From c83d035fff73060f88420d467b7c2f6241198b60 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 31 Dec 2021 19:27:46 +0700 Subject: [PATCH] Seperate technology template (#3430) * Edit magmi workflow * Add some workflow template + edit some template * Changing some templates * minor update * workflow matcher fixes * tech update * Seperate technology template * Update metabase-panel.yaml * Update lucee-detect.yaml * Update oneblog-detect.yaml * Update dolibarr-panel.yaml * Update dolibarr-panel.yaml * Update dolibarr-panel.yaml * Update gespage-panel.yaml * Update gespage-panel.yaml * Update mautic-crm-panel.yaml * Update kibana-panel.yaml * Update metabase-panel.yaml * Update home-assistant-detect.yaml * Update jitsi-meet-detect.yaml * Update lucee-detect.yaml * Update gotmls-plugin-lfi.yaml * Update and rename technologies/opencast-detect.yaml to exposed-panels/opencast-detect.yaml * duplicate template - cves/2020/CVE-2020-11738.yaml Co-authored-by: sandeep Co-authored-by: Prince Chaddha --- .../daybyday-panel.yaml | 10 +-- exposed-panels/dolibarr-panel.yaml | 39 ++++++++++++ exposed-panels/dotclear-panel.yaml | 27 ++++++++ .../druid-panel.yaml | 9 ++- .../ems-webclient-panel.yaml | 61 +++++++++++-------- .../fortinet-panel.yaml | 8 ++- exposed-panels/gespage-panel.yaml | 34 +++++++++++ .../glpi-panel.yaml | 18 ++++-- exposed-panels/jaspersoft-panel.yaml | 29 +++++++++ .../jeedom-panel.yaml | 13 ++-- exposed-panels/kibana-panel.yaml | 26 ++++++++ .../landrayoa-panel.yaml | 9 ++- exposed-panels/mautic-crm-panel.yaml | 27 ++++++++ .../metabase-panel.yaml | 13 ++-- exposed-panels/opencast-detect.yaml | 25 ++++++++ .../logs}/clockwork-php-page.yaml | 0 technologies/chevereto-detect.yaml | 8 ++- technologies/craft-cms-detect.yaml | 1 - technologies/crush-ftp-detect.yaml | 21 ------- ...efault.yaml => default-lighttpd-page.yaml} | 0 technologies/dolibarr-detect.yaml | 25 -------- technologies/dotclear-detect.yaml | 22 ------- technologies/fanruanoa-detect.yaml | 1 + technologies/gespage-detect.yaml | 24 -------- technologies/gilacms-detect.yaml | 2 +- technologies/graphiql-detect.yaml | 7 ++- technologies/graylog-api-browser.yaml | 2 + technologies/gunicorn-detect.yaml | 3 +- technologies/harbor-detect.yaml | 2 +- technologies/home-assistant-detect.yaml | 25 ++++++++ technologies/home-assistant.yaml | 16 ----- technologies/hp-blade-admin-detect.yaml | 3 +- technologies/influxdb-detect.yaml | 3 +- technologies/itop-detect.yaml | 24 -------- technologies/jaspersoft-detect.yaml | 19 ------ technologies/jboss-detect.yaml | 5 ++ technologies/jenkins-detect.yaml | 7 ++- ...jitsi-meet.yaml => jitsi-meet-detect.yaml} | 11 ++-- .../{jolokia.yaml => jolokia-detect.yaml} | 2 +- technologies/kibana-detect.yaml | 24 -------- technologies/kong-detect.yaml | 3 +- ...adrule-detect.yaml => linkerd-detect.yaml} | 0 technologies/lucee-detect.yaml | 6 +- technologies/mautic-crm-detect.yaml | 31 ---------- technologies/moinmoin-detect.yaml | 5 ++ technologies/mrtg-detect.yaml | 4 +- technologies/nifi-detech.yaml | 3 + technologies/node-red-detect.yaml | 1 - technologies/octobercms-detect.yaml | 1 + technologies/oidc-detect.yaml | 1 + technologies/olivetti-crf-detect.yaml | 4 +- technologies/oneblog-detect.yaml | 9 +-- ...enam-detection.yaml => openam-detect.yaml} | 2 +- technologies/opencast-detect.yaml | 21 ------- technologies/openx-detect.yaml | 6 +- technologies/wondercms-detect.yaml | 1 - technologies/wordpress-detect.yaml | 2 +- technologies/wordpress-gotmls-detect.yaml | 30 --------- .../linkerd/linkerd-ssrf.yaml | 0 59 files changed, 392 insertions(+), 343 deletions(-) rename technologies/daybyday-detect.yaml => exposed-panels/daybyday-panel.yaml (64%) create mode 100644 exposed-panels/dolibarr-panel.yaml create mode 100644 exposed-panels/dotclear-panel.yaml rename technologies/druid-detect.yaml => exposed-panels/druid-panel.yaml (74%) rename technologies/ems-webclient-detect.yaml => exposed-panels/ems-webclient-panel.yaml (57%) rename technologies/fortinet-detect.yaml => exposed-panels/fortinet-panel.yaml (71%) create mode 100644 exposed-panels/gespage-panel.yaml rename technologies/glpi-cms-detect.yaml => exposed-panels/glpi-panel.yaml (56%) create mode 100644 exposed-panels/jaspersoft-panel.yaml rename technologies/jeedom-detect.yaml => exposed-panels/jeedom-panel.yaml (58%) create mode 100644 exposed-panels/kibana-panel.yaml rename technologies/landrayoa-detect.yaml => exposed-panels/landrayoa-panel.yaml (77%) create mode 100644 exposed-panels/mautic-crm-panel.yaml rename technologies/metabase-detect.yaml => exposed-panels/metabase-panel.yaml (80%) create mode 100644 exposed-panels/opencast-detect.yaml rename {technologies => exposures/logs}/clockwork-php-page.yaml (100%) delete mode 100644 technologies/crush-ftp-detect.yaml rename technologies/{lighttpd-default.yaml => default-lighttpd-page.yaml} (100%) delete mode 100644 technologies/dolibarr-detect.yaml delete mode 100644 technologies/dotclear-detect.yaml delete mode 100644 technologies/gespage-detect.yaml create mode 100644 technologies/home-assistant-detect.yaml delete mode 100644 technologies/home-assistant.yaml delete mode 100644 technologies/itop-detect.yaml delete mode 100644 technologies/jaspersoft-detect.yaml rename technologies/{jitsi-meet.yaml => jitsi-meet-detect.yaml} (65%) rename technologies/{jolokia.yaml => jolokia-detect.yaml} (95%) delete mode 100644 technologies/kibana-detect.yaml rename technologies/{linkerd-badrule-detect.yaml => linkerd-detect.yaml} (100%) delete mode 100644 technologies/mautic-crm-detect.yaml rename technologies/{openam-detection.yaml => openam-detect.yaml} (98%) delete mode 100644 technologies/opencast-detect.yaml delete mode 100644 technologies/wordpress-gotmls-detect.yaml rename technologies/linkerd-service-detect.yaml => vulnerabilities/linkerd/linkerd-ssrf.yaml (100%) diff --git a/technologies/daybyday-detect.yaml b/exposed-panels/daybyday-panel.yaml similarity index 64% rename from technologies/daybyday-detect.yaml rename to exposed-panels/daybyday-panel.yaml index 15aa07c91a..979b9045ae 100644 --- a/technologies/daybyday-detect.yaml +++ b/exposed-panels/daybyday-panel.yaml @@ -1,10 +1,12 @@ -id: daybyday-detect +id: daybyday-panel info: - name: DaybydayCRM Detect - author: pikpikcu + name: DaybydayCRM Panel Login + author: pikpikcu,daffainfo severity: info - tags: tech,daybyday + metadata: + shodan-query: http.title:"Daybyday" + tags: panel,daybyday requests: - method: GET diff --git a/exposed-panels/dolibarr-panel.yaml b/exposed-panels/dolibarr-panel.yaml new file mode 100644 index 0000000000..1d502057cf --- /dev/null +++ b/exposed-panels/dolibarr-panel.yaml @@ -0,0 +1,39 @@ +id: dolibarr-panel + +info: + name: Dolibarr Panel Login + author: pikpikcu,daffainfo + severity: info + metadata: + shodan-query: http.title:"Dolibarr" + tags: panel,dolibarr + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'Set-Cookie: DOLSESSID_' + + - type: word + part: body + words: + - '' + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Dolibarr ([0-9.]+)<\/td>' + - 'Dolibarr ([0-9.]+)<\/td>' + - '
Dolibarr ([0-9.]+)<\/div>' diff --git a/exposed-panels/dotclear-panel.yaml b/exposed-panels/dotclear-panel.yaml new file mode 100644 index 0000000000..8d9076985c --- /dev/null +++ b/exposed-panels/dotclear-panel.yaml @@ -0,0 +1,27 @@ +id: dotclear-panel + +info: + name: Dotclear Panel Login + author: pikpikcu,daffainfo + severity: info + metadata: + shodan-query: http.title:"Dotclear" + tags: panel,dotclear + +requests: + - method: GET + path: + - "{{BaseURL}}/dc2/admin/auth.php" + - "{{BaseURL}}/auth.php" + + matchers-condition: and + matchers: + - type: word + words: + - '' + - 'Dotclear' + condition: or + + - type: status + status: + - 200 diff --git a/technologies/druid-detect.yaml b/exposed-panels/druid-panel.yaml similarity index 74% rename from technologies/druid-detect.yaml rename to exposed-panels/druid-panel.yaml index 63b0d5823e..5ac2fd1a81 100644 --- a/technologies/druid-detect.yaml +++ b/exposed-panels/druid-panel.yaml @@ -1,10 +1,10 @@ -id: druid-detect +id: druid-panel info: - name: Druid monitor Detect - author: pikpikcu + name: Druid monitor Panel Login + author: pikpikcu,daffainfo severity: info - tags: tech,druid + tags: panel,druid requests: - method: GET @@ -13,7 +13,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/ems-webclient-detect.yaml b/exposed-panels/ems-webclient-panel.yaml similarity index 57% rename from technologies/ems-webclient-detect.yaml rename to exposed-panels/ems-webclient-panel.yaml index 69f794d1c5..c4caaa5ec3 100644 --- a/technologies/ems-webclient-detect.yaml +++ b/exposed-panels/ems-webclient-panel.yaml @@ -1,27 +1,34 @@ -id: ems-webclient-detect - -info: - name: EMS Web Client - author: pussycat0x - severity: info - metadata: - google-dork: inurl:EMSWebClient/ - tags: tech,ems - -requests: - - method: GET - path: - - "{{BaseURL}}/emswebclient/Login.aspx" - - "{{BaseURL}}/Login.aspx" - - stop-at-first-match: true - matchers-condition: and - matchers: - - - type: word - words: - - "EMS Web Client - Login" - - - type: status - status: - - 200 \ No newline at end of file +id: ems-webclient-panel + +info: + name: EMS Web Client Panel Login + author: pussycat0x,daffainfo + severity: info + metadata: + google-dork: inurl:EMSWebClient/ + tags: panel,ems + +requests: + - method: GET + path: + - "{{BaseURL}}/emswebclient/Login.aspx" + - "{{BaseURL}}/Login.aspx" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "EMS Web Client - Login" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Web Client Version (.*)' \ No newline at end of file diff --git a/technologies/fortinet-detect.yaml b/exposed-panels/fortinet-panel.yaml similarity index 71% rename from technologies/fortinet-detect.yaml rename to exposed-panels/fortinet-panel.yaml index ad26de136e..073036d9d8 100644 --- a/technologies/fortinet-detect.yaml +++ b/exposed-panels/fortinet-panel.yaml @@ -1,10 +1,12 @@ -id: fortinet-detect +id: fortinet-panel info: - name: Fortinet detected + name: Fortinet Panel Login author: pikpikcu,daffainfo severity: info - tags: tech,jboss + metadata: + shodan-query: http.title:"FORTINET LOGIN" + tags: panel,fotinet requests: - method: GET diff --git a/exposed-panels/gespage-panel.yaml b/exposed-panels/gespage-panel.yaml new file mode 100644 index 0000000000..2746f6df2d --- /dev/null +++ b/exposed-panels/gespage-panel.yaml @@ -0,0 +1,34 @@ +id: gespage-panel + +info: + name: Gespage Panel Login + author: pikpikcu,daffainfo + severity: info + metadata: + shodan-query: "Path=/gespage" + tags: panel,gespage + +requests: + - method: GET + path: + - "{{BaseURL}}/gespage/webapp/login.xhtml" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - '' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '\(Ver: ([0-9._A-Z]+)\)' diff --git a/technologies/glpi-cms-detect.yaml b/exposed-panels/glpi-panel.yaml similarity index 56% rename from technologies/glpi-cms-detect.yaml rename to exposed-panels/glpi-panel.yaml index 422e350661..e557297f14 100644 --- a/technologies/glpi-cms-detect.yaml +++ b/exposed-panels/glpi-panel.yaml @@ -1,10 +1,12 @@ -id: glpi-cms-detect +id: glpi-panel info: - name: GLPI Cms Detection - author: dogasantos + name: GLPI Panel Login + author: dogasantos,daffainfo severity: info - tags: glpi,cms,php + metadata: + shodan-query: http.title:"GLPI" + tags: panel,glpi requests: - method: GET @@ -13,6 +15,7 @@ requests: - "{{BaseURL}}/glpi/" - "{{BaseURL}}/glpi2/" + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -25,3 +28,10 @@ requests: - type: status status: - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'base.min.js?v=(.*)' \ No newline at end of file diff --git a/exposed-panels/jaspersoft-panel.yaml b/exposed-panels/jaspersoft-panel.yaml new file mode 100644 index 0000000000..e1afb10df0 --- /dev/null +++ b/exposed-panels/jaspersoft-panel.yaml @@ -0,0 +1,29 @@ +id: jaspersoft-panel + +info: + name: Jaspersoft Panel Login + author: koti2,daffainfo + severity: info + metadata: + shodan-query: http.title:"Jaspersoft" + tags: panel,jaspersoft + +requests: + - method: GET + path: + - "{{BaseURL}}/jasperserver/login.html?error=1" + - "{{BaseURL}}/jasperserver-pro/login.html?error=1" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "TIBCO Jaspersoft: Login" + - "Could not login to JasperReports Server" + - "About TIBCO JasperReports Server" + condition: or + + - type: status + status: + - 200 diff --git a/technologies/jeedom-detect.yaml b/exposed-panels/jeedom-panel.yaml similarity index 58% rename from technologies/jeedom-detect.yaml rename to exposed-panels/jeedom-panel.yaml index 4154e6b7d0..382c61003f 100644 --- a/technologies/jeedom-detect.yaml +++ b/exposed-panels/jeedom-panel.yaml @@ -1,10 +1,12 @@ -id: jeedom-detect +id: jeedom-panel info: - name: Jeedom Detect - author: pikpikcu + name: Jeedom Login Panel + author: pikpikcu,daffainfo severity: info - tags: tech,jeedom + metadata: + shodan-query: http.title:"Jeedom" + tags: panel,jeedom requests: - method: GET @@ -13,11 +15,12 @@ requests: matchers-condition: and matchers: - - type: word part: body words: - "Jeedom" + - "JEEDOM_PRODUCT_NAME" + condition: and - type: status status: diff --git a/exposed-panels/kibana-panel.yaml b/exposed-panels/kibana-panel.yaml new file mode 100644 index 0000000000..ad3530bfef --- /dev/null +++ b/exposed-panels/kibana-panel.yaml @@ -0,0 +1,26 @@ +id: kibana-panel + +info: + name: Kibana Panel Login + author: petruknisme,daffainfo + severity: info + metadata: + shodan-query: http.title:"Kibana" + tags: panel,kibana + +requests: + - method: GET + path: + - "{{BaseURL}}/login" + + matchers-condition: or + matchers: + - type: word + part: body + words: + - "Kibana" + + - type: word + part: header + words: + - "Kbn-Name:" diff --git a/technologies/landrayoa-detect.yaml b/exposed-panels/landrayoa-panel.yaml similarity index 77% rename from technologies/landrayoa-detect.yaml rename to exposed-panels/landrayoa-panel.yaml index 250f0654c9..105a663d34 100644 --- a/technologies/landrayoa-detect.yaml +++ b/exposed-panels/landrayoa-panel.yaml @@ -1,10 +1,10 @@ -id: landrayoa-detect +id: landrayoa-panel info: - name: LandrayOA detect + name: LandrayOA Panel Login author: YanYun severity: info - tags: tech,landrayoa + tags: panel,landrayoa requests: - method: GET @@ -16,11 +16,14 @@ requests: - type: status status: - 200 + - type: word + part: body words: - 'lui_login_input_username' - 'lui_login_input_password' condition: and + - type: word words: - 'isopen=' diff --git a/exposed-panels/mautic-crm-panel.yaml b/exposed-panels/mautic-crm-panel.yaml new file mode 100644 index 0000000000..d728240998 --- /dev/null +++ b/exposed-panels/mautic-crm-panel.yaml @@ -0,0 +1,27 @@ +id: mautic-crm-panel + +info: + name: Mautic CRM Panel Login + author: cyllective,daffainfo + severity: info + description: Mautic is a free and open-source marketing automation tool for Content Management, Social Media, Email Marketing, and can be used for the integration of social networks, campaign management, forms, questionnaires, reports, etc. + reference: https://github.com/mautic/mautic + tags: tech,mautic,crm + +requests: + - method: GET + path: + - "{{BaseURL}}/s/login" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Mautic' + - 'var mauticBasePath' + condition: and + + - type: status + status: + - 200 diff --git a/technologies/metabase-detect.yaml b/exposed-panels/metabase-panel.yaml similarity index 80% rename from technologies/metabase-detect.yaml rename to exposed-panels/metabase-panel.yaml index 3a865ab0e7..0834bf34c6 100644 --- a/technologies/metabase-detect.yaml +++ b/exposed-panels/metabase-panel.yaml @@ -1,11 +1,13 @@ -id: metabase-version-detect +id: metabase-panel info: - name: Detect Metabase Version - author: revblock + name: Metabase Login Panel + author: revblock,daffainfo description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source + metadata: + shodan-query: http.title:"Metabase" severity: info - tags: tech,metabase + tags: panel,metabase requests: - method: GET @@ -14,17 +16,16 @@ requests: matchers-condition: and matchers: - - type: status status: - 200 - type: word + part: body words: - "Metabase" - "window.MetabaseBootstrap" - "window.MetabaseRoot" - part: body condition: and extractors: diff --git a/exposed-panels/opencast-detect.yaml b/exposed-panels/opencast-detect.yaml new file mode 100644 index 0000000000..081794ccb0 --- /dev/null +++ b/exposed-panels/opencast-detect.yaml @@ -0,0 +1,25 @@ +id: opencast-panel + +info: + name: Opencast Panel Login + author: cyllective,daffainfo + severity: info + description: The free and open source solution for automated video capture and distribution at scale. + reference: https://github.com/opencast/opencast + tags: panel,opencast + +requests: + - method: GET + path: + - "{{BaseURL}}/admin-ng/login.html" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Opencast' + + - type: status + status: + - 200 diff --git a/technologies/clockwork-php-page.yaml b/exposures/logs/clockwork-php-page.yaml similarity index 100% rename from technologies/clockwork-php-page.yaml rename to exposures/logs/clockwork-php-page.yaml diff --git a/technologies/chevereto-detect.yaml b/technologies/chevereto-detect.yaml index 070a428307..59ba07f6fa 100644 --- a/technologies/chevereto-detect.yaml +++ b/technologies/chevereto-detect.yaml @@ -4,12 +4,14 @@ info: name: Chevereto detect author: pikpikcu severity: info + metadata: + shodan-query: http.title:"Centreon" tags: tech,chevereto requests: - method: GET path: - - "{{BaseURL}}/login" + - "{{BaseURL}}" matchers-condition: and matchers: @@ -18,6 +20,10 @@ requests: regex: - 'content="Chevereto(.