Adding default web install application check and supporting templates

2021-11-01 11:12:02 -05:00 · 2021-11-01 11:12:02 -05:00 · 464d0308b3
parent cd13c5cbc5
commit 464d0308b3
3 changed files with 80 additions and 0 deletions
--- a/technologies/apache/default-apache-install-all-versions.yaml
+++ b/technologies/apache/default-apache-install-all-versions.yaml
@ -0,0 +1,22 @@
+id: default-apache-test-all
+info:
+  name: Apache HTTP Server Test Page
+  author: andydoering
+  description: Detects default installations of apache (not just apache2 or installations on CentOS)
+  severity: info
+  tags: tech,apache
+  reference: https://www.shodan.io/search?query=http.title%3A%22Apache+Default%22%2C%22Apache+HTTP+Server+Test%22%2C%22Apache2+It+works%22
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+    matchers:
+      - type: regex # type of the extractor
+        part: body  # part of the response (header,body,all)
+        regex:
+          - "<title>.*?Apache(|\\d+) .*?(Default|Test).*?</title>"
+      
+      - type: regex # type of the extractor
+        part: body  # part of the response (header,body,all)
+        regex:
+          - "<title>(Default|Test).*? Apache(|\\d+).*?</title>"
--- a/technologies/default-detect-generic.yaml
+++ b/technologies/default-detect-generic.yaml
@ -0,0 +1,29 @@
+id: default-detect-generic
+info:
+  name: Default Web Application Detection
+  author: andydoering
+  description: Catch-all for detecting default installations of web applications using common phrases found in default install pages
+  severity: info
+  tags: tech,default
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: or
+    matchers:
+
+      - type: word
+        words:
+          - "<title>Default</title>"
+        part: body
+
+      - type: word
+        words:
+          - "<title>Welcome to</title>"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/workflows/detect-default-web-application-installation-workflow.yaml
+++ b/workflows/detect-default-web-application-installation-workflow.yaml
@ -0,0 +1,29 @@
+id: default-detect
+
+info:
+  name: Default Web Application Detection
+  author: andydoering
+  description: Detects default installations of web applications
+  severity: info
+  tags: tech,default,apache,xampp,iis,azure,asp,nginx,lighttpd,django,oracle,ibm
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+workflows:
+  - template: technologies/apache/default-apache-install-all-versions.yaml
+  - template: technologies/apache/xampp-default-page.yaml
+  - template: technologies/microsoft/default-iis7-page.yaml
+  - template: technologies/microsoft/default-windows-server-page.yaml
+  - template: technologies/microsoft/default-microsoft-azure-page.yaml
+  - template: technologies/default-asp.net-page.yaml
+  - template: technologies/nginx/default-nginx-page.yaml
+  - template: technologies/lighttpd-default.yaml
+  - template: technologies/default-django-page.yaml
+  - template: exposures/files/drupal-install.yaml
+  - template: technologies/oracle/default-oracle-application-page.yaml
+  - template: technologies/ibm-http-server.yaml
+  - template: technologies/lighttpd-default.yaml
+  - template: technologies/default-detect-generic.yaml