From 333cc2ec3005db6b727cd37716c592f1aa569e2e Mon Sep 17 00:00:00 2001 From: davidegirardi <16451191+davidegirardi@users.noreply.github.com> Date: Thu, 30 Nov 2023 05:44:41 +0100 Subject: [PATCH 1/3] Add version extraction for Element Web --- http/technologies/element-version.yaml | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 http/technologies/element-version.yaml diff --git a/http/technologies/element-version.yaml b/http/technologies/element-version.yaml new file mode 100644 index 0000000000..6a65ec61ed --- /dev/null +++ b/http/technologies/element-version.yaml @@ -0,0 +1,39 @@ +id: element-detect + +info: + name: Detect Element Web + author: Davide Girardi + severity: info + description: Identify if a web application is vanilla Element Web and return the version + metadata: + max-request: 2 + tags: tech,matrix,element + +http: + + - method: GET + redirects: true + max-redirects: 2 + path: + - "{{BaseURL}}/manifest.json" + - "{{BaseURL}}/version" + + req-condition: true + + matchers: + + - type: dsl + dsl: + - status_code_1 == 200 + - 'contains(content_type_1, "application/json")' + - 'contains(json_minify(body_1), "\"name\":\"Element\"")' + - status_code_2 == 200 + condition: and + + extractors: + - type: regex + part: body + # Get only the first word to avoid self denial of service in case of false positives + regex: + - '[^\s]+' + From ad5b5cf4e590efbb7534b5ff12de827a0f3a9212 Mon Sep 17 00:00:00 2001 From: davidegirardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 1 Dec 2023 18:25:40 +0100 Subject: [PATCH 2/3] Make linter happy --- http/technologies/element-version.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/http/technologies/element-version.yaml b/http/technologies/element-version.yaml index 6a65ec61ed..4dfc90a9a5 100644 --- a/http/technologies/element-version.yaml +++ b/http/technologies/element-version.yaml @@ -36,4 +36,3 @@ http: # Get only the first word to avoid self denial of service in case of false positives regex: - '[^\s]+' - From 54b458231b1a72cc7d51ab9438416a977ac14c52 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Fri, 8 Dec 2023 00:22:42 +0700 Subject: [PATCH 3/3] Update and rename element-version.yaml to element-web-detect.yaml --- ...t-version.yaml => element-web-detect.yaml} | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) rename http/technologies/{element-version.yaml => element-web-detect.yaml} (64%) diff --git a/http/technologies/element-version.yaml b/http/technologies/element-web-detect.yaml similarity index 64% rename from http/technologies/element-version.yaml rename to http/technologies/element-web-detect.yaml index 4dfc90a9a5..850a1bf0a0 100644 --- a/http/technologies/element-version.yaml +++ b/http/technologies/element-web-detect.yaml @@ -1,38 +1,35 @@ -id: element-detect +id: element-web-detect info: - name: Detect Element Web - author: Davide Girardi + name: Element Web - Detect + author: davidegirardi severity: info description: Identify if a web application is vanilla Element Web and return the version metadata: max-request: 2 - tags: tech,matrix,element + verified: true + shodan-query: html:"manifest.json" + tags: tech,matrix,element,detect http: - - method: GET - redirects: true - max-redirects: 2 path: - "{{BaseURL}}/manifest.json" - "{{BaseURL}}/version" - req-condition: true - + host-redirects: true + max-redirects: 2 matchers: - - type: dsl dsl: - - status_code_1 == 200 + - 'status_code_1 == 200' - 'contains(content_type_1, "application/json")' - 'contains(json_minify(body_1), "\"name\":\"Element\"")' - - status_code_2 == 200 + - 'status_code_2 == 200' condition: and extractors: - type: regex part: body - # Get only the first word to avoid self denial of service in case of false positives regex: - '[^\s]+'