From be9716eece81a35b45e2aa5c62ffe614160e33f9 Mon Sep 17 00:00:00 2001 From: Patrick Kuijvenhoven Date: Fri, 8 Sep 2017 13:37:23 +0200 Subject: [PATCH 1/4] Added .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..73643da --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.pyc +httpscan.log From afac236ca2a1b4d583e91ab19a73bfede0acaa0d Mon Sep 17 00:00:00 2001 From: Patrick Kuijvenhoven Date: Fri, 8 Sep 2017 13:38:20 +0200 Subject: [PATCH 2/4] New option --allow-redirects --- httpscan.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/httpscan.py b/httpscan.py index 7c4c02b..49172d5 100755 --- a/httpscan.py +++ b/httpscan.py @@ -41,6 +41,9 @@ parser.add_argument('--fast', help='Change timeout settings for the scanner in order to scan faster (T5).', default=False, action='store_true') parser.add_argument('--definitions-create', help='Create a definition for a given host', default=False, action='store_true') parser.add_argument('--port', help='Port to be scanned (default: 80)', type=str, default=PORT) + parser.add_argument('--allow-redirects', dest='allow_redirects', action='store_true') + parser.add_argument('--no-allow-redirects', dest='allow_redirects', action='store_false') + parser.set_defaults(allow_redirects=True) parser.add_argument('--debug', help='Show additionalinformation in the logs', action='store_true', default=False) args = parser.parse_args() @@ -54,9 +57,9 @@ if args.definitions_create: url = 'http://{host}:{port}/'.format(host=args.hosts, port=args.port) try: - response = requests.get(url, timeout=5, verify=False) + response = requests.get(url, timeout=5, verify=False, allow_redirects=args.allow_redirects) except (requests.exceptions.RequestException, requests.exceptions.SSLError) as e: - log.debug('{url} request error: {exc}'.format(url=url, exc=e)) + log.debug('{url} request error: {ename} {eargs!r}'.format(url=url, ename=type(e).__name__, eargs=e.args)) exit() valid_charcters = string.ascii_lowercase + string.digits @@ -120,12 +123,9 @@ # Make HTTP request url = 'http://{host}:{port}/'.format(host=host, port=port) try: - response = requests.get(url, timeout=5, verify=False) + response = requests.get(url, timeout=5, verify=False, allow_redirects=args.allow_redirects) except (requests.exceptions.RequestException, requests.exceptions.SSLError) as e: - log.debug('{url} request error: {exc}'.format( - url=url, - exc=e - )) + log.debug('{url} request error: {ename} {eargs!r}'.format(url=url, ename=type(e).__name__, eargs=e.args)) continue identity = None @@ -177,4 +177,4 @@ definition_name=identity.get('name'), definition_meta=identity.get('meta') ) - ) \ No newline at end of file + ) From 02747399b629eb227e867e9fbdd30cb73dc29117 Mon Sep 17 00:00:00 2001 From: Patrick Kuijvenhoven Date: Fri, 8 Sep 2017 13:38:53 +0200 Subject: [PATCH 3/4] Determine version information for iLO3 and iLO4 --- definitions/ilo3.json | 12 ++++++++++++ definitions/ilo4.json | 13 +++++++++++++ plugins/ilo3.py | 17 +++++++++++++++++ plugins/ilo4.py | 17 +++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 definitions/ilo3.json create mode 100644 definitions/ilo4.json create mode 100644 plugins/ilo3.py create mode 100644 plugins/ilo4.py diff --git a/definitions/ilo3.json b/definitions/ilo3.json new file mode 100644 index 0000000..c864a96 --- /dev/null +++ b/definitions/ilo3.json @@ -0,0 +1,12 @@ +{ + "name": "ilo3", + "meta": { + "vendor": "HP" + }, + "rules": { + "headers": { + "server": ["Allegro-Software-RomPager"] + } + }, + "plugins": ["ilo3"] +} diff --git a/definitions/ilo4.json b/definitions/ilo4.json new file mode 100644 index 0000000..636d71c --- /dev/null +++ b/definitions/ilo4.json @@ -0,0 +1,13 @@ +{ + "name": "ilo4", + "meta": { + "vendor": "HP", + "class": "iLO 4" + }, + "rules": { + "headers": { + "server": ["HP-iLO-Server"] + } + }, + "plugins": ["ilo4"] +} diff --git a/plugins/ilo3.py b/plugins/ilo3.py new file mode 100644 index 0000000..3621672 --- /dev/null +++ b/plugins/ilo3.py @@ -0,0 +1,17 @@ +import subprocess +import json + +def run(host, port, definition, response): + url = 'https://{host}:{port}/json/login_session'.format(host=host, port=443) + # using curl because requests.get barfs with a SSLError (sslv3 alert handshake failure) + try: + r = subprocess.check_output(['curl', '--silent', '-k', url], stderr=None); + jsond = json.loads(r) + if jsond: + definition[u'meta'][u'class'] = 'iLO 3' + definition[u'meta'][u'ilo-version'] = jsond["version"] + except (Exception) as e: + # print('{url} request error: {ename} {eargs!r}'.format(url=url, ename=type(e).__name__, eargs=e.args)) + pass + + return definition diff --git a/plugins/ilo4.py b/plugins/ilo4.py new file mode 100644 index 0000000..c4fd738 --- /dev/null +++ b/plugins/ilo4.py @@ -0,0 +1,17 @@ +import requests +import json + +def run(host, port, definition, response): + url = 'https://{host}:{port}/rest/v1'.format(host=host, port=443) + try: + r = requests.get(url, timeout=5, verify=False, allow_redirects=False) + if r.status_code == 200: + jsond = json.loads(r.text) + if jsond: + definition[u'meta'][u'class'] = jsond["Oem"]["Hp"]["Manager"][0]["ManagerType"] + definition[u'meta'][u'ilo-version'] = jsond["Oem"]["Hp"]["Manager"][0]["ManagerFirmwareVersion"] + except (Exception) as e: + # print('{url} request error: {ename} {eargs!r}'.format(url=url, ename=type(e).__name__, eargs=e.args)) + pass + + return definition From 01510146d03f5fcbd6a6c9bd88f36eb534fc6616 Mon Sep 17 00:00:00 2001 From: Patrick Kuijvenhoven Date: Mon, 11 Sep 2017 10:07:44 +0200 Subject: [PATCH 4/4] Updated definition (HP + HPE) --- definitions/ilo4.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/definitions/ilo4.json b/definitions/ilo4.json index 636d71c..df2faf0 100644 --- a/definitions/ilo4.json +++ b/definitions/ilo4.json @@ -6,7 +6,7 @@ }, "rules": { "headers": { - "server": ["HP-iLO-Server"] + "server": ["HP-iLO-Server", "HPE-iLO-Server"] } }, "plugins": ["ilo4"]