id: element-web-detect

info:
  name: Element Web - Detect
  author: davidegirardi
  severity: info
  description: Identify if a web application is vanilla Element Web and return the version
  classification:
    cpe: cpe:2.3:a:matrix:element:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: matrix
    product: element
    shodan-query: html:"manifest.json"
  tags: tech,matrix,element,detect

http:
  - method: GET
    path:
      - "{{BaseURL}}/manifest.json"
      - "{{BaseURL}}/version"

    host-redirects: true
    max-redirects: 2
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200'
          - 'contains(content_type_1, "application/json")'
          - 'contains(json_minify(body_1), "\"name\":\"Element\"")'
          - 'status_code_2 == 200'
        condition: and

    extractors:
      - type: regex
        part: body
        regex:
          - '[^\s]+'
# digest: 4a0a004730450221008b57f71a27e5505161674665d2f0733c84e7d9436c3c4be711e9556de5d7947c0220308911b97a506eed8f5d8a2733462e9fb14fa59b287dc1440ef527879b3cffce:922c64590222798bb761d5b6d8e72950