Enhancement: misconfiguration/proxy/open-proxy-portscan.yaml by Chris
parent
3b7bcda337
commit
0229c3f001
|
@ -3,7 +3,7 @@ id: open-proxy-portscan
|
|||
info:
|
||||
name: Open Proxy to Ports on the Proxy's localhost Interface
|
||||
author: sullo
|
||||
severity: High
|
||||
severity: high
|
||||
tags: exposure,config,proxy,misconfig,fuzz
|
||||
description: The host is configured as a proxy which allows access to its internal interface
|
||||
remediation: Disable the proxy or restrict configuraiton to only allow access to approved hosts/ports.
|
||||
|
@ -56,7 +56,9 @@ requests:
|
|||
- type: dsl
|
||||
condition: or
|
||||
dsl:
|
||||
- (!regex("(?i)FTP",body_1)) && (!regex("(?i)FTP",body_2)) && (regex("(?i)FTP\b",body_3))
|
||||
- (!regex("(?i)SSH-[\d.]+-\w+",body_1)) && (!regex("(?i)SSH-[\d.]+-\w+",body_2)) && (regex("(?i)SSH-[\d.]+-\w+",body_4))
|
||||
- (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3\b",body_6))
|
||||
- (!regex("(?i)FTP",body_1)) && (!regex("(?i)FTP",body_2)) && (regex("(?i)FTP",body_3))
|
||||
- (!regex("(?i)SSH-[.]+-+",body_1)) && (!regex("(?i)SSH-[.]+-+",body_2)) && (regex("(?i)SSH-[.]+-+",body_4))
|
||||
- (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3",body_6))
|
||||
- (!regex("(?i)SMTP",body_1)) && (!regex("(?i)SMTP",body_2)) && ((regex("(?i)SMTP",body_5)) || (regex("(?i)SMTP",body_7)) || (regex("(?i)SMTP",body_8)))
|
||||
|
||||
# Updated by Chris on 2022/01/21
|
||||
|
|
Loading…
Reference in New Issue