id: matomo-panel

info:
  name: Matomo Panel - Detect
  author: Arr0way,userdehghani
  severity: info
  description: |
    google analytics alternative that protects your data and your customers privacy.
  reference:
    - https://matomo.org/
    - https://matomo.org/faq/on-premise/installing-matomo/#getting-started
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    product: matomo
    vendor: matomo
    shodan-query: http.favicon.hash:-2023266783
  tags: panel,matomo,login,detect

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/index.php"
      - "{{BaseURL}}/plugins/CoreHome/images/favicon.png"

    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - 'Sign in - Matomo'
          - 'content="Matomo'
          - 'title="Matomo'
        condition: or
        case-insensitive: true

      - type: dsl
        dsl:
          - "status_code==200 && (\"-2023266783\" == mmh3(base64_py(body)))"
# digest: 4a0a0047304502205217330d775233ed1853dd31211905403034b6f585c3e2b9623fcc9a8b79b5b0022100b9b40d58f73228425c1491bdce70eb1a39d2e087072d50864dad2f181de17cbf:922c64590222798bb761d5b6d8e72950