dos2unix conversions (#6969)

* Add description and enhance one where the UI failed to save properly.
dos2unix on a template

* Change cvedetails link to nvd

* make severities match

* Enhancement: cves/2015/CVE-2015-2863.yaml by md

* Enhancement: cves/2017/CVE-2017-14524.yaml by md

* Enhancement: cves/2017/CVE-2017-5638.yaml by md

* Enhancement: cves/2019/CVE-2019-16759.yaml by md

* Enhancement: cves/2021/CVE-2021-22986.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24155.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24347.yaml by md

* Enhancement: cves/2021/CVE-2021-25003.yaml by md

* Enhancement: cves/2021/CVE-2021-25296.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-25296.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-25298.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-28151.yaml by md

* Enhancement: cves/2021/CVE-2021-30128.yaml by md

* Enhancement: cves/2022/CVE-2022-0824.yaml by md

* Enhancement: cves/2022/CVE-2022-0824.yaml by md

* Enhancement: cves/2022/CVE-2022-0885.yaml by md

* Enhancement: cves/2022/CVE-2022-21587.yaml by md

* Enhancement: cves/2022/CVE-2022-2314.yaml by md

* Enhancement: cves/2022/CVE-2022-24816.yaml by md

* Enhancement: cves/2022/CVE-2022-31499.yaml by md

* Enhancement: cves/2022/CVE-2022-21587.yaml by md

* Enhancement: cves/2021/CVE-2021-24155.yaml by md

* Enhancement: cves/2017/CVE-2017-5638.yaml by md

* Enhancement: cves/2015/CVE-2015-2863.yaml by md

* Enhancement: cves/2022/CVE-2022-33901.yaml by md

* Enhancement: cves/2022/CVE-2022-2314.yaml by md

* Enhancement: cves/2022/CVE-2022-33901.yaml by md

* Enhancement: cves/2022/CVE-2022-34753.yaml by md

* Enhancement: cves/2022/CVE-2022-39952.yaml by md

* Enhancement: cves/2022/CVE-2022-4060.yaml by md

* Enhancement: cves/2022/CVE-2022-44877.yaml by md

* Enhancement: cves/2023/CVE-2023-0669.yaml by md

* Enhancement: cves/2023/CVE-2023-26255.yaml by md

* Enhancement: cves/2023/CVE-2023-26256.yaml by md

* Enhancement: exposures/files/salesforce-credentials.yaml by md

* Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md

* Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by md

* Enhancement: network/backdoor/backdoored-zte.yaml by md

* Enhancement: network/detection/ibm-d2b-database-server.yaml by md

* Enhancement: network/detection/ibm-d2b-database-server.yaml by md

* Enhancement: technologies/oracle/oracle-atg-commerce.yaml by md

* Enhancement: token-spray/api-abuseipdb.yaml by md

* Enhancement: token-spray/api-abuseipdb.yaml by md

* Enhancement: token-spray/api-dbt.yaml by md

* Enhancement: vulnerabilities/avaya/avaya-aura-rce.yaml by md

* Enhancement: vulnerabilities/avaya/avaya-aura-xss.yaml by md

* Enhancement: vulnerabilities/cisco/cisco-cloudcenter-suite-rce.yaml by md

* Enhancement: vulnerabilities/froxlor-xss.yaml by md

* Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/opencpu/opencpu-rce.yaml by md

* Enhancement: vulnerabilities/other/academy-lms-xss.yaml by md

* Enhancement: vulnerabilities/other/caucho-resin-info-disclosure.yaml by md

* Enhancement: vulnerabilities/other/ckan-dom-based-xss.yaml by md

* Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by md

* Enhancement: vulnerabilities/other/graylog-log4j.yaml by md

* Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md

* Initial cleanups for syntax errors

* dashboard gremlins

* Add log4j back to name

* Enhancement: exposures/files/salesforce-credentials.yaml by cs

* Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by cs

* Enhancement: network/backdoor/backdoored-zte.yaml by cs

* Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by cs

* Sev and other info tweaks

* Merge conflict

* Run dos2unix against all templates

* too many newlines error

* Fix too many blank lines error

* Fix severity mismatches
Cleanup language on a new test

---------

Co-authored-by: sullo <sullo@cirt.net>
patch-1
MostInterestingBotInTheWorld 2023-03-27 14:22:40 -04:00 committed by GitHub
parent d78bca2706
commit 186745475b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 1460 additions and 1462 deletions

View File

@ -5,7 +5,7 @@ info:
author: theamanrawat
severity: medium
description: |
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks.
The External Media without Import WordPress plugin through 1.1.2 does not have any authorization and does not ensure that media added via URLs are external media, which could allow any authenticated users (including subscriber) to perform blind SSRF attacks.
reference:
- https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
- https://wordpress.org/plugins/external-media-without-import/

View File

@ -3,7 +3,7 @@ id: kubeview-dashboard
info:
name: KubeView Dashboard - Detect
author: ja1sh
severity: low
severity: info
description: |
KubeView dashboard was detected.
classification:

View File

@ -1,27 +1,27 @@
id: carel-plantvisor-panel
info:
name: CAREL Pl@ntVisor Panel
author: Hardik-Solanki
severity: info
metadata:
shodan-query: title:"CAREL Pl@ntVisor"
tags: panels,scada,iot,carel
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'CAREL Pl@ntVisor'
- 'alt="CAREL'
condition: or
- type: status
status:
- 200
id: carel-plantvisor-panel
info:
name: CAREL Pl@ntVisor Panel
author: Hardik-Solanki
severity: info
metadata:
shodan-query: title:"CAREL Pl@ntVisor"
tags: panels,scada,iot,carel
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'CAREL Pl@ntVisor'
- 'alt="CAREL'
condition: or
- type: status
status:
- 200

View File

@ -1,28 +1,28 @@
id: raspberry-shake-config
info:
name: Raspberry Shake Config Detection
author: pussycat0x
severity: medium
description: |
The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software.
metadata:
verified: true
shodan-query: title:"Raspberry Shake Config"
tags: misconfig,unauth,iot,raspberry
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Raspberry Shake Config"
- type: status
status:
- 200
id: raspberry-shake-config
info:
name: Raspberry Shake Config Detection
author: pussycat0x
severity: medium
description: |
The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software.
metadata:
verified: true
shodan-query: title:"Raspberry Shake Config"
tags: misconfig,unauth,iot,raspberry
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Raspberry Shake Config"
- type: status
status:
- 200

View File

@ -1,36 +1,36 @@
id: sitemap-detect
info:
name: Sitemap Detection
author: houdinis
severity: info
description: |
A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them.
metadata:
verified: "true"
google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd
tags: misc,generic,sitemap
requests:
- method: GET
path:
- "{{BaseURL}}/sitemap.xml"
- "{{BaseURL}}/sitemap.xsl"
- "{{BaseURL}}/sitemap.xsd"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "sitemap>"
case-insensitive: true
- type: word
part: header
words:
- 'application/xml'
- type: status
status:
- 200
id: sitemap-detect
info:
name: Sitemap Detection
author: houdinis
severity: info
description: |
A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them.
metadata:
verified: "true"
google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd
tags: misc,generic,sitemap
requests:
- method: GET
path:
- "{{BaseURL}}/sitemap.xml"
- "{{BaseURL}}/sitemap.xsl"
- "{{BaseURL}}/sitemap.xsd"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "sitemap>"
case-insensitive: true
- type: word
part: header
words:
- 'application/xml'
- type: status
status:
- 200

View File

@ -1,30 +1,30 @@
id: unauth-kubecost
info:
name: KubeCost - Unauthenticated Dashboard Exposure
author: pussycat0x
severity: medium
reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
metadata:
verified: true
shodan-query: title:kubecost
tags: misconfig,exposure,unauth,kubecost
requests:
- method: GET
path:
- '{{BaseURL}}/overview.html'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Cluster Overview | Kubecost</title>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
id: unauth-kubecost
info:
name: KubeCost - Unauthenticated Dashboard Exposure
author: pussycat0x
severity: medium
reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
metadata:
verified: true
shodan-query: title:kubecost
tags: misconfig,exposure,unauth,kubecost
requests:
- method: GET
path:
- '{{BaseURL}}/overview.html'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Cluster Overview | Kubecost</title>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

View File

@ -1,31 +1,31 @@
id: activemq-openwire-transport-detect
info:
name: ActiveMQ OpenWire Transport Detection
author: pussycat0x
severity: info
description: |
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
metadata:
verified: true
shodan-query: 'product:"ActiveMQ OpenWire transport"'
tags: network,activemq
network:
- inputs:
- data: "VERSION"
host:
- "{{Hostname}}"
- "{{Host}}:61616"
matchers-condition: and
matchers:
- type: word
words:
- "ActiveMQ"
extractors:
- type: regex
regex:
- "ProviderVersion...([0-9.]+)"
id: activemq-openwire-transport-detect
info:
name: ActiveMQ OpenWire Transport Detection
author: pussycat0x
severity: info
description: |
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
metadata:
verified: true
shodan-query: 'product:"ActiveMQ OpenWire transport"'
tags: network,activemq
network:
- inputs:
- data: "VERSION"
host:
- "{{Hostname}}"
- "{{Host}}:61616"
matchers-condition: and
matchers:
- type: word
words:
- "ActiveMQ"
extractors:
- type: regex
regex:
- "ProviderVersion...([0-9.]+)"

View File

@ -1,27 +1,27 @@
id: apache-activemq-detect
info:
name: Apache ActiveMQ Detection
author: pussycat0x
severity: info
description: |
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
metadata:
verified: true
shodan-query: 'product:"Apache ActiveMQ"'
tags: network,activemq,oss
network:
- inputs:
- data: "HELP\n\n\u0000"
host:
- "{{Hostname}}"
- "{{Host}}:61613"
matchers-condition: and
matchers:
- type: word
words:
- "Unknown STOMP action"
- "norg.apache.activemq.transport.stomp"
id: apache-activemq-detect
info:
name: Apache ActiveMQ Detection
author: pussycat0x
severity: info
description: |
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
metadata:
verified: true
shodan-query: 'product:"Apache ActiveMQ"'
tags: network,activemq,oss
network:
- inputs:
- data: "HELP\n\n\u0000"
host:
- "{{Hostname}}"
- "{{Host}}:61613"
matchers-condition: and
matchers:
- type: word
words:
- "Unknown STOMP action"
- "norg.apache.activemq.transport.stomp"

View File

@ -1,29 +1,29 @@
id: clamav-detect
info:
name: ClamAV Server Detect
author: pussycat0x
severity: info
description: |
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
metadata:
verified: true
shodan-query: 'port:3310 product:"ClamAV"'
tags: network,clamav
network:
- inputs:
- data: "VERSION"
host:
- "{{Hostname}}"
- "{{Host}}:3310"
matchers:
- type: regex
regex:
- 'ClamAV ([0-9.]+)'
extractors:
- type: regex
regex:
- "ClamAV ([0-9.]+)"
id: clamav-detect
info:
name: ClamAV Server Detect
author: pussycat0x
severity: info
description: |
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
metadata:
verified: true
shodan-query: 'port:3310 product:"ClamAV"'
tags: network,clamav
network:
- inputs:
- data: "VERSION"
host:
- "{{Hostname}}"
- "{{Host}}:3310"
matchers:
- type: regex
regex:
- 'ClamAV ([0-9.]+)'
extractors:
- type: regex
regex:
- "ClamAV ([0-9.]+)"

View File

@ -1,37 +1,37 @@
id: cql-native-transport
info:
name: CQL Native Transport Detect
author: pussycat0x
severity: info
description: |
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
metadata:
verified: true
shodan-query: "cassandra"
tags: network,cassandra,cql
network:
- inputs:
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
host:
- "{{Hostname}}"
- "{{Host}}:9042"
matchers:
- type: word
words:
- "valid or unsupported protocol"
extractors:
- type: regex
regex:
- "protocol version: ([0-9]+)"
id: cql-native-transport
info:
name: CQL Native Transport Detect
author: pussycat0x
severity: info
description: |
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
metadata:
verified: true
shodan-query: "cassandra"
tags: network,cassandra,cql
network:
- inputs:
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
- data: "/n"
host:
- "{{Hostname}}"
- "{{Host}}:9042"
matchers:
- type: word
words:
- "valid or unsupported protocol"
extractors:
- type: regex
regex:
- "protocol version: ([0-9]+)"

View File

@ -1,30 +1,30 @@
id: esmtp-detect
info:
name: ESMTP Detection
author: pussycat0x
severity: info
description: |
ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages
reference:
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
metadata:
verified: true
shodan-query: 'ESMTP'
tags: network,detect,smtp,mail
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:25"
matchers-condition: and
matchers:
- type: word
words:
- "ESMTP Postfix"
- "220"
condition: and
id: esmtp-detect
info:
name: ESMTP Detection
author: pussycat0x
severity: info
description: |
ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages
reference:
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
metadata:
verified: true
shodan-query: 'ESMTP'
tags: network,detect,smtp,mail
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:25"
matchers-condition: and
matchers:
- type: word
words:
- "ESMTP Postfix"
- "220"
condition: and

