From 5d6a54ece8ffa45fe71cbe9e08442ba142c645b3 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 18 Oct 2022 15:13:08 +0530 Subject: [PATCH 1/2] MikroTik FTP server Detect --- .../detection/mikrotik-ftp-server-detect.yaml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 network/detection/mikrotik-ftp-server-detect.yaml diff --git a/network/detection/mikrotik-ftp-server-detect.yaml b/network/detection/mikrotik-ftp-server-detect.yaml new file mode 100644 index 0000000000..2626b58461 --- /dev/null +++ b/network/detection/mikrotik-ftp-server-detect.yaml @@ -0,0 +1,25 @@ +id: mikrotik-ftp-server-detect + +info: + name: MikroTik FTP server Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: 'product:"MikroTik router ftpd"' + tags: network,ftp,mikrotik + +network: + + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + extractors: + - type: regex + regex: + - "MikroTik ([0-9.]+)" From 65d64a28cd70c693dc6aa3f88f0dd97df0579434 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 20 Oct 2022 13:52:38 +0530 Subject: [PATCH 2/2] Update mikrotik-ftp-server-detect.yaml --- network/detection/mikrotik-ftp-server-detect.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/network/detection/mikrotik-ftp-server-detect.yaml b/network/detection/mikrotik-ftp-server-detect.yaml index 2626b58461..b61e8b144c 100644 --- a/network/detection/mikrotik-ftp-server-detect.yaml +++ b/network/detection/mikrotik-ftp-server-detect.yaml @@ -9,16 +9,21 @@ info: metadata: verified: true shodan-query: 'product:"MikroTik router ftpd"' - tags: network,ftp,mikrotik + tags: network,ftp,mikrotik,router network: - - inputs: - data: "\n" host: - "{{Hostname}}" - "{{Host}}:21" + matchers: + - type: word + part: body + words: + - "MikroTik FTP" + extractors: - type: regex regex: