Initial commit

Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gem 'terminal-table'

Gemfile.lock

@@ -0,0 +1,10 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    terminal-table (1.5.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  terminal-table

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Brendan Coles
+Copyright (c) 2015 Brendan Coles <bcoles[at]gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

LiferayScan.gemspec

@@ -0,0 +1,14 @@
+Gem::Specification.new do |s|
+  s.name        = 'LiferayScan'
+  s.version     = '0.0.1'
+  s.required_ruby_version = ">= 2.0.0"
+  s.date        = '2015-08-01'
+  s.summary     = 'Liferay scanner'
+  s.description = 'A simple remote scanner for Liferay Portal'
+  s.license     = 'MIT'
+  s.authors     = ["Brendan Coles"]
+  s.email       = 'bcoles@gmail.com'
+  s.files       = ["lib/LiferayScan.rb", "data/users.txt", "data/names.txt", "data/portlets.txt"]
+  s.homepage    = 'https://github.com/bcoles/LiferayScan'
+  s.executables << 'LiferayScan'
+end

README.md

@@ -1,2 +1,42 @@
 # LiferayScan
-A simple remote scanner for Liferay Portal
+
+## Description
+
+LiferayScan is a simple remote scanner for Liferay Portal.
+
+## Installation
+
+```
+bundle install
+gem build LiferayScan.gemspec
+gem install --local LiferayScan-0.0.1.gem
+```
+
+## Usage (command line)
+
+```
+% LiferayScan -h
+Usage: LiferayScan <url> [options]
+    -u, --url URL                    Liferay URL to scan
+    -s, --skip                       Skip check for Liferay
+    -v, --verbose                    Enable verbose output
+    -h, --help                       Show this help
+
+```
+
+## Usage (ruby)
+
+```
+require 'LiferayScan'
+is_liferay = LiferayScan::isLiferay(url)            # Check if a URL is Liferay
+version    = LiferayScan::getVersion(url)           # Get Liferay version
+language   = LiferayScan::getLanguage(url)          # Get default language (ie, en_US)
+domain     = LiferayScan::getOrganisationEmail(url) # Get organisation email address domain (ie, @liferay.com)
+register   = LiferayScan::userRegistration(url)     # Check if user registration if enabled
+soap_api   = LiferayScan::remoteSoapApi(url)        # Check if SOAP API is accessible
+json_api   = LiferayScan::remoteJsonApi(url)        # Check if JSON API is accessible
+captcha    = LiferayScan::usesCaptcha(url)          # Check if Forgot Password uses CAPTCHA
+users      = LiferayScan::enumerateUsers(url)       # Enumerate some user names from open search and blog rss
+portlets   = LiferayScan::enumeratePortlets(url)    # Enumerate installed portlets
+```
+

