templateman update

patch-1
sandeep 2023-10-14 16:57:55 +05:30
parent d63d0d6ca9
commit 161b90353a
6920 changed files with 20821 additions and 14572 deletions

View File

@ -13,9 +13,9 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-404
tags: dns,takeover,azure
metadata:
max-request: 1
tags: dns,takeover,azure
dns:
- name: "{{FQDN}}"

View File

@ -9,14 +9,13 @@ info:
- https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record
classification:
cwe-id: CWE-200
tags: dns,caa
metadata:
max-request: 1
tags: dns,caa
dns:
- name: "{{FQDN}}"
type: CAA
matchers:
- type: regex
regex:

View File

@ -12,9 +12,9 @@ info:
- https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
classification:
cwe-id: CWE-200
tags: dns,takeover
metadata:
max-request: 1
tags: dns,takeover
dns:
- name: "{{FQDN}}"

View File

@ -11,16 +11,15 @@ info:
- https://dmarc.org/wiki/FAQ#Why_is_DMARC_important.3F
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: dns,dmarc
metadata:
max-request: 1
tags: dns,dmarc
dns:
- name: "_dmarc.{{FQDN}}"
type: TXT
matchers:
- type: regex
part: answer

View File

@ -254,8 +254,7 @@ dns:
- type: word
part: answer
name: adobe-marketo
- 'mkto-.{5,8}\.com'
name: adobe-marketo - 'mkto-.{5,8}\.com'
- type: word
part: answer
@ -349,7 +348,7 @@ dns:
words:
- zdassets.com
- zdorigin.com
- zendesk.com
- "zendesk.com"
- zopim.com
- type: word

View File

@ -7,9 +7,9 @@ info:
description: A DNS WAF was detected.
classification:
cwe-id: CWE-200
tags: tech,waf,dns
metadata:
max-request: 2
tags: tech,waf,dns
dns:
- name: "{{FQDN}}"
@ -17,7 +17,6 @@ dns:
- name: "{{FQDN}}"
type: NS
matchers:
- type: word
part: answer

View File

@ -10,14 +10,13 @@ info:
- https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/
classification:
cwe-id: CWE-200
tags: dns,dnssec
metadata:
max-request: 1
tags: dns,dnssec
dns:
- name: "{{FQDN}}"
type: DS
matchers:
- type: regex
part: answer

View File

@ -9,9 +9,9 @@ info:
- https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
classification:
cwe-id: CWE-200
tags: dns,ec2,aws
metadata:
max-request: 1
tags: dns,ec2,aws
dns:
- name: "{{FQDN}}"

View File

@ -4,8 +4,7 @@ info:
name: ElasticBeanstalk Subdomain Takeover Detection
author: philippedelteil,rotemreiss,zy9ard3,joaonevess
severity: high
description: ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical
name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
description: ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
reference:
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/147
- https://twitter.com/payloadartist/status/1362035009863880711

View File

@ -10,14 +10,13 @@ info:
- https://mxtoolbox.com/
classification:
cwe-id: CWE-200
tags: dns,mx
metadata:
max-request: 1
tags: dns,mx
dns:
- name: "{{FQDN}}"
type: MX
matchers:
- type: regex
part: answer

View File

@ -7,9 +7,9 @@ info:
description: An email service was detected. Check the email service or spam filter that is used for a domain.
classification:
cwe-id: CWE-200
tags: dns,service
metadata:
max-request: 1
tags: dns,service
dns:
- name: "{{FQDN}}"

View File

@ -7,14 +7,13 @@ info:
description: An NS record was detected. An NS record delegates a subdomain to a set of name servers.
classification:
cwe-id: CWE-200
tags: dns,ns
metadata:
max-request: 1
tags: dns,ns
dns:
- name: "{{FQDN}}"
type: NS
matchers:
- type: regex
part: answer

View File

@ -7,14 +7,13 @@ info:
description: A PTR record was detected. A PTR record refers to the domain name.
classification:
cwe-id: CWE-200
tags: dns,ptr
metadata:
max-request: 1
tags: dns,ptr
dns:
- name: "{{FQDN}}"
type: PTR
matchers:
- type: regex
part: answer

View File

@ -4,18 +4,16 @@ info:
name: DNS Servfail Host Finder
author: pdteam
severity: info
description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary
networking issue.
description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.
classification:
cwe-id: CWE-200
tags: dns,takeover
metadata:
max-request: 1
tags: dns,takeover
dns:
- name: "{{FQDN}}"
type: A
matchers:
- type: word
words:

View File

@ -9,14 +9,13 @@ info:
- https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
classification:
cwe-id: CWE-200
tags: dns,spf
metadata:
max-request: 1
tags: dns,spf
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: word
words:

View File

@ -9,14 +9,13 @@ info:
- https://www.netspi.com/blog/technical/network-penetration-testing/analyzing-dns-txt-records-to-fingerprint-service-providers/
classification:
cwe-id: CWE-200
tags: dns,txt
metadata:
max-request: 1
tags: dns,txt
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: regex
part: answer

View File

@ -9,14 +9,13 @@ info:
- https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
classification:
cwe-id: CWE-200
tags: dns,service
metadata:
max-request: 1
tags: dns,service
dns:
- name: "{{FQDN}}"
type: A
matchers:
- type: word
words:

View File

@ -5,13 +5,12 @@ info:
author: gaurang
severity: low
description: ADB Backup is enabled, which allows the backup and restore of an app's private data.
remediation: Ensure proper access or disable completely.
reference:
- https://adb-backup.com/
classification:
cwe-id: CWE-200
remediation: Ensure proper access or disable completely.
tags: android,file
file:
- extensions:
- all

View File

@ -7,14 +7,12 @@ info:
description: Android Biometric/Fingerprint permission files were detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -7,14 +7,12 @@ info:
description: Android content scheme enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
matchers:
- type: word
words:

View File

@ -6,11 +6,9 @@ info:
severity: low
description: Android debug enabling was detected.
tags: android,file
file:
- extensions:
- all
matchers:
- type: regex
regex:

View File

@ -11,12 +11,11 @@ info:
- https://medium.com/@muratcanbur/intro-to-deep-linking-on-android-1b9fe9e38abd
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: android,file,deeplink
file:
- extensions:
- xml

View File

@ -7,14 +7,12 @@ info:
description: Android dynamic broadcast receiver register functionality was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -7,14 +7,12 @@ info:
description: Android file scheme enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
matchers:
- type: word
words:

View File

@ -5,10 +5,9 @@ info:
author: Thabisocn
severity: info
metadata:
github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
verified: "true"
github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
tags: file,android,google
file:
- extensions:
- all

View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: regex
regex:

View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -7,14 +7,12 @@ info:
description: WebView Javascript enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file,javascript
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -7,14 +7,12 @@ info:
description: WebView loadUrl usage was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco authentication, authorization and accounting service configuration was detected.
Cisco authentication, authorization and accounting service configuration was detected.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco service timestamp configuration for log messages was not implemented.
Cisco service timestamp configuration for log messages was not implemented.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,16 +5,15 @@ info:
author: pussycat0x
severity: info
description: |
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Disable IP source-route where appropriate.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
reference:
- http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,11 +5,10 @@ info:
author: pussycat0x
severity: info
description: |
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco logging 'logging enable' enable command enforces the monitoring of technology risks for organizations' network devices.
Cisco logging 'logging enable' enable command enforces the monitoring of technology risks for organizations' network devices.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf

View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-e1.html#wp3884449514
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf

View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -9,10 +9,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: fortigate,config,audit,file,firewall
file:
- extensions:
- conf

View File

@ -9,10 +9,9 @@ info:
- https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -7,7 +7,6 @@ info:
description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

View File

@ -10,10 +10,9 @@ info:
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,pfsense
file:
- extensions:
- xml

View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

View File

@ -10,10 +10,9 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/general.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

View File

@ -9,7 +9,6 @@ info:
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
tags: bash,file,shell,sh
file:
- extensions:
- sh

View File

@ -8,10 +8,9 @@ info:
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: electron,file
file:
- extensions:
- json

View File

@ -10,13 +10,10 @@ info:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
tags: electron,file,nodejs
file:
- extensions:
- all
matchers:
- type: word
words:
- "nodeIntegration: true"

View File

@ -9,7 +9,6 @@ info:
metadata:
verified: true
tags: file,js-analyse,js,javascript
file:
- extensions:
- js

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: adafruit,file,keys
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: adobe,file,token
file:
- extensions:
- all

View File

@ -12,7 +12,6 @@ info:
metadata:
verified: true
tags: adobe,oauth,file,token
file:
- extensions:
- all

View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all

View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: airtable,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: algolia,file,keys
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: alibaba,access,file,keys
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: alibaba,secret,file,keys
file:
- extensions:
- all

View File

@ -9,12 +9,11 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: aws,amazon,token,file
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: token,file,amazon,auth
file:
- extensions:
- all

View File

@ -9,12 +9,11 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: aws,amazon,token,file,session
file:
- extensions:
- all

View File

@ -7,10 +7,9 @@ info:
description: Amazon SNS token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: file,token,amazon,aws
file:
- extensions:
- all

View File

@ -7,10 +7,9 @@ info:
description: Amazon Web Services Access Key ID token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

View File

@ -7,10 +7,9 @@ info:
description: Amazon Web Services Cognito Pool ID token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: asana,client,file,keys
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: asana,client,file,keys,secret
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: atlassian,file,token,api
file:
- extensions:
- all

View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: azure,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: beamer,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all

View File

@ -9,10 +9,9 @@ info:
- https://github.com/BranchMetrics/android-branch-deep-linking-attribution/issues/74
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: clojars,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
cvss-score: 7.5
cwe-id: CWE-200
tags: token,file,cloudinary
file:
- extensions:
- all

View File

@ -10,12 +10,11 @@ info:
- https://github.com/codeclimate/ruby-test-reporter/issues/34
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: codeclimate,token,file
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: codecov,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: coinbase,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: contentful,file,token
file:
- extensions:
- all

View File

@ -11,12 +11,11 @@ info:
- https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: crates,token,file
file:
- extensions:
- all

File diff suppressed because it is too large Load Diff

View File

@ -10,7 +10,6 @@ info:
cvss-score: 7.5
cwe-id: CWE-200
tags: token,file,auth
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: databricks,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: datadog,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all

View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all

Some files were not shown because too many files have changed in this diff Show More