From a6b9cacf295efa7e6a851df76798127c7c624c41 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:04:44 +0530 Subject: [PATCH 1/3] Create rsync-list-modules.yaml --- .../enumeration/rsync/rsync-list-modules.yaml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 javascript/enumeration/rsync/rsync-list-modules.yaml diff --git a/javascript/enumeration/rsync/rsync-list-modules.yaml b/javascript/enumeration/rsync/rsync-list-modules.yaml new file mode 100644 index 0000000000..e4a8a069a4 --- /dev/null +++ b/javascript/enumeration/rsync/rsync-list-modules.yaml @@ -0,0 +1,38 @@ +id: rsync-list-modules + +info: + name: Rsync List Modules + author: pussycat0x + severity: low + description: | + Lists modules available for rsync (remote file sync) synchronization. + reference: + - https://nmap.org/nsedoc/scripts/rsync-list-modules.html + metadata: + verified: true + shodan-query: port:873 + max-request: 1 + tags: network,rsync,enum + +javascript: + - code: | + const c = require("nuclei/net"); + let s = "@RSYNCD: 31.0\n\n" + let conn = c.Open('tcp', `${Host}:${Port}`); + conn.Send(s); + response =(conn.RecvString(1024)) + response; + + args: + Host: "{{Host}}" + Port: 873 + + matchers: + - type: word + words: + - "RSYNCD: " + + extractors: + - type: regex + regex: + - '(.*)' From fdc1b1fc9e11e788644a1734289b7f4a2c9c7597 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Wed, 5 Jun 2024 00:15:52 +0530 Subject: [PATCH 2/3] Update rsync-list-modules.yaml --- .../enumeration/rsync/rsync-list-modules.yaml | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/javascript/enumeration/rsync/rsync-list-modules.yaml b/javascript/enumeration/rsync/rsync-list-modules.yaml index e4a8a069a4..c43f98be8d 100644 --- a/javascript/enumeration/rsync/rsync-list-modules.yaml +++ b/javascript/enumeration/rsync/rsync-list-modules.yaml @@ -1,7 +1,7 @@ id: rsync-list-modules info: - name: Rsync List Modules + name: Rsync List Modules - Enumeration author: pussycat0x severity: low description: | @@ -17,22 +17,26 @@ info: javascript: - code: | const c = require("nuclei/net"); - let s = "@RSYNCD: 31.0\n\n" - let conn = c.Open('tcp', `${Host}:${Port}`); - conn.Send(s); - response =(conn.RecvString(1024)) - response; + const data = "@RSYNCD: 31.0\n\n" + const conn = c.Open('tcp', `${Host}:${Port}`); + conn.Send(data); + response = conn.RecvFullString(1024) + const rsyncRegex = /@RSYNCD: EXIT|@RSYNCD: 31.0|@RSYNCD:|@RSYNCD: 30.0/g; + const resultString = response.replace(rsyncRegex, ""); + const whitespaceRegex = /[\s\t\n]+/g; + const finalResult = resultString.replace(whitespaceRegex, " "); + if (finalResult.trim() === "") { + exit(); + } + else{ + finalResult + } args: Host: "{{Host}}" Port: 873 - matchers: - - type: word - words: - - "RSYNCD: " - extractors: - - type: regex - regex: - - '(.*)' + - type: dsl + dsl: + - response From b863517f2d7722db052c767ed56c01a57e53cd64 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Wed, 5 Jun 2024 13:46:50 +0530 Subject: [PATCH 3/3] FP -fix --- javascript/enumeration/rsync/rsync-list-modules.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/javascript/enumeration/rsync/rsync-list-modules.yaml b/javascript/enumeration/rsync/rsync-list-modules.yaml index c43f98be8d..a28adb1228 100644 --- a/javascript/enumeration/rsync/rsync-list-modules.yaml +++ b/javascript/enumeration/rsync/rsync-list-modules.yaml @@ -36,6 +36,12 @@ javascript: Host: "{{Host}}" Port: 873 + matchers: + - type: word + negative: true + words: + - "HTTP/1.1" + extractors: - type: dsl dsl: