2023-08-04 21:20:12 +00:00
|
|
|
id: url-extension-inspector
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
info:
|
|
|
|
name: URL Extension Inspector
|
|
|
|
author: ayadim
|
2023-08-11 05:28:46 +00:00
|
|
|
severity: unknown
|
|
|
|
description: |
|
|
|
|
This template assists you in discovering intriguing extensions within a list of URLs.
|
|
|
|
reference:
|
|
|
|
- https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
|
|
|
|
tags: file,urls,extension
|
2023-08-04 21:20:12 +00:00
|
|
|
file:
|
|
|
|
- extensions:
|
|
|
|
- all
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
extractors:
|
|
|
|
- type: regex
|
|
|
|
name: Hot finding
|
|
|
|
regex:
|
|
|
|
- "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:38:55 +00:00
|
|
|
- type: regex
|
2023-08-04 21:20:12 +00:00
|
|
|
name: Backup file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: PHP Source
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: ASP Source
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.db|\\.sql"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Bash script
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.sh|\\.bashrc|\\.zshrc"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: 1Password password manager database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.agilekeychain"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: ASP configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.asa"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Apple Keychain database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.keychain"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Azure service configuration schema file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.cscfg"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Compressed archive file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.ini|\\.config|\\.conf)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Day One journal file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.dayone"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Document file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.doc|\\.docx|\\.rtf)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: GnuCash database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.gnucash"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Include file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.inc"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: XML file
|
|
|
|
regex:
|
2023-08-04 21:38:55 +00:00
|
|
|
- "(?i)\\.xml"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Old file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.old"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Log file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.log"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Java file
|
|
|
|
regex:
|
2023-08-04 21:38:55 +00:00
|
|
|
- "(?i)\\.java"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: SQL dump file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.sql"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Excel file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.xls|\\.xlsx|\\.csv)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Certificate file
|
|
|
|
regex:
|
2023-08-04 21:38:55 +00:00
|
|
|
- "(?i)(\\.cer|\\.crt|\\.p7b)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Java key storte
|
|
|
|
regex:
|
2023-08-04 21:38:55 +00:00
|
|
|
- "(?i)\\.jks"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: KDE Wallet Manager database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.kwallet"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Little Snitch firewall configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.xpl"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Microsoft BitLocker Trusted Platform Module password file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.tpm"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Microsoft BitLocker recovery key file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.bek"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Microsoft SQL database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.mdf"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Microsoft SQL server compact database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.sdf"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Network traffic capture file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.pcap"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: OpenVPN client configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.ovpn"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: PDF file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.pdf"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: PHP file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.pcap"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Password Safe database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.psafe3"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Potential configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.yml"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Potential cryptographic key bundle
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Potential private key
|
|
|
|
regex:
|
|
|
|
- "(?i)otr.private_key"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Presentation file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.ppt|\\.pptx)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Python file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.py"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Remote Desktop connection file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.rdp"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Ruby On Rails file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.rb"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: SQLite database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.sqlite|\\.sqlitedb"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: SQLite3 database file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.sqlite3"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Sequel Pro MySQL database manager bookmark file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.plist"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Shell configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)(\\.exports|\\.functions|\\.extra)"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Temporary file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.tmp"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Terraform variable config file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.tfvars"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Text file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.txt"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Tunnelblick VPN configuration file
|
|
|
|
regex:
|
|
|
|
- "(?i)\\.tblk"
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-08-04 21:20:12 +00:00
|
|
|
- type: regex
|
|
|
|
name: Windows BitLocker full volume encrypted data file
|
|
|
|
regex:
|
2023-08-11 05:28:46 +00:00
|
|
|
- "(?i)\\.fve"
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 490a0046304402203342df27b75080be4762275375e19b63832c89211544474786cce395d13a433302205bfa8b32a8b5f202b6562cc5ac1e8ea50086bca8c54ce36eec20e82d30449b22:922c64590222798bb761d5b6d8e72950
|