-
Notifications
You must be signed in to change notification settings - Fork 906
Sources for Plugin Writing
,'``.._ ,'``.
:,--._:)\,:,._,.: HYPNOTOAD REQUIRES
:`--,'' :`...';\ WHATWEB PLUGINS !
`,' `---' `.
/ :
/ \
,' :\.___,-.
`...,---'``````-..._ |: \
( ) ;: ) \ _,-.
`. ( // `' \
: `.// ) ) , ;
,-|`. _,'/ ) ) ,' ,'
( :`.`-..____..=:.-': . _,' ,'
`,'\ ``--....-)=' `._, \ ,') _ '``._
_.-/ _ `. (_) / )' ; / \ \`
ASCII art stolen from r33b.net
Have you ever wanted to target your exploits more efficiently? Ever wanted to engage in stealthy, large-scale internet scanning? Ever wanted to write a data-mining script for a web service? Ever wanted to parse local or remote files through several regular expressions and generate a tidy, grep-able report? Ever lost a web-app on your network because the only admin was hit by a bus during the install? Ever wanted to write and distribute a simple HTTP GET application but became overwhelmed with the amount of error-checking, escaping, encoding, HTTP authorization, HTML parsing and error-logging required for what is essentially a really simple task? Bored?
Here's a list of sources for applications which require fingerprinting :
- http://php.opensourcecms.com
- http://www.free-php.net/free-php-scripts/
- https://secure.wikimedia.org/wikipedia/en/wiki/List_of_content_management_systems
- http://www.microsoft.com/web/gallery/
- http://webxadmin.free.fr/article/jsp-cms-list-1032.php
- http://www.builtwith.com - http://trends.builtwith.com/
- http://scan.sucuri.net/
- http://poweredsites.org/
- http://www.exploit-db.com/
Web Applications
Mostly from bugtraq / full-disclosure and exploit-db.
- 4site
-
ACC IMoveis
inurl:imoveis.php?id= - Allomani - E-Store
- AlstraSoft E-Friends
- Allomani - Super Multimedia
- AJ Article Persistent
- AJ HYIP MERIDIAN
- AJ HYIP PRIME
- Bilder Upload Script
- BlogBird
- BloofoxCMS
- BS Auction
- BS Auto Classifieds
- BS Classifieds Ads
- BS Events Directory
- BS Scripts Directory
- BaconMap
- Django
- DBHcms
- DeluxeBB
- DM Filemanager
- DZCP
- Ecomat CMS
- Edgephp Clickbank Affiliate Marketplace
- Energine
- Entrans
- Expression CMS
- Free PHP photo gallery script
- IBM Bladecenter Management
- iNet Online Community
- infinix
- IXXO Cart for Joomla
- Lara
- Micro CMS
- MetInfo
- MyCart
- MyBB
- mygamingladder
- Novaboard
- NinkoBB
- OrangeHRM
- Pecio CMS
- PageDirector CMS
- Pre Dynamic Institution Web
- Pre E-Smart Cart
- Pre Podcast Portal
- Pre SoftClones Marketing Management System
- Pre Web Host System
- Pre Multi-Vendor Shopping Malls
- phpLiterAdmin
- PTCPay
- PHPKit
- Pulse CMS
- Pub-Me CMS
- Ronny CMS
- RoSPORA
- Simpli Easy (AFC Simple) Newsletter
- Simple Document Management System
- Simple Forum PHP demo
- TFTgallery
- Site2Nite
- SugarCRM
- Tycoon CMS
- W-Agora
- Wiccle Web Builder CMS / iWiccle CMS Community Builder
- YPNinc JokeScript
- YPNinc PHP Realty Script
- ZeeAdbox
- ZeeMatri
- ZeeNetworking
- zf-cms
- Kandidat CMS
- MemHT Portal
- Truition # 24 results for "powered by Truition" inurl:ExecMacro
- Angel LMS
- JBI CMS
- MiniBB
- JAF CMS
- SweetRice CMS
- eoCMS
- E-Php Content Management System
- digiSHOP
- eLouai's Force Download Script
- Dolphin
- Site2Nite Business eListings
- Digger Solutions Newsletter Open Source
- Online Work Order System (OWOS) Professional Edition
- Comrie Software Pay Roll Time Sheet & Punch Card
- Site2Ntite Vacation Rental (VRBO) Listings
- Azaronline Design
- MetInfo
- Seo Panel
- PHPShop
# 4 ShodanHQ results for WWW-Authenticate: Basic realm="GoogleDB"
examples %w|
62.241.56.221
62.241.55.220
82.210.35.116
82.210.34.117
|
# Passive #
def passive
m=[]
# WWW Authenticate Realm
m << { :name=> "WWW Authenticate Realm" } if @meta["www-authenticate"] =~ /Basic realm="GoogleDB"/
m
endHardware - Routers
http://fhscanhttplibrary.googlecode.com/svn/!svn/bc/70/HTTPCore/trunk/release/KnownRouters.ini
http://fhscanhttplibrary.googlecode.com/svn-history/r70/HTTPCore/trunk/release/RouterAuth.ini
The Danish Interpretation Systems (DIS) CU 6005 Central Unit is a powerful microprocessor based control unit designed for the DIS DCS 6000 system. Only one DIS CU 6005 is needed for control of all types of conference units.
