panel-detect: Panel Detect

日期: 2025-08-01 | 影响软件: Panel Detect | POC: 已公开

漏洞描述

Panel Detect

PoC代码[已公开]

id: panel-detect

info:
  name: Panel Detect
  author: zan8in
  severity: info
  verified: true
  description: |-
    Panel Detect
  tags: panel,detect
  created: 2023/11/30

rules:
  r0:
    request:
      method: GET
      path: /
    expressions:
      - '"apache-activemq" != "" && response.status == 200 && response.body.bcontains(b"<title>Apache ActiveMQ</title>")'
      - '"thinkphp" != "" && response.raw_header.ibcontains(b"thinkphp")'
      - '"appex-lotwan-login" != "" && response.status == 200 && response.body.bcontains(b"<title>LotWan 广域网优化系统</title>")'
      - '"avtech-avn801-camera" != "" && response.status == 200 && response.body.bcontains(b"IP Surveillance for Your Life") && response.body.bcontains(b"avtech") && response.body.bcontains(b"/cgi-bin/guest/Login.cgi?rnd=")'
      - '"directadmin-login" != "" && response.status == 200 && response.body.bcontains(b"<title>DirectAdmin Login</title>")'
      - '"dubbo-detect" != "" && response.status == 200 && response.headers["www-authenticate"].icontains("Basic realm=\"dubbo\"")'
      - '"huawei-hg532e-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>HG532e</title>")'
      - '"jira-panel" != "" && response.body.bcontains(b"Project Management Software") && response.body.bcontains(b"atlassian.com/software/jira")'
      - '"kubernetes-dashboard" != "" && response.status == 200 && response.body.bcontains(b"Kubernetes Dashboard</title>")'
      - '"kubernetes-mirantis" != "" && response.status == 200 && response.body.bcontains(b"Mirantis Kubernetes Engine")'
      - '"kubernetes-resource-report" != "" && response.status == 200 && response.body.bcontains(b"Overview - Kubernetes Resource Report")'
      - '"openerp-database" != "" && response.status == 200 && response.body.bcontains(b"<title>OpenERP</title>")'
      - '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"RabbitMQ Management")'
      - '"rocketmq-console" != "" && response.status == 200 && response.body.bcontains(b"<title>RocketMq-console-ng</title>")'
      - '"teleport-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>登录::TELEPORT</title>")'
      - '"terramaster-panel" != "" && response.status == 200 && (response.body.bcontains(b"<title>TOS Loading</title>") || response.headers["server"] == "TOS" || response.headers["x-powered-by"] == "TerraMaster")'
      - '"upupw-tz-panel" != "" && response.status == 200 && "<title>UPUPW(.*)</title>".bmatches(response.body)'
      - '"zabbix-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>zabbix-server: Zabbix</title>")'
      - '"acunetix-panel-detect" != "" && response.status == 200 && response.body.bcontains(b"<title>Acunetix</title>")'
      - '"druid-console-exposure" != "" && response.status == 200 && response.body.bcontains(b"src=\"/druid.js\"") && response.body.bcontains(b"href=\"/druid.css\"")'
      - '"nacos-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>nacos</title>")'
      - '"utt-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>Technology, Inc.</title>")'
      - '"directory-list" != "" && response.status == 200  && response.body.bcontains(b"<title>Index of /</title>") && response.body.bcontains(b"<h1>Index of /</h1>")'
      - '"kyan-network-monitoring" != "" && response.status == 200 && response.body.bcontains(b"<title>platform - Login</title>")'
      - '"openvpn-admin" != "" && response.status == 200 && response.body.bcontains(b"<title>OpenVPN-Admin")'
      - '"elasticsearch" != "" && response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(b"You Know, for Search")'
      - '"hp-officepro-printer" != "" && response.status == 200 && response.body.bcontains(b"frameWorkObj") && response.body.bcontains(b"class=\"pgm-container") && response.body.bcontains(b".pgm-container")'
      - '"kafka-manager-panel" != "" && response.status == 200 && (response.body.bcontains(b"Kafka Manager") || response.raw_header.bcontains(b"Kafka-Manager"))'
      - '"tensorboard-detect" != "" && response.status == 200 && response.body.bcontains(b"<title>TensorBoard</title>")'
      - '"axis-detect" != "" && response.status == 200 && response.body.bcontains(b"Validate") && response.body.bcontains(b"Welcome") && response.body.bcontains(b"Axis") && response.body.bcontains(b"deployed") && response.body.bcontains(b"installation") && response.body.bcontains(b"Admin")'
      - '"hikvision-intercom" != "" && response.status == 200 && response.body.bcontains(b"document.title = LOGIN_BTN_LOGIN") && response.body.bcontains(b"document.write(TITLE_SYSTEM);")'
      - '"kingsoft-v8" != "" && response.status == 200 && response.body.bcontains(b"<title>在线安装-V8+终端安全系统Web控制台</title>")'
      - '"panabit-ixcache" != "" && response.status == 200 && response.body.bcontains(b"<title>iXCache</title>")'
      - '"panabit-gateway" != "" && response.status == 200 && response.body.bcontains(b"<span>Powered by OFBiz</span>")'
      - '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"<title>RabbitMQ Management</title>")'
      - '"cobbler-webgui" != "" && response.status == 200 && response.body.bcontains(b"<title>Cobbler Web Interface</title>")'
      - '"thinkphp-debug" != "" && response.body.bcontains(b">错误</span>") && response.body.bcontains(b">SQL</span>") &&  response.body.bcontains(b">调试</span>")'
      - '"nginxWebUI" != "" && response.status == 200 && response.body.ibcontains(b"<title>nginxWebUI</title>")'
      - '"tianjing-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>天镜脆弱性扫描与管理系统</title>")'
      - '"taihe-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>泰合信息安全运营中心系统-日志审计 - 登录</title>")'
      - '"tianyue-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>天玥运维安全网关V")'
      - '"h3c-hci-management-panel" != "" && response.status == 200 && response.body.bcontains(b"/uis/spring_check?")'
      - '"superset-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Superset</title>")'
      - '"openfire-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Openfire")'
      - '"basic-auth-detect" != "" && response.status == 401 && response.raw_header.ibcontains(b"Www-Authenticate:")'
      - '"realor-detect" != "" && response.status == 200 && response.body.ibcontains(b"Realor Co.Ltd") && response.body.ibcontains(b"realoronline.gif")'
      - '"mobileiron-system-manager-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>MobileIron System Manager: Sign In</title>")'
      - '"konga-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Konga</title>")'
      - '"cockpit-detect" != "" && response.status == 200 && response.body.ibcontains(b"window.cockpit_po") && response.body.ibcontains(b"Cockpit authentication is configured incorrectly")'
      - '"harbor-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Harbor</title>")'
      - '"nexus-repository-manager-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Nexus Repository Manager</title>")'
      - '"emqx-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>EMQX Dashboard</title>")'
      - '"portainer-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Portainer</title>")'
      - '"kkfileview-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>kkFileView演示首页</title>")'
      - '"ziguang-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>紫光档案管理系统——登录</title>")'
      - '"tectuus-scada-monitor" != "" && response.status == 200 && response.body.ibcontains(b"<title>SCADAmonitor</title>")'
      - '"carel-plantvisor-panel" != "" && response.status == 200 && response.body.bcontains(b"CAREL Pl@ntVisor") && response.body.bcontains(b"alt="CAREL")'
      - '"kibana-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Kibana</title>")'
      - '"default-glassfish-server-page" != "" && response.status == 200 && (response.body.ibcontains(b"glassfish server - server running") || response.body.ibcontains(b"glassfish server with premier support") || response.body.ibcontains(b"<b>glassfish server</b>") || response.body.ibcontains(b"glassfish server installation directory"))'
      - '"nsqadmin-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>nsqadmin</title>")'
      - '"palo-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Expedition Project</title>")'
      - '"yonyou-youbin-detect" != "" && response.status == 200 && (response.body.bcontains(b"YonBIP") || response.body.bcontains(b"数字化工作台"))'
      - '"jeecgboot-detect" != "" && response.status == 200 && response.body.bcontains(b"/sys/common/pdf/pdfPreviewIframe")'
      - '"secondbest-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>云供应链管理系统-登录</title>")'
      - '"tutorsoft-erp-panel" != "" && response.status == 200 && response.body.ibcontains(b"欢迎登陆到网上订单系统") && response.body.ibcontains(b"http://www.fstutor.com")'
      - '"cnoa-panel" != "" && response.status == 200 && response.body.ibcontains(b"- Powered by 协众OA - www.cnoa.cn</title>")'
      - '"guowei-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Login page</title>") && response.body.ibcontains(b"themes/tenant/css/login.css")'
      - '"totolink-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>TOTOLINK</title>")'
      - '"sibo-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>欢迎使用 博斯软件")'
      - '"cleo-panel" != "" && response.status == 200 && response.headers["server"].icontains("Cleo")'
      - '"hjsoft-panel" != "" && response.status == 200 && response.body.bcontains(b"class=\"hj-wzm-copyright\"") && response.body.bcontains(b"宏景软件  版权所有")'
      - '"zzsk-panel" != "" && response.status == 200 && response.body.bcontains(b"/Images/ManLogin/name.png") && response.body.bcontains(b"/Content/ManLogin/style.css")'
      - '"roundcube-webmail-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Roundcube Webmail") && response.body.bcontains(b"rcversion")'
      - '"fortiweb-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>FortiWeb -")'
  r1:
    request:
      method: GET
      path: /
      follow_redirects: true
    expressions:
      - '"apache-activemq" != "" && response.status == 200 && response.body.bcontains(b"<title>Apache ActiveMQ</title>")'
      - '"thinkphp" != "" && response.raw_header.ibcontains(b"thinkphp")'
      - '"appex-lotwan-login" != "" && response.status == 200 && response.body.bcontains(b"<title>LotWan 广域网优化系统</title>")'
      - '"avtech-avn801-camera" != "" && response.status == 200 && response.body.bcontains(b"IP Surveillance for Your Life") && response.body.bcontains(b"avtech") && response.body.bcontains(b"/cgi-bin/guest/Login.cgi?rnd=")'
      - '"directadmin-login" != "" && response.status == 200 && response.body.bcontains(b"<title>DirectAdmin Login</title>")'
      - '"dubbo-detect" != "" && response.status == 200 && response.headers["www-authenticate"].icontains("Basic realm=\"dubbo\"")'
      - '"huawei-hg532e-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>HG532e</title>")'
      - '"jira-panel" != "" && response.body.bcontains(b"Project Management Software") && response.body.bcontains(b"atlassian.com/software/jira")'
      - '"kubernetes-dashboard" != "" && response.status == 200 && response.body.bcontains(b"Kubernetes Dashboard</title>")'
      - '"kubernetes-mirantis" != "" && response.status == 200 && response.body.bcontains(b"Mirantis Kubernetes Engine")'
      - '"kubernetes-resource-report" != "" && response.status == 200 && response.body.bcontains(b"Overview - Kubernetes Resource Report")'
      - '"openerp-database" != "" && response.status == 200 && response.body.bcontains(b"<title>OpenERP</title>")'
      - '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"RabbitMQ Management")'
      - '"rocketmq-console" != "" && response.status == 200 && response.body.bcontains(b"<title>RocketMq-console-ng</title>")'
      - '"teleport-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>登录::TELEPORT</title>")'
      - '"terramaster-panel" != "" && response.status == 200 && (response.body.bcontains(b"<title>TOS Loading</title>") || response.headers["server"] == "TOS" || response.headers["x-powered-by"] == "TerraMaster")'
      - '"upupw-tz-panel" != "" && response.status == 200 && "<title>UPUPW(.*)</title>".bmatches(response.body)'
      - '"zabbix-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>zabbix-server: Zabbix</title>")'
      - '"acunetix-panel-detect" != "" && response.status == 200 && response.body.bcontains(b"<title>Acunetix</title>")'
      - '"druid-console-exposure" != "" && response.status == 200 && response.body.bcontains(b"src=\"/druid.js\"") && response.body.bcontains(b"href=\"/druid.css\"")'
      - '"nacos-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>nacos</title>")'
      - '"utt-panel" != "" && response.status == 200 && response.body.bcontains(b"<title>Technology, Inc.</title>")'
      - '"directory-list" != "" && response.status == 200  && response.body.bcontains(b"<title>Index of /</title>") && response.body.bcontains(b"<h1>Index of /</h1>")'
      - '"kyan-network-monitoring" != "" && response.status == 200 && response.body.bcontains(b"<title>platform - Login</title>")'
      - '"openvpn-admin" != "" && response.status == 200 && response.body.bcontains(b"<title>OpenVPN-Admin")'
      - '"elasticsearch" != "" && response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(b"You Know, for Search")'
      - '"hp-officepro-printer" != "" && response.status == 200 && response.body.bcontains(b"frameWorkObj") && response.body.bcontains(b"class=\"pgm-container") && response.body.bcontains(b".pgm-container")'
      - '"kafka-manager-panel" != "" && response.status == 200 && (response.body.bcontains(b"Kafka Manager") || response.raw_header.bcontains(b"Kafka-Manager"))'
      - '"tensorboard-detect" != "" && response.status == 200 && response.body.bcontains(b"<title>TensorBoard</title>")'
      - '"axis-detect" != "" && response.status == 200 && response.body.bcontains(b"Validate") && response.body.bcontains(b"Welcome") && response.body.bcontains(b"Axis") && response.body.bcontains(b"deployed") && response.body.bcontains(b"installation") && response.body.bcontains(b"Admin")'
      - '"hikvision-intercom" != "" && response.status == 200 && response.body.bcontains(b"document.title = LOGIN_BTN_LOGIN") && response.body.bcontains(b"document.write(TITLE_SYSTEM);")'
      - '"kingsoft-v8" != "" && response.status == 200 && response.body.bcontains(b"<title>在线安装-V8+终端安全系统Web控制台</title>")'
      - '"panabit-ixcache" != "" && response.status == 200 && response.body.bcontains(b"<title>iXCache</title>")'
      - '"panabit-gateway" != "" && response.status == 200 && response.body.bcontains(b"<span>Powered by OFBiz</span>")'
      - '"rabbitmq-dashboard" != "" && response.status == 200 && response.body.bcontains(b"<title>RabbitMQ Management</title>")'
