Seperate technology template (#3430)

* Edit magmi workflow

* Add some workflow template + edit some template

* Changing some templates

* minor update

* workflow matcher fixes

* tech update

* Seperate technology template

* Update metabase-panel.yaml

* Update lucee-detect.yaml

* Update oneblog-detect.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update gespage-panel.yaml

* Update gespage-panel.yaml

* Update mautic-crm-panel.yaml

* Update kibana-panel.yaml

* Update metabase-panel.yaml

* Update home-assistant-detect.yaml

* Update jitsi-meet-detect.yaml

* Update lucee-detect.yaml

* Update gotmls-plugin-lfi.yaml

* Update and rename technologies/opencast-detect.yaml to exposed-panels/opencast-detect.yaml

* duplicate template - cves/2020/CVE-2020-11738.yaml

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
patch-1
Muhammad Daffa 2021-12-31 19:27:46 +07:00 committed by GitHub
parent af6f66a37d
commit c83d035fff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
59 changed files with 392 additions and 343 deletions

View File

@ -1,10 +1,12 @@
id: daybyday-detect id: daybyday-panel
info: info:
name: DaybydayCRM Detect name: DaybydayCRM Panel Login
author: pikpikcu author: pikpikcu,daffainfo
severity: info severity: info
tags: tech,daybyday metadata:
shodan-query: http.title:"Daybyday"
tags: panel,daybyday
requests: requests:
- method: GET - method: GET

View File

@ -0,0 +1,39 @@
id: dolibarr-panel
info:
name: Dolibarr Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: http.title:"Dolibarr"
tags: panel,dolibarr
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie: DOLSESSID_'
- type: word
part: body
words:
- '<meta name="author" content="Dolibarr Development Team">'
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '<td align="center">Dolibarr ([0-9.]+)<\/td>'
- '<td class="center">Dolibarr ([0-9.]+)<\/td>'
- '<div id="infoVersion">Dolibarr ([0-9.]+)<\/div>'

View File

@ -0,0 +1,27 @@
id: dotclear-panel
info:
name: Dotclear Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: http.title:"Dotclear"
tags: panel,dotclear
requests:
- method: GET
path:
- "{{BaseURL}}/dc2/admin/auth.php"
- "{{BaseURL}}/auth.php"
matchers-condition: and
matchers:
- type: word
words:
- '<body id="dotclear-admin" class="auth">'
- '<title>Dotclear</title>'
condition: or
- type: status
status:
- 200

View File

@ -1,10 +1,10 @@
id: druid-detect id: druid-panel
info: info:
name: Druid monitor Detect name: Druid monitor Panel Login
author: pikpikcu author: pikpikcu,daffainfo
severity: info severity: info
tags: tech,druid tags: panel,druid
requests: requests:
- method: GET - method: GET
@ -13,7 +13,6 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:

View File

@ -1,27 +1,34 @@
id: ems-webclient-detect id: ems-webclient-panel
info: info:
name: EMS Web Client name: EMS Web Client Panel Login
author: pussycat0x author: pussycat0x,daffainfo
severity: info severity: info
metadata: metadata:
google-dork: inurl:EMSWebClient/ google-dork: inurl:EMSWebClient/
tags: tech,ems tags: panel,ems
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/emswebclient/Login.aspx" - "{{BaseURL}}/emswebclient/Login.aspx"
- "{{BaseURL}}/Login.aspx" - "{{BaseURL}}/Login.aspx"
stop-at-first-match: true stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word
- type: word part: body
words: words:
- "EMS Web Client - Login" - "EMS Web Client - Login"
- type: status - type: status
status: status:
- 200 - 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'Web Client Version (.*)</span>'

View File

@ -1,10 +1,12 @@
id: fortinet-detect id: fortinet-panel
info: info:
name: Fortinet detected name: Fortinet Panel Login
author: pikpikcu,daffainfo author: pikpikcu,daffainfo
severity: info severity: info
tags: tech,jboss metadata:
shodan-query: http.title:"FORTINET LOGIN"
tags: panel,fotinet
requests: requests:
- method: GET - method: GET

