From 133c7c5854043743613905d4f9abcb49e50c178f Mon Sep 17 00:00:00 2001
From: J4vaovo <128683738+j4vaovo@users.noreply.github.com>
Date: Wed, 14 Jun 2023 18:39:09 +0800
Subject: [PATCH 1/3] Create apache-dubbo-unauth.yaml

---
 network/apache-dubbo-unauth.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 network/apache-dubbo-unauth.yaml

diff --git a/network/apache-dubbo-unauth.yaml b/network/apache-dubbo-unauth.yaml
new file mode 100644
index 0000000000..2246661ade
--- /dev/null
+++ b/network/apache-dubbo-unauth.yaml
@@ -0,0 +1,24 @@
+id: apache-dubbo-unauth
+
+info:
+  name: Apache Dubbo - Unauthenticated Access
+  author: j4vaovo
+  severity: high
+  description: Apache Dubbo Unauthenticated Access.
+  reference:
+  tags: network,dubbo,apache,unauth
+
+network:
+  - inputs:
+      - data: "68656c700d0a"
+        type: hex
+
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:20880"
+    read-size: 2048
+
+    matchers:
+      - type: word
+        words:
+          - "trace [service] [method] [times]"

From b12d7501f3471503941c88006bf1d78aadaa05e9 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 6 Jul 2023 23:14:03 +0530
Subject: [PATCH 2/3] minor -update

---
 network/apache-dubbo-unauth.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/network/apache-dubbo-unauth.yaml b/network/apache-dubbo-unauth.yaml
index 2246661ade..d5a93d19ec 100644
--- a/network/apache-dubbo-unauth.yaml
+++ b/network/apache-dubbo-unauth.yaml
@@ -4,11 +4,16 @@ info:
   name: Apache Dubbo - Unauthenticated Access
   author: j4vaovo
   severity: high
-  description: Apache Dubbo Unauthenticated Access.
+  description: |
+    Apache Dubbo Unauthenticated Access were detected.
   reference:
-  tags: network,dubbo,apache,unauth
+    - https://dubbo.apache.org/en/docs3-v2/java-sdk/advanced-features-and-usage/security/auth/
+  metadata:
+    verified: true
+    fofa-query: "apache dubbo"
+  tags: network,dubbo,apache,unauth,misconfig
 
-network:
+tcp:
   - inputs:
       - data: "68656c700d0a"
         type: hex

From 95a818f0c6cc5b1f9174a731c737a615da7332b3 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 6 Jul 2023 23:14:42 +0530
Subject: [PATCH 3/3] Rename network/apache-dubbo-unauth.yaml to
 network/misconfig/apache-dubbo-unauth.yaml

---
 network/{ => misconfig}/apache-dubbo-unauth.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename network/{ => misconfig}/apache-dubbo-unauth.yaml (100%)

diff --git a/network/apache-dubbo-unauth.yaml b/network/misconfig/apache-dubbo-unauth.yaml
similarity index 100%
rename from network/apache-dubbo-unauth.yaml
rename to network/misconfig/apache-dubbo-unauth.yaml