Sha256: 567dffd9c8782c9e5fd4b841f72161e1426cab738934fd465afa132d1b05cb9f

Contents?: true

Size: 1.03 KB

Versions: 5

Compression:

Stored size: 1.03 KB

Contents

=begin
    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>

    This file is part of the Arachni Framework project and is subject to
    redistribution and commercial restrictions. Please see the Arachni Framework
    web site for more information on licensing and terms of use.
=end

module Arachni
module Platform::Fingerprinters

# Identifies ASP.NET MVC resources.
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.1
class ASPXMVC < Platform::Fingerprinter

    ANTI_CSRF_NONCE = '__requestverificationtoken'
    HEADER_FIELDS   = %w(x-aspnetmvc-version)

    def run
        # Naive but enough, I think.
        if html? && page.body =~ /input.*#{ANTI_CSRF_NONCE}/i
            return update_platforms
        end

        if (headers.keys & HEADER_FIELDS).any?
            return update_platforms
        end

        if cookies.include?( ANTI_CSRF_NONCE )
            update_platforms
        end
    end

    def update_platforms
        platforms << :asp << :aspx << :windows << :aspx_mvc
    end

end

end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
arachni-1.6.1.3 components/fingerprinters/frameworks/aspx_mvc.rb
arachni-1.6.1.2 components/fingerprinters/frameworks/aspx_mvc.rb
arachni-1.6.1.1 components/fingerprinters/frameworks/aspx_mvc.rb
arachni-1.6.1 components/fingerprinters/frameworks/aspx_mvc.rb
arachni-1.6.0 components/fingerprinters/frameworks/aspx_mvc.rb