31 lines
1003 B
YAML
31 lines
1003 B
YAML
id: brute-ratel-c4
|
|
|
|
info:
|
|
name: Brute Ratel C4 - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Brute Ratel C4 (BRc4) is a legit red-teaming tool designed from the ground up with evasion capabilities in mind, but in the wrong hands can cause significant damage. Learn how to protect your organization with our Brute Ratel C4 Spotlight.
|
|
reference:
|
|
- https://bruteratel.com/
|
|
metadata:
|
|
verified: "true"
|
|
max-request: 1
|
|
shodan-query: http.html_hash:-1957161625
|
|
tags: c2,bruteratel,c4,panel
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "contains(body, '404 file not found')"
|
|
- "(\"1a279f5df4103743b823ec2a6a08436fdf63fe30\" == sha1(body))"
|
|
condition: and
|
|
|
|
# digest: 4b0a00483046022100f1de6c8fc069d57399f23b476ebd8fde21a41cc0fca5a4e9fda765aafeccca65022100e512bc56582dc79f22dac73f5f25806c6ce6ff5f287b6ed3c7d5c52dd44d6c24:922c64590222798bb761d5b6d8e72950
|