daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

parts update to use response instead of all

patch-1
sandeep 2022-04-20 20:08:07 +05:30
parent f6d22de7ee
commit 338d4622bf
9 changed files with 94 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2018/CVE-2018-1207.yaml
View File

@ -28,4 +28,4 @@ requests:
- type: word
words:
- "calling init: /lib/"
part: all
part: response

2
cves/2019/CVE-2019-16097.yaml
View File

@ -30,7 +30,7 @@ requests:
words:
- "username has already been used"
- "Location: /api/users/"
part: all
part: response
condition: or
- type: status

2
exposed-panels/jamf-panel.yaml
View File

@ -18,7 +18,7 @@ requests:
matchers-condition: and
matchers:
- type: word
part: all
part: response
words:
- "Jamf Pro Login"
- "Jamf Cloud Node"

2
exposures/configs/exposed-gitignore.yaml
View File

@ -35,6 +35,6 @@ requests:
- "<script"
- "<meta"
- "image/"
part: all
part: response
negative: true
condition: or

2
misconfiguration/shell-history.yaml
View File

@ -47,5 +47,5 @@ requests:
- "application/xml"
- "html>"
- "text/html"
part: all
part: response
negative: true

2
network/unauth-ftp.yaml
View File

@ -19,4 +19,4 @@ network:
- type: word
words:
- "Anonymous access allowed,"
part: all
part: response

2
technologies/microsoft/microsoft-exchange-server-detect.yaml
View File

@ -19,7 +19,7 @@ requests:
- type: regex
regex:
- "(X-Owa-Version:|/owa/auth/15.2.*|/owa/auth/15.1.*|/owa/auth/15.0.*|/owa/auth/14.0.*)"
part: all
part: response
- type: word
words:

2
technologies/tech-detect.yaml
View File

@ -3090,7 +3090,7 @@ requests:
- "<title>Mida eFramework</title>"
- "Server: Mida eFramework"
condition: or
part: all
part: response
- type: word
name: SEEEMS-CMS

172
technologies/waf-detect.yaml
View File

@ -37,7 +37,7 @@ requests:
- '(?i)perimeterx'
- '(?i)(..)?client.perimeterx.*/[a-zA-Z]{8,15}/*.*.js'
condition: or
part: all
part: response
- type: regex
name: webknight
@ -45,7 +45,7 @@ requests:
- '(?i)\bwebknight'
- '(?i)webknight'
condition: or
part: all
part: response
- type: regex
name: zscaler
@ -53,7 +53,7 @@ requests:
- '(?i)zscaler(.\d+(.\d+)?)?'
- '(?i)zscaler'
condition: or
part: all
part: response
- type: regex
name: fortigate
@ -69,21 +69,21 @@ requests:
- '(?i)fortigate.hostname'
- '(?i)the.page.cannot.be.displayed..please.contact.[^@]+@[^@]+\.[^@]+.for.additional.information'
condition: or
part: all
part: response
- type: regex
name: teros
regex:
- '(?i)st8(id|.wa|.wf)?.?(\d+|\w+)?'
condition: or
part: all
part: response
- type: regex
name: stricthttp
regex:
- '(?i)the.request.was.rejected.because.the.url.contained.a.potentially.malicious.string'
condition: or
part: all
part: response
- type: regex
name: stricthttp
@ -91,7 +91,7 @@ requests:
- '(?i)rejected.by.url.scan'
- '(?i)/rejected.by.url.scan'
condition: or
part: all
part: response
- type: regex
name: shadowd
@ -99,7 +99,7 @@ requests:
- '(?i)<h\d>\d{3}.forbidden<.h\d>'
- '(?i)request.forbidden.by.administrative.rules.'
condition: or
part: all
part: response
- type: regex
name: bigip
@ -110,14 +110,14 @@ requests:
- '(?i)BigIP|BIG-IP|BIGIP'
- '(?i)bigipserver'
condition: or
part: all
part: response
- type: regex
name: edgecast
regex:
- '(?i)\Aecdf'
condition: or
part: all
part: response
- type: regex
name: radware
@ -126,7 +126,7 @@ requests:
- '(?i).>unauthorized.activity.has.been.detected<.'
- '(?i)with.the.following.case.number.in.its.subject:.\d+.'
condition: or
part: all
part: response
- type: regex
name: varnish
@ -136,7 +136,7 @@ requests:
- '(?i)cachewall'
- '(?i).>access.is.blocked.according.to.our.site.security.policy.<+'
condition: or
part: all
part: response
- type: regex
name: infosafe
@ -146,7 +146,7 @@ requests:
- '(?i)infosafe.\d.\d'
- '(?i)var.infosafekey='
condition: or
part: all
part: response
- type: regex
name: aliyundun
@ -154,7 +154,7 @@ requests:
- '(?i)error(s)?.aliyun(dun)?.(com|net)'
- '(?i)http(s)?://(www.)?aliyun.(com|net)'
condition: or
part: all
part: response
- type: regex
name: ats
@ -162,7 +162,7 @@ requests:
- '(?i)(\()?apachetrafficserver((\/)?\d+(.\d+(.\d+)?)?)'
- '(?i)ats((\/)?(\d+(.\d+(.\d+)?)?))?'
condition: or
part: all
part: response
- type: regex
name: malcare
@ -171,19 +171,19 @@ requests:
- '(?i).>login.protection<.+.><.+>powered.by<.+.>(<.+.>)?(.?malcare.-.pro|blogvault)?'
- '(?i).>firewall<.+.><.+>powered.by<.+.>(<.+.>)?(.?malcare.-.pro|blogvault)?'
condition: or
part: all
part: response
- type: regex
name: wts
regex:
- '(?i)(<title>)?wts.wa(f)?(\w+(\w+(\w+)?)?)?'
part: all
part: response
- type: regex
name: dw
regex:
- '(?i)dw.inj.check'
part: all
part: response
- type: regex
name: denyall
@ -191,7 +191,7 @@ requests:
- '(?i)\Acondition.intercepted'
- '(?i)\Asessioncookie='
condition: or
part: all
part: response
- type: regex
name: yunsuo
@ -199,13 +199,13 @@ requests:
- '(?i)<img.class=.yunsuologo.'
- '(?i)yunsuo.session'
condition: or
part: all
part: response
- type: regex
name: litespeed
regex:
- '(?i)litespeed.web.server'
part: all
part: response
- type: regex
name: cloudfront
@ -214,7 +214,7 @@ requests:
- '(?i)cloudfront'
- '(?i)x.amz.cf.id|nguardx'
condition: or
part: all
part: response
- type: regex
name: anyu
@ -223,7 +223,7 @@ requests:
- '(?i)anyu'
- '(?i)anyu-?.the.green.channel'
condition: or
part: all
part: response
- type: regex
name: googlewebservices
@ -232,7 +232,7 @@ requests:
- '(?i)our.systems.have.detected.unusual.traffic'
- '(?i)block(ed)?.by.g.cloud.security.policy.+'
condition: or
part: all
part: response
- type: regex
name: didiyun
@ -240,31 +240,31 @@ requests:
- '(?i)(http(s)?://)(sec-waf.|www.)?didi(static|yun)?.com(/static/cloudwafstatic)?'
- '(?i)didiyun'
condition: or
part: all
part: response
- type: regex
name: blockdos
regex:
- '(?i)blockdos\.net'
part: all
part: response
- type: regex
name: codeigniter
regex:
- '(?i)the.uri.you.submitted.has.disallowed.characters'
part: all
part: response
- type: regex
name: stingray
regex:
- '(?i)\AX-Mapping-'
part: all
part: response
- type: regex
name: west263
regex:
- '(?i)wt\d*cdn'
part: all
part: response
- type: regex
name: aws
@ -274,7 +274,7 @@ requests:
- '(?i)x.amz.id.\d+'
- '(?i)x.amz.request.id'
condition: or
part: all
part: response
- type: regex
name: yundun
@ -284,7 +284,7 @@ requests:
- '(?i)http(s)?.//(www\.)?(\w+.)?yundun(.com)?'
- '(?i)<title>.403.forbidden:.access.is.denied.{0,2}<.{0,2}title>'
condition: or
part: all
part: response
- type: regex
name: barracuda
@ -293,13 +293,13 @@ requests:
- '(?i)(\A|\b)?barracuda.'
- '(?i)barracuda.networks.{1,2}inc'
condition: or
part: all
part: response
- type: regex
name: dodenterpriseprotection
regex:
- '(?i)dod.enterprise.level.protection.system'
part: all
part: response
- type: regex
name: secupress
@ -307,13 +307,13 @@ requests:
- '(?i)<h\d*>secupress<.'
- '(?i)block.id.{1,2}bad.url.contents.<.'
condition: or
part: all
part: response
- type: regex
name: aesecure
regex:
- '(?i)aesecure.denied.png'
part: all
part: response
- type: regex
name: incapsula
@ -322,7 +322,7 @@ requests:
- '(?i)incapsula'
- '(?i)incapsula.incident.id'
condition: or
part: all
part: response
- type: regex
name: nexusguard
@ -330,7 +330,7 @@ requests:
- '(?i)nexus.?guard'
- '(?i)((http(s)?://)?speresources.)?nexusguard.com.wafpage'
condition: or
part: all
part: response
- type: regex
name: cloudflare
@ -344,7 +344,7 @@ requests:
- '(?i)ray.id'
- '(?i)__cfduid'
condition: or
part: all
part: response
- type: regex
name: akamai
@ -353,7 +353,7 @@ requests:
- '(?i)akamaighost'
- '(?i)ak.bmsc.'
condition: or
part: all
part: response
- type: regex
name: webseal
@ -361,13 +361,13 @@ requests:
- '(?i)webseal.error.message.template'
- '(?i)webseal.server.received.an.invalid.http.request'
condition: or
part: all
part: response
- type: regex
name: dotdefender
regex:
- '(?i)dotdefender.blocked.your.request'
part: all
part: response
- type: regex
name: pk
@ -376,7 +376,7 @@ requests:
- '(?i).http(s)?.//([w]{3})?.kitnetwork.\w'
- '(?i).>A.safety.critical.request.was.discovered.and.blocked.<.'
condition: or
part: all
part: response
- type: regex
name: expressionengine
@ -385,19 +385,19 @@ requests:
- '(?i).>:.the.uri.you.submitted.has.disallowed.characters.<.'
- '(?i)invalid.(get|post).data'
condition: or
part: all
part: response
- type: regex
name: comodo
regex:
- '(?i)protected.by.comodo.waf'
part: all
part: response
- type: regex
name: ciscoacexml
regex:
- '(?i)ace.xml.gateway'
part: all
part: response
- type: regex
name: barikode
@ -405,7 +405,7 @@ requests:
- '(?i).>barikode<.'
- '(?i)<h\d{1}>forbidden.access<.h\d{1}>'
condition: or
part: all
part: response
- type: regex
name: watchguard
@ -413,7 +413,7 @@ requests:
- '(?i)(request.denied.by.)?watchguard.firewall'
- '(?i)watchguard(.technologies(.inc)?)?'
condition: or
part: all
part: response
- type: regex
name: binarysec
@ -422,7 +422,7 @@ requests:
- '(?i)x.binarysec.nocache'
- '(?i)binarysec'
condition: or
part: all
part: response
- type: regex
name: bekchy
@ -430,7 +430,7 @@ requests:
- '(?i)bekchy.(-.)?access.denied'
- '(?i)(http(s)?://)(www.)?bekchy.com(/report)?'
condition: or
part: all
part: response
- type: regex
name: bitninja
@ -439,7 +439,7 @@ requests:
- '(?i)security.check.by.bitninja'
- '(?i).>visitor.anti(\S)?robot.validation<.'
condition: or
part: all
part: response
- type: regex
name: apachegeneric
@ -450,7 +450,7 @@ requests:
- '(?i)<address>apache/([\d+{1,2}](.[\d+]{1,2}(.[\d+]{1,3})?)?)?'
- '(?i)<title>403 Forbidden</title>'
condition: or
part: all
part: response
- type: regex
name: greywizard
@ -460,13 +460,13 @@ requests:
- '(?i)(http(s)?.//)?(\w+.)?greywizard.com'
- '(?i)grey.wizard'
condition: or
part: all
part: response
- type: regex
name: configserver
regex:
- '(?i).>the.firewall.on.this.server.is.blocking.your.connection.<+'
part: all
part: response
- type: regex
name: viettel
@ -475,7 +475,7 @@ requests:
- '(?i)viettel.waf.system'
- '(?i)(http(s).//)?cloudrity.com(.vn)?'
condition: or
part: all
part: response
- type: regex
name: safedog
@ -483,13 +483,13 @@ requests:
- '(?i)(http(s)?)?(://)?(www|404|bbs|\w+)?.safedog.\w'
- '(?i)waf(.?\d+.?\d+)'
condition: or
part: all
part: response
- type: regex
name: baidu
regex:
- '(?i)yunjiasu.nginx'
part: all
part: response
- type: regex
name: alertlogic
@ -501,13 +501,13 @@ requests:
- '(?i)reference.id.?'
- '(?i)page.has.either.been.removed.{1,2}renamed'
condition: or
part: all
part: response
- type: regex
name: armor
regex:
- '(?i)blocked.by.website.protection.from.armour'
part: all
part: response
- type: regex
name: dosarrest
@ -515,7 +515,7 @@ requests:
- '(?i)dosarrest'
- '(?i)x.dis.request.id'
condition: or
part: all
part: response
- type: regex
name: paloalto
@ -523,7 +523,7 @@ requests:
- 'has.been.blocked.in.accordance.with.company.policy'
- '.>Virus.Spyware.Download.Blocked<.'
condition: or
part: all
part: response
- type: regex
name: aspgeneric
@ -541,7 +541,7 @@ requests:
- "(?i)<.+>server.error.in.'/'.application.+"
- '(?i)\basp.net\b'
condition: or
part: all
part: response
- type: regex
name: powerful
@ -549,7 +549,7 @@ requests:
- '(?i)Powerful Firewall'
- '(?i)http(s)?...tiny.cc.powerful.firewall'
condition: or
part: all
part: response
- type: regex
name: uewaf
@ -557,7 +557,7 @@ requests:
- '(?i)http(s)?.//ucloud'
- '(?i)uewaf(.deny.pages)'
condition: or
part: all
part: response
- type: regex
name: janusec
@ -565,7 +565,7 @@ requests:
- '(?i)janusec'
- '(?i)(http(s)?\W+(www.)?)?janusec.(com|net|org)'
condition: or
part: all
part: response
- type: regex
name: siteguard
@ -573,7 +573,7 @@ requests:
- '(?i)>Powered.by.SiteGuard.Lite<'
- '(?i)refuse.to.browse'
condition: or
part: all
part: response
- type: regex
name: sonicwall
@ -585,7 +585,7 @@ requests:
- '(?i)SonicWALL'
- '(?i).>policy.this.site.is.blocked<.'
condition: or
part: all
part: response
- type: regex
name: jiasule
@ -595,7 +595,7 @@ requests:
- '(?i)notice.jiasule'
- '(?i)(static|www|dynamic).jiasule.(com|net)'
condition: or
part: all
part: response
- type: regex
name: nginxgeneric
@ -603,7 +603,7 @@ requests:
- '(?i)nginx'
- '(?i)you.do(not|n.t)?.have.permission.to.access.this.document'
condition: or
part: all
part: response
- type: regex
name: stackpath
@ -611,13 +611,13 @@ requests:
- '(?i)action.that.triggered.the.service.and.blocked'
- '(?i)<h2>sorry,.you.have.been.blocked.?<.h2>'
condition: or
part: all
part: response
- type: regex
name: sabre
regex:
- '(?i)dxsupport@sabre.com'
part: all
part: response
- type: regex
name: wordfence
@ -626,7 +626,7 @@ requests:
- '(?i)your.access.to.this.site.has.been.limited'
- '(?i).>wordfence<.'
condition: or
part: all
part: response
- type: regex
name: '360'
@ -637,14 +637,14 @@ requests:
- '(?i)360wzws'
- '(?i)transfer.is.blocked'
condition: or
part: all
part: response
- type: regex
name: asm
regex:
- '(?i)the.requested.url.was.rejected..please.consult.with.your.administrator.'
condition: or
part: all
part: response
- type: regex
name: rsfirewall
@ -654,7 +654,7 @@ requests:
- '(?i)(\b)?rsfirewall(\b)?'
- '(?i)rsfirewall'
condition: or
part: all
part: response
- type: regex
name: sucuri
@ -664,25 +664,25 @@ requests:
- '(?i)questions\?.+cloudproxy@sucuri\.net'
- '(?i)http(s)?.\/\/(cdn|supportx.)?sucuri(.net|com)?'
condition: or
part: all
part: response
- type: regex
name: airlock
regex:
- '(?i)\Aal[.-]?(sess|lb)=?'
part: all
part: response
- type: regex
name: xuanwudun
regex:
- '(?i)class=.(db)?waf.?(-row.)?>'
part: all
part: response
- type: regex
name: chuangyudun
regex:
- '(?i)(http(s)?.//(www.)?)?365cyd.(com|net)'
part: all
part: response
- type: regex
name: securesphere
@ -695,13 +695,13 @@ requests:
- '(?i)page.cannot.be.displayed'
- '(?i)contact.support.for.additional.information'
condition: or
part: all
part: response
- type: regex
name: anquanbao
regex:
- '(?i).aqb_cc.error.'
part: all
part: response
- type: regex
name: modsecurity
@ -713,7 +713,7 @@ requests:
- '(?i)page.you.are.(accessing|trying)?.(to|is)?.(access)?.(is|to)?.(restricted)?'
- '(?i)blocked.by.mod.security'
condition: or
part: all
part: response
- type: regex
name: modsecurityowasp
@ -721,7 +721,7 @@ requests:
- '(?i)not.acceptable'
- '(?i)additionally\S.a.406.not.acceptable'
condition: or
part: all
part: response
- type: regex
name: squid
@ -730,7 +730,7 @@ requests:
- '(?i)Access control configuration prevents'
- '(?i)X.Squid.Error'
condition: or
part: all
part: response
- type: regex
name: shieldsecurity
@ -739,16 +739,16 @@ requests:
- '(?i)transgression(\(s\))?.against.this'
- '(?i)url.{1,2}form.or.cookie.data.wasn.t.appropriate'
condition: or
part: all
part: response
- type: regex
name: wallarm
regex:
- '(?i)nginix.wallarm'
part: all
part: response
- type: regex
part: all
part: response
name: huaweicloud
condition: and
regex: