Major enhancement to the engine to parse XML files and matches on DBMS banner

and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.

plugins/dbms/mssqlserver.py

@@ -124,15 +124,13 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
     def getFingerprint(self):
         value      = ""
-        info       = None
         formatInfo = None
 
         if self.banner:
-            info       = bannerParser(self.banner)
-            formatInfo = formatOSfp(info)
+            formatInfo = formatOSfp()
 
-        if formatInfo:
-            value += "%s\n" % formatInfo
+            if formatInfo:
+                value += "%s\n" % formatInfo
 
         value  += "back-end DBMS: "
         actVer  = formatDBMSfp()
@@ -145,10 +143,10 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
         formatInfo  = None
         value      += "active fingerprint: %s" % actVer
 
-        if info:
-            release     = info["dbmsRelease"]
-            version     = info["dbmsVersion"]
-            servicepack = info["dbmsServicePack"]
+        if kb.bannerFp:
+            release     = kb.bannerFp["dbmsRelease"]
+            version     = kb.bannerFp["dbmsVersion"]
+            servicepack = kb.bannerFp["dbmsServicePack"]
 
             if release and version and servicepack:
                 banVer  = "Microsoft SQL Server %s " % release
@@ -169,8 +167,7 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
         if conf.dbms in MSSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
             setDbms("Microsoft SQL Server %s" % kb.dbmsVersion[0])
 
-            if conf.getBanner:
-                self.banner = inject.getValue("@@VERSION")
+            self.getPrematureBanner("@@VERSION")
 
             if not conf.extensiveFp:
                 return True
@@ -197,8 +194,7 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
             else:
                 setDbms("Microsoft SQL Server")
 
-            if conf.getBanner:
-                self.banner = inject.getValue("@@VERSION")
+            self.getPrematureBanner("@@VERSION")
 
             return True
         else:

plugins/dbms/mysql.py

@@ -182,15 +182,13 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
     def getFingerprint(self):
         value      = ""
-        info       = None
         formatInfo = None
 
         if self.banner:
-            info       = bannerParser(self.banner)
-            formatInfo = formatOSfp(info)
+            formatInfo = formatOSfp()
 
-        if formatInfo:
-            value += "%s\n" % formatInfo
+            if formatInfo:
+                value += "%s\n" % formatInfo
 
         value  += "back-end DBMS: "
         actVer  = formatDBMSfp()
@@ -208,9 +206,9 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
             comVer = formatDBMSfp([comVer])
             value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
 
-        if info:
+        if kb.bannerFp:
             # TODO: move to the XML banner file
-            banVer = info['version']
+            banVer = kb.bannerFp['version']
 
             if re.search("-log$", self.banner):
                 banVer += ", logging enabled"
@@ -241,8 +239,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
             if int(kb.dbmsVersion[0]) >= 5:
                 self.has_information_schema = True
 
-            if conf.getBanner:
-                self.banner = inject.getValue("VERSION()")
+            self.getPrematureBanner("VERSION()")
 
             if not conf.extensiveFp:
                 return True
@@ -270,8 +267,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
                 setDbms("MySQL 5")
                 self.has_information_schema = True
 
-                if conf.getBanner:
-                    self.banner = inject.getValue("VERSION()")
+                self.getPrematureBanner("VERSION()")
 
                 if not conf.extensiveFp:
                     kb.dbmsVersion = [">= 5.0.0"]
@@ -318,8 +314,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
                 setDbms("MySQL 4")
                 kb.dbmsVersion = ["< 5.0.0"]
 
-                if conf.getBanner:
-                    self.banner = inject.getValue("VERSION()")
+                self.getPrematureBanner("VERSION()")
 
                 if not conf.extensiveFp:
                     return True

plugins/dbms/oracle.py

@@ -118,15 +118,13 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
     def getFingerprint(self):
         value      = ""
-        info       = None
         formatInfo = None
 
         if self.banner:
-            info       = bannerParser(self.banner)
-            formatInfo = formatOSfp(info)
+            formatInfo = formatOSfp()
 
-        if formatInfo:
-            value += "%s\n" % formatInfo
+            if formatInfo:
+                value += "%s\n" % formatInfo
 
         value += "back-end DBMS: "
 
@@ -139,8 +137,8 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
         formatInfo  = None
         value      += "active fingerprint: %s" % actVer
 
-        if info:
-            banVer = info['version']
+        if kb.bannerFp:
+            banVer = kb.bannerFp['version']
             banVer = formatDBMSfp([banVer])
             value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
 
@@ -156,8 +154,7 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
         if conf.dbms in ORACLE_ALIASES:
             setDbms("Oracle")
 
-            if conf.getBanner:
-                self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
+            self.getPrematureBanner("SELECT banner FROM v$version WHERE ROWNUM=1")
 
             if not conf.extensiveFp:
                 return True
@@ -183,8 +180,7 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
             setDbms("Oracle")
 
-            if conf.getBanner:
-                self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
+            self.getPrematureBanner("SELECT banner FROM v$version WHERE ROWNUM=1")
 
             if not conf.extensiveFp:
                 return True

plugins/dbms/postgresql.py

@@ -118,15 +118,13 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
     def getFingerprint(self):
         value      = ""
-        info       = None
         formatInfo = None
 
         if self.banner:
-            info       = bannerParser(self.banner)
-            formatInfo = formatOSfp(info)
+            formatInfo = formatOSfp()
 
-        if formatInfo:
-            value += "%s\n" % formatInfo
+            if formatInfo:
+                value += "%s\n" % formatInfo
 
         value += "back-end DBMS: "
 
@@ -139,8 +137,8 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
         formatInfo  = None
         value      += "active fingerprint: %s" % actVer
 
-        if info:
-            banVer = info['version']
+        if kb.bannerFp:
+            banVer = kb.bannerFp['version']
             banVer = formatDBMSfp([banVer])
             value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
 
@@ -160,8 +158,7 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
         if conf.dbms in PGSQL_ALIASES:
             setDbms("PostgreSQL")
 
-            if conf.getBanner:
-                self.banner = inject.getValue("VERSION()")
+            self.getPrematureBanner("VERSION()")
 
             if not conf.extensiveFp:
                 return True
@@ -186,8 +183,7 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
 
             setDbms("PostgreSQL")
 
-            if conf.getBanner:
-                self.banner = inject.getValue("VERSION()")
+            self.getPrematureBanner("VERSION()")
 
             if not conf.extensiveFp:
                 return True