Commit Graph

86 Commits (6396390240bf5897e927a58fa855962f336650d1)

Author SHA1 Message Date
johnk3r 670fd19ea3
Create mythic-c2-ssl.yaml 2023-09-08 17:29:36 -03:00
geeknik e3439d8417
Update weak-cipher-suites.yaml
Here are some potential justifications for lowering the severity of the weak cipher suites alert in Nuclei from medium to low:

- The risks associated with weak cipher suites are mainly related to interception of traffic and decryption of sensitive data in transit. This requires a man-in-the-middle position which limits the scale of potential abuse.

- For an external scan, it is difficult to determine the true impact of weak cipher suites without knowing details of the application architecture and data flows. There could be other protections in place that mitigate the risk.

- Weak cipher suites alone do not enable direct remote code execution or access to underlying resources. Additional vulnerabilities would need to be chained to result in system compromise.

- The classification of "weak" cipher suites is also subjective and changes over time. Something considered weak today may still be commonly used and considered acceptable by many organizations.

- The CVSS score ranges from none to low for interception of non-sensitive data in transit. For external scanning, it's uncertain if truly sensitive data is exposed.

- Remediation requires updating server configurations across potentially many hosts. While recommended in the long term, it is not always trivial for organizations to deploy in the short term.

- There are likely higher severity issues that should be prioritized for remediation first, rather than just the acceptable cipher suites.

