diff --git a/default-logins/UCMDB/ucmdb-default-login.yaml b/default-logins/UCMDB/ucmdb-default-login.yaml index 77cd96a74f..d7dc80bd03 100644 --- a/default-logins/UCMDB/ucmdb-default-login.yaml +++ b/default-logins/UCMDB/ucmdb-default-login.yaml @@ -7,16 +7,27 @@ info: tags: ucmdb,default-login requests: - - method: POST - path: - - "{{BaseURL}}/ucmdb-ui/cms/loginRequest.do;" - body: "customerID=1&isEncoded=false&userName=diagnostics&password=YWRtaW4=&ldapServerName=UCMDB" + - raw: + - | + POST /ucmdb-ui/cms/loginRequest.do; HTTP/1.1 + Host: {{Hostname}} + + customerID=1&isEncoded=false&userName={{username}}&password={{base64(password)}}&ldapServerName=UCMDB + + attack: pitchfork + payloads: + username: + - diagnostics + password: + - admin + matchers-condition: and matchers: - type: status status: - 200 + - type: word + part: header words: - "LWSSO_COOKIE_KEY" - part: header diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index eca65b4527..af761abc88 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -17,23 +17,18 @@ requests: Accept: application/json, text/plain, */* Content-Type: application/json - {"userName":"admin","password":"cs141-snmp"} + {"userName":"{{user}}","password":"{{pass}}"} - - | - POST /api/login HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/plain, */* - Content-Type: application/json - - {"userName":"engineer","password":"engineer"} - - - | - POST /api/login HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/plain, */* - Content-Type: application/json - - {"userName":"guest","password":"guest"} + attack: pitchfork + payloads: + user: + - admin + - engineer + - guest + pass: + - cs141-snmp + - engineer + - guest stop-at-first-match: true matchers-condition: and diff --git a/default-logins/activemq/activemq-default-login.yaml b/default-logins/activemq/activemq-default-login.yaml index d867be0088..a4dea884a5 100644 --- a/default-logins/activemq/activemq-default-login.yaml +++ b/default-logins/activemq/activemq-default-login.yaml @@ -7,14 +7,23 @@ info: tags: apache,activemq,default-login requests: - - method: GET - path: - - '{{BaseURL}}/admin/' - headers: - Authorization: "Basic YWRtaW46YWRtaW4=" + - raw: + - | + GET /admin/ HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - user + - admin + password: + - user + - admin + attack: pitchfork matchers: - type: word words: - 'Welcome to the Apache ActiveMQ Console of ' - '

Broker

' - condition: and + condition: and \ No newline at end of file diff --git a/default-logins/aem/aem-default-login.yaml b/default-logins/aem/aem-default-login.yaml index 6ac263a2bd..4a3fe43989 100644 --- a/default-logins/aem/aem-default-login.yaml +++ b/default-logins/aem/aem-default-login.yaml @@ -4,7 +4,7 @@ info: name: Adobe AEM Default Login author: random-robbie severity: critical - tags: aem,default-login,fuzz + tags: aem,default-login requests: - raw: @@ -15,35 +15,22 @@ requests: Origin: {{BaseURL}} Referer: {{BaseURL}}/libs/granite/core/content/login.html - _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true + _charset_=utf-8&j_username={{aem_user}}&j_password={{aem_pass}}&j_validate=true + attack: pitchfork payloads: - - rr_username: + aem_user: - admin - grios - replication-receiver - vgnadmin - - aparker@geometrixx.info - - jdoe@geometrixx.info - - james.devore@spambob.com - - matt.monroe@mailinator.com - - aaron.mcdonald@mailinator.com - - jason.werner@dodgit.com - rr_password: + aem_pass: - admin - password - replication-receiver - vgnadmin - - aparker - - jdoe - - password - - password - - password - - password - attack: pitchfork # Available options: sniper, pitchfork and clusterbomb stop-at-first-match: true matchers-condition: and matchers: @@ -53,7 +40,7 @@ requests: - type: word part: header + condition: and words: - login-token - crx.default - condition: and diff --git a/default-logins/alibaba/canal-default-login.yaml b/default-logins/alibaba/canal-default-login.yaml index 2b2c640fba..a4c4a1b801 100644 --- a/default-logins/alibaba/canal-default-login.yaml +++ b/default-logins/alibaba/canal-default-login.yaml @@ -7,21 +7,29 @@ info: tags: alibaba,default-login requests: - - method: POST - path: - - "{{BaseURL}}/api/v1/user/login" - headers: - Content-Type: application/json - body: | - {"username":"admin","password":"123456"} + - raw: + - | + POST /api/v1/user/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"username":"{{user}}","password":"{{pass}}"} + + attack: pitchfork + payloads: + user: + - admin + pass: + - 123456 matchers-condition: and matchers: - type: status status: - 200 + - type: word + condition: and words: - 'data":{"token"' - '"code":20000' - condition: and diff --git a/default-logins/ambari/ambari-default-login.yaml