id: cql-native-transport

info:
  name: CQL Native Transport Detect
  author: pussycat0x
  severity: info
  description: |
    Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
  metadata:
    max-request: 1
    shodan-query: cassandra
    verified: true
  tags: network,cassandra,cql,detect

tcp:
  - inputs:
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"
      - data: "/n"

    host:
      - "{{Hostname}}"
    port: 9042

    matchers:
      - type: word
        words:
          - "valid or unsupported protocol"

    extractors:
      - type: regex
        regex:
          - "protocol version: ([0-9]+)"
# digest: 490a004630440220105b167c2d9bd8ea01e31955760e6af72f14b4ab30add544644d07dad09fe58f02207a9fea3dc4dfcb11b00ccebba5659bdcd5de163c7340dc26bdc13554af8179b7:922c64590222798bb761d5b6d8e72950