View File

@ -1,29 +1,29 @@
id: gnu-inetutils-ftpd-detect
info:
name: GNU Inetutils FTPd Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"GNU Inetutils FTPd"'
tags: network,ftp,smartgateway,gnu,inetutils
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "SmartGateway FTP server"
extractors:
- type: regex
regex:
- "GNU inetutils ([0-9.]+)"
id: gnu-inetutils-ftpd-detect
info:
name: GNU Inetutils FTPd Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"GNU Inetutils FTPd"'
tags: network,ftp,smartgateway,gnu,inetutils
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "SmartGateway FTP server"
extractors:
- type: regex
regex:
- "GNU inetutils ([0-9.]+)"

View File

@ -1,28 +1,28 @@
id: imap-detect
info:
name: Imap Detection
author: pussycat0x
severity: info
description: |
IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them.
metadata:
verified: true
shodan-query: 'imap'
tags: network,detect,imap,mail
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:143"
matchers-condition: and
matchers:
- type: word
words:
- "OK "
- "IMAP4rev1"
condition: and
id: imap-detect
info:
name: Imap Detection
author: pussycat0x
severity: info
description: |
IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them.
metadata:
verified: true
shodan-query: 'imap'
tags: network,detect,imap,mail
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:143"
matchers-condition: and
matchers:
- type: word
words:
- "OK "
- "IMAP4rev1"
condition: and

View File

@ -1,25 +1,25 @@
id: microsoft-ftp-service
info:
name: Microsoft FTP Service Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: "Microsoft FTP Service"
tags: network,ftp,microsoft
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "Microsoft FTP Service"
id: microsoft-ftp-service
info:
name: Microsoft FTP Service Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: "Microsoft FTP Service"
tags: network,ftp,microsoft
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "Microsoft FTP Service"

View File

@ -1,30 +1,30 @@
id: mikrotik-ftp-server-detect
info:
name: MikroTik FTP server Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"MikroTik router ftpd"'
tags: network,ftp,mikrotik,router
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
part: body
words:
- "MikroTik FTP"
extractors:
- type: regex
regex:
- "MikroTik ([0-9.]+)"
id: mikrotik-ftp-server-detect
info:
name: MikroTik FTP server Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"MikroTik router ftpd"'
tags: network,ftp,mikrotik,router
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
part: body
words:
- "MikroTik FTP"
extractors:
- type: regex
regex:
- "MikroTik ([0-9.]+)"

View File

@ -1,29 +1,29 @@
id: proftpd-server-detect
info:
name: ProFTPD Server Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"ProFTPD"'
tags: network,ftp,proftpd
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "ProFTPD Server"
extractors:
- type: regex
regex:
- "ProFTPD ([0-9.a-z]+) Server"
id: proftpd-server-detect
info:
name: ProFTPD Server Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"ProFTPD"'
tags: network,ftp,proftpd
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
words:
- "ProFTPD Server"
extractors:
- type: regex
regex:
- "ProFTPD ([0-9.a-z]+) Server"

View File

@ -1,30 +1,30 @@
id: rabbitmq-detect
info:
name: RabbitMQ Detection
author: pussycat0x
severity: info
description: |
RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
reference:
- https://nmap.org/nsedoc/scripts/amqp-info.html
metadata:
verified: true
shodan-query: product:"RabbitMQ"
tags: network,rabbitmq,oss
network:
- inputs:
- data: "AMQP\u0000\u0000\t\u0001"
host:
- "{{Hostname}}"
- "{{Host}}:5672"
matchers-condition: and
matchers:
- type: word
words:
- "publisher_confirmst"
- "RabbitMQ"
condition: and
id: rabbitmq-detect
info:
name: RabbitMQ Detection
author: pussycat0x
severity: info
description: |
RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
reference:
- https://nmap.org/nsedoc/scripts/amqp-info.html
metadata:
verified: true
shodan-query: product:"RabbitMQ"
tags: network,rabbitmq,oss
network:
- inputs:
- data: "AMQP\u0000\u0000\t\u0001"
host:
- "{{Hostname}}"
- "{{Host}}:5672"
matchers-condition: and
matchers:
- type: word
words:
- "publisher_confirmst"
- "RabbitMQ"
condition: and

