From 1a0b749249d78ba66a2c3c16d2f0b725c0870811 Mon Sep 17 00:00:00 2001
From: nullfuzz <nullfuzz@duck.com>
Date: Sat, 12 Aug 2023 23:42:57 -0300
Subject: [PATCH] Added geth-server-detect template

---
 http/technologies/geth-server-detect.yaml | 40 +++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 http/technologies/geth-server-detect.yaml

diff --git a/http/technologies/geth-server-detect.yaml b/http/technologies/geth-server-detect.yaml
new file mode 100644
index 0000000000..fac317d022
--- /dev/null
+++ b/http/technologies/geth-server-detect.yaml
@@ -0,0 +1,40 @@
+id: geth-server
+
+info:
+  name: Go-ethereum JSON-RPC HTTP Server Detect
+  author: Nullfuzz
+  severity: info
+  description: |
+     Go-ethereum (aka Geth) is an Ethereum client built in Go. Geth runs a JSON-RPC HTTP server on port 8545/TCP
+  reference:
+    - https://geth.ethereum.org/docs
+    - https://github.com/ethereum/go-ethereum
+  metadata:
+    max-request: 1
+    shodan-query: product:"Geth"
+  tags: tech,geth,ethereum,web3,blockchain
+
+http:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+        Content-Length: 66
+
+        {"method":"web3_clientVersion","params":[],"id":1,"jsonrpc":"2.0"}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains(header, "application/json")'
+          - 'contains(body, "Geth")'
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '(v[0-9a-z-_.]+)'
\ No newline at end of file