Implemented Checks

DNS

Queries a DNS server for a specific record

Custom Properties:

qtype	type of record (A, AAAA, CNAME, etc)
domain	domain/host to query for

Elasticsearch

Uses python requests to insert message and then query for same message

Custom Properties:

index	index to use to insert the message
doc_type	type of the document

FTP

Uses python ftplib to login to an FTP server, upload a file, login again to FTP and download file

Uses Accounts

Custom Properties:

remotefilepath	absolute path of file on remote server to upload/download
filecontents	contents of the file that we upload/download

HTTP(S)

Sends a GET request to an HTTP(S) server

Custom Properties:

useragent	specific useragent to use in the request
vhost	vhost used in the request
uri	uri of the request

ICMP

Sends an ICMP Echo Request to server

Custom Properties: none

IMAP(S)

Uses medusa to login to an imap server

Uses Accounts

Custom Properties:

domain

domain of the username

LDAP

Uses ldapsearch to login to ldap server. Once authenticated, it performs a lookup of all users in the same domain

Uses Accounts

Custom Properties:

domain	domain of the username
base_dn	base dn value of the domain (Ex: dc=example,dc=com)

MSSQL

Logs into a MSSQL server, uses a database, and executes a specific SQL command

Uses Accounts

Custom Properties:

database	database to use before running command
command	SQL command that will execute

MySQL

Logs into a MySQL server, uses a database, and executes a specific SQL command

Uses Accounts

Custom Properties:

database	database to use before running command
command	SQL command that will execute

NFS

Uses system NFS utilities to mount a share, write a file, and read it back to verify the contents

Custom Properties:

remotefilepath	absolute path of file on remote server to upload/download
filecontents	contents of the file that we upload/download

POP3(S)

Uses medusa to login to an pop3 server

Uses Accounts

Custom Properties:

domain

domain of the username

PostgreSQL

Logs into a postgresql server, selects a database, and executes a SQL command

Uses Accounts

Custom Properties:

database	database to use before running command
command	SQL command that will execute

RDP

Logs into a system using RDP with an account/password

Uses Accounts

Custom Properties: none

SMB

Logs into a system using SMB with an account/password, and hashes the contents of a specific file on a specific share

Uses Accounts

Custom Properties:

share	name of the share to connect to
file	local path of the file to access
hash	SHA256 hash of the contents of the file

SMTP(S)

Logs into an SMTP server and sends an email

Uses Accounts

Custom Properties:

touser	address that the email will be sent to
subject	subject of the email
body	body of the email

SSH

Logs into a system using SSH with an account/password, and executes command(s)

Note

Each command will be executed independently of each other in a separate ssh connection.

Uses Accounts

Custom Properties:

commands

‘;’ delimited list of commands to run (Ex: id;ps)

TELNET

Logs into a system using Telnet with an account/password, and executes command(s)

Note

Each command will be executed independently of each other in a separate telnet connection.

Uses Accounts

Custom Properties:

commands

‘;’ delimited list of commands to run (Ex: id;ps)

VNC

Connects and if specified, will login to a VNC server

Uses Accounts (optional)

Custom Properties: none

WinRM

Logs into a system using WinRM with an account/password, and executes command(s)

Uses Accounts

Custom Properties:

commands

‘;’ delimited list of commands to run (Ex: ipconfig /all;whoami)

OpenVPN

Logs into an OpenVPN service using an account/password + CA certificate.

Uses Accounts

Custom Properties:

ca	entire CA text