id: activemq-openwire-transport-detect

info:
  name: ActiveMQ OpenWire Transport Detection
  author: pussycat0x
  severity: info
  description: |
    OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
  metadata:
    max-request: 1
    shodan-query: product:"ActiveMQ OpenWire transport"
    verified: true
  tags: network,activemq,detect,openwire

tcp:
  - inputs:
      - data: "VERSION"

    host:
      - "{{Hostname}}"
    port: 61616

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ActiveMQ"

    extractors:
      - type: regex
        regex:
          - "ProviderVersion...([0-9.]+)"
# digest: 4a0a0047304502205d361ad8f2459ae6a170d5b59e616609988ee079061d49fb6f8412b013fa3175022100e5cc5b7ed237f527d7af5171b9461a4e5452e1708a1830461fd588f28319db25:922c64590222798bb761d5b6d8e72950