Update the check method to eliminate potential false positives by searching for the presence of three strings that together should only be returned by HPE SIM web servers.

Author: gwillcox-r7

modules/exploits/windows/http/hpe_sim_76_amf_deserialization.rb

@@ -78,10 +78,19 @@ def initialize(info = {})
   def check
     res = send_request_cgi({
       'method' => 'GET',
-      'uri' => normalize_uri(target_uri.path, 'simsearch', 'messagebroker', 'amfsecure')
+      'uri' => normalize_uri(target_uri.path)
     })
-
     return CheckCode::Unknown('Failed to connect to the server.') if res.nil?
+
+    body = res.body
+    unless body.include?('Please insert your Smart Card and login to HPE System Insight Manager.') && body.include?('<title>HPE Systems Insight Manager</title>') && body.include?('/ui/javascript/XeHelp.js')
+      return CheckCode::Safe("Target doesn't appear to be a HPE System Insight Manager server!")
+    end
+
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, 'simsearch', 'messagebroker', 'amfsecure')
+    })
     return CheckCode::Safe('Failed to identify an active amfsecure endpoint on the target.') unless res&.code == 200
 
     CheckCode::Appears('Found an active amfsecure endpoint on the target!')