View File

@ -0,0 +1,34 @@
id: gespage-panel
info:
name: Gespage Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: "Path=/gespage"
tags: panel,gespage
requests:
- method: GET
path:
- "{{BaseURL}}/gespage/webapp/login.xhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<link rel="stylesheet" href="css/gespage.css" />'
- '<link rel="stylesheet" href="css/menugrey.css" />'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '\(Ver: ([0-9._A-Z]+)\)'

View File

@ -1,10 +1,12 @@
id: glpi-cms-detect id: glpi-panel
info: info:
name: GLPI Cms Detection name: GLPI Panel Login
author: dogasantos author: dogasantos,daffainfo
severity: info severity: info
tags: glpi,cms,php metadata:
shodan-query: http.title:"GLPI"
tags: panel,glpi
requests: requests:
- method: GET - method: GET
@ -13,6 +15,7 @@ requests:
- "{{BaseURL}}/glpi/" - "{{BaseURL}}/glpi/"
- "{{BaseURL}}/glpi2/" - "{{BaseURL}}/glpi2/"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
@ -25,3 +28,10 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'base.min.js?v=(.*)'

View File

@ -0,0 +1,29 @@
id: jaspersoft-panel
info:
name: Jaspersoft Panel Login
author: koti2,daffainfo
severity: info
metadata:
shodan-query: http.title:"Jaspersoft"
tags: panel,jaspersoft
requests:
- method: GET
path:
- "{{BaseURL}}/jasperserver/login.html?error=1"
- "{{BaseURL}}/jasperserver-pro/login.html?error=1"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "TIBCO Jaspersoft: Login"
- "Could not login to JasperReports Server"
- "About TIBCO JasperReports Server"
condition: or
- type: status
status:
- 200

View File

@ -1,10 +1,12 @@
id: jeedom-detect id: jeedom-panel
info: info:
name: Jeedom Detect name: Jeedom Login Panel
author: pikpikcu author: pikpikcu,daffainfo
severity: info severity: info
tags: tech,jeedom metadata:
shodan-query: http.title:"Jeedom"
tags: panel,jeedom
requests: requests:
- method: GET - method: GET
@ -13,11 +15,12 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- "<title>Jeedom</title>" - "<title>Jeedom</title>"
- "JEEDOM_PRODUCT_NAME"
condition: and
- type: status - type: status
status: status:

View File

@ -0,0 +1,26 @@
id: kibana-panel
info:
name: Kibana Panel Login
author: petruknisme,daffainfo
severity: info
metadata:
shodan-query: http.title:"Kibana"
tags: panel,kibana
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: or
matchers:
- type: word
part: body
words:
- "<title>Kibana</title>"
- type: word
part: header
words:
- "Kbn-Name:"

View File

@ -1,10 +1,10 @@
id: landrayoa-detect id: landrayoa-panel
info: info:
name: LandrayOA detect name: LandrayOA Panel Login
author: YanYun author: YanYun
severity: info severity: info
tags: tech,landrayoa tags: panel,landrayoa
requests: requests:
- method: GET - method: GET
@ -16,11 +16,14 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
part: body
words: words:
- 'lui_login_input_username' - 'lui_login_input_username'
- 'lui_login_input_password' - 'lui_login_input_password'
condition: and condition: and
- type: word - type: word
words: words:
- 'isopen=' - 'isopen='

View File

@ -0,0 +1,27 @@
id: mautic-crm-panel
info:
name: Mautic CRM Panel Login
author: cyllective,daffainfo
severity: info
description: Mautic is a free and open-source marketing automation tool for Content Management, Social Media, Email Marketing, and can be used for the integration of social networks, campaign management, forms, questionnaires, reports, etc.
reference: https://github.com/mautic/mautic
tags: tech,mautic,crm
requests:
- method: GET
path:
- "{{BaseURL}}/s/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Mautic</title>'
- 'var mauticBasePath'
condition: and
- type: status
status:
- 200

