Merge pull request #6781 from projectdiscovery/pussycat0x-patch-2

Metasploit C2 Server -Detect

c2/metasploit-c2.yaml

@@ -0,0 +1,28 @@
+id: metasploit-c2
+
+info:
+  name: Detect SSL Certificate Issuer
+  author: pussycat0x
+  severity: info
+  description: |
+    A Metasploit Framework is a powerful tool that provides a universal interface to work with vulnerability exploit code. It has to exploit code for a wide range of vulnerabilities that impact web servers, OSes, network equipment, and everything in between. Metasploit which serves as both exploitation and C2 frameworks.
+  reference: |
+    https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
+  metadata:
+    verified: "true"
+    shodan-query: ssl:"MetasploitSelfSignedCA"
+  tags: c2,ir,osint,metasploit
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: word
+        part: issuer_cn
+        words:
+          - "MetasploitSelfSignedCA"
+
+    extractors:
+      - type: json
+        json:
+          - " .issuer_cn"