*)">' + - type: status + status: + - 200 + extractors: - type: regex part: body diff --git a/technologies/craft-cms-detect.yaml b/technologies/craft-cms-detect.yaml index ffd1e49a96..5c060a9d32 100644 --- a/technologies/craft-cms-detect.yaml +++ b/technologies/craft-cms-detect.yaml @@ -15,7 +15,6 @@ requests: redirects: true max-redirects: 2 - matchers: - type: word part: header diff --git a/technologies/crush-ftp-detect.yaml b/technologies/crush-ftp-detect.yaml deleted file mode 100644 index ec9d334733..0000000000 --- a/technologies/crush-ftp-detect.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: crush-ftp-detect - -info: - name: Crush FTP - author: pussycat0x - severity: info - tags: tech,ftp -requests: - - method: GET - path: - - "{{BaseURL}}/WebInterface/login.html" - - redirects: true - matchers-condition: and - matchers: - - type: word - words: - - "CrushFTP WebInterface" - - type: status - status: - - 200 \ No newline at end of file diff --git a/technologies/lighttpd-default.yaml b/technologies/default-lighttpd-page.yaml similarity index 100% rename from technologies/lighttpd-default.yaml rename to technologies/default-lighttpd-page.yaml diff --git a/technologies/dolibarr-detect.yaml b/technologies/dolibarr-detect.yaml deleted file mode 100644 index 77a8f82fdc..0000000000 --- a/technologies/dolibarr-detect.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: dolibarr-detect - -info: - name: Dolibarr detect - author: pikpikcu - severity: info - tags: tech,dolibarr - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: regex - part: body - regex: - - 'Dolibarr - Login Dolibarr(.*)' - - extractors: - - type: regex - part: body - group: 1 - regex: - - 'center">(.*)' diff --git a/technologies/dotclear-detect.yaml b/technologies/dotclear-detect.yaml deleted file mode 100644 index 7d622ff72a..0000000000 --- a/technologies/dotclear-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: dotclear-detect - -info: - name: Dotclear Detect - author: pikpikcu - severity: info - tags: tech,dotclear - -requests: - - method: GET - path: - - "{{BaseURL}}/dc2/admin/auth.php" - - "{{BaseURL}}/auth.php" - - matchers-condition: and - matchers: - - type: word - words: - - "Dotclear" - - type: status - status: - - 200 diff --git a/technologies/fanruanoa-detect.yaml b/technologies/fanruanoa-detect.yaml index 52ab6ec6ad..d78d5cd18b 100644 --- a/technologies/fanruanoa-detect.yaml +++ b/technologies/fanruanoa-detect.yaml @@ -13,6 +13,7 @@ requests: - "{{BaseURL}}/WebReport/ReportServer" - "{{BaseURL}}/ReportServer" + stop-at-first-match: true matchers-condition: and matchers: - type: status diff --git a/technologies/gespage-detect.yaml b/technologies/gespage-detect.yaml deleted file mode 100644 index f64facbc02..0000000000 --- a/technologies/gespage-detect.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: gespage-detect - -info: - name: Gespage Detect - author: pikpikcu - severity: info - tags: tech,gespage - -requests: - - method: GET - path: - - "{{BaseURL}}/gespage/webapp/login.xhtml" - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - "Login utilisateur Gespage" - - - type: status - status: - - 200 diff --git a/technologies/gilacms-detect.yaml b/technologies/gilacms-detect.yaml index 335b1b291e..4718a54ca3 100644 --- a/technologies/gilacms-detect.yaml +++ b/technologies/gilacms-detect.yaml @@ -12,9 +12,9 @@ requests: - "{{BaseURL}}" - "{{BaseURL}}/user" + stop-at-first-match: true matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/graphiql-detect.yaml b/technologies/graphiql-detect.yaml index e5dc4547a3..e78a5f94dd 100644 --- a/technologies/graphiql-detect.yaml +++ b/technologies/graphiql-detect.yaml @@ -12,8 +12,13 @@ requests: path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - 'GraphiQL' \ No newline at end of file + - '<title>GraphiQL' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/graylog-api-browser.yaml b/technologies/graylog-api-browser.yaml index 98799a87c0..e2a056083f 100644 --- a/technologies/graylog-api-browser.yaml +++ b/technologies/graylog-api-browser.yaml @@ -10,6 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/api/api-browser/" + matchers-condition: and matchers: - type: word @@ -19,6 +20,7 @@ requests: - "REST API browser" - "swagger" condition: and + - type: status status: - 200 diff --git a/technologies/gunicorn-detect.yaml b/technologies/gunicorn-detect.yaml index 56f5080384..4ad26a0ab4 100644 --- a/technologies/gunicorn-detect.yaml +++ b/technologies/gunicorn-detect.yaml @@ -3,7 +3,8 @@ id: gunicorn-detect info: name: Detect Gunicorn Server author: joanbono - description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn + description: Gunicorn Python WSGI HTTP Server for UNIX + reference: https://github.com/benoitc/gunicorn severity: info tags: tech,gunicorn diff --git a/technologies/harbor-detect.yaml b/technologies/harbor-detect.yaml index 1ede65a8df..d20e4657cf 100644 --- a/technologies/harbor-detect.yaml +++ b/technologies/harbor-detect.yaml @@ -9,7 +9,7 @@ info: requests: - method: GET path: - - '{{BaseURL}}/' + - '{{BaseURL}}' matchers-condition: and matchers: diff --git a/technologies/home-assistant-detect.yaml b/technologies/home-assistant-detect.yaml new file mode 100644 index 0000000000..593b211b99 --- /dev/null +++ b/technologies/home-assistant-detect.yaml @@ -0,0 +1,25 @@ +id: home-assistant-detect + +info: + name: Home Assistant Detect + author: fabaff,daffainfo + severity: info + metadata: + shodan-query: http.title:"Home Assistant" + tags: tech,iot + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '<title>Home Assistant' + + - type: status + status: + - 200 diff --git a/technologies/home-assistant.yaml b/technologies/home-assistant.yaml deleted file mode 100644 index dfb82e44b7..0000000000 --- a/technologies/home-assistant.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: home-assistant - -info: - name: Detect Home Assistant - author: fabaff - severity: info - tags: tech,iot - -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - "Home Assistant" diff --git a/technologies/hp-blade-admin-detect.yaml b/technologies/hp-blade-admin-detect.yaml index 14f3da8032..e36866e17f 100644 --- a/technologies/hp-blade-admin-detect.yaml +++ b/technologies/hp-blade-admin-detect.yaml @@ -4,7 +4,8 @@ info: name: HP BladeSystem Onboard Administrator author: pussycat0x severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22HP+BladeSystem%22 + metadata: + shodan-query: http.title:"HP BladeSystem" tags: panel,hp requests: diff --git a/technologies/influxdb-detect.yaml b/technologies/influxdb-detect.yaml index 7a9538b3aa..dc4cc49a71 100644 --- a/technologies/influxdb-detect.yaml +++ b/technologies/influxdb-detect.yaml @@ -4,6 +4,8 @@ info: name: InfluxDB Detect author: pikpikcu severity: info + metadata: + shodan-query: http.title:"InfluxDB - Admin Interface" tags: tech,influxdb requests: @@ -13,7 +15,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/itop-detect.yaml b/technologies/itop-detect.yaml deleted file mode 100644 index daf68e81e2..0000000000 --- a/technologies/itop-detect.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: itop-detect - -info: - name: iTop Detect - author: pikpikcu - severity: info - tags: tech,itop - -requests: - - method: GET - path: - - "{{BaseURL}}/pages/UI.php" - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - "iTop login" - - - type: status - status: - - 200 diff --git a/technologies/jaspersoft-detect.yaml b/technologies/jaspersoft-detect.yaml deleted file mode 100644 index e26ad12b3f..0000000000 --- a/technologies/jaspersoft-detect.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: jaspersoft-detect - -info: - name: Jaspersoft detected - author: koti2 - severity: info - tags: tech,jaspersoft - -requests: - - method: GET - path: - - "{{BaseURL}}/jasperserver/login.html?error=1" - matchers: - - type: word - words: - - "TIBCO Jaspersoft: Login" - - "Could not login to JasperReports Server" - - "About TIBCO JasperReports Server" - condition: or diff --git a/technologies/jboss-detect.yaml b/technologies/jboss-detect.yaml index ea29326cde..cbb93dd2b2 100644 --- a/technologies/jboss-detect.yaml +++ b/technologies/jboss-detect.yaml @@ -11,6 +11,7 @@ requests: path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body @@ -19,3 +20,7 @@ requests: - "Welcome to JBoss Application Server" - "JBoss EAP 7" condition: or + + - type: status + status: + - 200 diff --git a/technologies/jenkins-detect.yaml b/technologies/jenkins-detect.yaml index 4153223310..db5021ca32 100644 --- a/technologies/jenkins-detect.yaml +++ b/technologies/jenkins-detect.yaml @@ -2,7 +2,7 @@ id: jenkins-detect info: name: Jenkins detect (version) - author: philippdelteil + author: philippdelteil,daffainfo severity: info tags: tech,jenkins @@ -10,16 +10,19 @@ requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word words: - "X-Jenkins" + - "X-Jenkins-Session" part: header + condition: and - type: word words: - - "<title>Sign in [Jenkins]" + - "Dashboard [Jenkins]" part: body extractors: diff --git a/technologies/jitsi-meet.yaml b/technologies/jitsi-meet-detect.yaml similarity index 65% rename from technologies/jitsi-meet.yaml rename to technologies/jitsi-meet-detect.yaml index 745a2c98e6..459d7da2ed 100644 --- a/technologies/jitsi-meet.yaml +++ b/technologies/jitsi-meet-detect.yaml @@ -1,11 +1,12 @@ -id: jitsi-meet +id: jitsi-meet-detect info: - name: Jitsi Meet Page + name: Jitsi Meet Page Detect author: dhiyaneshDK severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Jitsi+Meet%22 - tags: tech + metadata: + shodan-query: http.title:"Jitsi Meet" + tags: tech,jitsi requests: - method: GET @@ -15,8 +16,10 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "Jitsi Meet" + - type: status status: - 200 diff --git a/technologies/jolokia.yaml b/technologies/jolokia-detect.yaml similarity index 95% rename from technologies/jolokia.yaml rename to technologies/jolokia-detect.yaml index 957b898273..7c44fa8403 100644 --- a/technologies/jolokia.yaml +++ b/technologies/jolokia-detect.yaml @@ -1,4 +1,4 @@ -id: jolokia-instance +id: jolokia-detect info: name: Jolokia Version Disclosure diff --git a/technologies/kibana-detect.yaml b/technologies/kibana-detect.yaml deleted file mode 100644 index c64939b6df..0000000000 --- a/technologies/kibana-detect.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: kibana-detect - -info: - name: Kibana Service Detection - author: petruknisme - severity: info - tags: tech,kibana - -requests: - - method: GET - path: - - "{{BaseURL}}/login?next=%2F" - - "{{BaseURL}}/bundles/login.bundle.js" - - "{{BaseURL}}/bundles/kibana.style.css" - - matchers: - - type: word - words: - - "Kibana" - - "kibanaLoaderWrap" - - "kibanaLoader" - - "xpack" - - "Elasticsearch B.V" - condition: or \ No newline at end of file diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml index 39e4d58bb7..aa380e4267 100644 --- a/technologies/kong-detect.yaml +++ b/technologies/kong-detect.yaml @@ -2,7 +2,8 @@ id: kong-detect info: name: Detect Kong author: geeknik - description: The Cloud-Native API Gateway - https://github.com/Kong/kong + description: The Cloud-Native API Gateway + reference: https://github.com/Kong/kong severity: info tags: tech,kong diff --git a/technologies/linkerd-badrule-detect.yaml b/technologies/linkerd-detect.yaml similarity index 100% rename from technologies/linkerd-badrule-detect.yaml rename to technologies/linkerd-detect.yaml diff --git a/technologies/lucee-detect.yaml b/technologies/lucee-detect.yaml index ae7e0c7860..0387d7f2ce 100644 --- a/technologies/lucee-detect.yaml +++ b/technologies/lucee-detect.yaml @@ -11,8 +11,8 @@ requests: path: - "{{BaseURL}}" + matchers-condition: and matchers: - - type: regex part: header regex: @@ -20,3 +20,7 @@ requests: - "(?i)X-CB-Server: LUCEE" - "(?i)X-IDG-Appserver: Lucee" condition: or + + - type: status + status: + - 200 diff --git a/technologies/mautic-crm-detect.yaml b/technologies/mautic-crm-detect.yaml deleted file mode 100644 index 9d2f535e1d..0000000000 --- a/technologies/mautic-crm-detect.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: mautic-crm-detect - -info: - name: mautic crm detect - author: cyllective - severity: info - description: Detects Mautic CRM - tags: tech,mautic,crm - reference: - - https://github.com/mautic/mautic - -requests: - - method: GET - path: - - "{{BaseURL}}/s/login" - - matchers-condition: or - matchers: - - type: word - part: body - condition: or - words: - - 'Mautic' - - '
MoinMoin Powered' - 'Python Powered' + - type: status + status: + - 200 + extractors: - type: regex part: body diff --git a/technologies/mrtg-detect.yaml b/technologies/mrtg-detect.yaml index 96f95f15d6..c081f714b4 100644 --- a/technologies/mrtg-detect.yaml +++ b/technologies/mrtg-detect.yaml @@ -3,7 +3,8 @@ id: mrtg-detect info: name: Detect MRTG author: geeknik - description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/ + description: The Multi Router Traffic Grapher + reference: https://oss.oetiker.ch/mrtg/ severity: info tags: tech,mrtg @@ -14,6 +15,7 @@ requests: - "{{BaseURL}}/mrtg/" - "{{BaseURL}}/MRTG/" + stop-at-first-match: true matchers-condition: and matchers: - type: status diff --git a/technologies/nifi-detech.yaml b/technologies/nifi-detech.yaml index 837e4c43fd..725823f16e 100644 --- a/technologies/nifi-detech.yaml +++ b/technologies/nifi-detech.yaml @@ -17,13 +17,16 @@ requests: - "{{BaseURL}}/system-diagnostics" - "{{BaseURL}}/nifi-api/access/config" + stop-at-first-match: true matchers-condition: and matchers: - type: regex + part: body regex: - "supportsLogin" - "disconnectedNodeAcknowledged" - "(aggregate|node)Snapshots?" + condition: or - type: status status: diff --git a/technologies/node-red-detect.yaml b/technologies/node-red-detect.yaml index a0fd837d44..562f02c523 100644 --- a/technologies/node-red-detect.yaml +++ b/technologies/node-red-detect.yaml @@ -13,7 +13,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/octobercms-detect.yaml b/technologies/octobercms-detect.yaml index 1b5b221c6c..20db628a6b 100644 --- a/technologies/octobercms-detect.yaml +++ b/technologies/octobercms-detect.yaml @@ -14,6 +14,7 @@ requests: - "{{BaseURL}}" - "{{BaseURL}}/modules/system/assets/js/framework.combined-min.js" + stop-at-first-match: true redirects: true max-redirects: 1 matchers: diff --git a/technologies/oidc-detect.yaml b/technologies/oidc-detect.yaml index f87bf320d2..eade1914d6 100644 --- a/technologies/oidc-detect.yaml +++ b/technologies/oidc-detect.yaml @@ -11,6 +11,7 @@ requests: - method: GET path: - "{{BaseURL}}/.well-known/openid-configuration" + matchers-condition: and matchers: - type: status diff --git a/technologies/olivetti-crf-detect.yaml b/technologies/olivetti-crf-detect.yaml index a54a16fb8e..7034c9514e 100644 --- a/technologies/olivetti-crf-detect.yaml +++ b/technologies/olivetti-crf-detect.yaml @@ -1,9 +1,11 @@ id: olivetti-crf-detect + info: name: Olivetti CRF Detect author: pussycat0x severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Olivetti+CRF%22 + metadata: + shodan-query: http.title:"Olivetti CRF" tags: tech,olivetti requests: diff --git a/technologies/oneblog-detect.yaml b/technologies/oneblog-detect.yaml index 72fa47957b..f6ff236ad9 100644 --- a/technologies/oneblog-detect.yaml +++ b/technologies/oneblog-detect.yaml @@ -2,22 +2,23 @@ id: oneblog-detect info: name: OneBlog Detect - author: pikpikcu + author: pikpikcu,daffainfo severity: info tags: tech,oneblog requests: - method: GET path: - - "{{BaseURL}}/passport/login/" + - "{{BaseURL}}" matchers-condition: and matchers: - - type: word part: body words: - - "OneBlog开源博客后台管理系统" + - 'OneBlog开源博客后台管理系统' + - 'Opencast' diff --git a/technologies/openx-detect.yaml b/technologies/openx-detect.yaml index 9d76d1fab6..b0a7dfcdfd 100644 --- a/technologies/openx-detect.yaml +++ b/technologies/openx-detect.yaml @@ -9,8 +9,10 @@ info: requests: - method: GET path: - - "{{BaseURL}}/www/admin/" + - "{{BaseURL}}/www/admin/index.php" + - "{{BaseURL}}/admin/index.php" + stop-at-first-match: true matchers-condition: and matchers: - type: regex @@ -27,4 +29,4 @@ requests: part: body group: 1 regex: - - 'content="(.*)- http://www.openx.org">' + - '(.*)- http://www.openx.org' diff --git a/technologies/wondercms-detect.yaml b/technologies/wondercms-detect.yaml index b244d32945..3edc662811 100644 --- a/technologies/wondercms-detect.yaml +++ b/technologies/wondercms-detect.yaml @@ -13,7 +13,6 @@ requests: matchers-condition: and matchers: - - type: word part: body words: diff --git a/technologies/wordpress-detect.yaml b/technologies/wordpress-detect.yaml index e4d1e7aacc..8839d627ce 100644 --- a/technologies/wordpress-detect.yaml +++ b/technologies/wordpress-detect.yaml @@ -11,7 +11,7 @@ info: requests: - method: GET path: - - "{{RootURL}}" + - "{{BaseURL}}" redirects: true max-redirects: 2 diff --git a/technologies/wordpress-gotmls-detect.yaml b/technologies/wordpress-gotmls-detect.yaml deleted file mode 100644 index f9fb7b85d9..0000000000 --- a/technologies/wordpress-gotmls-detect.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: wordpress-gotmls-detect - -info: - name: Detect WordPress Plugin Anti-Malware Security and Bruteforce Firewall - author: vsh00t - reference: https://www.exploit-db.com/exploits/50107 - severity: info - tags: wordpress,wp-plugin,gotmls - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-admin/admin-ajax.php?action={{randstr}}&file=../../../../../../../../../Windows/win.ini" - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "gotmls" - - - type: status - status: - - 302 - - extractors: - - type: kval - part: header - kval: - - location diff --git a/technologies/linkerd-service-detect.yaml b/vulnerabilities/linkerd/linkerd-ssrf.yaml similarity index 100% rename from technologies/linkerd-service-detect.yaml rename to vulnerabilities/linkerd/linkerd-ssrf.yaml