From 96d0b8f9507308df244c13ce9f10ebcb33d320cc Mon Sep 17 00:00:00 2001 From: sullo Date: Mon, 27 Mar 2023 13:56:52 -0400 Subject: [PATCH] Run dos2unix against all templates --- iot/carel-plantvisor-panel.yaml | 54 +- iot/raspberry-shake-config.yaml | 56 +- miscellaneous/sitemap-detect.yaml | 72 +- misconfiguration/unauth-kubecost.yaml | 60 +- .../activemq-openwire-transport-detect.yaml | 62 +- network/detection/apache-activemq-detect.yaml | 54 +- network/detection/clamav-detect.yaml | 58 +- network/detection/cql-native-transport.yaml | 74 +- network/detection/esmtp-detect.yaml | 60 +- .../detection/gnu-inetutils-ftpd-detect.yaml | 58 +- network/detection/imap-detect.yaml | 56 +- network/detection/microsoft-ftp-service.yaml | 50 +- .../detection/mikrotik-ftp-server-detect.yaml | 60 +- network/detection/proftpd-server-detect.yaml | 58 +- network/detection/rabbitmq-detect.yaml | 60 +- network/detection/riak-detect.yaml | 62 +- network/detection/sshd-dropbear-detect.yaml | 60 +- .../vmware-authentication-daemon-detect.yaml | 64 +- .../detection/xlight-ftp-service-detect.yaml | 62 +- ssl/weak-cipher-suites.yaml | 1716 ++++++++--------- technologies/xerox-workcentre-detect.yaml | 56 +- 21 files changed, 1456 insertions(+), 1456 deletions(-) diff --git a/iot/carel-plantvisor-panel.yaml b/iot/carel-plantvisor-panel.yaml index 30b6c219e1..90ca42759f 100644 --- a/iot/carel-plantvisor-panel.yaml +++ b/iot/carel-plantvisor-panel.yaml @@ -1,27 +1,27 @@ -id: carel-plantvisor-panel - -info: - name: CAREL Pl@ntVisor Panel - author: Hardik-Solanki - severity: info - metadata: - shodan-query: title:"CAREL Pl@ntVisor" - tags: panels,scada,iot,carel - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'CAREL Pl@ntVisor' - - 'alt="CAREL' - condition: or - - - type: status - status: - - 200 +id: carel-plantvisor-panel + +info: + name: CAREL Pl@ntVisor Panel + author: Hardik-Solanki + severity: info + metadata: + shodan-query: title:"CAREL Pl@ntVisor" + tags: panels,scada,iot,carel + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'CAREL Pl@ntVisor' + - 'alt="CAREL' + condition: or + + - type: status + status: + - 200 diff --git a/iot/raspberry-shake-config.yaml b/iot/raspberry-shake-config.yaml index a9e02ec00c..ff0979e246 100644 --- a/iot/raspberry-shake-config.yaml +++ b/iot/raspberry-shake-config.yaml @@ -1,28 +1,28 @@ -id: raspberry-shake-config - -info: - name: Raspberry Shake Config Detection - author: pussycat0x - severity: medium - description: | - The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software. - metadata: - verified: true - shodan-query: title:"Raspberry Shake Config" - tags: misconfig,unauth,iot,raspberry - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Raspberry Shake Config" - - - type: status - status: - - 200 +id: raspberry-shake-config + +info: + name: Raspberry Shake Config Detection + author: pussycat0x + severity: medium + description: | + The Shake Board digitizer receives, processes, and interprets the sensor data in real-time, allowing for the Raspberry Pi computer to export the data for easy access. The data output can be displayed and analyzed using our own comprehensive set of web tools or any standard seismological software. + metadata: + verified: true + shodan-query: title:"Raspberry Shake Config" + tags: misconfig,unauth,iot,raspberry + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Raspberry Shake Config" + + - type: status + status: + - 200 diff --git a/miscellaneous/sitemap-detect.yaml b/miscellaneous/sitemap-detect.yaml index dd0e614fee..0061745d93 100644 --- a/miscellaneous/sitemap-detect.yaml +++ b/miscellaneous/sitemap-detect.yaml @@ -1,36 +1,36 @@ -id: sitemap-detect - -info: - name: Sitemap Detection - author: houdinis - severity: info - description: | - A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them. - metadata: - verified: "true" - google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd - tags: misc,generic,sitemap - -requests: - - method: GET - path: - - "{{BaseURL}}/sitemap.xml" - - "{{BaseURL}}/sitemap.xsl" - - "{{BaseURL}}/sitemap.xsd" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "sitemap>" - case-insensitive: true - - - type: word - part: header - words: - - 'application/xml' - - - type: status - status: - - 200 +id: sitemap-detect + +info: + name: Sitemap Detection + author: houdinis + severity: info + description: | + A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them. + metadata: + verified: "true" + google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd + tags: misc,generic,sitemap + +requests: + - method: GET + path: + - "{{BaseURL}}/sitemap.xml" + - "{{BaseURL}}/sitemap.xsl" + - "{{BaseURL}}/sitemap.xsd" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "sitemap>" + case-insensitive: