BIN: analyse-headers: Adds generic version disclosure function

if the header contains the word "version" (case insensitively) it will flag it as potential information disclosure Thanks <Dom Ingram> for the suggestion
2020-12-09 16:26:47 +00:00 · 2020-12-09 16:26:47 +00:00 · 1fabc27b79
commit 1fabc27b79
parent 27b9af6327
1 changed files with 15 additions and 9 deletions
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@ -71,6 +71,16 @@ printKey(){
 \t${RED}Missing${NC}"
 }

+generic_version_disclosure(){
+	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
+	local header="$(echo "$1" | cut -d ':' -f 1 | trimWhitespace)"
+	echo "$header" | drawInBox
+	wecho -e "The server responds with ${ORANGE}$value${NC} in the \
+$header header"
+	wecho -e "This is potentially un-necesary information disclosure\n\n"
+	[ -n "$value" ] && return 1 || return 0
+}
+
 test_server(){
 	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
 	echo "Server" | drawInBox
@ -87,15 +97,6 @@ test_x-powered-by(){
 	[ -n "$value" ] && return 1 || return 0
 }

-test_x-aspnet-version(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
-	echo "X-Powered-By" | drawInBox
-	wecho -e "The server responds with ${ORANGE}$value${NC} in the \
-X-AspNet-Version header"
-	wecho -e "This is potentially un-necesary information disclosure\n\n"
-	[ -n "$value" ] && return 1 || return 0
-}
-
 test_x-xss-protection(){
 	local value="$(echo "$1" | cut -d ':' -f 2 | grep -oE '[0-9]+' )"
 	if [ "$value" = "1" ]; then
@ -436,6 +437,11 @@ while read line; do
 		"$functionName" "$line" >> "$tmpfile"
 		colour="$(getColour "$?")"
 		echo -e "${colour}$line${NC}"
+	elif echo "$lowercase" | grep "version" > /dev/null; then
+		# if the word version is in the line, assume version disclosure
+		generic_version_disclosure "$line" >> "$tmpfile"
+		colour="$(getColour "$?")"
+		echo -e "${colour}$line${NC}"
 	else
 		echo "$line"
 	fi