Anyone see any problems with the plugins below? They seem to test out pretty
well, should I go ahead and send in the final versions? Also, theres a couple
dozen recent bugs that still dont have plugins written for them, how do yall
want to split these up? (yes i still owe a handful of ones, I will _really_
try to get these prettied up and sent to Renaud).
# mod_php plugin
port = get_kb_item("Services/www");
if(!port)port = 80;
if(get_port_state(port))
{
key = string("www/banner/", port);
banner = get_kb_item(key);
if(!banner)
{
soc = open_sock_tcp(port);
req = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:req);
banner = recv(socket:soc, length:2000, timeout:20);
close(soc);
}
if( egrep(pattern:"(.*PHP/4\.0\.)",string:banner) ||
egrep(pattern:"(.*PHP/3\.0\.)",string:banner) ||
egrep(pattern:"(.*PHP/4\.1\.[0-1])",string:banner))
{
security_warning(port:port);
}
}
# mod_ssl plugin
port = get_kb_item("Services/www");
if(!port)port = 80;
if(get_port_state(port))
{
key = string("www/banner/", port);
banner = get_kb_item(key);
if(!banner)
{
soc = open_sock_tcp(port);
req = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:req);
banner = recv(socket:soc, length:2000, timeout:20);
close(soc);
}
if( egrep(pattern:"(.*mod_ssl/[1-2].[0-8].[0-6])",string:banner))
{
security_warning(port:port, data:ddidata);
}
}
well, should I go ahead and send in the final versions? Also, theres a couple
dozen recent bugs that still dont have plugins written for them, how do yall
want to split these up? (yes i still owe a handful of ones, I will _really_
try to get these prettied up and sent to Renaud).
# mod_php plugin
port = get_kb_item("Services/www");
if(!port)port = 80;
if(get_port_state(port))
{
key = string("www/banner/", port);
banner = get_kb_item(key);
if(!banner)
{
soc = open_sock_tcp(port);
req = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:req);
banner = recv(socket:soc, length:2000, timeout:20);
close(soc);
}
if( egrep(pattern:"(.*PHP/4\.0\.)",string:banner) ||
egrep(pattern:"(.*PHP/3\.0\.)",string:banner) ||
egrep(pattern:"(.*PHP/4\.1\.[0-1])",string:banner))
{
security_warning(port:port);
}
}
# mod_ssl plugin
port = get_kb_item("Services/www");
if(!port)port = 80;
if(get_port_state(port))
{
key = string("www/banner/", port);
banner = get_kb_item(key);
if(!banner)
{
soc = open_sock_tcp(port);
req = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:req);
banner = recv(socket:soc, length:2000, timeout:20);
close(soc);
}
if( egrep(pattern:"(.*mod_ssl/[1-2].[0-8].[0-6])",string:banner))
{
security_warning(port:port, data:ddidata);
}
}