Merge pull request #9883 from righettod/filr_upd

Add more matchers/extractors to the Micro Focus Filr detection template.
2024-05-27 13:58:20 +05:30 · 2024-05-27 13:58:20 +05:30 · 6ea8502090
parent 1ea5fe2606 4cba0589a1
commit 6ea8502090
1 changed files with 19 additions and 6 deletions
--- a/http/exposed-panels/microfocus-filr-panel.yaml
+++ b/http/exposed-panels/microfocus-filr-panel.yaml
@ -2,7 +2,7 @@ id: microfocus-filr-panel

 info:
  name: Micro Focus Filr Login Panel - Detect
-  author: ritikchaddha
+  author: ritikchaddha,righettod
  severity: info
  description: Micro Focus Filr login panel was detected.
  classification:
@ -11,16 +11,19 @@ info:
    cpe: cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
-    product: filr
-    shodan-query: http.html:"Micro Focus Filr"
-    vendor: microfocus
    verified: true
-  tags: panel,microfocus,filr
+    product: filr
+    vendor: microfocus
+    shodan-query: http.html:"Micro Focus Filr"
+  tags: panel,microfocus,filr,detect

 http:
  - method: GET
    path:
      - "{{BaseURL}}/filr/login"
+      - "{{BaseURL}}/login"
+
+    stop-at-first-match: true

    matchers-condition: and
    matchers:
@ -28,8 +31,18 @@ http:
        part: body
        words:
          - "Micro Focus Filr"
+          - "Filr Appliance"
+        condition: or

      - type: status
        status:
          - 404
-# digest: 4b0a00483046022100b581b8f63993790bf5a89f8c413281bb7065e031741d55cbca6849a4511328dc0221008e321e620f27ae94c13f9efad92bd5ccb0cfa5e81008e38c80e2eb5620ac4b01:922c64590222798bb761d5b6d8e72950
+          - 200
+        condition: or
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '(?i)\s+([0-9-]+)\s+Micro\s+Focus'