Update Log4j Templates

2023-11-17 14:18:58 +05:30 · 2023-11-17 14:18:58 +05:30 · a595c18890
parent 95b353d660
commit a595c18890
23 changed files with 196 additions and 149 deletions
--- a/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
+++ b/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
@ -42,20 +42,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a0047304502210088e1907aed2400c16dddc15cb7daf17a5c2903afab589a4ed9c73920960dd65002200e9d0783be00a60dd6478f1d96341a3f7c75be507e3918692a2c294c08dd9ec6:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml
+++ b/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml
@ -48,27 +48,29 @@ http:
          - 'org.apache.solr'

      - type: word
-        part: interactsh_protocol
+        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"

      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100cefef13addf96296fdd8fea08ffd169f67f438b1ef7870e260438d56eed72f3f022100cfd84a6197bcd25bf03a226b6d8b9cf54a21874462861ff819bbe18e65812ef3:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml
+++ b/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml
@ -39,33 +39,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: body
        words:
          - "<title>Jamf Pro Login</title>"

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 490a0046304402205b2056f3a84d81394ed947272bb7bc9a6dc51d147245f45d8d2cba5b2e60036002206cffea329b822e38376403acb3ee666baa2a96c4276f08e31e67b2b2e0eb449c:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml
+++ b/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml
@ -38,33 +38,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: header
        words:
          - 'X-RateLimit-Limit-suite-gateway_suite-auth'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 490a0046304402204e5c4bf14db31e83a180ee8011d815277cbd6fe7d5f1a35dfdfc752dd006ec4c02205300af3af61398fde0b2fcb756d91c5fad13f89e126d902194e1c93340e56355:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/fortiportal-log4j-rce.yaml
+++ b/http/vulnerabilities/other/fortiportal-log4j-rce.yaml
@ -44,20 +44,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a00473045022100f3bf84e360e227757634c742cea262479d81b68e34cb0a6fc2c0ec24ec32a38102206118cc674784801bdaba22eae08223d4d6265880e6fd24b6b33d2aea47bb634e:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml
+++ b/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml
@ -49,9 +49,25 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
+      - type: kval
+        kval:
+          - interactsh_ip
+
+      - type: regex
+        part: interactsh_request
+        group: 2
+        regex:
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
+
+      - type: regex
+        part: interactsh_request
+        group: 1
+        regex:
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
+
      - type: regex
        name: view
        group: 1
@ -60,17 +76,4 @@ http:
        internal: true
        part: body

-      - type: kval
-        kval:
-
-
-      - type: regex
-        group: 2
-        regex:
-        part: interactsh_request
-
-      - type: regex
-        group: 1
-        regex:
-        part: interactsh_request
 # digest: 4a0a00473045022100c0b271fc9abb559b0aac7daec9c977613e81183ba5b56354df346b5b9006701702206f7f2d66fe682b56aa3fe398aa262259397c114cb41e143fb325e17231040629:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/graylog-log4j.yaml
+++ b/http/vulnerabilities/other/graylog-log4j.yaml
@ -39,33 +39,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: header
        words:
          - 'X-Graylog-Node-Id:'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100bc847079e8da5f2a7f4ea2d4be0421293e57f3dbe1cd8af44eaa282cb60b6ef1022100e9b9eaba643077c568882059105f82f989fdc45a28c2f6bb7c84709b3fd9c552:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml
+++ b/http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml
@ -40,20 +40,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a0047304502210098f210f53e4408d2a68813534aed74fd0e242910073383c99617f3932df061b70220134c22181e4c693790aa1aa7d8c364636a139e132c2e25d502d130cc8a2c4e7c:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/logstash-log4j-rce.yaml
+++ b/http/vulnerabilities/other/logstash-log4j-rce.yaml
@ -40,20 +40,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 490a0046304402203e9e0b6d4ece591457ba02078338707b74275521dfc273279f984634d9a4a3a10220689830404907a9b6dd857b2ebec6494f14d3da6084c91c67d828dc16df2d85c8:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/metabase-log4j.yaml
+++ b/http/vulnerabilities/other/metabase-log4j.yaml
@ -30,33 +30,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: body
        words:
          - 'Invalid GeoJSON file location:'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a00473045022100c50df0e7feaff80c973fcb2bcfa311b017820f983ad3312f411e8e5e34bef6c40220135efb71cb0f732eae3a01127d897e6db7681ad7328a5cfccb2309cc12016235:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml
+++ b/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml
@ -44,20 +44,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100ad9e04f18f29293c12461bf90042fbdbb3368b564e5e8ad6cda96360a0c2eeff022100a755cb774e7dae7c5d497165f8adce0aea2fec0546e53f64f1f54c0b056112f7:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/pega-log4j-rce.yaml
+++ b/http/vulnerabilities/other/pega-log4j-rce.yaml
@ -47,27 +47,29 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: kval
+        name: location
+        part: header_1
        kval:
          - location
        internal: true
-        name: location
-        part: header_1
 # digest: 490a0046304402205fb4eb66590eaa65eb66290ca57902ebe46b44ead624908b6448035475dafa2f02203bec250351443c84085c94cffc27ec22543f96af86e1d0956d51b5b56739b9cf:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/rundeck-log4j.yaml
+++ b/http/vulnerabilities/other/rundeck-log4j.yaml
@ -37,33 +37,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: location
        words:
          - '{{BaseURL}}/user/error'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 490a00463044022020defcd8f7f383804a17173a074cb4ebd11b9bc3c8d4930c5e8badb6f7cc321f0220357d28b5ebfd939931bbf7cd46d967502b4b413fd2baace17de76787303b3d25:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yaml
+++ b/http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yaml
@ -47,20 +47,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100a470b037cca85730de63fecdfb39f865721fe525eb297fb501a4a9c5ecd98684022100d216e7b5ef37d3a0fba53af079905e2547ca2bce6258df2a8426fcf5d74aa776:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml
+++ b/http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml
@ -45,20 +45,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a00473045022100d5db89b935a8fafc3db2fc56c38abf53d78f9c578e65ade1c9674979eef53a6d02201deb8a759efbe552d5bbc5b003084a79e3bc16d6fe0e516a5f34c5dce433d420:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/unifi-network-log4j-rce.yaml
+++ b/http/vulnerabilities/other/unifi-network-log4j-rce.yaml
@ -39,27 +39,29 @@ http:
    matchers-condition: and
    matchers:
      - type: word
-        part: interactsh_protocol
+        part: interactsh_protocol # Confirms the DNS Interaction
        words:
-          - "dns" # Confirms the DNS Interaction
+          - "dns"

      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100dda4748c06e68e7584bbf19667f467b1eb39fe975af429bd4ec5b64273394ce1022100ffa1472e3d87796883146b1439715a37bf1a0d8fe728cdf1d84bbe0c116fea52:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml
+++ b/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml
@ -31,33 +31,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: body
        words:
          - '<title>Error - Site Recovery</title>'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a004730450221008bbf8fea272104f5df9e10c518ea4df66beb781fed40dad4ade30aa2fdee511702200172b3cddff074a950e78583211d9931fa13e40040f2791e9e62b36a6df16f8d:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/other/xenmobile-server-log4j.yaml
+++ b/http/vulnerabilities/other/xenmobile-server-log4j.yaml
@ -37,33 +37,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: body
        words:
          - '<h1>500 Server Internal Error'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a004730450221008a9b07a828bc56088ded57baae1caae463d98c877693ef95048f0b483e9f4cad0220597d8f8b37a7d25ab041d4505c036cfeeb7b9921da2076dcf0aa51a47d58ac8a:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/springboot/springboot-log4j-rce.yaml
+++ b/http/vulnerabilities/springboot/springboot-log4j-rce.yaml
@ -40,20 +40,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a00483046022100cf65a3bd6606dbae8acee59a4593ce5d4d2c4a20d9ac599ed08f1e0dc8ac62c7022100f40f0c5a092b3b17a94ce3332b71bcff3ef2a295b965b9178c5d9d734a5647fa:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml
+++ b/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml
@ -49,20 +49,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 490a00463044022044471791ad8e6d7840a5c6ba37c4014e5411d54fc7f425c068fb8e2bd6528ec00220776bb29e5970f8d2bab09d1e0620e15a54bf874a163f59bc8ee84ac30c1d7404:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml
+++ b/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml
@ -37,33 +37,35 @@ http:

    matchers-condition: and
    matchers:
-      - type: word
-        part: interactsh_protocol # Confirms the DNS Interaction
-        words:
-          - "dns"
-
      - type: word
        part: location
        words:
          - '/login.jsp?login_error=1'

+      - type: word
+        part: interactsh_protocol # Confirms the DNS Interaction
+        words:
+          - "dns"
+
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4b0a004830460221008d7d00dc839c7689c21aeb46ee294a97ca65414a521ad162bfcc6c0dd2901d4c022100f96346b109721448fc5ee67a3469c0a2a913bcd494fdd6a7d097750e5ba64278:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml
+++ b/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml
@ -53,20 +53,22 @@ http:
      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a00473045022100b1709d01ecdd28e0e2d79db30c476827e2ca88759cbc4606e25c4689a88ddc12022058fea90249f0175d7d2b12a31c6996e65722248e77d7ab92e99a42eed7f3c04f:922c64590222798bb761d5b6d8e72950
--- a/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml
+++ b/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml
@ -40,27 +40,29 @@ http:
    matchers-condition: and
    matchers:
      - type: word
-        part: interactsh_protocol
+        part: interactsh_protocol # Confirms the DNS Interaction
        words:
-          - "dns" # Confirms the DNS Interaction
+          - "dns"

      - type: regex
        part: interactsh_request
        regex:
-
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

    extractors:
      - type: kval
        kval:
-
+          - interactsh_ip

      - type: regex
+        part: interactsh_request
        group: 2
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'

      - type: regex
+        part: interactsh_request
        group: 1
        regex:
-        part: interactsh_request
+          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
 # digest: 4a0a00473045022100955fc9cfb6a98cd3b34e6c9ebf1ba97a8e63456f8a030c1663f582913dfe0add02204043b64f7f09bcf8dee2b78f90dad14e8e0ae3aaeecd6cee9e7f8d79944e1b60:922c64590222798bb761d5b6d8e72950