diff --git a/default-logins/alibaba/canal-default-login.yaml b/default-logins/alibaba/canal-default-login.yaml index a4c4a1b801..7d2892ee31 100644 --- a/default-logins/alibaba/canal-default-login.yaml +++ b/default-logins/alibaba/canal-default-login.yaml @@ -3,8 +3,16 @@ id: canal-default-login info: name: Alibaba Canal Default Login author: pdteam + description: An Alibaba Canal default login was discovered. severity: high tags: alibaba,default-login + reference: + - https://github.com/alibaba/canal/wiki/ClientAdapter + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -33,3 +41,5 @@ requests: words: - 'data":{"token"' - '"code":20000' + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/alphaweb/alphaweb-default-login.yaml b/default-logins/alphaweb/alphaweb-default-login.yaml index 6532087439..459227780c 100644 --- a/default-logins/alphaweb/alphaweb-default-login.yaml +++ b/default-logins/alphaweb/alphaweb-default-login.yaml @@ -4,8 +4,15 @@ info: name: AlphaWeb XE Default Login author: Lark Lab severity: medium + description: An AlphaWeb XE default login was discovered. tags: default-login - reference: https://wiki.zenitel.com/wiki/AlphaWeb + reference: + - https://wiki.zenitel.com/wiki/AlphaWeb + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N + cvss-score: 5.8 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -32,4 +39,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/ambari/ambari-default-login.yaml b/default-logins/ambari/ambari-default-login.yaml index e251839b56..3ebcf4c474 100644 --- a/default-logins/ambari/ambari-default-login.yaml +++ b/default-logins/ambari/ambari-default-login.yaml @@ -3,8 +3,16 @@ id: ambari-default-login info: name: Apache Ambari Default Login author: pdteam - severity: medium + description: An Apache Ambari default admin login was discovered. + severity: high tags: ambari,default-login,apache + reference: + - https://ambari.apache.org/1.2.0/installing-hadoop-using-ambari/content/ambari-chap3-1.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -24,3 +32,5 @@ requests: - '"Users" : {' - 'AMBARI.' condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apache/airflow-default-login.yaml b/default-logins/apache/airflow-default-login.yaml index 0e15190cd6..30411f2786 100644 --- a/default-logins/apache/airflow-default-login.yaml +++ b/default-logins/apache/airflow-default-login.yaml @@ -3,11 +3,18 @@ id: airflow-default-login info: name: Apache Airflow Default Login author: pdteam - severity: critical + severity: high tags: airflow,default-login,apache - reference: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html + description: An Apache Airflow default login was discovered. + reference: + - https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html metadata: shodan-query: title:"Sign In - Airflow" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -54,3 +61,5 @@ requests: - type: word words: - 'You should be redirected automatically to target URL: ' + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apache/apisix-default-login.yaml b/default-logins/apache/apisix-default-login.yaml index e3e9553a9a..926c485277 100644 --- a/default-logins/apache/apisix-default-login.yaml +++ b/default-logins/apache/apisix-default-login.yaml @@ -1,14 +1,22 @@ id: apisix-default-login info: - name: Apache Apisix Default Login + name: Apache Apisix Default Admin Login author: pdteam - severity: critical + severity: high tags: apisix,apache,default-login + description: An Apache Apisix default admin login was discovered. metadata: shodan-query: title:"Apache APISIX Dashboard" fofa-query: title="Apache APISIX Dashboard" product: https://apisix.apache.org + reference: + - https://apisix.apache.org/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -39,4 +47,6 @@ requests: - '"data"' - '"token"' - '"code":0' - condition: and \ No newline at end of file + condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/apollo/apollo-default-login.yaml b/default-logins/apollo/apollo-default-login.yaml index 285bc75250..820ce3f661 100644 --- a/default-logins/apollo/apollo-default-login.yaml +++ b/default-logins/apollo/apollo-default-login.yaml @@ -4,10 +4,17 @@ info: name: Apollo Default Login author: PaperPen severity: high + description: An Apollo default login was discovered. metadata: shodan-query: http.favicon.hash:11794165 - reference: https://github.com/apolloconfig/apollo + reference: + - https://github.com/apolloconfig/apollo tags: apollo,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -47,3 +54,5 @@ requests: - "status_code_1 == 302 && status_code_2 == 200" - "contains(tolower(all_headers_2), 'application/json')" condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/arl/arl-default-login.yaml b/default-logins/arl/arl-default-login.yaml index a7c16e40a9..9c0ac754fe 100644 --- a/default-logins/arl/arl-default-login.yaml +++ b/default-logins/arl/arl-default-login.yaml @@ -1,10 +1,16 @@ id: arl-default-login info: - name: ARL Default Login + name: ARL Default Admin Login author: pikpikcu + description: An ARL default admin login was discovered. severity: high tags: arl,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -35,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/digitalrebar/digitalrebar-default-login.yaml b/default-logins/digitalrebar/digitalrebar-default-login.yaml index f4b5228acc..edbd669ad2 100644 --- a/default-logins/digitalrebar/digitalrebar-default-login.yaml +++ b/default-logins/digitalrebar/digitalrebar-default-login.yaml @@ -1,11 +1,19 @@ id: digitalrebar-default-login info: - name: RackN Digital Rebar provision default login + name: RackN Digital Rebar Default Login author: c-sh0 severity: high - reference: https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords + description: A RackN Digital Rebar default login was discovered. + reference: + - https://docs.rackn.io/en/latest/doc/faq-troubleshooting.html?#what-are-the-default-passwords + - https://rackn.com/ tags: rackn,digitalrebar,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -38,3 +46,5 @@ requests: - 'Name' - 'Secret' condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/mantisbt/mantisbt-default-credential.yaml b/default-logins/mantisbt/mantisbt-default-credential.yaml index dfd4987666..f83a08252f 100644 --- a/default-logins/mantisbt/mantisbt-default-credential.yaml +++ b/default-logins/mantisbt/mantisbt-default-credential.yaml @@ -1,12 +1,20 @@ id: mantisbt-default-credential info: - name: MantisBT Default Credential + name: MantisBT Default Admin Login author: For3stCo1d severity: high + description: A MantisBT default admin login was discovered. + reference: + - https://mantisbt.org/ metadata: shodan-query: title:"MantisBT" tags: mantisbt,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -34,4 +42,6 @@ requests: - type: status status: - - 302 \ No newline at end of file + - 302 + +# Enhanced by mp on 2022/03/22 diff --git a/default-logins/stackstorm/stackstorm-default-login.yaml b/default-logins/stackstorm/stackstorm-default-login.yaml index e27c21aad5..13c6a1b5d9 100644 --- a/default-logins/stackstorm/stackstorm-default-login.yaml +++ b/default-logins/stackstorm/stackstorm-default-login.yaml @@ -4,10 +4,17 @@ info: name: StackStorm Default Login author: PaperPen severity: high + description: A StackStorm default admin login was discovered. metadata: fofa-query: app="stackstorm" - reference: https://github.com/StackStorm/st2-docker + reference: + - https://github.com/StackStorm/st2-docker tags: stackstorm,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 requests: - raw: @@ -35,4 +42,6 @@ requests: - type: status status: - - 201 \ No newline at end of file + - 201 + +# Enhanced by mp on 2022/03/22 diff --git a/dns/caa-fingerprint.yaml b/dns/caa-fingerprint.yaml index 192f355a03..61d140a973 100644 --- a/dns/caa-fingerprint.yaml +++ b/dns/caa-fingerprint.yaml @@ -1,11 +1,18 @@ id: caa-fingerprint info: - name: CAA Fingerprint + name: CAA Record author: pdteam + description: A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain. severity: info - reference: https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record + reference: + - https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record tags: dns,caa + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 dns: - name: "{{FQDN}}" @@ -22,4 +29,6 @@ dns: regex: - 'issue "(.*)"' - 'issuewild "(.*)"' - - 'iodef "(.*)"' \ No newline at end of file + - 'iodef "(.*)"' + +# Enhanced by mp on 2022/03/22 diff --git a/exposed-panels/active-admin-exposure.yaml b/exposed-panels/active-admin-exposure.yaml index f4bdf291e6..48d7326c31 100644 --- a/exposed-panels/active-admin-exposure.yaml +++ b/exposed-panels/active-admin-exposure.yaml @@ -4,7 +4,15 @@ info: name: ActiveAdmin Admin Dasboard Exposure author: pdteam severity: info + description: An ActiveAdmin Admin dashboard was discovered. tags: panel,activeadmin + reference: + - https://activeadmin.info/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 requests: - method: GET @@ -16,3 +24,5 @@ requests: - "active_admin_content" - "active_admin-" condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/exposed-panels/activemq-panel.yaml b/exposed-panels/activemq-panel.yaml index a269d2dfe1..52daaf3deb 100644 --- a/exposed-panels/activemq-panel.yaml +++ b/exposed-panels/activemq-panel.yaml @@ -4,7 +4,15 @@ info: name: Apache ActiveMQ Exposure author: pdteam severity: info + description: An Apache ActiveMQ implementation was discovered. + reference: + - https://activemq.apache.org/ tags: panel,activemq,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 requests: - method: GET @@ -17,3 +25,5 @@ requests: - '

Welcome to the Apache ActiveMQ!

' - 'Apache ActiveMQ' condition: and + +# Enhanced by mp on 2022/03/22