misc fix

network/detection/bgp-detect.yaml

@@ -4,7 +4,6 @@ info:
   name: BGP Detection
   author: danfaizer
   severity: info
-  tags: network,bgp,detect
   description: |
     The remote host is running BGP, a popular routing protocol. This indicates that the remote host is probably a network router.
   impact: |
@@ -16,10 +15,14 @@ info:
   reference:
     - https://www.acunetix.com/vulnerabilities/network/vulnerability/bgp-detection/
     - https://www.tenable.com/plugins/nessus/11907
+  metadata:
+    shodan-query: product:"BGP"
+  tags: network,bgp
 
 tcp:
   - inputs:
       - data: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF001D010400FFFF0000B4C0
+        type: hex
         # Source: https://www.rfc-editor.org/rfc/rfc4271.html#section-4.2
         # FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF represents the 16-byte marker field.
         # 001D is the total length of the BGP message, including the 19 bytes of the header and the optional parameters.
@@ -28,17 +31,14 @@ tcp:
         # FFFF represents the Autonomous System Number (ASN) in hexadecimal format.
         # 0000 represents the Hold Time.
         # B4C0 represents the BGP Identifier, usually an IP address in hexadecimal format.
-        type: hex
-        name: resp
 
     host:
       - "{{Hostname}}"
-      - "{{Host}}:179"
+    port: 179
 
     read-size: 16
-
     matchers:
       - type: word
         encoding: hex
         words:
-          - "ffffffffffffffffffffffffffffffff"
+          - "ffffffffffffffffffffffffffffffff"