mirror of
https://github.com/lunchcat/sif.git
synced 2026-06-28 01:13:01 -07:00
Tigah
68075b6901
cover three platforms the built-in cms scanner misses (it only handles wordpress, drupal and joomla). markers are structural: generator meta, framework-specific js init and asset paths, not bare brand strings, so a page that merely mentions the cms does not match. ghost also extracts its version from the generator meta.
36 lines
648 B
YAML
36 lines
648 B
YAML
# Ghost CMS Detection Module
|
|
|
|
id: cms-ghost
|
|
info:
|
|
name: Ghost Detection
|
|
author: sif
|
|
severity: info
|
|
description: Detects Ghost publishing platform installations
|
|
tags: [cms, ghost, detection, info]
|
|
|
|
type: http
|
|
|
|
http:
|
|
method: GET
|
|
paths:
|
|
- "{{BaseURL}}"
|
|
- "{{BaseURL}}/ghost/"
|
|
|
|
matchers:
|
|
- type: word
|
|
part: all
|
|
words:
|
|
- 'generator" content="Ghost'
|
|
- "/ghost/api/"
|
|
- "data-ghost"
|
|
- "ghost-portal"
|
|
condition: or
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: ghost_version
|
|
part: body
|
|
regex:
|
|
- 'generator" content="Ghost ([0-9]+(?:\.[0-9]+)*)'
|
|
group: 1
|