id: vmware-detect info: name: VMware Detection author: elouhi severity: info description: Sends a POST request containing a SOAP payload to a vCenter server to obtain version information reference: - https://www.pwndefend.com/2021/09/23/exposed-vmware-vcenter-servers-around-the-world-cve-2021-22005/ - https://svn.nmap.org/nmap/scripts/vmware-version.nse tags: tech,vcenter,vmware metadata: max-request: 1 http: - raw: - | POST /sdk/ HTTP/1.1 Host: {{Hostname}} 00000001-00000001 <_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - 'ha-folder-root' - 'RetrieveServiceContentResponse' condition: or - type: word part: header words: - "text/xml" extractors: - type: regex part: body group: 1 regex: - "(.*?)" - "(.*?)" - "(.*?)" - "(.*?)" - "(.*?)" - "(.*?)"