id: brute-ratel-c4

info:
  name: Brute Ratel C4 - Detect
  author: pussycat0x
  severity: info
  description: |
    Brute Ratel C4 (BRc4) is a legit red-teaming tool designed from the ground up with evasion capabilities in mind, but in the wrong hands can cause significant damage. Learn how to protect your organization with our Brute Ratel C4 Spotlight.
  reference:
    - https://bruteratel.com/
  metadata:
    max-request: 1
    shodan-query: http.html_hash:-1957161625
    verified: "true"
  tags: c2,bruteratel,c4,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "contains(body, '404 file not found')"
          - "(\"1a279f5df4103743b823ec2a6a08436fdf63fe30\" == sha1(body))"
        condition: and
# digest: 4a0a00473045022100f66117aa613792028cebcc42d9db7423777d88c444b4dab2d52ee783d39d2291022067a0b3b9824bc202ed2a5056841e91cc65a0aa445f612969de96486ad0cbe181:922c64590222798bb761d5b6d8e72950