nuclei-templates/http/technologies/confluence-detect.yaml

53 lines
1.6 KiB
YAML
Raw Normal View History

id: confluence-detect
2021-09-09 04:28:04 +00:00
info:
name: Confluence Detection
author: philippedelteil,AdamCrosser,6mile
2021-09-09 04:28:04 +00:00
severity: info
description: |
This nuclei template is used to detect the presence of Confluence, a popular collaboration software.
classification:
cpe: cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
2021-10-14 10:52:58 +00:00
metadata:
max-request: 5
2023-10-14 11:27:55 +00:00
vendor: atlassian
product: confluence_server
shodan-query:
- http.component:"Atlassian Confluence"
- http.component:"atlassian confluence"
2023-10-14 11:27:55 +00:00
category: productivity
tags: tech,confluence,atlassian,detect
http:
2021-09-09 04:28:04 +00:00
- method: GET
path:
- "{{BaseURL}}/dologin.action"
2021-09-09 04:28:04 +00:00
- "{{BaseURL}}"
- "{{BaseURL}}/pages"
- "{{BaseURL}}/confluence"
- "{{BaseURL}}/wiki"
redirects: true
2021-09-09 04:28:04 +00:00
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- contains(to_lower(header), '-confluence-')
- contains(to_lower(body), 'confluence-base-url')
2021-09-09 04:28:04 +00:00
extractors:
- type: regex
name: version
2021-09-09 04:28:04 +00:00
group: 1
regex:
- '<meta name="ajs-version-number" content="(.*)">'
- 'Atlassian Confluence ([a-z0-9-._]+)'
- type: regex
name: hostname
group: 1
regex:
- '<meta id="confluence-base-url" name="confluence-base-url" content="https://(.*)">'
- '<meta name="ajs-base-url" content="https://(.*)">'
- '<meta name="ajs-server-name" content="(.*)">'
# digest: 4a0a004730450221009bf2f9a3fec8732657aa0e11ec7a7bad6998606a6fdf448adb743732992b14f3022027018043be481632180a2d55600542cba51743a087e2657c16dbd23428ea2382:922c64590222798bb761d5b6d8e72950