From 8335fed63389325eb0cc087fd204764f1c75070d Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO Date: Thu, 8 Aug 2024 06:56:10 +0200 Subject: [PATCH 1/2] Update checkmk-login.yaml --- .../exposed-panels/checkmk/checkmk-login.yaml | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/http/exposed-panels/checkmk/checkmk-login.yaml b/http/exposed-panels/checkmk/checkmk-login.yaml index 4cfea266bb..f949465902 100644 --- a/http/exposed-panels/checkmk/checkmk-login.yaml +++ b/http/exposed-panels/checkmk/checkmk-login.yaml @@ -2,35 +2,37 @@ id: checkmk-login info: name: Checkmk Login Panel - Detect - author: princechaddha + author: princechaddha,righettod severity: info description: Checkmk login panel was detected. + reference: + - https://checkmk.com/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 - cpe: cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:* metadata: - max-request: 1 - vendor: tribe29 + max-request: 5 + vendor: checkmk product: checkmk - tags: login,tech,synology,rackstation,panel,tribe29 + verified: true + shodan-query: http.title:"Check_MK" + tags: panel,checkmk,detect,login http: - method: GET path: - - "{{BaseURL}}/check_mk/login.py" + - "{{BaseURL}}/" - matchers-condition: or + redirects: true + max-redirects: 5 + stop-at-first-match: true matchers: - - type: word - part: body - words: - - 'Check_MK Multisite Login' - - - type: regex - part: body - regex: - - 'Checkmk ([A-Za-z_0-9 ]+)<\/title>' + - type: dsl + dsl: + - 'status_code == 200 || status_code == 401' + - 'contains_any(to_lower(body), "check_mk multisite login", "checkmk", "check_mk mobile")' + condition: and extractors: - type: regex @@ -39,4 +41,3 @@ http: regex: - '<div id="version">([0-9.a-z]+)<\/div>' - '<div id="foot">Version: ([0-9.a-z]+)' -# digest: 4b0a00483046022100b310dc2eb2c1633e9d63b74c63df7b1dfee65e41b00f931d7ba59a93b5655910022100dc129226cfb39444cfd03083edd885b212c317aedc94300267e185c5b25d6290:922c64590222798bb761d5b6d8e72950 \ No newline at end of file From 358d5d9de56803c8337e4f67d3fd0c37c436a4b6 Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO <righettod@users.noreply.github.com> Date: Thu, 8 Aug 2024 07:05:46 +0200 Subject: [PATCH 2/2] Fix linter error --- http/exposed-panels/checkmk/checkmk-login.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/http/exposed-panels/checkmk/checkmk-login.yaml b/http/exposed-panels/checkmk/checkmk-login.yaml index f949465902..1c749de8aa 100644 --- a/http/exposed-panels/checkmk/checkmk-login.yaml +++ b/http/exposed-panels/checkmk/checkmk-login.yaml @@ -6,7 +6,7 @@ info: severity: info description: Checkmk login panel was detected. reference: - - https://checkmk.com/ + - https://checkmk.com/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 @@ -28,11 +28,11 @@ http: max-redirects: 5 stop-at-first-match: true matchers: - - type: dsl - dsl: - - 'status_code == 200 || status_code == 401' - - 'contains_any(to_lower(body), "check_mk multisite login", "checkmk", "check_mk mobile")' - condition: and + - type: dsl + dsl: + - 'status_code == 200 || status_code == 401' + - 'contains_any(to_lower(body), "check_mk multisite login", "checkmk", "check_mk mobile")' + condition: and extractors: - type: regex