From 291fad7bbe8dd6bfe731f880630a7858a209782f Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 10 Sep 2024 15:00:30 +0400 Subject: [PATCH] Fix FN - status matcher removed --- ...ibm-api-connect-developer-portal-detect.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/http/technologies/ibm/ibm-api-connect-developer-portal-detect.yaml b/http/technologies/ibm/ibm-api-connect-developer-portal-detect.yaml index 12164a81cc..79fa0c752b 100644 --- a/http/technologies/ibm/ibm-api-connect-developer-portal-detect.yaml +++ b/http/technologies/ibm/ibm-api-connect-developer-portal-detect.yaml @@ -1,7 +1,7 @@ -id: ibm-api-connect-developer-portal-detect +id: ibm-api-connect-detect info: - name: IBM API Connect Developer Portal Detect + name: IBM API Connect Developer Portal - Detect author: righettod severity: info description: IBM API Connect Developer Portal was detected. @@ -9,9 +9,10 @@ info: - https://github.com/ibm-apiconnect/devportal - https://www.ibm.com/products/api-connect/developer-portal metadata: - max-request: 1 + verified: true + max-request: 3 shodan-query: http.favicon.hash:"801517258" - tags: tech,ibm + tags: tech,ibm,detect http: - method: GET @@ -24,13 +25,13 @@ http: matchers: - type: dsl dsl: - - 'status_code == 200' - - 'contains_any(to_lower(body), "ibm developer portal is ready to create sites", "package: ibm api developer portal", "modules\\/ibm_apim\\/") || ("801517258" == mmh3(base64_py(body)))' - condition: and + - 'contains_any(to_lower(body), "ibm developer portal is ready", "package: ibm api developer", "modules\\/ibm_apim\\/")' + - '("801517258" == mmh3(base64_py(body)))' + condition: or extractors: - type: regex part: body group: 1 regex: - - '(?i)version:\s+([0-9a-z\-_.]+)' \ No newline at end of file + - '(?i)version:\s+([0-9a-z\-_.]+)'