From 0229c3f001948400866689e523d7c0bcf6e9d1f2 Mon Sep 17 00:00:00 2001 From: sullo Date: Fri, 21 Jan 2022 14:06:29 -0500 Subject: [PATCH] Enhancement: misconfiguration/proxy/open-proxy-portscan.yaml by Chris --- misconfiguration/proxy/open-proxy-portscan.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/misconfiguration/proxy/open-proxy-portscan.yaml b/misconfiguration/proxy/open-proxy-portscan.yaml index 08a309a694..ec672e0edc 100644 --- a/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/misconfiguration/proxy/open-proxy-portscan.yaml @@ -3,7 +3,7 @@ id: open-proxy-portscan info: name: Open Proxy to Ports on the Proxy's localhost Interface author: sullo - severity: High + severity: high tags: exposure,config,proxy,misconfig,fuzz description: The host is configured as a proxy which allows access to its internal interface remediation: Disable the proxy or restrict configuraiton to only allow access to approved hosts/ports. @@ -56,7 +56,9 @@ requests: - type: dsl condition: or dsl: - - (!regex("(?i)FTP",body_1)) && (!regex("(?i)FTP",body_2)) && (regex("(?i)FTP\b",body_3)) - - (!regex("(?i)SSH-[\d.]+-\w+",body_1)) && (!regex("(?i)SSH-[\d.]+-\w+",body_2)) && (regex("(?i)SSH-[\d.]+-\w+",body_4)) - - (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3\b",body_6)) + - (!regex("(?i)FTP",body_1)) && (!regex("(?i)FTP",body_2)) && (regex("(?i)FTP",body_3)) + - (!regex("(?i)SSH-[.]+-+",body_1)) && (!regex("(?i)SSH-[.]+-+",body_2)) && (regex("(?i)SSH-[.]+-+",body_4)) + - (!regex("(?i)POP3",body_1)) && (!regex("(?i)POP3",body_2)) && (regex("(?i)POP3",body_6)) - (!regex("(?i)SMTP",body_1)) && (!regex("(?i)SMTP",body_2)) && ((regex("(?i)SMTP",body_5)) || (regex("(?i)SMTP",body_7)) || (regex("(?i)SMTP",body_8))) + +# Updated by Chris on 2022/01/21