Pulse Secure VPN Login Panel - Detect

What is the "Pulse Secure VPN Login Panel - Detect?"

The "Pulse Secure VPN Login Panel - Detect" module is designed to detect the presence of the Pulse Secure VPN login panel. This module focuses on identifying the login panel and does not perform any further actions. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by bsysop.

Impact

The impact of this module is limited to providing information about the presence of the Pulse Secure VPN login panel. It does not indicate any misconfigurations, vulnerabilities, or software fingerprints.

How does the module work?

The module works by sending HTTP requests to specific paths associated with the Pulse Secure VPN login panel. It then applies matching conditions to determine if the login panel is present.

For example, one of the HTTP requests sent by the module is a GET request to the following paths:

- /dana-na/auth/url_default/welcome.cgi
- /dana-na/auth/url_2/welcome.cgi
- /dana-na/auth/url_3/welcome.cgi

The module applies two matching conditions:

- Header Matching: It checks if the response header contains the string "/dana-na/auth/welcome.cgi". - Body Matching: It uses a regular expression to search for the pattern "/dana-na/css/ds(_[a-f0-9]{64})?.css" in the response body.

The module considers the presence of either one of these matching conditions as a positive detection of the Pulse Secure VPN login panel.

For more information, please refer to the official documentation.