nuclei-templates/network/detection/bgp-detect.yaml

43 lines
1.6 KiB
YAML

id: bgp-detect
info:
name: BGP Detection
author: danfaizer
severity: info
description: |
The remote host is running BGP, a popular routing protocol. This indicates that the remote host is probably a network router.
reference:
- https://www.acunetix.com/vulnerabilities/network/vulnerability/bgp-detection/
- https://www.tenable.com/plugins/nessus/11907
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: product:"BGP"
tags: network,bgp
tcp:
- inputs:
- data: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF001D010400FFFF0000B4C0
type: hex
# Source: https://www.rfc-editor.org/rfc/rfc4271.html#section-4.2
# FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF represents the 16-byte marker field.
# 001D is the total length of the BGP message, including the 19 bytes of the header and the optional parameters.
# 01 is the BGP message type, which is OPEN (1).
# 04 represents the BGP version, which is BGP-4.
# FFFF represents the Autonomous System Number (ASN) in hexadecimal format.
# 0000 represents the Hold Time.
# B4C0 represents the BGP Identifier, usually an IP address in hexadecimal format.
host:
- "{{Hostname}}"
port: 179
read-size: 16
matchers:
- type: word
encoding: hex
words:
- "ffffffffffffffffffffffffffffffff"
# digest: 4a0a00473045022064a8594466166035eca94cd92bd34e820089dfe2324e3bca979453379d46a1df022100d76382882480247d802b84eb101e5efd4e2c7f6ecfed4e1ab9264e0246d6c62a:922c64590222798bb761d5b6d8e72950