29 lines
999 B
YAML
29 lines
999 B
YAML
id: brute-ratel-c4
|
|
|
|
info:
|
|
name: Brute Ratel C4 - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Brute Ratel C4 (BRc4) is a legit red-teaming tool designed from the ground up with evasion capabilities in mind, but in the wrong hands can cause significant damage. Learn how to protect your organization with our Brute Ratel C4 Spotlight.
|
|
reference:
|
|
- https://bruteratel.com/
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: http.html_hash:-1957161625
|
|
verified: "true"
|
|
tags: c2,bruteratel,c4,panel
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "contains(body, '404 file not found')"
|
|
- "(\"1a279f5df4103743b823ec2a6a08436fdf63fe30\" == sha1(body))"
|
|
condition: and
|
|
# digest: 4a0a00473045022100f66117aa613792028cebcc42d9db7423777d88c444b4dab2d52ee783d39d2291022067a0b3b9824bc202ed2a5056841e91cc65a0aa445f612969de96486ad0cbe181:922c64590222798bb761d5b6d8e72950 |