diff --git a/content/posts/commits/2026-03-25-commit-5a9bdd9.md b/content/posts/commits/2026-03-25-commit-5a9bdd9.md new file mode 100644 index 0000000..dd6d30c --- /dev/null +++ b/content/posts/commits/2026-03-25-commit-5a9bdd9.md @@ -0,0 +1,56 @@ +--- +title: "[bojemoi] feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection" +date: 2026-03-25T22:52:46+01:00 +draft: false +tags: ["commit", "bojemoi", "main"] +categories: ["Git Activity"] +summary: "Commit 5a9bdd9 par Betty dans bojemoi" +author: "Betty" +--- + +## Commit `5a9bdd9` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Author** | Betty | +| **Hash** | `5a9bdd9da9c03d43ef601a9663f565f51950dcde` | + + +### Description + +bm12: +- NSE: add http-shellshock, http-php-version, http-webdav-scan, http-auth-finder, + http-default-accounts to HTTP/HTTPS scripts +- NSE: add smtp-open-relay, add nfs (nfs-ls,nfs-showmount,nfs-statfs,rpcinfo) +- _VULN_INDICATORS: 20 patterns (vsftpd 2.3.4 backdoor, ProFTPD mod_copy, WordPress, + Joomla, Drupal, Shellshock CGI, Tomcat manager, WebDAV, phpMyAdmin, Jenkins, + Struts, Redis/MongoDB noauth, Samba old, SNMP public, SMTP open relay, NFS export) +- detect_vuln_indicators(): parses service banners against _VULN_INDICATORS +- run_scan(): call detect_vuln_indicators, store attack_surface in scan_details, + boost type=vuln_web when web vulns detected (after IoT priority) + +uzi: +- _OS_EXPLOIT_PATHS: add vuln_web → exploit/unix/webapp/, multi/http/, unix/http/ +- _VULN_EXPLOIT_TERMS: maps 18 vuln indicators to MSF search terms +- get_os_paths(): handle vuln_web type +- build_targeted_exploits(): accept scan_details, extract attack_surface terms +- main loop: pass scan_details, apply vuln_web type override, log attack_surface + +Co-Authored-By: Claude Sonnet 4.6 + +### Files Changed + +``` +M borodino/thearm_bm12 +M borodino/thearm_uzi +``` + +### Diff Summary + +``` + borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++--- + borodino/thearm_uzi | 69 +++++++++++++++++++++++++++++------- + 2 files changed, 151 insertions(+), 16 deletions(-) +```