From 5d478d5e10dc6238a537ecd0010f6ad787429e24 Mon Sep 17 00:00:00 2001 From: Lucky-Pulse Date: Mon, 11 Mar 2024 11:16:50 +1300 Subject: [PATCH 1/5] Added 2 templates to detect X-AspNetMvc-Version and X-AspNet-Version headers --- .../x-aspnet-version-disclosure.yaml | 35 +++++++++++++++++++ .../x-aspnetmvc-version-disclosure.yaml | 35 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 http/technologies/microsoft/x-aspnet-version-disclosure.yaml create mode 100644 http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml diff --git a/http/technologies/microsoft/x-aspnet-version-disclosure.yaml b/http/technologies/microsoft/x-aspnet-version-disclosure.yaml new file mode 100644 index 0000000000..9ed4b7ed89 --- /dev/null +++ b/http/technologies/microsoft/x-aspnet-version-disclosure.yaml @@ -0,0 +1,35 @@ +id: AspNet-Version-disclosure +info: + name: AspNet-Version-disclosure + author: lucky0x0d,PulseSecurity.co.nz + severity: info + description: | + Detects version disclosed via X-AspNet-Version: header + tags: technology, detection, tech-detect + metadata: + max-request: 1 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + +http: + - method: GET + path: + - "{{BaseURL}}" + + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + dsl: + - "regex('(?i)X-AspNet-Version', header)" + - "status_code != 301 && status_code != 302" + condition: and + + extractors: + - type: kval + kval: + - X_AspNet_Version diff --git a/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml b/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml new file mode 100644 index 0000000000..f7aaf034dc --- /dev/null +++ b/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml @@ -0,0 +1,35 @@ +id: AspNetMvc-Version-disclosure +info: + name: AspNetMvc-Version-disclosure + author: lucky0x0d,PulseSecurity.co.nz + severity: info + description: | + Detects version disclosed via X-AspNetMvc-Version: header + tags: technology, detection, tech-detect + metadata: + max-request: 1 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + +http: + - method: GET + path: + - "{{BaseURL}}" + + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + dsl: + - "regex('(?i)X-AspNetMvc-Version', header)" + - "status_code != 301 && status_code != 302" + condition: and + + extractors: + - type: kval + kval: + - X_AspNetMvc_Version From 1f8dcf63a9832c19586547fee8199a93d874c99d Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 15 Mar 2024 19:05:20 +0530 Subject: [PATCH 2/5] Update and rename x-aspnet-version-disclosure.yaml to x-aspnet-version-detect.yaml --- ...sure.yaml => x-aspnet-version-detect.yaml} | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) rename http/technologies/microsoft/{x-aspnet-version-disclosure.yaml => x-aspnet-version-detect.yaml} (58%) diff --git a/http/technologies/microsoft/x-aspnet-version-disclosure.yaml b/http/technologies/microsoft/x-aspnet-version-detect.yaml similarity index 58% rename from http/technologies/microsoft/x-aspnet-version-disclosure.yaml rename to http/technologies/microsoft/x-aspnet-version-detect.yaml index 9ed4b7ed89..340e5db4fe 100644 --- a/http/technologies/microsoft/x-aspnet-version-disclosure.yaml +++ b/http/technologies/microsoft/x-aspnet-version-detect.yaml @@ -1,17 +1,20 @@ -id: AspNet-Version-disclosure +id: x-aspnet-version-detect + info: - name: AspNet-Version-disclosure + name: AspNet Version Disclosure - Detect author: lucky0x0d,PulseSecurity.co.nz severity: info description: | - Detects version disclosed via X-AspNet-Version: header - tags: technology, detection, tech-detect - metadata: - max-request: 1 + Detects version disclosed via 'X-AspNet-Version' header. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 + metadata: + max-request: 1 + verified: true + shodan-query: "X-AspNet-Version" + tags: tech,detect,aspnet http: - method: GET @@ -21,13 +24,10 @@ http: host-redirects: true max-redirects: 3 - matchers-condition: or matchers: - type: dsl dsl: - - "regex('(?i)X-AspNet-Version', header)" - - "status_code != 301 && status_code != 302" - condition: and + - 'contains(tolower(header), "x-aspnet-version")' extractors: - type: kval From 927494ab8b4acd22ec3ee3b95e2222c5b9708b02 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 15 Mar 2024 19:06:24 +0530 Subject: [PATCH 3/5] Rename x-aspnet-version-detect.yaml to aspnet-version-detect.yaml --- .../{x-aspnet-version-detect.yaml => aspnet-version-detect.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename http/technologies/microsoft/{x-aspnet-version-detect.yaml => aspnet-version-detect.yaml} (100%) diff --git a/http/technologies/microsoft/x-aspnet-version-detect.yaml b/http/technologies/microsoft/aspnet-version-detect.yaml similarity index 100% rename from http/technologies/microsoft/x-aspnet-version-detect.yaml rename to http/technologies/microsoft/aspnet-version-detect.yaml From 549ce430a59b3350ab62510275fb9206705bf4e3 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 15 Mar 2024 19:13:34 +0530 Subject: [PATCH 4/5] Update and rename x-aspnetmvc-version-disclosure.yaml to aspnetmvc-version-disclosure.yaml --- ...yaml => aspnetmvc-version-disclosure.yaml} | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) rename http/technologies/microsoft/{x-aspnetmvc-version-disclosure.yaml => aspnetmvc-version-disclosure.yaml} (52%) diff --git a/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml b/http/technologies/microsoft/aspnetmvc-version-disclosure.yaml similarity index 52% rename from http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml rename to http/technologies/microsoft/aspnetmvc-version-disclosure.yaml index f7aaf034dc..c5884c6a27 100644 --- a/http/technologies/microsoft/x-aspnetmvc-version-disclosure.yaml +++ b/http/technologies/microsoft/aspnetmvc-version-disclosure.yaml @@ -1,33 +1,33 @@ -id: AspNetMvc-Version-disclosure +id: aspnetmvc-version-disclosure + info: - name: AspNetMvc-Version-disclosure + name: AspNetMvc Version - Detect author: lucky0x0d,PulseSecurity.co.nz severity: info description: | - Detects version disclosed via X-AspNetMvc-Version: header - tags: technology, detection, tech-detect - metadata: - max-request: 1 + Detects version disclosed via 'X-AspNetMvc-Version' header. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 + metadata: + max-request: 1 + verified: true + shodan-query: "X-AspNetMvc-Version" + tags: aspnetmvc,tech,detect http: - method: GET path: - "{{BaseURL}}" - host-redirects: true - max-redirects: 3 + redirects: true + max-redirects: 4 - matchers-condition: or matchers: - type: dsl dsl: - - "regex('(?i)X-AspNetMvc-Version', header)" - - "status_code != 301 && status_code != 302" - condition: and + - 'contains(tolower(header), "x-aspnetmvc-version")' extractors: - type: kval From e3fd0f089da3c2ee34cc0929d913d4eeec3f3995 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 15 Mar 2024 19:13:50 +0530 Subject: [PATCH 5/5] update id --- http/technologies/microsoft/aspnet-version-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/technologies/microsoft/aspnet-version-detect.yaml b/http/technologies/microsoft/aspnet-version-detect.yaml index 340e5db4fe..78d68f6e3c 100644 --- a/http/technologies/microsoft/aspnet-version-detect.yaml +++ b/http/technologies/microsoft/aspnet-version-detect.yaml @@ -1,4 +1,4 @@ -id: x-aspnet-version-detect +id: aspnet-version-detect info: name: AspNet Version Disclosure - Detect