From f4d463967828d7140027694636e50466c74b0838 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sat, 10 Aug 2024 11:34:24 +0100 Subject: [PATCH 1/4] panel detection --- http/exposed-panels/photoprism-detect.yaml | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 http/exposed-panels/photoprism-detect.yaml diff --git a/http/exposed-panels/photoprism-detect.yaml b/http/exposed-panels/photoprism-detect.yaml new file mode 100644 index 0000000000..9cd568df47 --- /dev/null +++ b/http/exposed-panels/photoprism-detect.yaml @@ -0,0 +1,26 @@ +id: photoprism-detect + +info: + name: PhotoPrism Detection + author: rxerium + severity: info + description: | + Detects the presence of PhotoPrism web application. + reference: https://photoprism.app/ + tags: photoprism,panel + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "PhotoPrism" + + - type: status + status: + - 200 \ No newline at end of file From e1415a20b8b1a2aff9180a16d4ff568b7d1bedc8 Mon Sep 17 00:00:00 2001 From: Rishi Date: Sat, 10 Aug 2024 11:41:20 +0100 Subject: [PATCH 2/4] delete airos panel --- http/exposed-panels/airos-detect.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 http/exposed-panels/airos-detect.yaml diff --git a/http/exposed-panels/airos-detect.yaml b/http/exposed-panels/airos-detect.yaml deleted file mode 100644 index dadadf0f9c..0000000000 --- a/http/exposed-panels/airos-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: airos-detect - -info: - name: AIROS software detection - author: rxerium - severity: info - description: | - This template checks if the AIROS logo image is exposed at `/images/airos_logo.png` endpoint. If it returns a status code 200, it might indicate exposure of sensitive resources. - tags: - - airos,detection,exposed - metadata: - shodan_query: "http.favicon.hash:-697231354" - -requests: - - method: GET - path: - - "{{BaseURL}}/images/airos_logo.png" - - matchers: - - type: status - status: - - 200 \ No newline at end of file From 535eb89863d6172a8fa6471ef50a7d0aef2d4cad Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:47:01 -0700 Subject: [PATCH 3/4] Update and rename photoprism-detect.yaml to photoprism-panel.yaml --- ...prism-detect.yaml => photoprism-panel.yaml} | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) rename http/exposed-panels/{photoprism-detect.yaml => photoprism-panel.yaml} (50%) diff --git a/http/exposed-panels/photoprism-detect.yaml b/http/exposed-panels/photoprism-panel.yaml similarity index 50% rename from http/exposed-panels/photoprism-detect.yaml rename to http/exposed-panels/photoprism-panel.yaml index 9cd568df47..4cd0c52a7b 100644 --- a/http/exposed-panels/photoprism-detect.yaml +++ b/http/exposed-panels/photoprism-panel.yaml @@ -1,19 +1,25 @@ -id: photoprism-detect +id: photoprism-panel info: - name: PhotoPrism Detection + name: PhotoPrism Panel - Detect author: rxerium severity: info description: | - Detects the presence of PhotoPrism web application. - reference: https://photoprism.app/ + PhotoPrism Panel was Detected + reference: + - https://photoprism.app/ + metadata: + verified: true + max-request: 1 + shodan-query: http.title:PhotoPrism tags: photoprism,panel -requests: +http: - method: GET path: - "{{BaseURL}}" + host-redirects: true matchers-condition: and matchers: - type: word @@ -23,4 +29,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From f622de90b38a9739e4adc574914b312cfa2f4fc7 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 13 Aug 2024 16:50:00 -0700 Subject: [PATCH 4/4] Update photoprism-panel.yaml --- http/exposed-panels/photoprism-panel.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/exposed-panels/photoprism-panel.yaml b/http/exposed-panels/photoprism-panel.yaml index 4cd0c52a7b..9429bd967a 100644 --- a/http/exposed-panels/photoprism-panel.yaml +++ b/http/exposed-panels/photoprism-panel.yaml @@ -6,7 +6,7 @@ info: severity: info description: | PhotoPrism Panel was Detected - reference: + reference: - https://photoprism.app/ metadata: verified: true