nuclei-templates/technologies/linkerd-badrule-detect.yaml

46 lines
1.0 KiB
YAML
Raw Normal View History

2020-06-22 21:25:52 +00:00
id: linkerd-badrule-detect
# Detect the Linkerd service by overriding the delegation table with an invalid
# rule, the presence of the service is indicated by either:
# - a "Via: .. linkerd .."
# - a "l5d-err" and/or a "l5d-success" header
# - a literal error in the body
info:
name: Linkerd detection via bad rule
author: dudez
severity: informative
2020-06-22 21:25:52 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/"
headers:
l5d-dtab: /svc/*
matchers-condition: or
matchers:
- type: regex
name: via-linkerd-present
regex:
- '(?mi)^Via\s*?:.*?linkerd.*$'
part: header
- type: regex
name: l5d-err-present
regex:
2020-06-22 21:41:24 +00:00
- '(?mi)^l5d-err:.*$'
2020-06-22 21:25:52 +00:00
part: header
- type: regex
name: l5d-success-class-present
regex:
2020-06-22 21:41:24 +00:00
- '(?mi)^l5d-success-class: 0.*$'
2020-06-22 21:25:52 +00:00
part: header
- type: word
name: body-error-present
words:
- 'expected but end of input found at'
part: body