2022-10-25 10:55:15 +00:00
|
|
|
id: vmware-authentication-daemon
|
2022-10-23 21:48:01 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: VMware Authentication Daemon Detection
|
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description: |
|
|
|
|
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
|
|
|
|
metadata:
|
|
|
|
verified: true
|
|
|
|
shodan-query: 'product:"VMware Authentication Daemon"'
|
2022-10-25 10:55:15 +00:00
|
|
|
tags: network,vmware,authenticated
|
2022-10-23 21:48:01 +00:00
|
|
|
|
|
|
|
network:
|
|
|
|
|
|
|
|
- inputs:
|
|
|
|
- data: "\n"
|
|
|
|
host:
|
|
|
|
- "{{Hostname}}"
|
|
|
|
- "{{Host}}:902"
|
2022-10-25 10:55:15 +00:00
|
|
|
|
2022-10-23 21:48:01 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "ServerDaemonProtocol:SOAP"
|
|
|
|
- "MKSDisplayProtocol:VNC"
|
2022-10-25 10:55:15 +00:00
|
|
|
condition: and
|
|
|
|
|
2022-10-23 21:48:01 +00:00
|
|
|
extractors:
|
|
|
|
- type: regex
|
|
|
|
regex:
|
2022-10-25 10:55:15 +00:00
|
|
|
- "VMware Authentication Daemon Version ([0-9.]+)"
|