> ## Documentation Index
> Fetch the complete documentation index at: https://trickest.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scan for Technology-Specific Vulnerabilities

> Scan the identified technologies on your attack surface using tailored checks and methodologies for each

export const ModuleOverview = ({category, inputs, outputs, author, createdDate, iframeUrl, long_description}) => <div style={{
  backgroundColor: 'var(--background-card)',
  borderRadius: '16px',
  padding: '32px',
  boxShadow: '0 8px 32px rgba(0, 0, 0, 0.08)'
}}>
    <div style={{
  width: '100%',
  height: '600px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '16px',
  overflow: 'hidden',
  border: '1px solid var(--border-default)',
  marginBottom: '24px',
  position: 'relative'
}}>
      <div style={{
  width: '100%',
  height: '100%'
}}>
        <div className="p-2 not-prose relative bg-gray-50/50 rounded-xl overflow-hidden dark:bg-gray-800/25" style={{
  width: '100%',
  height: '100%'
}}>
          <div className="absolute inset-0 bg-grid-neutral-200/20 [mask-image:linear-gradient(0deg,#fff,rgba(255,255,255,0.6))] dark:bg-grid-white/5 dark:[mask-image:linear-gradient(0deg,rgba(255,255,255,0.1),rgba(255,255,255,0.5))]" style={{
  backgroundPosition: '10px 10px'
}}></div>
          <div className="relative rounded-lg overflow-hidden flex justify-center" style={{
  width: '100%',
  height: '100%'
}}>
            <iframe src={iframeUrl} scrolling="no" style={{
  position: 'absolute',
  top: 0,
  left: 0,
  width: '100%',
  height: '100%',
  border: 'none',
  overflow: 'hidden'
}} title="Module Preview" />
          </div>
          <div className="absolute inset-0 pointer-events-none border border-black/5 rounded-xl dark:border-white/5"></div>
        </div>
      </div>
    </div>

    <div style={{
  display: 'flex',
  justifyContent: 'space-between',
  alignItems: 'center',
  marginBottom: '24px'
}}>
      <div style={{
  display: 'flex',
  gap: '16px',
  alignItems: 'center'
}}>
        <span style={{
  background: 'linear-gradient(135deg, #00a3ff, #0065ff)',
  color: 'white',
  padding: '8px 16px',
  borderRadius: '24px',
  fontSize: '0.875rem',
  fontWeight: '600',
  textTransform: 'uppercase'
}}>
          {category}
        </span>
      </div>
      
      <div style={{
  display: 'flex',
  gap: '24px',
  alignItems: 'center'
}}>
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Created by</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>{author}</p>
        </div>
        <div style={{
  width: '1px',
  height: '32px',
  backgroundColor: 'var(--border-default)'
}} />
        <div>
          <p style={{
  color: 'var(--text-secondary)',
  fontSize: '0.875rem',
  margin: 0
}}>Last updated</p>
          <p style={{
  color: 'var(--text-primary)',
  fontWeight: '500',
  margin: 0
}}>
            {new Date(createdDate).toLocaleDateString()}
          </p>
        </div>
      </div>
    </div>

    <p style={{
  color: 'rgba(163, 179, 188, 0.8)',
  fontSize: '1rem',
  margin: '0 0 24px 0',
  lineHeight: '1.6'
}}>
      {long_description}
    </p>

    <div style={{
  display: 'grid',
  gridTemplateColumns: '1fr 1fr',
  gap: '32px'
}}>
      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <path d="M5 12h14M12 5l7 7-7 7" />
          </svg>
          Input Parameters
        </h3>
        <div style={{
  display: 'flex',
  flexDirection: 'column',
  gap: '12px'
}}>
          {Object.entries(inputs).map(([key, value]) => <div key={key} style={{
  padding: '16px',
  backgroundColor: 'var(--background-default)',
  borderRadius: '12px',
  border: '1px solid var(--border-default)'
}}>
              <ParamField query={key} type={value.type.toLowerCase()} optional={!value.visible} required={value.visible}>
                <span style={{
  fontSize: '0.95rem',
  color: 'var(--text-secondary)',
  lineHeight: '1.5'
}}>
                  {value.description}
                </span>
              </ParamField>
            </div>)}
        </div>
      </div>

      <div>
        <h3 style={{
  fontSize: '1.25rem',
  fontWeight: '600',
  color: 'var(--text-primary)',
  marginBottom: '16px',
  display: 'flex',
  alignItems: 'center',
  gap: '8px'
}}>
          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor">
            <circle cx="12" cy="12" r="10" /><path d="M8 12h8" />
          </svg>
          Outputs
        </h3>
        <div style={{
  display: 'flex',
  flexWrap: 'wrap',
  gap: '6px'
}}>
          {outputs.map((output, index) => <span key={index} style={{
  background: 'rgba(255, 107, 0, 0.1)',
  borderRadius: '6px',
  padding: '2px 8px',
  fontSize: '0.7rem',
  display: 'inline-flex',
  alignItems: 'center',
  gap: '4px',
  color: '#ff6b00',
  border: '1px solid rgba(255, 107, 0, 0.2)'
}}>
              {output}
            </span>)}
        </div>
      </div>
    </div>
  </div>;

<ModuleOverview
  category="Vulnerability Scanning"
  inputs={ {
"header": {
"name": "header",
"type": "STRING",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
"header-file": {
"name": "header-file",
"type": "FILE",
"visible": false,
"description": "Header(s) to include in HTTP requests",
},
"web-technologies": {
"name": "web-technologies",
"type": "FILE",
"visible": true,
"description": "JSONLines records of web technology discovery details from the Fingerprint Web Technologies module",
},
}}
  outputs={[ 
"findings",
"web-technologies"
]}
  author="mhmdiaa-trickest"
  createdDate="2024-08-12"
  iframeUrl="https://editor.trickest.io/preview?workflow_url=https://trickest-public-workflow.s3.eu-central-1.amazonaws.com/111aec71-2bf9-4c23-984d-83dc85c087d1.json"
/>

# Scan for Technology-Specific Vulnerabilities

## Description

Scan the identified technologies on your attack surface using tailored checks and methodologies for each. The currently supported technologies are:

* WordPress
* Microsoft IIS
* Ivanti Pulse Secure
* Joomla
* GitLab
* Jenkins
* Spring Boot
* Jira
* Splunk
* WebLogic

## Features

* Performs **custom checks based on the identified technologies** for a more targeted scan.
* Detects **related components and extensions**, such as WordPress plugins and themes.
* Can scan thousands of web servers simultaneously.

## Inputs

### Required

* **web-technologies:** JSONLines records of web technology discovery details from the "Fingerprint Web Technologies" module.

```
{"asset": "https://foo.example.com", "technology": "WordPress"}
{"asset": "https://bar.example.com", "technology": "Microsoft IIS"}
{"asset": "https://baz.example.com", "technology": "Springboot Actuators"}
```

### Optional

* **header**: Header(s) to include in HTTP requests
* **header-file**: File with header(s) to include in HTTP requests

### Outputs

* **findings:** JSONLines records of finding details.

```json theme={null}
{"finding": "Outdated WordPress Plugin", "location": "https://foo.example.com", "severity": "unknown", "hostname": "foo.example.com", "domain_name": "example.com", "method": "GET", "description": "Detected WordPress plugin \"elementor\" version 3.6.2"}
{"finding": "IIS Short File Name Enumeration", "location": "https://bar.example.com", "severity": "unknown", "hostname": "bar.example.com", "domain_name": "example.com", "method": "GET", "description": "The IIS server is vulnerable to an issue that reveals short names for files and directories using the 8.3 file naming scheme. By sending specially crafted requests containing the tilde \"~\" character, attackers can exploit this flaw to discover hidden files or directories, potentially exposing sensitive information"}
{"finding": "Spring Boot Actuators (Jolokia) XXE", "location": "https://baz.example.com/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml", "hostname": "baz.example.com", "domain_name": "example.com", "severity": "high", "method": "GET", "description": "A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine."}
```

* **web-technologies:** JSONLines records of web component discovery details.

```json theme={null}
{"asset": "https://foo.example.com", "technology": "elementor WordPress plugin", "location": "https://foo.example.com/wp-content/plugins/elementor/", "context": "3.6.2"}
```

## Changelog

* v1.0.0
  * Initial release
* v1.1.0
  * Added `header-file` input
* v1.1.1
  * Included the HTTP request that triggered each finding in the `request` field of the `findings` output
