misc fix

2023-09-29 14:51:39 +05:30 · 2023-09-29 14:51:39 +05:30 · 9fa9792dbf
parent e109f59372
commit 9fa9792dbf
1 changed files with 6 additions and 6 deletions
--- a/network/detection/bgp-detect.yaml
+++ b/network/detection/bgp-detect.yaml
@ -4,7 +4,6 @@ info:
  name: BGP Detection
  author: danfaizer
  severity: info
-  tags: network,bgp,detect
  description: |
    The remote host is running BGP, a popular routing protocol. This indicates that the remote host is probably a network router.
  impact: |
@ -16,10 +15,14 @@ info:
  reference:
    - https://www.acunetix.com/vulnerabilities/network/vulnerability/bgp-detection/
    - https://www.tenable.com/plugins/nessus/11907
+  metadata:
+    shodan-query: product:"BGP"
+  tags: network,bgp

 tcp:
  - inputs:
      - data: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF001D010400FFFF0000B4C0
+        type: hex
        # Source: https://www.rfc-editor.org/rfc/rfc4271.html#section-4.2
        # FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF represents the 16-byte marker field.
        # 001D is the total length of the BGP message, including the 19 bytes of the header and the optional parameters.
@ -28,17 +31,14 @@ tcp:
        # FFFF represents the Autonomous System Number (ASN) in hexadecimal format.
        # 0000 represents the Hold Time.
        # B4C0 represents the BGP Identifier, usually an IP address in hexadecimal format.
-        type: hex
-        name: resp

    host:
      - "{{Hostname}}"
-      - "{{Host}}:179"
+    port: 179

    read-size: 16
-
    matchers:
      - type: word
        encoding: hex
        words:
-          - "ffffffffffffffffffffffffffffffff"
+          - "ffffffffffffffffffffffffffffffff"