id: vnc-service-detect
info:
name: VNC Service Detection
author: pussycat0x
severity: info
description: A Virtual Network Computing (VNC) service was detected.
classification:
cwe-id: CWE-200
metadata:
max-request: 1
tags: network,vnc,service,detect,detection,tcp
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
port: 5900
matchers:
- type: word
words:
- "RFB"
extractors:
- type: regex
part: body
regex:
- "RFB ([0-9.]+)"
# digest: 4a0a004730450221008ed761ec4f318bcfa3a824cebac620c01812744a9945efc58fddfaee9f975b4102206661dce00e872fc3e2a255f4d317245fcc2e43b7b7c53f7d13e363c22857109d:922c64590222798bb761d5b6d8e72950