id: activemq-openwire-transport-detect

info:
  name: ActiveMQ OpenWire Transport Detection
  author: pussycat0x
  severity: info
  description: |
    OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"ActiveMQ OpenWire transport"
  tags: network,activemq,detect,openwire,detection,tcp
tcp:
  - inputs:
      - data: "VERSION"

    host:
      - "{{Hostname}}"
    port: 61616

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ActiveMQ"

    extractors:
      - type: regex
        regex:
          - "ProviderVersion...([0-9.]+)"
# digest: 480a00453043021f0513f41329a08576189434f461db2d0a3a319034e442f225fad3a545134e02022060f343c129bbfc0c31548d224099650aab2ec2212fcba913abbc26a9c0e071b9:922c64590222798bb761d5b6d8e72950