admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-07 11:13:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
23c94de2edd4515d44a32996c8557c91be4ca63f
nuclei-templates/code/windows/audit/kisa/ftp-access-control-check.yaml
ghost b2039aeba4 chore: sign templates 🤖
2025-07-10 10:32:02 +00:00

54 lines
2.1 KiB
YAML
Raw Blame History

id: ftp-access-control-check
info:
name: FTP Access Control Check
author: nukunga[SungHyunJeon]
severity: medium
description: |
Ensure FTP access is restricted by configuring IP address filters. Without these restrictions, unauthorized networks could potentially access FTP services.
impact: |
Lack of proper IP-based access control allows FTP services to be accessed by unauthorized networks, heightening the risk of data breaches and other security threats.
remediation: |
Set up IP address restrictions using IIS Manager:
- Open IIS Manager.
- Go to the FTP site → FTP IP Address and Domain Restrictions.
- Add the allowed IP addresses and configure suitable deny rules.
reference:
- https://isms.kisa.or.kr/main/csap/notice/?boardId=bbs_0000000000000004&mode=view&cntId=85
tags: ftp,iis,security,windows,code,windows-audit,kisa
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Import-Module WebAdministration -ErrorAction SilentlyContinue
$ftpSites = Get-ChildItem IIS:\Sites | Where-Object { $_.Bindings.Collection.Protocol -eq "ftp" }
$vulnerable = $false
foreach ($site in $ftpSites) {
$ipSecurity = Get-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$($site.Name)" -filter "system.ftpServer/security/ipSecurity" -name "allowUnlisted" -ErrorAction SilentlyContinue
# If allowUnlisted is true, FTP access is open to unlisted IPs (i.e., no proper IP restriction is applied)
if ($ipSecurity -eq $true) {
$vulnerable = $true
break
}
}
if ($vulnerable) {
"FTP_IP_ACCESS_CONTROL_NOT_CONFIGURED"
} else {
"FTP_IP_ACCESS_CONTROL_CONFIGURED"
}
matchers:
- type: word
words:
- "FTP_IP_ACCESS_CONTROL_NOT_CONFIGURED"
# digest: 4a0a00473045022030582b216f012703bf8b3f624b5598a65b9b606276db85587b50c76d7bb649dd022100e2745e62838e7c1fe2fc03a3dc6a49bbb82af10d7bf262198b6ae175f7f4308d:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink