id: cql-native-transport

info:
  name: CQL Native Transport Detect
  author: pussycat0x
  severity: info
  description: |
    Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
  metadata:
    verified: true
    max-request: 1
    shodan-query: cassandra
  tags: network,cassandra,cql,detect,detection,tcp
tcp:
  - inputs:
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"

    host:
      - "{{Hostname}}"
    port: 9042

    matchers:
      - type: word
        words:
          - "valid or unsupported protocol"

    extractors:
      - type: regex
        regex:
          - "protocol version: ([0-9]+)"
# digest: 4a0a0047304502210089eceb5af993945cb59a9072744ef3ac757027e6c0e5be2ca0f303e0473c4941022010439d0becbcdc7eadbd8631ac64f82ea3c0412a2021ace18549bb414065d4c1:922c64590222798bb761d5b6d8e72950