id: cisco-webvpn-detect info: name: Cisco WebVPN Panel - Detect author: ricardomaia severity: info description: Cisco WebVPN panel was detected. reference: - https://askanydifference.com/difference-between-cisco-clientless-ssl-vpn-and-anyconnect-with-table/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: verified: true max-request: 2 fofa-query: fid="U1TP/SJklrT9VLIEpZkQNg==" google-query: intitle:"SSLVPN Service" tags: panel,cisco,vpn http: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/webvpn.html" host-redirects: true max-redirects: 2 stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "CISCO" - "AnyConnect" - "SSLVPN Service" condition: or case-insensitive: true - type: regex part: header regex: - "webvpncontext=00@.+" - "webvpn=" condition: or # digest: 4b0a0048304602210088ddeac35157a271b0f1f1595c19a74522fabc615e920ef2cb67b76dff3d392e0221009c980fcc733d03a3128197719aae830f395f20af1b8d6887a05f7ae764bcb0fa:922c64590222798bb761d5b6d8e72950