-
Notifications
You must be signed in to change notification settings - Fork 25
/
1005320589.yaml
24 lines (24 loc) · 1.1 KB
/
1005320589.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
id: http
info:
name: Cisco Secure ACS web interface
author: nmap,cn-kali-team
tags: detect,tech,http,service
severity: info
metadata:
operating_system: Windows
product: secure_access_control_server
rarity: 1
vendor: cisco
verified: true
tcp:
- name: get-request
inputs:
- data: GET / HTTP/1.0\r\n\r\n
host:
- '{{Hostname}}'
port: 1,70,79,88,113,139,143,280,497,505,514,515,540,554,591,620,631,783,888,898,900,901,1026,1080,1042,1214,1220,1234,1314,1344,1503,1610,1611,1830,1900,2001,2002,2030,2064,2160,2306,2396,2525,2715,2869,3000,3002,3052,3128,3280,3372,3531,3689,3872,4000,4444,4567,4660,4711,5000,5427,5060,5222,5269,5280,5432,5900,5985,6103,6346,6544,6600,6699,6969,7002,7007,7070,7100,7402,7776,8088,8118,8181,8530,9000,9001,9030,9050,9080,9090,9999,10000,10001,10005,11371,13013,13666,13722,14534,15000,17988,18264,31337,40193,50000,55555,80-85,5800-5803,8000-8010,8080-8085,8880-8888
extractors:
- name: http
type: regex
regex:
- '^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nContent-length: \d+\r\n\r\n<html>\r\n<head>\r\n<title>CiscoSecure ACS Login</title>'