Added new Template for Sentry Instance Detection

miscellaneous/sentrySSRF.yaml

@@ -0,0 +1,22 @@
+id: Sentry Instance
+
+# Sentry Instace can be SSRF'd if scrapping is enabled
+# https://hackerone.com/reports/374737
+# https://twitter.com/itsecurityguard/status/1127893545619218432?lang=en
+
+info:
+  name: Sentry Instance SSRF
+  author: Sicksec
+  severity: meduim
+  tags: ssrf,sentry
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "https://[0-9a-f]*@[a-z0-9]+\\.[a-z.]+.?[0-9]+"