---
title: "[bojemoi] feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection"
date: 2026-03-25T22:52:46+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 5a9bdd9 par Betty dans bojemoi"
author: "Betty"
---

## Commit `5a9bdd9`

| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `5a9bdd9da9c03d43ef601a9663f565f51950dcde` |


### Description

bm12:
- NSE: add http-shellshock, http-php-version, http-webdav-scan, http-auth-finder,
  http-default-accounts to HTTP/HTTPS scripts
- NSE: add smtp-open-relay, add nfs (nfs-ls,nfs-showmount,nfs-statfs,rpcinfo)
- _VULN_INDICATORS: 20 patterns (vsftpd 2.3.4 backdoor, ProFTPD mod_copy, WordPress,
  Joomla, Drupal, Shellshock CGI, Tomcat manager, WebDAV, phpMyAdmin, Jenkins,
  Struts, Redis/MongoDB noauth, Samba old, SNMP public, SMTP open relay, NFS export)
- detect_vuln_indicators(): parses service banners against _VULN_INDICATORS
- run_scan(): call detect_vuln_indicators, store attack_surface in scan_details,
  boost type=vuln_web when web vulns detected (after IoT priority)

uzi:
- _OS_EXPLOIT_PATHS: add vuln_web → exploit/unix/webapp/, multi/http/, unix/http/
- _VULN_EXPLOIT_TERMS: maps 18 vuln indicators to MSF search terms
- get_os_paths(): handle vuln_web type
- build_targeted_exploits(): accept scan_details, extract attack_surface terms
- main loop: pass scan_details, apply vuln_web type override, log attack_surface

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

### Files Changed

```
M	borodino/thearm_bm12
M	borodino/thearm_uzi
```

### Diff Summary

```
 borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++---
 borodino/thearm_uzi  | 69 +++++++++++++++++++++++++++++-------
 2 files changed, 151 insertions(+), 16 deletions(-)
```