daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:main' into main

patch-1
Luis Felipe 2023-10-14 14:07:13 -03:00 committed by GitHub
parent 6067fa8d03 c46b3aaf20
commit 1ff0d90499
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6972 changed files with 33092 additions and 25425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/templateman.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@master
- uses: actions/checkout@v4
with:
fetch-depth: 0
@ -24,12 +24,15 @@ jobs:
- name: Install TemplateMan CLI Client
run: |
go install -v github.com/projectdiscovery/nuclei/v2/cmd/tmc@dev
git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github
git clone https://github.com/projectdiscovery/templateman.git
cd templateman/templateman-cli/cmd/tmc
go install
- name: Run TemplateMan
id: tmc
run: |
tmc -i $GITHUB_WORKSPACE -mr
tmc -t GITHUB_WORKSPACE -mr -e
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files

45
.new-additions
View File

@ -1,41 +1,4 @@
file/android/google-storage-bucket.yaml
http/cves/2014/CVE-2014-9180.yaml
http/cves/2022/CVE-2022-48197.yaml
http/cves/2023/CVE-2023-2224.yaml
http/cves/2023/CVE-2023-22432.yaml
http/cves/2023/CVE-2023-2479.yaml
http/cves/2023/CVE-2023-2766.yaml
http/cves/2023/CVE-2023-29357.yaml
http/cves/2023/CVE-2023-30625.yaml
http/cves/2023/CVE-2023-33831.yaml
http/cves/2023/CVE-2023-36845.yaml
http/cves/2023/CVE-2023-38501.yaml
http/cves/2023/CVE-2023-42442.yaml
http/cves/2023/CVE-2023-42793.yaml
http/cves/2023/CVE-2023-43261.yaml
http/cves/2023/CVE-2023-4568.yaml
http/cves/2023/CVE-2023-5074.yaml
http/exposed-panels/ws_ftp-server-web-transfer.yaml
http/exposures/logs/milesight-system-log.yaml
http/exposures/tokens/jotform/jotform-api-key.yaml
http/misconfiguration/installer/akeeba-installer.yaml
http/misconfiguration/installer/alma-installer.yaml
http/misconfiguration/installer/bitrix24-installer.yaml
http/misconfiguration/installer/clipbucket-installer.yaml
http/misconfiguration/installer/dolphin-installer.yaml
http/misconfiguration/installer/gibbon-installer.yaml
http/misconfiguration/installer/klr300n-installer.yaml
http/misconfiguration/installer/mantisbt-installer.yaml
http/misconfiguration/installer/ojs-installer.yaml
http/misconfiguration/installer/shopware-installer.yaml
http/misconfiguration/installer/vironeer-installer.yaml
http/misconfiguration/installer/zabbix-installer.yaml
http/misconfiguration/installer/zencart-installer.yaml
http/misconfiguration/unauth-celery-flower.yaml
http/technologies/blazor-webassembly-detect.yaml
http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml
http/vulnerabilities/sangfor/sangfor-ngaf-lfi.yaml
http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml
network/detection/bgp-detect.yaml
network/detection/exim-detect.yaml
network/detection/ws_ftp-ssh-detect.yaml
http/cves/2021/CVE-2021-41749.yaml
http/cves/2023/CVE-2023-4451.yaml
http/exposed-panels/sphinxonline-panel.yaml
http/technologies/checkpoint-mobile-detect.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 2065 | dhiyaneshdk | 1059 | http | 6462 | info | 3225 | file | 309 |
| panel | 988 | dwisiswant0 | 798 | file | 309 | high | 1346 | dns | 17 |
| wordpress | 832 | daffainfo | 787 | workflows | 191 | medium | 1284 | | |
| exposure | 791 | pikpikcu | 353 | network | 116 | critical | 824 | | |
| xss | 730 | pussycat0x | 291 | ssl | 26 | low | 231 | | |
| wp-plugin | 721 | pdteam | 283 | dns | 17 | unknown | 29 | | |
| osint | 675 | ritikchaddha | 261 | headless | 9 | | | | |
| tech | 632 | ricardomaia | 225 | TEMPLATES-STATS.json | 1 | | | | |
| lfi | 601 | geeknik | 221 | contributors.json | 1 | | | | |
| edb | 598 | 0x_akoko | 179 | cves.json | 1 | | | | |
| cve | 2090 | dhiyaneshdk | 1085 | http | 6532 | info | 3249 | file | 310 |
| panel | 998 | dwisiswant0 | 798 | file | 310 | high | 1372 | dns | 17 |
| wordpress | 834 | daffainfo | 787 | workflows | 191 | medium | 1295 | | |
| exposure | 817 | pikpikcu | 353 | network | 119 | critical | 833 | | |
| xss | 735 | pussycat0x | 293 | ssl | 27 | low | 235 | | |
| wp-plugin | 723 | pdteam | 284 | dns | 17 | unknown | 30 | | |
| osint | 675 | ritikchaddha | 272 | headless | 9 | | | | |
| tech | 634 | ricardomaia | 226 | TEMPLATES-STATS.json | 1 | | | | |
| lfi | 603 | geeknik | 221 | cves.json | 1 | | | | |
| edb | 598 | theamanrawat | 181 | contributors.json | 1 | | | | |
**502 directories, 7374 files**.
**505 directories, 7450 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

