home *** CD-ROM | disk | FTP | other *** search
- #
- # Rules that deduce new facts from existing data. Each rule is executed once
- # for each 'a' SATAN record. The rule format is:
- #
- # condition TABs fact
- #
- # The condition is a PERL expression that has full access to the global
- # $target..$text variables, to functions, and to everything that has been
- # found sofar. The fact is a SATAN record.
- #
- # Empty lines and text after a "#" character are ignored. Long lines may
- # be broken with backslash-newline.
- #
- #
- # version 1, Sun Mar 19 10:32:57 1995, last mod by zen
- #
-
- #
- # Assume rexd is insecure without even trying
- #
- /runs rexd/ $target|assert|a|us|ANY@$target|ANY@ANY|REXD access|rexd is vulnerable
-
- # SENDMAIL SECTION ;-)
- #
- # assume berkeley versions of sendmail < 8.6.10 are hosed:
- /sendmail 8\.6\.([0-9]+)/i && $1 < 10 \
- $target|assert|a|rs|ANY@$target|ANY@$target|Sendmail vulnerabilities|sendmail pre 8.6.10
-
- #
- # other sendmail versions
-
- # HP
- /HP Sendmail \(1\.37\.109\.11/ \
- $target|assert|a|rs|ANY@$target|ANY@$target|Sendmail vulnerabilities|sendmail pre 8.6.10
-
- #
- # Generic (or derived from) BSD; should have something >= 5.60
- /[Ss]endmail (5\.60)/ && $1 <= 5.60 \
- $target|assert|a|rs|ANY@$target|ANY@$target|Sendmail vulnerabilities|sendmail pre 5.61
-
- #
- # Sequent/DYNIX; if <= 5.65, broken...
- /[Ss]endmail (5\.65)/ && $1 <= 5.65 && /DYNIX/ \
- $target|assert|a|rs|ANY@$target|ANY@$target|Sendmail vulnerabilities|DYNIX sendmail, pre 5.65
-
- #
- # OTHER PROBLEMS
- #
- # 220 wuarchive.wustl.edu FTP server (Version wu-2.4(1) Mon
- /ftp.*\(version wu-2.([0-9]+)/i && $1 < 4 \
- $target|assert|a|rs|ANY@$target|ANY@$target|FTP vulnerabilities|wuftp pre 2.4
-
- # a modem on a port? Surely you jest...
- /AT\\[nr].*OK\\[nr]/ $target|assert|a|rs|ANY@$target|ANY@$target|unrestricted modem|unrestricted modem on the Internet
-