- 3 results for "dis cu" ext:cfg password @ 2010-09-04
- 67.217.38.2/attachments/svc/documents/1257915636218.Hub.cfg
- 67.217.38.2/attachments/svc/documents/1257915666218.spoke1.cfg
- 67.217.38.2/attachments/svc/documents/1257915687093.spoke2.cfg
- 67.217.38.2/attachments/svc/documents/1257915718296.spoke2.cfg
More config files at the URLs listed below. Aruba and Nortel plugins have been written already.
- http://www.opus1.com/nac/lv06configs/
- http://www.opus1.com/nac/lv07configs/
- http://www.opus1.com/nac/lv08configs/
- http://www.opus1.com/nac/ny06configs/
Web Servers
From server: HTTP header. Separate plugins for ease of maintainability and cleaner output. Plugins for some HTTP servers have already been written.
http://fhscanhttplibrary.googlecode.com/svn/!svn/bc/70/HTTPCore/trunk/release/Webservers.ini
http://fhscanhttplibrary.googlecode.com/svn/!svn/bc/70/HTTPCore/trunk/release/KnownWebservers.ini
See ShodanHQ and http-stats.com for more examples.
Third-Party Addons
Separate plugins for ease of maintainability and cleaner output.
- Analytics ( Yahoo ..)
- CaptCha (Recaptcha, ..etc)
- Video Players (Youtube, Vimeo, ...etc)
- Widgets (addthis,..etc)
Favicon Hashes
These hashes are from the OWASP Favicon Database Project
A plugin needs to be written for each one of these apps. Most require additional research however in some cases a plugin already exists and just needs to be updated with the md5 hash.
# penguin
{ :url=>"/favicon.ico", :md5=>"6399cc480d494bf1fcd7d16c42b1c11b" },
# SocialText
{ :url=>"/favicon.ico", :md5=>"506190fc55ceaa132f1bc305ed8472ca"},
# PHPwiki
{ :url=>"/favicon.ico", :md5=>"2cc15cfae55e2bb2d85b57e5b5bc3371" },
# XOOPS cms
{ :url=>"/favicon.ico", :md5=>"389a8816c5b87685de7d8d5fec96c85b" },
# Drupal CMS
{ :url=>"/favicon.ico", :md5=>"e6a9dc66179d8c9f34288b16a02f987e" },
# NetScreen WebUI
{ :url=>"/favicon.ico", :md5=>"f1876a80546b3986dbb79bad727b0374" },
# Netscape 4.1
{ :url=>"/favicon.ico", :md5=>"226ffc5e483b85ec261654fe255e60be" },
# Netscape iPlanet 6.0"
{ :url=>"/favicon.ico", :md5=>"b25dbe60830705d98ba3aaf0568c456a" },
# Netscape 6.0 (AOL)"
{ :url=>"/favicon.ico", :md5=>"41e2c893098b3ed9fc14b821a2e14e73" },
# SunOne 6.1
{ :url=>"/favicon.ico", :md5=>"a28ebcac852795fe30d8e99a23d377c1" },
# Zero byte favicon
{ :url=>"/favicon.ico", :md5=>"d41d8cd98f00b204e9800998ecf8427e" },
# DotNetNuke (http://www.dotnetnuke.com)
{ :url=>"/favicon.ico", :md5=>"5b0e3b33aa166c88cee57f83de1d4e55" },
# Lotus-Domino
{ :url=>"/favicon.ico", :md5=>"7dbe9acc2ab6e64d59fa67637b1239df" },
# Wordpress
{ :url=>"/favicon.ico", :md5=>"fa54dbf2f61bd2e0188e47f5f578f736" },
# Wordpress - obsolete version
{ :url=>"/favicon.ico", :md5=>"6cec5a9c106d45e458fc680f70df91b0" },
# E-zekiel
{ :url=>"/favicon.ico", :md5=>"81ed5fa6453cf406d1d82233ba355b9a" },
# 3-byte invalid favicon: domain sellers"
{ :url=>"/favicon.ico", :md5=>"ecaa88f7fa0bf610a5a26cf545dcd3aa" },
# vBulletin forum
{ :url=>"/favicon.ico", :md5=>"c1201c47c81081c7f0930503cae7f71a" },
# Powered by Reynolds Web Solutions (Car sales CMS)
{ :url=>"/favicon.ico", :md5=>"edaaef7bbd3072a3a0c3fb3b29900bcb" },Cookies
These cookies are from http://seclists.org/pen-test/2006/Jan/att-210/cookie_fingerprinting.txt
A plugin needs to be written for each one of these apps. Most require additional research however in some cases a plugin already exists and just needs to be updated with regex for the cookie.
