Create stem-audio-table-private-keys.yaml

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-09 09:27:05 +09:00 · 2021-07-09 09:27:05 +09:00 · 2210cce2a8
parent 97656ae7a8
commit 2210cce2a8
1 changed files with 30 additions and 0 deletions
--- a/iot/stem-audio-table-private-keys.yaml
+++ b/iot/stem-audio-table-private-keys.yaml
@ -0,0 +1,30 @@
+id: stem-audio-table-private-keys
+
+info:
+  name: Detect Private Key on STEM Audio Table
+  author: gy741
+  severity: high
+  reference: https://blog.grimm-co.com/2021/06/the-walls-have-ears.html
+  tags: stem,config,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/privatekey.pem"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "BEGIN RSA PRIVATE KEY"
+        condition: or
+
+      - type: status
+        status:
+          - 200
+
+      - type: dsl
+        dsl:
+          - '!contains(body_2, "<html")'
+          - '!contains(body_2, "<HTML")'
+        condition: and