+http://www.ornagai.com/
+http://anti-virus.cloudflare.com
+http://12flat.com/
+http://artician.net/
+http://techgeeks-online.com/
+http://ps3blog.net/
+http://techairlines.com/
+http://manzwebdesigns.com/
+http://jenmenke.com/
+http://jonesdoug.com/
+199.27.132.117
+199.27.135.56
+199.27.135.145
+199.27.135.104
+199.27.128.121
+199.27.129.67
+199.27.129.160
+199.27.129.28
+199.27.130.224
+199.27.131.170
+199.27.128.218
+199.27.132.54
+199.27.132.221
+199.27.132.132
+199.27.130.46
+199.27.134.115
+199.27.132.182
+199.27.132.124
+199.27.134.48
+199.27.128.67
+199.27.129.163
+199.27.134.93
+199.27.130.164
+199.27.131.92
+199.27.130.149
+199.27.134.73
+199.27.129.193
+199.27.129.31
+199.27.130.102
+199.27.131.65
+199.27.129.47
+199.27.129.150
+199.27.130.84
+199.27.134.103
+199.27.128.83
+199.27.130.171
+199.27.134.52
+199.27.130.181
+199.27.130.55
+|
+
+
+
+matches [
+
+{:name => 'access restricted iframe', :text => '<iframe frameborder="0" width="100%" height="100%" src="http://anti-virus.cloudflare.com/cdn-cgi/anti-virus-challenge?h='},
+
+{:name => 'footer', :text => '&nbsp;&nbsp;Performance &amp; Security by <a id="FooterCloudFlare" href="https://www.cloudflare.com" target="_blank">CloudFlare</a>'},
+
+
+
+]
+
+
+def passive
+ m=[]
+
+ m << {:name=>"__cfduid cookie" } if @meta["set-cookie"] =~ /__cfduid/i
+ m << {:name=>"server header" } if @meta["server"] =~ /cloudflare\-nginx/i
+
+ m
+end
+
+
+end
+
+
View
28 all-contributed-plugins/evercookie.rb
@@ -0,0 +1,28 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "evercookie" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "EverCookie - http://samy.pl/evercookie/"
+
+examples %w|
+http://samy.pl/evercookie/
+|
+
+
+
+matches [
+{ :url=>'/js/evercookie.js',:text=>'* by samy kamkar : code@samy.pl : http://samy.pl'},
+{ :url=>'evercookie.js',:text=>'* by samy kamkar : code@samy.pl : http://samy.pl'},
+{ :text=>'evercookie.js"></script>' },
+
+]
+
+
+end
+
+
View
218 all-contributed-plugins/f5-bigip-loadbalancer.rb
@@ -0,0 +1,218 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "F5-BigIP-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "F5 BigIP Load Balancer - http://www.f5.com/products/big-ip/"
+
+# example ips might not demonstrate BigIP usage for always
+examples %w|
+http://12.178.78.132/
+http://124.211.45.51/
+http://128.11.138.84/
+http://131.91.129.88/
+http://142.76.1.135/
+http://143.88.3.35/
+http://168.75.99.110/
+http://195.234.225.247/
+http://199.106.238.130/
+http://199.106.238.158/
+http://202.143.10.22/
+http://202.176.8.101/
+http://203.120.35.120/
+http://203.81.13.100/
+http://204.154.44.249/
+http://208.254.13.19/
+http://208.65.194.54/
+http://208.65.199.15/
+http://208.77.29.132/
+http://208.77.29.133/
+http://217.114.80.165/
+http://217.114.80.195/
+http://217.114.81.153/
+http://61.123.228.88/
+http://61.213.187.135/
+http://66.150.196.39/
+http://67.108.154.133/
+http://87.82.203.85/
+http://app3-origin.globaleservice.com/
+http://appdev.uwf.edu/
+http://hackerwatch.org
+http://pmbronline.kaplan.com/
+http://student.kaptest.com/
+http://switchboard.gasbinsurance.com/
+http://travelcutsca.raileurope.com/
+http://turi.episerverhotell.net/
+http://wcl.accurohealth.com/
+http://www.cross-sell.com/
+https://206.165.240.73/
+https://206.165.245.233
+https://altmarketstcprod.gaic.com/
+https://unitedhealthcare.p0.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+def bin2dec(number)
+ # taken from http://icfun.blogspot.com/2008/04/ruby-number-conversion-from-one-base-to.html
+ ret_dec = 0;
+ number.split(//).each{|digit|
+ ret_dec = (Integer(digit) + ret_dec) * 2;
+ }
+ return ret_dec/2;
+end
+
+def dec2bin(number)
+ # taken from http://icfun.blogspot.com/2008/04/ruby-number-conversion-from-one-base-to.html
+ number = Integer(number);
+ if(number == 0)
+ return 0;
+ end
+ ret_bin = "";
+ ## Untill val is zero, convert it into binary format
+ while(number != 0)
+ ret_bin = String(number % 2) + ret_bin;
+ number = number / 2;
+ end
+ return ret_bin;
+end
+
+def extract_ip(s)
+ n = Integer(s)
+ b1 = dec2bin(n)
+ b2 = b1
+ d1 = []
+ ip = ''
+
+ unless b1.length % 8 == 0
+ r = b1
+ dif = 32 - b1.length
+
+ b2 = r[0,r.length-4].to_s + '0'*dif + r[r.length-4,r.length].to_s
+ end
+ i=1
+ if b2.length % 8 == 0
+ xb2 = b2.scan(/.{8}/)
+ xb2.each do |x|
+ if i%4 == 0
+ d1 << bin2dec(x).to_s + ','
+ else
+ d1 << bin2dec(x).to_s
+ end
+ i = i+1
+ end
+ ip = d1.join('.')
