From a583c901cf8a4355556d362f7bd4a18d647fd5ca Mon Sep 17 00:00:00 2001
From: Dominique RIGHETTO <righettod@users.noreply.github.com>
Date: Fri, 20 Oct 2023 18:58:04 +0200
Subject: [PATCH] Add new matchers and extractors

---
 http/exposed-panels/plesk-onyx-login.yaml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/http/exposed-panels/plesk-onyx-login.yaml b/http/exposed-panels/plesk-onyx-login.yaml
index a9bfb45005..e3fcc0ac1e 100644
--- a/http/exposed-panels/plesk-onyx-login.yaml
+++ b/http/exposed-panels/plesk-onyx-login.yaml
@@ -1,12 +1,13 @@
 id: plesk-onyx-login
 
 info:
-  name: Plesk Onyx Login Panel - Detect
-  author: dhiyaneshDK,daffainfo
+  name: Plesk Login Panel - Detect
+  author: dhiyaneshDK,daffainfo,righettod
   severity: info
-  description: Plesk Onyx login panel was detected.
+  description: Plesk login panel was detected.
   reference:
     - https://www.exploit-db.com/ghdb/6501
+    - https://www.plesk.com/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cvss-score: 0
@@ -14,7 +15,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-    shodan-query: http.html:"Plesk Onyx"
+    shodan-query: http.html:"Plesk Onyx" http.html:"plesk-build"
     google-query: inurl:login_up.php "Plesk Onyx"
   tags: panel,plesk,login,edb
 
@@ -29,6 +30,11 @@ http:
         part: body
         words:
           - 'alt="Plesk Onyx'
+          - 'plesk-build'
+          - 'plesk-revision'
+          - 'plesk-root'
+        condition: or
+        case-insensitive: true
 
       - type: status
         status:
@@ -40,5 +46,4 @@ http:
         group: 1
         regex:
           - 'alt="Plesk Onyx ([0-9.]+)"'
-
-# digest: 4b0a00483046022100c9ccb692a765eec626d4440dc3e2df6b37691a4a1a56a7f99ed49d19772965fd022100aa1040dd8622c24d40d06eb2ceaca0c452b9d4967f5f5d4f90204d16a9cc0fc8:922c64590222798bb761d5b6d8e72950
+          - '(?i)"urlArgs":"([0-9.-]+)"'