dos2unix conversions (#6969)
* Add description and enhance one where the UI failed to save properly. dos2unix on a template * Change cvedetails link to nvd * make severities match * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2017/CVE-2017-14524.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2019/CVE-2019-16759.yaml by md * Enhancement: cves/2021/CVE-2021-22986.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24347.yaml by md * Enhancement: cves/2021/CVE-2021-25003.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25298.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-28151.yaml by md * Enhancement: cves/2021/CVE-2021-30128.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0885.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-24816.yaml by md * Enhancement: cves/2022/CVE-2022-31499.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-34753.yaml by md * Enhancement: cves/2022/CVE-2022-39952.yaml by md * Enhancement: cves/2022/CVE-2022-4060.yaml by md * Enhancement: cves/2022/CVE-2022-44877.yaml by md * Enhancement: cves/2023/CVE-2023-0669.yaml by md * Enhancement: cves/2023/CVE-2023-26255.yaml by md * Enhancement: cves/2023/CVE-2023-26256.yaml by md * Enhancement: exposures/files/salesforce-credentials.yaml by md * Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by md * Enhancement: network/backdoor/backdoored-zte.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: technologies/oracle/oracle-atg-commerce.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-dbt.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-rce.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-xss.yaml by md * Enhancement: vulnerabilities/cisco/cisco-cloudcenter-suite-rce.yaml by md * Enhancement: vulnerabilities/froxlor-xss.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/opencpu/opencpu-rce.yaml by md * Enhancement: vulnerabilities/other/academy-lms-xss.yaml by md * Enhancement: vulnerabilities/other/caucho-resin-info-disclosure.yaml by md * Enhancement: vulnerabilities/other/ckan-dom-based-xss.yaml by md * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by md * Enhancement: vulnerabilities/other/graylog-log4j.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Initial cleanups for syntax errors * dashboard gremlins * Add log4j back to name * Enhancement: exposures/files/salesforce-credentials.yaml by cs * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by cs * Enhancement: network/backdoor/backdoored-zte.yaml by cs * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by cs * Sev and other info tweaks * Merge conflict * Run dos2unix against all templates * too many newlines error * Fix too many blank lines error * Fix severity mismatches Cleanup language on a new test --------- Co-authored-by: sullo <sullo@cirt.net>patch-1
parent
d78bca2706
commit
186745475b
|
@ -5,7 +5,7 @@ info:
|
|||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks.
|
||||
The External Media without Import WordPress plugin through 1.1.2 does not have any authorization and does not ensure that media added via URLs are external media, which could allow any authenticated users (including subscriber) to perform blind SSRF attacks.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
|
||||
- https://wordpress.org/plugins/external-media-without-import/
|
||||
|
|
|
@ -3,7 +3,7 @@ id: kubeview-dashboard
|
|||
info:
|
||||
name: KubeView Dashboard - Detect
|
||||
author: ja1sh
|
||||
severity: low
|
||||
severity: info
|
||||
description: |
|
||||
KubeView dashboard was detected.
|
||||
classification:
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
id: carel-plantvisor-panel
|
||||
|
||||
info:
|
||||
name: CAREL Pl@ntVisor Panel
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: title:"CAREL Pl@ntVisor"
|
||||
tags: panels,scada,iot,carel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'CAREL Pl@ntVisor'
|
||||
- 'alt="CAREL'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
id: carel-plantvisor-panel
|
||||
|
||||
info:
|
||||
name: CAREL Pl@ntVisor Panel
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: title:"CAREL Pl@ntVisor"
|
||||
tags: panels,scada,iot,carel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'CAREL Pl@ntVisor'
|
||||
- 'alt="CAREL'
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
id: raspberry-shake-config
|
||||
|
||||
info:
|
||||
name: Raspberry Shake Config Detection
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
description: |
|
||||
The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Raspberry Shake Config"
|
||||
tags: misconfig,unauth,iot,raspberry
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Raspberry Shake Config"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
id: raspberry-shake-config
|
||||
|
||||
info:
|
||||
name: Raspberry Shake Config Detection
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
description: |
|
||||
The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Raspberry Shake Config"
|
||||
tags: misconfig,unauth,iot,raspberry
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Raspberry Shake Config"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -1,36 +1,36 @@
|
|||
id: sitemap-detect
|
||||
|
||||
info:
|
||||
name: Sitemap Detection
|
||||
author: houdinis
|
||||
severity: info
|
||||
description: |
|
||||
A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them.
