id: allow-unencrypted-ftp

info:
  name: Allow Unencrypted FTP
  author: princechaddha
  severity: high
  description: Verifies if the FTP server allows unencrypted connections, which can expose sensitive data.
  impact: |
    Allowing unencrypted FTP can expose credentials and data to attackers during transmission.
  remediation: |
    Configure FTP to require encrypted connections using SSL/TLS.
  tags: ftp,windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-WebConfiguration -Filter system.ftpServer/security/authentication/basicAuthentication -PSPath IIS:\ -ErrorAction SilentlyContinue

    matchers:
      - type: word
        words:
          - "Deny"
# digest: 4b0a00483046022100deef8a92ef7f7064105d145b4e138bfacf1e7a3e7fa2a078b157b8eb845e68f40221009c887387b48f5607ccf95488e7fc5206c394f9b34a82eda329da1ab4bf955029:922c64590222798bb761d5b6d8e72950