daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Linting refactor to make yamllint happy

patch-1
Ice3man543 2020-05-25 17:22:12 +05:30
parent 10145eae51
commit 1758728197
7 changed files with 116 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/syntax-checking.yml vendored
View File

@ -1,19 +1,21 @@
name: syntax-checking name: syntax-checking
on: "on":
push: push:
branches: [ master ] branches:
- master
pull_request: pull_request:
branches: [ master ] branches:
- master
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: 'Yamllint' - name: Yamllint
uses: karancode/yamllint-github-action@master uses: karancode/yamllint-github-action@master
with: with:
yamllint_config_filepath: .yamllint yamllint_config_filepath: .yamllint
yamllint_strict: false yamllint_strict: false
yamllint_comment: true yamllint_comment: true

28
basic-detections/general-tokens.yaml
View File

@ -1,7 +1,5 @@
id: general-tokens id: general-tokens
#this will create a huge load of false positive
info: info:
name: General Tokens name: General Tokens
author: nadino author: nadino
@ -10,23 +8,23 @@ info:
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}" - '{{BaseURL}}'
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'regex("TOKEN[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any TOKEN word - regex("TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
- 'regex("API[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any API word - regex("API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
- 'regex("KEY[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any KEY word - regex("KEY[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
- 'regex("SECRET[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any SECRET word - regex("SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
- 'regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any AUTHORIZATION word - regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
- 'regex("PASSWORD[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any PASSWORD word - regex("PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
extractors: extractors:
- type: regex - type: regex
part: body part: body
regex: regex:
- "(T|t)(O|o)(K|k)(E|e)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)+( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (T|t)(O|o)(K|k)(E|e)(N|n)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)+()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
- "(A|a)(P|p)(Ii)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
- "(K|k)(E|e)(Y|y)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (K|k)(E|e)(Y|y)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
- "(S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
- "(A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
- "(P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - (P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?

6
panels/webeditors.yaml
View File

@ -9,12 +9,12 @@ requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/fckeditor/_samples/default.html" - "{{BaseURL}}/fckeditor/_samples/default.html"
- "{{BaseURL}}/ckeditor/samples/" - "{{BaseURL}}/ckeditor/samples/"
- "{{BaseURL}}/editor/ckeditor/samples/" - "{{BaseURL}}/editor/ckeditor/samples/"
- "{{BaseURL}}/ckeditor/samples/sample_posteddata.php" - "{{BaseURL}}/ckeditor/samples/sample_posteddata.php"
- "{{BaseURL}}/editor/ckeditor/samples/sample_posteddata.php" - "{{BaseURL}}/editor/ckeditor/samples/sample_posteddata.php"
- "{{BaseURL}}/fck/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" - "{{BaseURL}}/fck/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php"
- "{{BaseURL}}/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheckder.php" - "{{BaseURL}}/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheckder.php"
- "{{BaseURL}}/ueditor/php/getRemoteImage.php" - "{{BaseURL}}/ueditor/php/getRemoteImage.php"
matchers: matchers:
- type: word - type: word

2
security-misconfiguration/basic-cors.yaml
View File

@ -10,7 +10,7 @@ requests:
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
headers: headers:
Origin: https://evil.com Origin: "https://evil.com"
matchers: matchers:
- type: word - type: word
words: words:

