updated format & matchers

http/technologies/apache/apache-streampipes-detect.yaml

@@ -1,39 +1,39 @@
 id: apache-streampipes-detect
 
 info:
-  name: Apache StreamPipes detect
+  name: Apache StreamPipes - Detect
   author: Alessandro Albani - DEVisions
   severity: info
-  description: Checks for the presence of Apache StreamPipes by looking in the body or matching the favicon hash.
+  description: |
+    Checks for the presence of Apache StreamPipes by looking in the body or matching the favicon hash.
   metadata:
-    shodan-query:
+    max-request: 3
-      - http.title:"apache streampipes"
+    verified: true
-      - http.favicon.hash:1937041138
+    shodan-query: title:"apache streampipes"
-      - http.favicon.hash:480680877
+    fofa-query: title="apache streampipes"
-  tags: apache,streampipes,info,service,web-application,detection
+  tags: tech,apache,streampipes,detect
 
 http:
   - method: GET
     path:
-      - '{{BaseURL}}'
       - '{{BaseURL}}/streampipes-backend/api/openapi.json'
+      - '{{BaseURL}}/assets/img/favicon/favicon.ico'
+      - '{{BaseURL}}'
+
     host-redirects: true
     max-redirects: 2
     stop-at-first-match: true
+
     matchers:
       - type: dsl
         dsl:
-          - contains(to_lower(body), "apache streampipes")
+          - contains_any(to_lower(body), "<title>apache streampipes", "apache streampipes api")
-  - method: GET
+          - status_code==200 && ("1937041138" == mmh3(base64_py(body)) || "480680877" == mmh3(base64_py(body)))
-    path:
+        condition: or
-      - '{{BaseURL}}/assets/img/favicon/favicon.ico'
+
     extractors:
-      - type: dsl
+      - type: json
-        name: favicon-hash
+        part: body
-        dsl:
+        group: 1
-          - mmh3(base64_py(body))
+        json:
-    matchers:
+          - '.info.version'
-      - type: dsl
-        name: favicon-hash
-        dsl:
-          - status_code==200 && ("1937041138" == mmh3(base64_py(body)) || "480680877" == mmh3(base64_py(body)))