id: redis-default-logins

info:
  name: Redis - Default Logins
  author: tarunKoyalwar
  severity: high
  description: |
    Redis service was accessed with easily guessed credentials.
  metadata:
    max-request: 6
    shodan-query:
      - product:"redis"
      - http.title:"airflow - dags" || http.html:"apache airflow"
      - http.title:"sign in - airflow"
    product: airflow
    vendor: apache
    fofa-query:
      - apache airflow
      - title="airflow - dags" || http.html:"apache airflow"
      - title="sign in - airflow"
    google-query:
      - intitle:"airflow - dags" || http.html:"apache airflow"
      - intitle:"sign in - airflow"
  tags: js,redis,default-login,network

javascript:
  - pre-condition: |
      isPortOpen(Host,Port)
    code: |
      var m = require("nuclei/redis");
      m.GetServerInfoAuth(Host,Port,Password);
    args:
      Host: "{{Host}}"
      Port: "6379"
      Password: "{{passwords}}"
    payloads:
      passwords:
        - ""
        - root
        - password
        - admin
        - iamadmin
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "redis_version"

      - type: word
        negative: true
        words:
          - "redis_mode:sentinel"
# digest: 4a0a00473045022100a877c50a02d8cf0352dd75792350050a664d4bd5d6b8c456604e493044d33190022043f376210ce1b9ff19eb2de3d21465031df88680722ff767dc8ac0413a8729b1:922c64590222798bb761d5b6d8e72950