View File

@ -1,11 +1,13 @@
id: metabase-version-detect id: metabase-panel
info: info:
name: Detect Metabase Version name: Metabase Login Panel
author: revblock author: revblock,daffainfo
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
metadata:
shodan-query: http.title:"Metabase"
severity: info severity: info
tags: tech,metabase tags: panel,metabase
requests: requests:
- method: GET - method: GET
@ -14,17 +16,16 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
part: body
words: words:
- "<title>Metabase</title>" - "<title>Metabase</title>"
- "window.MetabaseBootstrap" - "window.MetabaseBootstrap"
- "window.MetabaseRoot" - "window.MetabaseRoot"
part: body
condition: and condition: and
extractors: extractors:

View File

@ -0,0 +1,25 @@
id: opencast-panel
info:
name: Opencast Panel Login
author: cyllective,daffainfo
severity: info
description: The free and open source solution for automated video capture and distribution at scale.
reference: https://github.com/opencast/opencast
tags: panel,opencast
requests:
- method: GET
path:
- "{{BaseURL}}/admin-ng/login.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Opencast</title>'
- type: status
status:
- 200

View File

@ -4,12 +4,14 @@ info:
name: Chevereto detect name: Chevereto detect
author: pikpikcu author: pikpikcu
severity: info severity: info
metadata:
shodan-query: http.title:"Centreon"
tags: tech,chevereto tags: tech,chevereto
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/login" - "{{BaseURL}}"
matchers-condition: and matchers-condition: and
matchers: matchers:
@ -18,6 +20,10 @@ requests:
regex: regex:
- 'content="Chevereto(.*)">' - 'content="Chevereto(.*)">'
- type: status
status:
- 200
extractors: extractors:
- type: regex - type: regex
part: body part: body

View File

@ -15,7 +15,6 @@ requests:
redirects: true redirects: true
max-redirects: 2 max-redirects: 2
matchers: matchers:
- type: word - type: word
part: header part: header

View File

@ -1,21 +0,0 @@
id: crush-ftp-detect
info:
name: Crush FTP
author: pussycat0x
severity: info
tags: tech,ftp
requests:
- method: GET
path:
- "{{BaseURL}}/WebInterface/login.html"
redirects: true
matchers-condition: and
matchers:
- type: word
words:
- "<title>CrushFTP WebInterface</title>"
- type: status
status:
- 200

View File

@ -1,25 +0,0 @@
id: dolibarr-detect
info:
name: Dolibarr detect
author: pikpikcu
severity: info
tags: tech,dolibarr
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: regex
part: body
regex:
- '<title>Dolibarr - Login Dolibarr(.*)</title>'
extractors:
- type: regex
part: body
group: 1
regex:
- 'center">(.*)</td>'

View File

@ -1,22 +0,0 @@
id: dotclear-detect
info:
name: Dotclear Detect
author: pikpikcu
severity: info
tags: tech,dotclear
requests:
- method: GET
path:
- "{{BaseURL}}/dc2/admin/auth.php"
- "{{BaseURL}}/auth.php"
matchers-condition: and
matchers:
- type: word
words:
- "<title>Dotclear</title>"
- type: status
status:
- 200

View File

@ -13,6 +13,7 @@ requests:
- "{{BaseURL}}/WebReport/ReportServer" - "{{BaseURL}}/WebReport/ReportServer"
- "{{BaseURL}}/ReportServer" - "{{BaseURL}}/ReportServer"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status

View File

@ -1,24 +0,0 @@
id: gespage-detect
info:
name: Gespage Detect
author: pikpikcu
severity: info
tags: tech,gespage
requests:
- method: GET
path:
- "{{BaseURL}}/gespage/webapp/login.xhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Login utilisateur Gespage</title>"
- type: status
status:
- 200

