',
output = 'Path traversal in VMWare (CVE-2009-3733)'
},
{
match = '',
output = 'Possible path traversal in VMWare (CVE-2009-3733)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/../../../../../../../../../../etc/passwd',
method = 'GET',
nopipeline = true
},
{
path = '/../../../../../../../../../../boot.ini',
method = 'GET',
nopipeline = true
}
},
matches = {
{
match = 'root:',
output = 'Simple path traversal in URI (Linux)'
},
{
match = 'boot loader',
output = 'Simple path traversal in URI (Windows)'
},
{
match = '',
output = 'Possible path traversal in URI'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.htaccess',
method = 'GET'
},
{
path = '/.htpasswd',
method = 'GET'
}
},
matches = {
-- We look for a '200 OK' message on this one, because most Apache servers return an access denied
{
match = '200 OK',
output = 'Incorrect permissions on .htaccess or .htpasswd files'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/_vti_bin/',
method = 'GET'
},
{
path = '/_vti_cnf/',
method = 'GET'
},
{
path = '/_vti_log/',
method = 'GET'
},
{
path = '/_vti_pvt/',
method = 'GET'
},
{
path = '/_vti_txt/',
method = 'GET'
},
{
path = '/postinfo.html'
},
{
path = '/_vti_bin/_vti_aut/author.dll'
},
{
path = '/_vti_bin/_vti_aut/author.exe'
},
{
path = '/_vti_bin/_vti_aut/dvwssr.dll'
},
{
path = '/_vti_bin/_vti_adm/admin.dll'
},
{
path = '/_vti_bin/_vti_adm/admin.exe'
},
{
path = '/_vti_bin/fpcount.exe?Page=default.asp|Image=3'
},
{
path = '/_vti_bin/shtml.dll'
},
{
path = '/_vti_bin/shtml.exe'
},
{
path = '/_vti_pvt/_x_todo.htm'
},
{
path = '/_vti_pvt/_x_todoh.htm'
},
{
path = '/_vti_pvt/access.cnf'
},
{
path = '/_vti_pvt/administrator.pwd'
},
{
path = '/_vti_pvt/administrators.pwd'
},
{
path = '/_vti_pvt/authors.pwd'
},
{
path = '/_vti_pvt/bots.cnf'
},
{
path = '/_vti_pvt/botinfs.cnf'
},
{
path = '/_vti_pvt/deptodoc.btr'
},
{
path = '/_vti_pvt/doctodep.btr'
},
{
path = '/_vti_pvt/frontpg.lck'
},
{
path = '/_vti_pvt/linkinfo.cnf'
},
{
path = '/_vti_pvt/service.cnf'
},
{
path = '/_vti_pvt/service.grp'
},
{
path = '/_vti_pvt/service.lck'
},
{
path = '/_vti_pvt/service.pwd'
},
{
path = '/_vti_pvt/Service.stp'
},
{
path = '/_vti_pvt/services.cnf'
},
{
path = '/_vti_pvt/services.org'
},
{
path = '/_vti_pvt/structure.cnf'
},
{
path = '/_vti_pvt/svcacl.cnf'
},
{
path = '/_vti_pvt/users.pwd'
},
{
path = '/_vti_pvt/uniqueperm.cnf'
},
{
path = '/_vti_pvt/writeto.cnf'
},
},
matches = {
{
match = '200',
output = 'Frontpage file or folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.svn/',
method = 'GET'
},
{
path = '/.svn/text-base/.htaccess.svn-base',
method = 'GET'
},
{
path = '/.svn/text-base/.htpasswd.svn-base',
method = 'GET'
},
{
path = '/.svn/text-base/Web.config.svn-base',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Subversion folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.git/HEAD',
method = 'GET'
},
},
matches = {
{
match = 'ref: refs',
output = 'Git folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.hg/requires',
method = 'GET'
},
},
matches = {
{
match = 'revlogv1',
output = 'Mercurial folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.bzr/README',
method = 'GET'
},
},
matches = {
{
match = 'This is a Bazaar',
output = 'Bazaar folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/downloadFile.php',
method = 'GET'
},
{
path = '/BackupConfig.php',
method = 'GET'
}
},
matches = {
{
output = 'NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\boot.ini',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\MDC\\Tomcat\\webapps\\triveni\\WEB-INF\\classes\\schedule.properties',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\lib\\classpath\\com\\cisco\\nm\\cmf\\dbservice2\\DBServer.properties',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\log\\dbpwdChange.log',
method = 'GET'
}
},
matches = {
{
match = 'boot loader',
output = 'CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'
},
{
match = '',
output = 'Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/Info.live.htm',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Possible DD-WRT router Information Disclosure (BID 45598)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'OrangeHRM 2.6.3 Local File Inclusion '
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'TikiWiki < 1.9.9 Directory Traversal Vulnerability'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20',
method = 'GET'
}
},
matches = {
{
match = '2.0.11%s*([^%s<]*)'
.. '.-Hadoop version:.-| %s*([^%s<]*)',
output = 'Hadoop YARN Resource Manager version \\2, state "\\1", Hadoop version \\3'
},
}
});
-- Hadoop Node Resource Manager
table.insert(fingerprints, {
category = 'info',
probes = {
{
path = '/node',
method = 'GET'
},
},
matches = {
{
match = 'Node Manager Version:.- | %s*([^%s<]*)'
.. '.-Hadoop Version:.- | %s*([^%s<]*)',
output = 'Hadoop YARN Node Manager version \\1, Hadoop version \\2'
},
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/databases/acidcat_3.mdb',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Acidcat CMS Database'
}
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/mdb-database/dblog.mdb',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'dBlog Database'
}
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/db/users.mdb',
method = 'HEAD'
},
{
path = '/db/'
}
},
matches = {
{
match = '',
output = 'BlogWorx Database'
}
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/infusions/avatar_studio/avatar_studio.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'PHP-Fusion Mod avatar_studio'
}
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/bnnr.php',
method = 'HEAD'
},
{
path = '/vb/bnnr.php',
method = 'HEAD'
},
{
path = '/forum/bnnr.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'vBulletin ads_saed'
}
}
});
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/weblink_cat_list.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'WHMCompleteSolution CMS'
}
}
});
-- Drupal signatures
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/',
method = 'GET'
}
},
matches = {
{
match = ' src="/sites/all/themes/',
output = 'Drupal signature'
},
{
match = ' src="/sites/all/modules/',
output = 'Drupal signature'
},
{
match = ' href="/sites/all/themes/',
output = 'Drupal signature'
},
{
match = 'jQuery.extend(Drupal.settings,',
output = 'Drupal signature'
}
}
});
-- Drupal files
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/UPGRADE.txt'
},
{
path = '/INSTALL.txt'
},
{
path = '/MAINTENERS.txt'
},
{
path = '/INSTALL.mysql.txt'
},
{
path = '/INSTALL.pgsql.txt'
},
{
path = '/update.php'
}
},
matches = {
{
match = 'Drupal ',
output = 'Drupal file'
}
}
});
-- Joomla versions
table.insert(fingerprints, {
category = 'cms',
probes = {
{
-- Detects versions >= 1.60
path = '/administrator/manifests/files/joomla.xml',
method = 'GET'
},
{
-- Detects version >= 1.50 and <= 1.5.26
path = '/language/en-GB/en-GB.xml',
method = 'GET'
},
{
-- Detects version < 1.50
path = '/modules/custom.xml',
method = 'GET'
}
},
matches = {
{
match = '(.-)',
output = 'Joomla version \\1'
}
}
});
-- Joomla!
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/htaccess.txt'
},
{
path = '/templates/system/css/toolbar.css'
},
{
path = '/templates/beez/css/template_rtl.css'
}
},
matches = {
{
match = 'Joomla!',
output = 'Joomla!'
}
}
});
-- Drupal changelog
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/CHANGELOG.txt'
}
},
matches = {
{
match = 'Drupal (%d..-),',
output = 'Drupal v1'
}
}
});
-- Drupal version
table.insert(fingerprints, {
category = 'cms',
probes = {
{
-- Must be executed on both ports 80, 443 for accurate results
path = '/',
method = 'GET'
}
},
matches = {
{
match = ' |