1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
# Version 0.5 # 2012-08-16 # Andrew Horton
# Updated MD5 syntax. In future someone should move the MD5 hash matches into the matches array
##
# Version 0.4 # 2011-04-06 # Brendan Coles <bcoles at gmail dot com>
# Added md5 matches for 1.4.x
# Added passive version detection
##
# Version 0.3
# removed :name and :certainty=>100
##
Plugin.define "FluxBB" do
author "Andrew Horton"
version "0.5"
description "Open Source forum written in PHP"
website "http://fluxbb.org/ - Aggressive matches can identify 1.2.x, 1.3.x and 1.4.x"
# Google results as at 2011-04-06 #
# 357 for "Powered by FluxBB"
# Dorks #
dorks [
'"Powered by FluxBB"'
]
# Matches #
matches [
# Powered by link
{ :name=>"Powered by", :regexp=>/>P(owered by|ropulsé par) (<strong>)?<a href="http:\/\/fluxbb\.org\/">FluxBB<\/a>/ },
# Version Detection # Powered by link
{ :version=>/>P(owered by|ropulsé par) <a href="http:\/\/fluxbb\.org\/">FluxBB<\/a> ([\d\.]+)</, :offset=>1 },
# default styles - Cobalt.css imports index.html Lithium.css Mercury.css Oxygen.css Radium.css Sulfur.css
{ :certainty=>25, :regexp=>/<link rel="stylesheet" type="text\/css" href="style\/(Cobalt|Lithium|Mercury|Oxygen|Radium|Sulfur)\.css" \/>/ },
# Login Link
{ :certainty=>75, :text=>'<li id="navlogin"><a href="login.php">' },
# brdwelcome div HTML
{ :certainty=>75, :regexp=>/<div id="brdwelcome" class="inbox">[\s]+<p>[^<]+<\/p>[\s]+<\/div>/ },
]
# Aggressive #
def aggressive
m=[]
# the paths are relative to the url path if they don't start with /
# this path, with this md5 = this version
files=[
{:version=>"1.2.x", :path=>"style/Sulfur.css", :md5=>"8d49e829aaf77164d0be3e05ef67c63d"},
{:version=>"1.4-rc1", :path=>"style/Sulfur.css", :md5=>"ec6a6ac259f3de9a7c7f1b1b544387ba"},
{:version=>"1.4-rc2 or 1.4-rc3", :path=>"style/Sulfur.css", :md5=>"1f0e9882d761837f01b148f1aa38df9f"},
{:version=>"1.4-beta1 or 1.4-beta2", :path=>"style/Sulfur.css", :md5=>"88fb6eac3671593ef57c4b6b76802280"},
{:version=>"1.4.0 - 1.4.2", :path=>"style/Sulfur.css", :md5=>"8c719837ddd3d1b76c9bdd2bf39b7078" },
{:version=>"1.4.3", :path=>"style/Sulfur.css", :md5=>"d6207b6358017e91f3adef28764634a7"},
{:version=>"1.4.4 - 1.4.5", :path=>"style/Sulfur.css", :md5=>"ededb4d5139af9984a4e64fc080ce0e4"},
{:version=>"1.3", :path=>"style/print.css", :md5=>"0956e3e8738ee13ee4845b90acd80a9c"},
{:version=>"1.2.x", :path=>"style/Mercury.css", :md5=>"02a0558c65d3d2e7c6895f6bd6e1edf9"},
{:version=>"1.4-beta1 or 1.4-beta2", :path=>"style/Mercury.css", :md5=>"c14d6b084de46779f3b6fb396e74be19"},
{:version=>"1.4-rc1", :path=>"style/Mercury.css", :md5=>"f89d52345d2d54a7026703d9a99380a7"},
{:version=>"1.4-rc2 or 1.4-rc3", :path=>"style/Mercury.css", :md5=>"55e3014174acc5026774b868f09bc378"},
{:version=>"1.4.0 - 1.4.2", :path=>"style/Mercury.css", :md5=>"9ac090828cc194ca2d28b4d8294eec62"},
{:version=>"1.4.3", :path=>"style/Mercury.css", :md5=>"191905f7acea9b7f378007b7c020296b"},
{:version=>"1.4.4 - 1.4.5", :path=>"style/Mercury.css", :md5=>"024fc47a49c4e7d56feaadea290ca5d3"},
{:version=>"1.2.x", :path=>"include/template/redirect.tpl", :md5=>"1f71f1b79ca455f691b66e91d47523ec"},
{:version=>"1.3-beta2", :path=>"include/template/redirect.tpl", :md5=>"8b8646ca85c42103ab1941ce33b4058c"},
{:version=>"1.3-legacy or 1.3-r718", :path=>"include/template/redirect.tpl", :md5=>"d7f4ca403f7d4453158b0765196f8173"},
{:version=>"1.4-beta1 or 1.4-beta2", :path=>"include/template/redirect.tpl", :md5=>"ec3fc0a2fa3c13a8599be3cb4cd2aa71"},
{:version=>"1.4-rc1", :path=>"include/template/redirect.tpl", :md5=>"2b361b3c0a7c6c81fa37da171e2c3514"},
{:version=>"1.4-rc2 or 1.4-rc3", :path=>"include/template/redirect.tpl", :md5=>"582d9fd6679af0d26df157399a70864d" },
{:version=>"1.4.x", :path=>"include/template/redirect.tpl", :md5=>"441a1cd28ac4da75350d8d8438989e29"}
]
# Fetch and hash files
to_download = files.map {|x| x[:path]}.sort.uniq
downloads={}
to_download.each do |d|
target = URI.join(@base_uri.to_s,d).to_s
status,url,ip,body,headers=open_target(target)
downloads[d] = {:md5sum=>Digest::MD5.hexdigest(body).to_s}
end
# Compare file hashes to known hashes
version=nil
files.each do |thisfile|
unless downloads[thisfile[:path]].nil?