View File

@ -1,31 +1,31 @@
id: riak-detect
info:
name: Riak Detection
author: pussycat0x
severity: info
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
metadata:
verified: true
shodan-query: product:"Riak"
tags: network,oss
network:
- inputs:
- data: 0000000107
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:8087"
read-size: 2048
matchers:
- type: word
words:
- "riak"
extractors:
- type: regex
regex:
- "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))"
id: riak-detect
info:
name: Riak Detection
author: pussycat0x
severity: info
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
metadata:
verified: true
shodan-query: product:"Riak"
tags: network,oss
network:
- inputs:
- data: 0000000107
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:8087"
read-size: 2048
matchers:
- type: word
words:
- "riak"
extractors:
- type: regex
regex:
- "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))"

View File

@ -1,30 +1,30 @@
id: sshd-dropbear-detect
info:
name: Dropbear sshd Detection
author: pussycat0x
severity: info
description: |
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
metadata:
verified: true
shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:22"
matchers:
- type: word
words:
- "dropbear"
extractors:
- type: regex
regex:
- "SSH-([0-9.]+)-dropbear_([0-9.]+)"
id: sshd-dropbear-detect
info:
name: Dropbear sshd Detection
author: pussycat0x
severity: info
description: |
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
metadata:
verified: true
shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:22"
matchers:
- type: word
words:
- "dropbear"
extractors:
- type: regex
regex:
- "SSH-([0-9.]+)-dropbear_([0-9.]+)"

View File

@ -1,32 +1,32 @@
id: vmware-authentication-daemon
info:
name: VMware Authentication Daemon Detection
author: pussycat0x
severity: info
description: |
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
metadata:
verified: true
shodan-query: 'product:"VMware Authentication Daemon"'
tags: network,vmware,authenticated
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:902"
matchers:
- type: word
words:
- "ServerDaemonProtocol:SOAP"
- "MKSDisplayProtocol:VNC"
condition: and
extractors:
- type: regex
regex:
- "VMware Authentication Daemon Version ([0-9.]+)"
id: vmware-authentication-daemon
info:
name: VMware Authentication Daemon Detection
author: pussycat0x
severity: info
description: |
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
metadata:
verified: true
shodan-query: 'product:"VMware Authentication Daemon"'
tags: network,vmware,authenticated
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:902"
matchers:
- type: word
words:
- "ServerDaemonProtocol:SOAP"
- "MKSDisplayProtocol:VNC"
condition: and
extractors:
- type: regex
regex:
- "VMware Authentication Daemon Version ([0-9.]+)"

View File

@ -1,31 +1,31 @@
id: xlight-ftp-service-detect
info:
name: Xlight FTP Service Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"Xlight ftpd"'
tags: network,ftp,xlight
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
part: body
words:
- "Xlight FTP Server"
extractors:
- type: regex
regex:
- "Xlight FTP Server ([0-9.]+)"
id: xlight-ftp-service-detect
info:
name: Xlight FTP Service Detect
author: pussycat0x
severity: info
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
verified: true
shodan-query: 'product:"Xlight ftpd"'
tags: network,ftp,xlight
network:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
- "{{Host}}:21"
matchers:
- type: word
part: body
words:
- "Xlight FTP Server"
extractors:
- type: regex
regex:
- "Xlight FTP Server ([0-9.]+)"

File diff suppressed because it is too large Load Diff

View File

@ -1,28 +1,28 @@
id: xerox-workcentre-detect
info:
name: Xerox Workcentre Detect
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: title:"XEROX WORKCENTRE"
tags: tech,xerox,workcentre
requests:
- method: GET
path:
- "{{BaseURL}}/index.dhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "XEROX WORKCENTRE"
- "/header.php?tab=status"
condition: and
- type: status
status:
- 200
id: xerox-workcentre-detect
info:
name: Xerox Workcentre Detect
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: title:"XEROX WORKCENTRE"
tags: tech,xerox,workcentre
requests:
- method: GET
path:
- "{{BaseURL}}/index.dhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "XEROX WORKCENTRE"
- "/header.php?tab=status"
condition: and
- type: status
status:
- 200

View File

@ -34,4 +34,3 @@ requests:
- 'data":'
- 'ipAddress":'
condition: and

View File

@ -30,4 +30,3 @@ requests:
- "Authentication credentials were not provided."
condition: or
negative: true

View File

@ -8,8 +8,8 @@ info:
reference:
- https://docs.couchdb.org/en/stable/intro/security.html#authentication-database
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: couchdb