Implemented Checks¶
DNS¶
Queries a DNS server for a specific record
Custom Properties:
qtype | type of record (A, AAAA, CNAME, etc) |
domain | domain/host to query for |
Elasticsearch¶
Uses python requests to insert message and then query for same message
Custom Properties:
index | index to use to insert the message |
doc_type | type of the document |
FTP¶
Uses python ftplib to login to an FTP server, upload a file, login again to FTP and download file
Uses Accounts
Custom Properties:
remotefilepath | absolute path of file on remote server to upload/download |
filecontents | contents of the file that we upload/download |
HTTP(S)¶
Sends a GET request to an HTTP(S) server
Custom Properties:
useragent | specific useragent to use in the request |
vhost | vhost used in the request |
uri | uri of the request |
IMAP(S)¶
Uses medusa to login to an imap server
Uses Accounts
Custom Properties:
domain | domain of the username |
LDAP¶
Uses ldapsearch to login to ldap server. Once authenticated, it performs a lookup of all users in the same domain
Uses Accounts
Custom Properties:
domain | domain of the username |
base_dn | base dn value of the domain (Ex: dc=example,dc=com) |
MSSQL¶
Logs into a MSSQL server, uses a database, and executes a specific SQL command
Uses Accounts
Custom Properties:
database | database to use before running command |
command | SQL command that will execute |
MySQL¶
Logs into a MySQL server, uses a database, and executes a specific SQL command
Uses Accounts
Custom Properties:
database | database to use before running command |
command | SQL command that will execute |
NFS¶
Uses python libnfs to login to an NFS server, write a file, login again to NFS and read a file
Custom Properties:
remotefilepath | absolute path of file on remote server to upload/download |
filecontents | contents of the file that we upload/download |
POP3(S)¶
Uses medusa to login to an pop3 server
Uses Accounts
Custom Properties:
domain | domain of the username |
PostgreSQL¶
Logs into a postgresql server, selects a database, and executes a SQL command
Uses Accounts
Custom Properties:
database | database to use before running command |
command | SQL command that will execute |
SMB¶
Logs into a system using SMB with an account/password, and hashes the contents of a specific file on a specific share
Uses Accounts
Custom Properties:
share | name of the share to connect to |
file | local path of the file to access |
hash | SHA256 hash of the contents of the file |
SMTP(S)¶
Logs into an SMTP server and sends an email
Uses Accounts
Custom Properties:
touser | address that the email will be sent to |
subject | subject of the email |
body | body of the email |
SSH¶
Logs into a system using SSH with an account/password, and executes command(s)
Note
Each command will be executed independently of each other in a separate ssh connection.
Uses Accounts
Custom Properties:
commands | ‘;’ delimited list of commands to run (Ex: id;ps) |
VNC¶
Connects and if specified, will login to a VNC server
Uses Accounts (optional)
Custom Properties: none
WinRM¶
Logs into a system using WinRM with an account/password, and executes command(s)
Uses Accounts
Custom Properties:
commands | ‘;’ delimited list of commands to run (Ex: ipconfig /all;whoami) |