b/default-logins/ambari/ambari-default-login.yaml index 0013f7acd5..6bb9c6de1a 100644 --- a/default-logins/ambari/ambari-default-login.yaml +++ b/default-logins/ambari/ambari-default-login.yaml @@ -7,11 +7,17 @@ info: tags: ambari,default-login requests: - - method: GET - path: - - '{{BaseURL}}/api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name' - headers: - Authorization: "Basic YWRtaW46YWRtaW4=" + - raw: + - | + GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers: - type: word words: diff --git a/default-logins/apache/airflow-default-login.yaml b/default-logins/apache/airflow-default-login.yaml index c01227d4b7..01b7979d10 100644 --- a/default-logins/apache/airflow-default-login.yaml +++ b/default-logins/apache/airflow-default-login.yaml @@ -21,8 +21,14 @@ requests: Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/admin/airflow/login - username=airflow&password=airflow&_csrf_token={{csrf_token}} + username={{username}}&password={{password}}&_csrf_token={{csrf_token}} + payloads: + username: + - airflow + password: + - airflow + attack: pitchfork extractors: - type: regex name: csrf_token diff --git a/default-logins/apache/superset-default-login.yaml b/default-logins/apache/superset-default-login.yaml index 26ec0e941e..aca3520299 100644 --- a/default-logins/apache/superset-default-login.yaml +++ b/default-logins/apache/superset-default-login.yaml @@ -21,11 +21,18 @@ requests: Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/admin/airflow/login - csrf_token={{csrff_token}}&username=admin&password=admin + csrf_token={{csrf_token}}&username={{username}}&password={{password}} + + attack: pitchfork + payloads: + username: + - admin + password: + - admin extractors: - type: regex - name: csrff_token + name: csrf_token group: 1 part: body internal: true diff --git a/default-logins/arl/arl-default-login.yaml b/default-logins/arl/arl-default-login.yaml index 5523da410d..a7c16e40a9 100644 --- a/default-logins/arl/arl-default-login.yaml +++ b/default-logins/arl/arl-default-login.yaml @@ -7,23 +7,31 @@ info: tags: arl,default-login requests: - - method: POST - path: - - "{{BaseURL}}/api/user/login" - headers: - Content-Type: application/json; charset=UTF-8 - body: | - {"username":"admin","password":"arlpass"} + - raw: + - | + POST /api/user/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json; charset=UTF-8 + + {"username":"{{username}}","password":"{{password}}"} + + payloads: + username: + - admin + password: + - arlpass + attack: pitchfork matchers-condition: and matchers: - type: word + condition: and words: - '"message": "success"' - '"username": "admin"' - '"type": "login"' - condition: and + - type: status status: - 200 diff --git a/default-logins/axis2/axis2-default-login.yaml b/default-logins/axis2/axis2-default-login.yaml index ac81168585..db69d4767f 100644 --- a/default-logins/axis2/axis2-default-login.yaml +++ b/default-logins/axis2/axis2-default-login.yaml @@ -7,13 +7,27 @@ info: tags: axis,apache,default-login requests: - - method: POST - path: - - "{{BaseURL}}/axis2-admin/login" - - "{{BaseURL}}/axis2/axis2-admin/login" - headers: - Content-Type: application/x-www-form-urlencoded - body: "userName=admin&password=axis2&submit=+Login+" + - raw: + - | + POST /axis2-admin/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + loginUsername={{username}}&loginPassword={{password}} + + - | + POST /axis2/axis2-admin/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + userName={{username}}&password={{password}}&submit=+Login+ + + payloads: + username: + - admin + password: + - axis2 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/azkaban/azkaban-default-login.yaml b/default-logins/azkaban/azkaban-default-login.yaml index ae21b174e8..5d9e13ca58 100644 --- a/default-logins/azkaban/azkaban-default-login.yaml +++ b/default-logins/azkaban/azkaban-default-login.yaml @@ -14,8 +14,14 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - action=login&username=admin&password=admin + action=login&username={{username}}&password={{password}} + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: - type: word diff --git a/default-logins/chinaunicom/chinaunicom-default-login.yaml b/default-logins/chinaunicom/chinaunicom-default-login.yaml index 0fe2cf1a2e..9b69089ffb 100644 --- a/default-logins/chinaunicom/chinaunicom-default-login.yaml +++ b/default-logins/chinaunicom/chinaunicom-default-login.yaml @@ -7,15 +7,26 @@ info: tags: chinaunicom,default-login requests: - - method: POST - path: - - "{{BaseURL}}/cu.html" - body: "frashnum=&action=login&Frm_Logintoken=1&Username=CUAdmin&Password=CUAdmin&Username=&Password=" + - raw: + - | + POST /cu.html HTTP/1.1 + Host: {{Hostname}} + + frashnum=&action=login&Frm_Logintoken=1&Username={{username}}&Password={{password}}&Username=&Password= + + attack: pitchfork + payloads: + username: + - CUAdmin + password: + - CUAdmin + matchers-condition: and matchers: - type: status status: - 302 + - type: word words: - "/menu.gch" diff --git a/default-logins/dell/dell-idrac-default-login.yaml b/default-logins/dell/dell-idrac-default-login.yaml index 95bc7ea11b..6e06c1ace2 100644 --- a/default-logins/dell/dell-idrac-default-login.yaml +++ b/default-logins/dell/dell-idrac-default-login.yaml @@ -6,11 +6,19 @@ info: tags: dell,idrac,default-login requests: - - method: POST - path: - - "{{BaseURL}}/data/login" + - raw: + - | + POST /data/login HTTP/1.1 + Host: {{Hostname}} - body: "user=root&password=calvin" + user={{username}}&password={{password}} + + payloads: + username: + - root + password: + - calvin + attack: pitchfork headers: Content-Type: "application/x-www-form-urlencode" diff --git a/default-logins/dell/dell-idrac9-default-login.yaml b/default-logins/dell/dell-idrac9-default-login.yaml index 8c71a04c75..d60325405b 100644 --- a/default-logins/dell/dell-idrac9-default-login.yaml +++ b/default-logins/dell/dell-idrac9-default-login.yaml @@ -11,8 +11,15 @@ requests: - | POST /sysmgmt/2015/bmc/session HTTP/1.1 Host: {{Hostname}} - User: "root" - Password: "calvin" + User: "{{username}}" + Password: "{{password}}" + + payloads: + username: + - root + password: + - calvin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/dell/emcecom-default-login.yaml b/default-logins/dell/emcecom-default-login.yaml index 4680d52fe3..c7d78156d9 100644 --- a/default-logins/dell/emcecom-default-login.yaml +++ b/default-logins/dell/emcecom-default-login.yaml @@ -9,11 +9,18 @@ info: tags: dell,emc,ecom,default-login requests: - - method: GET - path: - - '{{BaseURL}}' - headers: - Authorization: Basic YWRtaW46IzFQYXNzd29yZA== + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - root + password: + - calvin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/druid/druid-default-login.yaml b/default-logins/druid/druid-default-login.yaml index 01ea6a9026..78d252b867 100644 --- a/default-logins/druid/druid-default-login.yaml +++ b/default-logins/druid/druid-default-login.yaml @@ -7,12 +7,25 @@ info: tags: druid,default-login requests: - - method: POST - path: - - "{{BaseURL}}/druid/submitLogin" - - "{{BaseURL}}/submitLogin" + - raw: + - | + POST /druid/submitLogin HTTP/1.1 + Host: {{Hostname}} - body: "loginUsername=admin&loginPassword=admin" + loginUsername={{username}}&loginPassword={{password}} + + - | + POST /submitLogin HTTP/1.1 + Host: {{Hostname}} + + loginUsername={{username}}&loginPassword={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/dvwa/dvwa-default-login.yaml b/default-logins/dvwa/dvwa-default-login.yaml index 4cf084572e..941c2c30d0 100644 --- a/default-logins/dvwa/dvwa-default-login.yaml +++ b/default-logins/dvwa/dvwa-default-login.yaml @@ -20,7 +20,14 @@ requests: Cookie: PHPSESSID={{session}}; security=low Connection: close - username=admin&password=password&Login=Login&user_token={{token}} + username={{username}}&password={{password}}&Login=Login&user_token={{token}} + + payloads: + username: + - admin + password: + - password + attack: pitchfork extractors: - type: regex diff --git a/default-logins/exacqvision/exacqvision-default-login.yaml b/default-logins/exacqvision/exacqvision-default-login.yaml index 3f1e2abe4a..e04d3a0f7f 100644 --- a/default-logins/exacqvision/exacqvision-default-login.yaml +++ b/default-logins/exacqvision/exacqvision-default-login.yaml @@ -15,7 +15,14 @@ requests: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Connection: close - action=login&u=admin&p=admin256 + action=login&u={{username}}&p={{password}} + + payloads: + username: + - admin + password: + - admin256 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/flir/flir-default-login.yaml b/default-logins/flir/flir-default-login.yaml index ae4bc0b20a..9cb112ad91 100644 --- a/default-logins/flir/flir-default-login.yaml +++ b/default-logins/flir/flir-default-login.yaml @@ -14,7 +14,14 @@ requests: Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - user_name=admin&user_password=admin + user_name={{username}}&user_password={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/frps/frp-default-login.yaml b/default-logins/frps/frp-default-login.yaml index 91915c07fb..2dc240d633 100644 --- a/default-logins/frps/frp-default-login.yaml +++ b/default-logins/frps/frp-default-login.yaml @@ -8,11 +8,18 @@ info: reference: https://github.com/fatedier/frp/issues/1840 requests: - - method: GET - path: - - "{{BaseURL}}/api/proxy/tcp" - headers: - Authorization: "Basic