kddnewton · August 15, 2024 03:36 · Japestrale · Feb 15, 2018
diff --git a/annoy_scanners_server.rb b/annoy_scanners_server.rb
 # I really don't like getting routing error notifications when scanners try to
 # find vulnerabilities in our application. As such, this extends our routing
 # to actually give a response, but it's likely not what they were looking for.
 # If they're not using a headless browser, the `alert` is going to kill their
 # productivity. If they are, they just might enjoy the youtube video anyway.
 class AnnoyScannersServer
  SCANNER_PATHS = %w[
    /a2billing/admin/Public/index.php
    /a2billing/common/javascript/misc.js
    /a2billing/customer/templates/default/css/popup.css
    /cgi-bin/php
    /cgi-bin/php4
    /cgi-bin/php5
    /cgi-bin/php.cgi
    /cgi-bin/php-cgi
    /current_config/passwd
    /currentsetting.htm
    /nice%20ports%2C/Trinity.txt.bak
    /nice%20ports%2C/Tri%6Eity.txt%2ebak
    /PSIA/index
    /recordings/index.php
    /sap/bc/gui/sap/its/webgui
  ]

  RESPONSE = <<~HTML
    <html>
      <body>
        <script>
          alert('Never gonna give you up.');
          window.location.replace(
            'https://www.youtube.com/watch?v=dQw4w9WgXcQ');
        </script>
      </body>
    </html>
  HTML

  def matches?(request)
    SCANNER_PATHS.include?(request.path)
  end

  def serve(_request)
    [200, { 'Content-Type' => 'text/html' }, [RESPONSE]]
  end

  def self.install
    server = new

    {
      via: %i[get head options],
      constraints: server,
      to: server.method(:serve)
    }
  end
 end
diff --git a/routes.rb b/routes.rb
 Rails.application.routes.draw do
  match '*path', AnnoyScannersServer.install
 end
	# I really don't like getting routing error notifications when scanners try to
	# find vulnerabilities in our application. As such, this extends our routing
	# to actually give a response, but it's likely not what they were looking for.
	# If they're not using a headless browser, the `alert` is going to kill their
	# productivity. If they are, they just might enjoy the youtube video anyway.
	class AnnoyScannersServer
	SCANNER_PATHS = %w[
	/a2billing/admin/Public/index.php
	/a2billing/common/javascript/misc.js
	/a2billing/customer/templates/default/css/popup.css
	/cgi-bin/php
	/cgi-bin/php4
	/cgi-bin/php5
	/cgi-bin/php.cgi
	/cgi-bin/php-cgi
	/current_config/passwd
	/currentsetting.htm
	/nice%20ports%2C/Trinity.txt.bak
	/nice%20ports%2C/Tri%6Eity.txt%2ebak
	/PSIA/index
	/recordings/index.php
	/sap/bc/gui/sap/its/webgui
	]

	RESPONSE = <<~HTML
	<html>
	<body>
	<script>
	alert('Never gonna give you up.');
	window.location.replace(
	'https://www.youtube.com/watch?v=dQw4w9WgXcQ');
	</script>
	</body>
	</html>
	HTML

	def matches?(request)
	SCANNER_PATHS.include?(request.path)
	end

	def serve(_request)
	[200, { 'Content-Type' => 'text/html' }, [RESPONSE]]
	end

	def self.install
	server = new

	{
	via: %i[get head options],
	constraints: server,
	to: server.method(:serve)
	}
	end
	end
	Rails.application.routes.draw do
	match '*path', AnnoyScannersServer.install
	end