+ ip.gsub!(',.',',')
+ end
+
+ ip
+end
+
+def passive
+ m = []
+ ips = []
+
+
+ m << {:name=>"http pool cookie" } if @meta["set-cookie"] =~/http(s?)([\.\-\_])pool(.*?)=/i
+
+ m << {:name=>"http pool cookie" } if @meta["set-cookie"] =~/http([\.\-\_].)pool=/i
+
+ if @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool(.*?)=/i
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool/i)
+
+
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+
+ elsif @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool=/i
+
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\-\_]?)http([\.\-\_])pool=/i)
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+
+ elsif @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)https([\.\-\_])pool=/i
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)https([\.\-\_])pool=/i)
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+ end
+
+
+ if @meta["set-cookie"] =~ /http([\.\-\_])pool=(\d{1,30})\./i
+
+ extr_ip = $2
+ int_ip = extract_ip(extr_ip.to_s)
+
+ if int_ip.length > 0
+ ips << int_ip
+ end
+
+ end
+ if @meta["set-cookie"] =~ /https([\.\-\_])pool=(\d{1,30})\./i
+
+ extr_ip = $2
+
+ int_ip = extract_ip(extr_ip.to_s)
+
+ if int_ip.length > 0
+ ips << int_ip
+ end
+ end
+
+
+ if ips.size == 0 and @meta["set-cookie"] =~ /http(s?)([\.\-\_])pool(.*?)=(\d{1,30})\./i
+ extr_ip = $4
+ int_ip = extract_ip(extr_ip.to_s)
+ if int_ip.length > 0
+ ips << int_ip
+ end
+ end
+
+
+ ips.uniq!
+ if ips.size >= 1
+ ips2 = ips.join(',')
+ ips2.gsub!(',.',',')
+ ips2.gsub!(',,',',')
+ ips2 = ips2[0,ips2.length-1] if ips2[ips2.length-1,ips2.length] == ','
+ m << {:string => 'Load Balancer IP(s): ' + ips2} if ips.size > 1
+ m << {:string => 'Load Balancer IP: ' + ips2} if ips.size == 1
+ end
+
+
+
+ m
+
+end
+
+
+end
+
+
+
View
76 all-contributed-plugins/juniper-load-balancer.rb
@@ -0,0 +1,76 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Juniper-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Juniper Networks Application Acceleration and Load Balancing Platforms - http://juniper.net/ . Note: This will slow down your web app pentest scanning. Use only manual fuzzing with time throttling."
+
+examples %w|
+http://www.juniper.net/
+http://12.105.142.170/
+http://12.105.142.237/
+http://123.176.112.242/
+http://123.176.112.243/
+http://123.176.112.41/
+http://123.176.112.67/
+http://147.6.81.92/
+http://150.101.83.113
+http://193.194.158.204/
+http://193.242.192.57/
+http://203.120.129.110/
+http://203.120.149.83
+http://207.104.211.80/
+http://212.137.33.109/
+http://212.137.33.88/
+http://212.137.33.74
+http://213.4.57.106/
+http://213.4.57.108/
+http://213.4.57.109/
+http://63.210.58.82/
+http://63.240.234.120/
+http://63.240.234.123/
+http://74.175.106.71/
+http://corporate.lc.jumbo.pt/
+http://cpms.dfa.state.nm.us/
+http://www.marriottvacationclub.com
+http://www.palmerston.nt.gov.au/
+http://www.ritzcarltonclub.com/
+https://aida.bvdep.com
+https://mintglobal.bvdep.com/
+https://www.myritzcarltonclub.com/
+|
+
+
+
+matches [
+
+
+
+
+]
+
+
+def passive
+ m=[]
+
+ m << {:name=>"cookie (rl-sticky-key)" } if @meta["set-cookie"] =~ /rl\-sticky\-key/i
+ m << {:name=>"via header" } if @meta["via"] =~ /Juniper Networks Application Acceleration Platform/i
+
+
+ if @meta['via'] =~ /Juniper Networks Application Acceleration Platform \- ([^<^\)]*)/i
+ version = @meta['via'].scan(/Juniper Networks Application Acceleration Platform \- ([^<^\)]*)/i)
+ m << {:version=>'Juniper Networks Application Acceleration Platform ' + version.to_s}
+
+ end
+
+ m
+end
+
+
+end
+
+
View
79 all-contributed-plugins/juniper-netscreen-secure-access.rb
@@ -0,0 +1,79 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Juniper-NetScreen-Secure-Access" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Juniper Networks NetScreen Secure Access (SSL VPN) - http://www.juniper.net/"
+
+examples %w|
+https://vpn.lib.ucdavis.edu/
+https://myvpn.ford.com/
+https://webaccess.areva-td.com/
+https://vpn-cr.aegonins.com/
+https://inet.bmofg.com/
+https://eu.maxlite.mobi/
+https://remote.chpnet.org/
+https://remote.mercy.net/
+https://rsvpn.raytheon.com/
+https://connect.spsu.edu/
+https://vpn.ucsf.edu/
+https://vpn2.safelnk.net/
+https://hsslvpn.honeywell.com/
+https://webaccess.pg.com/
+https://online.novanthealth.org/
+https://cans.educationicts.co.uk/
+https://mdajun.mdanderson.org/
+https://xtranet.umm.edu/
+https://teamworks.gdit.com/
+https://site03.remoteoffice.citigroup.com/
+https://lmpassage3.external.lmco.com/
+https://sra.cn.ca/
+https://sslvpn.pitt.edu/
+https://webvpn.nus.edu.sg/
+https://gateway.slb.com/
+https://go.connectge.com/
+https://webportal.parsons.com/
+https://remotevpn.meijer.com/
+https://nantes.metagate.francetelecom.com/
+https://dashboard.chrysler.com/
+https://sslvpn.medical.washington.edu/
+https://mygp.gp.com/
+https://www.myweatherford.ca/
+https://securevpn.tm.com.my/
+https://gateway.wipro.com/
+https://vpn.umbc.edu/
+https://connect.bechtel.com/?p=no-roles
+https://connect.nestle.biz/
+https://access.hersheymed.net/
+https://rap.northshorelij.com/
+https://hhin.hmsa.com/
+https://usbportal.usbank.com/
+https://secureaccess.intermountainhealthcare.org/
+https://rcconnect.rockwellcollins.com/
+https://webvpn.nmh.org/
+https://asg.statestreet.com/
+https://sap.bsli.in/
+|
+
+
+
+matches [
+
+{:name => 'default url',:url=>'/dana-na/auth/url_default/welcome.cgi'},
+
+{:name => 'juniper logo md5', :md5=> '1ec04eec4e1898da8258215a2eb4758b', :url=>'/dana-na/auth/welcome.cgi?p=rolelogo'},
+
