40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
id: maltrail-panel
|
|
|
|
info:
|
|
name: Maltrail Panel - Detect
|
|
author: ritikchaddha
|
|
severity: info
|
|
description: |
|
|
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value.
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: title:"Maltrail"
|
|
tags: panel,maltrail,detect
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Maltrail</title>"
|
|
- "/stamparm/maltrail/wiki"
|
|
- "<b>M</b>altrail"
|
|
condition: or
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '<b>M<\/b>altrail \(v<b>([0-9.]+)<\/b>'
|