ActiveMQ OpenWire Transport Detection

ID: activemq-openwire-transport-detect

Severity: info

Author: pussycat0x,ret2src

Tags: network,activemq,detect,openwire,detection,tcp

Description

OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.

YAML Source

id: activemq-openwire-transport-detect

info:
  name: ActiveMQ OpenWire Transport Detection
  author: pussycat0x,ret2src
  severity: info
  description: |
    OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"ActiveMQ OpenWire transport"
  tags: network,activemq,detect,openwire,detection,tcp
tcp:
  - inputs:
      - data: "VERSION"

    host:
      - "{{Hostname}}"
    port: 61616,6835

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ActiveMQ"

    extractors:
      - type: regex
        regex:
          - "ProviderVersion...([0-9.]+)"
# digest: 490a00463044022050825796120e0b521de898aadcdd27e29c87b57bb00f3f4732dbd05808c12b300220090e3cde93e93ca937aa126f2d6c42f9553b1289b31ae75f0040b603fa414f6c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "network/detection/activemq-openwire-transport-detect.yaml"

View on Github