From 7756e6b7d796ae9441b80dc054ff80c50427ef0e Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 23 Sep 2021 23:06:55 +0530 Subject: [PATCH 1/3] iPlanet Messaging imap detection --- network/iplanet-messaging-imap-detect.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 network/iplanet-messaging-imap-detect.yaml diff --git a/network/iplanet-messaging-imap-detect.yaml b/network/iplanet-messaging-imap-detect.yaml new file mode 100644 index 0000000000..2a6e89789a --- /dev/null +++ b/network/iplanet-messaging-imap-detect.yaml @@ -0,0 +1,18 @@ +id: iplanet-messaging-imap-detect +info: + name: iplanet messaging imap protocol + author: pussycat0x + severity: info + tags: network,imap + metadata: + fofa-dork: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"' +network: + - inputs: + - data: "\n" + host: + - "{{Hostname}}" + - "{{Hostname}}:110" + matchers: + - type: word + words: + - "iPlanet Messaging Server" \ No newline at end of file From 628753660cd8d7da13fab5181f85d9b4cf7e7f83 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 24 Sep 2021 15:40:17 +0530 Subject: [PATCH 2/3] misc update --- ...messaging-imap-detect.yaml => iplanet-imap-detect.yaml} | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename network/{iplanet-messaging-imap-detect.yaml => iplanet-imap-detect.yaml} (62%) diff --git a/network/iplanet-messaging-imap-detect.yaml b/network/iplanet-imap-detect.yaml similarity index 62% rename from network/iplanet-messaging-imap-detect.yaml rename to network/iplanet-imap-detect.yaml index 2a6e89789a..620e268f02 100644 --- a/network/iplanet-messaging-imap-detect.yaml +++ b/network/iplanet-imap-detect.yaml @@ -1,17 +1,20 @@ -id: iplanet-messaging-imap-detect +id: iplanet-imap-detect + info: name: iplanet messaging imap protocol author: pussycat0x severity: info tags: network,imap metadata: - fofa-dork: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"' + fofa-dork: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"' + network: - inputs: - data: "\n" host: - "{{Hostname}}" - "{{Hostname}}:110" + matchers: - type: word words: From 811f323f65eb9881a2444719e0a8a192a9df3881 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 25 Sep 2021 00:59:45 +0530 Subject: [PATCH 3/3] Update iplanet-imap-detect.yaml --- network/iplanet-imap-detect.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/network/iplanet-imap-detect.yaml b/network/iplanet-imap-detect.yaml index 620e268f02..b07a370e39 100644 --- a/network/iplanet-imap-detect.yaml +++ b/network/iplanet-imap-detect.yaml @@ -4,9 +4,9 @@ info: name: iplanet messaging imap protocol author: pussycat0x severity: info - tags: network,imap metadata: fofa-dork: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"' + tags: network,imap network: - inputs: @@ -18,4 +18,10 @@ network: matchers: - type: word words: - - "iPlanet Messaging Server" \ No newline at end of file + - "iPlanet Messaging Server" + + extractors: + - type: regex + part: body + regex: + - "iPlanet Messaging Server ([0-9.]+)"