Passive scan for Java error messages containing sensitive information…

… (CWE-209) (#386)

Passive scan for Java error messages containing sensitive information.

Signed-off-by: ChieftainY2k <[email protected]>

CHANGELOG.md

@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 - extender/arpSyndicateSubdomainDiscovery.js - uses the API of [ARPSyndicate's Subdomain Center](https://www.subdomain.center/)
   to find and add subdomains to the Sites Tree.
+- passive/JavaDisclosure.js - Passive scan for Java error messages leaks
 
 ## [18] - 2024-01-29
 ### Added

passive/JavaDisclosure.js

@@ -0,0 +1,29 @@
+//Passive scan for Java error messages containing sensitive information (CWE-209)
+
+function scan(ps, msg, src) {
+    var alertRisk = 2
+    var alertConfidence = 3
+    var alertTitle = 'Java stack trace disclosure'
+    var alertDesc = 'Java stack trace disclosure (or similar) was found'
+    var alertSolution = 'Investigate Java stack trace disclosures found in the response, remove or mask as required'
+    var cweId = 209
+    var wascId = 0
+
+    var re = /springframework|\.java|rootBeanClass/i
+
+    var contentType = msg.getResponseHeader().getHeader("Content-Type")
+    var unwantedFileTypes = ['image/png', 'image/jpeg', 'image/gif', 'application/x-shockwave-flash', 'application/pdf']
+
+    if (unwantedFileTypes.indexOf("" + contentType) >= 0) {
+        return
+    }
+
+    var body = msg.getResponseBody().toString()
+    if (re.test(body)) {
+        let url = msg.getRequestHeader().getURI().toString();
+        ps.raiseAlert(alertRisk, alertConfidence, alertTitle, alertDesc, url, '', '', body, alertSolution, body, cweId, wascId, msg)
+    }
+
+}
+
+