File: django.rb

package info (click to toggle)
whatweb 0.4.8~git20161009-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 8,588 kB
  • ctags: 540
  • sloc: ruby: 33,376; sh: 612; makefile: 42
file content (62 lines) | stat: -rw-r--r-- 2,197 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
Plugin.define "Django" do
author "Brendan Coles <bcoles@gmail.com>" # 2012-02-27
version "0.1"
description "Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design."
website "https://www.djangoproject.com/"

# ShodanHQ results as at 2012-02-27 #
# 878 for WSGIServer Python



# Matches #
matches [

# HTTP Server
{ :certainty=>25, :search=>"headers[server]", :regexp=>/^WSGIServer\/[^\s]+ Python\/[^\s]+$/ },

# Debug message # source: django/views/debug.py
{ :regexp=>/<div id="explanation">[\s]+<p>[\s]+You're seeing this error because you have <code>DEBUG = True<\/code> in your[\s]+Django settings file/ },

# 404 Page # Debug message # source: django/views/debug.py
{ :url=>"/doesnotexist123highwaytothedangerzone", :string=>/<p>[\s]+Using the URLconf defined in <code>([^\.^\s]+)\.urls<\/code>,[\s]+Django tried these URL patterns, in this order:/ },

# Default Welcome Message # source: django/views/debug.py
{ :regexp=>'<meta name="robots" content="NONE,NOARCHIVE"><title>Welcome to Django</title>' },

# Default Welcome Message # Project Name # source: django/views/debug.py
{ :string=>/<li>Start your first app by running <code>python ([^\/]+)\/manage\.py startapp \[appname\]<\/code>\.<\/li>/ },

# /admin # Login Page
{ :regexp=>/<form action="\/admin\/[^"^>]*" method="post" id="login-form"><div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='[a-f\d]{32}' \/><\/div>/ },

# Login Page
{ :certainty=>75, :text=>'<input type="hidden" name="this_is_the_login_form" value="1" />' },

]

# Passive #
  def passive
    m=[]

    unless @headers["set-cookie"].nil? or @headers["set-cookie"].empty?

      # Extract cookie names
      @headers["set-cookie"].split("\n").each do |cookie|
        m << { :string=>cookie.split("=")[0], :certainty=>75 } if cookie =~ /csrftoken=/
      end

    end

    # Return passive match
    m
  end

end