version=thisfile[:version] if downloads[thisfile[:path]][:md5sum] == thisfile[:md5]
end
end
# Set version if present
unless version.nil?
m << {:name=>"md5 sums of files", :version=>version}
end
# Return aggressive matches
m
end
end
=begin # NOTES #
1.3.x identified by lack of /admin_index.php or presence of /admin/ or /include/js/ or lack of /style/Cobalt.css or presence of /style/print.css
1.3-r718 or 1.4+ identified by presence of /include/utf8/
# FILE MD5 HASH REFERENCE #
# /style/Mercury.css
# can be used to identify 1.2 or 1.4 - does not exist in 1.3
# many sites edit the Mercury.css file which must be a nuisance when upgrading
02a0558c65d3d2e7c6895f6bd6e1edf9 fluxbb-1.2.x
c14d6b084de46779f3b6fb396e74be19 fluxbb-1.4-beta1
c14d6b084de46779f3b6fb396e74be19 fluxbb-1.4-beta2
f89d52345d2d54a7026703d9a99380a7 fluxbb-1.4-rc1
55e3014174acc5026774b868f09bc378 fluxbb-1.4-rc2
55e3014174acc5026774b868f09bc378 fluxbb-1.4-rc3
9ac090828cc194ca2d28b4d8294eec62 fluxbb-1.4.0
9ac090828cc194ca2d28b4d8294eec62 fluxbb-1.4.1
9ac090828cc194ca2d28b4d8294eec62 fluxbb-1.4.2
191905f7acea9b7f378007b7c020296b fluxbb-1.4.3
024fc47a49c4e7d56feaadea290ca5d3 fluxbb-1.4.4
024fc47a49c4e7d56feaadea290ca5d3 fluxbb-1.4.5
# /style/Sulfur.css
# can be used to identify 1.2 or 1.4 - does not exist in 1.3
8d49e829aaf77164d0be3e05ef67c63d fluxbb-1.2.x
88fb6eac3671593ef57c4b6b76802280 fluxbb-1.4-beta1
88fb6eac3671593ef57c4b6b76802280 fluxbb-1.4-beta2
ec6a6ac259f3de9a7c7f1b1b544387ba fluxbb-1.4-rc1
1f0e9882d761837f01b148f1aa38df9f fluxbb-1.4-rc2
1f0e9882d761837f01b148f1aa38df9f fluxbb-1.4-rc3
8c719837ddd3d1b76c9bdd2bf39b7078 fluxbb-1.4.0
8c719837ddd3d1b76c9bdd2bf39b7078 fluxbb-1.4.1
8c719837ddd3d1b76c9bdd2bf39b7078 fluxbb-1.4.2
d6207b6358017e91f3adef28764634a7 fluxbb-1.4.3
ededb4d5139af9984a4e64fc080ce0e4 fluxbb-1.4.4
ededb4d5139af9984a4e64fc080ce0e4 fluxbb-1.4.5
# /style/print.css
# can be used to identify 1.3.x
0956e3e8738ee13ee4845b90acd80a9c 1.3-beta2
0956e3e8738ee13ee4845b90acd80a9c 1.3-legacy
0956e3e8738ee13ee4845b90acd80a9c 1.3-r718
# /upload/include/template/redirect.tpl
# can be used to identify 1.2.x, 1.3 and 1.4.x
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.18
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.19
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.20
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.21
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.22
1f71f1b79ca455f691b66e91d47523ec fluxbb-1.2.23
8b8646ca85c42103ab1941ce33b4058c fluxbb-1.3-beta2
d7f4ca403f7d4453158b0765196f8173 fluxbb-1.3-r718
d7f4ca403f7d4453158b0765196f8173 fluxbb-1.3-legacy
ec3fc0a2fa3c13a8599be3cb4cd2aa71 fluxbb-1.4-beta1
ec3fc0a2fa3c13a8599be3cb4cd2aa71 fluxbb-1.4-beta2
2b361b3c0a7c6c81fa37da171e2c3514 fluxbb-1.4-rc1
582d9fd6679af0d26df157399a70864d fluxbb-1.4-rc2
582d9fd6679af0d26df157399a70864d fluxbb-1.4-rc3
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.0
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.1
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.2
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.3
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.4
441a1cd28ac4da75350d8d8438989e29 fluxbb-1.4.5
=end
|
