From 333cc2ec3005db6b727cd37716c592f1aa569e2e Mon Sep 17 00:00:00 2001
From: davidegirardi <16451191+davidegirardi@users.noreply.github.com>
Date: Thu, 30 Nov 2023 05:44:41 +0100
Subject: [PATCH] Add version extraction for Element Web

---
 http/technologies/element-version.yaml | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 http/technologies/element-version.yaml

diff --git a/http/technologies/element-version.yaml b/http/technologies/element-version.yaml
new file mode 100644
index 0000000000..6a65ec61ed
--- /dev/null
+++ b/http/technologies/element-version.yaml
@@ -0,0 +1,39 @@
+id: element-detect
+
+info:
+  name: Detect Element Web
+  author: Davide Girardi
+  severity: info
+  description: Identify if a web application is vanilla Element Web and return the version
+  metadata:
+    max-request: 2
+  tags: tech,matrix,element
+
+http:
+
+  - method: GET
+    redirects: true
+    max-redirects: 2
+    path:
+      - "{{BaseURL}}/manifest.json"
+      - "{{BaseURL}}/version"
+
+    req-condition: true
+
+    matchers:
+
+      - type: dsl
+        dsl:
+          - status_code_1 == 200
+          - 'contains(content_type_1, "application/json")'
+          - 'contains(json_minify(body_1), "\"name\":\"Element\"")'
+          - status_code_2 == 200
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        # Get only the first word to avoid self denial of service in case of false positives
+        regex:
+          - '[^\s]+'
+