File: webbackdoor.rb

package info (click to toggle)
whatweb 0.4.8~git20161009-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 8,588 kB
  • ctags: 540
  • sloc: ruby: 33,376; sh: 612; makefile: 42
file content (74 lines) | stat: -rw-r--r-- 5,192 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
## setting passive might produce a lot of false positives

Plugin.define "webbackdoor" do
author "Aung Khant, http://yehg.net"
version "0.1"
description "Detect common web doors (asp,jsp,php,jsp,pl,cgi)  using fuzz-db list and others"


matches [
# generic
{:string=>'michaeldaw.org backdoor collection',:text=>"<!--    http://michaeldaw.org "},
{:string=>'michaeldaw.org backdoor collection',:text=>"by DK (http://michaeldaw.org) -->"},
{:string=>'backdoor kit collection',:text=>"<!--\n\n_KIT\n"},
{:string=>'Woan backdoor kit collection',:text=>"<!-- Created by Mark Woan (http://www.woany.co.uk) -->"},


#jsp

# passive
{:string=>'jsp-reverse.jsp',:regexp=>/<h1>JSP Backdoor Reverse Shell<\/h1>/},

# agressive
{:string=>'browser.jsp',:url=>'browser.jsp',:regexp=>/<input title="Launch command in current directory" type="Submit" class="button" name="Submit" value="Launch command">|<small>jsp File Browser version/},
{:string=>'cmd.jsp',:url=>'cmd.jsp',:tagpattern=>"html,body,form,input,input,/form,pre,/pre,/body,/html"},
{:string=>'cmd.jsp',:url=>'cmd.jsp',:regexp=>/<FORM METHOD="GET" NAME="myform" ACTION="">(\r\n|\n)<INPUT TYPE="text" NAME="cmd">(\r\n|\n)<INPUT TYPE="submit" VALUE="Send">/},
{:string=>'cmdjsp.jsp',:url=>'cmdjsp.jsp',:regexp=>/<FORM METHOD=GET ACTION='cmdjsp.jsp'>(\r\n|\n)<INPUT name='cmd' type=text>(\r\n|\n)<INPUT type=submit value='Run'>(\r\n|\n)<\/FORM>/},
{:string=>'jsp-reverse.jsp',:url=>'jsp-reverse.jsp',:regexp=>/<h1>JSP Backdoor Reverse Shell<\/h1>/},
{:string=>'jsp-reverse.jsp',:url=>'jsp-reverse.jsp',:regexp=>/<form method="post">(\r\n|\n)IP Address(\r\n|\n)<input type="text" name="ipaddress" size=30>(\r\n|\n)Port(\r\n|\n)<input type="text" name="port" size=10>(\r\n|\n)<input type="submit" name="Connect" value="Connect">(\r\n|\n)/},
{:string=>'list.jsp',:url=>'list.jsp',:regexp=>/<HTML><BODY>(\r\n|\n)\t<FORM METHOD="POST" NAME="myform" ACTION="">(\r\n|\n)\t<INPUT TYPE="text" NAME="file">(\r\n|\n)\t<INPUT TYPE="submit" VALUE="Send">(\r\n|\n)\t<\/FORM>/},
{:string=>'up.jsp',:url=>'up.jsp',:regexp=>/<html>(\r\n|\n)<form name="test" method="post" action="" enctype="multipart\/form-data">(\r\n|\n)<input type="File" name="fichero">(\r\n|\n)<input type="Submit" value="Upload" name="Submit">(\r\n|\n)<\/form>/},
{:string=>'cmd_win32.jsp',:url=>'cmd_win32.jsp',:regexp=>/<HTML><BODY>(\r\n|\n)<FORM METHOD="POST" NAME="myform" ACTION="">(\r\n|\n)<INPUT TYPE="text" NAME="cmd">(\r\n|\n)<INPUT TYPE="submit" VALUE="Send">(\r\n|\n)<\/FORM>(\r\n|\n)<pre>/},
{:string=>'up_win32.jsp',:url=>'up_win32.jsp',:regexp=>/<html>(\r\n|\n)<form name="test" method="post" action="" enctype="multipart\/form-data">(\r\n|\n)<input type="File" name="fichero">(\r\n|\n)<input type="Submit" value="Upload" name="Submit">(\r\n|\n)<\/form>(\r\n|\n)<\/html>/},
{:string=>'CmdServlet',:url=>'CmdServlet',:tagpattern=>'html,body,hr,p,form,input,input,/form,hr,/pre,/body,/html'},
{:string=>'ListServlet',:url=>'ListServlet',:regexp=>/<HTML>\n<HEAD>\n<TITLE>Directory Listing<\/TITLE>\n<\/HEAD>\n<BODY>\n<FONT Face=\"Courier New, Helvetica\" Color=\"Black\">\n/},
{:string=>'UpServlet',:url=>'UpServlet',:tagpattern=>'html,body,br,form,input,input,/form,/body,/html'},
{:string=>'UpServlet',:url=>'UpServlet',:regexp=>/<html><body><br><form method="POST" action="" enctype="multipart\/form-data">UPLOAD <input type="file" name="file" size="60"><input type="submit" value="Upload">/},
# cfm	
# passive
# agressive
{:string=>'cfexec.cfm',:url=>'cfexec.cfm',:regexp=>/Notes:<br><br>(\r\n|\n)<ul>(\r\n|\n)<li>Prefix DOS commands with/},
{:string=>'cmd.cfm',:url=>'cmd.cfm',:regexp=>/<table>(\r\n|\n)<form method="POST" action="">(\r\n|\n) <tr>(\r\n|\n)  <td>Command:<\/td>(\r\n|\n)  <td> < input type=text name="cmd"/},

# cgi

# passive
{:string=>'perlcmd.cgi',:text=>'<!-- Simple CGI backdoor by DK (http://michaeldaw.org) -->'},
{:string=>'perlcmd.cgi',:text=>'# <!--    http://michaeldaw.org   2006    -->'},
{:string=>'up.pl',:text=>'<a href="http://www.muquit.com/muquit/">Muhammad A Muquit'},


# agressive

# cgi, pl
{:string=>'cmd.pl',:url=>'cmd.pl',:tagpattern=>'html,body,form,input,input,/form,pre,/pre'},
{:string=>'cmd.pl',:url=>'cmd.pl',:regexp=>/<input type="submit" value="Run">(\r\n|\n)<\/form>(\r\n|\n)<pre>/},
{:string=>'list.pl',:url=>'list.pl',:regexp=>/<input type="submit" value="List">(\r\n|\n)<\/form>(\r\n|\n)Directory/},
{:string=>'perlcmd.cgi',:url=>'perlcmd.cgi',:text=>'<!-- Simple CGI backdoor by DK (http://michaeldaw.org) -->'},
{:string=>'perlcmd.cgi',:url=>'perlcmd.cgi',:text=>'# <!--    http://michaeldaw.org   2006    -->'},
{:string=>'up.pl',:url=>'up.pl',:text=>'<a href="http://www.muquit.com/muquit/">Muhammad A Muquit'},
{:string=>'cmd.cgi',:url=>'cmd.cgi',:regexp=>/<input type="text" name="cmd">(\r\n|\n)<input type="submit" value="Send">/},
{:string=>'cmdexe.cgi',:url=>'cmdexe.cgi',:regexp=>/<input type="text" name="cmd">(\r\n|\n)<input type="submit" value="Send">/},

]

end