true + + - type: word + part: header + words: + - 'application/xml' + + - type: status + status: + - 200 diff --git a/misconfiguration/unauth-kubecost.yaml b/misconfiguration/unauth-kubecost.yaml index e4051ce911..fb5384aaab 100644 --- a/misconfiguration/unauth-kubecost.yaml +++ b/misconfiguration/unauth-kubecost.yaml @@ -1,30 +1,30 @@ -id: unauth-kubecost -info: - name: KubeCost - Unauthenticated Dashboard Exposure - author: pussycat0x - severity: medium - reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478 - metadata: - verified: true - shodan-query: title:kubecost - tags: misconfig,exposure,unauth,kubecost - -requests: - - method: GET - path: - - '{{BaseURL}}/overview.html' - - matchers-condition: and - matchers: - - type: word - words: - - 'Cluster Overview | Kubecost' - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 +id: unauth-kubecost +info: + name: KubeCost - Unauthenticated Dashboard Exposure + author: pussycat0x + severity: medium + reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478 + metadata: + verified: true + shodan-query: title:kubecost + tags: misconfig,exposure,unauth,kubecost + +requests: + - method: GET + path: + - '{{BaseURL}}/overview.html' + + matchers-condition: and + matchers: + - type: word + words: + - 'Cluster Overview | Kubecost' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/network/detection/activemq-openwire-transport-detect.yaml b/network/detection/activemq-openwire-transport-detect.yaml index 38b0ca2a83..19c682dc58 100644 --- a/network/detection/activemq-openwire-transport-detect.yaml +++ b/network/detection/activemq-openwire-transport-detect.yaml @@ -1,31 +1,31 @@ -id: activemq-openwire-transport-detect - -info: - name: ActiveMQ OpenWire Transport Detection - author: pussycat0x - severity: info - description: | - OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority. - metadata: - verified: true - shodan-query: 'product:"ActiveMQ OpenWire transport"' - tags: network,activemq - -network: - - inputs: - - data: "VERSION" - - host: - - "{{Hostname}}" - - "{{Host}}:61616" - - matchers-condition: and - matchers: - - type: word - words: - - "ActiveMQ" - - extractors: - - type: regex - regex: - - "ProviderVersion...([0-9.]+)" +id: activemq-openwire-transport-detect + +info: + name: ActiveMQ OpenWire Transport Detection + author: pussycat0x + severity: info + description: | + OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority. + metadata: + verified: true + shodan-query: 'product:"ActiveMQ OpenWire transport"' + tags: network,activemq + +network: + - inputs: + - data: "VERSION" + + host: + - "{{Hostname}}" + - "{{Host}}:61616" + + matchers-condition: and + matchers: + - type: word + words: + - "ActiveMQ" + + extractors: + - type: regex + regex: + - "ProviderVersion...([0-9.]+)" diff --git a/network/detection/apache-activemq-detect.yaml b/network/detection/apache-activemq-detect.yaml index 0c096a254b..798541a353 100644 --- a/network/detection/apache-activemq-detect.yaml +++ b/network/detection/apache-activemq-detect.yaml @@ -1,27 +1,27 @@ -id: apache-activemq-detect - -info: - name: Apache ActiveMQ Detection - author: pussycat0x - severity: info - description: | - Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server. - metadata: - verified: true - shodan-query: 'product:"Apache ActiveMQ"' - tags: network,activemq,oss - -network: - - inputs: - - data: "HELP\n\n\u0000" - - host: - - "{{Hostname}}" - - "{{Host}}:61613" - - matchers-condition: and - matchers: - - type: word - words: - - "Unknown STOMP action" - - "norg.apache.activemq.transport.stomp" +id: apache-activemq-detect + +info: + name: Apache ActiveMQ Detection + author: pussycat0x + severity: info + description: | + Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server. + metadata: + verified: true + shodan-query: 'product:"Apache ActiveMQ"' + tags: network,activemq,oss + +network: + - inputs: + - data: "HELP\n\n\u0000" + + host: + - "{{Hostname}}" + - "{{Host}}:61613" + + matchers-condition: and + matchers: + - type: word + words: + - "Unknown STOMP action" + - "norg.apache.activemq.transport.stomp" diff --git a/network/detection/clamav-detect.yaml b/network/detection/clamav-detect.yaml index b0600d0c2f..a5a6c8f0c7 100644 --- a/network/detection/clamav-detect.yaml +++ b/network/detection/clamav-detect.yaml @@ -1,29 +1,29 @@ -id: clamav-detect - -info: - name: ClamAV Server Detect - author: pussycat0x - severity: info - description: | - Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. - metadata: - verified: true - shodan-query: 'port:3310 product:"ClamAV"' - tags: network,clamav - -network: - - inputs: - - data: "VERSION" - host: - - "{{Hostname}}" - - "{{Host}}:3310" - - matchers: - - type: regex - regex: - - 'ClamAV ([0-9.]