While weak cipher suites are not advisable, their ease of exploitation is limited in many real-world scenarios. And when performing external testing, it's difficult to determine the true impact. Given these factors, lowering the severity rating seems reasonable compared to other more serious remote bugs. But organizations should still look to phase out weak ciphers in a responsible manner.
2023-08-25 01:11:23 +00:00
pentesttools-com 08196b27be
Added description fields where missing in the ssl templates 2023-08-17 17:14:19 +03:00
pussycat0x 2c804759f7 Havoc C2 - Detection 2023-08-14 11:33:44 +05:30
pussycat0x 1eb91f57f1
Update gozi-malware-c2.yaml 2023-08-01 17:13:57 +05:30
pussycat0x e960aa0afd
Rename gozi-malware.yaml to gozi-malware-c2.yaml 2023-08-01 17:12:35 +05:30
ErikOwen 4e979d1dc5 merge branch main into patch/tag-standardization 2023-06-30 14:56:15 -07:00
sandeep f15cfb0b43 added matcher name for better visibility in result. 2023-06-22 15:24:21 +05:30
GitHub Action 41277637c0 TemplateMan Update [Wed Jun 21 21:03:53 UTC 2023] 🤖 2023-06-21 21:03:54 +00:00
Dhiyaneshwaran 12a02aa063
Merge pull request #7419 from projectdiscovery/pussycat0x-patch-15
Covenant C2 - Detect
2023-06-15 16:54:42 +05:30
Dhiyaneshwaran c97e2d365e
Update and rename covenant-c2.yaml to covenant-c2-ssl.yaml 2023-06-15 14:59:30 +05:30
Dhiyaneshwaran b3d14b5f50
Merge pull request #7421 from projectdiscovery/pussycat0x-patch-18
Posh C2 - Detect
2023-06-15 14:56:16 +05:30
Dhiyaneshwaran bec398e619
Update and rename covenant-c2-ssl.yaml to covenant-c2.yaml 2023-06-15 14:56:06 +05:30
Dhiyaneshwaran c2a3dd7d25
Merge pull request #7423 from johnk3r/main
Create quasar-rat-c2.yaml
2023-06-15 14:53:51 +05:30
Dhiyaneshwaran 7af3acdb76
Merge pull request #7425 from projectdiscovery/pussycat0x-patch-20
OrcusRAT - Detect
2023-06-15 14:52:04 +05:30
Dhiyaneshwaran 03a7f123b8
Merge pull request #7427 from projectdiscovery/pussycat0x-patch-22
DcRat Server C2 - Detect
2023-06-15 14:51:45 +05:30
Dhiyaneshwaran 8264366f69
Update and rename dcrat-server.yaml to dcrat-server-c2.yaml 2023-06-15 14:48:46 +05:30
Dhiyaneshwaran 05142086e9
Merge pull request #7428 from projectdiscovery/pussycat0x-patch-23
Bitrat C2 - Detect
2023-06-15 14:47:55 +05:30
pussycat0x 579fd894ae
lint & name - fix 2023-06-14 20:07:08 +05:30
pussycat0x 886e444e3d
minor -update 2023-06-14 20:01:09 +05:30
pussycat0x 276dec427b
lint -fix 2023-06-14 19:57:16 +05:30
pussycat0x 4ca027ff71
Gozi Malware - Detect 2023-06-14 19:53:39 +05:30
pussycat0x d63b7bd484
Bitrat C2 - Detect 2023-06-14 19:51:21 +05:30
pussycat0x a927b5976a
DcRat Server C2 - Detect 2023-06-14 19:50:16 +05:30
pussycat0x ba85eb446c
OrcusRAT - Detect 2023-06-14 19:47:12 +05:30
johnk3r 19092d82f8
Create quasar-rat-c2.yaml 2023-06-14 10:05:08 -03:00
pussycat0x 9d57e4797b
Posh C2 - Detect 2023-06-14 16:19:18 +05:30
pussycat0x 7a87280eb6
Update and rename covenant-c2.yaml to covenant-c2-ssl.yaml 2023-06-14 15:59:57 +05:30
pussycat0x 89816bdff0
Covenant C2 - Detect 2023-06-14 13:53:17 +05:30
Dhiyaneshwaran 09ed639712
Merge pull request #7406 from johnk3r/main
Create asyncrat-c2.yaml
2023-06-14 12:50:31 +05:30
Dhiyaneshwaran f030c52428
Merge pull request #7412 from projectdiscovery/pussycat0x-patch-15
ShadowPad C2 Infrastructure
2023-06-14 12:44:14 +05:30
pussycat0x b1b6a31a9a
Add files via upload 2023-06-14 00:53:02 +05:30
pussycat0x 12df78f592
Add files via upload 2023-06-14 00:08:38 +05:30
pussycat0x 5d5ace2015
metadata -update 2023-06-13 23:42:27 +05:30
johnk3r c926a4e676
Create asyncrat-c2.yaml 2023-06-13 12:42:01 -03:00
Dhiyaneshwaran aa55a46fcc
Merge pull request #7393 from projectdiscovery/pussycat0x-patch-14
Update and rename http/exposed-panels/c2/metasploit-c2.yaml to ssl/c2…
2023-06-12 17:57:51 +05:30
pussycat0x 36e7bab0e6
Update and rename http/exposed-panels/c2/cobalt-strike-c2.yaml to ssl/c2/cobalt-strike-c2.yaml 2023-06-12 17:47:25 +05:30
pussycat0x b0899fe05c
Update and rename http/exposed-panels/c2/metasploit-c2.yaml to ssl/c2/metasploit-c2.yaml 2023-06-12 17:45:43 +05:30
sandeep e53d19f583 boolean format update 2023-06-04 13:43:42 +05:30
GitHub Action df5a969b80 Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] 🤖 2023-06-03 18:56:35 +00:00
Ritik Chaddha 809ca09e11
Merge branch 'main' into Insecure-Cipher-Suites-Detection 2023-05-26 18:19:09 +05:30
pussycat0x 9ff4bbeaf1
TLS version - update 2023-05-24 11:54:49 +05:30
pussycat0x 1a17ce7d2e
Update weak-cipher-suites.yaml 2023-05-24 11:53:15 +05:30
pussycat0x 562cb302b2
tls versions -update 2023-05-24 11:50:04 +05:30
sandeep 1f5b1f2c47 Added max request counter of each template 2023-04-28 13:41:21 +05:30
Ritik Chaddha 43916d2fe6
Merge pull request #6958 from kchason/kubernetes-fake-certificate
Add template for Kubernetes Fake Certificates
2023-03-28 11:57:49 +05:30
MostInterestingBotInTheWorld 186745475b
dos2unix conversions (#6969)
* Add description and enhance one where the UI failed to save properly.
dos2unix on a template

* Change cvedetails link to nvd

* make severities match

* Enhancement: cves/2015/CVE-2015-2863.yaml by md

* Enhancement: cves/2017/CVE-2017-14524.yaml by md

* Enhancement: cves/2017/CVE-2017-5638.yaml by md

* Enhancement: cves/2019/CVE-2019-16759.yaml by md

* Enhancement: cves/2021/CVE-2021-22986.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24155.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24145.yaml by md

* Enhancement: cves/2021/CVE-2021-24347.yaml by md

* Enhancement: cves/2021/CVE-2021-25003.yaml by md

* Enhancement: cves/2021/CVE-2021-25296.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-25296.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-25298.yaml by md

* Enhancement: cves/2021/CVE-2021-25297.yaml by md

* Enhancement: cves/2021/CVE-2021-28151.yaml by md

* Enhancement: cves/2021/CVE-2021-30128.yaml by md

* Enhancement: cves/2022/CVE-2022-0824.yaml by md

* Enhancement: cves/2022/CVE-2022-0824.yaml by md

* Enhancement: cves/2022/CVE-2022-0885.yaml by md

* Enhancement: cves/2022/CVE-2022-21587.yaml by md

* Enhancement: cves/2022/CVE-2022-2314.yaml by md

* Enhancement: cves/2022/CVE-2022-24816.yaml by md

* Enhancement: cves/2022/CVE-2022-31499.yaml by md

* Enhancement: cves/2022/CVE-2022-21587.yaml by md

* Enhancement: cves/2021/CVE-2021-24155.yaml by md

* Enhancement: cves/2017/CVE-2017-5638.yaml by md

* Enhancement: cves/2015/CVE-2015-2863.yaml by md

* Enhancement: cves/2022/CVE-2022-33901.yaml by md

* Enhancement: cves/2022/CVE-2022-2314.yaml by md

* Enhancement: cves/2022/CVE-2022-33901.yaml by md

* Enhancement: cves/2022/CVE-2022-34753.yaml by md

* Enhancement: cves/2022/CVE-2022-39952.yaml by md

* Enhancement: cves/2022/CVE-2022-4060.yaml by md

* Enhancement: cves/2022/CVE-2022-44877.yaml by md

* Enhancement: cves/2023/CVE-2023-0669.yaml by md

* Enhancement: cves/2023/CVE-2023-26255.yaml by md

* Enhancement: cves/2023/CVE-2023-26256.yaml by md

* Enhancement: exposures/files/salesforce-credentials.yaml by md

* Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md

* Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by md

* Enhancement: network/backdoor/backdoored-zte.yaml by md

* Enhancement: network/detection/ibm-d2b-database-server.yaml by md

* Enhancement: network/detection/ibm-d2b-database-server.yaml by md

* Enhancement: technologies/oracle/oracle-atg-commerce.yaml by md

* Enhancement: token-spray/api-abuseipdb.yaml by md

* Enhancement: token-spray/api-abuseipdb.yaml by md

* Enhancement: token-spray/api-dbt.yaml by md

* Enhancement: vulnerabilities/avaya/avaya-aura-rce.yaml by md

* Enhancement: vulnerabilities/avaya/avaya-aura-xss.yaml by md

* Enhancement: vulnerabilities/cisco/cisco-cloudcenter-suite-rce.yaml by md

* Enhancement: vulnerabilities/froxlor-xss.yaml by md

* Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md

* Enhancement: vulnerabilities/opencpu/opencpu-rce.yaml by md

* Enhancement: vulnerabilities/other/academy-lms-xss.yaml by md

* Enhancement: vulnerabilities/other/caucho-resin-info-disclosure.yaml by md

* Enhancement: vulnerabilities/other/ckan-dom-based-xss.yaml by md

* Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by md

* Enhancement: vulnerabilities/other/graylog-log4j.yaml by md

* Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md

* Initial cleanups for syntax errors

* dashboard gremlins

* Add log4j back to name

* Enhancement: exposures/files/salesforce-credentials.yaml by cs

* Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by cs

* Enhancement: network/backdoor/backdoored-zte.yaml by cs

* Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by cs

* Sev and other info tweaks

* Merge conflict

* Run dos2unix against all templates

* too many newlines error

* Fix too many blank lines error

* Fix severity mismatches
Cleanup language on a new test

---------

Co-authored-by: sullo <sullo@cirt.net>
2023-03-27 14:22:40 -04:00
Ritik Chaddha 641e5e9354
Update kubernetes-fake-certificate.yaml 2023-03-27 23:51:24 +05:30
pussycat0x 3763f5f126
minor -update 2023-03-27 19:01:27 +05:30
kchason adbc105f10 YAML formatting for template 2023-03-25 17:30:31 -04:00