id: puppetserver-detect

info:
  name: Puppetserver Detection
  author: c-sh0
  severity: info
  reference:
    - https://insinuator.net/2020/09/puppet-assessment-techniques/
  metadata:
    max-request: 1
  tags: tech,puppet,exposure,intrusive

http:
  - method: GET
    path:
      - "{{BaseURL}}/puppet-ca/v1/certificate_request/{{randstr}}"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 404

      - type: word
        part: header
        words:
          - "x-puppet-version"
        case-insensitive: true

      - type: word
        part: body
        words:
          - "{{randstr}}"

    extractors:
      - type: kval
        kval:
          - x_puppet_version

# digest: 4b0a004830460221009da8fdf7d343803bb76c86b36935e485784f03258b9285ef838fe1bddacf115e02210080939b191b4e6ebd534a1d86ad859bd1cf566f2493f8bf5aa4c26768786edf80:922c64590222798bb761d5b6d8e72950