id: jsf-detect

info:
  name: JavaServer Faces Detection
  author: brenocss,Moritz Nentwig
  severity: info
  description: Searches for JavaServer Faces content on a URL.
  metadata:
    max-request: 1
  tags: jsf,tech,primefaces,richfaces

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3

    matchers-condition: or
    matchers:
      - type: dsl
        name: javafaces
        dsl:
          - "(contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState'))"

      - type: dsl
        name: primefaces
        dsl:
          - "contains(body, 'primefaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and

      - type: dsl
        name: richfaces
        dsl:
          - "contains(body, 'richfaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and

# digest: 4b0a00483046022100c6c79025ccefbeb0f29e2930e1c0a9749cf789bfbb4005be7a5bb75918c3b04d022100d78229cfd91929b427b693c2268af9f8057266d8aa94f5821e40f910d3ee9a17:922c64590222798bb761d5b6d8e72950