      - '"cobbler-webgui" != "" && response.status == 200 && response.body.bcontains(b"<title>Cobbler Web Interface</title>")'
      - '"thinkphp-debug" != "" && response.body.bcontains(b">错误</span>") && response.body.bcontains(b">SQL</span>") &&  response.body.bcontains(b">调试</span>")'
      - '"nginxWebUI" != "" && response.status == 200 && response.body.ibcontains(b"<title>nginxWebUI</title>")'
      - '"tianjing-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>天镜脆弱性扫描与管理系统</title>")'
      - '"taihe-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>泰合信息安全运营中心系统-日志审计 - 登录</title>")'
      - '"tianyue-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>天玥运维安全网关V")'
      - '"h3c-hci-management-panel" != "" && response.status == 200 && response.body.bcontains(b"/uis/spring_check?")'
      - '"superset-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Superset</title>")'
      - '"openfire-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Openfire")'
      - '"sangfor-ssl-vpn-detect" != "" && response.status == 200 && response.body.ibcontains(b"login_psw.csp")'
      - '"realor-detect" != "" && response.status == 200 && response.body.ibcontains(b"Realor Co.Ltd") && response.body.ibcontains(b"realoronline.gif")'
      - '"mobileiron-system-manager-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>MobileIron System Manager: Sign In</title>")'
      - '"konga-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Konga</title>")'
      - '"cockpit-detect" != "" && response.status == 200 && response.body.ibcontains(b"window.cockpit_po") && response.body.ibcontains(b"Cockpit authentication is configured incorrectly")'
      - '"harbor-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Harbor</title>")'
      - '"nexus-repository-manager-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Nexus Repository Manager</title>")'
      - '"emqx-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>EMQX Dashboard</title>")'
      - '"portainer-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Portainer</title>")'
      - '"kkfileview-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>kkFileView演示首页</title>")'
      - '"ziguang-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>紫光档案管理系统——登录</title>")'
      - '"tectuus-scada-monitor" != "" && response.status == 200 && response.body.ibcontains(b"<title>SCADAmonitor</title>")'
      - '"carel-plantvisor-panel" != "" && response.status == 200 && response.body.bcontains(b"CAREL Pl@ntVisor") && response.body.bcontains(b"alt="CAREL")'
      - '"kibana-detect" != "" && response.status == 200 && response.body.ibcontains(b"<title>Kibana</title>")'
      - '"default-glassfish-server-page" != "" && response.status == 200 && (response.body.ibcontains(b"glassfish server - server running") || response.body.ibcontains(b"glassfish server with premier support") || response.body.ibcontains(b"<b>glassfish server</b>") || response.body.ibcontains(b"glassfish server installation directory"))'
      - '"nsqadmin-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>nsqadmin</title>")'
      - '"palo-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Expedition Project</title>")'
      - '"yonyou-youbin-detect" != "" && response.status == 200 && (response.body.bcontains(b"YonBIP") || response.body.bcontains(b"数字化工作台"))'
      - '"jeecgboot-detect" != "" && response.status == 200 && response.body.bcontains(b"/sys/common/pdf/pdfPreviewIframe")'
      - '"secondbest-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>云供应链管理系统-登录</title>")'
      - '"tutorsoft-erp-panel" != "" && response.status == 200 && response.body.ibcontains(b"欢迎登陆到网上订单系统") && response.body.ibcontains(b"http://www.fstutor.com")'
      - '"cnoa-panel" != "" && response.status == 200 && response.body.ibcontains(b"- Powered by 协众OA - www.cnoa.cn</title>")'
      - '"guowei-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Login page</title>") && response.body.ibcontains(b"themes/tenant/css/login.css")'
      - '"totolink-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>TOTOLINK</title>")'
      - '"sibo-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>欢迎使用 博斯软件")'
      - '"cleo-panel" != "" && response.status == 200 && response.headers["server"].icontains("Cleo")'
      - '"hjsoft-panel" != "" && response.status == 200 && response.body.bcontains(b"class=\"hj-wzm-copyright\"") && response.body.bcontains(b"宏景软件  版权所有")'
      - '"zzsk-panel" != "" && response.status == 200 && response.body.bcontains(b"/Images/ManLogin/name.png") && response.body.bcontains(b"/Content/ManLogin/style.css")'
      - '"roundcube-webmail-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>Roundcube Webmail") && response.body.bcontains(b"rcversion")'
      - '"fortiweb-panel" != "" && response.status == 200 && response.body.ibcontains(b"<title>FortiWeb -")'

expression: r0() || r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/fingerprinting/panel-detect.yaml