Merge pull request #10246 from niranc/adcs

Active Directory Certificate Services blind detection
2024-07-17 16:25:46 +05:30 · 2024-07-17 16:25:46 +05:30 · 2ed6b437eb
parent 011f171678 211cbab5bb
commit 2ed6b437eb
1 changed files with 27 additions and 0 deletions
--- a/http/exposures/files/adcs-certificate.yaml
+++ b/http/exposures/files/adcs-certificate.yaml
@ -0,0 +1,27 @@
+id: adcs-certificate
+
+info:
+  name: Certification Authority Web Enrollment (ADCS) - Detection
+  author: pastaga,defte
+  severity: info
+  description: |
+    Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page.
+  metadata:
+    verified: true
+    shodan-query: html:"/certenroll"
+  tags: ad,adcs,exposure,files
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/certenroll/"
+      - "{{BaseURL}}/CertEnroll/"
+
+    host-redirects: true
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(body, ".crl") || contains(body, ".crt")
+          - contains(body, "CertEnroll") || contains(body, "certenroll")
+          - status_code == 200
+        condition: and