From 5c800a4ef7e253ec252e24ec4118b9f4c2da6d92 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 27 Dec 2021 12:01:53 +0700 Subject: [PATCH] Seperate technologies and exposed-panels templates (#3424) * Edit magmi workflow * Add some workflow template + edit some template * Changing some templates * minor update * workflow matcher fixes * tech update Co-authored-by: sandeep --- cves/2017/CVE-2017-12149.yaml | 2 +- cves/2017/CVE-2017-9841.yaml | 2 +- exposed-panels/acemanager-login.yaml | 2 +- exposed-panels/argocd-login.yaml | 26 ++++++++++++++ .../avantfax-panel.yaml | 11 +++--- .../aviatrix-panel.yaml | 10 +++--- .../bedita-panel.yaml | 15 +++++--- .../bolt-cms-panel.yaml | 20 ++++++----- .../bookstack-panel.yaml | 21 +++++++++--- .../cacti-panel.yaml | 20 ++++++----- exposed-panels/centreon-panel.yaml | 34 +++++++++++++++++++ .../{ => cisco}/cisco-asa-panel.yaml | 0 .../{ => cisco}/cisco-finesse-login.yaml | 0 .../{ => cisco}/cisco-integrated-login.yaml | 0 .../{ => cisco}/cisco-meraki-exposure.yaml | 0 exposed-panels/{ => cisco}/cisco-sd-wan.yaml | 0 .../{ => cisco}/cisco-secure-desktop.yaml | 0 .../{ => cisco}/cisco-sendgrid.yaml | 0 exposures/logs/jboss-seam-debug-page.yaml | 2 +- technologies/argocd-detect.yaml | 19 ----------- technologies/bigbluebutton-detect.yaml | 3 +- ...treon-detect.yaml => fortinet-detect.yaml} | 13 ++++--- technologies/jboss-detect.yaml | 21 ++++++++++++ technologies/tech-detect.yaml | 10 ++---- workflows/drupal-workflow.yaml | 13 +++++++ workflows/fortinet-workflow.yaml | 11 ++++++ workflows/jboss-workflow.yaml | 11 ++++++ workflows/laravel-workflow.yaml | 13 +++++++ workflows/microsoft-exchange-workflow.yaml | 12 +++++++ workflows/symfony-workflow.yaml | 12 +++++++ workflows/yii-workflow.yaml | 13 +++++++ 31 files changed, 242 insertions(+), 74 deletions(-) create mode 100644 exposed-panels/argocd-login.yaml rename technologies/avantfax-detect.yaml => exposed-panels/avantfax-panel.yaml (72%) rename technologies/aviatrix-detect.yaml => exposed-panels/aviatrix-panel.yaml (74%) rename technologies/bedita-detect.yaml => exposed-panels/bedita-panel.yaml (58%) rename technologies/bolt-cms-detect.yaml => exposed-panels/bolt-cms-panel.yaml (70%) rename technologies/bookstack-detect.yaml => exposed-panels/bookstack-panel.yaml (56%) rename technologies/cacti-detect.yaml => exposed-panels/cacti-panel.yaml (65%) create mode 100644 exposed-panels/centreon-panel.yaml rename exposed-panels/{ => cisco}/cisco-asa-panel.yaml (100%) rename exposed-panels/{ => cisco}/cisco-finesse-login.yaml (100%) rename exposed-panels/{ => cisco}/cisco-integrated-login.yaml (100%) rename exposed-panels/{ => cisco}/cisco-meraki-exposure.yaml (100%) rename exposed-panels/{ => cisco}/cisco-sd-wan.yaml (100%) rename exposed-panels/{ => cisco}/cisco-secure-desktop.yaml (100%) rename exposed-panels/{ => cisco}/cisco-sendgrid.yaml (100%) delete mode 100644 technologies/argocd-detect.yaml rename technologies/{centreon-detect.yaml => fortinet-detect.yaml} (52%) create mode 100644 technologies/jboss-detect.yaml create mode 100644 workflows/drupal-workflow.yaml create mode 100644 workflows/fortinet-workflow.yaml create mode 100644 workflows/jboss-workflow.yaml create mode 100644 workflows/laravel-workflow.yaml create mode 100644 workflows/microsoft-exchange-workflow.yaml create mode 100644 workflows/symfony-workflow.yaml create mode 100644 workflows/yii-workflow.yaml diff --git a/cves/2017/CVE-2017-12149.yaml b/cves/2017/CVE-2017-12149.yaml index 8ead0e5c2a..36c664da7b 100755 --- a/cves/2017/CVE-2017-12149.yaml +++ b/cves/2017/CVE-2017-12149.yaml @@ -9,7 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12149 - https://chowdera.com/2020/12/20201229190934023w.html - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149 - tags: cve,cve2017,java,rce,deserialization + tags: cve,cve2017,jboss,java,rce,deserialization classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml index bb1e917308..479cb1a86a 100644 --- a/cves/2017/CVE-2017-9841.yaml +++ b/cves/2017/CVE-2017-9841.yaml @@ -1,7 +1,7 @@ id: CVE-2017-9841 info: - name: CVE-2017-9841 + name: PHPUnit < 