nuclei-templates/http/technologies/confluence-detect.yaml

51 lines
1.5 KiB
YAML

id: confluence-detect
info:
name: Confluence Detection
author: philippedelteil,AdamCrosser,6mile
severity: info
description: |
This nuclei template is used to detect the presence of Confluence, a popular collaboration software.
metadata:
max-request: 5
vendor: atlassian
product: confluence_server
shodan-query: http.component:"Atlassian Confluence"
category: productivity
tags: tech,confluence,atlassian,detect
http:
- method: GET
path:
- "{{BaseURL}}/dologin.action"
- "{{BaseURL}}"
- "{{BaseURL}}/pages"
- "{{BaseURL}}/confluence"
- "{{BaseURL}}/wiki"
redirects: true
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- contains(to_lower(header), '-confluence-')
- contains(to_lower(body), 'confluence-base-url')
extractors:
- type: regex
name: version
group: 1
regex:
- '<meta name="ajs-version-number" content="(.*)">'
- 'Atlassian Confluence ([a-z0-9-._]+)'
- type: regex
name: hostname
group: 1
regex:
- '<meta id="confluence-base-url" name="confluence-base-url" content="https://(.*)">'
- '<meta name="ajs-base-url" content="https://(.*)">'
- '<meta name="ajs-server-name" content="(.*)">'
# digest: 4a0a004730450220271dbbb5a7d674a45a676cf7e096ebdc39df4d0bf69c17f074b37e57ad1740bb02210090824d340b9c0f83194a42d0cf41eb23683464e53595905d46da03b2653ad7c4:922c64590222798bb761d5b6d8e72950