nuclei-templates/http/technologies/honeypot-detect.yaml

35 lines
702 B
YAML

id: honeypot-detect
info:
name: Honeypot Detection
author: j4vaovo
severity: info
description: |
Honeypot was Detected.
reference:
- https://github.com/zema1/yarx
metadata:
max-request: 1
tags: honeypot,tech,cti
variables:
rand1: "{{randstr}}"
rand2: "{{rand_int(11111, 99999)}}"
rand3: "{{randstr}}"
http:
- method: GET
path:
- "{{BaseURL}}/?{{rand1}}=../../../../../../../../etc/passwd&{{rand3}}=1%20and%20updatexml(1,concat(0x7e,(select%20md5({{rand2}}))),1)"
matchers-condition: or
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: word
part: body
words:
- '{{md5({{rand2}})}}'