Merge pull request #10246 from niranc/adcs

Active Directory Certificate Services blind detection

http/exposures/files/adcs-certificate.yaml

@@ -0,0 +1,27 @@
+id: adcs-certificate
+
+info:
+  name: Certification Authority Web Enrollment (ADCS) - Detection
+  author: pastaga,defte
+  severity: info
+  description: |
+    Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page.
+  metadata:
+    verified: true
+    shodan-query: html:"/certenroll"
+  tags: ad,adcs,exposure,files
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/certenroll/"
+      - "{{BaseURL}}/CertEnroll/"
+
+    host-redirects: true
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(body, ".crl") || contains(body, ".crt")
+          - contains(body, "CertEnroll") || contains(body, "certenroll")
+          - status_code == 200
+        condition: and