From 0e03b27276a9997a75168fbd2c4000b43255987f Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <ritikchaddha.1415@gmail.com>
Date: Fri, 8 Mar 2024 18:58:41 +0530
Subject: [PATCH] Update favicon-detect.yaml

---
 http/technologies/favicon-detect.yaml | 33 +++++++++++++++++++--------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/http/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml
index af32121c1e..23a93ed699 100644
--- a/http/technologies/favicon-detect.yaml
+++ b/http/technologies/favicon-detect.yaml
@@ -35,19 +35,24 @@ http:
           - "status_code==200 && (\"-503480258\" == mmh3(base64_py(body)))"
 
       - type: dsl
-        name: oracle
+        name: "oracle"
         dsl:
-          - "len(body)==1150 && status_code==200 && (\"421e176ae0837bcc6b879ef55adbc897\" == md5(body))"
+          - "status_code==200 && (\"1414300307\" == mmh3(base64_py(body)))"
 
       - type: dsl
-        name: hitachi
+        name: "hitachi"
         dsl:
-          - "len(body)==894 && status_code==200 && (\"41e9c43dc5e994ca7a40f4f92b50d01d\" == md5(body))"
+          - "status_code==200 && (\"92627686\" == mmh3(base64_py(body)))"
 
       - type: dsl
-        name: meinberg
+        name: "hitachi-management"
         dsl:
-          - "len(body)==1406 && status_code==200 && (\"4b2524b4f28eac7d0e872b0e1323c02d\" == md5(body))"
+          - "status_code==200 && (\"94231047\" == mmh3(base64_py(body)))"
+
+      - type: dsl
+        name: "meinberg"
+        dsl:
+          - "status_code==200 && (\"-676779906\" == mmh3(base64_py(body)))"
 
       - type: dsl
         name: "slack-instance"
@@ -3367,7 +3372,7 @@ http:
       - type: dsl
         name: "MSNSwitch Firmware MNT"
         dsl:
-          - "status_code==200 && (\"-2073748627 || http.favicon.hash\" == mmh3(base64_py(body)))"
+          - "status_code==200 && (\"-2073748627\" == mmh3(base64_py(body)))"
 
       - type: dsl
         name: "HotelDruid Hotel Management Software"
@@ -3462,7 +3467,17 @@ http:
       - type: dsl
         name: "Fortra GoAnywhere MFT"
         dsl:
-          - "status_code==200 && (\"1484947000,1828756398,1170495932\" == mmh3(base64_py(body)))"
+          - "status_code==200 && (\"1170495932\" == mmh3(base64_py(body)))"
+
+      - type: dsl
+        name: "GoAnywhere"
+        dsl:
+          - "status_code==200 && (\"1828756398\" == mmh3(base64_py(body)))"
+
+      - type: dsl
+        name: "GoAnywhere Web Client"
+        dsl:
+          - "status_code==200 && (\"1484947000\" == mmh3(base64_py(body)))"
 
       - type: dsl
         name: "Qlik Sense Enterprise"
@@ -3726,4 +3741,4 @@ http:
       - type: dsl
         dsl:
           - 'mmh3(base64_py(body))'
-# digest: 4a0a004730450220427edfee32645dec95891fe6e1b132c390f7eb122d6e80cd7727e2b1ef4bd822022100fc34f567cc72b46baa3e0b6f0d22dae4b44fd94ca61ce0305f764b1cc5f45f65:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220427edfee32645dec95891fe6e1b132c390f7eb122d6e80cd7727e2b1ef4bd822022100fc34f567cc72b46baa3e0b6f0d22dae4b44fd94ca61ce0305f764b1cc5f45f65:922c64590222798bb761d5b6d8e72950
\ No newline at end of file