+)' - - extractors: - - type: regex - regex: - - "ClamAV ([0-9.]+)" +id: clamav-detect + +info: + name: ClamAV Server Detect + author: pussycat0x + severity: info + description: | + Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. + metadata: + verified: true + shodan-query: 'port:3310 product:"ClamAV"' + tags: network,clamav + +network: + - inputs: + - data: "VERSION" + host: + - "{{Hostname}}" + - "{{Host}}:3310" + + matchers: + - type: regex + regex: + - 'ClamAV ([0-9.]+)' + + extractors: + - type: regex + regex: + - "ClamAV ([0-9.]+)" diff --git a/network/detection/cql-native-transport.yaml b/network/detection/cql-native-transport.yaml index 34e00e427f..642a10ddb8 100644 --- a/network/detection/cql-native-transport.yaml +++ b/network/detection/cql-native-transport.yaml @@ -1,37 +1,37 @@ -id: cql-native-transport - -info: - name: CQL Native Transport Detect - author: pussycat0x - severity: info - description: | - Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server. - metadata: - verified: true - shodan-query: "cassandra" - tags: network,cassandra,cql - -network: - - inputs: - - data: "/n" - - data: "/n" - - data: "/n" - - data: "/n" - - data: "/n" - - data: "/n" - - data: "/n" - - data: "/n" - - host: - - "{{Hostname}}" - - "{{Host}}:9042" - - matchers: - - type: word - words: - - "valid or unsupported protocol" - - extractors: - - type: regex - regex: - - "protocol version: ([0-9]+)" +id: cql-native-transport + +info: + name: CQL Native Transport Detect + author: pussycat0x + severity: info + description: | + Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server. + metadata: + verified: true + shodan-query: "cassandra" + tags: network,cassandra,cql + +network: + - inputs: + - data: "/n" + - data: "/n" + - data: "/n" + - data: "/n" + - data: "/n" + - data: "/n" + - data: "/n" + - data: "/n" + + host: + - "{{Hostname}}" + - "{{Host}}:9042" + + matchers: + - type: word + words: + - "valid or unsupported protocol" + + extractors: + - type: regex + regex: + - "protocol version: ([0-9]+)" diff --git a/network/detection/esmtp-detect.yaml b/network/detection/esmtp-detect.yaml index aa1d0dc904..7cda41d355 100644 --- a/network/detection/esmtp-detect.yaml +++ b/network/detection/esmtp-detect.yaml @@ -1,30 +1,30 @@ -id: esmtp-detect - -info: - name: ESMTP Detection - author: pussycat0x - severity: info - description: | - ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages - reference: - - https://nmap.org/nsedoc/scripts/smtp-open-relay.html - metadata: - verified: true - shodan-query: 'ESMTP' - tags: network,detect,smtp,mail - -network: - - inputs: - - data: "\n" - - host: - - "{{Hostname}}" - - "{{Host}}:25" - - matchers-condition: and - matchers: - - type: word - words: - - "ESMTP Postfix" - - "220" - condition: and +id: esmtp-detect + +info: + name: ESMTP Detection + author: pussycat0x + severity: info + description: | + ESMTP (Extended Simple Mail Transfer Protocol) specifies extensions to the original protocol for sending e-mail that supports graphics, audio and video files, and text in various national languages + reference: + - https://nmap.org/nsedoc/scripts/smtp-open-relay.html + metadata: + verified: true + shodan-query: 'ESMTP' + tags: network,detect,smtp,mail + +network: + - inputs: + - data: "\n" + + host: + - "{{Hostname}}" + - "{{Host}}:25" + + matchers-condition: and + matchers: + - type: word + words: + - "ESMTP Postfix" + - "220" + condition: and diff --git a/network/detection/gnu-inetutils-ftpd-detect.yaml b/network/detection/gnu-inetutils-ftpd-detect.yaml index 9bde8bacea..1dba45a12f 100644 --- a/network/detection/gnu-inetutils-ftpd-detect.yaml +++ b/network/detection/gnu-inetutils-ftpd-detect.yaml @@ -1,29 +1,29 @@ -id: gnu-inetutils-ftpd-detect - -info: - name: GNU Inetutils FTPd Detect - author: pussycat0x - severity: info - description: | - The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. - metadata: - verified: true - shodan-query: 'product:"GNU Inetutils FTPd"' - tags: network,ftp,smartgateway,gnu,inetutils - -network: - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:21" - - matchers: - - type: word - words: - - "SmartGateway FTP server" - - extractors: - - type: regex - regex: - - "GNU inetutils ([0-9.]+)" +id: gnu-inetutils-ftpd-detect + +info: + name: GNU Inetutils FTPd Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: 'product:"GNU Inetutils FTPd"' + tags: network,ftp,smartgateway,gnu,inetutils + +network: + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + matchers: + - type: word + words: + - "SmartGateway FTP server" + + extractors: + - type: regex + regex: + - "GNU inetutils ([0-9.]