View File

@ -12,9 +12,9 @@ requests:
- "{{BaseURL}}" - "{{BaseURL}}"
- "{{BaseURL}}/user" - "{{BaseURL}}/user"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:

View File

@ -12,8 +12,13 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- '<title>GraphiQL' - '<title>GraphiQL'
- type: status
status:
- 200

View File

@ -10,6 +10,7 @@ requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/api/api-browser/" - "{{BaseURL}}/api/api-browser/"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
@ -19,6 +20,7 @@ requests:
- "REST API browser" - "REST API browser"
- "swagger" - "swagger"
condition: and condition: and
- type: status - type: status
status: status:
- 200 - 200

View File

@ -3,7 +3,8 @@ id: gunicorn-detect
info: info:
name: Detect Gunicorn Server name: Detect Gunicorn Server
author: joanbono author: joanbono
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn description: Gunicorn Python WSGI HTTP Server for UNIX
reference: https://github.com/benoitc/gunicorn
severity: info severity: info
tags: tech,gunicorn tags: tech,gunicorn

View File

@ -9,7 +9,7 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/' - '{{BaseURL}}'
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -0,0 +1,25 @@
id: home-assistant-detect
info:
name: Home Assistant Detect
author: fabaff,daffainfo
severity: info
metadata:
shodan-query: http.title:"Home Assistant"
tags: tech,iot
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Home Assistant</title>'
- type: status
status:
- 200

View File

@ -1,16 +0,0 @@
id: home-assistant
info:
name: Detect Home Assistant
author: fabaff
severity: info
tags: tech,iot
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- "<title>Home Assistant</title>"

View File

@ -4,7 +4,8 @@ info:
name: HP BladeSystem Onboard Administrator name: HP BladeSystem Onboard Administrator
author: pussycat0x author: pussycat0x
severity: info severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22HP+BladeSystem%22 metadata:
shodan-query: http.title:"HP BladeSystem"
tags: panel,hp tags: panel,hp
requests: requests:

View File

@ -4,6 +4,8 @@ info:
name: InfluxDB Detect name: InfluxDB Detect
author: pikpikcu author: pikpikcu
severity: info severity: info
metadata:
shodan-query: http.title:"InfluxDB - Admin Interface"
tags: tech,influxdb tags: tech,influxdb
requests: requests:
@ -13,7 +15,6 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:

View File

@ -1,24 +0,0 @@
id: itop-detect
info:
name: iTop Detect
author: pikpikcu
severity: info
tags: tech,itop
requests:
- method: GET
path:
- "{{BaseURL}}/pages/UI.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>iTop login</title>"
- type: status
status:
- 200

View File

@ -1,19 +0,0 @@
id: jaspersoft-detect
info:
name: Jaspersoft detected
author: koti2
severity: info
tags: tech,jaspersoft
requests:
- method: GET
path:
- "{{BaseURL}}/jasperserver/login.html?error=1"
matchers:
- type: word
words:
- "TIBCO Jaspersoft: Login"
- "Could not login to JasperReports Server"
- "About TIBCO JasperReports Server"
condition: or

View File

@ -11,6 +11,7 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
@ -19,3 +20,7 @@ requests:
- "<title>Welcome to JBoss Application Server" - "<title>Welcome to JBoss Application Server"
- "JBoss EAP 7" - "JBoss EAP 7"
condition: or condition: or
- type: status
status:
- 200

View File

@ -2,7 +2,7 @@ id: jenkins-detect
info: info:
name: Jenkins detect (version) name: Jenkins detect (version)
author: philippdelteil author: philippdelteil,daffainfo
severity: info severity: info
tags: tech,jenkins tags: tech,jenkins
@ -10,16 +10,19 @@ requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- "X-Jenkins" - "X-Jenkins"
- "X-Jenkins-Session"
part: header part: header
condition: and
- type: word - type: word
words: words:
- "<title>Sign in [Jenkins]</title>" - "<title>Dashboard [Jenkins]</title>"
part: body part: body
extractors: extractors:

