nuclei-templates/http/exposed-panels/c2/viper-c2.yaml

id: viper-c2

info:
  name: Viper C2 - Detect
  author: pussycat0x
  severity: info
  description: |
    Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration.
  reference:
    - https://twitter.com/MichalKoczwara/status/1635724410274414596
  metadata:
    verified: "true"
    max-request: 1
    shodan-query: http.html_hash:1015055567
    censys-query: 057f3b5488605b4d224d038e340866e2cdfed4a3
  tags: tech,viper,c2,malware,ir,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 404"
          - "(\"057f3b5488605b4d224d038e340866e2cdfed4a3\" == sha1(body))"
        condition: and
# digest: 490a00463044022054c3cee28570a6e92f667c29d2b76b51ff8a871e8201136d0ef7767fba4949e502207fc7b93b94a621b5a4bd5b34fa4025a0591f8c4012740b45a0465e8e0f501bc1:922c64590222798bb761d5b6d8e72950
Viper C2 - Detect 2023-06-13 19:02:21 +00:00			`id: viper-c2`

			`info:`
			`name: Viper C2 - Detect`
			`author: pussycat0x`
			`severity: info`
			`description: \|`
			`Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration.`
			`reference:`
			`- https://twitter.com/MichalKoczwara/status/1635724410274414596`
			`metadata:`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`verified: "true"`
TemplateMan Update [Wed Jun 21 21:03:53 UTC 2023] :robot: 2023-06-21 21:03:53 +00:00			`max-request: 1`
Viper C2 - Detect 2023-06-13 19:02:21 +00:00			`shodan-query: http.html_hash:1015055567`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`censys-query: 057f3b5488605b4d224d038e340866e2cdfed4a3`
add panel tag to http/exposed-panels/ templates 2023-06-30 22:49:09 +00:00			`tags: tech,viper,c2,malware,ir,panel`
Viper C2 - Detect 2023-06-13 19:02:21 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "status_code == 404"`
			`- "(\"057f3b5488605b4d224d038e340866e2cdfed4a3\" == sha1(body))"`
tags -update 2023-06-13 19:04:10 +00:00			`condition: and`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 490a00463044022054c3cee28570a6e92f667c29d2b76b51ff8a871e8201136d0ef7767fba4949e502207fc7b93b94a621b5a4bd5b34fa4025a0591f8c4012740b45a0465e8e0f501bc1:922c64590222798bb761d5b6d8e72950`