+{:name => 'html body', :regexp=>/src="\/dana\-na\/css\/ds\.js">|<img border="0" src="welcome\.cgi\?p=logo|src="\/dana\-na\/imgs\/space\.gif"|document\.cookie = "DSPREAUTH="\+ escape\(""\)|src="\/dana\-na\/auth\/url_default\/s/i }
+
+]
+
+
+
+
+end
+
+
View
97 all-contributed-plugins/microsoft-outlook-web-access.rb
@@ -0,0 +1,97 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Microsoft-Outlook-Web-Access" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-03
+version "0.1"
+description "Microsoft Outlook Web Access - http://www.microsoft.com/"
+
+examples %w|
+https://webmail.ec.europa.eu/
+https://phsexchweb.partners.org/
+https://student-webmail.tvu.ac.uk/exchweb/bin/auth/owalogon.asp
+https://webmail.inhs.org/exchweb/bin/auth/owalogon.asp
+https://owa.vivetelmex.com/exchweb/bin/auth/owalogon.asp
+https://email.btconnect.com/exchweb/bin/auth/owalogon.asp
+https://apowa.csl.com.au/CookieAuth.dll
+https://webems.rmit.edu.vn/exchweb/bin/auth/owalogon.asp
+https://uspl.webmail.eds.com/exchweb/bin/auth/owalogon.asp
+https://owa.mailseat.com/exchweb/bin/auth/owalogon.asp
+https://mn-exch1.nes.nuclearholdings.co.uk/exchweb/bin/auth/owalogon.asp
+http://www.davis-interiors.com/exchweb/bin/auth/owalogon.asp
+https://medexch.med.unc.edu/exchweb/bin/auth/owalogon.asp
+https://cpsmail.cps.k12.il.us/exchweb/bin/auth/owalogon.asp
+https://82.93.236.51/exchweb/bin/auth/owalogon.asp
+https://student.westwood.edu/exchweb/bin/auth/owalogon.asp
+https://ssl.esu.edu/exchweb/bin/auth/owalogon.asp
+https://outlook.leeds.ac.uk/exchweb/bin/auth/owalogon.asp
+https://www.mayerreed.com/exchweb/bin/auth/owalogon.asp
+https://mail.apscuf.org/exchweb/bin/auth/owalogon.asp
+https://www.compasscpagroup.com/exchweb/bin/auth/owalogon.asp
+https://owa.nusd.k12.az.us/exchweb/bin/auth/owalogon.asp
+https://remote.greatnorthwest.org/exchweb/bin/auth/owalogon.asp
+https://staffmail.telstraclear.co.nz/exchweb/bin/auth/owalogon.asp
+https://smtp.wellsnursing.org/exchweb/bin/auth/owalogon.asp
+https://www.jastrucking.com/exchweb/bin/auth/owalogon.asp
+https://secure.mitchellinstallations.ca/exchweb/bin/auth/owalogon.asp
+https://mail.zimmermw.com/exchweb/bin/auth/owalogon.asp
+https://mail.lakeforrestprep.com/exchweb/bin/auth/owalogon.asp
+https://eumail.bp.com/exchweb/bin/auth/owalogon.asp
+|
+
+#AD name leak
+# https://apowa.csl.com.au/CookieAuth.dll
+# https://student-webmail.tvu.ac.uk/exchweb/bin/auth/owalogon.asp
+# https://student.westwood.edu/exchweb/bin/auth/owalogon.asp
+# https://owa.nusd.k12.az.us/exchweb/bin/auth/owalogon.asp
+
+matches [
+
+{ :ghdb=>'inurl:/exchweb/bin/auth/owalogon.asp' },
+
+{ :name=>'html body', :url=>'/exchweb/bin/auth/owalogon.asp?url=https://1&reason=2',:text=>'<TR><TD><P style="color:red">You could not be logged on to'},
+{:name=>'html body', :url=>'CookieAuth.dll?GetLogon?url=/&reason=2',:text=>'<TR><TD><P style="color:red">You could not be logged on to'},
+
+
+{ :version =>'Microsoft Exchange Server 2003', :text =>'Microsoft Exchange Server 2003" height=62'},
+
+{ :name=>'html title', :text=>'<TITLE>Microsoft Outlook Web Access</TITLE>' },
+
+{ :name=>'noscript', :text=>'<td style="width:100%">To use Microsoft Outlook Web access, browser settings must allow scripts to run.'},
+
+{ :name=>'html body', :text=>'automatically closes its connection to your mailbox after a period of inactivity. If your session ends, refresh your browser, and then log on again.' },
+
+{ :name=>'html body', :text=>'To protect your account from unauthorized access, Outlook Web Access automatically ends your mail session after a period of inactivity. If your session ends, and the Logon page is not displayed, click on a mail folder (e.g., Inbox), and you should be redirected to the Logon page, where you can log on again.'},
+
+{ :name =>'form action url', :text=>'<FORM action="/exchweb/bin/auth/owaauth.dll"' },
+
+{ :name =>'form action url', :text=>'<FORM action="/CookieAuth.dll?Logon"' },
+
+{ :name=>'url redirection', :regexp=>/window\.location\.href="https:\/\/(.*?)\/exchange";/ }
+
+]
+
+def passive
+ m = []
+
+ if @body =~ /logonForm\.username\.value = "(.*?)"/i
+ domain = @body.scan(/logonForm\.username\.value = "(.*?)"/i)
+ m << {:string=>'AD Domain: ' + domain.to_s}
+
+ elsif @body =~ /document\.getElementById\("username"\)\.value = '(.*?)'/i
+ domain = @body.scan(/document\.getElementById\("username"\)\.value = '(.*?)'/i)
+ m << {:string=>'AD Domain: ' + domain.to_s}
+
+ end
+
+
+ m
+end
+
+
+end
+
+
View
45 all-contributed-plugins/profense-firewall.rb
@@ -0,0 +1,45 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+# almost all IPs currently don't work
+# http://www.shodanhq.com/?q=PLBSID
+
+Plugin.define "Profense-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Profense Web Application Firewall - http://www.armorlogic.com/profense_overview.html"
+
+examples %w|
+www.axcess-financial.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"PLBSID cookie" } if @meta["set-cookie"] =~ /PLBSID=/i
+ m << {:name=>"server header" } if @meta["server"] =~ /Profense/i
+
+ m
+
+end
+
+
+end
+
+
View
47 all-contributed-plugins/vtigercrm.rb
@@ -0,0 +1,47 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "vTigerCRM" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "vTigerCRM - http://www.vtiger.com/"
+
+examples %w|
+http://demo.vtiger.com/
+http://demo.vtiger.de/
+http://demo.myvtiger.it/
+http://demo.vhostr.com/
+http://demo.vtiger-crm.cz/
+http://www.portalondemand.biz/demo/vtigercrm52/
+http://demo.vtiger.pl/
+http://planetauthorize.com/vtiger52demo/
+http://demo.m8solutions.com/vtigercrm/
+http://demo.devsum.it/vtiger/
