GLPI detection, status and telemetry exposure

exposures/files/glpi-status-ldap-domain-disclosure.yaml

@@ -0,0 +1,31 @@
+id: glpi-status-domain-disclosure
+
+info:
+  name: GLPI Status Domain Disclosure
+  author: dogasantos
+  severity: info
+  tags: glpi,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/status.php"
+      - "{{BaseURL}}/glpi/status.php"
+      - "{{BaseURL}}/glpi2/status.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "GLPI_DB_OK"
+          - "Check LDAP servers"
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|([a-zA-Z0-9]+(\.[a-zA-Z0-9]{2,3}){1,2}))'

exposures/files/glpi-telemetry-disclosure.yaml

@@ -0,0 +1,23 @@
+id: glpi-telemetry-disclosure
+
+info:
+  name: GLPI Telemetry Disclosure
+  author: dogasantos
+  severity: info
+  tags: glpi,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ajax/telemetry.php"
+      - "{{BaseURL}}/glpi/ajax/telemetry.php"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "uuid"
+          - "glpi"
+        condition: and
+      - type: status
+        status:
+          - 200

technologies/glpi-cms-detect.yaml

@@ -0,0 +1,25 @@
+id: glpi-cms-detect
+
+info:
+  name: GLPI Cms Detection
+  author: dogasantos
+  severity: info
+  tags: glpi,cms,php
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+      - "{{BaseURL}}/glpi/"
+      - "{{BaseURL}}/glpi2/"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "CFG_GLPI"
+          - "_glpi_csrf_token"
+          - "GLPI Copyright"
+        condition: and
+      - type: status
+        status:
+          - 200