Index: http-fingerprints.lua
===================================================================
--- http-fingerprints.lua (revision 24537)
+++ http-fingerprints.lua (working copy)
@@ -9,12 +9,12 @@
--
-- This file is released under the Nmap license; see:
-- http://nmap.org/book/man-legal.html
---
+--
-- Although this format was originally modeled after the Nikto format, that ended
-- up being too restrictive. The current format is a simple Lua table. There are many
-- advantages to this technique; it's powerful, we don't need to write custom parsing
-- code, anybody who codes in Lua can easily add checks, and we can write converters
--- to read Nikto and other formats if we want to.
+-- to read Nikto and other formats if we want to.
--
-- The 'fingerprints' table is the key. It's an array of checks that will be run in the
-- order they're given. Each check consists of a path, zero or more matches, output text,
@@ -22,18 +22,18 @@
--
-- fingerprint.probes
-- A list of one or more probes to send to the server. Each probe is either a table containing
--- the key 'path' (and potentially others), or it's a string indicating the path.
+-- the key 'path' (and potentially others), or it's a string indicating the path.
--
-- fingerprint.probes[i].path
--- The URI to check, optionally containing GET arguments. This should start with a '/'
--- and, if it's a directory, end with a '/'.
+-- The URI to check, optionally containing GET arguments. This should start with a '/'
+-- and, if it's a directory, end with a '/'.
--
-- fingerprint.probes[i].method [optional; default: 'GET'}}]
-- The HTTP method to use when making requests ('GET'}}, 'POST', 'HEAD', 'PUT', 'DELETE', etc
--
-- fingerprint.ignore_404 [optional; default: false]
--- If set, the automatic checks for 404 and custom 404 pages are disabled for that check.
--- Every page will be included unless fingerprint.matches.dontmatch excludes it.
+-- If set, the automatic checks for 404 and custom 404 pages are disabled for that check.
+-- Every page will be included unless fingerprint.matches.dontmatch excludes it.
--
-- fingerprint.severity [optional; default: 1]
-- Give a severity rating, if it's a vulnerability. The scale is:
@@ -45,24 +45,24 @@
-- fingerprint.matches
-- An array of tables, each of which contains three fields. These will be checked, starting
-- from the first, until one is matched. If there is no 'match' text, it will fire as long
--- as the result isn't a 404. This match is not case sensitive.
+-- as the result isn't a 404. This match is not case sensitive.
--
-- fingerprint.matches[i].match
-- A string (specifically, a Lua pattern) that has to be found somewhere in the output to
-- count as a match. The string can be in the status line, in a header, or in the body.
--- In addition to matching, this field can contain captures that'll be included in the
+-- In addition to matching, this field can contain captures that'll be included in the
-- output. See: http://lua-users.org/wiki/PatternsTutorial
--
-- fingerprint.matches[i].dontmatch
--- A string (specifically, a lua pattern) that cannot be found somewhere in the output.
+-- A string (specifically, a lua pattern) that cannot be found somewhere in the output.
-- This takes precedence over any text matched in the 'match' field
--
-- fingerprint.matches[i].output
-- The text to output if this match happens. If the 'match' field contains captures, these
--- captures can be used with \1, \2, etc.
+-- captures can be used with \1, \2, etc.
--
--
--- If you have any questions, feel free to email nmap-dev@insecure.org or contact Ron Bowes!
+-- If you have any questions, feel free to email nmap-dev@insecure.org or contact Ron Bowes!
--
fingerprints = {}
@@ -83,35 +83,35 @@
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='general',
probes={
{path='/blog/', method='HEAD'},
{path='/weblog/', method='HEAD'},
{path='/weblogs/', method='HEAD'},
{path='/wordpress/', method='HEAD'}
- },
+ },
matches={
{output='Blog'}
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='general',
probes={
{path='/wiki/', method='HEAD'},
{path='/mediawiki/', method='HEAD'}
- },
+ },
matches={
{output='Wiki'}
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='general',
probes={
{path='/tikiwiki/', method='HEAD'}
- },
+ },
matches={
{output='Tikiwiki'}
}
@@ -181,6 +181,7 @@
{match='', output='Aastra IP Phone'}
}
})
+
table.insert(fingerprints, {
category='general',
probes={
@@ -204,6 +205,66 @@
table.insert(fingerprints, {
category='general',
probes={
+ {path='/tools_admin.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='D-Link DIR-300'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/bsc_lan.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='D-Link DIR-300, DIR-320, DIR-615 revD'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/Manage.tri', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Linksys WRT54G2'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='//system.html', method='GET'}
+ },
+ matches= {
+ {match='', output='CMNC-200 IP Camera'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/main_configure.cgi', method='GET'}
+ },
+ matches= {
+ {match='', output='Intellinet IP Camera'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/OvCgi/Toolbar.exe', method='HEAD'}
+ },
+ matches= {
+ {match='', output='HP OpenView Network Node Manager'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
{path='/frontend/x3/', method='GET'}
},
matches= {
@@ -277,6 +338,56 @@
table.insert(fingerprints, {
category='general',
probes={
+ {path='/LightNEasy.php?do=login', method='GET'}
+ },
+ matches= {
+ {match='', output='LightNEasy'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/channel_detail.php', method='GET'}
+ },
+ matches= {
+ {match='', output='DzTube'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-bin/vcs', method='GET'}
+ },
+ matches= {
+ {match='', output='Mitel Audio and Web Conferencing (AWC)'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/ocsreports/', method='GET'}
+ },
+ matches= {
+ {match='', output='OCS Inventory'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/vbseo.php', method='GET'}
+ },
+ matches= {
+ {match='', output='vBSEO'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
{path='/forum/', method='HEAD'},
{path='/forums/', method='HEAD'},
{path='/smf/', method='HEAD'},
@@ -298,6 +409,7 @@
{path='/CFIDE/componentutils/login.cfm', method='HEAD'},
{path='/admin.php', method='HEAD'},
{path='/admin/', method='HEAD'},
+ {path='/admin/admin/', method='HEAD'},
{path='/administrator/', method='HEAD'},
{path='/moderator/', method='HEAD'},
{path='/webadmin/', method='HEAD'},
@@ -334,9 +446,11 @@
{path='/admin_area/login.html', method='HEAD'},
{path='/admin_area/index.html', method='HEAD'},
{path='/admin/controlpanel.php', method='HEAD'},
+ {path='/admincp/', method='HEAD'},
{path='/admincp/index.asp', method='HEAD'},
{path='/admincp/login.asp', method='HEAD'},
{path='/admincp/index.html', method='HEAD'},
+ {path='/admincp/login.php', method='HEAD'},
{path='/admin/account.html', method='HEAD'},
{path='/adminpanel.html', method='HEAD'},
{path='/webadmin.html', method='HEAD'},
@@ -749,8 +863,16 @@
{path='/AdminLogin.jsp', method='HEAD'},
{path='/AdminLogin.aspx', method='HEAD'},
{path='/AdminLogin.cfm', method='HEAD'},
- {path='/admin108/', method='HEAD'}
- },
+ {path='/admin108/', method='HEAD'},
+ {path='/pec_admin/', method='HEAD'},
+ {path='/system/admin/', method='HEAD'},
+ {path='/plog-admin/', method='HEAD'},
+ {path='/ESAdmin/', method='HEAD'},
+ {path='/axis2-admin/', method='HEAD'},
+ {path='/webadmin.php', method='HEAD'},
+ {path='/_sys/', method='HEAD'},
+ {path='/admin_cp.asp', method='HEAD'}
+ },
matches={
{match='
Index of', output='Possible admin folder w/ directory listing'},
{output='Possible admin folder'}
@@ -769,7 +891,9 @@
{path='/backups/', method='GET'},
{path='/bak/', method='GET'},
{path='/back/', method='GET'},
- {path='/cache/backup/', method='GET'}
+ {path='/cache/backup/', method='GET'},
+ {path='/admin/backup/', method='GET'},
+ {path='/dbbackup.txt', method='GET'}
},
matches={
{match='Index of', output='Backup folder w/ directory listing'},
@@ -777,9 +901,33 @@
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='general',
probes={
+ {path='/b.sql', method='GET'},
+ {path='/db.sql', method='GET'},
+ {path='/ddb.sql', method='GET'},
+ {path='/users.sql', method='GET'},
+ {path='/database.sql', method='GET'},
+ {path='/mysql.sql', method='GET'},
+ {path='/dump.sql', method='GET'},
+ {path='/respaldo.sql', method='GET'},
+ {path='/data.sql', method='GET'},
+ {path='/old.sql', method='GET'},
+ {path='/usuarios.sql', method='GET'},
+ {path='/bdb.sql', method='GET'},
+ {path='/1.sql', method='GET'},
+ {path='/admin/download/backup.sql', method='HEAD'}
+
+ },
+ matches={
+ {match='', output='Possible database backup'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
{path='/atom/', method='HEAD'},
{path='/atom.aspx', method='HEAD'},
{path='/atom.php', method='HEAD'},
@@ -790,18 +938,18 @@
{path='/rss.php', method='HEAD'},
{path='/rss.xml', method='HEAD'},
{path='/rss.jsp', method='HEAD'}
- },
+ },
matches={
{output='RSS or Atom feed'}
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='general',
probes={
{path='/etc/passwd', method='GET'},
{path='/boot.ini', method='GET'}
- },
+ },
matches={
{match='root:', output='Webroot appears to be in / (Linux)'},
{match='boot loader', output='Webroot appears to be in c:\\ (Windows)'},
@@ -977,6 +1125,36 @@
table.insert(fingerprints, {
category='general',
probes={
+ {path='/admin/upload.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Admin File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/upload_multiple_js.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='NAS Uploader'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/uploadtester.asp', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Free ASP Upload Shell'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
{path='/info.php', method='HEAD'}
},
matches= {
@@ -1047,6 +1225,46 @@
table.insert(fingerprints, {
category='general',
probes={
+ {path='/tools_admin.cgi?', method='HEAD'}
+ },
+ matches= {
+ {match='', output='D-Link WBR-1310'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/browserId/wizardForm.jhtml', method='HEAD'},
+ {path='/webline/html/forms/callback.jhtml', method='HEAD'},
+ {path='/webline/html/forms/callbackICM.jhtml', method='HEAD'},
+ {path='/webline/html/agent/AgentFrame.jhtml', method='HEAD'},
+ {path='/webline/html/agent/default/badlogin.jhtml', method='HEAD'},
+ {path='/callme/callForm.jhtml', method='HEAD'},
+ {path='/webline/html/multichatui/nowDefunctWindow.jhtml', method='HEAD'},
+ {path='/browserId/wizard.jhtml', method='HEAD'},
+ {path='/admin/CiscoAdmin.jhtml', method='HEAD'},
+ {path='/msccallme/mscCallForm.jhtml', method='HEAD'},
+ {path='/webline/html/admin/wcs/LoginPage.jhtml', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Cisco Collaboration Server'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/restoreinfo.cgi', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Sagem router'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
{path='/confirminvite.php', method='HEAD'}
},
matches= {
@@ -1084,20 +1302,424 @@
}
})
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/myshop_start.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='FozzCom shopping'}
+ }
+})
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/piranha/secure/passwd.php3', method='HEAD'}
+ },
+ matches= {
+ {match='', output='RedHat Piranha Virtual Server'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-bin/ck/mimencode', method='HEAD'}
+ },
+ matches= {
+ {match='', output='ContentKeeper Web Appliance'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-bin/masterCGI?', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Alcatel-Lucent OmniPCX Enterprise'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/tiny_mce/plugins/filemanager/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Tiny MCE File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/upload/scp/ajax.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='osTicket / AJAX File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-mod/view_help.cgi', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Barracuda Networks Spam & Virus Firewall'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-mod/index.cgi', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Barracuda Web Application Firewall'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-mod/smtp_test.cgi', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Barracuda IM Firewall'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/TopToolArea.html', method='HEAD'},
+ {path='/switchSystem.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Alteon OS BBI (Nortell)'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/intruvert/jsp/module/Login.jsp', method='HEAD'}
+ },
+ matches= {
