From a4e8465bb501a9e879565e9372edb7f2c9bdbbad Mon Sep 17 00:00:00 2001 From: pUrGe12 Date: Fri, 6 Jun 2025 14:04:01 +0530 Subject: [PATCH 1/2] added regex for elastic search --- nettacker/modules/scan/port.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nettacker/modules/scan/port.yaml b/nettacker/modules/scan/port.yaml index 8e7563bfd..a9dfc06de 100644 --- a/nettacker/modules/scan/port.yaml +++ b/nettacker/modules/scan/port.yaml @@ -1042,6 +1042,10 @@ payloads: regex: "HTTPStatus.BAD_REQUEST|HTTP\\/[\\d.]+\\s+[\\d]+|Server: |Content-Length: \\d+|Content-Type: |Access-Control-Request-Headers: |Forwarded: |Proxy-Authorization: |User-Agent: |X-Forwarded-Host: |Content-MD5: |Access-Control-Request-Method: |Accept-Language: " reverse: false + elasticsearch: + regex: "X-elastic-product:\\s*Elasticsearch|\"reason\":\"text is empty \\(possibly HTTP/\\d+\\.\\d+\\)\"" + reverse: false + imap: regex: "Internet Mail Server|IMAP4 service|BYE Hi This is the IMAP SSL Redirect|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE AUTH\\=PLAIN AUTH\\=LOGIN AUTH\\=DIGEST\\-MD5 AUTH\\=CRAM-MD5|CAPABILITY completed|OK IMAPrev1|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE NAMESPACE AUTH\\=PLAIN AUTH\\=LOGIN|BAD Error in IMAP command received by server|IMAP4rev1 SASL-IR|OK \\[CAPABILITY IMAP4rev1|\\* OK.*IMAP.*Ready" reverse: false From aa3ffd1591fe7f56c4f6bad319acc36630337c92 Mon Sep 17 00:00:00 2001 From: pUrGe12 Date: Mon, 9 Jun 2025 11:06:12 +0530 Subject: [PATCH 2/2] updated --- nettacker/modules/scan/port.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nettacker/modules/scan/port.yaml b/nettacker/modules/scan/port.yaml index a9dfc06de..0ad77cb6c 100644 --- a/nettacker/modules/scan/port.yaml +++ b/nettacker/modules/scan/port.yaml @@ -1033,6 +1033,10 @@ payloads: regex: \d{{1,5}} reverse: false + elasticsearch: + regex: "X-elastic-product:\\s*Elasticsearch|\"reason\":\"text is empty \\(possibly HTTP/\\d+\\.\\d+\\)\"" + reverse: false + ftp: &ftp regex: "220-You are user number|530 USER and PASS required|Invalid command: try being more creative|220 \\S+ FTP (Service|service|Server|server).*?(530 Please login with USER and PASS\\.\\s*)+|220 FTP Server ready|Directory status|Service closing control connection|Requested file action|Connection closed; transfer aborted|Directory not empty|220 Welcome to the ftp service\\r\\n" reverse: false @@ -1042,10 +1046,6 @@ payloads: regex: "HTTPStatus.BAD_REQUEST|HTTP\\/[\\d.]+\\s+[\\d]+|Server: |Content-Length: \\d+|Content-Type: |Access-Control-Request-Headers: |Forwarded: |Proxy-Authorization: |User-Agent: |X-Forwarded-Host: |Content-MD5: |Access-Control-Request-Method: |Accept-Language: " reverse: false - elasticsearch: - regex: "X-elastic-product:\\s*Elasticsearch|\"reason\":\"text is empty \\(possibly HTTP/\\d+\\.\\d+\\)\"" - reverse: false - imap: regex: "Internet Mail Server|IMAP4 service|BYE Hi This is the IMAP SSL Redirect|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE AUTH\\=PLAIN AUTH\\=LOGIN AUTH\\=DIGEST\\-MD5 AUTH\\=CRAM-MD5|CAPABILITY completed|OK IMAPrev1|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE NAMESPACE AUTH\\=PLAIN AUTH\\=LOGIN|BAD Error in IMAP command received by server|IMAP4rev1 SASL-IR|OK \\[CAPABILITY IMAP4rev1|\\* OK.*IMAP.*Ready" reverse: false