1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# https://morningstarsecurity.com/research/whatweb
##
Plugin.define do
name "Fortinet-Firewall"
authors [
"Aung Khant, http://yehg.net",
"Brendan Coles <bcoles@gmail.com>", # v0.2 # 2011-09-14 # Updated random string generation. Updated cookie match. Changed :string to :name. Added JavaScript match, aggressive image match and google dork.
]
version "0.2"
description "Fortinet firewall technology combines ASIC-accelerated stateful inspection with an arsenal of integrated application security engines to quickly identify and block complex threats."
website "http://www.fortinet.com/solutions/firewall.html"
# Google results as at 2011-09-14 #
# 8 for intitle:"Please Login" "Warning: this page requires Javascript. To correctly view, please enable it in your browser."
# Dorks #
dorks [
'intitle:"Please Login" "Warning: this page requires Javascript. To correctly view, please enable it in your browser."'
]
# Matches #
matches [
# Redirect Page # /index.html
{ :certainty=>75, :url=>"/", :md5=>"c647dc149f55829659640751e9184f8c" },
{ :certainty=>75, :url=>"/index.html", :md5=>"c647dc149f55829659640751e9184f8c" },
# JavaScript # /login
{ :url=>"/login", :certainty=>75, :regexp=>/str_table\.token_needed = "Please input your token code.";[\s]+str_table\.ncode_needed = "FortiToken clock drift detected\. Please input the next code and continue\.";[\s]+str_table\.mail_token_msg = "An email message containing a Token Code will be sent to";/ },
# Aggressive # /images/logon_merge.gif
#{:url=>"/images/logon_merge.gif", :md5=>"3955ddaf1229f63f94f4a20781b3ade4" },
# Aggressive # login.js?nocache= + 8 random characters # MD5
{:url=>'login.js?nocache='+rand(36**8).to_s(36), :name=>'Login.js MD5 Hash', :md5=>'6032999e08978b317d8382249866232a'},
# Aggressive # login.js?nocache= + 8 random characters # Copyright text
{:url=>'login.js?nocache='+rand(36**8).to_s(36), :name=>'Login.js Copyright Text',:regex=>/login.js(\n|\r\n)Copyright Fortinet, Inc\.(\n|\r\n)All rights reserved\./},
# Aggressive # login # MD5
{:url=>'login', :name=>'Login page MD5 hash', :md5=>'8bc0d101e3a25c98a9cbcf18240bd271'},
# Aggressive # success # MD5
{:url=>'success', :name=>'Success Page MD5', :md5=>'1451298ccf3a24e342b20e6684cbb0dc'},
]
# Passive #
passive do
m=[]
# APSCOOKIE and log_filters cookies
cookie = @headers['set-cookie'] if @headers.keys.include?('set-cookie')
if cookie =~ /APSCOOKIE(_[\d]+)?=/ and cookie =~ /log_filters=/
m << {:name=>'HTTP Cookie'}
end
# Return passive matches
m
end
end
|