|
||||
metadata:
|
||||
verified: "true"
|
||||
google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd
|
||||
tags: misc,generic,sitemap
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/sitemap.xml"
|
||||
- "{{BaseURL}}/sitemap.xsl"
|
||||
- "{{BaseURL}}/sitemap.xsd"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "sitemap>"
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/xml'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
id: sitemap-detect
|
||||
|
||||
info:
|
||||
name: Sitemap Detection
|
||||
author: houdinis
|
||||
severity: info
|
||||
description: |
|
||||
A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them.
|
||||
metadata:
|
||||
verified: "true"
|
||||
google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd
|
||||
tags: misc,generic,sitemap
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/sitemap.xml"
|
||||
- "{{BaseURL}}/sitemap.xsl"
|
||||
- "{{BaseURL}}/sitemap.xsd"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "sitemap>"
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/xml'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
id: unauth-kubecost
|
||||
info:
|
||||
name: KubeCost - Unauthenticated Dashboard Exposure
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:kubecost
|
||||
tags: misconfig,exposure,unauth,kubecost
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/overview.html'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Cluster Overview | Kubecost</title>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
id: unauth-kubecost
|
||||
info:
|
||||
name: KubeCost - Unauthenticated Dashboard Exposure
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:kubecost
|
||||
tags: misconfig,exposure,unauth,kubecost
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/overview.html'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Cluster Overview | Kubecost</title>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -1,31 +1,31 @@
|
|||
id: activemq-openwire-transport-detect
|
||||
|
||||
info:
|
||||
name: ActiveMQ OpenWire Transport Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"ActiveMQ OpenWire transport"'
|
||||
tags: network,activemq
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "VERSION"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:61616"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ActiveMQ"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ProviderVersion...([0-9.]+)"
|
||||
id: activemq-openwire-transport-detect
|
||||
|
||||
info:
|
||||
name: ActiveMQ OpenWire Transport Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"ActiveMQ OpenWire transport"'
|
||||
tags: network,activemq
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "VERSION"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:61616"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ActiveMQ"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ProviderVersion...([0-9.]+)"
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
id: apache-activemq-detect
|
||||
|
||||
info:
|
||||
name: Apache ActiveMQ Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Apache ActiveMQ"'
|
||||
tags: network,activemq,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "HELP\n\n\u0000"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:61613"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Unknown STOMP action"
|
||||
- "norg.apache.activemq.transport.stomp"
|
||||
id: apache-activemq-detect
|
||||
|
||||
info:
|
||||
name: Apache ActiveMQ Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Apache ActiveMQ"'
|
||||
tags: network,activemq,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "HELP\n\n\u0000"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:61613"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Unknown STOMP action"
|
||||
- "norg.apache.activemq.transport.stomp"
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
id: clamav-detect
|
||||
|
||||
info:
|
||||
name: ClamAV Server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'port:3310 product:"ClamAV"'
|
||||
tags: network,clamav
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "VERSION"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:3310"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- 'ClamAV ([0-9.]+)'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ClamAV ([0-9.]+)"
|
||||
id: clamav-detect
|
||||
|
||||
info:
|
||||
name: ClamAV Server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'port:3310 product:"ClamAV"'
|
||||
tags: network,clamav
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "VERSION"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:3310"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- 'ClamAV ([0-9.]+)'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ClamAV ([0-9.]+)"
|
||||
|
|
|
@ -1,37 +1,37 @@
|
|||
id: cql-native-transport
|
||||
|
||||
info:
|
||||
name: CQL Native Transport Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: "cassandra"
|
||||
tags: network,cassandra,cql
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:9042"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "valid or unsupported protocol"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "protocol version: ([0-9]+)"
|
||||
id: cql-native-transport
|
||||
|
||||
info:
|
||||
