Merge pull request #9189 from projectdiscovery/mass-cpe-add

Add mass vendor and product details to exposed-panel templates

http/exposed-panels/3cx-phone-management-panel.yaml

@@ -14,6 +14,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: 3cx
+    product: 3cx
     max-request: 1
     shodan-query:
       - http.title:"3CX Phone System Management Console"

http/exposed-panels/3cx-phone-webclient-management-panel.yaml

@@ -14,6 +14,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: 3cx
+    product: 3cx
     max-request: 1
     shodan-query: http.title:"3CX Webclient"
     google-query: intitle:"3CX Webclient"

http/exposed-panels/acemanager-login.yaml

@@ -8,6 +8,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: sierrawireless
+    product: airlink_mobility_manager
     max-request: 1
     fofa-query: app="ACEmanager"
   tags: panel,login,tech,acemanager

http/exposed-panels/active-admin-exposure.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: activeadmin
+    product: activeadmin
     max-request: 1
   tags: panel,activeadmin
 

http/exposed-panels/activemq-panel.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: apache
+    product: activemq
     max-request: 1
   tags: panel,activemq,apache
 

http/exposed-panels/adiscon-loganalyzer.yaml

@@ -12,6 +12,8 @@ info:
     cvss-score: 7.5
     cwe-id: CWE-200
   metadata:
+    vendor: adiscon
+    product: loganalyzer
     max-request: 1
   tags: adiscon,loganalyzer,syslog,exposure,panel
 

http/exposed-panels/adminer-panel-detect.yaml

@@ -16,6 +16,8 @@ info:
   # Most versions have some kind of SSRF usability
   # Is generally handy if you find SQL creds
   metadata:
+    vendor: adminer
+    product: adminer
     max-request: 741
   tags: panel,bruteforce,adminer,login,sqli
 

http/exposed-panels/adminer-panel.yaml

@@ -10,11 +10,11 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: adminer
+    product: adminer
     verified: true
     max-request: 8
     shodan-query: title:"Login - Adminer"
-    vendor: adminer
-    product: adminer
   tags: panel,adminer
 
 http:

http/exposed-panels/adobe/adobe-component-login.yaml

@@ -10,10 +10,10 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
-    max-request: 2
-    shodan-query: http.component:"Adobe ColdFusion"
     vendor: adobe
     product: coldfusion
+    max-request: 2
+    shodan-query: http.component:"Adobe ColdFusion"
   tags: panel,adobe,coldfusion,edb
 
 http:

http/exposed-panels/adobe/adobe-connect-central-login.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: adobe
+    product: connect
     max-request: 1
   tags: adobe,panel,connect-central
 

http/exposed-panels/adobe/adobe-experience-manager-login.yaml

@@ -10,10 +10,10 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
-    max-request: 1
-    shodan-query: http.title:"AEM Sign In"
     vendor: adobe
     product: experience_manager
+    max-request: 1
+    shodan-query: http.title:"AEM Sign In"
   tags: panel,aem,adobe
 
 http:

http/exposed-panels/adobe/aem-crx-package-manager.yaml

@@ -12,12 +12,12 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: adobe
+    product: experience_manager
     max-request: 1
     shodan-query:
       - http.title:"AEM Sign In"
       - http.component:"Adobe Experience Manager"
-    vendor: adobe
-    product: experience_manager
   tags: panel,aem,adobe
 
 http:

http/exposed-panels/adobe/aem-sling-login.yaml

@@ -12,6 +12,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: adobe
+    product: experience_manager
     max-request: 1
     shodan-query:
       - http.title:"AEM Sign In"

http/exposed-panels/afterlogic-webmail-login.yaml

@@ -10,10 +10,10 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
-    max-request: 1
-    fofa-query: "X-Server: AfterlogicDAVServer"
     vendor: afterlogic
     product: aurora
+    max-request: 1
+    fofa-query: "X-Server: AfterlogicDAVServer"
   tags: panel,afterlogic,login,detect
 
 http:
@@ -34,4 +34,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b1c3b424b2f72a762bc87c254dfe89c3d372439f8f9b4896b54d044008496f36022100c844b9da8bcf6737aae1345e39ed7602b8494b2776b50fa7b665a4207ea1dab8:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b1c3b424b2f72a762bc87c254dfe89c3d372439f8f9b4896b54d044008496f36022100c844b9da8bcf6737aae1345e39ed7602b8494b2776b50fa7b665a4207ea1dab8:922c64590222798bb761d5b6d8e72950

http/exposed-panels/airflow-panel.yaml

@@ -12,10 +12,10 @@ info:
     cvss-score: 0
     cwe-id: CWE-668
   metadata:
-    max-request: 2
-    shodan-query: title:"Sign In - Airflow"
     vendor: apache
     product: airflow
+    max-request: 2
+    shodan-query: title:"Sign In - Airflow"
   tags: panel,apache,airflow,admin
 
 http:
@@ -37,4 +37,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206f56fabd8a511aab01e59d6f4e03aece3c9174e70d6e3a55b8af6dafc1840ce1022100f2eda887886fe841a50747509a0a60cda12bbf81dfa9e6f816c2d2d3504e4fe4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206f56fabd8a511aab01e59d6f4e03aece3c9174e70d6e3a55b8af6dafc1840ce1022100f2eda887886fe841a50747509a0a60cda12bbf81dfa9e6f816c2d2d3504e4fe4:922c64590222798bb761d5b6d8e72950

http/exposed-panels/akamai-cloudtest.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: akamai
+    product: cloudtest
     max-request: 1
   tags: panel,akamai
 

