From 7b96187e662917dc71ac4f01d0b6e34064c9f909 Mon Sep 17 00:00:00 2001 From: Randsec Date: Wed, 19 Jul 2023 13:39:49 +0200 Subject: [PATCH 1/3] added NetScaler and citrixADC hash icon detection --- .../Netscaler_CitrixADC_hash_icon_detection.bcheck | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 other/Netscaler_CitrixADC_hash_icon_detection.bcheck diff --git a/other/Netscaler_CitrixADC_hash_icon_detection.bcheck b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck new file mode 100644 index 0000000..804d937 --- /dev/null +++ b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck @@ -0,0 +1,14 @@ +metadata: + language: v1-beta + name: "Netscaler/CitrixADC Icon Hash" + description: "Detects the hash of Netscaler and Citrix ADC" + tags: "passive" + author: "Randsec" + +given response then + if "/vpn/images/AccessGateway.ico" in {latest.response.body} or "receiver/images/common/icon_vpn.ico" in {latest.response.body} then + report issue: + severity: info + confidence: firm + detail: "Possible Netscaler / Citrix ADC detected" + end if From 5b9818603a7642af4a5b219ef26e0d33a7cf5645 Mon Sep 17 00:00:00 2001 From: "F.Romero" Date: Thu, 20 Jul 2023 10:49:50 +0200 Subject: [PATCH 2/3] Update Netscaler_CitrixADC_hash_icon_detection.bcheck fixed indentation --- ...caler_CitrixADC_hash_icon_detection.bcheck | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/other/Netscaler_CitrixADC_hash_icon_detection.bcheck b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck index 804d937..0c11b86 100644 --- a/other/Netscaler_CitrixADC_hash_icon_detection.bcheck +++ b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck @@ -1,14 +1,14 @@ -metadata: - language: v1-beta - name: "Netscaler/CitrixADC Icon Hash" - description: "Detects the hash of Netscaler and Citrix ADC" +metadata: + language: v1-beta + name: "Netscaler/CitrixADC Icon Hash" + description: "Detects the hash of Netscaler and Citrix ADC" tags: "passive" - author: "Randsec" + author: "Randsec" given response then - if "/vpn/images/AccessGateway.ico" in {latest.response.body} or "receiver/images/common/icon_vpn.ico" in {latest.response.body} then - report issue: - severity: info - confidence: firm - detail: "Possible Netscaler / Citrix ADC detected" - end if + if "/vpn/images/AccessGateway.ico" in {latest.response.body} or "receiver/images/common/icon_vpn.ico" in {latest.response.body} then + report issue: + severity: info + confidence: firm + detail: "Possible Netscaler / Citrix ADC detected" + end if From 47b56e0c5fd1ab0b0b19f215c8a4295357a59eae Mon Sep 17 00:00:00 2001 From: "F.Romero" Date: Thu, 20 Jul 2023 10:52:25 +0200 Subject: [PATCH 3/3] Update Netscaler_CitrixADC_hash_icon_detection.bcheck fixed indentation again --- other/Netscaler_CitrixADC_hash_icon_detection.bcheck | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/other/Netscaler_CitrixADC_hash_icon_detection.bcheck b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck index 0c11b86..7fcfe7c 100644 --- a/other/Netscaler_CitrixADC_hash_icon_detection.bcheck +++ b/other/Netscaler_CitrixADC_hash_icon_detection.bcheck @@ -3,7 +3,7 @@ metadata: name: "Netscaler/CitrixADC Icon Hash" description: "Detects the hash of Netscaler and Citrix ADC" tags: "passive" - author: "Randsec" + author: "Randsec" given response then if "/vpn/images/AccessGateway.ico" in {latest.response.body} or "receiver/images/common/icon_vpn.ico" in {latest.response.body} then