nuclei-templates/file/url-analyse/url-extension-inspector.yaml

271 lines
6.2 KiB
YAML
Raw Normal View History

id: url-extension-inspector
2023-10-14 11:27:55 +00:00
info:
name: URL Extension Inspector
author: ayadim
2023-08-11 05:28:46 +00:00
severity: unknown
description: |
This template assists you in discovering intriguing extensions within a list of URLs.
reference:
- https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
tags: file,urls,extension
file:
- extensions:
- all
2023-10-14 11:27:55 +00:00
extractors:
- type: regex
name: Hot finding
regex:
- "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"
2023-10-14 11:27:55 +00:00
2023-08-04 21:38:55 +00:00
- type: regex
name: Backup file
regex:
- "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)"
2023-10-14 11:27:55 +00:00
- type: regex
name: PHP Source
regex:
- "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
2023-10-14 11:27:55 +00:00
- type: regex
name: ASP Source
regex:
- "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Database file
regex:
- "(?i)\\.db|\\.sql"
2023-10-14 11:27:55 +00:00
- type: regex
name: Bash script
regex:
- "(?i)\\.sh|\\.bashrc|\\.zshrc"
2023-10-14 11:27:55 +00:00
- type: regex
name: 1Password password manager database file
regex:
- "(?i)\\.agilekeychain"
2023-10-14 11:27:55 +00:00
- type: regex
name: ASP configuration file
regex:
- "(?i)\\.asa"
2023-10-14 11:27:55 +00:00
- type: regex
name: Apple Keychain database file
regex:
- "(?i)\\.keychain"
2023-10-14 11:27:55 +00:00
- type: regex
name: Azure service configuration schema file
regex:
- "(?i)\\.cscfg"
2023-10-14 11:27:55 +00:00
- type: regex
name: Compressed archive file
regex:
- "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Configuration file
regex:
- "(?i)(\\.ini|\\.config|\\.conf)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Day One journal file
regex:
- "(?i)\\.dayone"
2023-10-14 11:27:55 +00:00
- type: regex
name: Document file
regex:
- "(?i)(\\.doc|\\.docx|\\.rtf)"
2023-10-14 11:27:55 +00:00
- type: regex
name: GnuCash database file
regex:
- "(?i)\\.gnucash"
2023-10-14 11:27:55 +00:00
- type: regex
name: Include file
regex:
- "(?i)\\.inc"
2023-10-14 11:27:55 +00:00
- type: regex
name: XML file
regex:
2023-08-04 21:38:55 +00:00
- "(?i)\\.xml"
2023-10-14 11:27:55 +00:00
- type: regex
name: Old file
regex:
- "(?i)\\.old"
2023-10-14 11:27:55 +00:00
- type: regex
name: Log file
regex:
- "(?i)\\.log"
2023-10-14 11:27:55 +00:00
- type: regex
name: Java file
regex:
2023-08-04 21:38:55 +00:00
- "(?i)\\.java"
2023-10-14 11:27:55 +00:00
- type: regex
name: SQL dump file
regex:
- "(?i)\\.sql"
2023-10-14 11:27:55 +00:00
- type: regex
name: Excel file
regex:
- "(?i)(\\.xls|\\.xlsx|\\.csv)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Certificate file
regex:
2023-08-04 21:38:55 +00:00
- "(?i)(\\.cer|\\.crt|\\.p7b)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Java key storte
regex:
2023-08-04 21:38:55 +00:00
- "(?i)\\.jks"
2023-10-14 11:27:55 +00:00
- type: regex
name: KDE Wallet Manager database file
regex:
- "(?i)\\.kwallet"
2023-10-14 11:27:55 +00:00
- type: regex
name: Little Snitch firewall configuration file
regex:
- "(?i)\\.xpl"
2023-10-14 11:27:55 +00:00
- type: regex
name: Microsoft BitLocker Trusted Platform Module password file
regex:
- "(?i)\\.tpm"
2023-10-14 11:27:55 +00:00
- type: regex
name: Microsoft BitLocker recovery key file
regex:
- "(?i)\\.bek"
2023-10-14 11:27:55 +00:00
- type: regex
name: Microsoft SQL database file
regex:
- "(?i)\\.mdf"
2023-10-14 11:27:55 +00:00
- type: regex
name: Microsoft SQL server compact database file
regex:
- "(?i)\\.sdf"
2023-10-14 11:27:55 +00:00
- type: regex
name: Network traffic capture file
regex:
- "(?i)\\.pcap"
2023-10-14 11:27:55 +00:00
- type: regex
name: OpenVPN client configuration file
regex:
- "(?i)\\.ovpn"
2023-10-14 11:27:55 +00:00
- type: regex
name: PDF file
regex:
- "(?i)\\.pdf"
2023-10-14 11:27:55 +00:00
- type: regex
name: PHP file
regex:
- "(?i)\\.pcap"
2023-10-14 11:27:55 +00:00
- type: regex
name: Password Safe database file
regex:
- "(?i)\\.psafe3"
2023-10-14 11:27:55 +00:00
- type: regex
name: Potential configuration file
regex:
- "(?i)\\.yml"
2023-10-14 11:27:55 +00:00
- type: regex
name: Potential cryptographic key bundle
regex:
- "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Potential private key
regex:
- "(?i)otr.private_key"
2023-10-14 11:27:55 +00:00
- type: regex
name: Presentation file
regex:
- "(?i)(\\.ppt|\\.pptx)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Python file
regex:
- "(?i)\\.py"
2023-10-14 11:27:55 +00:00
- type: regex
name: Remote Desktop connection file
regex:
- "(?i)\\.rdp"
2023-10-14 11:27:55 +00:00
- type: regex
name: Ruby On Rails file
regex:
- "(?i)\\.rb"
2023-10-14 11:27:55 +00:00
- type: regex
name: SQLite database file
regex:
- "(?i)\\.sqlite|\\.sqlitedb"
2023-10-14 11:27:55 +00:00
- type: regex
name: SQLite3 database file
regex:
- "(?i)\\.sqlite3"
2023-10-14 11:27:55 +00:00
- type: regex
name: Sequel Pro MySQL database manager bookmark file
regex:
- "(?i)\\.plist"
2023-10-14 11:27:55 +00:00
- type: regex
name: Shell configuration file
regex:
- "(?i)(\\.exports|\\.functions|\\.extra)"
2023-10-14 11:27:55 +00:00
- type: regex
name: Temporary file
regex:
- "(?i)\\.tmp"
2023-10-14 11:27:55 +00:00
- type: regex
name: Terraform variable config file
regex:
- "(?i)\\.tfvars"
2023-10-14 11:27:55 +00:00
- type: regex
name: Text file
regex:
- "(?i)\\.txt"
2023-10-14 11:27:55 +00:00
- type: regex
name: Tunnelblick VPN configuration file
regex:
- "(?i)\\.tblk"
2023-10-14 11:27:55 +00:00
- type: regex
name: Windows BitLocker full volume encrypted data file
regex:
2023-08-11 05:28:46 +00:00
- "(?i)\\.fve"
# digest: 490a0046304402203342df27b75080be4762275375e19b63832c89211544474786cce395d13a433302205bfa8b32a8b5f202b6562cc5ac1e8ea50086bca8c54ce36eec20e82d30449b22:922c64590222798bb761d5b6d8e72950