id: aem-crx-package-manager

info:
  name: Adobe AEM CRX Package Manager - Panel Detect
  author: dhiyaneshDk
  severity: info
  description: Adobe AEM CRX Package Manager panel was detected.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: adobe
    product: experience_manager
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
      - http.component:"adobe experience manager"
      - http.title:"aem sign in"
      - cpe:"cpe:2.3:a:adobe:experience_manager"
    fofa-query: title="aem sign in"
    google-query: intitle:"aem sign in"
  tags: panel,aem,adobe

http:
  - method: GET
    path:
      - "{{BaseURL}}/crx/packmgr/index.jsp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>CRX Package Manager</title>'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210080df3aa73e1af3a3b21b4268af41242be9a0d0f447a84c67d51af9fa1206269f022006d1dd7b7f82f3192f87a14c047062ba6388b19874c42cd9175aac1a68984179:922c64590222798bb761d5b6d8e72950