#VERSION,2.02
# $Id: nikto_msgs.plugin 152 2009-08-13 19:37:44Z deity $

###############################################################################
#  Copyright (C) 2006 CIRT, Inc.
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; version 2
#  of the License only.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
###############################################################################

###############################################################################
# PURPOSE
# Various messages relating to the server banner
###############################################################################
# NOTES
# versions are loaded from the "db_server_msgs" file, which should be in the
# plugins directory this plugin checks the server version to see if there are
# any version specific items in the4 db_server_msgs this differs from
# nikto_outdated because that is ONLY checking to see if it is an old version,
# whereas this checks to see if the versions match
###############################################################################
sub nikto_msgs_init
{
   my $id =
   {
      name         => "msgs",
      full_name    => "Server Messages",
      author       => "Sullo",
      description  => "Checks the server version against known issues.",
      scan_method  => \&nikto_msgs,
      copyright    => "2008 CIRT Inc."
   };
   return $id;
}

sub nikto_msgs
{
   my ($mark) = @_;
   my $dbarray;
   $dbarray=initialise_db("db_server_msgs");

   foreach my $item (@$dbarray)
   {
      if ($mark->{banner} =~ /($item->{server})\b/i)
      {
         add_vulnerability($mark,"$1 - $item->{message}",$item->{nikto_id},0);
      }

   }
   # Special stuff to pull information from results 
   # McAfee ePO 
   if ($mark->{banner} =~ /(Agent-ListenServer-HttpSvr\/1\.0)\b/i) 
   { 
      my ($RES, $CONTENT) = nfetch($mark,"/","GET"); 
      next unless ($RES == 200); 
      # Computer name 
      my $name=$CONTENT; 
      $name =~ s#(^.*<ComputerName>)([a-zA-Z0-9]*)(</ComputerName>.*$)#\2#; 
      my $eposerver=$CONTENT; 
      $eposerver =~ s#(^.*<ePOServerName>)([a-zA-Z0-9]*)(</ePOServerName>.*$)#\2#; 
      add_vulnerability($mark,"Web server is a McAfee ePO agent, showing the hostname is $name and the ePO server is $eposerver.",80100,0);      
   } 
   # HP WBEM 
   if ($mark->{banner} =~ /(CompaqHTTPServer)/i) 
   { 
      my ($RES, $CONTENT) = nfetch($mark,"/cpqlogin.htm","GET"); 
      next unless ($RES == 200); 
      my $ipaddrs=""; 
      my $name; 
      foreach my $line (split(/\n/, $CONTENT)) 
      { 
         if ($line =~ "System Management Homepage for ") 
         { 
            $name=$line; 
            $name =~ s#(^.*System Management Homepage for )([a-zA-Z0-9]*)(</font>.*$)#\2#; 
         } 
         if ($line =~ "new ObjectIpAddresses") 
         { 
            my $ipaddr=$line; 
            $ipaddr =~ s#(^.*new ObjectIpAddresses\(")([\d\.]+)("\);.*$)#\2#; 
            nprint("$ipaddr"); 
            $ipaddrs .= " $ipaddr"; 
         } 
      } 
      add_vulnerability($mark,"Web server is an HP WBEM agent, showing the hostname is $name and the IP addresses are$ipaddrs.",80101,0);      
   } 
}

1;