+http://www.magestore.com/demo/vtiger/
+http://openwebapplications.com/crmdemo/
+|
+
+
+
+matches [
+{ :name=>'favicon md5', :url=>'/themes/images/vtigercrm_icon.ico',:md5=>'d90cc1762bf724db71d6df86effab63c'},
+
+{ :name=>'favicon md5', :url=>'/include/images/vtigercrm_icon.ico',:md5=>'d90cc1762bf724db71d6df86effab63c'},
+
+{ :name=>'stats img', :text=>'<img src=\'http://stats.vtiger.com/stats.php?uid=' },
+
+{ :version => /<span style='color: rgb\(153, 153, 153\);'>vtiger CRM ([^<]*)<\/span>/, :regexp_offset => 0},
+
+{ :name=>'copyright footer', :regexp => /&copy; 2004\-\d{4} <a href='http:\/\/www.vtiger.com' target='_blank'>vtiger.com<\/a>/},
+
+{ :name=>'html body favicon', :text=>'/vtigercrm_icon.ico">'}
+
+]
+
+
+end
+
+
View
91 all-contributed-plugins/watchguard-firewal.rb
@@ -0,0 +1,91 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "WatchGuard-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "WatchGuard Firewall - http://www.watchguard.com/products/edge-e/overview.asp"
+
+examples %w|
+http://119.192.80.242/
+http://119.196.217.76/
+http://121.133.227.94/
+http://121.143.123.57/
+http://121.159.164.45/
+http://173.162.75.189/
+http://173.165.228.17/
+http://173.25.141.99/
+http://193.253.214.176/
+http://202.168.66.26/
+http://206.255.36.198/
+http://207.109.253.97/
+http://209.254.21.90/
+http://211.192.91.27/
+http://216.163.77.138/
+http://216.223.141.17/
+http://216.223.146.201/
+http://216.223.154.193/
+http://216.223.158.241/
+http://217.128.168.37/
+http://217.211.53.241/
+http://218.92.204.230/
+http://59.1.182.146/
+http://59.7.204.180/
+http://65.198.212.27/
+http://65.40.170.38/
+http://67.76.207.78/
+http://67.76.232.167/
+http://68.15.235.200/
+http://68.213.102.82/
+http://69.239.64.190/
+http://70.147.42.201/
+http://70.239.32.125/
+http://70.88.50.181/
+http://71.33.228.49/
+http://75.144.48.193/
+http://75.145.208.13/
+http://77.43.67.10/
+http://79.38.10.65/
+http://80.25.138.106/
+http://80.34.60.117/
+http://80.38.129.24/
+http://83.232.73.162/
+http://85.233.189.91/
+http://91.48.1.198/
+http://91.84.26.245/
+http://95.152.77.48/
+http://99.239.2.191/
+http://99.38.136.54/
+
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"http www-authenticate" } if @meta["www-authenticate"] =~ /realm="WatchGuard Firebox/i
+ m << {:name=>"http server header" } if @meta["www-authenticate"] =~ /WatchGuard Firewall/i
+
+ m
+
+end
+
+
+end
+
+
View
99 new-plugins/barracuda-load-balancer.rb
@@ -0,0 +1,99 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "Barracuda-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Barracuda Load Balancer - http://www.barracudanetworks.com/ns/products/balancer_overview.php"
+
+examples %w|
+http://109.232.67.68/
+http://12.4.189.29/
+http://122.1.75.132/
+http://122.220.200.187/
+http://157.238.223.214/
+http://158.217.205.24/
+http://163.150.129.104/
+http://168.143.96.143/
+http://180.149.11.28/
+http://184.2.45.17/
+http://184.2.45.4/
+http://184.2.45.5/
+http://184.2.45.8/
+http://193.1.214.21/
+http://194.228.3.162
+http://195.35.81.215/
+http://200.14.64.8/
+http://208.252.18.162/
+http://208.252.18.199/
+http://208.99.198.73/
+http://216.125.140.65/
+http://216.144.187.12/
+http://217.13.207.152/
+http://62.82.110.13/
+http://62.82.110.18/
+http://64.142.111.225/
+http://64.142.111.236/
+http://64.142.111.244/
+http://64.142.111.245/
+http://66.23.243.108/
+http://66.77.147.233/
+http://66.77.49.205/
+http://66.77.49.207/
+http://66.77.49.214/
+http://68.111.3.121/
+http://69.10.231.91/
+http://76.75.201.54/
+http://79.123.57.18/
+http://79.123.57.21/
+http://81.246.17.182/
+http://84.246.228.135/
+http://ebiznet.nimc.co.in/
+http://moodle.learnnc.org/
+http://www.mediadirect.ro/
+http://www.nycgo.com/
+http://www1.siliconexpert.com/
+https://www.eonweb.org/
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+
+ if @meta["set-cookie"] =~ /BNI__BARRACUDA_LB_COOKIE/i
+ m << {:name=>"BNI__BARRACUDA_LB_COOKIE cookie" }
+ elsif @meta["set-cookie"] =~ /BARRACUDA_LB_COOKIE/i
+ m << {:name=>"BARRACUDA_LB_COOKIE cookie" }
+ end
+
+
+
+ if @meta["set-cookie"] =~ /BARRACUDA_LB_COOKIE=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i
+ internal_ip = @meta["set-cookie"].scan(/BARRACUDA_LB_COOKIE=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i)
+ m << {:string=>'Internal IP: ' + internal_ip.to_s}
+ end
+
+ m
+
+end
+
+
+end
+
+
View
62 new-plugins/binarysec-firewall.rb
@@ -0,0 +1,62 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "BinarySec-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "BinarySec Web Application Firewall - http://www.binarysec.com"
+
+examples %w|
+www.binarysec.com
+195.98.231.142
+91.121.97.83
+87.98.160.245
+213.223.138.13
+87.98.130.144
+87.98.221.237
+91.121.62.246
+hug.re
+www.hoteldugolfetizzano.com
+antennereunion.fr
+vity.fr
+www.rer.re
+www.occasions-guadeloupe.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+
+ m << {:name=>"X-BinarySEC-Via header "} if @meta.keys.include?("X-BinarySEC-Via".downcase())
+ m << {:name=>"X-BinarySEC-NoCache header "} if @meta.keys.include?("X-BinarySEC-NoCache".downcase())
+
+ m << {:name=>"server header "} if @meta['server'] =~ /BinarySec/i
+
+ if @meta['server'] =~ /BinarySEC\/(\d{1,3}\.\d{1,4}\.\d{1,4})/i
+ version = @meta['server'].scan(/BinarySEC\/(\d{1,3}\.\d{1,4}\.\d{1,4})/i)
+ m << {:version=> version.to_s}
+ end
+ m
+
+end
+
+
+end
+
+
View
69 new-plugins/citrix-netscaler.rb
@@ -0,0 +1,69 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "Citrix-NetScaler" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Citrix NetScaler - http://www.citrix.com/netscaler"
