id: openam-detection

info:
  name: Detect OpenAM and OpenSSO
  author: philippedelteil
  severity: info
  tags: tech,openam

requests:
  - method: GET
    path:
      - "{{BaseURL}}/openam/XUI"
      - "{{BaseURL}}/XUI"
      - "{{BaseURL}}/XUI/#login"
      - "{{BaseURL}}/UI"
      - "{{BaseURL}}/sso/XUI"
      - "{{BaseURL}}/sso/UI"
      - "{{BaseURL}}/sso/UI/#login"
      - "{{BaseURL}}/openam/UI/login"
      - "{{BaseURL}}/openam/UI/#loginlogin"
      - "{{BaseURL}}/openam/UI/Login"
      - "{{BaseURL}}/openam/XUI/Login"
      - "{{BaseURL}}/openam/XUI/login"
      - "{{BaseURL}}/openam/XUI/#login"
      - "{{BaseURL}}/am/UI/Login"
      - "{{BaseURL}}/am/UI/#login"
      - "{{BaseURL}}/am/XUI/"
      - "{{BaseURL}}/am/XUI/Login"
      - "{{BaseURL}}/am/json/serverinfo/*"
      - "{{BaseURL}}/openam/json/serverinfo/*"

    redirects: true
    stop-at-first-match: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'urlArgs : "v='
          - 'Sign in to OpenAM'
          - 'ForgeRock'
          - 'forgerock'
          - 'FRForgotUsername'
          - 'successfulUserRegistrationDestination'
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - 'urlArgs : "v=([0-9.abcd]+)'