da_667@da_667@infosec.exchange
so, looks like the IoT rule generator script just barely eked out over more book chapter work.
This is where I'm at right now:
I have a script where users have a series of menu options:
Iot Device's Vendor name (pre-set list, plus, an option for a name not in the list
http method (GET, POST, or PUT
the URI struct (e.g. /boafrm/, /goform/, /cgi-bin/cstecgi.cgi, or a full, custom URI struct
If the user inputs boa or goform, the they'll be prompted to input the vulnerable URI endpoint. (e.g. /boaform/[user input], where [user input is the remaining URI path-- such as: /boaform/formWlanMultipleAP, /goform/WifiGuestSet), likewise, if users choose custom URI struct, they're prompted to enter either a full or partial URI struct to match on.
a reference url that goes in the reference metadata tag
a CVE number that gets tacked to the msg keyword, and its own reference keyword
vulnerable parameter name (either in the http.uri, or the http.request_body, depending on GET, POST/PUT method)
a menu that asks what vuln the rule covers - Buffer Overflow, Command Inject, XSS, Dir Traversal, and adds the appropriate PCRE after the vulnerable parameter
As of right now, the script spits out the rule, with a bunch of formatting already done.