+
+examples %w|
+
+http://147.1.245.144/
+http://169.204.191.193/
+http://169.204.191.210/
+http://192.8.30.16/
+http://193.27.194.212/
+http://198.238.212.10/
+http://200.186.47.207/
+http://203.25.1.143/
+http://216.248.195.194/
+http://216.99.133.22/
+http://62.122.9.84/
+http://62.237.243.27/
+http://62.237.243.29/
+http://62.237.243.7/
+http://62.69.179.83/
+http://62.69.179.91/
+http://63.172.231.32/
+http://65.192.185.146/
+http://74.123.7.30/
+http://74.217.169.24/
+http://84.16.167.16/
+http://94.126.240.118/
+http://pipeline.cenex.com/
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"http via" } if @meta["via"] =~ /NS\-CACHE/i
+
+
+ if @meta["via"] =~ /NS\-CACHE\-(\d{1,4}\.\d{1,4}):/i
+ version = @meta["via"].scan(/NS\-CACHE\-(\d{1,4}\.\d{1,4})/i)
+ m << {:string=>'version: ' + version.to_s}
+ end
+
+ m
+
+end
+
+
+end
+
+
View
90 new-plugins/cloudflare.rb
@@ -0,0 +1,90 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "cloudflare" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "ClouldFlare - https://www.cloudflare.com/"
+
+examples %w|
+http://yehg.net/
+http://www.ornagai.com/
+http://anti-virus.cloudflare.com
+http://12flat.com/
+http://artician.net/
+http://techgeeks-online.com/
+http://ps3blog.net/
+http://techairlines.com/
+http://manzwebdesigns.com/
+http://jenmenke.com/
+http://jonesdoug.com/
+199.27.132.117
+199.27.135.56
+199.27.135.145
+199.27.135.104
+199.27.128.121
+199.27.129.67
+199.27.129.160
+199.27.129.28
+199.27.130.224
+199.27.131.170
+199.27.128.218
+199.27.132.54
+199.27.132.221
+199.27.132.132
+199.27.130.46
+199.27.134.115
+199.27.132.182
+199.27.132.124
+199.27.134.48
+199.27.128.67
+199.27.129.163
+199.27.134.93
+199.27.130.164
+199.27.131.92
+199.27.130.149
+199.27.134.73
+199.27.129.193
+199.27.129.31
+199.27.130.102
+199.27.131.65
+199.27.129.47
+199.27.129.150
+199.27.130.84
+199.27.134.103
+199.27.128.83
+199.27.130.171
+199.27.134.52
+199.27.130.181
+199.27.130.55
+|
+
+
+
+matches [
+
+{:name => 'access restricted iframe', :text => '<iframe frameborder="0" width="100%" height="100%" src="http://anti-virus.cloudflare.com/cdn-cgi/anti-virus-challenge?h='},
+
+{:name => 'footer', :text => '&nbsp;&nbsp;Performance &amp; Security by <a id="FooterCloudFlare" href="https://www.cloudflare.com" target="_blank">CloudFlare</a>'},
+
+
+
+]
+
+
+def passive
+ m=[]
+
+ m << {:name=>"__cfduid cookie" } if @meta["set-cookie"] =~ /__cfduid/i
+ m << {:name=>"server header" } if @meta["server"] =~ /cloudflare\-nginx/i
+
+ m
+end
+
+
+end
+
+
View
28 new-plugins/evercookie.rb
@@ -0,0 +1,28 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "evercookie" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "EverCookie - http://samy.pl/evercookie/"
+
+examples %w|
+http://samy.pl/evercookie/
+|
+
+
+
+matches [
+{ :url=>'/js/evercookie.js',:text=>'* by samy kamkar : code@samy.pl : http://samy.pl'},
+{ :url=>'evercookie.js',:text=>'* by samy kamkar : code@samy.pl : http://samy.pl'},
+{ :text=>'evercookie.js"></script>' },
+
+]
+
+
+end
+
+
View
218 new-plugins/f5-bigip-loadbalancer.rb
@@ -0,0 +1,218 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "F5-BigIP-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "F5 BigIP Load Balancer - http://www.f5.com/products/big-ip/"
+
+# example ips might not demonstrate BigIP usage for always
+examples %w|
+http://12.178.78.132/
+http://124.211.45.51/
+http://128.11.138.84/
+http://131.91.129.88/
+http://142.76.1.135/
+http://143.88.3.35/
+http://168.75.99.110/
+http://195.234.225.247/
+http://199.106.238.130/
+http://199.106.238.158/
+http://202.143.10.22/
+http://202.176.8.101/
+http://203.120.35.120/
+http://203.81.13.100/
+http://204.154.44.249/
+http://208.254.13.19/
+http://208.65.194.54/
+http://208.65.199.15/
+http://208.77.29.132/
+http://208.77.29.133/
+http://217.114.80.165/
+http://217.114.80.195/
+http://217.114.81.153/
+http://61.123.228.88/
+http://61.213.187.135/
+http://66.150.196.39/
+http://67.108.154.133/
+http://87.82.203.85/
+http://app3-origin.globaleservice.com/
+http://appdev.uwf.edu/
+http://hackerwatch.org
+http://pmbronline.kaplan.com/
+http://student.kaptest.com/
+http://switchboard.gasbinsurance.com/
+http://travelcutsca.raileurope.com/
+http://turi.episerverhotell.net/
+http://wcl.accurohealth.com/
+http://www.cross-sell.com/
+https://206.165.240.73/
+https://206.165.245.233
+https://altmarketstcprod.gaic.com/
+https://unitedhealthcare.p0.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+def bin2dec(number)
+ # taken from http://icfun.blogspot.com/2008/04/ruby-number-conversion-from-one-base-to.html
+ ret_dec = 0;
+ number.split(//).each{|digit|
+ ret_dec = (Integer(digit) + ret_dec) * 2;
+ }
+ return ret_dec/2;
+end
+
+def dec2bin(number)
+ # taken from http://icfun.blogspot.com/2008/04/ruby-number-conversion-from-one-base-to.html
+ number = Integer(number);
+ if(number == 0)
+ return 0;
+ end
+ ret_bin = "";
+ ## Untill val is zero, convert it into binary format
+ while(number != 0)
+ ret_bin = String(number % 2) + ret_bin;
+ number = number / 2;
+ end
+ return ret_bin;
+end
+
+def extract_ip(s)
+ n = Integer(s)
+ b1 = dec2bin(n)
+ b2 = b1
+ d1 = []
+ ip = ''
+
+ unless b1.length % 8 == 0
+ r = b1
+ dif = 32 - b1.length
+
+ b2 = r[0,r.length-4].to_s + '0'*dif + r[r.length-4,r.length].to_s
+ end
+ i=1
+ if b2.length % 8 == 0
+ xb2 = b2.scan(/.{8}/)
+ xb2.each do |x|
+ if i%4 == 0
+ d1 << bin2dec(x).to_s + ','
+ else
+ d1 << bin2dec(x).to_s
+ end
+ i = i+1
+ end
+ ip = d1.join('.')
