nuclei-templates/http/technologies/confluence-detect.yaml

51 lines
1.6 KiB
YAML
Raw Normal View History

id: confluence-detect
2021-09-09 04:28:04 +00:00
info:
name: Confluence Detection
author: philippedelteil,AdamCrosser,6mile
2021-09-09 04:28:04 +00:00
severity: info
description: |
This nuclei template is used to detect the presence of Confluence, a popular collaboration software.
classification:
cpe: cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
2021-10-14 10:52:58 +00:00
metadata:
max-request: 5
2023-10-14 11:27:55 +00:00
vendor: atlassian
product: confluence_server
shodan-query: http.component:"Atlassian Confluence"
2023-10-14 11:27:55 +00:00
category: productivity
tags: tech,confluence,atlassian,detect
http:
2021-09-09 04:28:04 +00:00
- method: GET
path:
- "{{BaseURL}}/dologin.action"
2021-09-09 04:28:04 +00:00
- "{{BaseURL}}"
- "{{BaseURL}}/pages"
- "{{BaseURL}}/confluence"
- "{{BaseURL}}/wiki"
redirects: true
2021-09-09 04:28:04 +00:00
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- contains(to_lower(header), '-confluence-')
- contains(to_lower(body), 'confluence-base-url')
2021-09-09 04:28:04 +00:00
extractors:
- type: regex
name: version
2021-09-09 04:28:04 +00:00
group: 1
regex:
- '<meta name="ajs-version-number" content="(.*)">'
- 'Atlassian Confluence ([a-z0-9-._]+)'
- type: regex
name: hostname
group: 1
regex:
- '<meta id="confluence-base-url" name="confluence-base-url" content="https://(.*)">'
- '<meta name="ajs-base-url" content="https://(.*)">'
- '<meta name="ajs-server-name" content="(.*)">'
# digest: 4b0a00483046022100a9a79aeae1b90953613210be5ea663e92fa54008c4f373bc833a91ba61797bb1022100d97b686d8ff372bcd13192352fe8b35be86fd5407b3a148ee60037fe00425ce2:922c64590222798bb761d5b6d8e72950