fix: false negative sophos-fw-version-detect

- Added stop-at-first-match - Fix matcher by replace regex matcher with words matcher and added status matcher - Fix extractor regex
2022-09-29 20:42:11 +07:00 · 2022-09-29 20:42:11 +07:00 · 64513e0786
parent a0e9a90878
commit 64513e0786
1 changed files with 13 additions and 7 deletions
--- a/exposed-panels/sophos-fw-version-detect.yaml
+++ b/exposed-panels/sophos-fw-version-detect.yaml
@ -2,7 +2,7 @@ id: sophos-fw-version-detect

 info:
  name: Sophos Firewall version detection
-  author: organiccrap
+  author: organiccrap,daffainfo
  severity: info
  tags: panel,sophos

@ -11,17 +11,23 @@ requests:
    path:
      - "{{BaseURL}}/webconsole/webpages/login.jsp"
      - "{{BaseURL}}/userportal/webpages/myaccount/login.jsp"
+
+    stop-at-first-match: true
    matchers-condition: and
    matchers:
+      - type: status
+        status:
+          - 200
+
      - type: word
-        words:
-          - "<title>Sophos</title>"
-      - type: regex
        part: body
-        regex:
-          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
+        words:
+          - '<title>Sophos</title>'
+          - 'uiLangToHTMLLangAttributeValueMapping'
+        condition: or
+
    extractors:
      - type: regex
        part: body
        regex:
-          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
+          - "(?m)<link href=\"\/themes\/lite1\/css\/typography\.css\?version=([0-9.]+)\""