Skip to content
Nuclei Templates

Fortinet Heuristic Scanning not Configured - Detect

ID: heuristic-scan

Severity: info

Author: pussycat0x

Tags: audit,config,file,firewall,fortigate

Description

Section titled “Description”

Fortinet heuristic scanning configuration is advised to thwart attacks. Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message is forwarded to the recipient, and blocked files are quarantined if quarantine is enabled.

YAML Source

Section titled “YAML Source”
id: heuristic-scan


info:
  name: Fortinet Heuristic Scanning not Configured - Detect
  author: pussycat0x
  severity: info
  description: |
    Fortinet heuristic scanning configuration is advised to thwart attacks. Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message is forwarded to the recipient, and blocked files are quarantined if quarantine is enabled.
  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate


file:
  - extensions:
      - conf


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "config antivirus heuristic"
          - "set mode block"
        negative: true


      - type: word
        words:
          - "config system"
          - "config router"
          - "config firewall"
        condition: or
# digest: 490a0046304402205e4eb1e57411eef493ccd6ba82116c104ff3ada2e26000069b9be27e7087a81d02203808434de2a2c689970b97b07ba03946632b7af3039d73208046c5a018e5e739:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "file/audit/fortigate/heuristic-scan.yaml"

View on Github