bin/LiferayScan

@@ -0,0 +1,139 @@
+#!/usr/bin/env ruby
+# This file is part of LiferayScan
+# https://github.com/bcoles/LiferayScan
+
+require 'LiferayScan'
+require 'optparse'
+require 'terminal-table'
+require 'resolv'
+
+def banner
+  puts "
+   _     _  __                     _____                 
+  | |   (_)/ _|                   /  ___|                
+  | |    _| |_ ___ _ __ __ _ _   _\\ `--.  ___ __ _ _ __  
+  | |   | |  _/ _ \\ '__/ _` | | | |`--. \\/ __/ _` | '_ \\ 
+  | |___| | ||  __/ | | (_| | |_| /\\__/ / (_| (_| | | | |
+  \\_____/_|_| \\___|_|  \\__,_|\\__, \\____/ \\___\\__,_|_| |_|
+                              __/ |                      
+                             |___/             version 0.0.1"
+  puts
+  puts '-'*60
+end
+
+banner
+options = {}
+opts = OptionParser.new do |opts|
+  opts.banner = "Usage: LiferayScan <url> [options]"
+
+  opts.on('-u URL', '--url URL', 'Liferay URL to scan') do |v|
+    unless v.match(/\Ahttps?:\/\//)
+      puts opts
+      exit
+    end
+    options[:url] = v
+  end
+
+  opts.on('-s', '--skip', 'Skip check for Liferay') do
+    options[:skip] = true
+  end
+
+  opts.on('-v', '--verbose', 'Enable verbose output') do
+    options[:verbose] = true
+  end
+
+  opts.on('-h', '--help', 'Show this help') do 
+    puts opts
+    exit
+  end
+end
+
+opts.parse!
+
+$VERBOSE = true unless options[:verbose].nil?
+@check = true unless options[:skip]
+
+if options[:url].nil?
+ puts opts
+ exit
+end
+
+def scan(url)
+  puts "Scan started at #{Time.now.getutc}"
+  puts "URL: #{url}"
+
+  # parse URL
+  target = nil
+  begin
+    target = URI::parse(url.split('?').first)
+  rescue
+    puts "- Could not parse target URL: #{url}"
+  end
+  exit(1) if target.nil?
+
+  # resolve IP address
+  begin
+    ip = Resolv.getaddress(target.host).to_s
+    puts "IP: #{ip}" unless ip.nil?
+  rescue
+    puts "- Could not resolve hostname #{target.host}"
+  end
+
+  puts "Port: #{target.port}"
+  puts '-'*60
+
+  # check if Liferay
+  if @check
+    if LiferayScan::isLiferay(url)
+      puts "+ Found Liferay Portal"
+    else
+      puts "- Liferay Portal not found"
+      exit(1)
+    end
+  end
+
+  # version
+  version = LiferayScan::getVersion(url)
+  puts "+ Version: #{version}" if version
+
+  # language
+  language = LiferayScan::getLanguage(url)
+  puts "+ Language: #{language}" if language
+
+  # organisation email address domain
+  domain = LiferayScan::getOrganisationEmail(url)
+  puts "+ Organisation Email: #{domain}" if domain
+
+  # user registration enabled
+  register = LiferayScan::userRegistration(url)
+  puts "+ User registration is enabled" if register
+
+  # SOAP API accessible
+  soap_api = LiferayScan::remoteSoapApi(url)
+  puts "+ Remote SOAP API is available" if soap_api
+
+  # JSON API accessible
+  json_api = LiferayScan::remoteJsonApi(url)
+  puts "+ Remote JSON API is available" if json_api
+
+  # check if Forgot Password uses CAPTCHA
+  captcha = LiferayScan::usesCaptcha(url)
+  puts "+ Password reset does not use CAPTCHA" unless captcha
+
+  # users
+  users = LiferayScan::enumerateUsers(url)
+  unless users.empty?
+    puts "+ Found users (#{users.length}):"
+    table = Terminal::Table.new :headings => ['Screen Name', 'Full Name'], :rows => users
+    puts table
+  end
+
+  # installed portlets
+  portlets = LiferayScan::enumeratePortlets(url)
+  puts "+ Found portlets (#{portlets.length}): #{portlets.join(', ')}" unless portlets.empty?
+
+  puts "Scan finished at #{Time.now.getutc}"
+  puts '-'*60
+end
+
+scan(options[:url])

data/names.txt

@@ -0,0 +1,69 @@
+# Top 5 names in USA 1915-2014
+# Source: http://www.ssa.gov/oact/babynames/top5names.html
+Abigail
+Alexander
+Alexis
+Amanda
+Amy
+Andrew
+Angela
+Ashley
+Ava
+Barbara
+Betty
+Brittany
+Carol
+Charles
+Christopher
+Daniel
+David
+Deborah
+Debra
+Donna
+Dorothy
+Emily
+Emma
+Ethan
+Hannah
+Heather
+Helen
+Isabella
+Jacob
+James
+Jason
+Jayden
+Jennifer
+Jessica
+Joan
+John
+Joseph
+Joshua
+Judith
+Karen
+Kimberly
+Liam
+Linda
+Lisa
+Madison
+Margaret
+Mary
+Mason
+Matthew
+Melissa
+Michael
+Michelle
+Nicholas
+Noah
+Olivia
+Patricia
+Richard
+Robert
+Ruth
+Samantha
+Sandra
+Sarah
+Shirley
+Sophia
+Susan
+Tyler
+William