Search...

Opentaps ERP + CRM service detection

2009-04-23T00:00:00

ID OPENVAS:101021
Type openvas
Reporter Christian Eric Edjenguele <christian.edjenguele@owasp.org>
Modified 2017-04-07T00:00:00

Description

The remote host is running Opentaps ERP + CRM. opentaps is a full-featured ERP + CRM suite which incorporates several open source projects, including Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework; Pentaho and JasperReports for business intelligence; Funambol for mobile device and Outlook integration; and the opentaps applications which provide user-driven applications for CRM, accounting and finance, warehouse and manufacturing, and purchasing and supply chain mmanagement.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: remote-detect-Opentaps_ERP_CRM.nasl 5888 2017-04-07 09:01:53Z teissa $
# Description: This script ensure that the Opentaps ERP + CRM is installed and running
#
# remote-detect-Opentaps_ERP_CRM.nasl
#
# Author:
# Christian Eric Edjenguele &lt;christian.edjenguele@owasp.org&gt;
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 and later,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote host is running Opentaps ERP + CRM. 
opentaps is a full-featured ERP + CRM suite which incorporates several open source projects, 
including Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework; 
Pentaho and JasperReports for business intelligence; Funambol for mobile device and Outlook integration; 
and the opentaps applications which provide user-driven applications for CRM, accounting and finance, 
warehouse and manufacturing, and purchasing and supply chain mmanagement.";

tag_solution = "It's recommended to allow connection to this host only from trusted hosts or networks,
or disable the service if not used.";



if(description)
{
script_id(101021);
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
 script_version("$Revision: 5888 $");
script_tag(name:"last_modification", value:"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $");
script_tag(name:"creation_date", value:"2009-04-23 00:18:39 +0200 (Thu, 23 Apr 2009)");
script_tag(name:"cvss_base", value:"0.0");
name = "Opentaps ERP + CRM service detection";
script_name(name);
 

summary = "Detect a running Opentaps Open Source ERP + CRM";

script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");

script_copyright("Christian Eric Edjenguele &lt;christian.edjenguele@owasp.org&gt;");
family = "Service detection";
script_family(family);
script_dependencies("find_service.nasl");
script_require_ports("Services/www");


script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);

}

#
# The script code starts here
#

include("misc_func.inc");
include("http_func.inc");
include("http_keepalive.inc");


thePort = get_http_port(default:8080);

pages = make_array(0,'/',1,'webtools/control/main');
report = '';

softwareRequest = string("GET ", pages[0], " HTTP/1.1\r\n","Host: ", get_host_name(), "\r\n\r\n");
versionRequest = string("GET /", pages[1], " HTTP/1.1\r\n","Host: ", get_host_name(), "\r\n\r\n");

softwareReply = http_send_recv(port:thePort, data:softwareRequest);
versionReply = http_send_recv(port:thePort, data:versionRequest);

if(versionReply =~ "^HTTP/1.[0-1]+ 404")exit(0);

if(softwareReply){

	servletContainer = eregmatch(pattern:"Server: Apache-Coyote/([0-9.]+)",string:softwareReply, icase:TRUE);
	opentapsTitlePattern = eregmatch(pattern:"&lt;title&gt;([a-zA-Z +]+)&lt;/title&gt;",string:softwareReply, icase:TRUE);

	if(opentapsTitlePattern){
		if('opentaps' &gt;&lt; opentapsTitlePattern[0]){
			report += " The remote host is running " + opentapsTitlePattern[1];
			replace_kb_item(name:"OpentapsERP/installed", value:TRUE);
			replace_kb_item(name:"OpentapsERP/port", value:thePort);
		} else {
                  exit(0);
		}  
	} else {
          exit(0);
	}  

	if((servletContainer)){
		replace_kb_item(name:"ApacheCoyote/installed", value:TRUE);
		replace_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
		report += " on " + servletContainer[0];
	}
			
}

if(versionReply){

	version = eregmatch(pattern:'&lt;p&gt;&lt;a href="http://www.opentaps.org" class="tabletext"&gt;([a-zA-Z +]+)&lt;/a&gt; ([0-9.]+).&lt;br/&gt;',string:versionReply, icase:TRUE);
	servletContainer = eregmatch(pattern:"Server: Apache-Coyote/([0-9.]+)",string:versionReply, icase:TRUE);

	if(version){
		report += " Detected " + version[1] + " " + version[2];
		replace_kb_item(name:"OpentapsERP/installed", value:TRUE);
		replace_kb_item(name:"OpentapsERP/version", value:version[2]);
		replace_kb_item(name:"OpentapsERP/port", value:thePort);
	} else {
          exit(0);
	}  

	if((servletContainer)){
		replace_kb_item(name:"ApacheCoyote/installed", value:TRUE);
		replace_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
		report += " on " + servletContainer[0];
	}
}

