From 58e853ec7cba535f89f7e70ed02aca0c8e797dae Mon Sep 17 00:00:00 2001
From: idealphase <mynameisphase@gmail.com>
Date: Thu, 31 Mar 2022 17:57:31 +0700
Subject: [PATCH] Added 3cx-phone-management-panel.yaml

Added 3cx-phone-management-panel.yaml and 3cx-phone-webclient-management-panel.yaml
---
 .../3cx-phone-management-panel.yaml           | 25 ++++++++++++++++++
 .../3cx-phone-webclient-management-panel.yaml | 26 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 exposed-panels/3cx-phone-management-panel.yaml
 create mode 100644 exposed-panels/3cx-phone-webclient-management-panel.yaml

diff --git a/exposed-panels/3cx-phone-management-panel.yaml b/exposed-panels/3cx-phone-management-panel.yaml
new file mode 100644
index 0000000000..dadf577050
--- /dev/null
+++ b/exposed-panels/3cx-phone-management-panel.yaml
@@ -0,0 +1,25 @@
+id: 3cx-phone-management-panel
+
+info:
+  name: 3CX Phone System Management Console Detect
+  author: idealphase
+  severity: info
+  reference:
+    - https://www.3cx.com/
+    - https://www.3cx.com/phone-system/
+    - https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
+  metadata:
+    shodan-query: http.title:"3CX Phone System Management Console"
+    google-query: intitle:"3CX Phone System Management Console"
+  tags: panel,3cx
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "<title>3CX Phone System Management Console</title>"
+          - "Welcome to the 3CX Management Console"
diff --git a/exposed-panels/3cx-phone-webclient-management-panel.yaml b/exposed-panels/3cx-phone-webclient-management-panel.yaml
new file mode 100644
index 0000000000..165d8db6c1
--- /dev/null
+++ b/exposed-panels/3cx-phone-webclient-management-panel.yaml
@@ -0,0 +1,26 @@
+id: 3cx-phone-webclient-management-panel
+
+info:
+  name: 3CX Phone System Webclient Management Console Detect
+  author: idealphase
+  severity: info
+  reference:
+    - https://www.3cx.com/
+    - https://www.3cx.com/phone-system/
+    - https://www.3cx.com/blog/unified-communications/client-apps/
+    - https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
+  metadata:
+    shodan-query: http.title:"3CX Webclient"
+    google-query: intitle:"3CX Webclient"
+  tags: panel,3cx
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/webclient/'
+
+    matchers:
+      - type: word
+        words:
+          - " <title>3CX Webclient</title>"
+          - '<meta name="description" content="3CX">'