+)" diff --git a/network/detection/imap-detect.yaml b/network/detection/imap-detect.yaml index d644e46c7b..caaa842c2e 100644 --- a/network/detection/imap-detect.yaml +++ b/network/detection/imap-detect.yaml @@ -1,28 +1,28 @@ -id: imap-detect - -info: - name: Imap Detection - author: pussycat0x - severity: info - description: | - IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them. - metadata: - verified: true - shodan-query: 'imap' - tags: network,detect,imap,mail - -network: - - inputs: - - data: "\n" - - host: - - "{{Hostname}}" - - "{{Host}}:143" - - matchers-condition: and - matchers: - - type: word - words: - - "OK " - - "IMAP4rev1" - condition: and +id: imap-detect + +info: + name: Imap Detection + author: pussycat0x + severity: info + description: | + IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them. + metadata: + verified: true + shodan-query: 'imap' + tags: network,detect,imap,mail + +network: + - inputs: + - data: "\n" + + host: + - "{{Hostname}}" + - "{{Host}}:143" + + matchers-condition: and + matchers: + - type: word + words: + - "OK " + - "IMAP4rev1" + condition: and diff --git a/network/detection/microsoft-ftp-service.yaml b/network/detection/microsoft-ftp-service.yaml index 2adc3f2da4..0ade65a1fa 100644 --- a/network/detection/microsoft-ftp-service.yaml +++ b/network/detection/microsoft-ftp-service.yaml @@ -1,25 +1,25 @@ -id: microsoft-ftp-service - -info: - name: Microsoft FTP Service Detect - author: pussycat0x - severity: info - description: | - The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. - metadata: - verified: true - shodan-query: "Microsoft FTP Service" - tags: network,ftp,microsoft - -network: - - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:21" - - matchers: - - type: word - words: - - "Microsoft FTP Service" +id: microsoft-ftp-service + +info: + name: Microsoft FTP Service Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: "Microsoft FTP Service" + tags: network,ftp,microsoft + +network: + + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + matchers: + - type: word + words: + - "Microsoft FTP Service" diff --git a/network/detection/mikrotik-ftp-server-detect.yaml b/network/detection/mikrotik-ftp-server-detect.yaml index b61e8b144c..87596f81d5 100644 --- a/network/detection/mikrotik-ftp-server-detect.yaml +++ b/network/detection/mikrotik-ftp-server-detect.yaml @@ -1,30 +1,30 @@ -id: mikrotik-ftp-server-detect - -info: - name: MikroTik FTP server Detect - author: pussycat0x - severity: info - description: | - The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. - metadata: - verified: true - shodan-query: 'product:"MikroTik router ftpd"' - tags: network,ftp,mikrotik,router - -network: - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:21" - - matchers: - - type: word - part: body - words: - - "MikroTik FTP" - - extractors: - - type: regex - regex: - - "MikroTik ([0-9.]+)" +id: mikrotik-ftp-server-detect + +info: + name: MikroTik FTP server Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: 'product:"MikroTik router ftpd"' + tags: network,ftp,mikrotik,router + +network: + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + matchers: + - type: word + part: body + words: + - "MikroTik FTP" + + extractors: + - type: regex + regex: + - "MikroTik ([0-9.]+)" diff --git a/network/detection/proftpd-server-detect.yaml b/network/detection/proftpd-server-detect.yaml index 0c8b7360e8..e30e97cb93 100644 --- a/network/detection/proftpd-server-detect.yaml +++ b/network/detection/proftpd-server-detect.yaml @@ -1,29 +1,29 @@ -id: proftpd-server-detect - -info: - name: ProFTPD Server Detect - author: pussycat0x - severity: info - description: | - The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. - metadata: - verified: true - shodan-query: 'product:"ProFTPD"' - tags: network,ftp,proftpd - -network: - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:21" - - matchers: - - type: word - words: - - "ProFTPD Server" - - extractors: - - type: regex - regex: - - "ProFTPD ([0-9.a-z]+) Server" +id: proftpd-server-detect + +info: + name: ProFTPD Server Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: 'product:"ProFTPD"' + tags: network,ftp,proftpd + +network: + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + matchers: + - type: word + words: + - "ProFTPD Server" + + extractors: + - type: regex + regex: + - "ProFTPD ([0-9.a-z]+) Server" diff --git a/network/detection/rabbitmq-detect.yaml b/network/detection/rabbitmq-detect.yaml index 101377d9bd..0be8785c61 100644 --- a/network/detection/rabbitmq-detect.yaml +++ b/network/detection/rabbitmq-detect.yaml @@ -1,30 +1,30 @@ -id: rabbitmq-detect - -info: - name: RabbitMQ Detection - author: pussycat0x - severity: info - description: | - RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols. - reference: - - https://nmap.org/nsedoc/scripts/amqp-info.html - metadata: - verified: true - shodan-query: product:"RabbitMQ" - tags: network,rabbitmq,oss - -network: - - inputs: - - data: "AMQP\u0000\u0000\t\u0001" - - host: - - "{{Hostname}}" - - "{{Host}}:5672" - - matchers-condition: and - matchers: - - type: word - words: - - "publisher_confirmst" - - "RabbitMQ" - condition: and +id: rabbitmq-detect + +info: + name: RabbitMQ Detection + author: pussycat0x + severity: info + description: | + RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols. + reference: + - https://nmap.org/nsedoc/scripts/amqp-info.html + metadata: + verified: true + shodan-query: product:"RabbitMQ" + tags: network,rabbitmq,oss + +network: + - inputs: + - data: "AMQP\u0000\u0000\t\u0001" + + host: + - "{{Hostname}}" + - "{{Host}}:5672" + + matchers-condition: and + matchers: + - type: word + words: + - "publisher_confirmst" + - "RabbitMQ" + condition: and diff --git a/network/detection/riak-detect.yaml b/network/detection/riak-detect.yaml index 4a89a17828..f710369316 100644 --- a/network/detection/riak-detect.yaml +++ b/network/detection/riak-detect.yaml @@ -1,31 +1,31 @@ -id: riak-detect - -info: - name: Riak Detection - author: pussycat0x - severity: info - description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability. - metadata: - verified: true - shodan-query: product:"Riak" - tags: network,oss - -network: - - inputs: - - data: 0000000107 - type: hex - - host: - - "{{Hostname}}" - - "{{Host}}:8087" - - read-size: 2048 - matchers: - - type: word - words: - - "riak" - - extractors: - - type: regex - regex: - - "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))" +id: riak-detect + +info: + name: Riak Detection + author: pussycat0x + severity: info + description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability. + metadata: + verified: true + shodan-query: product:"Riak" + tags: network,oss + +network: + - inputs: + - data: 0000000107 + type: hex + + host: + - "{{Hostname}}" + - "{{Host}}:8087" + + read-size: 2048 + matchers: + - type: word + words: + - "riak" + + extractors: + - type: regex + regex: + - "riak@([0-9.]+)..([0-9.]+([a-z]+[0-9]))" diff --git a/network/detection/sshd-dropbear-detect.yaml b/network/detection/sshd-dropbear-detect.yaml index 098a24b3ee..c458ae3e73 100644 --- a/network/detection/sshd-dropbear-detect.yaml +++ b/network/detection/sshd-dropbear-detect.yaml @@ -1,30 +1,30 @@ -id: sshd-dropbear-detect - -info: - name: Dropbear sshd Detection - author: pussycat0x - severity: info - description: | - Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems - metadata: - verified: true - shodan-query: 'product:"Dropbear sshd"' - tags: network,ssh,dropbear - -network: - - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:22" - - matchers: - - type: word - words: - - "dropbear" - - extractors: - - type: regex - regex: - - "SSH-([0-9.]+)-dropbear_([0-9.]+)" +id: sshd-dropbear-detect + +info: + name: Dropbear sshd Detection + author: pussycat0x + severity: info + description: | + Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems + metadata: + verified: true + shodan-query: 'product:"Dropbear sshd"' + tags: network,ssh,dropbear + +network: + + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:22" + + matchers: + - type: word + words: + - "dropbear" + + extractors: + - type: regex + regex: + - "SSH-([0-9.]+)-dropbear_([0-9.]+)" diff --git a/network/detection/vmware-authentication-daemon-detect.yaml b/network/detection/vmware-authentication-daemon-detect.yaml index e95b503f7f..18fff5eb7b 100644 --- a/network/detection/vmware-authentication-daemon-detect.yaml +++ b/network/detection/vmware-authentication-daemon-detect.yaml @@ -1,32 +1,32 @@ -id: vmware-authentication-daemon - -info: - name: VMware Authentication Daemon Detection - author: pussycat0x - severity: info - description: | - vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation. - metadata: - verified: true - shodan-query: 'product:"VMware Authentication Daemon"' - tags: network,vmware,authenticated - -network: - - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:902" - - matchers: - - type: word - words: - - "ServerDaemonProtocol:SOAP" - - "MKSDisplayProtocol:VNC" - condition: and - - extractors: - - type: regex - regex: - - "VMware Authentication Daemon Version ([0-9.]+)" +id: vmware-authentication-daemon + +info: + name: VMware Authentication Daemon Detection + author: pussycat0x + severity: info + description: | + vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation. + metadata: + verified: true + shodan-query: 'product:"VMware Authentication Daemon"' + tags: network,vmware,authenticated + +network: + + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:902" + + matchers: + - type: word + words: + - "ServerDaemonProtocol:SOAP" + - "MKSDisplayProtocol:VNC" + condition: and + + extractors: + - type: regex + regex: + - "VMware Authentication Daemon Version ([0-9.]