id: darkstat-detect info: name: Detect Darkstat Reports author: geeknik description: Darkstat captures network traffic, calculates statistics about usage, and serves reports over HTTP reference: https://unix4lyfe.org/darkstat/ severity: high tags: darkstat,logs,exposure requests: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/darkstat/" # FYI, the default port for darkstat is 666 matchers-condition: and matchers: - type: regex part: header regex: - "[Ss]erver: darkstat.*" - type: word part: body words: - "darkstat" - "