tcp-demo: TCP Demo

id: tcp-demo

info:
  name: TCP Demo
  author: zan8in
  severity: high
  verified: true
  description: TCP Demo

set:
  hostname: request.url.host
  host: request.url.domain
rules:
  r0:
    request:
      type: tcp
      host: "{{hostname}}"
      data: "\n"
      read-size: 1024
    expression: response.raw.bcontains(b'No such') && response.raw.bcontains(b'lstat() failed')
  r1:
    request:
      type: tcp
      host: "{{host}}:3306"
      data: "\n"
      read-size: 1024
    expression: response.raw.bcontains(b'No such') && response.raw.bcontains(b'lstat() failed')
expression: r0() || r1()