From 6fb26f5c140ddd59fad384a5f6608e8e0fa4bcc1 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:35:48 -0700 Subject: [PATCH] Update and rename airos-detect.yaml to airos-panel.yaml --- http/exposed-panels/airos-detect.yaml | 22 ---------------------- http/exposed-panels/airos-panel.yaml | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 22 deletions(-) delete mode 100644 http/exposed-panels/airos-detect.yaml create mode 100644 http/exposed-panels/airos-panel.yaml diff --git a/http/exposed-panels/airos-detect.yaml b/http/exposed-panels/airos-detect.yaml deleted file mode 100644 index dadadf0f9c..0000000000 --- a/http/exposed-panels/airos-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: airos-detect - -info: - name: AIROS software detection - author: rxerium - severity: info - description: | - This template checks if the AIROS logo image is exposed at `/images/airos_logo.png` endpoint. If it returns a status code 200, it might indicate exposure of sensitive resources. - tags: - - airos,detection,exposed - metadata: - shodan_query: "http.favicon.hash:-697231354" - -requests: - - method: GET - path: - - "{{BaseURL}}/images/airos_logo.png" - - matchers: - - type: status - status: - - 200 \ No newline at end of file diff --git a/http/exposed-panels/airos-panel.yaml b/http/exposed-panels/airos-panel.yaml new file mode 100644 index 0000000000..db35581d04 --- /dev/null +++ b/http/exposed-panels/airos-panel.yaml @@ -0,0 +1,27 @@ +id: airos-panel + +info: + name: AirOS Panel - Detect + author: rxerium + severity: info + description: | + AirOS panel was detected. + metadata: + shodan_query: "http.favicon.hash:-697231354" + tags: airos,panel + +http: + - method: GET + path: + - "{{BaseURL}}/login.cgi?uri=/" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'airos_logo.png' + + - type: status + status: + - 200