noah-tutt-praetorian
commented
3 days ago Can you link to the template itself?
Closed aashish-sec closed 3 days ago
noah-tutt-praetorian
commented
3 days ago Can you link to the template itself?
aashish-sec
commented
3 days ago Hey Noah, we haven't pushed the changes to the templates yet.
Currently, we maintain a Google sheet where we track the changes we plan to make to the case-pending templates. The data mentioned above was fetched from the sheet.
If it helps, I can share what the updated templates will look like.
noah-tutt-praetorian
commented
3 days ago yep, that'd be great
I'm fairly certain we handle this case already, but I want to see how it'll be formatted in the template rather than the format above to confirm
aashish-sec
commented
3 days ago WordPress - WooCommerce Legacy REST API:
id: wordpress-woocommerce-legacy-rest-api
info:
name: WooCommerce Legacy REST API Detection
author: ricardomaia
severity: info
reference:
- https://wordpress.org/plugins/woocommerce-legacy-rest-api/
metadata:
plugin_namespace: woocommerce-legacy-rest-api
wpscan: https://wpscan.com/plugin/woocommerce-legacy-rest-api
praetorian:
detection: true
attributes:
technology: WordPress - WooCommerce Legacy REST API
CPE: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
tags: tech,wordpress,wp-plugin,top-200,case-reviewed
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/woocommerce-legacy-rest-api/readme.txt'
payloads:
last_version: helpers/wordpress/plugins/woocommerce-legacy-rest-api.txt
extractors:
- type: regex
part: body
internal: true
name: internal_detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
- type: regex
part: body
name: detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
matchers-condition: or
matchers:
- type: dsl
name: outdated_version
dsl:
- compare_versions(internal_detected_version, concat("< ", last_version))
- type: regex
part: body
regex:
- (?i)Stable.tag:\s?([\w.]+)
WordPress - Classic Widgets:
id: wordpress-classic-widgets
info:
name: Classic Widgets Detection
author: ricardomaia
severity: info
reference:
- https://wordpress.org/plugins/classic-widgets/
metadata:
plugin_namespace: classic-widgets
wpscan: https://wpscan.com/plugin/classic-widgets
praetorian:
detection: true
attributes:
technology: WordPress - Classic Widgets
CPE: cpe:2.3:a:wpgrim:classic_editor_and_classic_widgets:*:*:*:*:*:wordpress:*:*
tags: tech,wordpress,wp-plugin,top-100,top-200,case-reviewed
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/classic-widgets/readme.txt'
payloads:
last_version: helpers/wordpress/plugins/classic-widgets.txt
extractors:
- type: regex
part: body
internal: true
name: internal_detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
- type: regex
part: body
name: detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
matchers-condition: or
matchers:
- type: dsl
name: outdated_version
dsl:
- compare_versions(internal_detected_version, concat("< ", last_version))
- type: regex
part: body
regex:
- (?i)Stable.tag:\s?([\w.]+)
WordPress - Cookie Notice Plugin:
id: wordpress-cookie-notice
info:
name: Cookie Notice & Compliance for GDPR / CCPA Detection
author: ricardomaia
severity: info
reference:
- https://wordpress.org/plugins/cookie-notice/
metadata:
plugin_namespace: cookie-notice
wpscan: https://wpscan.com/plugin/cookie-notice
praetorian:
detection: true
attributes:
technology: WordPress - Cookie Notice Plugin
CPE: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
tags: tech,wordpress,wp-plugin,top-100,top-200,case-reviewed
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt'
payloads:
last_version: helpers/wordpress/plugins/cookie-notice.txt
extractors:
- type: regex
part: body
internal: true
name: internal_detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
- type: regex
part: body
name: detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
matchers-condition: or
matchers:
- type: dsl
name: outdated_version
dsl:
- compare_versions(internal_detected_version, concat("< ", last_version))
- type: regex
part: body
regex:
- (?i)Stable.tag:\s?([\w.]+)WordPress - Taxonomy Terms Order Plugin:
id: wordpress-taxonomy-terms-order
info:
name: Category Order and Taxonomy Terms Order Detection
author: ricardomaia
severity: info
reference:
- https://wordpress.org/plugins/taxonomy-terms-order/
metadata:
plugin_namespace: taxonomy-terms-order
wpscan: https://wpscan.com/plugin/taxonomy-terms-order
praetorian:
detection: true
attributes:
technology: WordPress - Taxonomy Terms Order Plugin
CPE: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
tags: tech,wordpress,wp-plugin,top-200,case-reviewed
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/taxonomy-terms-order/readme.txt'
payloads:
last_version: helpers/wordpress/plugins/taxonomy-terms-order.txt
extractors:
- type: regex
part: body
internal: true
name: internal_detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
- type: regex
part: body
name: detected_version
group: 1
regex:
- (?i)Stable.tag:\s?([\w.]+)
matchers-condition: or
matchers:
- type: dsl
name: outdated_version
dsl:
- compare_versions(internal_detected_version, concat("< ", last_version))
- type: regex
part: body
regex:
- (?i)Stable.tag:\s?([\w.]+)
Yep, these will be deduplicated as you laid out
Hi team! MSP plans to push attributed templates soon, so we want to ensure we don't end up creating garbage values. I'm unaware if Chariot checks for duplicate values in attributes. If we don't, I'd like to request the team to ensure we have some mechanism in place to de-duplicate attributes. As an example, we have templates that will pop the following
technology,cpe_dataattributes:We'd like to have all four
technologyattributes be linked to the asset, but with regards to thecpe_data, we'd only like to have the unique attributes be tagged to the assets, i.e.cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*andcpe:2.3:a:wpgrim:classic_editor_and_classic_widgets:*:*:*:*:*:wordpress:*:*I believe we could use Maps for this.
Thanks a lot for all your support team!