From 50c60f8be079f485d60f9563afdbf277d2ea16e9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 26 Jan 2023 22:24:47 +0530 Subject: [PATCH] fixed-entire-template changed - matcher, added correct shodan query , changed severity --- misconfiguration/syncthing-dashboard.yaml | 32 +++++++++++++++++++++++ technologies/syncthing-detect.yaml | 26 ------------------ 2 files changed, 32 insertions(+), 26 deletions(-) create mode 100644 misconfiguration/syncthing-dashboard.yaml delete mode 100644 technologies/syncthing-detect.yaml diff --git a/misconfiguration/syncthing-dashboard.yaml b/misconfiguration/syncthing-dashboard.yaml new file mode 100644 index 0000000000..4e27b05327 --- /dev/null +++ b/misconfiguration/syncthing-dashboard.yaml @@ -0,0 +1,32 @@ +id: syncthing-dashboard + +info: + name: Syncthing Dashboard Exposure + author: fabaff + severity: medium + reference: + - https://syncthing.net/ + metadata: + verified: "true" + shodan-query: html:"Syncthing" + tags: misconfig,syncthing,exposure + +requests: + - method: GET + path: + - '{{BaseURL}}' + + host-redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'The Syncthing Authors.' + - 'Actions' + condition: and + + - type: status + status: + - 200 diff --git a/technologies/syncthing-detect.yaml b/technologies/syncthing-detect.yaml deleted file mode 100644 index 26a6535c78..0000000000 --- a/technologies/syncthing-detect.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: syncthing-detect - -info: - name: Syncthing Detect - author: fabaff - severity: info - reference: - - https://syncthing.net/ - metadata: - verified: true - shodan-query: title:"Syncthing" - tags: panel,syncthing,synchronisation - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers: - - type: word - part: body - words: - - 'The Syncthing Authors.' - - 'ng-app="syncthing"' - condition: and - case-insensitive: true