Merge pull request #1049 from projectdiscovery/nw-tpl

Starting with network templates support to nuclei 🎉 🎉
2021-03-10 19:27:41 +05:30 · 2021-03-10 19:27:41 +05:30 · 147476e0b1
parent 0026353d0f 65ad281539
commit 147476e0b1
6 changed files with 117 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -43,7 +43,7 @@ An overview of the nuclei template directory including number of templates assoc
 | exposed-tokens | 9 | dns             | 6               | fuzzing          | 4          |
 | helpers        | 2        | takeovers       | 1         | -                | -                              |

-**72 directories, 701 files**.
+**73 directories, 704 files**.

 </td>
 </tr>
--- a/network/exposed-redis.yaml
+++ b/network/exposed-redis.yaml
@ -0,0 +1,27 @@
+id: exposed-redis
+
+info:
+  name: Redis Unauth Server
+  author: pd-team
+  severity: high
+  reference: https://redis.io/topics/security
+  tags: network,redis
+
+network:
+  - inputs:
+      - data: "info\r\nquit\r\n"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:6379"
+    read-size: 2048
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "redis_version"
+      - type: word
+        negative: true
+        words:
+          - "redis_mode:sentinel"
--- a/network/exposed-zookeeper.yaml
+++ b/network/exposed-zookeeper.yaml
@ -0,0 +1,22 @@
+id: exposed-zookeeper
+
+info:
+  name: ZooKeeper Unauth Server
+  author: pd-team
+  severity: high
+  reference: https://zookeeper.apache.org/security.html
+  tags: network,zookeeper
+
+network:
+  - inputs:
+      - data: "envi\r\nquit\r\n"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:2181"
+    read-size: 2048
+
+    matchers:
+      - type: word
+        words:
+          - "zookeeper.version"
--- a/network/memcached-stats.yaml
+++ b/network/memcached-stats.yaml
@ -0,0 +1,21 @@
+id: memcached-stats
+
+info:
+  name: Memcached stats disclosure
+  author: pd-team
+  severity: low
+  tags: network,memcached
+
+network:
+  - inputs:
+      - data: "stats\r\n\r\nquit\r\n"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:11211"
+    read-size: 2048
+
+    matchers:
+      - type: word
+        words:
+          - "STAT "
--- a/network/mongodb-detect.yaml
+++ b/network/mongodb-detect.yaml
@ -0,0 +1,24 @@
+id: mongodb-detect
+
+info:
+  name: MongoDB Detection
+  author: pd-team
+  severity: info
+  reference: https://github.com/orleven/Tentacle
+  tags: network,mongodb
+
+network:
+  - inputs:
+      - data: 3a000000a741000000000000d40700000000000061646d696e2e24636d640000000000ffffffff130000001069736d6173746572000100000000
+        type: hex
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:27017"
+    read-size: 2048
+
+    matchers:
+      - type: word
+        words:
+          - "logicalSessionTimeout"
+          - "localTime"
--- a/network/mongodb-unauth.yaml
+++ b/network/mongodb-unauth.yaml
@ -0,0 +1,22 @@
+id: mongodb-unauth
+
+info:
+  name: Unauth MongoDB Disclosure
+  author: pd-team
+  severity: high
+  reference: https://github.com/orleven/Tentacle
+  tags: network,mongodb
+
+network:
+  - inputs:
+      - data: 480000000200000000000000d40700000000000061646d696e2e24636d6400000000000100000021000000026765744c6f670010000000737461727475705761726e696e67730000
+        type: hex
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:27017"
+    read-size: 2048
+    matchers:
+      - type: word
+        words:
+          - "totalLinesWritten"