168
subdomain-takeover/detect-all-takeovers.yaml
View File

@ -41,310 +41,310 @@ requests:
- type: regex - type: regex
name: worksites name: worksites
regex: regex:
- "(?:Company Not Found|you’re looking for doesn’t exist)" - "(?:Company Not Found|you’re looking for doesn’t exist)"
- type: word - type: word
name: landingi name: landingi
words: words:
- It looks like you're lost - It looks like you're lost
- The page you are looking for is not found - The page you are looking for is not found
- type: word - type: word
name: helprace name: helprace
words: words:
- Alias not configured! - Alias not configured!
- Admin of this Helprace account needs to set up domain alias - Admin of this Helprace account needs to set up domain alias
- "(see Step 2 here: Using your own domain with Helprace)." - "(see Step 2 here: Using your own domain with Helprace)."
- type: word - type: word
name: canny name: canny
words: words:
- Company Not Found - Company Not Found
- There is no such company. Did you enter the right URL? - There is no such company. Did you enter the right URL?
- type: word - type: word
name: ngrok name: ngrok
words: words:
- ngrok.io not found - ngrok.io not found
- Tunnel *.ngrok.io not found - Tunnel *.ngrok.io not found
- type: word - type: word
name: tumblr name: tumblr
words: words:
- Whatever you were looking for doesn't currently exist at this address. - Whatever you were looking for doesn't currently exist at this address.
- There's nothing here. - There's nothing here.
- type: word - type: word
name: github name: github
words: words:
- There isn't a GitHub Pages site here. - There isn't a GitHub Pages site here.
- For root URLs (like http://example.com/) you must provide an index.html file - For root URLs (like http://example.com/) you must provide an index.html file
- type: word - type: word
name: heroku name: heroku
words: words:
- There's nothing here, yet. - There's nothing here, yet.
- herokucdn.com/error-pages/no-such-app.html - herokucdn.com/error-pages/no-such-app.html
- "<title>No such app</title>" - "<title>No such app</title>"
- type: word - type: word
name: tictail name: tictail
words: words:
- Building a brand of your own? - Building a brand of your own?
- 'to target URL: <a href="https://tictail.com' - 'to target URL: <a href="https://tictail.com'
- Start selling on Tictail. - Start selling on Tictail.
- type: word - type: word
name: campaignmonitor name: campaignmonitor
words: words:
- "<strong>Trying to access your account?</strong>" - "<strong>Trying to access your account?</strong>"
- or <a href="mailto:help@createsend.com - or <a href="mailto:help@createsend.com
- type: word - type: word
name: cargocollective name: cargocollective
words: words:
- <div class="notfound"> - <div class="notfound">
- 404 Not Found<br> - 404 Not Found<br>
- type: word - type: word
name: statuspage name: statuspage
words: words:
- Better Status Communication - Better Status Communication
- You are being <a href="https://www.statuspage.io">redirected - You are being <a href="https://www.statuspage.io">redirected
- type: word - type: word
name: bitbucket name: bitbucket
words: words:
- The page you have requested does not exist - The page you have requested does not exist
- Repository not found - Repository not found
- type: word - type: word
name: smartling name: smartling
words: words:
- Domain is not configured - Domain is not configured
- type: word - type: word
name: acquia name: acquia
words: words:
- If you are an Acquia Cloud customer and expect to see your site at this address - If you are an Acquia Cloud customer and expect to see your site at this address
- The site you are looking for could not be found. - The site you are looking for could not be found.
- type: word - type: word
name: uservoice name: uservoice
words: words:
- This UserVoice subdomain is currently available! - This UserVoice subdomain is currently available!
- type: word - type: word
name: ghost name: ghost
words: words:
- The thing you were looking for is no longer here - The thing you were looking for is no longer here
- The thing you were looking for is no longer here, or never was - The thing you were looking for is no longer here, or never was
- type: word - type: word
name: tilda name: tilda
words: words:
- Domain has been assigned - Domain has been assigned
- type: word - type: word
name: wordpress name: wordpress
words: words:
- Do you want to register - Do you want to register
- type: word - type: word
name: teamwork name: teamwork
words: words:
- Oops - We didn't find your site. - Oops - We didn't find your site.
- type: word - type: word
name: helpjuice name: helpjuice
words: words:
- We could not find what you're looking for. - We could not find what you're looking for.
- type: word - type: word
name: helpscout name: helpscout
words: words:
- 'No settings were found for this company:' - "No settings were found for this company:"
- type: word - type: word
name: cargo name: cargo
words: words:
- If you're moving your domain away from Cargo you must make this configuration - If you're moving your domain away from Cargo you must make this configuration
through your registrar's DNS control panel. through your registrar's DNS control panel.
- type: word - type: word
name: feedpress name: feedpress
words: words:
- The feed has not been found. - The feed has not been found.
- type: word - type: word
name: surge name: surge
words: words:
- project not found - project not found
- type: word - type: word
name: surveygizmo name: surveygizmo
words: words:
- data-html-name - data-html-name
- type: word - type: word
name: mashery name: mashery
words: words:
- Unrecognized domain <strong> - Unrecognized domain <strong>
- type: word - type: word
name: intercom name: intercom
words: words:
- This page is reserved for artistic dogs. - This page is reserved for artistic dogs.
- <h1 class="headline">Uh oh. That page doesnt exist.</h1> - <h1 class="headline">Uh oh. That page doesnt exist.</h1>
- type: word - type: word
name: webflow name: webflow
