diff --git a/files/telerik-dialoghandler-detect.yaml b/files/telerik-dialoghandler-detect.yaml
new file mode 100644
index 0000000000..c53bc70a0a
--- /dev/null
+++ b/files/telerik-dialoghandler-detect.yaml
@@ -0,0 +1,20 @@
+id: telerik-dialoghandler-detect
+info:
+ name: Detect Telerik Web UI Dialog Handler
+ author: organiccrap
+ severity: low
+ #https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers-codition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+ - type: word
+ words:
+ - Loading the dialog...
diff --git a/panels/atlassian-crowd-panel.yaml b/panels/atlassian-crowd-panel.yaml
new file mode 100644
index 0000000000..d01a865ee9
--- /dev/null
+++ b/panels/atlassian-crowd-panel.yaml
@@ -0,0 +1,16 @@
+id: atlassian-crowd-panel
+info:
+ name: Atlassian Crowd panel detect
+ author: organiccrap
+ severity: low
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/crowd/console/login.action'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ -
Atlassian Crowd - Login
+ part: body
diff --git a/panels/citrix-adc-gateway-detect.yaml b/panels/citrix-adc-gateway-detect.yaml
new file mode 100644
index 0000000000..8dd181000b
--- /dev/null
+++ b/panels/citrix-adc-gateway-detect.yaml
@@ -0,0 +1,16 @@
+id: citrix-adc-gateway-panel
+info:
+ name: Citrix ADC Gateway detect
+ author: organiccrap
+ severity: low
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/logon/LogonPoint/index.html'
+ - '{{BaseURL}}/logon/LogonPoint/custom.html'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - _ctxstxt_CitrixCopyright
diff --git a/technologies/clockwork-php-header.yaml b/technologies/clockwork-php-header.yaml
new file mode 100644
index 0000000000..7ecf050601
--- /dev/null
+++ b/technologies/clockwork-php-header.yaml
@@ -0,0 +1,19 @@
+id: clockwork-php-header
+info:
+ name: Clockwork PHP exposure
+ author: organiccrap
+ severity: high
+ #https://twitter.com/damian_89_/status/1250721398747791360
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - 'X-Clockwork-Id:'
+ - 'X-Clockwork-Version:'
+ part: header
+ condition: and
diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml
new file mode 100644
index 0000000000..32716f3975
--- /dev/null
+++ b/technologies/clockwork-php-page.yaml
@@ -0,0 +1,23 @@
+id: clockwork-php-page
+info:
+ name: Clockwork PHP page exposure
+ author: organiccrap
+ severity: high
+ #https://twitter.com/damian_89_/status/1250721398747791360
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/__clockwork/app'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+ - type: word
+ words:
+ - Clockwork
+ -
+ part: body
+ condition: or
diff --git a/technologies/couchdb-detect.yaml b/technologies/couchdb-detect.yaml
new file mode 100644
index 0000000000..c4bc5f3293
--- /dev/null
+++ b/technologies/couchdb-detect.yaml
@@ -0,0 +1,19 @@
+id: couchdb-detect
+info:
+ name: couchdb detection
+ author: organiccrap
+ severity: low
+ # commonly runs on port 5984/http
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/_all_dbs'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - CouchDB/
+ - Erlang OTP/
+ part: header
+ condition: and
diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml
new file mode 100644
index 0000000000..a5db8b4cc1
--- /dev/null
+++ b/technologies/liferay-portal-detect.yaml
@@ -0,0 +1,20 @@
+id: liferay-portal-detect
+info:
+ name: Liferay Portal Detection
+ author: organiccrap
+ severity: low
+ #CVE-2020-7961: Liferay Portal Unauthenticated RCE
+ #https://github.com/mzer0one/CVE-2020-7961-POC
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/api/jsonws'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - json-web-services-api
+ - There are no services matching that phrase.
+ condition: or
+ part: body
diff --git a/technologies/prometheus-exposed-panel.yaml b/technologies/prometheus-exposed-panel.yaml
new file mode 100644
index 0000000000..f00a4917a6
--- /dev/null
+++ b/technologies/prometheus-exposed-panel.yaml
@@ -0,0 +1,16 @@
+id: prometheus-exposed-panel
+info:
+ name: Prometheus.io exposed panel
+ author: organiccrap
+ severity: low
+ #usually runs on port http/9090
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/graph'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - Prometheus Time Series Collection and Processing Server
diff --git a/vulnerabilities/couchdb-adminparty.yaml b/vulnerabilities/couchdb-adminparty.yaml
new file mode 100644
index 0000000000..12e0cf35e9
--- /dev/null
+++ b/vulnerabilities/couchdb-adminparty.yaml
@@ -0,0 +1,26 @@
+id: couchdb-adminparty
+info:
+ name: couchdb admin party
+ author: organiccrap
+ severity: high
+ # commonly runs on port 5984/http
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/_users/_all_docs'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - CouchDB/
+ - Erlang OTP/
+ part: header
+ condition: and
+ - type: word
+ words:
+ - total_rows
+ - offset
+ part: body
+ condition: and
diff --git a/vulnerabilities/git-config-nginxoffbyslash.yaml b/vulnerabilities/git-config-nginxoffbyslash.yaml
new file mode 100644
index 0000000000..f2db3cccaf
--- /dev/null
+++ b/vulnerabilities/git-config-nginxoffbyslash.yaml
@@ -0,0 +1,25 @@
+id: git-config-nginxoffbyslash
+info:
+ name: Git config nginx off by slash
+ author: organiccrap
+ severity: medium
+ #https://twitter.com/Random_Robbie/status/1262676628167110656
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/static../.git/config'
+ - '{{BaseURL}}/js../.git/config'
+ - '{{BaseURL}}/images../.git/config'
+ - '{{BaseURL}}/img../.git/config'
+ - '{{BaseURL}}/css../.git/config'
+ - '{{BaseURL}}/assets../.git/config'
+ - '{{BaseURL}}/content../.git/config'
+ - '{{BaseURL}}/events../.git/config'
+ - '{{BaseURL}}/media../.git/config'
+ - '{{BaseURL}}/lib../.git/config'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - '[core]'
diff --git a/vulnerabilities/microstrategy-ssrf.yaml b/vulnerabilities/microstrategy-ssrf.yaml
new file mode 100644
index 0000000000..736eb1f1af
--- /dev/null
+++ b/vulnerabilities/microstrategy-ssrf.yaml
@@ -0,0 +1,23 @@
+id: microstrategy-ssrf
+info:
+ name: MicroStrategy tinyurl SSRF
+ author: organiccrap
+ severity: high
+ # https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
+ # blind ssrf
+ # /servlet/taskProc?taskId=wikiScrapper&taskEnv=xml&taskContentType=xml&searchString=https://SSRF&shouldSuggest=false&publicDataSuggestionURL=&publicDataSearchURL=&publicDataPageURL=
+ # /servlet/taskProc?taskId=validateUsherConfigTask&taskEnv=xml&taskContentType=xml&serverURL=https://SSRF
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'
+ - '{{BaseURL}}/MicroStrategy/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - taskResponse
+ - The source URL is not valid
+ condition: and
+ part: body
diff --git a/vulnerabilities/symfony-debugmode.yaml b/vulnerabilities/symfony-debugmode.yaml
new file mode 100644
index 0000000000..2c53745d44
--- /dev/null
+++ b/vulnerabilities/symfony-debugmode.yaml
@@ -0,0 +1,23 @@
+id: symfony-debugmode
+info:
+ name: Symfony Debug Mode
+ author: organiccrap
+ severity: high
+ #https://github.com/synacktiv/eos
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+ - type: word
+ words:
+ - 'X-Debug-Token-Link:'
+ - /_profiler/
+ part: header
+ condition: and
diff --git a/vulnerabilities/tomcat-manager-pathnormalization.yaml b/vulnerabilities/tomcat-manager-pathnormalization.yaml
new file mode 100644
index 0000000000..cc874c2300
--- /dev/null
+++ b/vulnerabilities/tomcat-manager-pathnormalization.yaml
@@ -0,0 +1,18 @@
+id: tomcat-manager-pathnormalization
+info:
+ name: Tomcat Manager Path Normalization
+ author: organiccrap
+ severity: info
+ #https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/..;/manager/html'
+ headers:
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+ matchers:
+ - type: word
+ words:
+ - username="tomcat" password="s3cret"
+ - manager-gui
+ condition: and