# BEA WebLogic (www.bea.com)
if @meta["set-cookie"] =~ WebLogicSession=PLLHV8No5ImB2wUo2mupD49Bdo2HxEXq7OjhAAEl1EP6tMr1KbtI|-2011799079004677001/-1062729195/6/7001/7001/7002/7002/7001/-1|-3433517045111774782/-1062729194/6/7001/7001/7002/7002/7001/-1; path=/
# Sane NetTracker (www.sane.com)
if @meta["set-cookie"] =~ SaneID=213.63.123.42-1018349510644; path=/; expires=Tue, 09-Apr-07 06:51:50 GMT; domain=.sane.com
# Vignette (www.vignette.com)
if @meta["set-cookie"] =~ ssuid=Maxliw00vvM00001fbb6Oxn0wa; path= /; expires=Saturday, 06-Sep-2014 23:50:08 GMT
if @meta["set-cookie"] =~ vgnvisitor=Mawd0M00heY0000~fBiFkE0035; path= /; expires=Saturday, 06-Sep-2014 23:50:08 GMT
# IBM Net.Commerce (www.ibm.com)
if @meta["set-cookie"] =~ SESSION_ID=203363,JdjXE+hB9ph06hBJ4NSD04uHsq/FktC/rNib7MJjNS3jk5fXEK9XBtkAx0zI7NkI; path=/;
# Netscape Enterprise Server (www.sun.com)
if @meta["set-cookie"] =~ NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT
# iPlanet (www.sun.com)
if @meta["set-cookie"] =~ iPlanetUserId=213.23.123.42:29511018555049; EXPIRES=Friday, 31-Dec-2010 23:59:59 GMT; DOMAIN=.iplanet.com; PATH=/
# RealMedia OpenAdStream
if @meta["set-cookie"] =~ RMID=d442af2b3d1ccf30; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.xxxx.net
# Caucho Resin
if @meta["set-cookie"] =~ JSESSIONID=afbx7QRlFZje; path=/
# Jakarta Tomcat/JSERV (jakarta.apache.org/tomcat/)
if @meta["set-cookie"] =~ JSESSIONID=4ah34a8xo1;Path=/
# Roxen Web Server (www.roxen.com)
if @meta["set-cookie"] =~ RoxenUserID=07761bc31df67ae8c4441a89bc7ceed5
# ApacheJServ (java.apache.org/jserv)
if @meta["set-cookie"] =~ JServSessionIdroot=vvni7vxu8n; path=/
# IBM Tivoli Policy Director WebSeal (www.ibm.com)
if @meta["set-cookie"] =~ PD-S-SESSION-ID=2_L7kl8vzZ9b8LMEwpm0PgqqQRIh2ZZakRamBlgvMXqIIAABDZ; Path=/; Secure
# Sun Java System Application Server (Netscape/iPlanet Applicaton Server)
if @meta["set-cookie"] =~ gx_session_id_=f42d0282513ff402; path=/
# OpenMarket/FatWire Content Server (www.fatwire.com)
if @meta["set-cookie"] =~ SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/
if @meta["set-cookie"] =~ CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/