+ ip.gsub!(',.',',')
+ end
+
+ ip
+end
+
+def passive
+ m = []
+ ips = []
+
+
+ m << {:name=>"http pool cookie" } if @meta["set-cookie"] =~/http(s?)([\.\-\_])pool(.*?)=/i
+
+ m << {:name=>"http pool cookie" } if @meta["set-cookie"] =~/http([\.\-\_].)pool=/i
+
+ if @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool(.*?)=/i
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool/i)
+
+
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+
+ elsif @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)http([\.\-\_])pool=/i
+
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\-\_]?)http([\.\-\_])pool=/i)
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+
+ elsif @meta["set-cookie"] =~ /BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)https([\.\-\_])pool=/i
+ extr = @meta["set-cookie"].scan(/BIGipServer([\.\-\_]?)([^\s]*?)([\.\-\_]?)https([\.\-\_])pool=/i)
+ if extr.size > 0
+ int_host = extr[0].to_s.scan(/(.*?[^.^_^__^\-$])/)
+ else
+ int_host = extr.to_s.scan(/(.*?[^.^_^__^\-$])/)
+ end
+ m << {:string => 'Web Server Host Name: ' + int_host.to_s}
+ end
+
+
+ if @meta["set-cookie"] =~ /http([\.\-\_])pool=(\d{1,30})\./i
+
+ extr_ip = $2
+ int_ip = extract_ip(extr_ip.to_s)
+
+ if int_ip.length > 0
+ ips << int_ip
+ end
+
+ end
+ if @meta["set-cookie"] =~ /https([\.\-\_])pool=(\d{1,30})\./i
+
+ extr_ip = $2
+
+ int_ip = extract_ip(extr_ip.to_s)
+
+ if int_ip.length > 0
+ ips << int_ip
+ end
+ end
+
+
+ if ips.size == 0 and @meta["set-cookie"] =~ /http(s?)([\.\-\_])pool(.*?)=(\d{1,30})\./i
+ extr_ip = $4
+ int_ip = extract_ip(extr_ip.to_s)
+ if int_ip.length > 0
+ ips << int_ip
+ end
+ end
+
+
+ ips.uniq!
+ if ips.size >= 1
+ ips2 = ips.join(',')
+ ips2.gsub!(',.',',')
+ ips2.gsub!(',,',',')
+ ips2 = ips2[0,ips2.length-1] if ips2[ips2.length-1,ips2.length] == ','
+ m << {:string => 'Load Balancer IP(s): ' + ips2} if ips.size > 1
+ m << {:string => 'Load Balancer IP: ' + ips2} if ips.size == 1
+ end
+
+
+
+ m
+
+end
+
+
+end
+
+
+
View
76 new-plugins/juniper-load-balancer.rb
@@ -0,0 +1,76 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Juniper-Load-Balancer" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Juniper Networks Application Acceleration and Load Balancing Platforms - http://juniper.net/ . Note: This will slow down your web app pentest scanning. Use only manual fuzzing with time throttling."
+
+examples %w|
+http://www.juniper.net/
+http://12.105.142.170/
+http://12.105.142.237/
+http://123.176.112.242/
+http://123.176.112.243/
+http://123.176.112.41/
+http://123.176.112.67/
+http://147.6.81.92/
+http://150.101.83.113
+http://193.194.158.204/
+http://193.242.192.57/
+http://203.120.129.110/
+http://203.120.149.83
+http://207.104.211.80/
+http://212.137.33.109/
+http://212.137.33.88/
+http://212.137.33.74
+http://213.4.57.106/
+http://213.4.57.108/
+http://213.4.57.109/
+http://63.210.58.82/
+http://63.240.234.120/
+http://63.240.234.123/
+http://74.175.106.71/
+http://corporate.lc.jumbo.pt/
+http://cpms.dfa.state.nm.us/
+http://www.marriottvacationclub.com
+http://www.palmerston.nt.gov.au/
+http://www.ritzcarltonclub.com/
+https://aida.bvdep.com
+https://mintglobal.bvdep.com/
+https://www.myritzcarltonclub.com/
+|
+
+
+
+matches [
+
+
+
+
+]
+
+
+def passive
+ m=[]
+
+ m << {:name=>"cookie (rl-sticky-key)" } if @meta["set-cookie"] =~ /rl\-sticky\-key/i
+ m << {:name=>"via header" } if @meta["via"] =~ /Juniper Networks Application Acceleration Platform/i
+
+
+ if @meta['via'] =~ /Juniper Networks Application Acceleration Platform \- ([^<^\)]*)/i
+ version = @meta['via'].scan(/Juniper Networks Application Acceleration Platform \- ([^<^\)]*)/i)
+ m << {:version=>'Juniper Networks Application Acceleration Platform ' + version.to_s}
+
+ end
+
+ m
+end
+
+
+end
+
+
View
79 new-plugins/juniper-netscreen-secure-access.rb
@@ -0,0 +1,79 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Juniper-NetScreen-Secure-Access" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Juniper Networks NetScreen Secure Access (SSL VPN) - http://www.juniper.net/"
+
+examples %w|
+https://vpn.lib.ucdavis.edu/
+https://myvpn.ford.com/
+https://webaccess.areva-td.com/
+https://vpn-cr.aegonins.com/
+https://inet.bmofg.com/
+https://eu.maxlite.mobi/
+https://remote.chpnet.org/
+https://remote.mercy.net/
+https://rsvpn.raytheon.com/
+https://connect.spsu.edu/
+https://vpn.ucsf.edu/
+https://vpn2.safelnk.net/
+https://hsslvpn.honeywell.com/
+https://webaccess.pg.com/
+https://online.novanthealth.org/
+https://cans.educationicts.co.uk/
+https://mdajun.mdanderson.org/
+https://xtranet.umm.edu/
+https://teamworks.gdit.com/
+https://site03.remoteoffice.citigroup.com/
+https://lmpassage3.external.lmco.com/
+https://sra.cn.ca/
+https://sslvpn.pitt.edu/
+https://webvpn.nus.edu.sg/
+https://gateway.slb.com/
+https://go.connectge.com/
+https://webportal.parsons.com/
+https://remotevpn.meijer.com/
+https://nantes.metagate.francetelecom.com/
+https://dashboard.chrysler.com/
+https://sslvpn.medical.washington.edu/
+https://mygp.gp.com/
+https://www.myweatherford.ca/
+https://securevpn.tm.com.my/
+https://gateway.wipro.com/
+https://vpn.umbc.edu/
+https://connect.bechtel.com/?p=no-roles
+https://connect.nestle.biz/
+https://access.hersheymed.net/
+https://rap.northshorelij.com/
+https://hhin.hmsa.com/
+https://usbportal.usbank.com/
+https://secureaccess.intermountainhealthcare.org/
+https://rcconnect.rockwellcollins.com/
+https://webvpn.nmh.org/
+https://asg.statestreet.com/
+https://sap.bsli.in/
+|
+
+
+
+matches [
+
+{:name => 'default url',:url=>'/dana-na/auth/url_default/welcome.cgi'},
+
+{:name => 'juniper logo md5', :md5=> '1ec04eec4e1898da8258215a2eb4758b', :url=>'/dana-na/auth/welcome.cgi?p=rolelogo'},
+
+{:name => 'html body', :regexp=>/src="\/dana\-na\/css\/ds\.js">|<img border="0" src="welcome\.cgi\?p=logo|src="\/dana\-na\/imgs\/space\.gif"|document\.cookie = "DSPREAUTH="\+ escape\(""\)|src="\/dana\-na\/auth\/url_default\/s/i }
+
+]
+
+
+
+
+end
+
+
View
97 new-plugins/microsoft-outlook-web-access.rb
@@ -0,0 +1,97 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "Microsoft-Outlook-Web-Access" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-03
+version "0.1"
+description "Microsoft Outlook Web Access - http://www.microsoft.com/"
+
+examples %w|
+https://webmail.ec.europa.eu/
+https://phsexchweb.partners.org/
+https://student-webmail.tvu.ac.uk/exchweb/bin/auth/owalogon.asp
+https://webmail.inhs.org/exchweb/bin/auth/owalogon.asp
+https://owa.vivetelmex.com/exchweb/bin/auth/owalogon.asp
+https://email.btconnect.com/exchweb/bin/auth/owalogon.asp
+https://apowa.csl.com.au/CookieAuth.dll
+https://webems.rmit.edu.vn/exchweb/bin/auth/owalogon.asp
+https://uspl.webmail.eds.com/exchweb/bin/auth/owalogon.asp
+https://owa.mailseat.com/exchweb/bin/auth/owalogon.asp
+https://mn-exch1.nes.nuclearholdings.co.uk/exchweb/bin/auth/owalogon.asp
+http://www.davis-interiors.com/exchweb/bin/auth/owalogon.asp
+https://medexch.med.unc.edu/exchweb/bin/auth/owalogon.asp
+https://cpsmail.cps.k12.il.us/exchweb/bin/auth/owalogon.asp
+https://82.93.236.51/exchweb/bin/auth/owalogon.asp
+https://student.westwood.edu/exchweb/bin/auth/owalogon.asp
+https://ssl.esu.edu/exchweb/bin/auth/owalogon.asp
+https://outlook.leeds.ac.uk/exchweb/bin/auth/owalogon.asp
+https://www.mayerreed.com/exchweb/bin/auth/owalogon.asp
+https://mail.apscuf.org/exchweb/bin/auth/owalogon.asp
+https://www.compasscpagroup.com/exchweb/bin/auth/owalogon.asp
+https://owa.nusd.k12.az.us/exchweb/bin/auth/owalogon.asp
+https://remote.greatnorthwest.org/exchweb/bin/auth/owalogon.asp
+https://staffmail.telstraclear.co.nz/exchweb/bin/auth/owalogon.asp
+https://smtp.wellsnursing.org/exchweb/bin/auth/owalogon.asp
+https://www.jastrucking.com/exchweb/bin/auth/owalogon.asp
+https://secure.mitchellinstallations.ca/exchweb/bin/auth/owalogon.asp
+https://mail.zimmermw.com/exchweb/bin/auth/owalogon.asp
+https://mail.lakeforrestprep.com/exchweb/bin/auth/owalogon.asp
+https://eumail.bp.com/exchweb/bin/auth/owalogon.asp
+|
+
+#AD name leak
+# https://apowa.csl.com.au/CookieAuth.dll
+# https://student-webmail.tvu.ac.uk/exchweb/bin/auth/owalogon.asp
+# https://student.westwood.edu/exchweb/bin/auth/owalogon.asp
+# https://owa.nusd.k12.az.us/exchweb/bin/auth/owalogon.asp
+
+matches [
+
+{ :ghdb=>'inurl:/exchweb/bin/auth/owalogon.asp' },
+
+{ :name=>'html body', :url=>'/exchweb/bin/auth/owalogon.asp?url=https://1&reason=2',:text=>'<TR><TD><P style="color:red">You could not be logged on to'},
+{:name=>'html body', :url=>'CookieAuth.dll?GetLogon?url=/&reason=2',:text=>'<TR><TD><P style="color:red">You could not be logged on to'},
+
+
+{ :version =>'Microsoft Exchange Server 2003', :text =>'Microsoft Exchange Server 2003" height=62'},
+
+{ :name=>'html title', :text=>'<TITLE>Microsoft Outlook Web Access</TITLE>' },
+
+{ :name=>'noscript', :text=>'<td style="width:100%">To use Microsoft Outlook Web access, browser settings must allow scripts to run.'},
+
+{ :name=>'html body', :text=>'automatically closes its connection to your mailbox after a period of inactivity. If your session ends, refresh your browser, and then log on again.' },
+
+{ :name=>'html body', :text=>'To protect your account from unauthorized access, Outlook Web Access automatically ends your mail session after a period of inactivity. If your session ends, and the Logon page is not displayed, click on a mail folder (e.g., Inbox), and you should be redirected to the Logon page, where you can log on again.'},
