From 4446b0e219be864c3cc10fc29cb38578af962277 Mon Sep 17 00:00:00 2001
From: isikabdullah44 <108897267+isikabdullah44@users.noreply.github.com>
Date: Wed, 22 May 2024 21:05:24 +0000
Subject: [PATCH 1/2] adds template to detect bitvise service

---
 network/detection/bitvise-detect.yaml | 35 +++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 network/detection/bitvise-detect.yaml

diff --git a/network/detection/bitvise-detect.yaml b/network/detection/bitvise-detect.yaml
new file mode 100644
index 0000000000..59125af37c
--- /dev/null
+++ b/network/detection/bitvise-detect.yaml
@@ -0,0 +1,35 @@
+id: bitvise-detect
+
+info:
+  name: Bitvise Service - Detect
+  author: abdullahisik
+  severity: info
+  description: |
+    Bitvise service was detected.
+  reference:
+    - https://www.bitvise.com/
+    - https://vulners.com/openvas/OPENVAS:1361412562310813387
+ 
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cwe-id: CWE-200
+    cpe: cpe:/a:bitvise:winsshd
+  metadata:
+    shodan-query: product:"bitvise"
+    max-request: 1
+  tags: seclists,network,ssh,bitvise,detect
+
+tcp:
+  - host:
+      - "{{Hostname}}"
+    port: 22
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?i)Bitvise'
+
+    extractors:
+      - type: regex
+        regex:
+          - "SSH-([0-9.]+)-([0-9.]+) .*"

From 52f56115b1491c8585868df564f0626436aa923e Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Sat, 1 Jun 2024 23:53:49 +0530
Subject: [PATCH 2/2] minor - update

---
 .../{bitvise-detect.yaml => bitvise-ssh-detect.yaml}     | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
 rename network/detection/{bitvise-detect.yaml => bitvise-ssh-detect.yaml} (76%)

diff --git a/network/detection/bitvise-detect.yaml b/network/detection/bitvise-ssh-detect.yaml
similarity index 76%
rename from network/detection/bitvise-detect.yaml
rename to network/detection/bitvise-ssh-detect.yaml
index 59125af37c..7ea2c93b37 100644
--- a/network/detection/bitvise-detect.yaml
+++ b/network/detection/bitvise-ssh-detect.yaml
@@ -1,15 +1,14 @@
 id: bitvise-detect
 
 info:
-  name: Bitvise Service - Detect
+  name: SSH Bitvise Service - Detect
   author: abdullahisik
   severity: info
   description: |
-    Bitvise service was detected.
+    Bitvise SSH service was detected.
   reference:
     - https://www.bitvise.com/
     - https://vulners.com/openvas/OPENVAS:1361412562310813387
- 
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cwe-id: CWE-200
@@ -17,7 +16,7 @@ info:
   metadata:
     shodan-query: product:"bitvise"
     max-request: 1
-  tags: seclists,network,ssh,bitvise,detect
+  tags: network,ssh,bitvise,detect
 
 tcp:
   - host:
@@ -32,4 +31,4 @@ tcp:
     extractors:
       - type: regex
         regex:
-          - "SSH-([0-9.]+)-([0-9.]+) .*"
+          - "SSH([-0-9.]+) FlowSsh: Bitvise ([A-Z a-z()]+) ([0-9.]+)"
\ No newline at end of file