Create ntp-version-detect.yaml

2026-01-31 15:53:33 +08:00 · 2025-11-03 17:03:36 +05:30
parent 3c60993053
commit 2002bbdd30
1 changed files with 39 additions and 0 deletions
--- a/javascript/detection/ntp-version-detect.yaml
+++ b/javascript/detection/ntp-version-detect.yaml
@@ -0,0 +1,39 @@
+id: ntp-version-detect
+
+info:
+  name: NTP Version Detection
+  author: pussycat0x
+  severity: info
+  description: |
+    Detects if a target host is running NTP Service on port 123.
+  metadata:
+    verified: true
+    shodan-query: "NTP"
+  tags: ntp,ntpsec,udp,javascript
+
+javascript:
+  - pre-condition: |
+      isUDPPortOpen(Host, Port);
+
+    code: |
+      const c = require("nuclei/net");
+      const payload = "160203e80000000000000000";
+      const conn = c.Open('udp', `${Host}:${Port}`);
+      conn.SendHex(payload);
+      let resp = conn.RecvFullString(2048);
+      resp;
+
+args:
+      Host: "{{Host}}"
+      Port: 123
+
+    matchers:
+      - type: dsl
+        dsl:
+          - contains_all(response, "version","processor","system")
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - 'version="([^"]+)"'