YWRtaW46YWRtaW4=" + - raw: + - | + GET /api/proxy/tcp HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/gitlab/gitlab-weak-login.yaml b/default-logins/gitlab/gitlab-weak-login.yaml index 7f40fcc2de..510107c71c 100644 --- a/default-logins/gitlab/gitlab-weak-login.yaml +++ b/default-logins/gitlab/gitlab-weak-login.yaml @@ -17,13 +17,13 @@ requests: Referer: {{BaseURL}} content-type: application/json - {"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"} + {"grant_type":"password","username":"{{username}}","password":"{{password}}"} payloads: - gitlab_password: + password: - 12345 - 123456789 - gitlab_user: + username: - 1234 - admin diff --git a/default-logins/glpi/glpi-default-login.yaml b/default-logins/glpi/glpi-default-login.yaml index 36069bddc3..c2ea4c26d7 100644 --- a/default-logins/glpi/glpi-default-login.yaml +++ b/default-logins/glpi/glpi-default-login.yaml @@ -1,4 +1,5 @@ id: glpi-default-login + info: name: GLPI Default Login author: andysvints @@ -20,10 +21,14 @@ requests: Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}} - {{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}} + {{name}}={{user}}&{{password}}={{pass}}&auth=local&submit=Submit&_glpi_csrf_token={{token}} - cookie-reuse: true - redirects: true + attack: pitchfork + payloads: + user: + - glpi + pass: + - glpi extractors: - type: regex @@ -50,11 +55,13 @@ requests: regex: - "type=\"password\" name=\"([0-9a-z]+)\" id=\"login_password\" required=\"required\"" + cookie-reuse: true matchers-condition: and matchers: - type: word words: - 'GLPI - Standard Interface' + - type: status status: - 200 diff --git a/default-logins/grafana/grafana-default-login.yaml b/default-logins/grafana/grafana-default-login.yaml index efea21f9ff..30f759b9cb 100644 --- a/default-logins/grafana/grafana-default-login.yaml +++ b/default-logins/grafana/grafana-default-login.yaml @@ -19,15 +19,17 @@ requests: Referer: {{BaseURL}} content-type: application/json - {"user":"admin","password":"§grafana_password§"} - + {"user":"{{username}}","password":"{{password}}"} + attack: pitchfork payloads: - grafana_password: - - prom-operator + username: + - admin - admin - attack: sniper + password: + - prom-operator + - admin matchers-condition: and matchers: diff --git a/default-logins/guacamole/guacamole-default-login.yaml b/default-logins/guacamole/guacamole-default-login.yaml index e35338f606..3ab8960dd6 100644 --- a/default-logins/guacamole/guacamole-default-login.yaml +++ b/default-logins/guacamole/guacamole-default-login.yaml @@ -16,7 +16,14 @@ requests: Origin: {{Hostname}} Referer: {{Hostname}} - username=guacadmin&password=guacadmin + username={{username}}&password={{password}} + + payloads: + username: + - guacadmin + password: + - guacadmin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/hongdian/hongdian-default-login.yaml b/default-logins/hongdian/hongdian-default-login.yaml index d7f574e5ad..a1549c0fa0 100644 --- a/default-logins/hongdian/hongdian-default-login.yaml +++ b/default-logins/hongdian/hongdian-default-login.yaml @@ -11,17 +11,26 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + Authorization: Basic {{base64(username + ':' + password)}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate - | GET / HTTP/1.1 Host: {{Hostname}} - Authorization: Basic YWRtaW46YWRtaW4= + Authorization: Basic {{base64(username + ':' + password)}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate + payloads: + username: + - guest + - admin + password: + - guest + - admin + attack: pitchfork + matchers-condition: and matchers: - type: word diff --git a/default-logins/hortonworks/smartsense-default-login.yaml b/default-logins/hortonworks/smartsense-default-login.yaml index a4593fc854..0bddf7fce8 100644 --- a/default-logins/hortonworks/smartsense-default-login.yaml +++ b/default-logins/hortonworks/smartsense-default-login.yaml @@ -9,11 +9,18 @@ info: tags: hortonworks,smartsense,default-login requests: - - method: GET - path: - - '{{BaseURL}}/apt/v1/context' - headers: - Authorization: Basic YWRtaW46YWRtaW4= + - raw: + - | + GET /apt/v1/context HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/hp/hp-switch-default-login.yaml b/default-logins/hp/hp-switch-default-login.yaml index e45b5f510f..aa854686cb 100644 --- a/default-logins/hp/hp-switch-default-login.yaml +++ b/default-logins/hp/hp-switch-default-login.yaml @@ -14,7 +14,13 @@ requests: POST /htdocs/login/login.lua HTTP/1.1 Host: {{Hostname}} - username=admin&password= + username={{username}}&password= + + payloads: + username: + - admin + + attack: sniper matchers-condition: and matchers: diff --git a/default-logins/ibm/ibm-storage-default-credential.yaml b/default-logins/ibm/ibm-storage-default-credential.yaml