From bc40cf9c12b28f2af4741f977f4286a97300a55b Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Sun, 23 Oct 2022 15:15:28 +0700
Subject: [PATCH] fix: false negative rundeck

- Fix false negative rundeck by changing the matcher
- Added version detection for old rundeck and new rundeck
---
 exposed-panels/rundeck-login.yaml | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/exposed-panels/rundeck-login.yaml b/exposed-panels/rundeck-login.yaml
index b3ddda4290..ffba8fda77 100644
--- a/exposed-panels/rundeck-login.yaml
+++ b/exposed-panels/rundeck-login.yaml
@@ -1,8 +1,8 @@
 id: rundeck-login
 
 info:
-  name: RunDeck Login
-  author: DhiyaneshDk
+  name: RunDeck Login Panel
+  author: DhiyaneshDk, daffainfo
   severity: info
   metadata:
     verified: true
@@ -16,14 +16,24 @@ requests:
 
     host-redirects: true
     max-redirects: 2
-    matchers-condition: or
+    matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - 'Rundeck - Login</title>'
+          - 'utm_source=rundeckapp'
+          - 'name="j_username" id="login"'
+          - 'name="j_password" id="password"'
+        condition: and
 
-      - type: word
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
         part: body
-        words:
-          - 'RUNDECK ENTERPRISE - Login</title>'
+        group: 1
+        regex:
+          - '<a href=\"https:\/\/docs.rundeck.com\/([0-9.]+)'
+          - '<a href=\"http:\/\/rundeck\.org\/([0-9.]+)' ## Detection version on old rundeck