|
9033 | 9033 | "collections": [ |
9034 | 9034 | "crowdsecurity/http-cve" |
9035 | 9035 | ], |
9036 | | - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3Jhd2wtbm9uX3N0YXRpY3MKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtYmFkLXVzZXItYWdlbnQKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1wYXRoLXRyYXZlcnNhbC1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtc2Vuc2l0aXZlLWZpbGVzCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKICAtIGx0c2ljaC9odHRwLXcwMHR3MDB0CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtZ2VuZXJpYy1iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW9wZW4tcHJveHkKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1hZG1pbi1pbnRlcmZhY2UtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzcy1zY2FuCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zYXAtaW50ZXJmYWNlLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1nZW5lcmljLXRlc3QKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwX2Jhc2UKZGVzY3JpcHRpb246ICJodHRwIGNvbW1vbiA6IHNjYW5uZXJzIGRldGVjdGlvbiIKbGFiZWxzOgogIGxhYmVsOiAiSFRUUCAtIEdlbmVyaWMgUHJvdGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBzZWN1cml0eV9lbmdpbmUKICAtIGxpbnV4CiAgLSBodHRwCiAgLSBjcmF3bAogIC0gc2Nhbgo=", |
| 9036 | + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3Jhd2wtbm9uX3N0YXRpY3MKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtYmFkLXVzZXItYWdlbnQKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1wYXRoLXRyYXZlcnNhbC1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtc2Vuc2l0aXZlLWZpbGVzCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKICAtIGx0c2ljaC9odHRwLXcwMHR3MDB0CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtZ2VuZXJpYy1iZgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLW9wZW4tcHJveHkKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1hZG1pbi1pbnRlcmZhY2UtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzcy1zY2FuCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zYXAtaW50ZXJmYWNlLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1nZW5lcmljLXRlc3QKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC10ZWNobm9sb2d5LXByb2JpbmcKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlCmNvbnRleHRzOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwX2Jhc2UKZGVzY3JpcHRpb246ICJodHRwIGNvbW1vbiA6IHNjYW5uZXJzIGRldGVjdGlvbiIKbGFiZWxzOgogIGxhYmVsOiAiSFRUUCAtIEdlbmVyaWMgUHJvdGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBzZWN1cml0eV9lbmdpbmUKICAtIGxpbnV4CiAgLSBodHRwCiAgLSBjcmF3bAogIC0gc2Nhbgo=", |
9037 | 9037 | "contexts": [ |
9038 | 9038 | "crowdsecurity/http_base" |
9039 | 9039 | ], |
|
9062 | 9062 | "crowdsecurity/http-wordpress-scan", |
9063 | 9063 | "crowdsecurity/http-cve-probing", |
9064 | 9064 | "crowdsecurity/http-sap-interface-probing", |
9065 | | - "crowdsecurity/http-generic-test" |
| 9065 | + "crowdsecurity/http-generic-test", |
| 9066 | + "crowdsecurity/http-technology-probing" |
9066 | 9067 | ], |
9067 | | - "version": "1.3", |
| 9068 | + "version": "1.4", |
9068 | 9069 | "versions": { |
9069 | 9070 | "0.1": { |
9070 | 9071 | "deprecated": false, |
|
9117 | 9118 | "1.3": { |
9118 | 9119 | "deprecated": false, |
9119 | 9120 | "digest": "1e09dd9ec002d6dae6106d968acf6421a449d5241f4135fbc102049b9bde3164" |
| 9121 | + }, |
| 9122 | + "1.4": { |
| 9123 | + "deprecated": false, |
