id: metasploit-c2 info: name: Detect SSL Certificate Issuer author: pussycat0x severity: info description: | A Metasploit Framework is a powerful tool that provides a universal interface to work with vulnerability exploit code. It has to exploit code for a wide range of vulnerabilities that impact web servers, OSes, network equipment, and everything in between. Metasploit which serves as both exploitation and C2 frameworks. reference: | https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/ metadata: max-request: 1 verified: "true" shodan-query: ssl:"MetasploitSelfSignedCA" tags: c2,ir,osint,metasploit,panel ssl: - address: "{{Host}}:{{Port}}" matchers: - type: word part: issuer_cn words: - "MetasploitSelfSignedCA" extractors: - type: json json: - " .issuer_cn"