Update activemq-panel.yaml

2024-08-11 18:47:01 +02:00 · 2024-08-11 18:47:01 +02:00 · 5defeeec30
parent d15dafe9b1
commit 5defeeec30
1 changed files with 20 additions and 8 deletions
--- a/http/exposed-panels/activemq-panel.yaml
+++ b/http/exposed-panels/activemq-panel.yaml
@ -2,11 +2,12 @@ id: activemq-panel

 info:
  name: Apache ActiveMQ Exposure
-  author: pdteam
+  author: pdteam,righettod
  severity: info
  description: An Apache ActiveMQ implementation was discovered.
  reference:
    - https://activemq.apache.org/
+    - https://activemq.apache.org/components/classic/documentation/rest
  classification:
    cwe-id: CWE-200
    cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
@ -17,17 +18,28 @@ info:
    shodan-query:
      - cpe:"cpe:2.3:a:apache:activemq"
      - product:"activemq openwire transport"
-  tags: panel,activemq,apache
+      - http.title:"Apache ActiveMQ"
+  tags: panel,activemq,apache,login

 http:
  - method: GET
    path:
-      - '{{BaseURL}}'
+      - "{{BaseURL}}/admin/"
+      - "{{BaseURL}}/demo/"
+      - "{{BaseURL}}"

+    stop-at-first-match: true
    matchers:
-      - type: word
-        words:
-          - '<h2>Welcome to the Apache ActiveMQ!</h2>'
-          - '<title>Apache ActiveMQ</title>'
+      - type: dsl
+        dsl:
+          - 'status_code == 200 || status_code == 401'
+          - 'contains_any(to_lower(body), "apache activemq", "manage activemq broker", "activemq console")'
        condition: and
-# digest: 490a0046304402200680997e4c289c87060383d51f4bb6961f032074940d7a88d3138c2409d5d33d022034ae36716fa244b3aeac8f14f6396f8559ca6197384d895d23af31b722998851:922c64590222798bb761d5b6d8e72950
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '(?i)Copyright\s+([0-9\-]+)'
+          - '(?i)<td>Version<\/td>[\r\n\s]+<td>[\r\n\s]+<b>([0-9.]+)<\/b>'