From 53e7557e00cf6b2cf759ac94e56286259e5630a2 Mon Sep 17 00:00:00 2001
From: Dominique RIGHETTO <righettod@users.noreply.github.com>
Date: Fri, 19 Jul 2024 10:04:20 +0200
Subject: [PATCH 1/2] Update and rename tomcat-exposed-docs.yaml to
 tomcat-exposed.yaml

---
 ...-exposed-docs.yaml => tomcat-exposed.yaml} | 31 +++++++++++--------
 1 file changed, 18 insertions(+), 13 deletions(-)
 rename http/exposed-panels/tomcat/{tomcat-exposed-docs.yaml => tomcat-exposed.yaml} (51%)

diff --git a/http/exposed-panels/tomcat/tomcat-exposed-docs.yaml b/http/exposed-panels/tomcat/tomcat-exposed.yaml
similarity index 51%
rename from http/exposed-panels/tomcat/tomcat-exposed-docs.yaml
rename to http/exposed-panels/tomcat/tomcat-exposed.yaml
index 25b13ed8eb..ad06b0d670 100644
--- a/http/exposed-panels/tomcat/tomcat-exposed-docs.yaml
+++ b/http/exposed-panels/tomcat/tomcat-exposed.yaml
@@ -1,13 +1,15 @@
-id: tomcat-exposed-docs
+id: tomcat-exposed
 
 info:
-  name: Tomcat exposed docs
-  author: Podalirius
+  name: Tomcat exposed - Detect
+  author: Podalirius,righettod
+  description: Tomcat instance was detected.
   severity: info
   classification:
     cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
+    verified: true
     vendor: apache
     product: tomcat
     shodan-query:
@@ -24,23 +26,26 @@ info:
 http:
   - method: GET
     path:
+      - '{{BaseURL}}/host-manager/html'
+      - '{{BaseURL}}/manager/status'
+      - '{{BaseURL}}/manager/html'
       - '{{BaseURL}}/docs/'
+      - '{{BaseURL}}/examples/'
+
+    stop-at-first-match: true
 
-    matchers-condition: and
     matchers:
-      - type: word
-        words:
-          - 'Apache Tomcat'
+      - type: dsl
+        dsl:
+          - 'status_code == 200 || status_code == 401'
+          - 'contains_any(to_lower(body), "apache tomcat", "tomcat-users.xml")'
         condition: and
 
-      - type: status
-        status:
-          - 200
-
     extractors:
       - type: regex
         part: body
         group: 1
         regex:
-          - '<div class="versionInfo">[ \n\t]*(Version[ \n\t]*[^\n\t<]+)[ \n\t]*<time'
-# digest: 4b0a00483046022100e6dc2d9d6fa2e1dea5c5f126e696b23d549ce3c851378fe5c818f46a7856e4120221008dd4bfa8d0eb137626e86bddb522da573c9a58b84a6c7e5530193f79a55627a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+          - 'Version\s+([0-9.]+),'
+          - '(?i)/lib/([a-z0-9.]+)/webapps'
+          - '(?i)<h3>Apache\s+Tomcat/([0-9.]+)'

From c26eaa023f2ceaabdb60c73155c8f599ae1f52b2 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sat, 20 Jul 2024 11:29:19 +0530
Subject: [PATCH 2/2] Update tomcat-exposed.yaml

---
 http/exposed-panels/tomcat/tomcat-exposed.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/http/exposed-panels/tomcat/tomcat-exposed.yaml b/http/exposed-panels/tomcat/tomcat-exposed.yaml
index ad06b0d670..08a1c0840b 100644
--- a/http/exposed-panels/tomcat/tomcat-exposed.yaml
+++ b/http/exposed-panels/tomcat/tomcat-exposed.yaml
@@ -1,10 +1,10 @@
 id: tomcat-exposed
 
 info:
-  name: Tomcat exposed - Detect
+  name: Tomcat Exposed - Detect
   author: Podalirius,righettod
-  description: Tomcat instance was detected.
   severity: info
+  description: An Apache Tomcat instance was detected.
   classification:
     cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
   metadata:
@@ -21,7 +21,7 @@ info:
       - body="apache tomcat"
       - title="apache tomcat"
     google-query: intitle:"apache tomcat"
-  tags: version,tomcat,docs,panel,apache
+  tags: tomcat,panel,apache,detect
 
 http:
   - method: GET
@@ -33,7 +33,6 @@ http:
       - '{{BaseURL}}/examples/'
 
     stop-at-first-match: true
-
     matchers:
       - type: dsl
         dsl: