nuclei-templates/file/url-analyse/url-extension-inspector.yaml

id: url-extension-inspector

info:
  name: URL Extension Inspector
  author: ayadim
  severity: unknown
  description: |
    This template assists you in discovering intriguing extensions within a list of URLs.
  reference:
    - https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
  tags: file,urls,extension
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: Hot finding
        regex:
          - "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"

      - type: regex
        name: Backup file
        regex:
          - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")"

      - type: regex
        name: PHP Source
        regex:
          - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"

      - type: regex
        name: ASP Source
        regex:
          - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"

      - type: regex
        name: Database file
        regex:
          - "(?i)\\.db|\\.sql('|\")"

      - type: regex
        name: Bash script
        regex:
          - "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")"

      - type: regex
        name: 1Password password manager database file
        regex:
          - "(?i)\\.agilekeychain('|\")"

      - type: regex
        name: ASP configuration file
        regex:
          - "(?i)\\.asa('|\")"

      - type: regex
        name: Apple Keychain database file
        regex:
          - "(?i)\\.keychain('|\")"

      - type: regex
        name: Azure service configuration schema file
        regex:
          - "(?i)\\.cscfg('|\")"

      - type: regex
        name: Compressed archive file
        regex:
          - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")"

      - type: regex
        name: Configuration file
        regex:
          - "(?i)(\\.ini|\\.config|\\.conf)('|\")"

      - type: regex
        name: Day One journal file
        regex:
          - "(?i)\\.dayone('|\")"

      - type: regex
        name: Document file
        regex:
          - "(?i)(\\.doc|\\.docx|\\.rtf)('|\")"

      - type: regex
        name: GnuCash database file
        regex:
          - "(?i)\\.gnucash('|\")"

      - type: regex
        name: Include file
        regex:
          - "(?i)\\.inc('|\")"

      - type: regex
        name: XML file
        regex:
          - "(?i)\\.xml('|\")"

      - type: regex
        name: Old file
        regex:
          - "(?i)\\.old('|\")"

      - type: regex
        name: Log file
        regex:
          - "(?i)\\.log('|\")"

      - type: regex
        name: Java file
        regex:
          - "(?i)\\.java('|\")"

      - type: regex
        name: SQL dump file
        regex:
          - "(?i)\\.sql('|\")"

      - type: regex
        name: Excel file
        regex:
          - "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")"

      - type: regex
        name: Certificate file
        regex:
          - "(?i)(\\.cer|\\.crt|\\.p7b)('|\")"

      - type: regex
        name: Java key storte
        regex:
          - "(?i)\\.jks('|\")"

      - type: regex
        name: KDE Wallet Manager database file
        regex:
          - "(?i)\\.kwallet('|\")"

      - type: regex
        name: Little Snitch firewall configuration file
        regex:
          - "(?i)\\.xpl('|\")"

      - type: regex
        name: Microsoft BitLocker Trusted Platform Module password file
        regex:
          - "(?i)\\.tpm('|\")"

      - type: regex
        name: Microsoft BitLocker recovery key file
        regex:
          - "(?i)\\.bek('|\")"

      - type: regex
        name: Microsoft SQL database file
        regex:
          - "(?i)\\.mdf('|\")"

      - type: regex
        name: Microsoft SQL server compact database file
        regex:
          - "(?i)\\.sdf('|\")"

      - type: regex
        name: Network traffic capture file
        regex:
          - "(?i)\\.pcap('|\")"

      - type: regex
        name: OpenVPN client configuration file
        regex:
          - "(?i)\\.ovpn('|\")"

      - type: regex
        name: PDF file
        regex:
          - "(?i)\\.pdf('|\")"

      - type: regex
        name: PHP file
        regex:
          - "(?i)\\.pcap('|\")"

      - type: regex
        name: Password Safe database file
        regex:
          - "(?i)\\.psafe3('|\")"

      - type: regex
        name: Potential configuration file
        regex:
          - "(?i)\\.yml('|\")"

      - type: regex
        name: Potential cryptographic key bundle
        regex:
          - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")"

      - type: regex
        name: Potential private key
        regex:
          - "(?i)otr.private_key('|\")"

      - type: regex
        name: Presentation file
        regex:
          - "(?i)(\\.ppt|\\.pptx)('|\")"

      - type: regex
        name: Python file
        regex:
          - "(?i)\\.py('|\")"

      - type: regex
        name: Remote Desktop connection file
        regex:
          - "(?i)\\.rdp('|\")"

      - type: regex
        name: Ruby On Rails file
        regex:
          - "(?i)\\.rb('|\")"

      - type: regex
        name: SQLite database file
        regex:
          - "(?i)\\.sqlite|\\.sqlitedb('|\")"

      - type: regex
        name: SQLite3 database file
        regex:
          - "(?i)\\.sqlite3('|\")"

      - type: regex
        name: Sequel Pro MySQL database manager bookmark file
        regex:
          - "(?i)\\.plist('|\")"

      - type: regex
        name: Shell configuration file
        regex:
          - "(?i)(\\.exports|\\.functions|\\.extra)('|\")"

      - type: regex
        name: Temporary file
        regex:
          - "(?i)\\.tmp"

      - type: regex
        name: Terraform variable config file
        regex:
          - "(?i)\\.tfvars('|\")"

      - type: regex
        name: Text file
        regex:
          - "(?i)\\.txt('|\")"

      - type: regex
        name: Tunnelblick VPN configuration file
        regex:
          - "(?i)\\.tblk('|\")"

      - type: regex
        name: Windows BitLocker full volume encrypted data file
        regex:
          - "(?i)\\.fve('|\")"

# digest: 4a0a004730450220785c78ea3f7c51e19ac9e310581ea751f3abf740e18692a5077070922bb4266e022100a54c2d7503c313074a10895dfb6be5cc92494e5bcb083e32ba83d3a05e5da0b9:922c64590222798bb761d5b6d8e72950