View File

@ -1,11 +1,12 @@
id: jitsi-meet id: jitsi-meet-detect
info: info:
name: Jitsi Meet Page name: Jitsi Meet Page Detect
author: dhiyaneshDK author: dhiyaneshDK
severity: info severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Jitsi+Meet%22 metadata:
tags: tech shodan-query: http.title:"Jitsi Meet"
tags: tech,jitsi
requests: requests:
- method: GET - method: GET
@ -15,8 +16,10 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "<title>Jitsi Meet</title>" - "<title>Jitsi Meet</title>"
- type: status - type: status
status: status:
- 200 - 200

View File

@ -1,4 +1,4 @@
id: jolokia-instance id: jolokia-detect
info: info:
name: Jolokia Version Disclosure name: Jolokia Version Disclosure

View File

@ -1,24 +0,0 @@
id: kibana-detect
info:
name: Kibana Service Detection
author: petruknisme
severity: info
tags: tech,kibana
requests:
- method: GET
path:
- "{{BaseURL}}/login?next=%2F"
- "{{BaseURL}}/bundles/login.bundle.js"
- "{{BaseURL}}/bundles/kibana.style.css"
matchers:
- type: word
words:
- "<title>Kibana</title>"
- "kibanaLoaderWrap"
- "kibanaLoader"
- "xpack"
- "Elasticsearch B.V"
condition: or

View File

@ -2,7 +2,8 @@ id: kong-detect
info: info:
name: Detect Kong name: Detect Kong
author: geeknik author: geeknik
description: The Cloud-Native API Gateway - https://github.com/Kong/kong description: The Cloud-Native API Gateway
reference: https://github.com/Kong/kong
severity: info severity: info
tags: tech,kong tags: tech,kong

View File

@ -11,8 +11,8 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and
matchers: matchers:
- type: regex - type: regex
part: header part: header
regex: regex:
@ -20,3 +20,7 @@ requests:
- "(?i)X-CB-Server: LUCEE" - "(?i)X-CB-Server: LUCEE"
- "(?i)X-IDG-Appserver: Lucee" - "(?i)X-IDG-Appserver: Lucee"
condition: or condition: or
- type: status
status:
- 200

View File

@ -1,31 +0,0 @@
id: mautic-crm-detect
info:
name: mautic crm detect
author: cyllective
severity: info
description: Detects Mautic CRM
tags: tech,mautic,crm
reference:
- https://github.com/mautic/mautic
requests:
- method: GET
path:
- "{{BaseURL}}/s/login"
matchers-condition: or
matchers:
- type: word
part: body
condition: or
words:
- '<title>Mautic</title>'
- '<div class="mautic-logo'
- type: regex
part: body
condition: or
regex:
- 'var\s+?mautic(?:BasePath|BaseUrl|AjaxUrl|AjaxCsrf|AssetPrefix|Content|Env|Lang)\s+?='
- 'Copyright \d{4} Mautic\. All Rights Reserved\.'

View File

@ -14,6 +14,7 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
@ -22,6 +23,10 @@ requests:
- '<a href="http://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin Powered</a>' - '<a href="http://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin Powered</a>'
- '<a href="http://moinmo.in/Python" title="MoinMoin is written in Python.">Python Powered</a>' - '<a href="http://moinmo.in/Python" title="MoinMoin is written in Python.">Python Powered</a>'
- type: status
status:
- 200
extractors: extractors:
- type: regex - type: regex
part: body part: body

View File

@ -3,7 +3,8 @@ id: mrtg-detect
info: info:
name: Detect MRTG name: Detect MRTG
author: geeknik author: geeknik
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/ description: The Multi Router Traffic Grapher
reference: https://oss.oetiker.ch/mrtg/
severity: info severity: info
tags: tech,mrtg tags: tech,mrtg
@ -14,6 +15,7 @@ requests:
- "{{BaseURL}}/mrtg/" - "{{BaseURL}}/mrtg/"
- "{{BaseURL}}/MRTG/" - "{{BaseURL}}/MRTG/"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status

