From 7869328bc687fb362e500f731823bee3b4f0a197 Mon Sep 17 00:00:00 2001
From: nybble04 <36155956+nybble04@users.noreply.github.com>
Date: Thu, 29 Dec 2022 19:01:56 +0400
Subject: [PATCH] Update matchers

---
 network/detection/pgsql-detect.yaml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/network/detection/pgsql-detect.yaml b/network/detection/pgsql-detect.yaml
index 9c67d50069..d2eb98c8db 100644
--- a/network/detection/pgsql-detect.yaml
+++ b/network/detection/pgsql-detect.yaml
@@ -9,6 +9,9 @@ info:
   metadata:
     verified: true
     shodan-query: port:5432 product:"PostgreSQL"
+  reference:
+    - https://www.postgresql.org/docs/current/errcodes-appendix.html
+    - https://www.postgresql.org/docs/current/client-authentication-problems.html
   tags: network,postgresql,db
 
 network:
@@ -27,5 +30,9 @@ network:
       - type: word
         part: body
         words:
-          - "SCRAM-SHA-256"
-          - "Mpassword authentication failed for user"
+          - "28000"                   # Error code for invalid_authorization_specification
+          - "28P01"                   # Error code for invalid_password
+          - "SCRAM-SHA-256"           # Authentication prompt
+          - "pg_hba.conf"             # Client authentication config file
+          - "user \"nuclei\""         # The user nuclei (sent in request) doesn't exist
+          - "database \"nuclei\""     # The db nuclei (sent in request) doesn't exist