nuclei-templates/http/technologies/jsf-detect.yaml

id: jsf-detect

info:
  name: JavaServer Faces Detection
  author: brenocss,Moritz Nentwig
  severity: info
  description: Searches for JavaServer Faces content on a URL.
  tags: jsf,tech,primefaces,richfaces

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3
    matchers-condition: or
    matchers:
      - type: dsl
        name: javafaces
        dsl:
          - "(contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState'))"

      - type: dsl
        name: primefaces
        dsl:
          - "contains(body, 'primefaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and

      - type: dsl
        name: richfaces
        dsl:
          - "contains(body, 'richfaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and
Update and rename jsf-detection.yaml to jsf-detect.yaml 2022-11-13 08:12:00 +00:00			`id: jsf-detect`
Add JavaServer Faces Detection 2021-05-27 08:17:14 +00:00
			`info:`
			`name: JavaServer Faces Detection`
Update jsf-detection.yaml 2022-01-29 08:01:51 +00:00			`author: brenocss,Moritz Nentwig`
misc update to avoid false positive 2021-05-28 04:17:29 +00:00			`severity: info`
Add JavaServer Faces Detection 2021-05-27 08:17:14 +00:00			`description: Searches for JavaServer Faces content on a URL.`
Update jsf-detection.yaml 2022-01-29 08:01:51 +00:00			`tags: jsf,tech,primefaces,richfaces`
Add JavaServer Faces Detection 2021-05-27 08:17:14 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Add JavaServer Faces Detection 2021-05-27 08:17:14 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-07 21:27:25 +00:00			`host-redirects: true`
Update max redirects jsf detection (#3638) 2022-01-31 11:43:36 +00:00			`max-redirects: 3`
Update jsf-detection.yaml 2022-01-29 05:01:15 +00:00			`matchers-condition: or`
Add JavaServer Faces Detection 2021-05-27 08:17:14 +00:00			`matchers:`
Update jsf-detection.yaml 2022-01-29 05:01:15 +00:00			`- type: dsl`
			`name: javafaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 08:01:51 +00:00			`- "(contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState'))"`
Update jsf-detection.yaml 2022-01-29 05:01:15 +00:00
			`- type: dsl`
			`name: primefaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 08:01:51 +00:00			`- "contains(body, 'primefaces')"`
			`- "contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState')"`
Update jsf-detection.yaml 2022-01-29 05:01:15 +00:00			`condition: and`

			`- type: dsl`
			`name: richfaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 08:01:51 +00:00			`- "contains(body, 'richfaces')"`
			`- "contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState')"`
Update jsf-detection.yaml 2022-01-29 05:01:15 +00:00			`condition: and`