Merge pull request #9812 from projectdiscovery/pussycat0x-patch-6

Create checkpoint-firewall-enum.yaml
2024-05-15 11:51:40 +05:30 · 2024-05-15 11:51:40 +05:30 · 3d3113da6a
parent ab4cbabbb9 a26347219b
commit 3d3113da6a
1 changed files with 37 additions and 0 deletions
--- a/javascript/enumeration/checkpoint-firewall-enum.yaml
+++ b/javascript/enumeration/checkpoint-firewall-enum.yaml
@ -0,0 +1,37 @@
+id: checkpoint-firewall-enum
+
+info:
+  name: Check Point Firewall - Detect
+  author: pussycat0x
+  severity: info
+  reference:
+    - https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/checkpoint_hostname.rb
+  metadata:
+    verfied: true
+    shodan-query: product:"Check Point Firewall"
+  tags: js,network,firewall,checkpoint,enum
+
+javascript:
+  - code: |
+      let packet = bytes.NewBuffer();
+      let prob = "\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00"
+      data = packet.Write(prob)
+      const c = require("nuclei/net");
+      let conn = c.Open('tcp', `${Host}:${Port}`);
+      conn.Send(data);
+      let resp = conn.RecvFullString();
+      let regex = /CN=(.+),O=(.+?)\./i;
+      let match = resp.match(regex);
+      let fw_hostname = match[1];
+      let sc_hostname = match[2];
+      let result = (`Firewall Host: ${fw_hostname}, SmartCenter Host: ${sc_hostname}`);
+      result
+
+    args:
+      Host: "{{Host}}"
+      Port: 264
+
+    extractors:
+      - type: dsl
+        dsl:
+          - response