daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update python-scanner.yaml 

- Added new regex for code injection: 'execfile'.
- Added new regex for command injection: 'subprocess.run', 'commands.getoutput'. Modified 'os.popen' regex for better detection.
- Added new regex for untrusted source: 'marshal.loads', 'pickle.Unpickler'.
- Modified 'dangerous-yaml' regex to include 'yaml.safe_load'.
- Added new regex in 'sqli' for various database execute functions.
patch-1
Mehran Seifalinia 2023-08-04 12:57:44 +03:30 committed by GitHub
parent ed3696a791
commit 0cc5a83e13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
file/python/python-scanner.yaml
View File

@ -4,7 +4,7 @@ info:
name: Python Scanner
author: majidmc2
severity: info
description: Indicators for dangerous Python functions
description: Nuclei template to detect potentially dangerous Python functions in Python files. The template checks for functions that could lead to code injection, command injection, loading untrusted data, and SQL injection vulnerabilities.
reference:
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
@ -21,26 +21,38 @@ file:
- 'exec'
- 'eval'
- '__import__'
- 'execfile'
- type: regex
name: command-injection
regex:
- 'subprocess.call\(.*shell=True.*\)'
- 'os.system'
- 'os.popen'
- 'os.popen\d?'
- 'subprocess.run'
- 'commands.getoutput'
- type: regex
name: untrusted-source
regex:
- 'pickle.loads'
- 'cPickle.loads'
- 'pickle\.loads'
- 'c?Pickle\.loads?'
- 'marshal\.loads'
- 'pickle\.Unpickler
- type: regex
name: dangerous-yaml
regex:
- 'yaml.load'
regex:
- 'yaml\.load'
- 'yaml\.safe_load'
- type: regex
name: sqli
regex:
- 'cursor.execute'
regex:
- 'cursor\.execute'
- 'sqlite3\.execute'
- 'MySQLdb\.execute'
- 'psycopg2\.execute'
- 'cx_Oracle\.execute'