diff --git a/docs/Modules.md b/docs/Modules.md index d382e21b..09cbab28 100644 --- a/docs/Modules.md +++ b/docs/Modules.md @@ -12,6 +12,7 @@ OWASP Nettacker Modules can be of type **Scan** (scan for something), **Vuln** ( * '**citrix_lastpatcheddate_scan**' Scan the target and try to detect Citrix Netscaler Gateway and it's last patched date * '**cms_detection_scan**' - Scan the target and try to detect the CMS (Wordpress, Drupal or Joomla) using response fingerprinting * '**confluence_version_scan**' - Scan the target and identify the Confluence version +* '**cups_version_scan**' - Scan the target and identify the CUPS version (on port 631) * '**dir_scan**' - Scan the target for well-known directories * '**drupal_modules_scan**' - Scan the target for popular Drupal modules * '**drupal_theme_scan**' - Scan the target for popular Drupal themes diff --git a/nettacker/modules/scan/cups_version.yaml b/nettacker/modules/scan/cups_version.yaml new file mode 100644 index 00000000..1441c31b --- /dev/null +++ b/nettacker/modules/scan/cups_version.yaml @@ -0,0 +1,44 @@ +info: + name: cups_version_scan + author: OWASP Nettacker Team + severity: 3 + description: fetch CUPS version from target to help identify CVE-2024-47176 + reference: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html + profiles: + - scan + - http + - backup + - low_severity + - drupal + +payloads: + - library: http + steps: + - method: get + timeout: 3 + headers: + User-Agent: "{user_agent}" + allow_redirects: false + ssl: false + url: + nettacker_fuzzer: + input_format: "{{schema}}://{target}:{{ports}}/" + prefix: "" + suffix: "" + interceptors: + data: + schema: + - "http" + ports: + - 631 + response: + condition_type: and + conditions: + status_code: + regex: \d\d\d + reverse: false + headers: + Server: + regex: (CUPS\/[0-9]+\.[0-9]+) + reverse: false + log: "response_dependent['headers']['Server']"