From 1b3da3701acab0d3fc0a15f38b6ec2c7d0e0f828 Mon Sep 17 00:00:00 2001
From: Chris <95527687+darses@users.noreply.github.com>
Date: Thu, 28 Aug 2025 19:17:32 +0200
Subject: [PATCH] Update freepbx-administration-panel - Additional Shodan/FOFA
 queries - Remove Google dork which no longer works - Add version extract -
 Change the word matches to cover multilanguage versions

---
 .../freepbx-administration-panel.yaml         | 33 ++++++++++++-------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/http/exposed-panels/freepbx-administration-panel.yaml b/http/exposed-panels/freepbx-administration-panel.yaml
index 7f721e149b5..e54c91a45aa 100644
--- a/http/exposed-panels/freepbx-administration-panel.yaml
+++ b/http/exposed-panels/freepbx-administration-panel.yaml
@@ -2,9 +2,10 @@ id: freepbx-administration-panel
 
 info:
   name: FreePBX Admin Panel - Detect
-  author: tess
+  author: tess,darses
   severity: info
-  description: FreePBX admin panel was detected.
+  description: |
+    FreePBX admin panel was detected.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cwe-id: CWE-200
@@ -15,26 +16,28 @@ info:
     vendor: sangoma
     product: freepbx
     shodan-query:
-      - http.title:"FreePBX Administration"
-      - http.title:"freepbx administration"
-    fofa-query: title="freepbx administration"
-    google-query: intitle:"freepbx administration"
+      - http.title:"FreePBX"
+      - http.favicon.hash:-1908328911
+      - http.favicon.hash:1574423538
+    fofa-query:
+     - title="FreePBX"
+     - icon_hash="-1908328911"
+     - icon_hash="1574423538"
   tags: freepbx,panel,sangoma
 
 http:
   - method: GET
     path:
-      - '{{BaseURL}}/admin/config.php#'
+      - '{{BaseURL}}/admin/config.php'
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - 'FreePBX Administration'
-          - 'Operator Panel'
-          - 'User Control Panel'
-        condition: and
+          - "<title>FreePBX"
+          - "FreePBX</title>"
+        condition: or
 
       - type: word
         part: header
@@ -44,4 +47,10 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e03c56506b0dc648505660fca52f7d0e0a8cb7f2004d8623370cf6de781d24ed02200323dac46adb49f48df6e11073d6fd740a56c0ba269f16bd1da72dbd4e1c6321:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'FreePBX\s+([\d\.]+)\s+'