http/exposed-panels/alfresco-detect.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: alfresco
+    product: alfresco
     max-request: 1
   tags: alfresco,tech,panel
 

http/exposed-panels/allied-telesis-exposure.yaml

@@ -12,6 +12,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: allied_telesis
+    product: device_gui
     verified: true
     max-request: 1
     shodan-query: title:"Allied Telesis Device GUI"

http/exposed-panels/ambari-exposure.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-668
   metadata:
+    vendor: apache
+    product: ambari
     max-request: 1
   tags: panel,apache,ambari,exposure
 

http/exposed-panels/amcrest-login.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: amcrest
+    product: ip2m-853ew
     max-request: 1
     shodan-query: html:"amcrest"
     google-query: intext:"amcrest" "LDAP User"

http/exposed-panels/ametys-admin-login.yaml

@@ -8,6 +8,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: ametys
+    product: ametys
     max-request: 1
   tags: panel,ametys,cms
 

http/exposed-panels/amp-application-panel.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: cubecoders
+    product: amp
     verified: true
     max-request: 1
     shodan-query: title:"AMP - Application Management Panel"

http/exposed-panels/ampache-panel.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: ampache
+    product: ampache
     verified: true
     max-request: 3
     shodan-query: http.title:"For the Love of Music"

http/exposed-panels/ansible-tower-exposure.yaml

@@ -13,6 +13,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: redhat
+    product: ansible_tower
     max-request: 1
     shodan-query: title:"Ansible Tower"
     google-query: intitle:"Ansible Tower"

http/exposed-panels/apache-jmeter-dashboard.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: apache
+    product: jmeter
     verified: true
     max-request: 1
     shodan-query: title:"Apache JMeter Dashboard"

http/exposed-panels/apache/apache-apisix-panel.yaml

@@ -8,10 +8,10 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
-    max-request: 1
-    fofa-query: title="Apache APISIX Dashboard"
     vendor: apache
     product: apisix
+    max-request: 1
+    fofa-query: title="Apache APISIX Dashboard"
   tags: apache,apisix,panel
 
 http:

http/exposed-panels/apache/apache-mesos-panel.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: apache
+    product: mesos
     verified: true
     max-request: 2
     shodan-query: http.title:"Mesos"

http/exposed-panels/apache/public-tomcat-manager.yaml

@@ -10,10 +10,10 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
-    max-request: 2
-    shodan-query: title:"Apache Tomcat"
     vendor: apache
     product: tomcat
+    max-request: 2
+    shodan-query: title:"Apache Tomcat"
   tags: panel,tomcat,apache
 
 http:

http/exposed-panels/appsmith-web-login.yaml

@@ -12,6 +12,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: appsmith
+    product: appsmith
     verified: true
     max-request: 1
     shodan-query: http.title:"appsmith"

http/exposed-panels/appspace-panel.yaml

@@ -8,11 +8,11 @@ info:
   reference:
     - https://www.appspace.com/
   metadata:
+    vendor: appspace
+    product: appspace
     verified: true
     max-request: 3
     shodan-query: title:"Appspace"
-    vendor: appspace
-    product: appspace
   tags: appspace,panel,detect
 
 http:
@@ -42,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008311baf4abb105c03c72d51c3d9ee8c3c4f14caf092813b40c1642ea4fe11ff402203069a8cbf109f5eef31bda8595d1af9230aff713b35081e928fc4cd935d3009e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221008311baf4abb105c03c72d51c3d9ee8c3c4f14caf092813b40c1642ea4fe11ff402203069a8cbf109f5eef31bda8595d1af9230aff713b35081e928fc4cd935d3009e:922c64590222798bb761d5b6d8e72950

http/exposed-panels/appsuite-panel.yaml

@@ -5,11 +5,11 @@ info:
   author: DhiyaneshDK
   severity: info
   metadata:
+    vendor: open-xchange
+    product: open-xchange_appsuite
     verified: true
     max-request: 1
     shodan-query: html:"Appsuite"
-    vendor: open-xchange
-    product: open-xchange_appsuite
   tags: panel,appsuite,detect
 
 http:

http/exposed-panels/appwrite-panel.yaml

@@ -10,6 +10,8 @@ info:
     cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    vendor: appwrite
+    product: appwrite
     verified: true
     max-request: 2
     shodan-query: http.favicon.hash:-633108100

http/exposed-panels/arangodb-web-Interface.yaml

@@ -9,6 +9,8 @@ info:
   reference:
     - https://www.arangodb.com/docs/stable/
   metadata:
+    vendor: arangodb
+    product: arangodb
     verified: "true"
     max-request: 1
     shodan-query: http.title:"ArangoDB Web Interface"

http/exposed-panels/arcgis/arcgis-panel.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: esri
+    product: arcgis_enterprise
     max-request: 1
   tags: docs,arcgis,cms,panel
 

http/exposed-panels/arcgis/arcgis-rest-api.yaml

@@ -10,6 +10,8 @@ info:
   classification:
     cwe-id: CWE-200
   metadata:
+    vendor: esri
+    product: arcgis_engine
     max-request: 1
   tags: api,arcgis,cms,panel
 

http/exposed-panels/arcgis/arcgis-services.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://enterprise.arcgis.com/en/
   metadata:
+    vendor: esri
+    product: arcgis_server
     verified: true
     max-request: 1
     shodan-query: title:"ArcGIS"

http/exposed-panels/arcgis/arcgis-tokens.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://enterprise.arcgis.com/en/
   metadata:
+    vendor: esri
+    product: arcgis_server
     verified: true
     max-request: 1
     shodan-query: title:"ArcGIS"