Viper C2 - Detect

ID: viper-c2

Severity: info

Author: pussycat0x

Tags: tech,viper,c2,malware,ir,panel

Description

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration.

YAML Source

id: viper-c2

info:
  name: Viper C2 - Detect
  author: pussycat0x
  severity: info
  description: |
    Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration.
  reference:
    - https://twitter.com/MichalKoczwara/status/1635724410274414596
  metadata:
    verified: "true"
    max-request: 1
    shodan-query: http.html_hash:1015055567
    censys-query: 057f3b5488605b4d224d038e340866e2cdfed4a3
  tags: tech,viper,c2,malware,ir,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 404"
          - "(\"057f3b5488605b4d224d038e340866e2cdfed4a3\" == sha1(body))"
        condition: and
# digest: 490a0046304402206349565ad177b06e507d9f4745a8accd34dbc994e74858f21e10da5905ed372e022071e9874c56d51f709d1c39bb46b09696a7c744a2b41d4628f87c2465443cabb9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposed-panels/c2/viper-c2.yaml"

View on Github