diff --git a/cves/2017/CVE-2017-12149.yaml b/cves/2017/CVE-2017-12149.yaml
index 8ead0e5c2a..36c664da7b 100755
--- a/cves/2017/CVE-2017-12149.yaml
+++ b/cves/2017/CVE-2017-12149.yaml
@@ -9,7 +9,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12149
- https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
- tags: cve,cve2017,java,rce,deserialization
+ tags: cve,cve2017,jboss,java,rce,deserialization
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml
index bb1e917308..479cb1a86a 100644
--- a/cves/2017/CVE-2017-9841.yaml
+++ b/cves/2017/CVE-2017-9841.yaml
@@ -1,7 +1,7 @@
id: CVE-2017-9841
info:
- name: CVE-2017-9841
+ name: PHPUnit < 4.8.28 and 5.x - 5.63 Arbitrary Code Execution
author: Random_Robbie,pikpikcu
severity: critical
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "Argo CD'
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/technologies/avantfax-detect.yaml b/exposed-panels/avantfax-panel.yaml
similarity index 72%
rename from technologies/avantfax-detect.yaml
rename to exposed-panels/avantfax-panel.yaml
index 93d6b9317d..e1db5ca430 100644
--- a/technologies/avantfax-detect.yaml
+++ b/exposed-panels/avantfax-panel.yaml
@@ -1,10 +1,12 @@
-id: avantfax-detect
+id: avantfax-panel
info:
- name: AvantFAX Detect
- author: pikpikcu
+ name: AvantFAX Login Panel
+ author: pikpikcu,daffainfo
severity: info
- tags: tech,avantfax
+ metadata:
+ shodan-query: http.title:"AvantFAX - Login"
+ tags: panel,avantfax
requests:
- method: GET
@@ -13,7 +15,6 @@ requests:
matchers-condition: and
matchers:
-
- type: word
part: body
words:
diff --git a/technologies/aviatrix-detect.yaml b/exposed-panels/aviatrix-panel.yaml
similarity index 74%
rename from technologies/aviatrix-detect.yaml
rename to exposed-panels/aviatrix-panel.yaml
index 64be83fd08..e8c89b1cca 100644
--- a/technologies/aviatrix-detect.yaml
+++ b/exposed-panels/aviatrix-panel.yaml
@@ -1,12 +1,12 @@
-id: aviatrix-detect
+id: aviatrix-panel
info:
- name: Aviatrix Detect
- author: pikpikcu,philippedelteil
+ name: Aviatrix Panel Login
+ author: pikpikcu,philippedelteil,daffainfo
severity: info
- tags: tech,aviatrix
metadata:
- shodan-query: http.title:"AviatrixController", http.title:"Aviatrix Cloud Controller"
+ shodan-query: http.title:"Aviatrix Cloud Controller"
+ tags: panel,aviatrix
requests:
- method: GET
diff --git a/technologies/bedita-detect.yaml b/exposed-panels/bedita-panel.yaml
similarity index 58%
rename from technologies/bedita-detect.yaml
rename to exposed-panels/bedita-panel.yaml
index fe6a5a8a6d..710176cdfe 100644
--- a/technologies/bedita-detect.yaml
+++ b/exposed-panels/bedita-panel.yaml
@@ -1,22 +1,29 @@
-id: bedita-detect
+id: bedita-panel
info:
- name: BEdita detect
- author: pikpikcu
+ name: BEdita Panel Login
+ author: pikpikcu,daffainfo
severity: info
- tags: tech,bedita
+ metadata:
+ shodan-query: http.title:"BEdita"
+ tags: panel,bedita
requests:
- method: GET
path:
- "{{BaseURL}}"
+ matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'BEdita(.*)
'
+ - type: status
+ status:
+ - 200
+
extractors:
- type: regex
part: body
diff --git a/technologies/bolt-cms-detect.yaml b/exposed-panels/bolt-cms-panel.yaml
similarity index 70%
rename from technologies/bolt-cms-detect.yaml
rename to exposed-panels/bolt-cms-panel.yaml
index f6b2118809..8f633e6e72 100644
--- a/technologies/bolt-cms-detect.yaml
+++ b/exposed-panels/bolt-cms-panel.yaml
@@ -1,19 +1,19 @@
-id: bolt-cms-detect
+id: bolt-cms-panel
info:
- name: bolt CMS detect
- author: cyllective
+ name: bolt CMS Login Panel
+ author: cyllective,daffainfo
severity: info
- description: Detects bolt CMS
- tags: tech,bolt,cms
- reference:
- - https://github.com/bolt/bolt
+ description: Bolt is a simple CMS written in PHP. It is based on Silex and Symfony components, uses Twig and either SQLite, MySQL or PostgreSQL.
+ reference: https://github.com/bolt/bolt
+ tags: panel,bolt,cms
requests:
- method: GET
path:
- "{{BaseURL}}/bolt/login"
+ matchers-condition: and
matchers:
- type: word
part: body
@@ -30,4 +30,8 @@ requests:
- ''
- 'Bolt requires JavaScript to function properly and continuing without it might corrupt or erase data.'
- 'Bolt ยป Login'
- - 'Cookies are required to log on to Bolt. Please allow cookies.'
\ No newline at end of file
+ - 'Cookies are required to log on to Bolt. Please allow cookies.'
+
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/technologies/bookstack-detect.yaml b/exposed-panels/bookstack-panel.yaml
similarity index 56%
rename from technologies/bookstack-detect.yaml
rename to exposed-panels/bookstack-panel.yaml
index 6dde7e550c..74acd0895b 100644
--- a/technologies/bookstack-detect.yaml
+++ b/exposed-panels/bookstack-panel.yaml
@@ -1,11 +1,13 @@
-id: bookstack-detect
+id: bookstack-panel
info:
- name: BookStack detect
- author: cyllective
+ name: BookStack Panel Login
+ author: cyllective,daffainfo
severity: info
- description: Detects BookStack
- tags: tech,bookstack
+ description: A platform to create documentation/wiki content built with PHP & Laravel
+ metadata:
+ shodan-query: http.title:"BookStack"
+ tags: panel,bookstack
reference: https://github.com/BookStackApp/BookStack
requests:
@@ -22,6 +24,15 @@ requests:
- 'BookStack'
- 'BookStack'
+ - type: word
+ part: header
+ words:
+ - 'Set-Cookie: bookstack_session'
+
+ - type: status
+ status:
+ - 200
+
extractors:
- type: regex
part: body
diff --git a/technologies/cacti-detect.yaml b/exposed-panels/cacti-panel.yaml
similarity index 65%
rename from technologies/cacti-detect.yaml
rename to exposed-panels/cacti-panel.yaml
index 10d928122a..2151db02e8 100644
--- a/technologies/cacti-detect.yaml
+++ b/exposed-panels/cacti-panel.yaml
@@ -1,7 +1,8 @@
-id: cacti-detect
+id: cacti-panel
+
info:
- name: Detect Cacti
- author: geeknik
+ name: Cacti Login Panel
+ author: geeknik,daffainfo
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
severity: info
tags: tech,cacti
@@ -12,15 +13,17 @@ requests:
- "{{BaseURL}}"
- "{{BaseURL}}/cacti/"
+ stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
+
- type: word
part: body
words:
- - "Login to Cacti"
+ - "Login to Cacti"
- "The Cacti Group"
condition: and
@@ -30,7 +33,8 @@ requests:
- Cacti+
extractors:
- - type: kval
- part: header
- kval:
- - Set_Cookie
+ - type: regex
+ part: body
+ group: 1
+ regex:
+ - "Version (.*) |"
diff --git a/exposed-panels/centreon-panel.yaml b/exposed-panels/centreon-panel.yaml
new file mode 100644
index 0000000000..bcc8753a76
--- /dev/null
+++ b/exposed-panels/centreon-panel.yaml
@@ -0,0 +1,34 @@
+id: centreon-panel
+
+info:
+ name: Centreon Login Panel
+ author: pikpikcu,daffainfo
+ severity: info
+ metadata:
+ shodan-query: http.title:"Centreon"
+ tags: panel,centreon
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/centreon/index.php"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ condition: or
+ words:
+ - '
Centreon - IT & Network Monitoring'
+ - 'Argo CD'
\ No newline at end of file
diff --git a/technologies/bigbluebutton-detect.yaml b/technologies/bigbluebutton-detect.yaml
index 594f9a4800..1f5dbaa579 100644
--- a/technologies/bigbluebutton-detect.yaml
+++ b/technologies/bigbluebutton-detect.yaml
@@ -4,6 +4,8 @@ info:
name: BigBlueButton Detect
author: pikpikcu
severity: info
+ metadata:
+ shodan-query: http.title:"BigBlueButton"
tags: tech,bigbluebutton
requests:
@@ -13,7 +15,6 @@ requests:
matchers-condition: and
matchers:
-
- type: word
part: body
words:
diff --git a/technologies/centreon-detect.yaml b/technologies/fortinet-detect.yaml
similarity index 52%
rename from technologies/centreon-detect.yaml
rename to technologies/fortinet-detect.yaml
index c3ca5df6a4..ad26de136e 100644
--- a/technologies/centreon-detect.yaml
+++ b/technologies/fortinet-detect.yaml
@@ -1,23 +1,22 @@
-id: centreon-detect
+id: fortinet-detect
info:
- name: Centreon Detect
- author: pikpikcu
+ name: Fortinet detected
+ author: pikpikcu,daffainfo
severity: info
- tags: tech,centreon
+ tags: tech,jboss
requests:
- method: GET
path:
- - "{{BaseURL}}/centreon/index.php"
+ - "{{BaseURL}}"
matchers-condition: and
matchers:
-
- type: word
part: body
words:
- - "Centreon - IT & Network Monitoring"
+ - 'FORTINET LOGIN'
- type: status
status:
diff --git a/technologies/jboss-detect.yaml b/technologies/jboss-detect.yaml
new file mode 100644
index 0000000000..ea29326cde
--- /dev/null
+++ b/technologies/jboss-detect.yaml
@@ -0,0 +1,21 @@
+id: jboss-detect
+
+info:
+ name: JBoss detected
+ author: daffainfo
+ severity: info
+ tags: tech,jboss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "Welcome to JBoss AS"
+ - "Welcome to JBoss Application Server"
+ - "JBoss EAP 7"
+ condition: or
diff --git a/technologies/tech-detect.yaml b/technologies/tech-detect.yaml
index 6f7b0a795f..f44a2ccc7c 100644
--- a/technologies/tech-detect.yaml
+++ b/technologies/tech-detect.yaml
@@ -1115,13 +1115,6 @@ requests:
condition: or
part: body
- - type: regex
- name: drupal-commerce
- regex:
- - <[^>]+(?:id="block[_-]commerce[_-]cart[_-]cart|class="commerce[_-]product[_-]field)
- condition: or
- part: body
-
- type: regex
name: sympa
regex:
@@ -2113,13 +2106,14 @@ requests:
- type: regex
name: drupal
+ part: all
regex:
- <(?:link|style)[^>]+"/sites/(?:default|all)/(?:themes|modules)/
+ - <[^>]+(?:id="block[_-]commerce[_-]cart[_-]cart|class="commerce[_-]product[_-]field)
- "X-Drupal"
- "x-drupal"
- "X-Generator: Drupal"
condition: or
- part: all
- type: regex
name: webxpay
diff --git a/workflows/drupal-workflow.yaml b/workflows/drupal-workflow.yaml
new file mode 100644
index 0000000000..5b685b08e3
--- /dev/null
+++ b/workflows/drupal-workflow.yaml
@@ -0,0 +1,13 @@
+id: drupal-workflow
+
+info:
+ name: Wordpress Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all drupal related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/tech-detect.yaml
+ matchers:
+ - name: drupal
+ subtemplates:
+ - tags: drupal
\ No newline at end of file
diff --git a/workflows/fortinet-workflow.yaml b/workflows/fortinet-workflow.yaml
new file mode 100644
index 0000000000..e85d8ef040
--- /dev/null
+++ b/workflows/fortinet-workflow.yaml
@@ -0,0 +1,11 @@
+id: fortiner-workflow
+
+info:
+ name: Fortinet Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all fortinet related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/fortinet-detect.yaml
+ subtemplates:
+ - tags: fortinet
\ No newline at end of file
diff --git a/workflows/jboss-workflow.yaml b/workflows/jboss-workflow.yaml
new file mode 100644
index 0000000000..7b5d911101
--- /dev/null
+++ b/workflows/jboss-workflow.yaml
@@ -0,0 +1,11 @@
+id: jboss-workflow
+
+info:
+ name: JBoss Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all JBoss related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/jboss-detect.yaml
+ subtemplates:
+ - tags: jboss
\ No newline at end of file
diff --git a/workflows/laravel-workflow.yaml b/workflows/laravel-workflow.yaml
new file mode 100644
index 0000000000..b573fc2015
--- /dev/null
+++ b/workflows/laravel-workflow.yaml
@@ -0,0 +1,13 @@
+id: laravel-workflow
+
+info:
+ name: Laravel Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all Laravel related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/tech-detect.yaml
+ matchers:
+ - name: laravel
+ subtemplates:
+ - tags: laravel
\ No newline at end of file
diff --git a/workflows/microsoft-exchange-workflow.yaml b/workflows/microsoft-exchange-workflow.yaml
new file mode 100644
index 0000000000..be85692fc6
--- /dev/null
+++ b/workflows/microsoft-exchange-workflow.yaml
@@ -0,0 +1,12 @@
+id: microsoft-exchange-workflow
+
+info:
+ name: Microsoft Exchange Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all Microsoft Exchange related nuclei templates on a given target.
+
+workflows:
+
+ - template: technologies/microsoft/microsoft-exchange-server-detect.yaml
+ subtemplates:
+ - tags: exchange
\ No newline at end of file
diff --git a/workflows/symfony-workflow.yaml b/workflows/symfony-workflow.yaml
new file mode 100644
index 0000000000..a8a5d7c69d
--- /dev/null
+++ b/workflows/symfony-workflow.yaml
@@ -0,0 +1,12 @@
+id: symfony-workflow
+info:
+ name: Symfony Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all Symfony related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/tech-detect.yaml
+ matchers:
+ - name: symfony
+ subtemplates:
+ - tags: symfony
\ No newline at end of file
diff --git a/workflows/yii-workflow.yaml b/workflows/yii-workflow.yaml
new file mode 100644
index 0000000000..664ec665ac
--- /dev/null
+++ b/workflows/yii-workflow.yaml
@@ -0,0 +1,13 @@
+id: yii-workflow
+
+info:
+ name: Yii Security Checks
+ author: daffainfo
+ description: A simple workflow that runs all Yii related nuclei templates on a given target.
+
+workflows:
+ - template: technologies/tech-detect.yaml
+ matchers:
+ - name: yii
+ subtemplates:
+ - tags: yii
\ No newline at end of file