Merge pull request #5538 from pussycat0x/master

Microsoft FTP Service Detection

network/detection/cql-native-transport.yaml

@@ -0,0 +1,37 @@
+id: cql-native-transport
+
+info:
+  name: CQL Native Transport Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
+  metadata:
+    verified: true
+    shodan-query: "cassandra"
+  tags: network,cassandra,cql
+
+network:
+  - inputs:
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+      - data: "/n"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:9042"
+
+    matchers:
+      - type: word
+        words:
+          - "valid or unsupported protocol"
+
+    extractors:
+      - type: regex
+        regex:
+          - "protocol version: ([0-9]+)"

network/detection/microsoft-ftp-service.yaml

@@ -0,0 +1,25 @@
+id: microsoft-ftp-service
+
+info:
+  name: Microsoft FTP Service Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
+  metadata:
+    verified: true
+    shodan-query: "Microsoft FTP Service"
+  tags: network,ftp,microsoft
+
+network:
+
+  - inputs:
+      - data: "\n"
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:21"
+
+    matchers:
+      - type: word
+        words:
+          - "Microsoft FTP Service"