View File

@ -17,13 +17,16 @@ requests:
- "{{BaseURL}}/system-diagnostics" - "{{BaseURL}}/system-diagnostics"
- "{{BaseURL}}/nifi-api/access/config" - "{{BaseURL}}/nifi-api/access/config"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
part: body
regex: regex:
- "supportsLogin" - "supportsLogin"
- "disconnectedNodeAcknowledged" - "disconnectedNodeAcknowledged"
- "(aggregate|node)Snapshots?" - "(aggregate|node)Snapshots?"
condition: or
- type: status - type: status
status: status:

View File

@ -13,7 +13,6 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:

View File

@ -14,6 +14,7 @@ requests:
- "{{BaseURL}}" - "{{BaseURL}}"
- "{{BaseURL}}/modules/system/assets/js/framework.combined-min.js" - "{{BaseURL}}/modules/system/assets/js/framework.combined-min.js"
stop-at-first-match: true
redirects: true redirects: true
max-redirects: 1 max-redirects: 1
matchers: matchers:

View File

@ -11,6 +11,7 @@ requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/.well-known/openid-configuration" - "{{BaseURL}}/.well-known/openid-configuration"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status

View File

@ -1,9 +1,11 @@
id: olivetti-crf-detect id: olivetti-crf-detect
info: info:
name: Olivetti CRF Detect name: Olivetti CRF Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Olivetti+CRF%22 metadata:
shodan-query: http.title:"Olivetti CRF"
tags: tech,olivetti tags: tech,olivetti
requests: requests:

View File

@ -2,22 +2,23 @@ id: oneblog-detect
info: info:
name: OneBlog Detect name: OneBlog Detect
author: pikpikcu author: pikpikcu,daffainfo
severity: info severity: info
tags: tech,oneblog tags: tech,oneblog
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/passport/login/" - "{{BaseURL}}"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- "<title>OneBlog开源博客后台管理系统</title>" - '<title>OneBlog开源博客后台管理系统</title>'
- '<meta name="keywords" content="OneBlog'
condition: or
- type: status - type: status
status: status:

View File

@ -1,4 +1,4 @@
id: openam-detection id: openam-detect
info: info:
name: Detect OpenAM and OpenSSO name: Detect OpenAM and OpenSSO

View File

@ -1,21 +0,0 @@
id: opencast-detect
info:
name: Opencast detect
author: cyllective
severity: info
description: Detects Opencast
tags: tech,opencast
reference:
- https://github.com/opencast/opencast
requests:
- method: GET
path:
- "{{BaseURL}}/admin-ng/login.html"
matchers:
- type: word
part: body
words:
- '<title>Opencast</title>'

View File

@ -9,8 +9,10 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/www/admin/" - "{{BaseURL}}/www/admin/index.php"
- "{{BaseURL}}/admin/index.php"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
@ -27,4 +29,4 @@ requests:
part: body part: body
group: 1 group: 1
regex: regex:
- 'content="(.*)- http://www.openx.org">' - '(.*)- http://www.openx.org'

View File

@ -13,7 +13,6 @@ requests:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:

View File

@ -11,7 +11,7 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{RootURL}}" - "{{BaseURL}}"
redirects: true redirects: true
max-redirects: 2 max-redirects: 2

View File

@ -1,30 +0,0 @@
id: wordpress-gotmls-detect
info:
name: Detect WordPress Plugin Anti-Malware Security and Bruteforce Firewall
author: vsh00t
reference: https://www.exploit-db.com/exploits/50107
severity: info
tags: wordpress,wp-plugin,gotmls
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action={{randstr}}&file=../../../../../../../../../Windows/win.ini"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "gotmls"
- type: status
status:
- 302
extractors:
- type: kval
part: header
kval:
- location