daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor - update

patch-1
pussycat0x 2023-11-08 20:42:25 +05:30
parent b1846a1871
commit 823f2a2dce
13 changed files with 60 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/honeypot/citrix-honeypot-detect.yaml
View File

@ -9,6 +9,8 @@ info:
The HTTP response reveals a possible setup of the Citrix web application honeypot. The HTTP response reveals a possible setup of the Citrix web application honeypot.
metadata: metadata:
max-request: 2 max-request: 2
verified: true
shodan-query: http.title:“Citrix Login”
vendor: citrix vendor: citrix
product: citrix product: citrix
tags: citrix,honeypot,ir,cti tags: citrix,honeypot,ir,cti

3
http/honeypot/snare-honeypot-detect.yaml
View File

@ -9,6 +9,9 @@ info:
The response to an incorrect HTTP version reveals a possible setup of the Snare web application honeypot. The response to an incorrect HTTP version reveals a possible setup of the Snare web application honeypot.
metadata: metadata:
max-request: 2 max-request: 2
verified: true
verified: true
shodan-query: Server: Python/3.10 aiohttp/3.8.3
vendor: snare vendor: snare
product: http product: http
tags: snare,honeypot,ir,cti tags: snare,honeypot,ir,cti

9
network/honeypot/adbhoney-honeypot-cnxn-detect.yaml
View File

@ -16,16 +16,17 @@ info:
tags: adbhoney,android,adb,honeypot,ir,cti,network tags: adbhoney,android,adb,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 5555
inputs:
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # CNXN - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # CNXN
type: hex type: hex
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" # CLIENT INFO - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" # CLIENT INFO
type: hex type: hex
host:
- "{{Hostname}}"
port: 5555
read-size: 1024 read-size: 1024
matchers: matchers:
- type: word - type: word
words: words:

10
network/honeypot/adbhoney-honeypot-shell-detect.yaml
View File

@ -16,10 +16,7 @@ info:
tags: adbhoney,android,adb,honeypot,ir,cti,network tags: adbhoney,android,adb,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 5555
inputs:
- data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # CNXN - data: "434e584e0100000100001000ea000000445b0000bcb1a7b1" # CNXN
type: hex type: hex
- data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" # CLIENT INFO - data: "686f73743a3a66656174757265733d7368656c6c5f76322c636d642c737461745f76322c6c735f76322c66697865645f707573685f6d6b6469722c617065782c6162622c66697865645f707573685f73796d6c696e6b5f74696d657374616d702c6162625f657865632c72656d6f756e745f7368656c6c2c747261636b5f6170702c73656e64726563765f76322c73656e64726563765f76325f62726f746c692c73656e64726563765f76325f6c7a342c73656e64726563765f76325f7a7374642c73656e64726563765f76325f6472795f72756e5f73656e642c6f70656e73637265656e5f6d646e73" # CLIENT INFO
@ -28,8 +25,11 @@ tcp:
type: hex type: hex
- data: "7368656c6c3a70776400" # SHELL: PWD - data: "7368656c6c3a70776400" # SHELL: PWD
type: hex type: hex
host:
- "{{Hostname}}"
port: 5555
read-size: 1024 read-size: 1024
matchers: matchers:
- type: binary - type: binary
binary: binary:

9
network/honeypot/conpot-siemens-honeypot-detect.yaml
View File

@ -14,14 +14,15 @@ info:
tags: conpot,siemens,honeypot,ir,cti,network tags: conpot,siemens,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 102
inputs:
- data: "0300001611e00000000400c1020100c2020102c0010a" - data: "0300001611e00000000400c1020100c2020102c0010a"
type: hex type: hex
host:
- "{{Hostname}}"
port: 102
read-size: 1024 read-size: 1024
matchers: matchers:
- type: binary - type: binary
binary: binary:

8
network/honeypot/cowrie-ssh-honeypot-detect.yaml
View File

@ -14,13 +14,13 @@ info:
tags: cowrie,twisted,ssh,honeypot,ir,cti,network tags: cowrie,twisted,ssh,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- data: "SSH-1337-OpenSSH_9.0\r\n"
host:
- '{{Hostname}}' - '{{Hostname}}'
port: 22 port: 22
inputs:
- data: "SSH-1337-OpenSSH_9.0\r\n"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex

9
network/honeypot/dionaea-ftp-honeypot-detect.yaml
View File

@ -14,16 +14,17 @@ info:
tags: dionaea,ftp,honeypot,ir,cti,network tags: dionaea,ftp,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 21
inputs:
- data: "USER root\r\n" - data: "USER root\r\n"
read: 1024 read: 1024
- data: "PASS \r\n" - data: "PASS \r\n"
read: 1024 read: 1024
host:
- "{{Hostname}}"
port: 21
read-size: 2048 read-size: 2048
matchers: matchers:
- type: word - type: word
words: words:

12
network/honeypot/dionaea-mqtt-honeypot-detect.yaml
View File

@ -9,20 +9,22 @@ info:
The response to a MQTTv5 packet differs from real installations, signaling a possible deceptive setup. The response to a MQTTv5 packet differs from real installations, signaling a possible deceptive setup.
metadata: metadata:
max-request: 2 max-request: 2
verified: true
shodan-query: product:"MQTT"
vendor: dionaea vendor: dionaea
product: mqtt product: mqtt
tags: dionaea,mqtt,honeypot,ir,cti,network tags: dionaea,mqtt,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 1883
inputs:
- data: "101000044d5154540502003c032100140000" - data: "101000044d5154540502003c032100140000"
type: hex type: hex
host:
- "{{Hostname}}"
port: 1883
read-size: 1024 read-size: 1024
matchers: matchers:
- type: binary - type: binary
binary: binary:

1
network/honeypot/dionaea-mysql-honeypot-detect.yaml
View File

@ -20,7 +20,6 @@ tcp:
host: host:
- "{{Hostname}}" - "{{Hostname}}"
port: 3306 port: 3306
read-size: 1024 read-size: 1024
matchers-condition: and matchers-condition: and

13
network/honeypot/dionaea-smb-honeypot-detect.yaml
View File

@ -8,21 +8,22 @@ info:
A Dionaea SMB honeypot has been identified. A Dionaea SMB honeypot has been identified.
The response to an SMB connection packet differs from real installations, signaling a possible deceptive setup. The response to an SMB connection packet differs from real installations, signaling a possible deceptive setup.
metadata: metadata:
max-request: 2 max-request: 1
shodan-query: port:445
vendor: dionaea vendor: dionaea
product: dionaea product: dionaea
tags: dionaea,smb,honeypot,ir,cti,network tags: dionaea,smb,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 445
inputs:
- data: "00000045ff534d4272000000000801c8000000000000000000000000ffff0100ffff0000002200024e54204c4d20302e31320002534d4220322e3030320002534d4220322e3f3f3f00" - data: "00000045ff534d4272000000000801c8000000000000000000000000ffff0100ffff0000002200024e54204c4d20302e31320002534d4220322e3030320002534d4220322e3f3f3f00"
type: hex type: hex
host:
- "{{Hostname}}"
port: 445
read-size: 1024 read-size: 1024
matchers: matchers:
- type: binary - type: binary
binary: binary:

10
network/honeypot/gaspot-honeypot-detect.yaml
View File

@ -9,18 +9,20 @@ info:
The response to the '^AI21400' command differs from real installations, signaling a possible deceptive setup. The response to the '^AI21400' command differs from real installations, signaling a possible deceptive setup.
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: port:10001
vendor: gaspot vendor: gaspot
product: veeder-root product: veeder-root
tags: gaspot,veeder-root,ics,honeypot,ir,cti,network tags: gaspot,veeder-root,ics,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 10001
inputs:
- data: "^AI21400" - data: "^AI21400"
host:
- "{{Hostname}}"
port: 10001
read-size: 1024 read-size: 1024
matchers: matchers:
- type: word - type: word
words: words:

10
network/honeypot/mailoney-honeypot-detect.yaml
View File

@ -14,15 +14,15 @@ info:
tags: mailoney,exim,smtp,honeypot,ir,cti,network tags: mailoney,exim,smtp,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 25
inputs:
- data: "HELP\r\n" - data: "HELP\r\n"
read: 1024 read: 1024
host:
- "{{Hostname}}"
port: 25
read-size: 1024 read-size: 1024
matchers: matchers:
- type: word - type: word
words: words:

11
network/honeypot/redis-honeypot-detect.yaml
View File

@ -9,19 +9,20 @@ info:
The response to the 'QUIT' command differs from real installations, signaling a possible deceptive setup. The response to the 'QUIT' command differs from real installations, signaling a possible deceptive setup.
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: redis
vendor: redis vendor: redis
product: redis product: redis
tags: redis,honeypot,ir,cti,network tags: redis,honeypot,ir,cti,network
tcp: tcp:
- host: - inputs:
- "{{Hostname}}"
port: 6379
inputs:
- data: "QUIT" - data: "QUIT"
host:
- "{{Hostname}}"
port: 6379
read-size: 1024 read-size: 1024
matchers: matchers:
- type: word - type: word
words: words: