name: chaitin-xray
transport: http
detail:
fingerprint:
cpe: cpe:2.3:a:chaitin:xray
version: '{{version}}'
rules:
get_icon_hash:
request:
method: GET
path: /
follow_redirects: false
expression: faviconHash(response.getIconContent()) == 938617678
get_version:
request:
method: POST
path: /api/graphql/
headers:
Content-Type: application/json
body: |-
{"query":"query WebVersion {webVersion}"}
expression: response.body_string.contains("webVersion")
output:
search: |
r'"webVersion":"(?P<version>[\w\.\-]+?)"'.submatch(response.body_string)
version: search['version']
expression: get_icon_hash() && (get_version() || true)