# frozen_string_literal: true ## # This file is part of WhatWeb and may be subject to # redistribution and commercial restrictions. Please see the WhatWeb # web site for more information on licensing and terms of use. # http://www.morningstarsecurity.com/research/whatweb ## WhatWeb::Plugin.define "BASE" do @author = "Brendan Coles " # 2011-12-05 @version = "0.1" @description = "Basic Analysis and Security Engine (BASE) - front end for the snort IDS system." @website = "http://base.secureideas.net/" # Google as at 2011-12-05 # # 8 for "The following pages will prompt you for set up information to finish the install of BASE." intitle:"Basic Analysis and Security Engine (BASE)" # 7 for intitle:"Basic Analysis and Security Engine (BASE)" "Built on ACID by Roman Danyliw" "Login" "Password" # Dorks # @dorks = [ '"The following pages will prompt you for set up information to finish the install of BASE." intitle:"Basic Analysis and Security Engine (BASE)"', 'intitle:"Basic Analysis and Security Engine (BASE)" "Built on ACID by Roman Danyliw" "Login" "Password"' ] # Matches # @matches = [ # ./setup/*.php # HTML Comment { text: '' }, # ./setup/*.php # HTML Comment # Version Detection { version: // }, ] # Passive # def passive(target) m = [] # ./setup/index.php # PHP Version Detection if target.body =~ /Config Writeable:<\/td>(Yes|No)<\/font><\/td<\/tr>[\s]+PHP Version:<\/td>([^<]+)<\/font><\/td<\/tr>/ m << { string: "PHP/#{$3}" } end # ./help/base_setup_help.php # Version and Path Detection if target.body =~ // m << { filepath: $1.to_s } m << { version: $2.to_s } end # Return passive matches m end end