7450
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 2065 | dhiyaneshdk | 1059 | http | 6462 | info | 3225 | file | 309 |
| panel | 988 | dwisiswant0 | 798 | file | 309 | high | 1346 | dns | 17 |
| wordpress | 832 | daffainfo | 787 | workflows | 191 | medium | 1284 | | |
| exposure | 791 | pikpikcu | 353 | network | 116 | critical | 824 | | |
| xss | 730 | pussycat0x | 291 | ssl | 26 | low | 231 | | |
| wp-plugin | 721 | pdteam | 283 | dns | 17 | unknown | 29 | | |
| osint | 675 | ritikchaddha | 261 | headless | 9 | | | | |
| tech | 632 | ricardomaia | 225 | TEMPLATES-STATS.json | 1 | | | | |
| lfi | 601 | geeknik | 221 | contributors.json | 1 | | | | |
| edb | 598 | 0x_akoko | 179 | cves.json | 1 | | | | |
| cve | 2090 | dhiyaneshdk | 1085 | http | 6532 | info | 3249 | file | 310 |
| panel | 998 | dwisiswant0 | 798 | file | 310 | high | 1372 | dns | 17 |
| wordpress | 834 | daffainfo | 787 | workflows | 191 | medium | 1295 | | |
| exposure | 817 | pikpikcu | 353 | network | 119 | critical | 833 | | |
| xss | 735 | pussycat0x | 293 | ssl | 27 | low | 235 | | |
| wp-plugin | 723 | pdteam | 284 | dns | 17 | unknown | 30 | | |
| osint | 675 | ritikchaddha | 272 | headless | 9 | | | | |
| tech | 634 | ricardomaia | 226 | TEMPLATES-STATS.json | 1 | | | | |
| lfi | 603 | geeknik | 221 | cves.json | 1 | | | | |
| edb | 598 | theamanrawat | 181 | contributors.json | 1 | | | | |