name: CQL Native Transport Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: "cassandra"
|
||||
tags: network,cassandra,cql
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
- data: "/n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:9042"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "valid or unsupported protocol"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "protocol version: ([0-9]+)"
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
id: esmtp-detect
|
||||
|
||||
info:
|
||||
name: ESMTP Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages
|
||||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'ESMTP'
|
||||
tags: network,detect,smtp,mail
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:25"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ESMTP Postfix"
|
||||
- "220"
|
||||
condition: and
|
||||
id: esmtp-detect
|
||||
|
||||
info:
|
||||
name: ESMTP Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages
|
||||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'ESMTP'
|
||||
tags: network,detect,smtp,mail
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:25"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ESMTP Postfix"
|
||||
- "220"
|
||||
condition: and
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
id: gnu-inetutils-ftpd-detect
|
||||
|
||||
info:
|
||||
name: GNU Inetutils FTPd Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"GNU Inetutils FTPd"'
|
||||
tags: network,ftp,smartgateway,gnu,inetutils
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SmartGateway FTP server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "GNU inetutils ([0-9.]+)"
|
||||
id: gnu-inetutils-ftpd-detect
|
||||
|
||||
info:
|
||||
name: GNU Inetutils FTPd Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"GNU Inetutils FTPd"'
|
||||
tags: network,ftp,smartgateway,gnu,inetutils
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SmartGateway FTP server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "GNU inetutils ([0-9.]+)"
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
id: imap-detect
|
||||
|
||||
info:
|
||||
name: Imap Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'imap'
|
||||
tags: network,detect,imap,mail
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:143"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "OK "
|
||||
- "IMAP4rev1"
|
||||
condition: and
|
||||
id: imap-detect
|
||||
|
||||
info:
|
||||
name: Imap Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'imap'
|
||||
tags: network,detect,imap,mail
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:143"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "OK "
|
||||
- "IMAP4rev1"
|
||||
condition: and
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
id: microsoft-ftp-service
|
||||
|
||||
info:
|
||||
name: Microsoft FTP Service Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: "Microsoft FTP Service"
|
||||
tags: network,ftp,microsoft
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Microsoft FTP Service"
|
||||
id: microsoft-ftp-service
|
||||
|
||||
info:
|
||||
name: Microsoft FTP Service Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: "Microsoft FTP Service"
|
||||
tags: network,ftp,microsoft
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Microsoft FTP Service"
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
id: mikrotik-ftp-server-detect
|
||||
|
||||
info:
|
||||
name: MikroTik FTP server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"MikroTik router ftpd"'
|
||||
tags: network,ftp,mikrotik,router
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "MikroTik FTP"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "MikroTik ([0-9.]+)"
|
||||
id: mikrotik-ftp-server-detect
|
||||
|
||||
info:
|
||||
name: MikroTik FTP server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"MikroTik router ftpd"'
|
||||
tags: network,ftp,mikrotik,router
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "MikroTik FTP"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "MikroTik ([0-9.]+)"
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
id: proftpd-server-detect
|
||||
|
||||
info:
|
||||
name: ProFTPD Server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"ProFTPD"'
|
||||
tags: network,ftp,proftpd
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ProFTPD Server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ProFTPD ([0-9.a-z]+) Server"
|
||||
id: proftpd-server-detect
|
||||
|
||||
info:
|
||||
name: ProFTPD Server Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"ProFTPD"'
|
||||
tags: network,ftp,proftpd
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ProFTPD Server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "ProFTPD ([0-9.a-z]+) Server"
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
id: rabbitmq-detect
|
||||
|
||||
info:
|
||||
name: RabbitMQ Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
|
||||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/amqp-info.html
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: product:"RabbitMQ"
|
||||
tags: network,rabbitmq,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "AMQP\u0000\u0000\t\u0001"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:5672"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "publisher_confirmst"
|
||||
- "RabbitMQ"
|
||||
condition: and
|
||||
id: rabbitmq-detect
|
||||
|
||||
info:
|
||||
name: RabbitMQ Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
|
||||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/amqp-info.html
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: product:"RabbitMQ"
|
||||
tags: network,rabbitmq,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: "AMQP\u0000\u0000\t\u0001"
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:5672"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "publisher_confirmst"
|
||||
- "RabbitMQ"
|
||||
condition: and
|
||||
|
|
|
@ -1,31 +1,31 @@
|
|||
id: riak-detect
|
||||
|
||||
info:
|
||||
name: Riak Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: product:"Riak"
|
||||
tags: network,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: 0000000107
|
||||
type: hex
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:8087"
|
||||
|
||||
read-size: 2048
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "riak"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))"
|
||||
id: riak-detect
|
||||
|
||||
info:
|
||||
name: Riak Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: product:"Riak"
|
||||
tags: network,oss
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
- data: 0000000107
|
||||
type: hex
|
||||
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:8087"
|
||||
|
||||
read-size: 2048
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "riak"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))"
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
id: sshd-dropbear-detect
|
||||
|
||||
info:
|
||||
name: Dropbear sshd Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:22"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "dropbear"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "SSH-([0-9.]+)-dropbear_([0-9.]+)"
|
||||
id: sshd-dropbear-detect
|
||||
|
||||
info:
|
||||
name: Dropbear sshd Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:22"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "dropbear"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "SSH-([0-9.]+)-dropbear_([0-9.]+)"
|
||||
|
|
|
@ -1,32 +1,32 @@
|
|||
id: vmware-authentication-daemon
|
||||
|
||||
info:
|
||||
name: VMware Authentication Daemon Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"VMware Authentication Daemon"'
|
||||
tags: network,vmware,authenticated
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:902"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ServerDaemonProtocol:SOAP"
|
||||
- "MKSDisplayProtocol:VNC"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "VMware Authentication Daemon Version ([0-9.]+)"
|
||||
id: vmware-authentication-daemon
|
||||
|
||||
info:
|
||||
name: VMware Authentication Daemon Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"VMware Authentication Daemon"'
|
||||
tags: network,vmware,authenticated
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:902"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ServerDaemonProtocol:SOAP"
|
||||
- "MKSDisplayProtocol:VNC"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "VMware Authentication Daemon Version ([0-9.]+)"
|
||||
|
|
|
@ -1,31 +1,31 @@
|
|||
id: xlight-ftp-service-detect
|
||||
|
||||
info:
|
||||
name: Xlight FTP Service Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Xlight ftpd"'
|
||||
tags: network,ftp,xlight
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Xlight FTP Server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "Xlight FTP Server ([0-9.]+)"
|
||||
id: xlight-ftp-service-detect
|
||||
|
||||
info:
|
||||
name: Xlight FTP Service Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: 'product:"Xlight ftpd"'
|
||||
tags: network,ftp,xlight
|
||||
|
||||
network:
|
||||
|
||||
- inputs:
|
||||
- data: "\n"
|
||||
host:
|
||||
- "{{Hostname}}"
|
||||
- "{{Host}}:21"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Xlight FTP Server"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "Xlight FTP Server ([0-9.]+)"
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,28 +1,28 @@
|
|||
id: xerox-workcentre-detect
|
||||
|
||||
info:
|
||||
name: Xerox Workcentre Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"XEROX WORKCENTRE"
|
||||
tags: tech,xerox,workcentre
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.dhtml"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "XEROX WORKCENTRE"
|
||||
- "/header.php?tab=status"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
id: xerox-workcentre-detect
|
||||
|
||||
info:
|
||||
name: Xerox Workcentre Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"XEROX WORKCENTRE"
|
||||
tags: tech,xerox,workcentre
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.dhtml"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "XEROX WORKCENTRE"
|
||||
- "/header.php?tab=status"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -34,4 +34,3 @@ requests:
|
|||
- 'data":'
|
||||
- 'ipAddress":'
|
||||
condition: and
|
||||
|
||||
|
|
|
@ -30,4 +30,3 @@ requests:
|
|||
- "Authentication credentials were not provided."
|
||||
condition: or
|
||||
negative: true
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://docs.couchdb.org/en/stable/intro/security.html#authentication-database
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: couchdb
|
||||
|
||||
|
|
Loading…
Reference in New Issue