#VERSION,2.03
# $Id: nikto_msgs.plugin 300 2010-02-01 21:02:40Z sullo $
###############################################################################
#  Copyright (C) 2006 CIRT, Inc.
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; version 2
#  of the License only.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
###############################################################################
# PURPOSE:
# Various messages relating to the server banner
###############################################################################
# NOTES:
# versions are loaded from the "db_server_msgs" file, which should be in the
# plugins directory this plugin checks the server version to see if there are
# any version specific items in the db_server_msgs this differs from
# nikto_outdated because that is ONLY checking to see if it is an old version,
# whereas this checks to see if the versions match
###############################################################################
sub nikto_msgs_init
{
   my $id =
   {
      name         => "msgs",
      full_name    => "Server Messages",
      author       => "Sullo",
      description  => "Checks the server version against known issues.",
      scan_method  => \&nikto_msgs,
      copyright    => "2008 CIRT Inc."
   };
   return $id;
}

sub nikto_msgs
{
   my ($mark) = @_;
   my $dbarray;
   $dbarray=init_db("db_server_msgs");

   foreach my $item (@$dbarray)
   {
      if ($mark->{'banner'} =~ /($item->{'server'})\b/i)
      {
         add_vulnerability($mark, "$1 - $item->{'message'}", $item->{'nikto_id'}, $item->{'osvdb'});
      }

   }
   # Special stuff to pull information from results 
   # McAfee ePO 
   if ($mark->{'banner'} =~ /(Agent-ListenServer-HttpSvr\/1\.0)\b/i) 
   { 
      my ($RES, $CONTENT) = nfetch($mark, "/", "GET", "", "", "", "msgs: Agent-ListenServer-HttpSvr"); 
      next unless ($RES == 200); 
      # Computer name 
      my $name=$CONTENT; 
      $name =~ s#(^.*<ComputerName>)([a-zA-Z0-9]*)(</ComputerName>.*$)#$2#; 
      my $eposerver=$CONTENT; 
      $eposerver =~ s#(^.*<ePOServerName>)([a-zA-Z0-9]*)(</ePOServerName>.*$)#$2#; 
      add_vulnerability($mark,"Web server is a McAfee ePO agent, showing the hostname is $name and the ePO server is $eposerver.",80100,0);      
   } 
   # HP WBEM 
   if ($mark->{'banner'} =~ /(CompaqHTTPServer)/i) 
   { 
      my ($RES, $CONTENT) = nfetch($mark, "/cpqlogin.htm", "GET", "", "", "", "msgs: CompaqHTTPServer"); 
      next unless ($RES == 200); 
      my $ipaddrs=""; 
      my $name; 
      foreach my $line (split(/\n/, $CONTENT)) 
      { 
         if ($line =~ "System Management Homepage for ") 
         { 
            $name=$line; 
            $name =~ s#(^.*System Management Homepage for )([a-zA-Z0-9]*)(</font>.*$)#$2#; 
         } 
         if ($line =~ "new ObjectIpAddresses") 
         { 
            my $ipaddr=$line; 
            $ipaddr =~ s#(^.*new ObjectIpAddresses\(")([\d\.]+)("\);.*$)#$2#; 
            nprint("$ipaddr"); 
            $ipaddrs .= " $ipaddr"; 
         } 
      } 
      add_vulnerability($mark,"Web server is an HP WBEM agent, showing the hostname is $name and the IP addresses are$ipaddrs.",80101,0);      
   } 
}

1;