Ivanti-CSA-detect

To be used in conjunction with CVE-2024-8190.yaml

id: ivanti-csa-detection
info:
  name: Ivanti Cloud Service Appliance Detection
  author: Redflare-Cyber
  description: Detects exposed Ivanti Cloud Service Appliance hosts potentially prone to CVE-2024-8190 
  severity: low
  metadata:
    shodan-query: http.html:'Ivanti(R) Cloud Services Appliance'
  tags: ivanti, csa, osint, exposures

requests:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "Ivanti(R) Cloud Services Appliance"
      - type: word
        part: body
        words:
          - "allowed/ivanti-logo.png"
      - type: word
        part: title
        words:
          - "Ivanti(R) Cloud Services Appliance"