Sha256: 3349774854103ca975a001cdf11eea977e078449e45aa9e3526afdb393e8b6f3
Contents?: true
Size: 1.99 KB
Versions: 5
Compression:
Stored size: 1.99 KB
Contents
=begin Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com> This file is part of the Arachni Framework project and is subject to redistribution and commercial restrictions. Please see the Arachni Framework web site for more information on licensing and terms of use. =end # Looks for common administration interfaces on the server. # # @author Brendan Coles <bcoles@gmail.com> # @author Tasos Laskos <tasos.laskos@arachni-scanner.com> # @version 0.1 class Arachni::Checks::CommonAdminInterfaces < Arachni::Check::Base def self.resources @filenames ||= read_file( 'admin-panels.txt' ) end def run path = get_path( page.url ) return if audited?( path ) self.class.resources.each do |file| log_remote_file_if_exists( path + file ) end audited( path ) end def self.info { name: 'Common administration interfaces', description: %q{Tries to find common admin interfaces on the server.}, elements: [ Element::Server ], author: [ 'Brendan Coles <bcoles@gmail.com>', 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>' ], version: '0.1', targets: %w(Generic), references: { 'Apache.org' => 'http://httpd.apache.org/docs/2.0/mod/mod_access.html', 'WASC' => 'http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location' }, issue: { name: %q{Common administration interface}, description: %q{An administration interface was identified and should be reviewed.}, tags: %w(common path file discovery), severity: Severity::LOW, remedy_guidance: %q{ Access to administration interfaces should be restricted to trusted IP addresses only. } } } end end
Version data entries
5 entries across 5 versions & 1 rubygems