+ {match='', output='McAfee Network Security Manager'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/ajaxfilemanager/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='AJAX File Manager'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/upload/data/settings.cdb', method='HEAD'}
+ },
+ matches= {
+ {match='', output='CF Image Hosting DB'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/fm.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Simple File Manager'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/nagios3/cgi-bin/statuswml.cgi', method='GET'},
+ {path='/nagios3/', method='GET'}
+ },
+ matches= {
+ {match='', output='Nagios3'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/test/logon.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Jetty'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cal_cat.php', method='HEAD'},
+ {path='/calendar/cal_cat.php', method='HEAD'},
+ {path='/cal/cal_cat.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Calendarix'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/private/sdc.tgz', method='GET'}
+ },
+ matches= {
+ {match='', output='IBM Bladecenter Management Logs'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cacti/', method='GET'}
+ },
+ matches= {
+ {match='', output='Cacti Web Monitoring'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/cgi-bin/awstats.pl', method='GET'}
+ },
+ matches= {
+ {match='', output='AWStats'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/wiki/rankings.php', method='GET'}
+ },
+ matches= {
+ {match='', output='Bit Weaver'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/reqdetails.php', method='GET'}
+ },
+ matches= {
+ {match='', output='BtiTracker'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/shared/help.php', method='GET'}
+ },
+ matches= {
+ {match='', output='OpenBiblio/WebBiblio Subject Gateway System'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/seti.php', method='GET'}
+ },
+ matches= {
+ {match='', output='PHP SETI@home'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/imc/', method='GET'},
+ {path='/imcws/', method='GET'}
+ },
+ matches= {
+ {match='', output='3Com Intelligent Management Center'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/partymgr/', method='GET'}
+ },
+ matches= {
+ {match='', output='Apache OFBiz'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/Base/upload.php', method='GET'}
+ },
+ matches= {
+ {match='', output='MassMirror Uploader'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/YUI-upload/html', method='GET'}
+ },
+ matches= {
+ {match='', output='YUI Images / File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/tools/filemanager/skins/mobile/admin1.template.php', method='GET'}
+ },
+ matches= {
+ {match='', output='MassMirror Uploader'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/Uploadify/', method='GET'}
+ },
+ matches= {
+ {match='', output='Uploadify'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/syssite/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='ShopEx'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/updown.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='PHP Uploader Downloader'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/modules/docmanager/doctypetemplates/myuploadedfile', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Achievo'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/ReqWebHelp/advanced/workingSet.jsp', method='HEAD'}
+ },
+ matches= {
+ {match='', output='IBM Rational RequisitePro/ReqWebHelp'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/dhost/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Novell eDirectory'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/engine/api/api.class.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='DatalifeEngine'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/jsft_resource.jsf', method='HEAD'},
+ {path='/scales_static_resource.jsf', method='HEAD'}
+ },
+ matches= {
+ {match='', output='JSFTemplating/Mojarra Scales/GlassFish Application Server'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/setup/password_required.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='2WIRE GATEWAY'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/zp-core/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Zen Photo'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='general',
+ probes={
+ {path='/amember/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='aMember'}
+ }
+})
------------------------------------------------
---- SECURITY SOFTWARE ----
------------------------------------------------
-- These checks will find specific installed software. If possible, it will also
--- find versions, etc.
+-- find versions, etc.