11
cves.json
View File

@ -1357,6 +1357,7 @@
{"ID":"CVE-2021-41649","Info":{"Name":"PuneethReddyHC Online Shopping System homeaction.php SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41649.yaml"}
{"ID":"CVE-2021-41653","Info":{"Name":"TP-Link - OS Command Injection","Severity":"critical","Description":"The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41653.yaml"}
{"ID":"CVE-2021-41691","Info":{"Name":"openSIS Student Information System 8.0 SQL Injection","Severity":"high","Description":"openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-41691.yaml"}
{"ID":"CVE-2021-41749","Info":{"Name":"CraftCMS SEOmatic - Server-Side Template Injection","Severity":"critical","Description":"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41749.yaml"}
{"ID":"CVE-2021-41773","Info":{"Name":"Apache 2.4.49 - Path Traversal and Remote Code Execution","Severity":"high","Description":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41773.yaml"}
{"ID":"CVE-2021-41826","Info":{"Name":"PlaceOS 1.2109.1 - Open Redirection","Severity":"medium","Description":"PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41826.yaml"}
{"ID":"CVE-2021-41878","Info":{"Name":"i-Panel Administration System 2.0 - Cross-Site Scripting","Severity":"medium","Description":"i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41878.yaml"}
@ -1611,6 +1612,7 @@
{"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"}
{"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"}
{"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"}
{"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"}
{"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"}
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"}
{"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"}
@ -1896,6 +1898,7 @@
{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"}
{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"}
{"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a privilege escalation vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"}
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"}
@ -1966,6 +1969,7 @@
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30013","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"command\" parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30013.yaml"}
{"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"}
{"ID":"CVE-2023-30150","Info":{"Name":"PrestaShop leocustomajax 1.0 \u0026 1.0.0 - SQL Injection","Severity":"critical","Description":"PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30150.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
@ -1975,6 +1979,7 @@
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
{"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
@ -1982,6 +1987,7 @@
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-32563","Info":{"Name":"Ivanti Avalanche - Remote Code Execution","Severity":"critical","Description":"An unauthenticated attacker could achieve the code execution through a RemoteControl server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32563.yaml"}
{"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"}
{"ID":"CVE-2023-33405","Info":{"Name":"BlogEngine CMS - Open Redirect","Severity":"medium","Description":"Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-33405.yaml"}
{"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"}
{"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"}
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
@ -1990,6 +1996,7 @@
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"high","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"high","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
@ -2001,6 +2008,7 @@
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"}
@ -2014,6 +2022,7 @@
{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}
{"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"}
{"ID":"CVE-2023-37474","Info":{"Name":"Copyparty \u003c= 1.8.2 - Directory Traversal","Severity":"high","Description":"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-37474.yaml"}
{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"}
{"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"}
{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"}
@ -2033,12 +2042,14 @@
{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"}
{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"}
{"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"low","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"}
{"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"}
{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"}
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"high","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
b9bc75b80d10c42a1e0b6cf8662fbd25
d075f81058a2f85a9dc9fb3cbac58ec9

2
dns/azure-takeover-detection.yaml
View File

@ -13,9 +13,9 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-404
tags: dns,takeover,azure
metadata:
max-request: 1
tags: dns,takeover,azure
dns:
- name: "{{FQDN}}"

5
dns/caa-fingerprint.yaml
View File

@ -9,14 +9,13 @@ info:
- https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record
classification:
cwe-id: CWE-200
tags: dns,caa
metadata:
max-request: 1
tags: dns,caa
dns:
- name: "{{FQDN}}"
type: CAA
matchers:
- type: regex
regex:
@ -28,4 +27,4 @@ dns:
regex:
- 'issue "(.*)"'
- 'issuewild "(.*)"'
- 'iodef "(.*)"'
- 'iodef "(.*)"'

4
dns/detect-dangling-cname.yaml
View File

@ -12,9 +12,9 @@ info:
- https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
classification:
cwe-id: CWE-200
tags: dns,takeover
metadata:
max-request: 1
tags: dns,takeover
dns:
- name: "{{FQDN}}"
@ -33,4 +33,4 @@ dns:
extractors:
- type: dsl
dsl:
- cname
- cname

7
dns/dmarc-detect.yaml
View File

@ -11,16 +11,15 @@ info:
- https://dmarc.org/wiki/FAQ#Why_is_DMARC_important.3F
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: dns,dmarc
metadata:
max-request: 1
tags: dns,dmarc
dns:
- name: "_dmarc.{{FQDN}}"
type: TXT
matchers:
- type: regex
part: answer
@ -31,4 +30,4 @@ dns:
- type: regex
group: 1
regex:
- "IN\tTXT\t(.+)"
- "IN\tTXT\t(.+)"

5
dns/dns-saas-service-detection.yaml
View File

@ -254,8 +254,7 @@ dns:
- type: word
part: answer
name: adobe-marketo
- 'mkto-.{5,8}\.com'
name: adobe-marketo - 'mkto-.{5,8}\.com'
- type: word
part: answer
@ -349,7 +348,7 @@ dns:
words:
- zdassets.com
- zdorigin.com
- zendesk.com
- "zendesk.com"
- zopim.com
- type: word

