Routine is signature type which run after matching the condition from the previous signatures.
You can see the example below.
id: wordpress-routine
type: routine # required
info:
name: Wordpress Routine
risk: Potential
params:
- root: '{{.BaseURL}}'
routines:
# {{.BaseSign}} is default at ~/.jaeles/base-signatures/
- signs:
- wp: '{{.BaseSign}}/probe/wordpress-detect.yaml'
- wp2: '{{.BaseSign}}/probe/wordpress-login-page.yaml'
logics:
# wp() is true when signatures at {{.BaseSign}}/probe/wordpress-detect.yaml found something
- expr: 'wp() && wp2()'
invokes:
- '{{.BaseSign}}/common/wordpress-directory-listing.yaml'
- '{{.BaseSign}}/common/wordpress-misconfig.yaml'
- '{{.BaseSign}}/common/wordpress-rest-api.yaml'
- '{{.BaseSign}}/common/wordpress-user-enum.yaml'
First we detect if target running wordpress or not then run 4 signatures in invokes if the conditions matched in expr.
Usage of expr section is same from the detection but function is name of items in signs.