Skip to content

Commit

Permalink
Styles changed
Browse files Browse the repository at this point in the history
  • Loading branch information
Raul committed Jul 8, 2024
1 parent 81a7c5a commit 4a19a96
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 20 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector;

import static java.nio.charset.StandardCharsets.UTF_8;
Expand Down Expand Up @@ -44,10 +45,10 @@
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ncrack.NcrackCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.postgres.PostgresCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rabbitmq.RabbitMQCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.wordpress.WordpressCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rstudio.RStudioCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatHttpCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatAjpCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatHttpCredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.wordpress.WordpressCredentialTester;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider;

import static com.google.common.collect.ImmutableList.toImmutableList;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@
import com.google.common.flogger.GoogleLogger;
import com.google.tsunami.common.data.NetworkEndpointUtils;
import com.google.tsunami.common.data.NetworkServiceUtils;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpReader;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpMessage;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpReader;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.ForwardRequestMessage;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.Pair;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester;
import com.google.tsunami.proto.NetworkService;
import java.io.DataInputStream;
import java.io.DataOutputStream;
Expand Down Expand Up @@ -79,9 +79,7 @@ public ImmutableList<TestCredential> testValidCredentials(

return credentials.stream()
.filter(cred -> isTomcatAccessible(networkService, cred))
.findFirst()
.map(ImmutableList::of)
.orElseGet(ImmutableList::of);
.collect(toImmutableList());
}

private boolean isTomcatAccessible(NetworkService networkService, TestCredential credential) {
Expand Down Expand Up @@ -144,9 +142,10 @@ private byte[] sendAndReceive(String host, int port, byte[] data) throws IOExcep
}
}

// This method checks if the response headers contain elements indicative of a Tomcat manager page.
// Specifically, it examines the cookies set rather than body elements to improve the efficiency and speed of the plugin.
// By focusing on headers, the plugin can quickly identify successful logins without parsing potentially large and variable body content.
// This method checks if the response headers contain elements indicative of a Tomcat manager
// page. Specifically, it examines the cookies set rather than body elements to improve the
// efficiency and speed of the plugin. By focusing on headers, the plugin can quickly identify
// successful logins without parsing potentially large and variable body content.
private static boolean headersContainsSuccessfulLoginElements(AjpMessage responseMessage) {
String responseHeaders = responseMessage.getDescription().toLowerCase();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,9 @@ public boolean canAccept(NetworkService networkService) {
logger.atInfo().log("probing Tomcat manager - custom fingerprint phase");

HttpResponse response = httpClient.send(get(url).withEmptyHeaders().build());

canAcceptByCustomFingerprint = response.status().code() == 302
&& response.headers().get("Location").get().equals("/manager/html");
canAcceptByCustomFingerprint = response.status().code() == 302
&& response.headers().get("Location").get().equals("/manager/html");

} catch (IOException e) {
logger.atWarning().withCause(e).log("Unable to query '%s'.", url);
Expand All @@ -112,9 +112,7 @@ public ImmutableList<TestCredential> testValidCredentials(

return credentials.stream()
.filter(cred -> isTomcatAccessible(networkService, cred))
.findFirst()
.map(ImmutableList::of)
.orElseGet(ImmutableList::of);
.collect(toImmutableList());
}

private boolean isTomcatAccessible(NetworkService networkService, TestCredential credential) {
Expand Down Expand Up @@ -157,9 +155,9 @@ private HttpResponse sendRequestWithCredentials(String url, TestCredential crede
}

// This method checks if the response body contains elements indicative of a Tomcat manager page.
// Specifically, it examines the page title rather than body elements because the content of the body can vary
// depending on the language settings of the server. The title is less likely to change and provides a reliable
// indicator of a successful login page.
// Specifically, it examines the page title rather than body elements because the content of the
// body can vary depending on the language settings of the server. The title is less likely to
// change and provides a reliable indicator of a successful login page.
private static boolean bodyContainsSuccessfulLoginElements(String responseBody) {
Document doc = Jsoup.parse(responseBody);
String title = doc.title();
Expand Down

0 comments on commit 4a19a96

Please sign in to comment.