more network templates

2026-01-31 15:53:33 +08:00 · 2021-04-30 21:24:53 +05:30
parent 020c9a959c
commit 28116c0c88
3 changed files with 60 additions and 0 deletions
--- a/network/java-rmi-detect.yaml
+++ b/network/java-rmi-detect.yaml
@@ -0,0 +1,19 @@
+id: java-rmi-detect
+
+info:
+  name: Detect Java RMI Protocol
+  author: F1tz
+  severity: info
+  tags: network,rmi
+
+network:
+  - inputs:
+    - data: "{{hex_decode('4a524d4900024b')}}"
+    read-size: 1024
+    host:
+      - "{{Hostname}}"
+    matchers:
+      - type: regex
+        part: raw
+        regex:
+          - "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"
--- a/network/weblogic-iiop-detect.yaml
+++ b/network/weblogic-iiop-detect.yaml
@@ -0,0 +1,22 @@
+id: weblogic-iiop-detect
+
+info:
+  name: Detect Weblogic IIOP Protocol
+  author: F1tz
+  severity: info
+  description: Check IIOP protocol status.
+  tags: network,weblogic
+
+network:
+  - inputs:
+    - data: "{{hex_decode('47494f50010200030000001700000002000000000000000b4e616d6553657276696365')}}"
+    read-size: 1024
+    host:
+      - "{{Hostname}}"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "GIOP"
+          - "weblogic"
+        condition: and
--- a/network/weblogic-t3-detect.yaml
+++ b/network/weblogic-t3-detect.yaml
@@ -0,0 +1,19 @@
+id: weblogic-t3-detect
+
+info:
+  name: Detect Weblogic T3 Protocol
+  author: F1tz
+  severity: info
+  description: Check T3 protocol status.
+  tags: network,weblogic
+
+network:
+  - inputs:
+    - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
+    read-size: 1024
+    host:
+      - "{{Hostname}}"
+    matchers:
+      - type: word
+        words:
+          - "HELO"