From 96836c46d8fd71712db8f8dd569e5c7ad3ac9e80 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 4 Dec 2016 17:42:38 +0000
Subject: [PATCH] Adds a fingerprint for Grafana

---
 CHANGELOG                                     |  2 +-
 .../http-default-accounts-fingerprints.lua    | 34 +++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index a9877afd4..7a187c325 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -36,7 +36,7 @@ o Added service probe and UDP payload for Quick UDP Internet Connection (QUIC),
 o [NSE] Enabled resolveall to run against any target provided as a hostname, so
   the resolveall.hosts script-arg is no longer required. [Daniel Miller]
 
-o [NSE] Updated fingerprints for script http-default-accounts with 18 new
+o [NSE] Updated fingerprints for script http-default-accounts with 19 new
   fingerprints. 4 fingerprints have been broadened to cover more variants.
   [nnposter]
 
diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index 74aecf561..d07fa8989 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -321,6 +321,40 @@ table.insert(fingerprints, {
   end
 })
 
+table.insert(fingerprints, {
+  -- Version 3.1.1
+  name = "Grafana",
+  category = "web",
+  paths = {
+    {path = "/"}
+  },
+  target_check = function (host, port, path, response)
+    -- true if the response is HTTP/302 and sets cookie "grafana_sess"
+    if response.status == 302 then
+      for _, ck in ipairs(response.cookies or {}) do
+        if ck.name:lower() == "grafana_sess" then return true end
+      end
+    end
+    return false
+  end,
+  login_combos = {
+    {username = "admin", password = "admin"}
+  },
+  login_check = function (host, port, path, user, pass)
+    local header = {["Accept"] = "application/json, text/plain, */*",
+                    ["Content-Type"] = "application/json;charset=utf-8"}
+    local json = ('{"user":"%s","email":"","password":"%s"}'):format(user, pass)
+    local req = http_post_simple(host, port, url.absolute(path, "login"),
+                                {header=header}, json)
+    -- successful login is HTTP/200 that sets cookie "grafana_user"
+    if req.status ~= 200 then return false end
+    for _, ck in ipairs(req.cookies or {}) do
+      if ck.name:lower() == "grafana_user" then return ck.value == user end
+    end
+    return false
+  end
+})
+
 table.insert(fingerprints, {
   -- Version 9.2
   name = "WebLogic Server Console 9.x",