Merge pull request #4542 from DhiyaneshGeek/master

Exposure File Templates

exposures/files/django-secret-key.yaml

@@ -0,0 +1,46 @@
+id: django-secret-key
+
+info:
+  name: Django Secret Key Exposure
+  author: geeknik,DhiyaneshDk
+  severity: high
+  reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
+  metadata:
+    verified: true
+    shodan-query: html:settings.py
+  tags: django,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/settings.py"
+      - "{{BaseURL}}/app/settings.py"
+      - "{{BaseURL}}/django/settings.py"
+      - "{{BaseURL}}/settings/settings.py"
+      - "{{BaseURL}}/web/settings/settings.py"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "SECRET_KEY ="
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+        negative: true
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '"DJANGO_SECRET_KEY", "(.*)"'

exposures/files/ftpconfig.yaml

@@ -0,0 +1,29 @@
+id: ftpconfig
+
+info:
+  name: Atom remote-ssh ftpconfig Exposure
+  author: geeknik,DhiyaneshDK
+  description: Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
+  severity: high
+  metadata:
+    verified: true
+    shodan-query: html:ftpconfig
+  tags: atom,ftp,config,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.ftpconfig"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"protocol":'
+          - '"host":'
+          - '"user":'
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposures/files/git-mailmap.yaml

@@ -0,0 +1,33 @@
+id: git-mailmap
+
+info:
+  name: Git Mailmap File Disclosure
+  author: geeknik,DhiyaneshDK
+  severity: low
+  reference: https://man7.org/linux/man-pages/man5/gitmailmap.5.html
+  metadata:
+    verified: true
+    shodan-query: html:mailmap
+  tags: config,exposure,git,mailmap
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.mailmap"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21\\x23-\\x5b\\x5d-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21-\\x5a\\x53-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])+)\\])"
+
+      - type: word
+        part: body
+        words:
+          - "# Theresa O'Connor:"
+        negative: true
+
+      - type: status
+        status:
+          - 200

exposures/files/php-ini.yaml

@@ -0,0 +1,32 @@
+id: php-ini
+
+info:
+  name: Php.ini File Disclosure
+  author: geeknik,DhiyaneshDK
+  severity: low
+  reference: https://www.php.net/manual/en/configuration.file.php
+  metadata:
+    verified: true
+    shodan-query: php.ini
+  tags: config,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/php.ini"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "[PHP]"
+          - "short_open_tag"
+          - "safe_mode"
+          - "expose_php"
+        condition: and
+
+      - type: status
+        status:
+          - 200