From 5defeeec306291f73168e715f9d3fca84d249003 Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO Date: Sun, 11 Aug 2024 18:47:01 +0200 Subject: [PATCH] Update activemq-panel.yaml --- http/exposed-panels/activemq-panel.yaml | 28 ++++++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/http/exposed-panels/activemq-panel.yaml b/http/exposed-panels/activemq-panel.yaml index 0ee31cbff8..e6a4fc1601 100644 --- a/http/exposed-panels/activemq-panel.yaml +++ b/http/exposed-panels/activemq-panel.yaml @@ -2,11 +2,12 @@ id: activemq-panel info: name: Apache ActiveMQ Exposure - author: pdteam + author: pdteam,righettod severity: info description: An Apache ActiveMQ implementation was discovered. reference: - https://activemq.apache.org/ + - https://activemq.apache.org/components/classic/documentation/rest classification: cwe-id: CWE-200 cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* @@ -17,17 +18,28 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:activemq" - product:"activemq openwire transport" - tags: panel,activemq,apache + - http.title:"Apache ActiveMQ" + tags: panel,activemq,apache,login http: - method: GET path: - - '{{BaseURL}}' + - "{{BaseURL}}/admin/" + - "{{BaseURL}}/demo/" + - "{{BaseURL}}" + stop-at-first-match: true matchers: - - type: word - words: - - '

Welcome to the Apache ActiveMQ!

' - - 'Apache ActiveMQ' + - type: dsl + dsl: + - 'status_code == 200 || status_code == 401' + - 'contains_any(to_lower(body), "apache activemq", "manage activemq broker", "activemq console")' condition: and -# digest: 490a0046304402200680997e4c289c87060383d51f4bb6961f032074940d7a88d3138c2409d5d33d022034ae36716fa244b3aeac8f14f6396f8559ca6197384d895d23af31b722998851:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + + extractors: + - type: regex + part: body + group: 1 + regex: + - '(?i)Copyright\s+([0-9\-]+)' + - '(?i)Version<\/td>[\r\n\s]+[\r\n\s]+([0-9.]+)<\/b>'