Update favicon-detect.yaml

patch-1
Ritik Chaddha 2024-03-08 18:58:41 +05:30
parent 8f2d14fb5b
commit 0e03b27276
1 changed files with 24 additions and 9 deletions

View File

@ -35,19 +35,24 @@ http:
- "status_code==200 && (\"-503480258\" == mmh3(base64_py(body)))" - "status_code==200 && (\"-503480258\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: oracle name: "oracle"
dsl: dsl:
- "len(body)==1150 && status_code==200 && (\"421e176ae0837bcc6b879ef55adbc897\" == md5(body))" - "status_code==200 && (\"1414300307\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: hitachi name: "hitachi"
dsl: dsl:
- "len(body)==894 && status_code==200 && (\"41e9c43dc5e994ca7a40f4f92b50d01d\" == md5(body))" - "status_code==200 && (\"92627686\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: meinberg name: "hitachi-management"
dsl: dsl:
- "len(body)==1406 && status_code==200 && (\"4b2524b4f28eac7d0e872b0e1323c02d\" == md5(body))" - "status_code==200 && (\"94231047\" == mmh3(base64_py(body)))"
- type: dsl
name: "meinberg"
dsl:
- "status_code==200 && (\"-676779906\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: "slack-instance" name: "slack-instance"
@ -3367,7 +3372,7 @@ http:
- type: dsl - type: dsl
name: "MSNSwitch Firmware MNT" name: "MSNSwitch Firmware MNT"
dsl: dsl:
- "status_code==200 && (\"-2073748627 || http.favicon.hash\" == mmh3(base64_py(body)))" - "status_code==200 && (\"-2073748627\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: "HotelDruid Hotel Management Software" name: "HotelDruid Hotel Management Software"
@ -3462,7 +3467,17 @@ http:
- type: dsl - type: dsl
name: "Fortra GoAnywhere MFT" name: "Fortra GoAnywhere MFT"
dsl: dsl:
- "status_code==200 && (\"1484947000,1828756398,1170495932\" == mmh3(base64_py(body)))" - "status_code==200 && (\"1170495932\" == mmh3(base64_py(body)))"
- type: dsl
name: "GoAnywhere"
dsl:
- "status_code==200 && (\"1828756398\" == mmh3(base64_py(body)))"
- type: dsl
name: "GoAnywhere Web Client"
dsl:
- "status_code==200 && (\"1484947000\" == mmh3(base64_py(body)))"
- type: dsl - type: dsl
name: "Qlik Sense Enterprise" name: "Qlik Sense Enterprise"