+
+{ :name =>'form action url', :text=>'<FORM action="/exchweb/bin/auth/owaauth.dll"' },
+
+{ :name =>'form action url', :text=>'<FORM action="/CookieAuth.dll?Logon"' },
+
+{ :name=>'url redirection', :regexp=>/window\.location\.href="https:\/\/(.*?)\/exchange";/ }
+
+]
+
+def passive
+ m = []
+
+ if @body =~ /logonForm\.username\.value = "(.*?)"/i
+ domain = @body.scan(/logonForm\.username\.value = "(.*?)"/i)
+ m << {:string=>'AD Domain: ' + domain.to_s}
+
+ elsif @body =~ /document\.getElementById\("username"\)\.value = '(.*?)'/i
+ domain = @body.scan(/document\.getElementById\("username"\)\.value = '(.*?)'/i)
+ m << {:string=>'AD Domain: ' + domain.to_s}
+
+ end
+
+
+ m
+end
+
+
+end
+
+
View
45 new-plugins/profense-firewall.rb
@@ -0,0 +1,45 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+# almost all IPs currently don't work
+# http://www.shodanhq.com/?q=PLBSID
+
+Plugin.define "Profense-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "Profense Web Application Firewall - http://www.armorlogic.com/profense_overview.html"
+
+examples %w|
+www.axcess-financial.com
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"PLBSID cookie" } if @meta["set-cookie"] =~ /PLBSID=/i
+ m << {:name=>"server header" } if @meta["server"] =~ /Profense/i
+
+ m
+
+end
+
+
+end
+
+
View
47 new-plugins/vtigercrm.rb
@@ -0,0 +1,47 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+Plugin.define "vTigerCRM" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "vTigerCRM - http://www.vtiger.com/"
+
+examples %w|
+http://demo.vtiger.com/
+http://demo.vtiger.de/
+http://demo.myvtiger.it/
+http://demo.vhostr.com/
+http://demo.vtiger-crm.cz/
+http://www.portalondemand.biz/demo/vtigercrm52/
+http://demo.vtiger.pl/
+http://planetauthorize.com/vtiger52demo/
+http://demo.m8solutions.com/vtigercrm/
+http://demo.devsum.it/vtiger/
+http://www.magestore.com/demo/vtiger/
+http://openwebapplications.com/crmdemo/
+|
+
+
+
+matches [
+{ :name=>'favicon md5', :url=>'/themes/images/vtigercrm_icon.ico',:md5=>'d90cc1762bf724db71d6df86effab63c'},
+
+{ :name=>'favicon md5', :url=>'/include/images/vtigercrm_icon.ico',:md5=>'d90cc1762bf724db71d6df86effab63c'},
+
+{ :name=>'stats img', :text=>'<img src=\'http://stats.vtiger.com/stats.php?uid=' },
+
+{ :version => /<span style='color: rgb\(153, 153, 153\);'>vtiger CRM ([^<]*)<\/span>/, :regexp_offset => 0},
+
+{ :name=>'copyright footer', :regexp => /&copy; 2004\-\d{4} <a href='http:\/\/www.vtiger.com' target='_blank'>vtiger.com<\/a>/},
+
+{ :name=>'html body favicon', :text=>'/vtigercrm_icon.ico">'}
+
+]
+
+
+end
+
+
View
91 new-plugins/watchguard-firewal.rb
@@ -0,0 +1,91 @@
+##
+# This file is part of WhatWeb and may be subject to
+# redistribution and commercial restrictions. Please see the WhatWeb
+# web site for more information on licensing and terms of use.
+# http://www.morningstarsecurity.com/research/whatweb
+##
+
+## whatweb can't grap header if http response code == 5xx
+
+Plugin.define "WatchGuard-Firewall" do
+author "Aung Khant <http://yehg.net/>" # 2011-02-04
+version "0.1"
+description "WatchGuard Firewall - http://www.watchguard.com/products/edge-e/overview.asp"
+
+examples %w|
+http://119.192.80.242/
+http://119.196.217.76/
+http://121.133.227.94/
+http://121.143.123.57/
+http://121.159.164.45/
+http://173.162.75.189/
+http://173.165.228.17/
+http://173.25.141.99/
+http://193.253.214.176/
+http://202.168.66.26/
+http://206.255.36.198/
+http://207.109.253.97/
+http://209.254.21.90/
+http://211.192.91.27/
+http://216.163.77.138/
+http://216.223.141.17/
+http://216.223.146.201/
+http://216.223.154.193/
+http://216.223.158.241/
+http://217.128.168.37/
+http://217.211.53.241/
+http://218.92.204.230/
+http://59.1.182.146/
+http://59.7.204.180/
+http://65.198.212.27/
+http://65.40.170.38/
+http://67.76.207.78/
+http://67.76.232.167/
+http://68.15.235.200/
+http://68.213.102.82/
+http://69.239.64.190/
+http://70.147.42.201/
+http://70.239.32.125/
+http://70.88.50.181/
+http://71.33.228.49/
+http://75.144.48.193/
+http://75.145.208.13/
+http://77.43.67.10/
+http://79.38.10.65/
+http://80.25.138.106/
+http://80.34.60.117/
+http://80.38.129.24/
+http://83.232.73.162/
+http://85.233.189.91/
+http://91.48.1.198/
+http://91.84.26.245/
+http://95.152.77.48/
+http://99.239.2.191/
+http://99.38.136.54/
+
+
+|
+
+
+
+matches [
+
+
+
+]
+
+
+def passive
+ m = []
+
+ m << {:name=>"http www-authenticate" } if @meta["www-authenticate"] =~ /realm="WatchGuard Firebox/i
+ m << {:name=>"http server header" } if @meta["www-authenticate"] =~ /WatchGuard Firewall/i
+
+ m
+
+end
+
+
+end
+
+
Please sign in to comment.
Something went wrong with that request. Please try again.