Use yardoc for new methods
Also substitute '&&' for 'and', and fix some whitespacebug/bundler_fix
James Lee
parent
3b5eb42b55
commit
a75d47aad9
|
|
@ -445,28 +445,28 @@ module Exploit::Remote::HttpClient
|
|||
# destination host and port. This method falls back to using the old
|
||||
# service.info field to represent the HTTP Server header.
|
||||
#
|
||||
# Options:
|
||||
# @option opts [String] :uri An HTTP URI to request in order to generate a fingerprint
|
||||
# @option opts [String] :method An HTTP method to use in the fingerprint request
|
||||
#
|
||||
# @option opts [String] :uri ('/') An HTTP URI to request in order to generate
|
||||
# a fingerprint
|
||||
# @option opts [String] :method ('GET') An HTTP method to use in the fingerprint
|
||||
# request
|
||||
def lookup_http_fingerprints(opts={})
|
||||
uri = opts[:uri] || '/'
|
||||
method = opts[:method] || 'GET'
|
||||
fprints = []
|
||||
|
||||
|
||||
return fprints unless framework.db.active
|
||||
|
||||
|
||||
::ActiveRecord::Base.connection_pool.with_connection {
|
||||
wspace = datastore['WORKSPACE'] ?
|
||||
framework.db.find_workspace(datastore['WORKSPACE']) : framework.db.workspace
|
||||
|
||||
service = framework.db.get_service(wspace, rhost, 'tcp', rport)
|
||||
return fprints unless service
|
||||
|
||||
|
||||
# Order by note_id descending so the first value is the most recent
|
||||
service.notes.where(:ntype => 'http.fingerprint').order("notes.id DESC").each do |n|
|
||||
next unless n.data and n.data.kind_of?(::Hash)
|
||||
next unless n.data[:uri] == uri and n.data[:method] == method
|
||||
next unless n.data && n.data.kind_of?(::Hash)
|
||||
next unless n.data[:uri] == uri && n.data[:method] == method
|
||||
# Append additional fingerprints to the results as found
|
||||
fprints.unshift n.data.dup
|
||||
end
|
||||
|
|
@ -481,14 +481,18 @@ module Exploit::Remote::HttpClient
|
|||
# will use it directly, otherwise it will check the database for a previous
|
||||
# fingerprint. Failing that, it will make a request for /.
|
||||
#
|
||||
# Options:
|
||||
# :response an Http::Packet as returned from any of the send_* methods
|
||||
# :uri an HTTP URI to request in order to generate a fingerprint
|
||||
# :method an HTTP method to use in the fingerprint request
|
||||
# :full request the full HTTP fingerprint, not just the signature
|
||||
# Other options are passed directly to {#connect} if :response is not given
|
||||
#
|
||||
# Other options are passed directly to +connect+ if :response is not given
|
||||
# @option opts [Rex::Proto::Http::Packet] :response The return value from any
|
||||
# of the send_* methods
|
||||
# @option opts [String] :uri ('/') An HTTP URI to request in order to generate
|
||||
# a fingerprint
|
||||
# @option opts [String] :method ('GET') An HTTP method to use in the fingerprint
|
||||
# request
|
||||
# @option opts [Boolean] :full (false) Request the full HTTP fingerprint, not
|
||||
# just the signature
|
||||
#
|
||||
# @return [String]
|
||||
def http_fingerprint(opts={})
|
||||
res = nil
|
||||
uri = opts[:uri] || '/'
|
||||
|
|
@ -502,7 +506,7 @@ module Exploit::Remote::HttpClient
|
|||
fprints = lookup_http_fingerprints(opts)
|
||||
|
||||
if fprints.length > 0
|
||||
|
||||
|
||||
# Grab the most recent fingerprint available for this service, uri, and method
|
||||
fprint = fprints.last
|
||||
|
||||
|
|
@ -528,9 +532,9 @@ module Exploit::Remote::HttpClient
|
|||
# This section handles a few simple cases of pattern matching and service
|
||||
# classification. This logic should be deprecated in favor of Recog-based
|
||||
# fingerprint databases, but has been left in place for backward compat.
|
||||
|
||||
|
||||
extras = []
|
||||
|
||||
|
||||
if res.headers['Set-Cookie'] =~ /^vmware_soap_session/
|
||||
extras << "VMWare Web Services"
|
||||
end
|
||||
|
|
@ -601,8 +605,8 @@ module Exploit::Remote::HttpClient
|
|||
info << " ( #{extras.join(", ")} )" if extras.length > 0
|
||||
|
||||
# Create a new fingerprint structure to track this response
|
||||
fprint = {
|
||||
:uri => uri, :method => method,
|
||||
fprint = {
|
||||
:uri => uri, :method => method,
|
||||
:code => res.code.to_s, :message => res.message.to_s,
|
||||
:signature => info
|
||||
}
|
||||
|
|
@ -614,7 +618,7 @@ module Exploit::Remote::HttpClient
|
|||
# Set-Cookie > :header_set_cookie => JSESSIONID=AAASD23423452
|
||||
# Server > :header_server => Apache/1.3.37
|
||||
# WWW-Authenticate > :header_www_authenticate => basic realm='www'
|
||||
|
||||
|
||||
fprint["header_#{hname}".intern] = v
|
||||
end
|
||||
|
||||
|
|
@ -623,22 +627,22 @@ module Exploit::Remote::HttpClient
|
|||
|
||||
# Report a new http.fingerprint note
|
||||
report_note(
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:ntype => 'http.fingerprint',
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
:proto => 'tcp',
|
||||
:ntype => 'http.fingerprint',
|
||||
:data => fprint,
|
||||
# Limit reporting to one stored note per host/service combination
|
||||
# Limit reporting to one stored note per host/service combination
|
||||
:update => :unique
|
||||
)
|
||||
|
||||
# Report here even if info is empty since the fact that we didn't
|
||||
# return early means we at least got a connection and the service is up
|
||||
report_web_site(:host => rhost, :port => rport, :ssl => ssl, :vhost => vhost, :info => info.dup)
|
||||
|
||||
|
||||
# Return the full HTTP fingerprint if requested by the caller
|
||||
return fprint if opts[:full]
|
||||
|
||||
|
||||
# Otherwise just return the signature string for compatibility
|
||||
fprint[:signature]
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue