Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Kolkata"
From NetSec
(→Wordpress) |
(→Wordpress) |
||
| Line 90: | Line 90: | ||
==Wordpress== | ==Wordpress== | ||
* '''sigs/wordpress.yml''' | * '''sigs/wordpress.yml''' | ||
| − | + | <pre> | |
config: | config: | ||
app_name: Wordpress | app_name: Wordpress | ||
| Line 119: | Line 119: | ||
3.2.1: b2c6b6d221c816948248b453046355eb | 3.2.1: b2c6b6d221c816948248b453046355eb | ||
3.3.1: 9754385dabfc67c8b6d49ad4acba25c3 | 3.3.1: 9754385dabfc67c8b6d49ad4acba25c3 | ||
| − | + | </pre> | |
==Joomla== | ==Joomla== | ||
Revision as of 01:19, 28 April 2012
Contents
Description
Dependencies
Usage
Source
|
<syntaxhighlight lang="perl">
use strict; use YAML; use YAML::XS; use Digest::MD5 qw(md5_hex); use LW2; use Getopt::Std; my @apps; my %opts; getopts('c:p:d:v', \%opts); usage() unless $opts{d}; my $domain = $opts{d}; my $verbose = 0; $verbose = 1 if $opts{v}; my $path = ; $path = $opts{p} if ($opts{p});
opendir(SIGDIR, "./sigs/") or die $!; my @filenames = grep { /\.yml$/
&& -f "./sigs/$_"
} readdir(SIGDIR); my $i = 0; foreach my $file (@filenames) { $apps[$i] = YAML::XS::LoadFile("./sigs/$file");
$i++;
}
print "Downloading " . $path . $app->{'config'}->{'check_file'} . " to check for " . $app->{'config'}->{'app_name'} . "\n";
my $contents = download($path . $app->{'config'}->{'check_file'}, $domain);
my $target_md5 = md5_hex($contents);
foreach my $sig (keys %{$app->{'sigs'
|
print "Comparing $target_md5 with " . $app->{'sigs'}->{$sig} . " for " . $app->{'config'}->{'app_name'} . " " . $sig . " detection.\n" if ($verbose > 0);
die($app->{'config'}->{'app_name'} . " version " . $sig ."\n") if ($app->{'sigs'}->{$sig} eq $target_md5);
}
}
sub usage {
print "kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]\n"; exit(0);
}
sub download {
my $uri = shift;
my $try = 5;
my $host = shift;
my %request;
my %response;
LW2::http_init_request(\%request);
$request{'whisker'}->{'method'} = "GET";
$request{'whisker'}->{'host'} = $host;
$request{'whisker'}->{'uri'} = $uri;
$request{'whisker'}->{'encode_anti_ids'} = 9;
$request{'User-Agent'} = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10";
LW2::http_fixup_request(\%request);
if(LW2::http_do_request(\%request, \%response)) {
if($try < 5) {
print "Failed to fetch $uri on try $try. Retrying...\n";
return undef if(!download($uri, $try++));
}
print "Failed to fetch $uri.\n";
return undef;
} else {
return ($response{'whisker'}->{'data'}, $response{'whisker'}->{'data'});
}
}
</syntaxhighlight>}}
Signature Bundles
|
Each signature bundle is written in yaml. |
Wordpress
- sigs/wordpress.yml
config: app_name: Wordpress check_file: /wp-includes/js/tinymce/tiny_mce.js sigs: 2.0: a306a72ce0f250e5f67132dc6bcb2ccb 2.1: 4f04728cb4631a553c4266c14b9846aa 2.2: 25e1e78d5b0c221e98e14c6e8c62084f 2.3: 83c83d0f0a71bd57c320d93e59991c53 2.5: 7293453cf0ff5a9a4cfe8cebd5b5a71a 2.6: 61740709537bd19fb6e03b7e11eb8812 2.7: e6bbc53a727f3af003af272fd229b0b2 2.8.5: 56c606da29ea9b8f8d823eeab8038ee8 2.9.1: 128e75ed19d49a94a771586bf83265ec 3.0.0: 128e75ed19d49a94a771586bf83265ec 3.0.1: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.2: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.3: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.4: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.5: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.6: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.1: c67211f73b63e773e626127aa95338c2 3.1.1: 1786644689f0495f07d5ae1737395108 3.1.2: 1786644689f0495f07d5ae1737395108 3.1.3: 1786644689f0495f07d5ae1737395108 3.1.4: 1786644689f0495f07d5ae1737395108 3.2: b2c6b6d221c816948248b453046355eb 3.2.1: b2c6b6d221c816948248b453046355eb 3.3.1: 9754385dabfc67c8b6d49ad4acba25c3
