id: openam-detection info: name: Detect OpenAM and OpenSSO author: philippedelteil,melbadry9,xelkomy severity: info requests: - method: GET path: - "{{BaseURL}}/openam/XUI" - "{{BaseURL}}/XUI" - "{{BaseURL}}/XUI/#login" - "{{BaseURL}}/UI" - "{{BaseURL}}/sso/XUI" - "{{BaseURL}}/sso/UI" - "{{BaseURL}}/sso/UI/#login" - "{{BaseURL}}/openam/UI/login" - "{{BaseURL}}/openam/UI/#loginlogin" - "{{BaseURL}}/openam/UI/Login" - "{{BaseURL}}/openam/XUI/Login" - "{{BaseURL}}/openam/XUI/login" - "{{BaseURL}}/openam/XUI/#login" - "{{BaseURL}}/am/UI/Login" - "{{BaseURL}}/am/UI/#login" - "{{BaseURL}}/am/XUI/" - "{{BaseURL}}/am/XUI/Login" - "{{BaseURL}}/am/json/serverinfo/*" - "{{BaseURL}}/openam/json/serverinfo/*" redirects: true max-redirects: 2 matchers-condition: and matchers: - type: word words: - 'urlArgs : "v=' - 'Sign in to OpenAM' - 'ForgeRock' - 'forgerock' - 'FRForgotUsername' - 'successfulUserRegistrationDestination' condition: or - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - 'urlArgs : "v=([0-9.abcd]+)'