id: vnc-service-detect
info:
name: VNC Service Detection
author: pussycat0x
severity: info
description: A Virtual Network Computing (VNC) service was detected.
classification:
cwe-id: CWE-200
metadata:
max-request: 1
tags: network,vnc,service,detect
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
port: 5900
matchers:
- type: word
words:
- "RFB"
extractors:
- type: regex
part: body
regex:
- "RFB ([0-9.]+)"
# digest: 4b0a00483046022100f226008e5e45f7c21b17317677dad9cd160ae0946f1511ba0d01868a69c84432022100b1955bdaf3ef0235dc99b71544a6c56511a71723b6913a748e9e8be6796983bc:922c64590222798bb761d5b6d8e72950