id: tasmota-config-webui

info:
  name: Tasmota Configuration Exposure
  author: ritikchaddha
  severity: medium
  reference:
    - https://github.com/arendst/Tasmota
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Tasmota"
  tags: misconfig,tasmota,exposure,config

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "Firmware"
          - "Tasmota"
        condition: and
        case-insensitive: true

      - type: word
        part: body
        words:
          - "Theo Arends"
          - "<h2>Tasmota</h2>"
        condition: and
        case-insensitive: true

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - "Tasmota ([0-9.]+) "

# digest: 4a0a00473045022100a377529db3f314670567cea0b29747c811659ebe2788c56caeb4c1f4b577d88f022007e72589b27e633ea25207982903eb9cdee0c4f2242745903b6e6a72a4bcb211:922c64590222798bb761d5b6d8e72950