From 5d478d5e10dc6238a537ecd0010f6ad787429e24 Mon Sep 17 00:00:00 2001
From: Lucky-Pulse <will.boucher@pulsesecurity.co.nz>
Date: Mon, 11 Mar 2024 11:16:50 +1300
Subject: [PATCH] Added 2 templates to detect X-AspNetMvc-Version and
 X-AspNet-Version headers

---
 .../x-aspnet-version-disclosure.yaml          | 35 +++++++++++++++++++
 .../x-aspnetmvc-version-disclosure.yaml       | 35 +++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 http/technologies/microsoft/x-aspnet-version-disclosure.yaml
 create mode 100644 http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml

diff --git a/http/technologies/microsoft/x-aspnet-version-disclosure.yaml b/http/technologies/microsoft/x-aspnet-version-disclosure.yaml
new file mode 100644
index 0000000000..9ed4b7ed89
--- /dev/null
+++ b/http/technologies/microsoft/x-aspnet-version-disclosure.yaml
@@ -0,0 +1,35 @@
+id: AspNet-Version-disclosure
+info:
+  name: AspNet-Version-disclosure
+  author: lucky0x0d,PulseSecurity.co.nz
+  severity: info
+  description: |
+       Detects version disclosed via X-AspNet-Version: header
+  tags: technology, detection, tech-detect
+  metadata:
+    max-request: 1
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    host-redirects: true
+    max-redirects: 3
+
+    matchers-condition: or
+    matchers:
+      - type: dsl
+        dsl:
+          - "regex('(?i)X-AspNet-Version', header)"
+          - "status_code != 301 && status_code != 302"
+        condition: and
+
+    extractors:
+      - type: kval
+        kval:
+          - X_AspNet_Version
diff --git a/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml b/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml
new file mode 100644
index 0000000000..f7aaf034dc
--- /dev/null
+++ b/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml
@@ -0,0 +1,35 @@
+id: AspNetMvc-Version-disclosure
+info:
+  name: AspNetMvc-Version-disclosure
+  author: lucky0x0d,PulseSecurity.co.nz
+  severity: info
+  description: |
+       Detects version disclosed via X-AspNetMvc-Version: header
+  tags: technology, detection, tech-detect
+  metadata:
+    max-request: 1
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    host-redirects: true
+    max-redirects: 3
+
+    matchers-condition: or
+    matchers:
+      - type: dsl
+        dsl:
+          - "regex('(?i)X-AspNetMvc-Version', header)"
+          - "status_code != 301 && status_code != 302"
+        condition: and
+
+    extractors:
+      - type: kval
+        kval:
+          - X_AspNetMvc_Version