nuclei-templates/exposed-tokens/generic/http-username-password.yaml

id: http-username-password

# Extract something like https://username:password@vulnerable.com

info:
  name: Http usernamme password
  author: nadino
  severity: info

# Notes:-
# This template requires manual inspection once found valid match.

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - '(ftp|ftps|http|https)://[A-Za-z0-9-_:\.~]+(@)'
HTTP username and password Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com 2020-05-07 10:09:09 +00:00			`id: http-username-password`

Update syntax 2020-05-25 08:24:39 +00:00			`# Extract something like https://username:password@vulnerable.com`
HTTP username and password Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com 2020-05-07 10:09:09 +00:00
			`info:`
			`name: Http usernamme password`
			`author: nadino`
severity updates 2020-09-20 12:57:43 +00:00			`severity: info`
HTTP username and password Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com 2020-05-07 10:09:09 +00:00
fixes 2021-01-10 23:20:14 +00:00			`# Notes:-`
			`# This template requires manual inspection once found valid match.`

HTTP username and password Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com 2020-05-07 10:09:09 +00:00			`requests:`
			`- method: GET`
			`path:`
Preparing for request clustering 2021-01-13 07:31:46 +00:00			`- "{{BaseURL}}"`
temp fix for extractors 2020-07-30 08:16:37 +00:00
HTTP username and password Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com 2020-05-07 10:09:09 +00:00			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
regex update 2020-08-19 14:59:38 +00:00			`- '(ftp\|ftps\|http\|https)://[A-Za-z0-9-_:\.~]+(@)'`