Sha256: 3349774854103ca975a001cdf11eea977e078449e45aa9e3526afdb393e8b6f3
Contents?: true
Size: 1.99 KB
Versions: 5
Compression:
Stored size: 1.99 KB
Contents
=begin
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
This file is part of the Arachni Framework project and is subject to
redistribution and commercial restrictions. Please see the Arachni Framework
web site for more information on licensing and terms of use.
=end
# Looks for common administration interfaces on the server.
#
# @author Brendan Coles <bcoles@gmail.com>
# @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.1
class Arachni::Checks::CommonAdminInterfaces < Arachni::Check::Base
def self.resources
@filenames ||= read_file( 'admin-panels.txt' )
end
def run
path = get_path( page.url )
return if audited?( path )
self.class.resources.each do |file|
log_remote_file_if_exists( path + file )
end
audited( path )
end
def self.info
{
name: 'Common administration interfaces',
description: %q{Tries to find common admin interfaces on the server.},
elements: [ Element::Server ],
author: [
'Brendan Coles <bcoles@gmail.com>',
'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>'
],
version: '0.1',
targets: %w(Generic),
references: {
'Apache.org' => 'http://httpd.apache.org/docs/2.0/mod/mod_access.html',
'WASC' => 'http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location'
},
issue: {
name: %q{Common administration interface},
description: %q{An administration interface was identified and should be reviewed.},
tags: %w(common path file discovery),
severity: Severity::LOW,
remedy_guidance: %q{
Access to administration interfaces should be restricted to trusted IP addresses only.
}
}
}
end
end
Version data entries
5 entries across 5 versions & 1 rubygems