From 1b42f81f475591c52c35d285bcae84e2b3b3d5ed Mon Sep 17 00:00:00 2001
From: Jonathan Hodgson <git@jonathanh.co.uk>
Date: Wed, 9 Dec 2020 16:26:47 +0000
Subject: [PATCH] BIN: analyse-headers: Adds generic version disclosure
 function

if the header contains the word "version" (case insensitively) it will
flag it as potential information disclosure

Thanks <Dom Ingram> for the suggestion
---
 bin/.bin/webtest/analyse-headers | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers
index 45742b38..dc96b0e0 100755
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@@ -71,6 +71,16 @@ printKey(){
 \t${RED}Missing${NC}"
 }
 
+generic_version_disclosure(){
+	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	local header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)"
+	echo "$header" | drawInBox
+	wecho -e "The server responds with ${ORANGE}$value${NC} in the \
+$header header"
+	wecho -e "This is potentially un-necesary information disclosure\n\n"
+	[ -n "$value" ] && return 1 || return 0
+}
+
 test_server(){
 	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	echo "Server" | drawInBox
@@ -87,15 +97,6 @@ test_x-powered-by(){
 	[ -n "$value" ] && return 1 || return 0
 }
 
-test_x-aspnet-version(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
-	echo "X-Powered-By" | drawInBox
-	wecho -e "The server responds with ${ORANGE}$value${NC} in the \
-X-AspNet-Version header"
-	wecho -e "This is potentially un-necesary information disclosure\n\n"
-	[ -n "$value" ] && return 1 || return 0
-}
-
 test_x-xss-protection(){
 	local value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )"
 	if [ "$value" = "1" ]; then
@@ -436,6 +437,11 @@ while read line; do
 		"$functionName" "$line" >> "$tmpfile"
 		colour="$(getColour "$?")"
 		echo -e "${colour}$line${NC}"
+	elif echo "$lowercase" | grep "version" > /dev/null; then
+		# if the word version is in the line, assume version disclosure
+		generic_version_disclosure "$line" >> "$tmpfile"
+		colour="$(getColour "$?")"
+		echo -e "${colour}$line${NC}"
 	else
 		echo "$line"
 	fi