id: jsf-detect

info:
  name: JavaServer Faces Detection
  author: brenocss,Moritz Nentwig
  severity: info
  description: Searches for JavaServer Faces content on a URL.
  metadata:
    max-request: 1
  tags: jsf,tech,primefaces,richfaces

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3

    matchers-condition: or
    matchers:
      - type: dsl
        name: javafaces
        dsl:
          - "(contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState'))"

      - type: dsl
        name: primefaces
        dsl:
          - "contains(body, 'primefaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and

      - type: dsl
        name: richfaces
        dsl:
          - "contains(body, 'richfaces')"
          - "contains(body, 'javax.faces.resource') || contains(body, 'javax.faces.ViewState')"
        condition: and
# digest: 490a0046304402200aebdb1c4a9d965884aa6da82d1520eb5b064c805c787a6ab9e1f9b92e5397850220173ed59c49c0c136cef63dd55b161b46cc4285d8b682b37abf0881c077a69857:922c64590222798bb761d5b6d8e72950