Merge branch 'master' into securestep9-patch-v0.3.3-1

securestep9 · web-flow · commit d7db43eca077 · 2024-01-20T02:06:01.000Z
diff --git a/modules/scan/citrix_lastpatcheddate.yaml b/modules/scan/citrix_lastpatcheddate.yaml
@@ -0,0 +1,45 @@
+info:
+  name:  citrix_lastpatcheeddate_scan
+  author: OWASP Nettacker Team
+  severity: 3
+  description: Citrix Netscaler Gateway Last Patched Date Scan
+  reference:
+  profiles:
+    - scan
+    - http
+    - citrix
+    - low_severity
+
+payloads:
+  - library: http
+    steps:
+      - method: head
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/epa/scripts/win/nsepa_setup.exe"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: and
+          log: "response_dependent['headers']['Last-Modified']"
+          conditions:
+            status_code:
+              regex: "200"
+              reverse: false
+            headers:
+              Last-Modified:
+                regex: .*  
+                reverse: false
diff --git a/modules/scan/http_html_title.yaml b/modules/scan/http_html_title.yaml
@@ -0,0 +1,43 @@
+info:
+  name: http_html_title_scan
+  author: OWASP Nettacker Team
+  severity: 3
+  description: HTTP HTML Title scan - extracts the TITLE tag which can help identify the application running on the server
+  reference:
+  profiles:
+    - scan
+    - http
+    - low_severity
+
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: true
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: or
+          log: "response_dependent['status_code'] response_dependent['content']"
+          conditions:
+            status_code:
+                regex: \d\d\d
+                reverse: false
+            content:
+                regex: <title>(.+?)</title> 
+                reverse: false
diff --git a/requirements.txt b/requirements.txt
@@ -8,7 +8,7 @@ paramiko==3.4.0
 texttable==1.6.7
 PySocks==1.7.1 # library_name=socks # module name is not equal to socks name; this is required to be checked on startup
 pyOpenSSL==23.2.0 # library_name=OpenSSL
-flask==3.0.0
+flask==3.0.1
 SQLAlchemy>=1.4.43 # library_name=sqlalchemy
 py3DNS==4.0.0 # library_name=DNS
 numpy==1.26.2
