From c7fb4365a876cb6917456751c89f3f3ae1fc0e57 Mon Sep 17 00:00:00 2001
From: ref <56499429+referefref@users.noreply.github.com>
Date: Sat, 2 Mar 2024 23:29:12 +0800
Subject: [PATCH] Add ElasticpotPY

---
 signatures.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/signatures.yaml b/signatures.yaml
index 0a20df4..ae56cd9 100644
--- a/signatures.yaml
+++ b/signatures.yaml
@@ -257,3 +257,16 @@ signatures:
         invert_match: false
     confidence: "High"
     comment: "Common JSESSIONID detected as per blog: https://vulncheck.com/blog/too-many-honeypots"
+
+  - name: "ElasticpotPY"
+    id: 21
+    port: 9200
+    proto: TCP
+    steps:
+     - input_type: string
+       input: "GET /api/search HTTP/1.0\nHost: localhost\n\n"
+       output_match_type: string
+       output: "{\"error\":{\"root_cause\":[{\"type\":\"index_not_found_exception\",\"reason\":\"no such index\",\"resource.type\":\"index_or_alias\",\"resource.id\":\"test\",\"index\":\"test\"}],\"type\":\"index_not_found_exception\",\"reason\":\"no such index\",\"resource.type\":\"index_or_alias\",\"resource.id\":\"test\",\"index\":\"test\"},\"status\":404}"
+       invert_match: false
+    confidence: "Low"
+    comment: "Hardcoded index name, and resource id."