5
dns/dns-waf-detect.yaml
View File

@ -7,9 +7,9 @@ info:
description: A DNS WAF was detected.
classification:
cwe-id: CWE-200
tags: tech,waf,dns
metadata:
max-request: 2
tags: tech,waf,dns
dns:
- name: "{{FQDN}}"
@ -17,7 +17,6 @@ dns:
- name: "{{FQDN}}"
type: NS
matchers:
- type: word
part: answer
@ -192,4 +191,4 @@ dns:
part: answer
name: edns
words:
- ".iidns.com"
- ".iidns.com"

5
dns/dnssec-detection.yaml
View File

@ -10,16 +10,15 @@ info:
- https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/
classification:
cwe-id: CWE-200
tags: dns,dnssec
metadata:
max-request: 1
tags: dns,dnssec
dns:
- name: "{{FQDN}}"
type: DS
matchers:
- type: regex
part: answer
regex:
- "IN\tDS\\t(.+)$"
- "IN\tDS\\t(.+)$"

4
dns/ec2-detection.yaml
View File

@ -9,9 +9,9 @@ info:
- https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
classification:
cwe-id: CWE-200
tags: dns,ec2,aws
metadata:
max-request: 1
tags: dns,ec2,aws
dns:
- name: "{{FQDN}}"
@ -21,4 +21,4 @@ dns:
- type: regex
regex:
- "ec2-[-\\d]+\\.compute[-\\d]*\\.amazonaws\\.com"
- "ec2-[-\\d]+\\.[\\w\\d\\-]+\\.compute[-\\d]*\\.amazonaws\\.com"
- "ec2-[-\\d]+\\.[\\w\\d\\-]+\\.compute[-\\d]*\\.amazonaws\\.com"

3
dns/elasticbeanstalk-takeover.yaml
View File

@ -4,8 +4,7 @@ info:
name: ElasticBeanstalk Subdomain Takeover Detection
author: philippedelteil,rotemreiss,zy9ard3,joaonevess
severity: high
description: ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical
name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
description: ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
reference:
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/147
- https://twitter.com/payloadartist/status/1362035009863880711

5
dns/mx-fingerprint.yaml
View File

@ -10,14 +10,13 @@ info:
- https://mxtoolbox.com/
classification:
cwe-id: CWE-200
tags: dns,mx
metadata:
max-request: 1
tags: dns,mx
dns:
- name: "{{FQDN}}"
type: MX
matchers:
- type: regex
part: answer
@ -28,4 +27,4 @@ dns:
- type: regex
group: 1
regex:
- "IN\tMX\t(.+)"
- "IN\tMX\t(.+)"

4
dns/mx-service-detector.yaml
View File

@ -7,9 +7,9 @@ info:
description: An email service was detected. Check the email service or spam filter that is used for a domain.
classification:
cwe-id: CWE-200
tags: dns,service
metadata:
max-request: 1
tags: dns,service
dns:
- name: "{{FQDN}}"
@ -80,4 +80,4 @@ dns:
name: "Proofpoint US"
words:
- "mx1-us1.ppe-hosted.com"
- "mx2-us1.ppe-hosted.com"
- "mx2-us1.ppe-hosted.com"

5
dns/nameserver-fingerprint.yaml
View File

@ -7,14 +7,13 @@ info:
description: An NS record was detected. An NS record delegates a subdomain to a set of name servers.
classification:
cwe-id: CWE-200
tags: dns,ns
metadata:
max-request: 1
tags: dns,ns
dns:
- name: "{{FQDN}}"
type: NS
matchers:
- type: regex
part: answer
@ -25,4 +24,4 @@ dns:
- type: regex
group: 1
regex:
- "IN\tNS\t(.+)"
- "IN\tNS\t(.+)"

5
dns/ptr-fingerprint.yaml
View File

@ -7,14 +7,13 @@ info:
description: A PTR record was detected. A PTR record refers to the domain name.
classification:
cwe-id: CWE-200
tags: dns,ptr
metadata:
max-request: 1
tags: dns,ptr
dns:
- name: "{{FQDN}}"
type: PTR
matchers:
- type: regex
part: answer
@ -25,4 +24,4 @@ dns:
- type: regex
group: 1
regex:
- "IN\tPTR\t(.+)"
- "IN\tPTR\t(.+)"

8
dns/servfail-refused-hosts.yaml
View File

@ -4,20 +4,18 @@ info:
name: DNS Servfail Host Finder
author: pdteam
severity: info
description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary
networking issue.
description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.
classification:
cwe-id: CWE-200
tags: dns,takeover
metadata:
max-request: 1
tags: dns,takeover
dns:
- name: "{{FQDN}}"
type: A
matchers:
- type: word
words:
- "SERVFAIL"
- "REFUSED"
- "REFUSED"

5
dns/spoofable-spf-records-ptr.yaml
View File

@ -9,17 +9,16 @@ info:
- https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
classification:
cwe-id: CWE-200
tags: dns,spf
metadata:
max-request: 1
tags: dns,spf
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: word
words:
- "v=spf1"
- " ptr "
condition: and
condition: and

5
dns/txt-fingerprint.yaml
View File

@ -9,14 +9,13 @@ info:
- https://www.netspi.com/blog/technical/network-penetration-testing/analyzing-dns-txt-records-to-fingerprint-service-providers/
classification:
cwe-id: CWE-200
tags: dns,txt
metadata:
max-request: 1
tags: dns,txt
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: regex
part: answer
@ -27,4 +26,4 @@ dns:
- type: regex
group: 1
regex:
- "IN\tTXT\t(.+)"
- "IN\tTXT\t(.+)"

5
dns/worksites-detection.yaml
View File

@ -9,15 +9,14 @@ info:
- https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
classification:
cwe-id: CWE-200
tags: dns,service
metadata:
max-request: 1
tags: dns,service
dns:
- name: "{{FQDN}}"
type: A
matchers:
- type: word
words:
- "69.164.223.206"
- "69.164.223.206"

5
file/android/adb-backup-enabled.yaml
View File

@ -5,17 +5,16 @@ info:
author: gaurang
severity: low
description: ADB Backup is enabled, which allows the backup and restore of an app's private data.
remediation: Ensure proper access or disable completely.
reference:
- https://adb-backup.com/
classification:
cwe-id: CWE-200
remediation: Ensure proper access or disable completely.
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:
- "android:allowBackup=\"true\""
- "android:allowBackup=\"true\""

4
file/android/biometric-detect.yaml
View File

@ -7,14 +7,12 @@ info:
description: Android Biometric/Fingerprint permission files were detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

2
file/android/certificate-validation.yaml
View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

4
file/android/content-scheme.yaml
View File

@ -7,14 +7,12 @@ info:
description: Android content scheme enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
matchers:
- type: word
words:

2
file/android/debug-enabled.yaml
View File

@ -6,11 +6,9 @@ info:
severity: low
description: Android debug enabling was detected.
tags: android,file
file:
- extensions:
- all
matchers:
- type: regex
regex:

3
file/android/deep-link-detect.yaml
View File

@ -11,12 +11,11 @@ info:
- https://medium.com/@muratcanbur/intro-to-deep-linking-on-android-1b9fe9e38abd
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: android,file,deeplink
file:
- extensions:
- xml

4
file/android/dynamic-broadcast-receiver.yaml
View File

@ -7,14 +7,12 @@ info:
description: Android dynamic broadcast receiver register functionality was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

4
file/android/file-scheme.yaml
View File

@ -7,14 +7,12 @@ info:
description: Android file scheme enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
matchers:
- type: word
words:

3
file/android/google-storage-bucket.yaml
View File

@ -5,10 +5,9 @@ info:
author: Thabisocn
severity: info
metadata:
github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
verified: "true"
github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
tags: file,android,google
file:
- extensions:
- all

2
file/android/provider-path.yaml
View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: regex
regex:

2
file/android/webview-addjavascript-interface.yaml
View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

4
file/android/webview-javascript.yaml
View File

@ -7,14 +7,12 @@ info:
description: WebView Javascript enabling was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file,javascript
file:
- extensions:
- all
matchers:
- type: word
words:

4
file/android/webview-load-url.yaml
View File

@ -7,14 +7,12 @@ info:
description: WebView loadUrl usage was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

2
file/android/webview-universal-access.yaml
View File

@ -10,11 +10,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
matchers:
- type: word
words:

5
file/audit/cisco/configure-aaa-service.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco authentication, authorization and accounting service configuration was detected.
Cisco authentication, authorization and accounting service configuration was detected.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

5
file/audit/cisco/configure-service-timestamps-debug.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

5
file/audit/cisco/configure-service-timestamps-logmessages.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco service timestamp configuration for log messages was not implemented.
Cisco service timestamp configuration for log messages was not implemented.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

5
file/audit/cisco/disable-ip-source-route.yaml
View File

@ -5,16 +5,15 @@ info:
author: pussycat0x
severity: info
description: |
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Disable IP source-route where appropriate.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

5
file/audit/cisco/disable-pad-service.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access.
reference:
- http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

3
file/audit/cisco/enable-secret-for-password-user-and-.yaml
View File

@ -5,11 +5,10 @@ info:
author: pussycat0x
severity: info
description: |
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf

5
file/audit/cisco/logging-enable.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco logging 'logging enable' enable command enforces the monitoring of technology risks for organizations' network devices.
Cisco logging 'logging enable' enable command enforces the monitoring of technology risks for organizations' network devices.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf

5
file/audit/cisco/set-and-secure-passwords.yaml
View File

@ -5,15 +5,14 @@ info:
author: pussycat0x
severity: info
description: |
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
reference:
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-e1.html#wp3884449514
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf

3
file/audit/fortigate/auto-usb-install.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/fortigate/heuristic-scan.yaml
View File

@ -9,10 +9,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/fortigate/inactivity-timeout.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/fortigate/maintainer-account.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/fortigate/password-policy.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: fortigate,config,audit,file,firewall
file:
- extensions:
- conf

3
file/audit/fortigate/remote-auth-timeout.yaml
View File

@ -9,10 +9,9 @@ info:
- https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/fortigate/scp-admin.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

1
file/audit/fortigate/strong-ciphers.yaml
View File

@ -7,7 +7,6 @@ info:
description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf

3
file/audit/pfsense/configure-dns-server.yaml
View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

3
file/audit/pfsense/configure-session-timeout.yaml
View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

3
file/audit/pfsense/enable-https-protocol.yaml
View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

3
file/audit/pfsense/known-default-account.yaml
View File

@ -10,10 +10,9 @@ info:
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,pfsense
file:
- extensions:
- xml

3
file/audit/pfsense/password-protected-consolemenu.yaml
View File

@ -10,12 +10,11 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

3
file/audit/pfsense/set-hostname.yaml
View File

@ -10,10 +10,9 @@ info:
https://docs.netgate.com/pfsense/en/latest/config/general.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml

1
file/bash/bash-scanner.yaml
View File

@ -9,7 +9,6 @@ info:
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
tags: bash,file,shell,sh
file:
- extensions:
- sh

3
file/electron/electron-version-detect.yaml
View File

@ -8,10 +8,9 @@ info:
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: electron,file
file:
- extensions:
- json

5
file/electron/node-integration-enabled.yaml
View File

@ -10,13 +10,10 @@ info:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
tags: electron,file,nodejs
file:
- extensions:
- all
matchers:
- type: word
words:
- "nodeIntegration: true"
- "nodeIntegration: true"

1
file/js/js-analyse.yaml
View File

@ -9,7 +9,6 @@ info:
metadata:
verified: true
tags: file,js-analyse,js,javascript
file:
- extensions:
- js

3
file/keys/adafruit-key.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: adafruit,file,keys
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/adobe/adobe-client.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: adobe,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/adobe/adobe-secret.yaml
View File

