http/technologies/jsf-detect.yaml

id: jsf-detect

info:
  name: JavaServer Faces Detection
  author: brenocss,Moritz Nentwig
  severity: info
  description: Searches for JavaServer Faces content on a URL.
  metadata:
    max-request: 1
  tags: jsf,tech,primefaces,richfaces

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3

    matchers-condition: or
    matchers:
      - type: dsl
        name: javafaces
        dsl:
          - "(contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState'))"

      - type: dsl
        name: primefaces
        dsl:
          - "contains(body, 'primefaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and

      - type: dsl
        name: richfaces
        dsl:
          - "contains(body, 'richfaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and
# digest: 490a0046304402200aebdb1c4a9d965884aa6da82d1520eb5b064c805c787a6ab9e1f9b92e5397850220173ed59c49c0c136cef63dd55b161b46cc4285d8b682b37abf0881c077a69857:922c64590222798bb761d5b6d8e72950
Update and rename jsf-detection.yaml to jsf-detect.yaml 2022-11-13 13:42:00 +05:30			`id: jsf-detect`
Add JavaServer Faces Detection 2021-05-27 10:17:14 +02:00
			`info:`
			`name: JavaServer Faces Detection`
Update jsf-detection.yaml 2022-01-29 13:31:51 +05:30			`author: brenocss,Moritz Nentwig`
misc update to avoid false positive 2021-05-28 09:47:29 +05:30			`severity: info`
Add JavaServer Faces Detection 2021-05-27 10:17:14 +02:00			`description: Searches for JavaServer Faces content on a URL.`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 16:57:55 +05:30			`tags: jsf,tech,primefaces,richfaces`
Add JavaServer Faces Detection 2021-05-27 10:17:14 +02:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Add JavaServer Faces Detection 2021-05-27 10:17:14 +02:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-08 02:57:25 +05:30			`host-redirects: true`
Update max redirects jsf detection (#3638) 2022-01-31 08:43:36 -03:00			`max-redirects: 3`
templateman update 2023-10-14 16:57:55 +05:30
Update jsf-detection.yaml 2022-01-29 10:31:15 +05:30			`matchers-condition: or`
Add JavaServer Faces Detection 2021-05-27 10:17:14 +02:00			`matchers:`
Update jsf-detection.yaml 2022-01-29 10:31:15 +05:30			`- type: dsl`
			`name: javafaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 13:31:51 +05:30			`- "(contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState'))"`
Update jsf-detection.yaml 2022-01-29 10:31:15 +05:30
			`- type: dsl`
			`name: primefaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 13:31:51 +05:30			`- "contains(body, 'primefaces')"`
			`- "contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState')"`
Update jsf-detection.yaml 2022-01-29 10:31:15 +05:30			`condition: and`

			`- type: dsl`
			`name: richfaces`
			`dsl:`
Update jsf-detection.yaml 2022-01-29 13:31:51 +05:30			`- "contains(body, 'richfaces')"`
			`- "contains(body, 'javax.faces.resource') \|\| contains(body, 'javax.faces.ViewState')"`
Update jsf-detection.yaml 2022-01-29 10:31:15 +05:30			`condition: and`
chore: sign templates 🤖 2024-12-01 13:57:55 +00:00			`# digest: 490a0046304402200aebdb1c4a9d965884aa6da82d1520eb5b064c805c787a6ab9e1f9b92e5397850220173ed59c49c0c136cef63dd55b161b46cc4285d8b682b37abf0881c077a69857:922c64590222798bb761d5b6d8e72950`