id: maltrail-panel info: name: Maltrail Panel - Detect author: ritikchaddha severity: info description: | Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value. metadata: verified: true max-request: 1 shodan-query: title:"Maltrail" tags: panel,maltrail,detect http: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: word part: body words: - "Maltrail" - "/stamparm/maltrail/wiki" - "Maltrail" condition: or - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - 'M<\/b>altrail \(v([0-9.]+)<\/b>' # digest: 4b0a00483046022100e53e48cafb573ff5fcee2c464462413d3f45dd1d46d243aaa626300be2ab7ca1022100e842558bd97c6711d9e9024a1d1f11b4675ab817b97a8c036d30d93461a5947e:922c64590222798bb761d5b6d8e72950