增加Apache-storm、HiveServer、docker-registry、kibana未授权访问识别

alsjz · Sep 6, 2023 · 74fd72f · 74fd72f
1 parent 6b3a1cb
commit 74fd72f
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 2 deletions.
diff --git a/Protocol/web_RuleDatas.go b/Protocol/web_RuleDatas.go
@@ -15,8 +15,11 @@ var RuleDatas = []RuleData{
 	{"Jetty", "body", "(Powered by Jetty)"},
 	{"华夏ERP", "body", "(jshERP-boo)"},
 	{"Lightdash", "body", "(Lightdash)"},
+	{"Apache-storm", "body", "(Storm UI)"},
+	{"HiveServer", "body", "(HiveServer)"},
 	{"D-Link-Route", "server", "HTTPD_ac 1.0"},
-	{"Kibana", "body", "(kibanaLegacy)"},
+	{"Kibana", "body", "(kibanaLegacy|.kbnLoader)"},
+	{"docker-registry", "body", "(docker-registry-frontend)"},
 	{"ThinkPHP", "body", "(ApiAdmin开发维护团队|ThinkPHP)"},
 	{"亿邮电子邮件系统", "body", "(亿邮电子邮件系统)"},
 	{"用友NC", "body", "(url=nccloud|YONYOU NC)"},

diff --git a/README.md b/README.md
@@ -45,6 +45,10 @@
 | 27 |      Everything       |  √   | 仅验证未授权访问 |
 | 28 |       D-Link路由器       |  √   | 仅验证默认账户  |
 | 29 |         Nacos         |  √   | 仅验证默认账户  |
+| 30 |      HiveServer       |  √   | 仅验证未授权访问 |
+| 31 |        Kibana         |  √   | 仅验证未授权访问 |
+| 32 |    docker registry    |  √   | 仅验证未授权访问 |
+| 33 |     Apache storm      |  √   | 仅验证未授权访问 |
 
 
 ## 端口扫描现阶段支持功能

diff --git a/poc/run.go b/poc/run.go
@@ -56,7 +56,7 @@ func CheckPoc(url, app string) {
 
 	// 这是未授权的漏洞
 	authPocs := map[string]Flagcve{
-		"ElasticSearch[未授权访问]": {url, "elasticsearch未授权访问", "可通过/_cat/indices?v获取所有索引信息"},
+		"elasticsearch[未授权访问]": {url, "elasticsearch未授权访问", "可通过/_cat/indices?v获取所有索引信息"},
 		"couchdb":              {url, "CouchDB未授权访问", "可通过/_all_dbs获取所有数据库"},
 		"hadoop":               {url, "Hadoop-Administration未授权访问", ""},
 		"apache-spark":         {url, "Apache-Spark未授权访问", ""},

diff --git a/poc/yaml-poc/poc-yaml-Apache-storm-unauth.yaml b/poc/yaml-poc/poc-yaml-Apache-storm-unauth.yaml
@@ -0,0 +1,10 @@
+name: poc-yaml-Apache-storm-unauth
+description: "Apache-storm未授权访问"
+method: GET
+path:
+  - /index.html
+expression:
+  status: 200
+  body_all:
+    - "Storm UI"
+    - "Cluster Summary"
diff --git a/poc/yaml-poc/poc-yaml-HiveServer-unauth.yaml b/poc/yaml-poc/poc-yaml-HiveServer-unauth.yaml
@@ -0,0 +1,10 @@
+name: poc-yaml-HiveServer-unauth
+description: "HiveServer未授权访问"
+method: GET
+path:
+  - /
+expression:
+  status: 200
+  body_all:
+    - "HiveServer"
+    - "Active Sessions"
diff --git a/poc/yaml-poc/poc-yaml-docker-registry-unauth.yaml b/poc/yaml-poc/poc-yaml-docker-registry-unauth.yaml
@@ -0,0 +1,9 @@
+name: poc-yaml-docker-registry-unauth
+description: "docker-registry未授权访问"
+method: GET
+path:
+  - /home
+expression:
+  status: 200
+  body_all:
+    - "Report a bug"
diff --git a/poc/yaml-poc/poc-yaml-kibana-unatuh.yaml b/poc/yaml-poc/poc-yaml-kibana-unatuh.yaml
@@ -0,0 +1,10 @@
+name: poc-yaml-kibana-unauth
+description: "kibana未授权访问"
+method: GET
+path:
+  - /
+expression:
+  status: 200
+  body_all:
+    - "Inter UI"
+    - "add-scripts-here"