Merge pull request #2635 from johnk3r/master

Create symantec-ewep.yaml
2021-09-13 15:36:45 +05:30 · 2021-09-13 15:36:45 +05:30 · 7614340b26
parent d2f02876f9 19f73e7c2b
commit 7614340b26
5 changed files with 119 additions and 0 deletions
--- a/exposed-panels/symantec/symantec-dlp-login.yaml
+++ b/exposed-panels/symantec/symantec-dlp-login.yaml
@ -0,0 +1,24 @@
+id: symantec-dlp-login
+
+info:
+  name: Symantec Data Loss Prevention
+  author: princechaddha
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Data+Loss+Prevention%22
+  tags: symantec,panel,login
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/ProtectManager/Logon'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>Symantec Data Loss Prevention</title>"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/symantec/symantec-epm-login.yaml
+++ b/exposed-panels/symantec/symantec-epm-login.yaml
@ -0,0 +1,24 @@
+id: symantec-epm-login
+
+info:
+  name: Symantec Endpoint Protection Manager
+  author: princechaddha
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22
+  tags: symantec,panel,login
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>Symantec Endpoint Protection Manager</title>"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/symantec/symantec-ewep-login.yaml
+++ b/exposed-panels/symantec/symantec-ewep-login.yaml
@ -0,0 +1,24 @@
+id: symantec-ewep-login
+
+info:
+  name: Symantec Encryption Web Email Protection
+  author: johnk3r
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Encryption+Server%3A+Web+Email+Protection+-+Login%22
+  tags: panel,symantec,login
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/b/l.e"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<TITLE>Symantec Encryption Server: Web Email Protection - Login</TITLE>"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/symantec/symantec-pgp-global-directory.yaml
+++ b/exposed-panels/symantec/symantec-pgp-global-directory.yaml
@ -0,0 +1,24 @@
+id: symantec-pgp-global-directory
+
+info:
+  name: Symantec PGP Global Directory
+  author: princechaddha
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22PGP+Global+Directory%22
+  tags: symantec,panel
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/vkd/GetWelcomeScreen.event'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<TITLE>PGP Global Directory</TITLE>"
+        part: body
+
+      - type: status
+        status:
+          - 200
--- a/exposed-panels/totemomail-detect.yaml
+++ b/exposed-panels/totemomail-detect.yaml
@ -0,0 +1,23 @@
+id: totemomail-detect
+
+info:
+  name: Detect totemomail - Secure email communication
+  author: johnk3r
+  severity: info
+  tags: totemomail,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/responsiveUI/webmail/folder.xhtml"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>WebMail login: totemomail® WebMail</title>"
+        part: body
+
+      - type: status
+        status:
+          - 200