+)" diff --git a/network/detection/xlight-ftp-service-detect.yaml b/network/detection/xlight-ftp-service-detect.yaml index c2092d2355..5ff895ebf3 100644 --- a/network/detection/xlight-ftp-service-detect.yaml +++ b/network/detection/xlight-ftp-service-detect.yaml @@ -1,31 +1,31 @@ -id: xlight-ftp-service-detect - -info: - name: Xlight FTP Service Detect - author: pussycat0x - severity: info - description: | - The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. - metadata: - verified: true - shodan-query: 'product:"Xlight ftpd"' - tags: network,ftp,xlight - -network: - - - inputs: - - data: "\n" - host: - - "{{Hostname}}" - - "{{Host}}:21" - - matchers: - - type: word - part: body - words: - - "Xlight FTP Server" - - extractors: - - type: regex - regex: - - "Xlight FTP Server ([0-9.]+)" +id: xlight-ftp-service-detect + +info: + name: Xlight FTP Service Detect + author: pussycat0x + severity: info + description: | + The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. + metadata: + verified: true + shodan-query: 'product:"Xlight ftpd"' + tags: network,ftp,xlight + +network: + + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Host}}:21" + + matchers: + - type: word + part: body + words: + - "Xlight FTP Server" + + extractors: + - type: regex + regex: + - "Xlight FTP Server ([0-9.]+)" diff --git a/ssl/weak-cipher-suites.yaml b/ssl/weak-cipher-suites.yaml index df065b42ff..e3f76814ef 100644 --- a/ssl/weak-cipher-suites.yaml +++ b/ssl/weak-cipher-suites.yaml @@ -1,858 +1,858 @@ -id: weak-cipher-suites - -info: - name: Weak Cipher Suites Detection - author: pussycat0x - severity: medium - reference: - - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ - - http://ciphersuite.info - description: - A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key - in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken. - tags: ssl,tls,misconfig - -ssl: - - address: "{{Host}}:{{Port}}" - min_version: tls10 - max_version: tls10 - - extractors: - - type: dsl - dsl: - - "tls_version, cipher" - - matchers: - - type: word - part: cipher - words: - - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_IDEA_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_RSA_WITH_AES_128_CCM" - - "TLS_RSA_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CBC_SHA" - - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_128_CCM_8" - - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_CCM_8" - - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CCM_8" - - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_PSK_WITH_AES_128_CCM" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CCM_8" - - "TLS_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_KRB5_WITH_IDEA_CBC_SHA" - condition: or - - - address: "{{Host}}:{{Port}}" - min_version: tls11 - max_version: tls11 - - extractors: - - type: dsl - dsl: - - "tls_version, cipher" - - matchers: - - type: word - part: cipher - words: - - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_IDEA_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_RSA_WITH_AES_128_CCM" - - "TLS_RSA_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CBC_SHA" - - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_128_CCM_8" - - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_CCM_8" - - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CCM_8" - - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_PSK_WITH_AES_128_CCM" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CCM_8" - - "TLS_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_KRB5_WITH_IDEA_CBC_SHA" - condition: or - - - address: "{{Host}}:{{Port}}" - min_version: tls12 - max_version: tls12 - - extractors: - - type: dsl - dsl: - - "tls_version, cipher" - - matchers: - - type: word - part: cipher - words: - - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_IDEA_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_RSA_WITH_AES_128_CCM" - - "TLS_RSA_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CBC_SHA" - - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_128_CCM_8" - - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_CCM_8" - - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CCM_8" - - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_PSK_WITH_AES_128_CCM" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CCM_8" - - "TLS_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_KRB5_WITH_IDEA_CBC_SHA" - condition: or - - - address: "{{Host}}:{{Port}}" - min_version: tls13 - max_version: tls13 - - extractors: - - type: dsl - dsl: - - "tls_version, cipher" - - matchers: - - type: word - part: cipher - words: - - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_IDEA_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DH_RSA_WITH_SEED_CBC_SHA" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" - - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_RSA_WITH_AES_128_CCM" - - "TLS_RSA_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CBC_SHA" - - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_SEED_CBC_SHA" - - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_AES_128_CCM_8" - - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_CCM_8" - - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" - - "TLS_RSA_WITH_AES_128_CCM_8" - - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_PSK_WITH_AES_128_CCM" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" - - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" - - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" - - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" - - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" - - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" - - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" - - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_RSA_WITH_AES_256_CBC_SHA256" - - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" - - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" - - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" - - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" - - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_PSK_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_GCM_SHA384" - - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" - - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" - - "TLS_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_RSA_WITH_SEED_CBC_SHA" - - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" - - "TLS_PSK_WITH_AES_256_CCM" - - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" - - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" - - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" - - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" - - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" - - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" - - "TLS_PSK_WITH_AES_256_CCM_8" - - "TLS_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" - - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" - - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" - - "TLS_KRB5_WITH_IDEA_CBC_SHA" - condition: or +id: weak-cipher-suites + +info: + name: Weak Cipher Suites Detection + author: pussycat0x + severity: medium + reference: + - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/ + - http://ciphersuite.info + description: + A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key + in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken. + tags: ssl,tls,misconfig + +ssl: + - address: "{{Host}}:{{Port}}" + min_version: tls10 + max_version: tls10 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_IDEA_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DH_RSA_WITH_SEED_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_WITH_AES_128_CCM" + - "TLS_RSA_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CBC_SHA" + - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_SEED_CBC_SHA" + - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_128_CCM_8" + - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_CCM_8" + - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CCM_8" + - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_PSK_WITH_AES_128_CCM" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CCM_8" + - "TLS_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_KRB5_WITH_IDEA_CBC_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls11 + max_version: tls11 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_IDEA_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DH_RSA_WITH_SEED_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_WITH_AES_128_CCM" + - "TLS_RSA_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CBC_SHA" + - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_SEED_CBC_SHA" + - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_128_CCM_8" + - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_CCM_8" + - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CCM_8" + - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_PSK_WITH_AES_128_CCM" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CCM_8" + - "TLS_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_KRB5_WITH_IDEA_CBC_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls12 + max_version: tls12 