nuclei-templates/exposures/files/django-secret-key.yaml

47 lines
986 B
YAML
Raw Normal View History

2022-06-05 21:05:46 +00:00
id: django-secret-key
info:
2022-06-06 11:52:25 +00:00
name: Django Secret Key Exposure
author: geeknik,DhiyaneshDk
2022-06-05 21:05:46 +00:00
severity: high
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
metadata:
verified: true
shodan-query: html:settings.py
2022-10-13 10:12:07 +00:00
tags: django,exposure,files
2022-06-05 21:05:46 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/settings.py"
- "{{BaseURL}}/app/settings.py"
- "{{BaseURL}}/django/settings.py"
- "{{BaseURL}}/settings/settings.py"
- "{{BaseURL}}/web/settings/settings.py"
2022-06-06 11:52:25 +00:00
stop-at-first-match: true
2022-06-05 21:05:46 +00:00
matchers-condition: and
matchers:
2022-06-06 11:52:25 +00:00
2022-06-05 21:05:46 +00:00
- type: word
part: body
words:
- "SECRET_KEY ="
2022-06-06 11:52:25 +00:00
2022-06-05 21:05:46 +00:00
- type: word
part: header
words:
- "text/html"
negative: true
2022-06-06 11:52:25 +00:00
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"DJANGO_SECRET_KEY", "(.*)"'