Ivanti Endpoint Manager - Detect
ID: ivanti-endpoint-manager
Severity: info
Author: ritikchaddha
Tags: tech,ivanti,epm,detect,landdesk
Description
Section titled “Description”Detects the presence of Ivanti Endpoint Manager (formerly LANDesk Management Suite) servers.
YAML Source
Section titled “YAML Source”id: ivanti-endpoint-manager
info: name: Ivanti Endpoint Manager - Detect author: ritikchaddha severity: info description: | Detects the presence of Ivanti Endpoint Manager (formerly LANDesk Management Suite) servers. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 metadata: max-request: 4 verified: true shodan-query: html:"LANDesk" fofa-query: body="LANDesk" tags: tech,ivanti,epm,detect,landdesk
http: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/ldlogon.dll" - "{{BaseURL}}/core/login" - "{{BaseURL}}/webaccess"
stop-at-first-match: true host-redirects: true max-redirects: 2 matchers-condition: or matchers: - type: word part: body words: - "Ivanti Endpoint Manager" - "LANDesk Management" - "Ivanti(R) Cloud Services" - "Ivanti Cloud Services Appliance" - "LANDesk(R) Cloud Services Appliance" - "LANDesk(R) Management" condition: or case-insensitive: true
- type: word part: header words: - "LANDesk" - "Ivanti EPM" condition: or case-insensitive: true
- type: regex part: response regex: - '(?i)landdesk.*management' - '(?i)ivanti.*endpoint\s*manager' condition: or# digest: 4a0a00473045022100ae5276ab8a8e756886d229d320fa42a192f7d0a378035b195b6d08153018fcfd022056f66ba00cfa0fa5e0cf34c89eb3f8b9d2d55d492e9847d0f64ed13b5afc25ec:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/technologies/ivanti/ivanti-endpoint-manager.yaml"