Merge branch 'projectdiscovery:main' into main
bmcxxx
GitHub
commit
7f70fe50a6
|
|
@ -19,6 +19,7 @@ on:
|
|||
- 'http/default-logins/ibm/ibm-dcbc-default-login.yaml'
|
||||
- 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
|
||||
- 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
|
||||
- 'http/exposed-panels/c2/meduza-stealer.yaml'
|
||||
- 'http/exposed-panels/connectwise-panel.yaml'
|
||||
- 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
|
||||
- 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ http/cves/2024/CVE-2024-25600.yaml
|
|||
http/default-logins/ibm/ibm-dcbc-default-login.yaml
|
||||
http/default-logins/ibm/ibm-dcec-default-login.yaml
|
||||
http/default-logins/ibm/ibm-dsc-default-login.yaml
|
||||
http/exposed-panels/c2/meduza-stealer.yaml
|
||||
http/exposed-panels/connectwise-panel.yaml
|
||||
http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
|
||||
http/exposed-panels/ibm/ibm-dcec-panel.yaml
|
||||
|
|
|
|||
|
|
@ -22,6 +22,9 @@ info:
|
|||
vendor: connectwise
|
||||
product: screenconnect
|
||||
shodan-query: http.favicon.hash:-82958153
|
||||
fofa-query: app="ScreenConnect-Remote-Support-Software"
|
||||
zoomeye-query: app:"ScreenConnect Remote Management Software"
|
||||
hunter-query: app.name="ConnectWise ScreenConnect software"
|
||||
tags: cve,cve2024,screenconnect,connectwise,auth-bypass,kev
|
||||
|
||||
variables:
|
||||
|
|
@ -50,4 +53,4 @@ http:
|
|||
part: header
|
||||
kval:
|
||||
- Server
|
||||
# digest: 4a0a004730450220564c9949c406c35520203b46a2a34bba505d1cadfde47e8a38f9a073264e97f0022100ff2a065d66fa48b8502a068445d833e6700efd1e9715d034f1ea16e91696bd06:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a74505da69fc5fb96361adc56f169fe3a2e25cf85bc6df3b254da6430f8f723f02200dd625105f73d1d23ede46af0dbee84cce441acdb5c91079411b20c841a8bf23:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
id: meduza-stealer
|
||||
|
||||
info:
|
||||
name: Meduza Stealer Panel - Detect
|
||||
author: dwisiswant0
|
||||
severity: info
|
||||
description: |
|
||||
Meduza Stealer panel were detected.
|
||||
metadata:
|
||||
verified: "true"
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Meduza Stealer"
|
||||
tags: rat,meduza-stealer,c2,panel
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: xpath
|
||||
part: body
|
||||
xpath:
|
||||
- "/html/head/title[contains(text(), 'Meduza Stealer')]"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402205dba3fbe856939cb875cb89322ca202e324f3de5f27798d0dafa5775d01b8b67022052e12e59e6740e0f43bb43bbea4b9c3a20f7853360e5c218ef51005a22683fbd:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -9,7 +9,7 @@ info:
|
|||
- https://www.secpulse.com/archives/107611.html
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: config,exposure
|
||||
tags: config,exposure,coremail
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
@ -29,5 +29,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# digest: 4b0a00483046022100a933f66f20dfcc2d371ec242220500567b8d7a74265d8d3f5617dda78fdc5da6022100cdbff71d832b672411cafdaef856fc940d0e4b56c7d00e71ae1a6a28d7a4787e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022070c547e90ec1df6827f0e0ec02d74c7a622c37ca1ad55e1225b5f92db3e86bc202202b326dadca0c017d2a795761af48ee6e35225dbdccbaa1bd5749b19673a37da9:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -3050,7 +3050,7 @@ http/cves/2024/CVE-2024-1061.yaml:b27c2c94969a04256555997add9575b0b39f1ca4
|
|||
http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15
|
||||
http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1
|
||||
http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949
|
||||
http/cves/2024/CVE-2024-1709.yaml:bdef89899053e3f39b5176f05eee1357153607fa
|
||||
http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b
|
||||
http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7
|
||||
http/cves/2024/CVE-2024-21645.yaml:ba1ed2e20b119442be0cdf467f18b6b552b86e4f
|
||||
http/cves/2024/CVE-2024-21887.yaml:e03d9cf1b5a79ff2e547281368ad69f048990696
|
||||
|
|
@ -3361,6 +3361,7 @@ http/exposed-panels/c2/deimos-c2.yaml:ae61a5400de7643ed012a992d7dfebbaebac827a
|
|||
http/exposed-panels/c2/empire-c2.yaml:a956166cc71b8f695638a0a8246fc1adc22d22c6
|
||||
http/exposed-panels/c2/evilginx.yaml:d1f6a4b322020fe864cd7f563f6f995285290b9b
|
||||
http/exposed-panels/c2/hookbot-rat.yaml:63a50800a2061354f779be473debfc4629f5b6a3
|
||||
http/exposed-panels/c2/meduza-stealer.yaml:b19fe98554d8ab70dd79e8ab192d2c334d4ba4e5
|
||||
http/exposed-panels/c2/mystic-stealer.yaml:236389de12c99c82c5fbc890d7cce6d291dc8759
|
||||
http/exposed-panels/c2/mythic-c2.yaml:d533af44e7b0eb5fdc500eadaa5ff5851001bcf0
|
||||
http/exposed-panels/c2/nh-c2.yaml:5e3df1f34aac3801e010fe98d0e94c85902ba690
|
||||
|
|
@ -4306,7 +4307,7 @@ http/exposures/configs/config-json.yaml:5677b51216f1e994a49712960cb17da4ecd2f7f3
|
|||
http/exposures/configs/config-properties.yaml:06ed728393febe32a30cbe4aa0de7b5cf7ab4320
|
||||
http/exposures/configs/config-rb.yaml:f0a8007213cb4861bf6c03d367291b6643c37046
|
||||
http/exposures/configs/configuration-listing.yaml:c0ea3a6516cbcf350df244ac15a465b79c0af8e3
|
||||
http/exposures/configs/coremail-config-disclosure.yaml:563dbe0297d0e215ef1e44074565a6ad3cf348ab
|
||||
http/exposures/configs/coremail-config-disclosure.yaml:02a6d39fac5538dc672114d3cf5b8f6cf2ebb58e
|
||||
http/exposures/configs/cypress-web-config.yaml:dd978d1d56bd33cbcf827ae65c59265acd6625cf
|
||||
http/exposures/configs/dbeaver-credentials.yaml:cbd4ab7a04824a87c57dd64ef1c700e5c7ac6e42
|
||||
http/exposures/configs/debug-vars.yaml:0b108f2c2468d3700a7a837b79eec21e3d060785
|
||||
|
|
@ -7945,7 +7946,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
|
|||
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
|
||||
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
|
||||
ssl/wildcard-tls.yaml:f1d29ec45ddad271d388c2e8fc28026fc24a04a4
|
||||
templates-checksum.txt:545c40fd2e2d7b12d1f64a5531da96db49e7c080
|
||||
templates-checksum.txt:5901ed8b915434a78cd1e25c127d7e9037e7538b
|
||||
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
|
||||
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
|
||||
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
|
||||
|
|
|
|||
Loading…
Reference in New Issue