index 21a47dde00..6b2df92269 100644 --- a/default-logins/ibm/ibm-storage-default-credential.yaml +++ b/default-logins/ibm/ibm-storage-default-credential.yaml @@ -14,7 +14,14 @@ requests: Origin: {{BaseURL}} Content-Type: application/x-www-form-urlencoded - j_username=admin&j_password=admin&continue=&submit=submit+form + j_username={{username}}&j_password={{password}}&continue=&submit=submit+form + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/idemia/idemia-biometrics-default-login.yaml b/default-logins/idemia/idemia-biometrics-default-login.yaml index 4721e74d28..9c7aa9d12a 100644 --- a/default-logins/idemia/idemia-biometrics-default-login.yaml +++ b/default-logins/idemia/idemia-biometrics-default-login.yaml @@ -9,11 +9,17 @@ info: tags: idemia,biometrics,default-login requests: - - method: POST - path: - - '{{BaseURL}}/cgi-bin/login.cgi' + - raw: + - | + POST /cgi-bin/login.cgi HTTP/1.1 + Host: {{Hostname}} - body: password=12345 + password={{password}} + + payloads: + password: + - 12345 + attack: sniper matchers-condition: and matchers: diff --git a/default-logins/iptime/iptime-default-login.yaml b/default-logins/iptime/iptime-default-login.yaml index da94fcec13..d6a42f5490 100644 --- a/default-logins/iptime/iptime-default-login.yaml +++ b/default-logins/iptime/iptime-default-login.yaml @@ -13,7 +13,14 @@ requests: Host: {{Hostname}} Referer: {{BaseURL}}/sess-bin/login_session.cgi - username=admin&passwd=admin + username={{username}}&passwd={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/jenkins/jenkins-default.yaml b/default-logins/jenkins/jenkins-default.yaml index 2d793558cc..2f2d3c8ef9 100644 --- a/default-logins/jenkins/jenkins-default.yaml +++ b/default-logins/jenkins/jenkins-default.yaml @@ -18,21 +18,22 @@ requests: Content-Type: application/x-www-form-urlencoded Cookie: {{cookie}} - j_username=admin&j_password=admin&from=%2F&Submit=Sign+in - - - | - POST /j_spring_security_check HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Cookie: {{cookie}} - - j_username=jenkins&j_password=password&from=%2F&Submit=Sign+in + j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in - | GET / HTTP/1.1 Host: {{Hostname}} Cookie: {{cookie}} + attack: pitchfork + payloads: + username: + - admin + - jenkins + password: + - admin + - password + extractors: - type: regex name: cookie @@ -44,7 +45,7 @@ requests: req-condition: true matchers: - type: dsl + condition: and dsl: - - 'contains(body_4, "/logout")' - - 'contains(body_4, "Dashboard [Jenkins]")' - condition: and \ No newline at end of file + - 'contains(body_3, "/logout")' + - 'contains(body_3, "Dashboard [Jenkins]")' diff --git a/default-logins/minio/minio-default-login.yaml b/default-logins/minio/minio-default-login.yaml index 8fe40766bf..d9338fbaf2 100644 --- a/default-logins/minio/minio-default-login.yaml +++ b/default-logins/minio/minio-default-login.yaml @@ -7,23 +7,20 @@ info: tags: default-login,minio requests: - - method: POST - path: - - "{{BaseURL}}/minio/webrpc" + - raw: + - | + POST /minio/webrpc HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json - headers: - Content-Type: application/json + {"id":1,"jsonrpc":"2.0","params":{"username":"{{username}}","password":"{{password}}"},"method":"Web.Login"} - body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}' - - - method: POST - path: - - "{{BaseURL}}/minio/webrpc" - - headers: - Content-Type: application/json - - body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}' + payloads: + username: + - minioadmin + password: + - minioadmin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/nagios/nagios-default-login.yaml b/default-logins/nagios/nagios-default-login.yaml index fcb25e0ee3..8fb3713825 100644 --- a/default-logins/nagios/nagios-default-login.yaml +++ b/default-logins/nagios/nagios-default-login.yaml @@ -6,17 +6,27 @@ info: tags: nagios,default-login reference: https://www.nagios.org requests: - - method: GET - path: - - "{{BaseURL}}/nagios/side.php" - headers: - Authorization: Basic bmFnaW9zYWRtaW46bmFnaW9zYWRtaW4= + - raw: + - | + GET /nagios/side.php HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - nagiosadmin + - root + password: + - nagiosadmin + - nagiosxi + attack: pitchfork matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - 'Current Status' diff --git a/default-logins/nexus/nexus-default-login.yaml b/default-logins/nexus/nexus-default-login.yaml index 187dd37286..4decf4e751 100644 --- a/default-logins/nexus/nexus-default-login.yaml +++ b/default-logins/nexus/nexus-default-login.yaml @@ -14,7 +14,14 @@ requests: X-Nexus-UI: true Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - username=YWRtaW4%3D&password=YWRtaW4xMjM%3D + username={{base64(username)}}&password={{base64(password)}} + + payloads: + username: + - admin + password: + - admin123 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/nps/nps-default-login.yaml b/default-logins/nps/nps-default-login.yaml index 329b5acb7e..5768136961 100644 --- a/default-logins/nps/nps-default-login.yaml +++ b/default-logins/nps/nps-default-login.yaml @@ -7,13 +7,21 @@ info: tags: nps,default-login requests: - - method: POST - path: - - "{{BaseURL}}/login/verify" - body: "username=admin&password=123" - headers: - Content-Type: application/x-www-form-urlencoded - Referer: "{{Hostname}}/login/index" + - raw: + - | + POST /login/verify HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{Hostname}}/login/index + + username={{username}}&password={{password}} + + payloads: + username: + - admin + password: + - 123 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/ofbiz/ofbiz-default-login.yaml b/default-logins/ofbiz/ofbiz-default-login.yaml index 6a10fbeed3..4471e1295a 100644 --- a/default-logins/ofbiz/ofbiz-default-login.yaml +++ b/default-logins/ofbiz/ofbiz-default-login.yaml @@ -7,12 +7,21 @@ info: tags: ofbiz,default-login requests: - - method: POST - path: - - '{{BaseURL}}/control/login' - headers: - Content-Type: application/x-www-form-urlencoded - body: USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y + - raw: + - | + POST /control/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + USERNAME={{username}}&PASSWORD={{password}}&FTOKEN=&JavaScriptEnabled=Y + + payloads: + username: + - admin + password: + - ofbiz + attack: pitchfork + matchers: - type: word words: diff --git a/default-logins/oracle/businessintelligence-default-login.yaml b/default-logins/oracle/businessintelligence-default-login.yaml index 0722fab2d9..a89df1808c 100644 --- a/default-logins/oracle/businessintelligence-default-login.yaml +++ b/default-logins/oracle/businessintelligence-default-login.yaml @@ -19,13 +19,20 @@ requests: - Administrator - Administrator + {{username}} + {{password}} bi + payloads: + username: + - Administrator + password: + - Administrator + attack: pitchfork + matchers-condition: and matchers: - type: status diff --git a/default-logins/paloalto/panos-default-login.yaml b/default-logins/paloalto/panos-default-login.yaml index 1631b3132e..f7bac9f620 100644 --- a/default-logins/paloalto/panos-default-login.yaml +++ b/default-logins/paloalto/panos-default-login.yaml @@ -9,11 +9,20 @@ info: tags: paloalto,panos,default-login requests: - - method: POST - path: - - '{{BaseURL}}/php/login.php' + - raw: + - | + POST /php/login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded - body: user=admin&passwd=admin&challengePwd=&ok=Login + user={{username}}&passwd={{password}}&challengePwd=&ok=Login + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/panabit/panabit-default-login.yaml b/default-logins/panabit/panabit-default-login.yaml index d69c44cc3f..d790a10942 100644 --- a/default-logins/panabit/panabit-default-login.yaml +++ b/default-logins/panabit/panabit-default-login.yaml @@ -19,15 +19,22 @@ requests: Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 ------WebKitFormBoundaryAjZMsILtbrBp8VbC - Content-Disposition: form-data; name="username" + Content-Disposition: form-data; name="{{username}}" admin ------WebKitFormBoundaryAjZMsILtbrBp8VbC - Content-Disposition: form-data; name="password" + Content-Disposition: form-data; name="{{password}}" panabit ------WebKitFormBoundaryAjZMsILtbrBp8VbC-- + payloads: + username: + - username + password: + - password + attack: pitchfork + matchers-condition: and matchers: - type: word diff --git a/default-logins/rabbitmq/rabbitmq-default-login.yaml b/default-logins/rabbitmq/rabbitmq-default-login.yaml index 1f8dc9b5d7..4497061308 100644 --- a/default-logins/rabbitmq/rabbitmq-default-login.yaml +++ b/default-logins/rabbitmq/rabbitmq-default-login.yaml @@ -7,11 +7,20 @@ info: tags: rabbitmq,default-login requests: - - method: GET - path: - - "{{BaseURL}}/api/whoami" - headers: - Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q=" + - raw: + - | + GET /api/whoami HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - guest + password: + - guest + attack: pitchfork + matchers-condition: and matchers: - type: word diff --git a/default-logins/ricoh/ricoh-weak-password.yaml b/default-logins/ricoh/ricoh-weak-password.yaml index a7db0ce8a6..8e21ee4482 100644 --- a/default-logins/ricoh/ricoh-weak-password.yaml +++ b/default-logins/ricoh/ricoh-weak-password.yaml @@ -14,7 +14,12 @@ requests: Host: {{Hostname}} Cookie: cookieOnOffChecker=on; - wimToken=&userid_work=&userid=YWRtaW4%3D&password_work=&password=&open= + wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open= + + payloads: + username: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/rockmongo/rockmongo-default-login.yaml b/default-logins/rockmongo/rockmongo-default-login.yaml index 5a1bf55b42..8fb0fdf1ee 100644 --- a/default-logins/rockmongo/rockmongo-default-login.yaml +++ b/default-logins/rockmongo/rockmongo-default-login.yaml @@ -14,7 +14,14 @@ requests: Content-Type: application/x-www-form-urlencoded Referer: {{Hostname}}/index.php?action=login.index - more=0&host=0&username=admin&password=admin&db=&lang=en_us&expire=3 + more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3 + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/samsung/samsung-wlan-default-login.yaml b/default-logins/samsung/samsung-wlan-default-login.yaml index bb29f3d888..9b2e264515 100644 --- a/default-logins/samsung/samsung-wlan-default-login.yaml +++ b/default-logins/samsung/samsung-wlan-default-login.yaml @@ -8,18 +8,28 @@ info: tags: samsung,default-login requests: - - method: POST - path: - - "{{BaseURL}}/main.ehp" - body: "httpd;General;lang=en&login_id=root&login_pw=sweap12~" + - raw: + - | + POST /main.ehp HTTP/1.1 + Host: {{Hostname}} + + httpd;General;lang=en&login_id={{username}}&login_pw={{password}} + + payloads: + username: + - root + password: + - sweap12~ + attack: pitchfork matchers-condition: and matchers: - type: word + part: body words: - "document.formParent2.changepasswd1.value" - "passwd_change.ehp" - part: body + - type: status status: - 200 diff --git a/default-logins/showdoc/showdoc-default-login.yaml b/default-logins/showdoc/showdoc-default-login.yaml index 16b59aaf5d..056d562bcb 100644 --- a/default-logins/showdoc/showdoc-default-login.yaml +++ b/default-logins/showdoc/showdoc-default-login.yaml @@ -9,14 +9,21 @@ info: tags: showdoc,default-login requests: - - method: POST - path: - - "{{BaseURL}}/server/index.php?s=/api/user/login" - body: | - username=showdoc&password=123456&v_code= + - raw: + - | + POST /server/index.php?s=/api/user/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + + username={{username}}&password={{password}}&v_code= + + payloads: + username: + - showdoc + password: + - 123456 + attack: pitchfork - headers: - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 matchers-condition: and matchers: diff --git a/default-logins/solarwinds/solarwinds-default-login.yaml b/default-logins/solarwinds/solarwinds-default-login.yaml index 191e232c4b..421104562e 100644 --- a/default-logins/solarwinds/solarwinds-default-login.yaml +++ b/default-logins/solarwinds/solarwinds-default-login.yaml @@ -12,12 +12,22 @@ info: # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} requests: - - method: GET - path: - - "{{BaseURL}}/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" # First path is default base path - - "{{BaseURL}}/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" - headers: - Authorization: "Basic YWRtaW46" + - raw: + - | + GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username)}} + + - | + GET /InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username)}} + + payloads: + username: + - admin + attack: pitchfork + matchers-condition: and matchers: - type: word diff --git a/default-logins/spectracom/spectracom-default-login.yaml b/default-logins/spectracom/spectracom-default-login.yaml index 401684b2fd..07b09fe30a 100644 --- a/default-logins/spectracom/spectracom-default-login.yaml +++ b/default-logins/spectracom/spectracom-default-login.yaml @@ -13,7 +13,14 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D=spadmin&data%5BUser%5D%5Bpassword%5D=admin123 + data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}} + + payloads: + username: + - spadmin + password: + - admin123 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/szhe/szhe-default-login.yaml b/default-logins/szhe/szhe-default-login.yaml index ea60ca2694..cb6a6fe9b0 100644 --- a/default-logins/szhe/szhe-default-login.yaml +++ b/default-logins/szhe/szhe-default-login.yaml @@ -9,13 +9,20 @@ info: - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage requests: - - method: POST - path: - - "{{BaseURL}}/login/" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - email=springbird@qq.com&password=springbird&remeber=true + - raw: + - | + POST /login/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + email={{username}}&password={{password}}&remeber=true + + payloads: + username: + - springbird@qq.com + password: + - springbird + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/vidyo/vidyo-default-login.yaml b/default-logins/vidyo/vidyo-default-login.yaml index 12541056e9..a9eb24bbcc 100644 --- a/default-logins/vidyo/vidyo-default-login.yaml +++ b/default-logins/vidyo/vidyo-default-login.yaml @@ -24,7 +24,14 @@ requests: Referer: {{RootURL}}/super/login.html?lang=en Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en - username=super&password=password + username={{username}}&password={{password}} + + payloads: + username: + - super + password: + - password + attack: pitchfork extractors: - type: regex diff --git a/default-logins/viewpoint/trilithic-viewpoint-login.yaml b/default-logins/viewpoint/trilithic-viewpoint-login.yaml index 49efa15a32..d26dd6f456 100644 --- a/default-logins/viewpoint/trilithic-viewpoint-login.yaml +++ b/default-logins/viewpoint/trilithic-viewpoint-login.yaml @@ -16,7 +16,14 @@ requests: Content-Type: application/json Cookie: trilithic_win_auth=false - {u:"admin", t:"undefined", p:"trilithic", d:"", r:false, w:false} + {u:"{{username}}", t:"undefined", p:"{{password}}", d:"", r:false, w:false} + + payloads: + username: + - admin + password: + - trilithic + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/visionhub/visionhub-default-login.yaml b/default-logins/visionhub/visionhub-default-login.yaml index 73b47bbc33..df2983be93 100644 --- a/default-logins/visionhub/visionhub-default-login.yaml +++ b/default-logins/visionhub/visionhub-default-login.yaml @@ -9,11 +9,18 @@ info: reference: https://www.qognify.com/products/visionhub/ requests: - - method: POST - path: - - '{{BaseURL}}/VisionHubWebApi/api/Login' - headers: - Authorization: Basic YWRtaW46YWRtaW4= + - raw: + - | + POST /VisionHubWebApi/api/Login HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/wifisky/wifisky-default-login.yaml b/default-logins/wifisky/wifisky-default-login.yaml index 260722f63c..c6d731deb0 100644 --- a/default-logins/wifisky/wifisky-default-login.yaml +++ b/default-logins/wifisky/wifisky-default-login.yaml @@ -16,7 +16,14 @@ requests: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Connection: close - username=admin&password=admin + username={{username}}&password={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/wso2/wso2-default-login.yaml b/default-logins/wso2/wso2-default-login.yaml index 89b6bac30f..9e3fd49b53 100644 --- a/default-logins/wso2/wso2-default-login.yaml +++ b/default-logins/wso2/wso2-default-login.yaml @@ -14,7 +14,14 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - username=admin&password=admin + username={{username}}&password={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork redirects: false matchers: diff --git a/default-logins/xxljob/xxljob-default-login.yaml b/default-logins/xxljob/xxljob-default-login.yaml index daf9ed85be..11e08ec55c 100644 --- a/default-logins/xxljob/xxljob-default-login.yaml +++ b/default-logins/xxljob/xxljob-default-login.yaml @@ -14,7 +14,14 @@ requests: Host:{{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - userName=admin&password=123456 + userName={{username}}&password={{password}} + + payloads: + username: + - admin + password: + - 123456 + attack: pitchfork matchers-condition: and matchers: diff --git a/default-logins/zabbix/zabbix-default-login.yaml b/default-logins/zabbix/zabbix-default-login.yaml index 7f7c15adc4..58d665b220 100644 --- a/default-logins/zabbix/zabbix-default-login.yaml +++ b/default-logins/zabbix/zabbix-default-login.yaml @@ -7,14 +7,21 @@ info: tags: zabbix,default-login requests: - - method: POST - path: - - '{{BaseURL}}/index.php' - headers: - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest + - raw: + - | + POST /index.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest - body: name=Admin&password=zabbix&autologin=1&enter=Sign+in + name={{username}}&password={{password}}&autologin=1&enter=Sign+in + + payloads: + username: + - Admin + password: + - zabbix + attack: pitchfork matchers-condition: and matchers: @@ -24,4 +31,4 @@ requests: - type: status status: - - 302 \ No newline at end of file + - 302 diff --git a/default-logins/zmanda/zmanda-default-login.yaml b/default-logins/zmanda/zmanda-default-login.yaml index 4bdc37d5c9..0ba28984fa 100644 --- a/default-logins/zmanda/zmanda-default-login.yaml +++ b/default-logins/zmanda/zmanda-default-login.yaml @@ -9,14 +9,21 @@ info: tags: zmanda,default-login requests: - - method: POST - path: - - '{{BaseURL}}/ZMC_Admin_Login' - headers: - Content-Type: application/x-www-form-urlencoded - Cookie: zmc_cookies_enabled=true + - raw: + - | + POST /ZMC_Admin_Login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Cookie: zmc_cookies_enabled=true - body: login=AEE&last_page=&username=admin&password=admin&submit=Login&JS_SWITCH=JS_ON + login=AEE&last_page=&username={{username}}&password={{password}}&submit=Login&JS_SWITCH=JS_ON + + payloads: + username: + - admin + password: + - admin + attack: pitchfork matchers-condition: and matchers: