Detect Darkstat Reports

ID: darkstat-detect

Severity: high

Author: geeknik

Tags: darkstat,logs,exposure

Description

Darkstat captures network traffic, calculates statistics about usage, and serves reports over HTTP

YAML Source

id: darkstat-detect

info:
  name: Detect Darkstat Reports
  author: geeknik
  severity: high
  description: Darkstat captures network traffic, calculates statistics about usage, and serves reports over HTTP
  reference:
    - https://unix4lyfe.org/darkstat/
  metadata:
    max-request: 2
  tags: darkstat,logs,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/darkstat/"

    # FYI, the default port for darkstat is 666
    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - "[Ss]erver: darkstat.*"

      - type: word
        part: body
        words:
          - "darkstat"
          - "<title>Graphs"
          - "Measuring for"
          - "hosts</a>"
        condition: and

    extractors:
      - type: kval
        part: header
        kval:
          - server
# digest: 4a0a004730450221008c1c59610f5757c3128a9ec1b663abc26b1a5cf4aa82b241ec97ee2188fb5466022068c349324d617970891e65fd832b7035e95dff053674eb97f3bc6a05f4308a39:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/logs/darkstat-detect.yaml"

View on Github