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_IDEA_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DH_RSA_WITH_SEED_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_WITH_AES_128_CCM" + - "TLS_RSA_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CBC_SHA" + - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_SEED_CBC_SHA" + - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_128_CCM_8" + - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_CCM_8" + - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CCM_8" + - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_PSK_WITH_AES_128_CCM" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CCM_8" + - "TLS_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_KRB5_WITH_IDEA_CBC_SHA" + condition: or + + - address: "{{Host}}:{{Port}}" + min_version: tls13 + max_version: tls13 + + extractors: + - type: dsl + dsl: + - "tls_version, cipher" + + matchers: + - type: word + part: cipher + words: + - "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_IDEA_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DH_RSA_WITH_SEED_CBC_SHA" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_DHE_DSS_WITH_SEED_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" + - "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_RSA_WITH_AES_128_CCM" + - "TLS_RSA_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CBC_SHA" + - "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_SEED_CBC_SHA" + - "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_AES_128_CCM_8" + - "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_ARIA_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_CCM_8" + - "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DHE_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - "TLS_RSA_WITH_AES_128_CCM_8" + - "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_PSK_WITH_AES_128_CCM" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" + - "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + - "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" + - "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" + - "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" + - "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" + - "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_PSK_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" + - "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" + - "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_RSA_WITH_AES_256_CBC_SHA256" + - "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" + - "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_PSK_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_ARIA_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_GCM_SHA384" + - "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" + - "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" + - "TLS_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_RSA_WITH_SEED_CBC_SHA" + - "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_PSK_WITH_AES_256_CCM" + - "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" + - "TLS_DH_RSA_WITH_AES_256_CBC_SHA" + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" + - "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" + - "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" + - "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" + - "TLS_PSK_WITH_AES_256_CCM_8" + - "TLS_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" + - "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" + - "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" + - "TLS_KRB5_WITH_IDEA_CBC_SHA" + condition: or diff --git a/technologies/xerox-workcentre-detect.yaml b/technologies/xerox-workcentre-detect.yaml index d55012c6b6..c6610fcdff 100644 --- a/technologies/xerox-workcentre-detect.yaml +++ b/technologies/xerox-workcentre-detect.yaml @@ -1,28 +1,28 @@ -id: xerox-workcentre-detect - -info: - name: Xerox Workcentre Detect - author: pussycat0x - severity: info - metadata: - verified: true - shodan-query: title:"XEROX WORKCENTRE" - tags: tech,xerox,workcentre - -requests: - - method: GET - path: - - "{{BaseURL}}/index.dhtml" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "XEROX WORKCENTRE" - - "/header.php?tab=status" - condition: and - - - type: status - status: - - 200 +id: xerox-workcentre-detect + +info: + name: Xerox Workcentre Detect + author: pussycat0x + severity: info + metadata: + verified: true + shodan-query: title:"XEROX WORKCENTRE" + tags: tech,xerox,workcentre + +requests: + - method: GET + path: + - "{{BaseURL}}/index.dhtml" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "XEROX WORKCENTRE" + - "/header.php?tab=status" + condition: and + + - type: status + status: + - 200