4.8.28 and 5.x - 5.63 Arbitrary Code Execution author: Random_Robbie,pikpikcu severity: critical description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "Argo CD' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/avantfax-detect.yaml b/exposed-panels/avantfax-panel.yaml similarity index 72% rename from technologies/avantfax-detect.yaml rename to exposed-panels/avantfax-panel.yaml index 93d6b9317d..e1db5ca430 100644 --- a/technologies/avantfax-detect.yaml +++ b/exposed-panels/avantfax-panel.yaml @@ -1,10 +1,12 @@ -id: avantfax-detect +id: avantfax-panel info: - name: AvantFAX Detect - author: pikpikcu + name: AvantFAX Login Panel + author: pikpikcu,daffainfo severity: info - tags: tech,avantfax + metadata: + shodan-query: http.title:"AvantFAX - Login" + tags: panel,avantfax requests: - method: GET @@ -13,7 +15,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/aviatrix-detect.yaml b/exposed-panels/aviatrix-panel.yaml similarity index 74% rename from technologies/aviatrix-detect.yaml rename to exposed-panels/aviatrix-panel.yaml index 64be83fd08..e8c89b1cca 100644 --- a/technologies/aviatrix-detect.yaml +++ b/exposed-panels/aviatrix-panel.yaml @@ -1,12 +1,12 @@ -id: aviatrix-detect +id: aviatrix-panel info: - name: Aviatrix Detect - author: pikpikcu,philippedelteil + name: Aviatrix Panel Login + author: pikpikcu,philippedelteil,daffainfo severity: info - tags: tech,aviatrix metadata: - shodan-query: http.title:"AviatrixController", http.title:"Aviatrix Cloud Controller" + shodan-query: http.title:"Aviatrix Cloud Controller" + tags: panel,aviatrix requests: - method: GET diff --git a/technologies/bedita-detect.yaml b/exposed-panels/bedita-panel.yaml similarity index 58% rename from technologies/bedita-detect.yaml rename to exposed-panels/bedita-panel.yaml index fe6a5a8a6d..710176cdfe 100644 --- a/technologies/bedita-detect.yaml +++ b/exposed-panels/bedita-panel.yaml @@ -1,22 +1,29 @@ -id: bedita-detect +id: bedita-panel info: - name: BEdita detect - author: pikpikcu + name: BEdita Panel Login + author: pikpikcu,daffainfo severity: info - tags: tech,bedita + metadata: + shodan-query: http.title:"BEdita" + tags: panel,bedita requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: regex part: body regex: - 'BEdita(.*)
' + - type: status + status: + - 200 + extractors: - type: regex part: body diff --git a/technologies/bolt-cms-detect.yaml b/exposed-panels/bolt-cms-panel.yaml similarity index 70% rename from technologies/bolt-cms-detect.yaml rename to exposed-panels/bolt-cms-panel.yaml index f6b2118809..8f633e6e72 100644 --- a/technologies/bolt-cms-detect.yaml +++ b/exposed-panels/bolt-cms-panel.yaml @@ -1,19 +1,19 @@ -id: bolt-cms-detect +id: bolt-cms-panel info: - name: bolt CMS detect - author: cyllective + name: bolt CMS Login Panel + author: cyllective,daffainfo severity: info - description: Detects bolt CMS - tags: tech,bolt,cms - reference: - - https://github.com/bolt/bolt + description: Bolt is a simple CMS written in PHP. It is based on Silex and Symfony components, uses Twig and either SQLite, MySQL or PostgreSQL. + reference: https://github.com/bolt/bolt + tags: panel,bolt,cms requests: - method: GET path: - "{{BaseURL}}/bolt/login" + matchers-condition: and matchers: - type: word part: body @@ -30,4 +30,8 @@ requests: - '' - 'Bolt requires JavaScript to function properly and continuing without it might corrupt or erase data.' - 'Bolt ยป Login' - - 'Cookies are required to log on to Bolt. Please allow cookies.' \ No newline at end of file + - 'Cookies are required to log on to Bolt. Please allow cookies.' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/bookstack-detect.yaml b/exposed-panels/bookstack-panel.yaml similarity index 56% rename from technologies/bookstack-detect.yaml rename to exposed-panels/bookstack-panel.yaml index 6dde7e550c..74acd0895b 100644 --- a/technologies/bookstack-detect.yaml +++ b/exposed-panels/bookstack-panel.yaml @@ -1,11 +1,13 @@ -id: bookstack-detect +id: bookstack-panel info: - name: BookStack detect - author: cyllective + name: BookStack Panel Login + author: cyllective,daffainfo severity: info - description: Detects BookStack - tags: tech,bookstack + description: A platform to create documentation/wiki content built with PHP & Laravel + metadata: + shodan-query: http.title:"BookStack" + tags: panel,bookstack reference: https://github.com/BookStackApp/BookStack requests: @@ -22,6 +24,15 @@ requests: - 'BookStack' - 'BookStack' + - type: word + part: header + words: + - 'Set-Cookie: bookstack_session' + + - type: status + status: + - 200 + extractors: - type: regex part: body diff --git a/technologies/cacti-detect.yaml b/exposed-panels/cacti-panel.yaml similarity index 65% rename from technologies/cacti-detect.yaml rename to exposed-panels/cacti-panel.yaml index 10d928122a..2151db02e8 100644 --- a/technologies/cacti-detect.yaml +++ b/exposed-panels/cacti-panel.yaml @@ -1,7 +1,8 @@ -id: cacti-detect +id: cacti-panel + info: - name: Detect Cacti - author: geeknik + name: Cacti Login Panel + author: geeknik,daffainfo description: Cacti is a complete network graphing solution -- https://www.cacti.net/ severity: info tags: tech,cacti @@ -12,15 +13,17 @@ requests: - "{{BaseURL}}" - "{{BaseURL}}/cacti/" + stop-at-first-match: true matchers-condition: and matchers: - type: status status: - 200 + - type: word part: body words: - - "Login to Cacti" + - "Login to Cacti" - "The Cacti Group" condition: and @@ -30,7 +33,8 @@ requests: - Cacti+ extractors: - - type: kval - part: header - kval: - - Set_Cookie + - type: regex + part: body + group: 1 + regex: + - "
Version (.*) |" diff --git a/exposed-panels/centreon-panel.yaml b/exposed-panels/centreon-panel.yaml new file mode 100644 index 0000000000..bcc8753a76 --- /dev/null +++ b/exposed-panels/centreon-panel.yaml @@ -0,0 +1,34 @@ +id: centreon-panel + +info: + name: Centreon Login Panel + author: pikpikcu,daffainfo + severity: info + metadata: + shodan-query: http.title:"Centreon" + tags: panel,centreon + +requests: + - method: GET + path: + - "{{BaseURL}}/centreon/index.php" + + matchers-condition: and + matchers: + - type: word + part: body + condition: or + words: + - 'Centreon - IT & Network Monitoring' + - 'Argo CD' \ No newline at end of file diff --git a/technologies/bigbluebutton-detect.yaml b/technologies/bigbluebutton-detect.yaml index 594f9a4800..1f5dbaa579 100644 --- a/technologies/bigbluebutton-detect.yaml +++ b/technologies/bigbluebutton-detect.yaml @@ -4,6 +4,8 @@ info: name: BigBlueButton Detect author: pikpikcu severity: info + metadata: + shodan-query: http.title:"BigBlueButton" tags: tech,bigbluebutton requests: @@ -13,7 +15,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/centreon-detect.yaml b/technologies/fortinet-detect.yaml similarity index 52% rename from technologies/centreon-detect.yaml rename to technologies/fortinet-detect.yaml index c3ca5df6a4..ad26de136e 100644 --- a/technologies/centreon-detect.yaml +++ b/technologies/fortinet-detect.yaml @@ -1,23 +1,22 @@ -id: centreon-detect +id: fortinet-detect info: - name: Centreon Detect - author: pikpikcu + name: Fortinet detected + author: pikpikcu,daffainfo severity: info - tags: tech,centreon + tags: tech,jboss requests: - method: GET path: - - "{{BaseURL}}/centreon/index.php" + - "{{BaseURL}}" matchers-condition: and matchers: - - type: word part: body words: - - "Centreon - IT & Network Monitoring" + - 'FORTINET LOGIN' - type: status status: diff --git a/technologies/jboss-detect.yaml b/technologies/jboss-detect.yaml new file mode 100644 index 0000000000..ea29326cde --- /dev/null +++ b/technologies/jboss-detect.yaml @@ -0,0 +1,21 @@ +id: jboss-detect + +info: + name: JBoss detected + author: daffainfo + severity: info + tags: tech,jboss + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + part: body + words: + - "Welcome to JBoss AS" + - "Welcome to JBoss Application Server" + - "JBoss EAP 7" + condition: or diff --git a/technologies/tech-detect.yaml b/technologies/tech-detect.yaml index 6f7b0a795f..f44a2ccc7c 100644 --- a/technologies/tech-detect.yaml +++ b/technologies/tech-detect.yaml @@ -1115,13 +1115,6 @@ requests: condition: or part: body - - type: regex - name: drupal-commerce - regex: - - <[^>]+(?:id="block[_-]commerce[_-]cart[_-]cart|class="commerce[_-]product[_-]field) - condition: or - part: body - - type: regex name: sympa regex: @@ -2113,13 +2106,14 @@ requests: - type: regex name: drupal + part: all regex: - <(?:link|style)[^>]+"/sites/(?:default|all)/(?:themes|modules)/ + - <[^>]+(?:id="block[_-]commerce[_-]cart[_-]cart|class="commerce[_-]product[_-]field) - "X-Drupal" - "x-drupal" - "X-Generator: Drupal" condition: or - part: all - type: regex name: webxpay diff --git a/workflows/drupal-workflow.yaml b/workflows/drupal-workflow.yaml new file mode 100644 index 0000000000..5b685b08e3 --- /dev/null +++ b/workflows/drupal-workflow.yaml @@ -0,0 +1,13 @@ +id: drupal-workflow + +info: + name: Wordpress Security Checks + author: daffainfo + description: A simple workflow that runs all drupal related nuclei templates on a given target. + +workflows: + - template: technologies/tech-detect.yaml + matchers: + - name: drupal + subtemplates: + - tags: drupal \ No newline at end of file diff --git a/workflows/fortinet-workflow.yaml b/workflows/fortinet-workflow.yaml new file mode 100644 index 0000000000..e85d8ef040 --- /dev/null +++ b/workflows/fortinet-workflow.yaml @@ -0,0 +1,11 @@ +id: fortiner-workflow + +info: + name: Fortinet Security Checks + author: daffainfo + description: A simple workflow that runs all fortinet related nuclei templates on a given target. + +workflows: + - template: technologies/fortinet-detect.yaml + subtemplates: + - tags: fortinet \ No newline at end of file diff --git a/workflows/jboss-workflow.yaml b/workflows/jboss-workflow.yaml new file mode 100644 index 0000000000..7b5d911101 --- /dev/null +++ b/workflows/jboss-workflow.yaml @@ -0,0 +1,11 @@ +id: jboss-workflow + +info: + name: JBoss Security Checks + author: daffainfo + description: A simple workflow that runs all JBoss related nuclei templates on a given target. + +workflows: + - template: technologies/jboss-detect.yaml + subtemplates: + - tags: jboss \ No newline at end of file diff --git a/workflows/laravel-workflow.yaml b/workflows/laravel-workflow.yaml new file mode 100644 index 0000000000..b573fc2015 --- /dev/null +++ b/workflows/laravel-workflow.yaml @@ -0,0 +1,13 @@ +id: laravel-workflow + +info: + name: Laravel Security Checks + author: daffainfo + description: A simple workflow that runs all Laravel related nuclei templates on a given target. + +workflows: + - template: technologies/tech-detect.yaml + matchers: + - name: laravel + subtemplates: + - tags: laravel \ No newline at end of file diff --git a/workflows/microsoft-exchange-workflow.yaml b/workflows/microsoft-exchange-workflow.yaml new file mode 100644 index 0000000000..be85692fc6 --- /dev/null +++ b/workflows/microsoft-exchange-workflow.yaml @@ -0,0 +1,12 @@ +id: microsoft-exchange-workflow + +info: + name: Microsoft Exchange Security Checks + author: daffainfo + description: A simple workflow that runs all Microsoft Exchange related nuclei templates on a given target. + +workflows: + + - template: technologies/microsoft/microsoft-exchange-server-detect.yaml + subtemplates: + - tags: exchange \ No newline at end of file diff --git a/workflows/symfony-workflow.yaml b/workflows/symfony-workflow.yaml new file mode 100644 index 0000000000..a8a5d7c69d --- /dev/null +++ b/workflows/symfony-workflow.yaml @@ -0,0 +1,12 @@ +id: symfony-workflow +info: + name: Symfony Security Checks + author: daffainfo + description: A simple workflow that runs all Symfony related nuclei templates on a given target. + +workflows: + - template: technologies/tech-detect.yaml + matchers: + - name: symfony + subtemplates: + - tags: symfony \ No newline at end of file diff --git a/workflows/yii-workflow.yaml b/workflows/yii-workflow.yaml new file mode 100644 index 0000000000..664ec665ac --- /dev/null +++ b/workflows/yii-workflow.yaml @@ -0,0 +1,13 @@ +id: yii-workflow + +info: + name: Yii Security Checks + author: daffainfo + description: A simple workflow that runs all Yii related nuclei templates on a given target. + +workflows: + - template: technologies/tech-detect.yaml + matchers: + - name: yii + subtemplates: + - tags: yii \ No newline at end of file