Added separate wordpress detection + version extractor (#3368)

technologies/fingerprinthub-web-fingerprints.yaml

@@ -13521,11 +13521,6 @@ requests:
         words:
           - errmag
 
-      - type: word
-        name: w3-total-cache
-        words:
-          - "<!-- performance optimized by w3 total cache. learn more: http://www.w3-edge.com/wordpress-plugins/"
-
       - type: word
         name: w7-officialaccounts
         words:
@@ -14107,21 +14102,6 @@ requests:
         words:
           - wishoa_webplugin.js
 
-      - type: word
-        name: wordpress
-        words:
-          - /wp-content/themes/
-
-      - type: word
-        name: wordpress
-        words:
-          - 'name="generator" content="wordpress '
-
-      - type: word
-        name: wordpress
-        words:
-          - /wp-includes/
-
       - type: word
         name: wosign-ssl-cert
         words:

technologies/tech-detect.yaml

@@ -401,13 +401,6 @@ requests:
         condition: or
         part: body
 
-      - type: regex
-        name: wordpress-super-cache
-        regex:
-          - <!--[^>]+WP-Super-Cache
-        condition: or
-        part: body
-
       - type: regex
         name: comandia
         regex:
@@ -1087,14 +1080,6 @@ requests:
         condition: or
         part: body
 
-      - type: regex
-        name: wordpress
-        regex:
-          - <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
-          - <link[^>]+s\d+\.wp\.com
-        condition: or
-        part: body
-
       - type: regex
         name: pygments
         regex:
@@ -2247,13 +2232,6 @@ requests:
         condition: or
         part: body
 
-      - type: regex
-        name: yoast-seo
-        regex:
-          - <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
-        condition: or
-        part: body
-
       - type: regex
         name: milligram
         regex:

technologies/wordpress-detect.yaml

@@ -0,0 +1,40 @@
+id: wordpress-detect
+
+info:
+  name: WordPress Detection
+  author: pdteam
+  severity: info
+  tags: tech,wordpress
+  metadata:
+    shodan-query: http.component:"WordPress"
+
+requests:
+  - method: GET
+    path:
+      - "{{RootURL}}"
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: or
+    matchers:
+
+      - type: regex
+        regex:
+          - '<link[^>]+s\d+\.wp\.com'
+          - '<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -'
+          - '<!--[^>]+WP-Super-Cache'
+        condition: or
+
+      - type: word
+        words:
+          - '/wp-content/themes/'
+          - '/wp-includes/'
+          - 'name="generator" content="wordpress'
+          - '<!-- performance optimized by w3 total cache. learn more: http://www.w3-edge.com/wordpress-plugins/'
+        condition: or
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - 'content="WordPress ([0-9.]+)"'

technologies/wordpress-gotmls-detect.yaml

@@ -15,9 +15,9 @@ requests:
     matchers-condition: and
     matchers:
       - type: word
+        part: header
         words:
           - "gotmls"
-        part: header
 
       - type: status
         status:
@@ -27,4 +27,4 @@ requests:
       - type: kval
         part: header
         kval:
-          - Location
+          - location

workflows/wordpress-workflow.yaml

@@ -6,8 +6,6 @@ info:
 
 workflows:
 
-  - template: technologies/tech-detect.yaml
-    matchers:
-      - name: wordpress
-        subtemplates:
-          - tags: wordpress
+  - template: technologies/wordpress-detect.yaml
+    subtemplates:
+      - tags: wordpress