From 80577f4a0468b656a91be0dec85ad8766e8e9447 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Egemen=20Ko=C3=A7hisarl=C4=B1?=
<105934393+EgemenKochisarli@users.noreply.github.com>
Date: Thu, 9 May 2024 12:47:17 +0300
Subject: [PATCH 1/3] Create f5-next-central-manager.yaml
Adds template for detect BIG-IP Next Central Manager Login panels
---
.../f5-next-central-manager.yaml | 38 +++++++++++++++++++
1 file changed, 38 insertions(+)
create mode 100644 http/exposed-panels/f5-next-central-manager.yaml
diff --git a/http/exposed-panels/f5-next-central-manager.yaml b/http/exposed-panels/f5-next-central-manager.yaml
new file mode 100644
index 00000000000..9dd2622c7b5
--- /dev/null
+++ b/http/exposed-panels/f5-next-central-manager.yaml
@@ -0,0 +1,38 @@
+id: f5-next-central-manager
+
+info:
+ name: F5 Next Central Manager Login Panel - Detect
+ author: EgemenKochisarli
+ severity: info
+ description: F5 Next Central Manager login panel was detected.
+ reference:
+ - https://clouddocs.f5.com/bigip-next/latest/use_cm/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cwe-id: CWE-200
+ cpe: cpe:2.3:h:f5:big-ip:*:*:*:*:*:*:*:*
+ metadata:
+ max-request: 1
+ product: bigip
+ vendor: big-ip_next_central_manager
+ tags: panel,fortinet
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}/gui/login"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "BIG-IP Next | Central Manager"
+
+ - type: word
+ part: header
+ words:
+ - "text/html"
+
+ - type: status
+ status:
+ - 200
From e1d5472d5aefdfcf2b4fd8e61a3a7906bb9144e7 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran
Date: Thu, 9 May 2024 16:47:00 +0530
Subject: [PATCH 2/3] minor update
---
.../{ => fortinet}/f5-next-central-manager.yaml | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
rename http/exposed-panels/{ => fortinet}/f5-next-central-manager.yaml (82%)
diff --git a/http/exposed-panels/f5-next-central-manager.yaml b/http/exposed-panels/fortinet/f5-next-central-manager.yaml
similarity index 82%
rename from http/exposed-panels/f5-next-central-manager.yaml
rename to http/exposed-panels/fortinet/f5-next-central-manager.yaml
index 9dd2622c7b5..20b89da3fe1 100644
--- a/http/exposed-panels/f5-next-central-manager.yaml
+++ b/http/exposed-panels/fortinet/f5-next-central-manager.yaml
@@ -4,7 +4,8 @@ info:
name: F5 Next Central Manager Login Panel - Detect
author: EgemenKochisarli
severity: info
- description: F5 Next Central Manager login panel was detected.
+ description: |
+ F5 Next Central Manager login panel was detected.
reference:
- https://clouddocs.f5.com/bigip-next/latest/use_cm/
classification:
@@ -12,10 +13,11 @@ info:
cwe-id: CWE-200
cpe: cpe:2.3:h:f5:big-ip:*:*:*:*:*:*:*:*
metadata:
+ verified: true
max-request: 1
- product: bigip
- vendor: big-ip_next_central_manager
- tags: panel,fortinet
+ vendor: f5
+ product: big-ip
+ tags: panel,fortinet,login
http:
- method: GET
From d81058bda39707c23ee1306ad39511e7298b5f49 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 15 May 2024 13:34:24 +0530
Subject: [PATCH 3/3] extra matcher removed
---
.../exposed-panels/fortinet/f5-next-central-manager.yaml | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/http/exposed-panels/fortinet/f5-next-central-manager.yaml b/http/exposed-panels/fortinet/f5-next-central-manager.yaml
index 20b89da3fe1..02873fe6adc 100644
--- a/http/exposed-panels/fortinet/f5-next-central-manager.yaml
+++ b/http/exposed-panels/fortinet/f5-next-central-manager.yaml
@@ -1,7 +1,7 @@
id: f5-next-central-manager
info:
- name: F5 Next Central Manager Login Panel - Detect
+ name: F5 Next Central Manager Panel - Detect
author: EgemenKochisarli
severity: info
description: |
@@ -28,12 +28,7 @@ http:
matchers:
- type: word
words:
- - "BIG-IP Next | Central Manager"
-
- - type: word
- part: header
- words:
- - "text/html"
+ - "BIG-IP Next | Central Manager"
- type: status
status: