nuclei-templates/http/vulnerabilities/generic/generic-env.yaml

id: generic-env

info:
  name: Generic Env File Disclosure
  author: kazet
  severity: high
  description: |
    A .env file was discovered containing sensitive information like database credentials and tokens. It should not be publicly accessible.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 22
  tags: config,exposure,env

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/.env"
        - "/.env.bak"
        - "/.env.dev"
        - "/.env.dev.local"
        - "/.env.development.local"
        - "/.env.prod"
        - "/.env.prod.local"
        - "/.env.production"
        - "/.env.production.local"
        - "/.env.local"
        - "/.env.example"
        - "/.env.stage"
        - "/.env.live"
        - "/.env.backup"
        - "/.env.save"
        - "/.env.old"
        - "/.env.www"
        - "/.env_1"
        - "/.env_sample"
        - "/.env.{{DN}}"
        - "/.env.{{SD}}"
        - "/api/.env"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "(?mi)^[a-z_]*(KEY|TOKEN|PASS|SECRET|DB_URL|DATABASE_URL|MAILER_URL)[a-z_]*="

      - type: word
        part: body
        negative: true
        words:
          - "<html"

# digest: 490a004630440220547bb968413b5bb510e75cc5dd3135d11954ea3c79ed2e3417088143b020e76802205ab6a107244bb426ca80737c2e5f601b2546cd26277330e52f218b4544def2f2:922c64590222798bb761d5b6d8e72950
Update and rename exposures/configs/env.yaml to http/vulnerabilities/generic/generic-env.yaml 2023-05-10 11:17:21 +00:00			`id: generic-env`
Generic .env detector 2023-04-24 12:53:08 +00:00
			`info:`
Update and rename exposures/configs/env.yaml to http/vulnerabilities/generic/generic-env.yaml 2023-05-10 11:17:21 +00:00			`name: Generic Env File Disclosure`
lint 2023-04-24 14:13:53 +00:00			`author: kazet`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`severity: high`
Generic .env detector 2023-04-24 12:53:08 +00:00			`description: \|`
			`A .env file was discovered containing sensitive information like database credentials and tokens. It should not be publicly accessible.`
			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L`
			`cvss-score: 8.3`
			`cwe-id: CWE-522`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`metadata:`
			`max-request: 22`
Update and rename exposures/configs/env.yaml to http/vulnerabilities/generic/generic-env.yaml 2023-05-10 11:17:21 +00:00			`tags: config,exposure,env`
Generic .env detector 2023-04-24 12:53:08 +00:00
protocol -update 2023-05-11 09:19:23 +00:00			`http:`
Generic .env detector 2023-04-24 12:53:08 +00:00			`- method: GET`
			`path:`
feat: convert paths with lots of elements to payloads 2024-04-12 10:31:51 +00:00			`- "{{BaseURL}}{{paths}}"`
			`payloads:`
			`paths:`
			`- "/.env"`
			`- "/.env.bak"`
			`- "/.env.dev"`
			`- "/.env.dev.local"`
			`- "/.env.development.local"`
			`- "/.env.prod"`
			`- "/.env.prod.local"`
			`- "/.env.production"`
			`- "/.env.production.local"`
			`- "/.env.local"`
			`- "/.env.example"`
			`- "/.env.stage"`
			`- "/.env.live"`
			`- "/.env.backup"`
			`- "/.env.save"`
			`- "/.env.old"`
			`- "/.env.www"`
			`- "/.env_1"`
			`- "/.env_sample"`
			`- "/.env.{{DN}}"`
			`- "/.env.{{SD}}"`
			`- "/api/.env"`
Generic .env detector 2023-04-24 12:53:08 +00:00
Fewer false positives in generic-env.yaml 2023-08-09 08:42:01 +00:00			`matchers-condition: and`
Generic .env detector 2023-04-24 12:53:08 +00:00			`matchers:`
			`- type: regex`
			`part: body`
			`regex:`
			`- "(?mi)^[a-z_](KEY\|TOKEN\|PASS\|SECRET\|DB_URL\|DATABASE_URL\|MAILER_URL)[a-z_]="`
Fewer false positives in generic-env.yaml 2023-08-09 08:42:01 +00:00
			`- type: word`
			`part: body`
			`negative: true`
			`words:`
			`- "<html"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a004630440220547bb968413b5bb510e75cc5dd3135d11954ea3c79ed2e3417088143b020e76802205ab6a107244bb426ca80737c2e5f601b2546cd26277330e52f218b4544def2f2:922c64590222798bb761d5b6d8e72950`