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='security',
probes={
{path='/arcsight/', method='HEAD'},
{path='/arcsight/images/logo-login-arcsight.gif', method='HEAD'},
{path='/arcsight/images/navbar-icon-logout-on.gif', method='HEAD'},
- {path='/images/logo-arcsight.gif', method='HEAD'},
+ {path='/images/logo-arcsight.gif', method='HEAD'},
{path='/logger/monitor.ftl', method='HEAD'},
},
matches={
@@ -1105,13 +1727,13 @@
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='security',
probes={
{path='/beef/', method='HEAD'},
{path='/BEEF/', method='HEAD'},
{path='/beef/images/beef.gif', method='HEAD'}
- },
+ },
matches={
{output='BeEF Browser Exploitation Framework'}
}
@@ -1209,10 +1831,19 @@
}
})
+table.insert(fingerprints, {
+ category='security',
+ probes={
+ {path='/dotDefender/', method='HEAD'},
+ },
+ matches={
+ {match='', output='dotDefender Web Application Firewall'}
+ }
+})
------------------------------------------------
---- MANAGEMENT SOFTWARE ----
------------------------------------------------
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='management',
probes={
{path='/vmware/', method='HEAD'},
@@ -1223,13 +1854,13 @@
{path='/ui/vManage.do', method='HEAD'},
{path='/client/VMware-viclient.exe', method='HEAD'},
{path='/en/welcomeRes.js', method='HEAD'}
- },
+ },
matches={
{output='VMWare'}
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='management',
probes={
{path='/citrix/', method='HEAD'},
@@ -1244,7 +1875,7 @@
{path='/Citrix//AccessPlatform/auth/clientscripts/cookies.js', method='HEAD'},
{path='/Citrix/AccessPlatform/auth/clientscripts/login.js', method='HEAD'},
{path='/Citrix/PNAgent/config.xml', method='HEAD'},
- },
+ },
matches={
{output='Citrix'}
}
@@ -1404,7 +2035,7 @@
table.insert(fingerprints, {
category='management',
probes={
- {path='/Dashboard/Dashboard.html', method='GET'},
+ {path='/Dashboard/Dashboard.html', method='GET'}
},
matches= {
{match='Server: Kodak-RulesBasedAutomation', output='Prinergy Dashboard Client Login'},
@@ -1412,7 +2043,45 @@
}
})
+table.insert(fingerprints, {
+ category='management',
+ probes={
+ {path='/flexfm/', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Flex File Manager'}
+ }
+})
+table.insert(fingerprints, {
+ category='management',
+ probes={
+ {path='/lib/usermanagement/userInfo.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Testlink TestManagement'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='management',
+ probes={
+ {path='/security/xamppsecurity.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='XAMPP'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='management',
+ probes={
+ {path='/dm-albums/dm-albums.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='DM FileManager'}
+ }
+})
------------------------------------------------
---- PRINTERS, WEBCAMS, PROJECTORS ----
------------------------------------------------
@@ -1488,13 +2157,90 @@
------------------------------------------------
---- DATABASES ----
------------------------------------------------
-table.insert(fingerprints, {
+
+--phpmyadmin db taken from http://milw0rm.com/exploits/8921
+table.insert(fingerprints, {
category='database',
probes={
{path='/phpmyadmin/', method='HEAD'},
{path='/phpMyAdmin/', method='HEAD'},
- {path='/PHPMyAdmin/', method='HEAD'}
- },
+ {path='/PHPMyAdmin/', method='HEAD'},
+ {path='/PMA/', method='HEAD'},
+ {path='/pma/', method='HEAD'},
+ {path='/dbadmin/', method='HEAD'},
+ {path='/myadmin/', method='HEAD'},
+ {path='/php-my-admin/', method='HEAD'},
+ {path='/phpMyAdmin2/', method='HEAD'},
+ {path='/phpMyAdmin-2/', method='HEAD'},
+ {path='/phpMyAdmin-2.2.3/', method='HEAD'},
+ {path='/phpMyAdmin-2.2.6/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.1/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.4/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.5-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.5-rc2/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.5/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.5-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.6-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.6-rc2/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.6/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.7/', method='HEAD'},
+ {path='/phpMyAdmin-2.5.7-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-alpha/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-alpha2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-beta1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-beta2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-rc2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-rc3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-pl2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.0-pl3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1-rc2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1-pl2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.1-pl3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.2-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.2-beta1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.2-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.2-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.3-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.3-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4-pl2/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4-pl3/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4-pl4/', method='HEAD'},
+ {path='/phpMyAdmin-2.6.4/', method='HEAD'},
+ {path='/phpMyAdmin-2.7.0-beta1/', method='HEAD'},
+ {path='/phpMyAdmin-2.7.0-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.7.0-pl1/', method='HEAD'},
+ {path='/phpMyAdmin-2.7.0-pl2/', method='HEAD'},
+ {path='/phpMyAdmin-2.7.0/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0-beta1/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0-rc2/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0.1/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0.2/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0.3/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.0.4/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.1-rc1/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.1/', method='HEAD'},
+ {path='/phpMyAdmin-2.8.2/', method='HEAD'},
+ {path='/sqlmanager/', method='HEAD'},
+ {path='/php-myadmin/', method='HEAD'},
+ {path='/phpmy-admin/', method='HEAD'},
+ {path='/mysqladmin/', method='HEAD'},
+ {path='/mysql-admin/', method='HEAD'},
+ {path='/websql/', method='HEAD'},
+ {path='/_phpmyadmin/', method='HEAD'}
+ },
matches={
{output='phpMyAdmin'}
}
@@ -1684,6 +2430,7 @@
{path='/lists/mycomments.aspx', method='HEAD'},
{path='/_layouts/userdisp.aspx', method='HEAD'},
{path='/_layouts/help.aspx', method='HEAD'},
+ {path='/_layouts/download.aspx', method='HEAD'}
},
matches= {
{match='', output='MS Sharepoint'}
@@ -1786,26 +2533,26 @@
------------------------------------------------
---- ATTACKS ----
------------------------------------------------
--- These will search for and possibly exploit vulnerabilities.
+-- These will search for and possibly exploit vulnerabilities.
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml', method='GET'},
{path='/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml', method='GET'}
- },
+ },
matches={
{match='', output='Path traversal in VMWare (CVE-2009-3733)'},
{match='', output='Possible path traversal in VMWare (CVE-2009-3733)'}
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/../../../../../../../../../../etc/passwd', method='GET'},
{path='/../../../../../../../../../../boot.ini', method='GET'}
- },
+ },
matches={
{match='root:', output='Simple path traversal in URI (Linux)'},
{match='boot loader', output='Simple path traversal in URI (Windows)'},
@@ -1813,12 +2560,12 @@
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/.htaccess', method='GET'},
{path='/.htpasswd', method='GET'}
- },
+ },
matches={
-- We look for a '200 OK' message on this one, because most Apache servers return an access denied
{match='200 OK', output='Incorrect permissions on .htaccess or .htpasswd files'}
@@ -1884,7 +2631,7 @@
}
})
-table.insert(fingerprints, {
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/downloadFile.php', method='GET'},
@@ -1894,40 +2641,50 @@
{output='NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure'}
}
})
-
-table.insert(fingerprints, {
+
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/cwhp/auditLog.do?file=..\..\..\..\..\..\..\boot.ini', method='GET'},
{path='/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program%20Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\classes\schedule.properties', method='GET'},
{path='/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program%20Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\dbservice2\DBServer.properties', method='GET'},
{path='/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program%20Files\CSCOpx\log\dbpwdChange.log', method='GET'}
- },
+ },
matches={
{match='boot loader', output='CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'},
{match='', output='Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'}
}
})
-
-table.insert(fingerprints, {
+
+table.insert(fingerprints, {
category='attacks',
probes={
{path='..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb', method='GET'}
- },
+ },
matches={
{match='', output='Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)'}
}
})
-
-table.insert(fingerprints, {
+
+table.insert(fingerprints, {
category='attacks',
probes={
{path='/Info.live.htm', method='GET'}
- },
+ },
matches={
{match='200', output='Possible DD-WRT router Information Disclosure (OSVDB 70230)'}
}
})
+
+table.insert(fingerprints, {
+ category='attacks',
+ probes={
+ {path='/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config', method='GET'}
+ },
+ matches={
+ {match='200', output='Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )'}
+ }
+})
------------------------------------------------
---- Open Source CMS checks ----
------------------------------------------------
@@ -1966,7 +2723,7 @@
}
})
--- Broad phpBB versions
+-- Broad phpBB versions
table.insert(fingerprints, {
category='cms',
probes={
@@ -2053,7 +2810,7 @@
{path='/ecoder/'},
},
matches={
- {match='ecoder v(.-)', output='ecoder v\\1'},
{match='Splash Frog WMS v(.-)', output='Splash Frog WMS v\\1'},
{match='StatusNet microblogging software, version (.-),', output='StatusNet v\\1'},
@@ -2235,7 +2992,342 @@
}
})
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/system/admin/header.php', method='GET'},
+ {path='/system/admin/comments_items.php', method='GET'}
+ },
+ matches= {
+ {match='', output='Habari Blog'}
+ }
+})
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/scripts/fckeditor/editor/filemanager/connectors/test.html', method='GET'},
+ {path='/scripts/fckeditor/editor/filemanager/connectors/uploadtest.html', method='GET'}
+ },
+ matches= {
+ {match='', output='Digitalus CMS/FCKEditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/fckeditor/editor/filemanager/connectors/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='phpmotion/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/fckeditor/editor/filemanager/upload/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='Geeklog/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='OpenCart/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='DM File Manager/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='DM File Manager/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/cfm/connector.cfm', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/lasso/connector.lasso', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/perl/connector.cgi', method='HEAD'},
+ {path='/includes/FCKeditor/editor/filemanager/browser/default/connectors/py/connector.py', method='HEAD'}
+ },
+ matches= {
+ {match='', output='PHPnuke/Remote File Download'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/FCKEditor/editor/filemanager/browser/default/connectors/test.html', method='GET'}
+ },
+ matches= {
+ {match='', output='EgO or osCMax/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/includes/tiny_mce/plugins/tinybrowser/upload.php', method='GET'}
+ },
+ matches= {
+ {match='', output='CompactCMS or B-Hind CMS/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/Backstage/Components/FreeTextBox/ftb.imagegallery.aspx', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Luftguitar CMS/File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/_plugin/fckeditor/editor/filemanager/connectors/test.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='SweetRice/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/html/news_fckeditor/editor/filemanager/upload/php/upload.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='cardinalCms/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/fckeditor/editor/filemanager/connectors/test.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='LightNEasy/FCKeditor File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/includes/FCKeditor/editor/filemanager/upload/test.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='ASP Simple Blog / FCKeditor File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/uploadsnaps.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='ZeeMatri/File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/upload/includes/js/files/upload.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Digital College/File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/tinybrowser/upload.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Tinybrowser Remote File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/editor/editor/filemanager/upload/test.html', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Tadbir / File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/photogallery_open.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Heaven Soft CMS'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx', method='HEAD'}
+ },
+ matches= {
+ {match='', output='DotNetNuke / File Upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/assetmanager/assetmanager.asp', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Asset Manager/Remote File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/Final/login/ava_upl.php', method='HEAD'},
+ {path='/Final/login/ava_upl2.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Asset Manager/Remote File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/spaw/demo.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='SpawCMS/Remote File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/admin/jscript/upload.php', method='HEAD'},
+ {path='/admin/jscript/upload.html', method='HEAD'},
+ {path='/admin/jscript/upload.pl', method='HEAD'},
+ {path='/admin/jscript/upload.asp', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Lizard Cart/Remote File upload'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/databases/acidcat_3.mdb', method='HEAD'}
+ },
+ matches= {
+ {match='', output='Acidcat CMS Database'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/mdb-database/dblog.mdb', method='HEAD'}
+ },
+ matches= {
+ {match='', output='dBlog Database'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/db/users.mdb', method='HEAD'},
+ {path='/db/'}
+ },
+ matches= {
+ {match='', output='BlogWorx Database'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/infusions/avatar_studio/avatar_studio.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='PHP-Fusion Mod avatar_studio'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/bnnr.php', method='HEAD'},
+ {path='/vb/bnnr.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='PHP-Fusion Mod avatar_studio'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/bnnr.php', method='HEAD'},
+ {path='/vb/bnnr.php', method='HEAD'},
+ {path='/forum/bnnr.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='vBulletin ads_saed'}
+ }
+})
+
+table.insert(fingerprints, {
+ category='cms',
+ probes={
+ {path='/weblink_cat_list.php', method='HEAD'}
+ },
+ matches= {
+ {match='', output='WHMCompleteSolution CMS'}
+ }
+})
+
------------------------------------------------
---- UNCATEGORIZED ----
------------------------------------------------