id: bitvise-detect

info:
  name: SSH Bitvise Service - Detect
  author: abdullahisik
  severity: info
  description: |
    Bitvise SSH service was detected.
  reference:
    - https://www.bitvise.com/
    - https://vulners.com/openvas/OPENVAS:1361412562310813387
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:/a:bitvise:winsshd
  metadata:
    max-request: 1
    shodan-query: product:"bitvise"
  tags: network,ssh,bitvise,detect,detection,tcp
tcp:
  - host:
      - "{{Hostname}}"
    port: 22

    matchers:
      - type: regex
        regex:
          - '(?i)Bitvise'

    extractors:
      - type: regex
        regex:
          - "SSH([-0-9.]+) FlowSsh: Bitvise ([A-Z a-z()]+) ([0-9.]+)"
# digest: 4a0a0047304502210094653cf344d48233c4fecab94f96ba7f23b05903e1a37ca26c617752906060c702204047c74021c7dae1d83ee4a04fd8e4f9f55318e42f5fb005d93edf863d3b0d19:922c64590222798bb761d5b6d8e72950