@ -12,7 +12,6 @@ info:
metadata:
verified: true
tags: adobe,oauth,file,token
file:
- extensions:
- all
@ -21,4 +20,4 @@ file:
- type: regex
part: body
regex:
- '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)'
- '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)'

3
file/keys/age/age-identity-secret-key.yaml
View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all
@ -20,4 +19,4 @@ file:
- type: regex
part: body
regex:
- '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b'
- '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b'

3
file/keys/age/age-recipient-public-key.yaml
View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all
@ -20,4 +19,4 @@ file:
- type: regex
part: body
regex:
- '\bage1[0-9a-z]{58}\b'
- '\bage1[0-9a-z]{58}\b'

3
file/keys/airtable-key.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: airtable,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/algolia-key.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: algolia,file,keys
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/alibaba/alibaba-key-id.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: alibaba,access,file,keys
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/alibaba/alibaba-secret-id.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: alibaba,secret,file,keys
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/amazon/amazon-account-id.yaml
View File

@ -9,12 +9,11 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: aws,amazon,token,file
file:
- extensions:
- all

1
file/keys/amazon/amazon-mws-auth-token.yaml
View File

@ -10,7 +10,6 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: token,file,amazon,auth
file:
- extensions:
- all

3
file/keys/amazon/amazon-session-token.yaml
View File

@ -9,12 +9,11 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: aws,amazon,token,file,session
file:
- extensions:
- all

3
file/keys/amazon/amazon-sns-token.yaml
View File

@ -7,10 +7,9 @@ info:
description: Amazon SNS token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: file,token,amazon,aws
file:
- extensions:
- all

3
file/keys/amazon/aws-access-id.yaml
View File

@ -7,10 +7,9 @@ info:
description: Amazon Web Services Access Key ID token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

3
file/keys/amazon/aws-cognito.yaml
View File

@ -7,10 +7,9 @@ info:
description: Amazon Web Services Cognito Pool ID token was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

3
file/keys/asana/asana-clientid.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: asana,client,file,keys
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/asana/asana-clientsecret.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: asana,client,file,keys,secret
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/atlassian/atlassian-api-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: atlassian,file,token,api
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)

1
file/keys/azure/azure-connection-string.yaml
View File

@ -11,7 +11,6 @@ info:
metadata:
verified: true
tags: azure,file,token
file:
- extensions:
- all

3
file/keys/beamer-api-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: beamer,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/bitbucket/bitbucket-client-id.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/bitbucket/bitbucket-client-secret.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/bittrex/bittrex-access-key.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/bittrex/bittrex-secret-key.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/branch-key.yaml
View File

@ -9,10 +9,9 @@ info:
- https://github.com/BranchMetrics/android-branch-deep-linking-attribution/issues/74
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
tags: token,file
file:
- extensions:
- all

3
file/keys/clojars-api-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: clojars,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(CLOJARS_)[a-z0-9]{60}
- (?i)(CLOJARS_)[a-z0-9]{60}

1
file/keys/cloudinary.yaml
View File

@ -10,7 +10,6 @@ info:
cvss-score: 7.5
cwe-id: CWE-200
tags: token,file,cloudinary
file:
- extensions:
- all

3
file/keys/code-climate-token.yaml
View File

@ -10,12 +10,11 @@ info:
- https://github.com/codeclimate/ruby-test-reporter/issues/34
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: codeclimate,token,file
file:
- extensions:
- all

3
file/keys/codecov-access-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: codecov,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/coinbase-access-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: coinbase,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/confluent/confluent-access-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/confluent/confluent-secret-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/contentful-api-token.yaml
View File

@ -10,7 +10,6 @@ info:
metadata:
verified: true
tags: contentful,file,token
file:
- extensions:
- all
@ -19,4 +18,4 @@ file:
- type: regex
part: body
regex:
- (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)
- (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)

3
file/keys/cratesio-api-key.yaml
View File

@ -11,12 +11,11 @@ info:
- https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-score: 0
cwe-id: CWE-200
metadata:
verified: true
tags: crates,token,file
file:
- extensions:
- all

4125
file/keys/credential-exposure-file.yaml
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More