| 9124 | + "digest": "e35b4e692c87bf485b897e8351496ce4e18a6639614d26bb8f24cd65bd3944a3" |
9120 | 9125 | } |
9121 | 9126 | } |
9122 | 9127 | }, |
|
22008 | 22013 | } |
22009 | 22014 | } |
22010 | 22015 | }, |
| 22016 | + "crowdsecurity/http-technology-probing": { |
| 22017 | + "author": "crowdsecurity", |
| 22018 | + "content": "dHlwZTogdHJpZ2dlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtdGVjaG5vbG9neS1wcm9iaW5nCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEhUVFAgdGVjaG5vbG9neS92ZW5kb3IgcHJvYmluZyIKZmlsdGVyOiB8CiAgaWYgKGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnIGFuZAogICAgICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddIGFuZAogICAgICBldnQuTWV0YS5odHRwX3N0YXR1cyBpbiBbJzQwNCcsICc0MDMnXSkKICAgIHsKICAgICAgbGV0IHRhcmdldF90ZWNobm9sb2d5ID0gTG9va3VwRmlsZShldnQuTWV0YS5odHRwX3BhdGgsICJ0ZWNobm9sb2d5X3Byb2JpbmcuanNvbiIpOwogICAgICB0YXJnZXRfdGVjaG5vbG9neSAhPSAiIiA/IGV2dC5TZXRNZXRhKCJ0YXJnZXRfdGVjaG5vbG9neSIsIHRhcmdldF90ZWNobm9sb2d5KSAgOiBmYWxzZQogICAgfSBlbHNlIHsgZmFsc2UgfQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpkYXRhOgogICMgCiAgLSBkZXN0X2ZpbGU6IHRlY2hub2xvZ3lfcHJvYmluZy5qc29uCiAgICBzb3VyY2VfdXJsOiBodHRwczovL2h1Yi1kYXRhLmNyb3dkc2VjLm5ldC93ZWIvdGVjaG5vbG9neV9wcm9iaW5nLmpzb24KICAgIHR5cGU6IG1hcApsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUKICBiZWhhdmlvcjogImh0dHA6c2NhbiIKICBsYWJlbDogIkhUVFAgVGVjaG5vbG9neSBQcm9iaW5nIgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogZmFsc2UK", |
| 22019 | + "description": "Detect HTTP technology/vendor probing", |
| 22020 | + "labels": { |
| 22021 | + "behavior": "http:scan", |
| 22022 | + "classification": [ |
| 22023 | + "attack.T1595" |
| 22024 | + ], |
| 22025 | + "confidence": 3, |
| 22026 | + "label": "HTTP Technology Probing", |
| 22027 | + "remediation": false, |
| 22028 | + "service": "http", |
| 22029 | + "spoofable": 0 |
| 22030 | + }, |
| 22031 | + "long_description": "QSBzY2VuYXJpbyB0aGF0IGRldGVjdHMgZmluZ2VycHJpbnRpbmcgZm9yIHZhcmlvdXMgKDMwMCspIHZlbmRvcnMgYW5kIHRlY2hub2xvZ2llcy4KCkl0IGRvZXNuJ3QgdHJpZ2dlciBhIGJhbiBvbiBpdHMgb3duLg==", |
| 22032 | + "path": "scenarios/crowdsecurity/http-technology-probing.yaml", |
| 22033 | + "version": "0.1", |
| 22034 | + "versions": { |
| 22035 | + "0.1": { |
| 22036 | + "deprecated": false, |
| 22037 | + "digest": "fb981bab1c8cefebe9d8902fc496747040c43d98b2c0e60552dacc941e1dd773" |
| 22038 | + } |
| 22039 | + } |
| 22040 | + }, |
22011 | 22041 | "crowdsecurity/http-wordpress-scan": { |
22012 | 22042 | "author": "crowdsecurity", |
22013 | 22043 | "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXdvcmRwcmVzcy1zY2FuCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGV4cGxvaXRhdGlvbiBhdHRlbXB0cyBhZ2FpbnN0IGNvbW1vbiBXb3JkUHJlc3MgZW5kcG9pbnRzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyBhbmQKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddIGFuZAogIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMyddIGFuZAogIExvd2VyKGV2dC5QYXJzZWQucmVxdWVzdCkgbWF0Y2hlcyAiKD9pKSgvd3AtLipcXC5waHB8L3dwLWNvbnRlbnQvcGx1Z2lucy8uKlxcLih0eHR8bWQpKSQiCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5yZXF1ZXN0CmNhcGFjaXR5OiAzCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgcmVtZWRpYXRpb246IHRydWUKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJXb3JkUHJlc3MgVnVsbiBIdW50aW5nIgogIHNwb29mYWJsZTogMAogIHNlcnZpY2U6IHdvcmRwcmVzcwogIGNvbmZpZGVuY2U6IDMK", |
|
0 commit comments