Adding templates for dell-idrac

2021-02-26 04:01:38 +05:30 · 2021-02-26 04:01:38 +05:30 · 81e6c97c65
parent 3a22ab23c0
commit 81e6c97c65
3 changed files with 77 additions and 0 deletions
--- a/default-logins/dell/dell-idrac-default-login.yaml
+++ b/default-logins/dell/dell-idrac-default-login.yaml
@ -0,0 +1,24 @@
+id: dell-idrac-default-login
+info:
+  name: dell-idrac-default-login
+  author: kophjager007
+  severity: high
+  tags: dell,idrac,dlogin
+
+requests:
+  - method: POST
+    cookie-reuse: true
+    path:
+      - "{{BaseURL}}/data/login"
+    body: "user=root&password=calvin"
+    headers:
+      Host: "{{Hostname}}"
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
+      Content-Type: application/x-www-form-urlencode
+      Referer: "{{BaseURL}}/login.html"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
--- a/technologies/dell-idrac-detect.yaml
+++ b/technologies/dell-idrac-detect.yaml
@ -0,0 +1,42 @@
+id: dell-idrac-detect
+info:
+  name: Detect Dell iDRAC
+  author: kophjager007
+  description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
+  severity: info
+
+requests:
+  - method: GET
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
+    path:
+      - "{{BaseURL}}/sysmgmt/2015/bmc/info"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        condition: and
+        words:
+          - "iDRACName"
+          - "BuildVersion"
+
+    extractors:
+      - type: regex
+        part: header
+        regex:
+          - iDRAC/[0-9]{1,2}
+      - type: regex
+        part: body
+        regex:
+          - iDRAC[0-9]{1,2}
+      - type: regex
+        part: body
+        name: fwver
+        group: 1
+        regex:
+          - '"FwVer" *: *"([^"]+)"'
--- a/workflows/dell-idrac-workflow.yaml
+++ b/workflows/dell-idrac-workflow.yaml
@ -0,0 +1,11 @@
+id: dell-idrac-workflow
+info:
+  name: Dell iDRAC Security Checks
+  author: kophjager007
+  description: A workflow to identify Dell iDRAC instances and run all related nuclei templates.
+  tags: workflow
+
+workflows:
+  - template: technologies/dell-idrac-detect.yaml
+    subtemplates:
+      - template: default-logins/dell/dell-idrac-default-login.yaml