From 46839f95c146729756e28c5903f7684b936d0579 Mon Sep 17 00:00:00 2001
From: Wyatt Dahlenburg <wddahlenburg@gmail.com>
Date: Tue, 6 Jul 2021 13:02:14 -0500
Subject: [PATCH] Detect T3s protocol for Weblogic

---
 network/weblogic-t3-detect.yaml | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/network/weblogic-t3-detect.yaml b/network/weblogic-t3-detect.yaml
index d2e50b328a..79f4887cf5 100644
--- a/network/weblogic-t3-detect.yaml
+++ b/network/weblogic-t3-detect.yaml
@@ -2,7 +2,7 @@ id: weblogic-t3-detect
 
 info:
   name: Detect Weblogic T3 Protocol
-  author: F1tz,milo2012
+  author: F1tz,milo2012,wdahlenb
   severity: info
   description: Check T3 protocol status.
   tags: network,weblogic
@@ -10,19 +10,32 @@ info:
 network:
   - inputs:
       - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
-
     host:
       - "{{Hostname}}"
     read-size: 1024
-
     matchers:
       - type: word
         words:
           - "HELO"
-
     extractors:
       - type: regex
         part: body
         group: 1
         regex:
-          - "HELO:(.*).false"
\ No newline at end of file
+          - "HELO:(.*).false"
+
+  - inputs:
+      - data: "t3s 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
+    host:
+      - "tls://{{Hostname}}"
+    read-size: 1024
+    matchers:
+      - type: word
+        words:
+          - "HELO"
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - "HELO:(.*).false"