RabbitMQ Detection

network/detection/rabbitmq-detect.yaml

@@ -0,0 +1,28 @@
+id: rabbitmq-detect
+
+info:
+  name: RabbitMQ Detection
+  author: pussycat0x
+  severity: info
+  description: |
+    RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
+  metadata:
+    verified: true
+    shodan-query: 'product:"RabbitMQ"'
+  reference:
+    - https://nmap.org/nsedoc/scripts/amqp-info.html  
+  tags: network,detect,amqp,rabbitmq,oss
+
+network:
+
+  - inputs:
+      - data: "AMQP\u0000\u0000\t\u0001"
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:5672"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "publisher_confirmst"
+          - "RabbitMQ"