ivanti_csa_lastpatcheddate_scan module

2024-09-20 01:44:15 +01:00 · 2024-09-20 01:44:15 +01:00 · 0de0aa167b
parent 424b8b66d8
commit 0de0aa167b
2 changed files with 49 additions and 0 deletions
--- a/docs/Modules.md
+++ b/docs/Modules.md
@ -19,6 +19,7 @@ OWASP Nettacker Modules can be of type **Scan** (scan for something), **Vuln** (
 * '**icmp_scan**' - Ping the target and log the response time if it responds.
 * '**http_redirect_scan**' - Scan the target and test if it returns an HTTP redirect 3xx response code and print the destination
 * '**http_status_scan**' - Scan the target and return the HTTP status code
+* '**ivanti_csa_lastpatcheddate_scan**' - Scan the target for Ivanti CSA appliance and return its last patched date
 * '**joomla_template_scan**' - Scan the target for Joomla templates (identify Joomla sites)
 * '**joomla_user_enum_scan**' - Scan the target and enumerate Joomla users
 * '**joomla_version_scan**' - Scan the target and identify the Joomla version
--- a/nettacker/modules/scan/ivanti_csa_lastpatcheddate.yaml
+++ b/nettacker/modules/scan/ivanti_csa_lastpatcheddate.yaml
@ -0,0 +1,48 @@
+info:
+  name: ivanti_csa_lastpatcheddate_scan
+  author: OWASP Nettacker Team
+  severity: 3
+  description: Ivanti CSA Last Patched Date Scan
+  reference: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-another-critical-csa-flaw-exploited-in-attacks/
+  profiles:
+    - scan
+    - http
+    - ivanti
+    - low_severity
+
+payloads:
+  - library: http
+    steps:
+      - method: head
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/allowed/ivanti-logo.png"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: and
+          log: "response_dependent['headers']['Last-Modified']"
+          conditions:
+            status_code:
+              regex: "200"
+              reverse: false
+            headers:
+              Last-Modified:
+                regex: .*  
+                reverse: false
+              Content-Type: 
+                regex: ^image\/png$
+                reverse: false