Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ivanti_csa_lastpatcheddate_scan module #911

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+49 −0
Open

ivanti_csa_lastpatcheddate_scan module #911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0de0aa1
ivanti_csa_lastpatcheddate_scan module
securestep9 Sep 20, 2024
5eab270
Merge branch 'master' into ivanti_csa
securestep9 Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/Modules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ OWASP Nettacker Modules can be of type **Scan** (scan for something), **Vuln** (
* '**icmp_scan**' - Ping the target and log the response time if it responds.
* '**http_redirect_scan**' - Scan the target and test if it returns an HTTP redirect 3xx response code and print the destination
* '**http_status_scan**' - Scan the target and return the HTTP status code
* '**ivanti_csa_lastpatcheddate_scan**' - Scan the target for Ivanti CSA appliance and return its last patched date
* '**joomla_template_scan**' - Scan the target for Joomla templates (identify Joomla sites)
* '**joomla_user_enum_scan**' - Scan the target and enumerate Joomla users
* '**joomla_version_scan**' - Scan the target and identify the Joomla version
Expand Down
48 changes: 48 additions & 0 deletions nettacker/modules/scan/ivanti_csa_lastpatcheddate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
info:
name: ivanti_csa_lastpatcheddate_scan
author: OWASP Nettacker Team
severity: 3
description: Ivanti CSA Last Patched Date Scan
reference: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-another-critical-csa-flaw-exploited-in-attacks/
profiles:
- scan
- http
- ivanti
- low_severity

payloads:
- library: http
steps:
- method: head
timeout: 3
headers:
User-Agent: "{user_agent}"
allow_redirects: false
ssl: false
url:
nettacker_fuzzer:
input_format: "{{schema}}://{target}:{{ports}}/allowed/ivanti-logo.png"
prefix: ""
suffix: ""
interceptors:
data:
schema:
- "http"
- "https"
ports:
- 80
- 443
response:
condition_type: and
log: "response_dependent['headers']['Last-Modified']"
conditions:
status_code:
regex: "200"
reverse: false
headers:
Last-Modified:
regex: .*
reverse: false
Content-Type:
regex: ^image\/png$
reverse: false