if(report)
	log_message(port:thePort, data:report);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:101021", "type": "openvas", "bulletinFamily": "scanner", "title": "Opentaps ERP + CRM service detection", "description": "The remote host is running Opentaps ERP + CRM. \nopentaps is a full-featured ERP + CRM suite which incorporates several open source projects, \nincluding Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework; \nPentaho and JasperReports for business intelligence; Funambol for mobile device and Outlook integration; \nand the opentaps applications which provide user-driven applications for CRM, accounting and finance, \nwarehouse and manufacturing, and purchasing and supply chain mmanagement.", "published": "2009-04-23T00:00:00", "modified": "2017-04-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=101021", "reporter": "Christian Eric Edjenguele <christian.edjenguele@owasp.org>", "references": [], "cvelist": [], "lastseen": "2017-07-02T21:09:11", "viewCount": 0, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-07-02T21:09:11", "rev": 2}, "dependencies": {"references": [], "modified": "2017-07-02T21:09:11", "rev": 2}, "vulnersScore": -0.1}, "pluginID": "101021", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: remote-detect-Opentaps_ERP_CRM.nasl 5888 2017-04-07 09:01:53Z teissa $\n# Description: This script ensure that the Opentaps ERP + CRM is installed and running\n#\n# remote-detect-Opentaps_ERP_CRM.nasl\n#\n# Author:\n# Christian Eric Edjenguele <christian.edjenguele@owasp.org>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2 and later,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is running Opentaps ERP + CRM. \nopentaps is a full-featured ERP + CRM suite which incorporates several open source projects, \nincluding Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework; \nPentaho and JasperReports for business intelligence; Funambol for mobile device and Outlook integration; \nand the opentaps applications which provide user-driven applications for CRM, accounting and finance, \nwarehouse and manufacturing, and purchasing and supply chain mmanagement.\";\n\ntag_solution = \"It's recommended to allow connection to this host only from trusted hosts or networks,\nor disable the service if not used.\";\n\n\n\nif(description)\n{\nscript_id(101021);\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n script_version(\"$Revision: 5888 $\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $\");\nscript_tag(name:\"creation_date\", value:\"2009-04-23 00:18:39 +0200 (Thu, 23 Apr 2009)\");\nscript_tag(name:\"cvss_base\", value:\"0.0\");\nname = \"Opentaps ERP + CRM service detection\";\nscript_name(name);\n \n\nsummary = \"Detect a running Opentaps Open Source ERP + CRM\";\n\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"qod_type\", value:\"remote_banner\");\n\nscript_copyright(\"Christian Eric Edjenguele <christian.edjenguele@owasp.org>\");\nfamily = \"Service detection\";\nscript_family(family);\nscript_dependencies(\"find_service.nasl\");\nscript_require_ports(\"Services/www\");\n\n\nscript_tag(name : \"solution\" , value : tag_solution);\nscript_tag(name : \"summary\" , value : tag_summary);\nexit(0);\n\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\n\nthePort = get_http_port(default:8080);\n\npages = make_array(0,'/',1,'webtools/control/main');\nreport = '';\n\nsoftwareRequest = string(\"GET \", pages[0], \" HTTP/1.1\\r\\n\",\"Host: \", get_host_name(), \"\\r\\n\\r\\n\");\nversionRequest = string(\"GET /\", pages[1], \" HTTP/1.1\\r\\n\",\"Host: \", get_host_name(), \"\\r\\n\\r\\n\");\n\nsoftwareReply = http_send_recv(port:thePort, data:softwareRequest);\nversionReply = http_send_recv(port:thePort, data:versionRequest);\n\nif(versionReply =~ \"^HTTP/1.[0-1]+ 404\")exit(0);\n\nif(softwareReply){\n\n\tservletContainer = eregmatch(pattern:\"Server: Apache-Coyote/([0-9.]+)\",string:softwareReply, icase:TRUE);\n\topentapsTitlePattern = eregmatch(pattern:\"<title>([a-zA-Z +]+)</title>\",string:softwareReply, icase:TRUE);\n\n\tif(opentapsTitlePattern){\n\t\tif('opentaps' >< opentapsTitlePattern[0]){\n\t\t\treport += \" The remote host is running \" + opentapsTitlePattern[1];\n\t\t\treplace_kb_item(name:\"OpentapsERP/installed\", value:TRUE);\n\t\t\treplace_kb_item(name:\"OpentapsERP/port\", value:thePort);\n\t\t} else {\n exit(0);\n\t\t} \n\t} else {\n exit(0);\n\t} \n\n\tif((servletContainer)){\n\t\treplace_kb_item(name:\"ApacheCoyote/installed\", value:TRUE);\n\t\treplace_kb_item(name:\"ApacheCoyote/version\", value:servletContainer[1]);\n\t\treport += \" on \" + servletContainer[0];\n\t}\n\t\t\t\n}\n\nif(versionReply){\n\n\tversion = eregmatch(pattern:'<p><a href=\"http://www.opentaps.org\" class=\"tabletext\">([a-zA-Z +]+)</a> ([0-9.]+).<br/>',string:versionReply, icase:TRUE);\n\tservletContainer = eregmatch(pattern:\"Server: Apache-Coyote/([0-9.]+)\",string:versionReply, icase:TRUE);\n\n\tif(version){\n\t\treport += \" Detected \" + version[1] + \" \" + version[2];\n\t\treplace_kb_item(name:\"OpentapsERP/installed\", value:TRUE);\n\t\treplace_kb_item(name:\"OpentapsERP/version\", value:version[2]);\n\t\treplace_kb_item(name:\"OpentapsERP/port\", value:thePort);\n\t} else {\n exit(0);\n\t} \n\n\tif((servletContainer)){\n\t\treplace_kb_item(name:\"ApacheCoyote/installed\", value:TRUE);\n\t\treplace_kb_item(name:\"ApacheCoyote/version\", value:servletContainer[1]);\n\t\treport += \" on \" + servletContainer[0];\n\t}\n}\n\nif(report)\n\tlog_message(port:thePort, data:report);\n", "naslFamily": "Service detection"}