Skip to content

Add SolarWinds Web Help Desk version detection module #1506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Aarush289 wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Add SolarWinds Web Help Desk version detection module #1506

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
0cc045d
Merge pull request #4 from OWASP/master
Aarush289 Jan 20, 2026
2a32fe2
Merge pull request #8 from OWASP/master
Aarush289 Feb 5, 2026
4090ae3
Merge pull request #9 from OWASP/master
Aarush289 Feb 8, 2026
2a0b83e
Add FortiWeb authentication bypass vulnerability check
Aarush289 Feb 10, 2026
b1ffe4e
Remove FortiWeb auth bypass vulnerability entry
Aarush289 Feb 10, 2026
6db5ee7
Fix vulnerability name in wp_plugin_cve_2021_38314.yaml
Aarush289 Feb 10, 2026
6fd226a
Rename CVE identifier from 39314 to 39320
Aarush289 Feb 10, 2026
03675d5
Merge pull request #10 from OWASP/master
Aarush289 Feb 12, 2026
0d3399e
Merge pull request #13 from OWASP/master
Aarush289 Feb 18, 2026
ace2db9
Merge pull request #14 from OWASP/master
Aarush289 Feb 23, 2026
0711d39
Merge pull request #16 from OWASP/master
Aarush289 Mar 3, 2026
0857127
Merge pull request #18 from OWASP/master
Aarush289 Mar 8, 2026
44a9ae6
Merge pull request #19 from OWASP/master
Aarush289 Mar 20, 2026
95ac772
Merge pull request #20 from OWASP/master
Aarush289 Apr 9, 2026
dd080aa
new module added
Aarush289 Apr 9, 2026
8ba9258
remove the debug comments
Aarush289 Apr 9, 2026
102cdbe
changes of http removed
Aarush289 Apr 9, 2026
faf7a59
Merge branch 'master' into cve_2025_40536
Aarush289 Apr 9, 2026
b7be1d3
fixed the version regex
Aarush289 Apr 9, 2026
daf9bc3
updated the desciption
Aarush289 Apr 9, 2026
344e21b
version scan added
Aarush289 Apr 10, 2026
d46e258
Merge branch 'master' into cve_2025_40536
Aarush289 Apr 14, 2026
8f4f315
Merge branch 'master' into cve_2025_40536
Aarush289 Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/Modules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ OWASP Nettacker Modules can be of type **Scan** (scan for something), **Vuln** (
- '**pma_scan**' - Scan the target for PHP MyAdmin presence
- '**port_scan**' - Scan the target for open ports identifying the popular services using signatures (.e.g SSH on port 2222)
- '**smartermail_version_scan**' - Scan the target and identify the SmarterMail version
- '**solarwinds_whd_version_scan**' - Scan the target and identify the SolarWinds Web Help Desk version
- '**ssl_expiring_certificate_scan**' - Scan the target for SSL/TLS certificates nearing expiration
- '**subdomain_scan**' - Scan the target for subdomains (target must be a domain e.g. owasp.org)
- '**viewdns_reverse_iplookup_scan**' - Identify which sites/domains are hosted on the target host using ViewDNS.info
Expand Down
50 changes: 50 additions & 0 deletions nettacker/modules/scan/solarwinds_whd_version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
info:
name: solarwinds_whd_version_scan
author: Nettacker Team
severity: 3
description: fetch SolarWinds Web Help Desk version from target
reference:
- https://www.solarwinds.com/
profiles:
- scan
- http
- solarwinds
- webhelpdesk
- version

payloads:
- library: http
steps:
- method: get
timeout: 3
headers:
User-Agent: "{user_agent}"
Host: "{target}"
allow_redirects: false
ssl: false
url:
nettacker_fuzzer:
input_format: "{{schema}}://{target}:{{ports}}/helpdesk/WebObjects/Helpdesk.woa"
prefix: ""
suffix: ""
interceptors:
data:
schema:
- "http"
- "https"
ports:
- 80
- 443

response:
condition_type: and
conditions:
status_code:
regex: "200"
reverse: false

content:
regex: "\\?v=([0-9]+_[0-9]+_[0-9]+_[0-9]+)"
reverse: false

log: "SolarWinds WHD version: response_dependent['content']"
Loading