Gavazzi Automation UWP 3.0
Favicon based nuclei template to enumerate active installations of Gavazzi Automation UWP 3.0 WebApp
id: gavazzi-automation
info:
name: gavazzi-automation-UWP-3.0-WebApp
author: Redflare-cyber
severity: info
description: Login for UWP 3.0 Web Application by Gavazzi Automation was detected on target host.
reference:
- https://www.gavazziautomation.com/en-global/
- https://github.com/edoardottt/favirecon
metadata:
max-request: 2
fofa-query: icon_hash="2103098667" && title=="UWP3.0 Web"
tags: scada,iiot,ics,tech,favicon
http:
- method: GET
path:
- "{{BaseURL}}/favicon.ico"
- "{{BaseURL}}/images/favicon.ico"
- "{{BaseURL}}/assets/icons/apple-icon-57x57.png"
- "{{BaseURL}}/assets/icons/apple-icon-120x120.png"
- "{{BaseURL}}/assets/icons/apple-icon-180x180.png"
- "{{BaseURL}}/assets/icons/android-icon-192x192.png"
- "{{BaseURL}}/assets/icons/favicon-32x32.png"
- "{{BaseURL}}/assets/icons/favicon-96x96.png"
- "{{BaseURL}}/assets/icons/favicon-16x16.png"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
name: "gavazzi1"
dsl:
- "status_code==200 && (\"-1740901199\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi2"
dsl:
- "status_code==200 && (\"-653070107\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi3"
dsl:
- "status_code==200 && (\"-1303468522\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi3"
dsl:
- "status_code==200 && (\"712041840\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi4"
dsl:
- "status_code==200 && (\"2134643867\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi4"
dsl:
- "status_code==200 && (\"-993331329\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi5"
dsl:
- "status_code==200 && (\"576329580\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi6"
dsl:
- "status_code==200 && (\"2103098667\" == mmh3(base64_py(body)))"
- type: dsl
name: "gavazzi7"
dsl:
- "status_code==200 && (\"2103098667\" == mmh3(base64_py(body)))"
extractors:
- type: dsl
dsl:
- 'mmh3(base64_py(body))'
Last updated