words: words:
- <p class="description">The page you are looking for doesn't exist or has been - <p class="description">The page you are looking for doesn't exist or has been
moved.</p> moved.</p>
- type: word - type: word
name: thinkific name: thinkific
words: words:
- You may have mistyped the address or the page may have moved. - You may have mistyped the address or the page may have moved.
- type: word - type: word
name: tave name: tave
words: words:
- "<h1>Error 404: Page Not Found</h1>" - "<h1>Error 404: Page Not Found</h1>"
- type: word - type: word
name: wishpond name: wishpond
words: words:
- https://www.wishpond.com/404?campaign=true - https://www.wishpond.com/404?campaign=true
- type: word - type: word
name: aftership name: aftership
words: words:
- Oops.</h2><p class="text-muted text-tight">The page you're looking for doesn't - Oops.</h2><p class="text-muted text-tight">The page you're looking for doesn't
exist. exist.
- type: word - type: word
name: aha name: aha
words: words:
- There is no portal here ... sending you back to Aha! - There is no portal here ... sending you back to Aha!
- type: word - type: word
name: brightcove name: brightcove
words: words:
- '<p class="bc-gallery-error-code">Error Code: 404</p>' - '<p class="bc-gallery-error-code">Error Code: 404</p>'
- type: word - type: word
name: bigcartel name: bigcartel
words: words:
- "<h1>Oops! We couldn&#8217;t find that page.</h1>" - "<h1>Oops! We couldn&#8217;t find that page.</h1>"
- type: word - type: word
name: activecompaign name: activecompaign
words: words:
- alt="LIGHTTPD - fly light." - alt="LIGHTTPD - fly light."
- type: word - type: word
name: compaignmonitor name: compaignmonitor
words: words:
- Double check the URL or <a href="mailto:help@createsend.com - Double check the URL or <a href="mailto:help@createsend.com
- type: word - type: word
name: acquia name: acquia
words: words:
- The site you are looking for could not be found. - The site you are looking for could not be found.
- type: word - type: word
name: proposify name: proposify
words: words:
- If you need immediate assistance, please contact <a href="mailto:support@proposify.biz - If you need immediate assistance, please contact <a href="mailto:support@proposify.biz
- type: word - type: word
name: simplebooklet name: simplebooklet
words: words:
- We can't find this <a href="https://simplebooklet.com - We can't find this <a href="https://simplebooklet.com
- type: word - type: word
name: getresponse name: getresponse
words: words:
- With GetResponse Landing Pages, lead generation has never been easier - With GetResponse Landing Pages, lead generation has never been easier
- type: word - type: word
name: vend name: vend
words: words:
- Looks like you've traveled too far into cyberspace. - Looks like you've traveled too far into cyberspace.
- type: word - type: word
name: jetbrains name: jetbrains
words: words:
- is not a registered InCloud YouTrack. - is not a registered InCloud YouTrack.
- type: word - type: word
name: readme name: readme
words: words:
- Project doesnt exist... yet! - Project doesnt exist... yet!
- type: word - type: word
name: smugmug name: smugmug
words: words:
- '{"text":"Page Not Found"' - '{"text":"Page Not Found"'
- type: word - type: word
name: airee name: airee
words: words:
- Ошибка 402. Сервис Айри.рф не оплачен - Ошибка 402. Сервис Айри.рф не оплачен
- type: word - type: word
name: kinsta name: kinsta
words: words:
- No Site For Domain - No Site For Domain
- type: word - type: word
name: launchrock name: launchrock
words: words:
- It looks like you may have taken a wrong turn somewhere. Don't worry...it happens - It looks like you may have taken a wrong turn somewhere. Don't worry...it happens
to all of us. to all of us.
- type: word - type: word
name: Strikingly name: Strikingly
words: words:
- But if you're looking to build your own website - But if you're looking to build your own website
- you've come to the right place. - you've come to the right place.
- type: word - type: word
name: HatenaBlog name: HatenaBlog
words: words:
- 404 Blog is not found - 404 Blog is not found
- Sorry, we can't find the page you're looking for. - Sorry, we can't find the page you're looking for.
- type: word - type: word
name: wufoo name: wufoo
words: words:
- Profile not found - Profile not found
- Hmmm....something is not right. - Hmmm....something is not right.
- type: word - type: word
name: hubspot name: hubspot
words: words:
- Domain not found - Domain not found
- does not exist in our system - does not exist in our system
- type: word - type: word
name: jazzhr name: jazzhr
words: words:
- This account no longer active - This account no longer active
- type: word - type: word
name: smartjob name: smartjob
words: words:
- Job Board Is Unavailable - Job Board Is Unavailable
- This job board website is either expired - This job board website is either expired
- This job board website is either expired or its domain name is invalid. - This job board website is either expired or its domain name is invalid.
- type: regex - type: regex
name: Uptimerobot name: Uptimerobot
regex: regex:
- "^page not found$" - "^page not found$"
- type: word - type: word
name: agile name: agile

4
tokens/slack-access-token.yaml
View File

@ -1,7 +1,7 @@
id: slack-access-token id: slack-access-token
#xoxp-702234529XXX-688970480XXX-109182524XXXX-87fa5b4d2e62ac5c16fc6ea93bXXXXXX # xoxp-702234529XXX-688970480XXX-109182524XXXX-87fa5b4d2e62ac5c16fc6ea93bXXXXXX
#xoxb-702234529XXX-1076883857XXX-Ou9aRuvtFZ4DuTsepevXXXXX # xoxb-702234529XXX-1076883857XXX-Ou9aRuvtFZ4DuTsepevXXXXX
info: info:
name: Slack access token name: Slack access token

2
vulnerabilities/cached-aem-pages.yaml
View File

@ -4,7 +4,7 @@ info:
name: Invalidate / Flush Cached Pages From AEM name: Invalidate / Flush Cached Pages From AEM
author: hetroublemakr author: hetroublemakr
severity: low severity: low
#reference: @AEMSecurity # reference: @AEMSecurity
requests: requests:
- method: GET - method: GET