From c1decfc4905b4b18532addddcbb85929113fdd27 Mon Sep 17 00:00:00 2001
From: Dominique RIGHETTO <righettod@users.noreply.github.com>
Date: Fri, 23 Aug 2024 20:33:05 +0200
Subject: [PATCH] Add files via upload

---
 .../exposed-panels/hashicorp-vault-panel.yaml | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 http/exposed-panels/hashicorp-vault-panel.yaml

diff --git a/http/exposed-panels/hashicorp-vault-panel.yaml b/http/exposed-panels/hashicorp-vault-panel.yaml
new file mode 100644
index 00000000000..caa77161400
--- /dev/null
+++ b/http/exposed-panels/hashicorp-vault-panel.yaml
@@ -0,0 +1,34 @@
+id: hashicorp-vault-panel
+
+info:
+  name: HashiCorp Vault - Detect
+  author: righettod
+  severity: info
+  description: HashiCorp Vault panel was detected.
+  reference:
+    - https://developer.hashicorp.com/vault
+  metadata:
+    verified: true
+    shodan-query: http.html:"vault/config/environment"
+  tags: panel,hashicorp,detect,login
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/v1/sys/health"
+      - "{{BaseURL}}/ui/vault/auth"
+
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200 || status_code == 429'
+          - 'contains_any(to_lower(body), "vault-cluster", "vault/config/environment")'
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '(?i)"version":\s*"([0-9.]+)"'
\ No newline at end of file