Update django-secret-key.yaml

patch-1
Prince Chaddha 2022-06-06 17:22:25 +05:30 committed by GitHub
parent ceaa145f58
commit 24678f6217
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 6 deletions

View File

@ -1,14 +1,14 @@
id: django-secret-key
info:
name: Django Secret Key
name: Django Secret Key Exposure
author: geeknik,DhiyaneshDk
severity: high
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
tags: django,exposure
metadata:
verified: true
shodan-query: html:settings.py
tags: django,exposure
requests:
- method: GET
@ -19,17 +19,28 @@ requests:
- "{{BaseURL}}/settings/settings.py"
- "{{BaseURL}}/web/settings/settings.py"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "SECRET_KEY ="
- type: word
part: header
words:
- "text/html"
negative: true
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"DJANGO_SECRET_KEY", "(.*)"'