id: bitvise-detect

info:
  name: SSH Bitvise Service - Detect
  author: abdullahisik
  severity: info
  description: |
    Bitvise SSH service was detected.
  reference:
    - https://www.bitvise.com/
    - https://vulners.com/openvas/OPENVAS:1361412562310813387
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:/a:bitvise:winsshd
  metadata:
    max-request: 1
    shodan-query: product:"bitvise"
  tags: network,ssh,bitvise,detect,detection,tcp
tcp:
  - host:
      - "{{Hostname}}"
    port: 22

    matchers:
      - type: regex
        regex:
          - '(?i)Bitvise'

    extractors:
      - type: regex
        regex:
          - "SSH([-0-9.]+) FlowSsh: Bitvise ([A-Z a-z()]+) ([0-9.]+)"
# digest: 490a0046304402202d1a65f1251330c1fa13aadab8a7f2adc03c10fe70edad64d9b9c4097eb7e49c02205913d229716d7af0a6e501d5c69c1f3140a56c7896bcab0d85c09ba5808e4194:922c64590222798bb761d5b6d8e72950