id: adcs-certificate

info:
  name: Certification Authority Web Enrollment (ADCS) - Detection
  author: pastaga,defte
  severity: info
  description: |
    Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page.
  metadata:
    verified: true
    shodan-query: html:"/certenroll"
  tags: ad,adcs,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/certenroll/"
      - "{{BaseURL}}/CertEnroll/"

    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - contains(body, ".crl") || contains(body, ".crt")
          - contains(body, "CertEnroll") || contains(body, "certenroll")
          - status_code == 200
        condition: and
# digest: 4b0a00483046022100ab09f0fa5ad15180858e288d8f9faa7b3732391ceed46de0dbabb6d3c3b0e75e022100ef042bef6fdfee276767180092a43440c2de421c6a97c1d95c26a57e6a1276f6:922c64590222798bb761d5b6d8e72950