From 1ff42583181d401b1dcb542040ff3aae3158e3df Mon Sep 17 00:00:00 2001
From: Sam Stepanyan <sam.stepanyan@owasp.org>
Date: Sat, 30 Aug 2025 04:29:49 +0100
Subject: [PATCH] New module: adobe_aem_lastpatcheddate_scan (#1125)

* New module: adobe_aem_lastpatcheddate_scan

* docs update

* Update nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml

coderabbit suggested improvements

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

* Update nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml

coderabbit suggestion

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 docs/Modules.md                               |  1 +
 .../scan/adobe_aem_lastpatcheddate.yaml       | 52 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml

diff --git a/docs/Modules.md b/docs/Modules.md
index b19623a5..3592f268 100644
--- a/docs/Modules.md
+++ b/docs/Modules.md
@@ -8,6 +8,7 @@ OWASP Nettacker Modules can be of type **Scan** (scan for something), **Vuln** (
 
 ## Scan Modules
 
+* '**adobe_aem_lastpatcheddate_scan**' - Scan the target for Adobe Experience Manager (AEM) and return its last patched date
 * '**admin_scan**'  - Scan the target for various Admin folders such as /admin /phpmyadmin /cmsadmin /wp-admin etc
 * '**citrix_lastpatcheddate_scan**'  Scan the target and try to detect Citrix Netscaler Gateway and it's last patched date
 * '**cms_detection_scan**' - Scan the target and try to detect the CMS (Wordpress, Drupal or Joomla) using response fingerprinting
diff --git a/nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml b/nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml
new file mode 100644
index 00000000..fb386e9e
--- /dev/null
+++ b/nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml
@@ -0,0 +1,52 @@
+info:
+  name: adobe_aem_lastpatcheddate_scan
+  author: OWASP Nettacker Team
+  severity: 3
+  description: Adobe Experience Manager (AEM) Last Patched Date Scan
+  reference:
+  profiles:
+    - scan
+    - http
+    - adobe
+    - low_severity
+
+payloads:
+  - library: http
+    steps:
+      - method: head
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/libs/granite/core/content/login/clientlib.js"
+            prefix: ""
+            suffix: ""
+            interceptors: []
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+                - 4502
+                - 4503
+                - 8080
+                - 8443
+        response:
+          condition_type: and
+          log: "response_dependent['headers']['last-modified']"
+          conditions:
+            status_code:
+              regex: "200"
+              reverse: false
+            headers:
+              Last-Modified:
+                regex: .*  
+                reverse: false
+              Content-Type: 
+                regex: "javascript"
+                reverse: false