nuclei-templates/http/technologies/zk-framework-detect.yaml

id: zk-framework-detect

info:
  name: ZK Framework - Detect
  author: ErikOwen,Cursor
  severity: info
  description: |
    Detects the presence of ZK JavaFramework and attempts to extract its version.
  reference:
    - https://www.zkoss.org/
  classification:
    cpe: cpe:2.3:a:zkoss:zk_framework:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: zkoss
    product: zk_framework
    shodan-query: http.html:"zk.wpd" OR http.html:"<!-- ZK "
    fofa-query: body="zk.wpd" || body="<!-- ZK "
  tags: zk,zkoss,framework,detect,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true
    max-redirects: 4
    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "ZK Framework"
          - "zk.wpd"
          - "zkau/web"
          - "zkau/zkau"
          - "zkau/web/js/zk/zk.wpd"
          - "<!-- ZK "
        condition: or

      - type: regex
        part: body
        regex:
          - 'ZK Framework v?([0-9.]+)'
          - '<!-- ZK v?([0-9.]+) [\d\s\w]+ -->'
          - 'zkau/web/js/zk/zk\.wpd\?v=([0-9.]+)'
          - 'zkau/web/js/zk/zk\.js\?v=([0-9.]+)'

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - 'ZK Framework v?([0-9.]+)'
          - '<!-- ZK v?([0-9.]+) [\d\s\w]+ -->'
          - 'zkau/web/js/zk/zk\.wpd\?v=([0-9.]+)'
          - 'zkau/web/js/zk/zk\.js\?v=([0-9.]+)'
# digest: 4a0a004730450220495958568c0d9c04763acfe62e34d570a03beea0050686eff85c783bb147e3e40221008cb9ed21a68d70dabc1508f035f3ccf57c0572aaf0635a7b2f882799912c2857:922c64590222798bb761d5b6d8e72950