id: vsftpd-detection

info:
  name: VSFTPD v2.3.4 Backdoor Command Execution
  author: pussycat0x
  severity: critical
  tags: network,vsftpd,ftp
  reference: https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/

network:
  - inputs:
      - data: "USER anonymous\r\nPASS pussycat0x\r\n"

    host:
      - "{{Hostname}}"
      - "{{Hostname}}:21"

    matchers:
      - type: word
        words:
          - "vsFTPd 2.3.4"