id: glpi-project_glpi

info:
  name: GLPI Panel - Detect
  author: dogasantos,daffainfo,ricardomaia,dhiyaneshDk
  severity: info
  description: GLPI panel was detected.
  reference:
    - https://glpi-project.org/
    - https://www.exploit-db.com/ghdb/7002
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: glpi-project
    product: glpi
    shodan-query:
      - http.title:"GLPI"
      - http.title:"glpi"
      - http.favicon.hash:"-1474875778"
    fofa-query:
      - title="glpi"
      - icon_hash="-1474875778"
    google-query: intitle:"glpi"
  tags: glpi,edb,panel,glpi-project

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/CHANGELOG.md"
      - "{{BaseURL}}/glpi/"

    redirects: true
    max-redirects: 2
    stop-at-first-match: false
    matchers:
      - type: word
        case-insensitive: true
        words:
          - "GLPI"
          - "glpi-project.org"
        condition: and

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '(?i)base\.min\.js\?v=([\d.|\d]+)">'
          - '(?i)jquery\.min\.js\?v=([\d.|\d]+)">'
          - '(?i)# GLPI changes\n\n.*\n.*\n.*\n##\s\[(\d+\.\d+|\d+\.\d+\.\d+)\]'
          - '(?i)GLPI.*?([\d.|\d]+).copyright'
# digest: 4a0a004730450221009872b881f2824b33b188ae519c09b09287bf5ad66289036ceddc4acf9f7602860220650d451a4497b56bca221a13eea580228df017d3b69611bd40c47bdb3c7a593c:922c64590222798bb761d5b6d8e72950