Merge branch 'master' into dependabot/github_actions/actions/checkout-4.1.1

Signed-off-by: Sam Stepanyan <[email protected]>

Author: securestep9

core/load_modules.py

@@ -236,7 +236,7 @@ def load_all_modules(limit=-1, full_details=False):
     """
     # Search for Modules
     from config import nettacker_paths
-    from core.utility import sort_dictonary
+    from core.utility import sort_dictionary
     if full_details:
         import yaml
     module_names = {}
@@ -260,7 +260,7 @@ def load_all_modules(limit=-1, full_details=False):
         if len(module_names) == limit:
             module_names['...'] = {}
             break
-    module_names = sort_dictonary(module_names)
+    module_names = sort_dictionary(module_names)
     module_names['all'] = {}
 
     return module_names
@@ -273,7 +273,7 @@ def load_all_profiles(limit=-1):
     Returns:
         an array of all profile names
     """
-    from core.utility import sort_dictonary
+    from core.utility import sort_dictionary
     all_modules_with_details = load_all_modules(limit=limit, full_details=True)
     profiles = {}
     if '...' in all_modules_with_details:
@@ -287,11 +287,11 @@ def load_all_profiles(limit=-1):
             else:
                 profiles[tag].append(key)
             if len(profiles) == limit:
-                profiles = sort_dictonary(profiles)
+                profiles = sort_dictionary(profiles)
                 profiles['...'] = []
                 profiles['all'] = []
                 return profiles
-    profiles = sort_dictonary(profiles)
+    profiles = sort_dictionary(profiles)
     profiles['all'] = []
     return profiles
 

core/utility.py

@@ -563,7 +563,7 @@ def expand_step(step):
         return [step]
 
 
-def sort_dictonary(dictionary):
+def sort_dictionary(dictionary):
     etc_flag = '...' in dictionary
     if etc_flag:
         del dictionary['...']

modules/scan/confluence_version.yaml

@@ -0,0 +1,43 @@
+info:
+  name: confluence_version_scan
+  author: Jimmy Ly
+  severity: 3
+  description: Fetch Confluence version from target
+  reference:
+  profiles:
+    - scan
+    - http
+    - backup
+    - low_severity
+    - confluence
+    - atlassian
+
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/dashboard.action"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: or
+          conditions:
+            content:
+              regex: <span id=\'footer-build-information\'>(.+?)</span>
+              reverse: false 
+          log: "response_dependent['content']"

modules/vuln/citrix_cve_2023_4966.yaml

@@ -0,0 +1,52 @@
+info:
+  name: confluence_cve_2023_22515_vuln
+  author: Jimmy Ly
+  severity: 10
+  description: Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
+  reference: 
+    - https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
+    - https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515/rapid7-analysis
+    - https://confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html
+    - https://jira.atlassian.com/browse/CONFSERVER-92475
+    - https://www.cisa.gov/news-events/alerts/2023/10/05/cisa-adds-three-known-exploited-vulnerabilities-catalog
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-22515
+  profiles:
+    - vuln
+    - vulnerability
+    - http
+    - critical_severity
+    - cve
+    - confluence
+    - atlassian
+
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{{user_agent}}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/dashboard.action"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: and
+          conditions:
+            status_code:
+              regex: '200'
+              reverse: false
+            content:
+              regex: <span id=\'footer-build-information\'>8\.(0\.[0-4]|1\.[0-4]|2\.[0-3]|3\.[0-2]|4\.[0-2]|5\.[0-1])</span>
+              reverse: false 

modules/vuln/confluence_cve_2023_22515.yaml

@@ -15,8 +15,8 @@ class UtilityTesting(unittest.TestCase):
     This is the class that tests the utility module functions.
     """
 
-    def test_sort_dictonary(self):
-        """Tests if the function sorts the input dictionary."""   
+    def test_sort_dictionary(self):
+        """Tests if the function sorts the input dictionary."""
         input_dict = {
             'a': 1,
             'c': 3,
@@ -29,7 +29,7 @@ def test_sort_dictonary(self):
             'c': 3,
             'd': 23,
         }
-        self.assertDictEqual(utility.sort_dictonary(input_dict), sorted_dict)
+        self.assertDictEqual(utility.sort_dictionary(input_dict), sorted_dict)
 
     def test_select_maximum_cpu_core(self):
         """Tests if it selects the proper amount of cpu's"""