Added 3cx-phone-management-panel.yaml (#4015)

* Added 3cx-phone-management-panel.yaml Added 3cx-phone-management-panel.yaml and 3cx-phone-webclient-management-panel.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-04-01 00:16:53 +07:00 · 2022-04-01 00:16:53 +07:00 · a0a13907fe
parent 970d2e8923
commit a0a13907fe
3 changed files with 56 additions and 0 deletions
--- a/exposed-panels/3cx-phone-management-panel.yaml
+++ b/exposed-panels/3cx-phone-management-panel.yaml
@ -0,0 +1,28 @@
+id: 3cx-phone-management-panel
+
+info:
+  name: 3CX Phone System Management Console Detect
+  author: idealphase
+  severity: info
+  reference:
+    - https://www.3cx.com/
+    - https://www.3cx.com/phone-system/
+    - https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
+  metadata:
+    shodan-query:
+      - http.title:"3CX Phone System Management Console"
+      - http.favicon.hash:970132176
+    google-query: intitle:"3CX Phone System Management Console"
+  tags: panel,3cx
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "3CX Phone System Management Console"
+          - "Welcome to the 3CX Management Console"
+        condition: or
--- a/exposed-panels/3cx-phone-webclient-management-panel.yaml
+++ b/exposed-panels/3cx-phone-webclient-management-panel.yaml
@ -0,0 +1,26 @@
+id: 3cx-phone-webclient-management-panel
+
+info:
+  name: 3CX Phone System Webclient Management Console
+  author: idealphase
+  severity: info
+  reference:
+    - https://www.3cx.com/phone-system/
+    - https://www.3cx.com/blog/unified-communications/client-apps/
+    - https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
+  metadata:
+    shodan-query: http.title:"3CX Webclient"
+    google-query: intitle:"3CX Webclient"
+  tags: panel,3cx
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/webclient/'
+
+    matchers:
+      - type: word
+        words:
+          - " <title>3CX Webclient</title>"
+          - '<meta name="description" content="3CX">'
+        condition: or
--- a/technologies/favicon-detection.yaml
+++ b/technologies/favicon-detection.yaml
@ -445,6 +445,8 @@ requests:
        name: "3cx-phone-system"
        dsl:
          - "status_code==200 && (\"970132176\" == mmh3(base64_py(body)))"
+          - "status_code==200 && (\"970132176\" == mmh3(base64_py(body)))"
+        condition: or

      - type: dsl
        name: "bluehost"