[Plugins-writers] kerio_wrf_management_detection.nasl

• Previous message: George A. Theall: "Re: FW: [Plugins-writers] how to convert binary file to text file ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A nasl to detect the Kerio WinRoute Firewall web management on the
default ports.

Regards,

Ferdy


#
# Script Written By Ferdy Riphagen 
# <f[dot]riphagen[at]nsec[dot]nl>
#
# Script distributed under the GNU GPLv2 License.
#

if (description) {
script_id(200008);
script_version("$Revision: 1.0 $");

name["english"] = "Kerio WinRoute Firewall HTTP/HTTPS Management Detection";
script_name(english:name["english"]);

desc["english"] = "
Synopsis :

The remote host appears to be running the Kerio WinRoute Firewall application.

description :

The remote host appears to be running the Kerio WinRoute Firewall application.
It is possible to access the HTTP or HTTPS management interface on the host.

Solution :

If the service is not needed, disable HTTP and/or HTTPS management, or filter incomming requests to the ports from untrusted sources.
 
Risk factor :

Low";  
script_description(english:desc["english"]);

summary["english"] = "Check if Kerio WinRoute Firewall HTTP/HTTPS management is enabled";
script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);
script_family(english:"Firewalls");

script_copyright(english:"This script is Copyright (C) 2005 Ferdy Riphagen");

script_dependencie("find_service.nes");
script_require_ports("Service/www", 4080, 4081);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("global_settings.inc");

port = get_kb_item("Services/www");
if(!port) exit(0);; 

function https_req(port, req)
{
 if(get_port_state(port))
 {
  soc = open_sock_tcp(port, transport: ENCAPS_SSLv23);
  if(soc)
  {
   send(socket: soc, data: req);
   recv = http_recv(socket: soc);
   close(soc);
   return(recv);
  }
  else exit(0);
 }
}

if (get_port_state(port))
{
 if (port == 4080)
 { 
  # Try the http request. 
  port = get_http_port(default: port);
  req = http_get_cache(item: "/", port: port);
  if (!req) exit(0);
 } 
 else 
 {
  # Try the https request.
  data = http_get(item:"/", "HTTP/1.0\r\n\r\n", port: port);
  req = https_req(req: data, port: port);
  if (!req) exit(0);
 } 
 
 if (egrep(pattern: "Kerio WinRoute Firewall ([0-6]\.[0-3]\.[0-12]+)", string: req))
 {
  # Check and build the version.
  version = strstr(req, "Kerio WinRoute Firewall ");
  if (version)
 {
  if (strstr(req, "&copy; "))
  version = version - strstr(version, "&copy; ");
 } 

 if (!version) report = desc["english"];
 else 
 {
  # Select and make the report.
  report = string(desc["english"],
  "\n\n",
  "The Kerio WinRoute Firewall Management Webserver is listening on this port.\n\n",
  "The version of the application is :\n",version); 
 }
  replace_kb_item(name:"Services/www/" + port + "/kerio_wrf", value: TRUE);
  security_note(port: port, data: report);
  exit(0);
 }
}




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: George A. Theall: "Re: FW: [Plugins-writers] how to convert binary file to text file ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Nov 16 2005 - 12:11:19 PST