nuclei-templates/misconfiguration/http-missing-security-heade...

id: http-missing-security-headers

info:
  name: HTTP Missing Security Headers
  author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki
  severity: info
  description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
  tags: misconfig,generic

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    redirects: true
    max-redirects: 3
    matchers-condition: or
    matchers:
      - type: regex
        name: strict-transport-security
        regex:
          - "(?i)strict-transport-security"
        negative: true
        part: header

      - type: regex
        name: content-security-policy
        regex:
          - "(?i)content-security-policy"
        negative: true
        part: header

      - type: regex
        name: x-frame-options
        regex:
          - "(?i)x-frame-options"
        negative: true
        part: header

      - type: regex
        name: x-content-type-options
        regex:
          - "(?i)x-content-type-options"
        negative: true
        part: header

      - type: regex
        name: x-permitted-cross-domain-policies
        regex:
          - "(?i)x-permitted-cross-domain-policies"
        negative: true
        part: header

      - type: regex
        name: referrer-policy
        regex:
          - "(?i)referrer-policy"
        negative: true
        part: header

      - type: regex
        name: clear-site-data
        regex:
          - "(?i)clear-site-data"
        negative: true
        part: header

      - type: regex
        name: cross-origin-embedder-policy
        regex:
          - "(?i)cross-origin-embedder-policy"
        negative: true
        part: header

      - type: regex
        name: cross-origin-opener-policy
        regex:
          - "(?i)cross-origin-opener-policy"
        negative: true
        part: header

      - type: regex
        name: cross-origin-resource-policy
        regex:
          - "(?i)cross-origin-resource-policy"
        negative: true
        part: header

      - type: regex
        name: access-control-allow-origin
        regex:
          - "(?i)access-control-allow-origin"
        negative: true
        part: header

      - type: regex
        name: access-control-allow-credentials
        regex:
          - "(?i)access-control-allow-credentials"
        negative: true
        part: header

      - type: regex
        name: access-control-expose-headers
        regex:
          - "(?i)access-control-expose-headers"
        negative: true
        part: header

      - type: regex
        name: access-control-max-age
        regex:
          - "(?i)access-control-max-age"
        negative: true
        part: header

      - type: regex
        name: access-control-allow-methods
        regex:
          - "(?i)access-control-allow-methods"
        negative: true
        part: header

      - type: regex
        name: access-control-allow-headers
        regex:
          - "(?i)access-control-allow-headers"
Added security headers templates 2021-07-28 12:40:20 +00:00			`id: http-missing-security-headers`

			`info:`
			`name: HTTP Missing Security Headers`
removing duplicate templates and few updates 2021-09-03 17:05:58 +00:00			`author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki`
Added security headers templates 2021-07-28 12:40:20 +00:00			`severity: info`
Updates across many templates for clarity, spelling, and grammar. 2021-09-05 21:13:45 +00:00			`description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.`
removing duplicate templates and few updates 2021-09-03 17:05:58 +00:00			`tags: misconfig,generic`
Added security headers templates 2021-07-28 12:40:20 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`
updated matchers 2021-09-03 16:54:11 +00:00
Added security headers templates 2021-07-28 12:40:20 +00:00			`redirects: true`
			`max-redirects: 3`
			`matchers-condition: or`
			`matchers:`
updated matchers 2021-09-03 16:54:11 +00:00			`- type: regex`
			`name: strict-transport-security`
			`regex:`
			`- "(?i)strict-transport-security"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: content-security-policy`
			`regex:`
			`- "(?i)content-security-policy"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: x-frame-options`
			`regex:`
			`- "(?i)x-frame-options"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: x-content-type-options`
			`regex:`
			`- "(?i)x-content-type-options"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: x-permitted-cross-domain-policies`
			`regex:`
			`- "(?i)x-permitted-cross-domain-policies"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: referrer-policy`
			`regex:`
			`- "(?i)referrer-policy"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: clear-site-data`
			`regex:`
			`- "(?i)clear-site-data"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: cross-origin-embedder-policy`
			`regex:`
			`- "(?i)cross-origin-embedder-policy"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: cross-origin-opener-policy`
			`regex:`
			`- "(?i)cross-origin-opener-policy"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: cross-origin-resource-policy`
			`regex:`
			`- "(?i)cross-origin-resource-policy"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-allow-origin`
			`regex:`
			`- "(?i)access-control-allow-origin"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-allow-credentials`
			`regex:`
			`- "(?i)access-control-allow-credentials"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-expose-headers`
			`regex:`
			`- "(?i)access-control-expose-headers"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-max-age`
			`regex:`
			`- "(?i)access-control-max-age"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-allow-methods`
			`regex:`
			`- "(?i)access-control-allow-methods"`
Added security headers templates 2021-07-28 12:40:20 +00:00			`negative: true`
			`part: header`
updated matchers 2021-09-03 16:54:11 +00:00
			`- type: regex`
			`name: access-control-allow-headers`
			`regex:`
Updates across many templates for clarity, spelling, and grammar. 2021-09-05 21:13:45 +00:00			`- "(?i)access-control-allow-headers"`