id: activemq-openwire-transport-detect

info:
  name: ActiveMQ OpenWire Transport Detection
  author: pussycat0x
  severity: info
  description: |
    OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
  metadata:
    max-request: 1
    shodan-query: product:"ActiveMQ OpenWire transport"
    verified: true
  tags: network,activemq,detect

tcp:
  - inputs:
      - data: "VERSION"

    host:
      - "{{Hostname}}"
    port: 61616

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ActiveMQ"

    extractors:
      - type: regex
        regex:
          - "ProviderVersion...([0-9.]+)"
# digest: 4b0a00483046022100c087724b10ae9fff8363974dc4d76fa41b5d31b28652ab6ef283c55231729173022100be8ac277522ab8021abe84396118c363b19c417897de79b100d12f5ef45f609e:922c64590222798bb761d5b6d8e72950