Merge pull request #1556 from projectdiscovery/file-templates

Added file based templates 🎉
2021-06-13 15:43:41 +05:30 · 2021-06-13 15:43:41 +05:30 · 522b9c4f2f
parent dd149519da d2b065925a
commit 522b9c4f2f
42 changed files with 701 additions and 0 deletions
--- a/file/android/adb-backup-enabled.yaml
+++ b/file/android/adb-backup-enabled.yaml
@ -0,0 +1,16 @@
+id: adb-backup-enabled
+
+info:
+  name: ADB Backup Enabled
+  author: gaurang
+  severity: low
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "android:allowBackup=\"true\""
--- a/file/android/biometric-detect.yaml
+++ b/file/android/biometric-detect.yaml
@ -0,0 +1,17 @@
+id: biometric-detect
+
+info:
+  name: Biometric or Fingerprint detect
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "android.permission.USE_FINGERPRINT"
+          - "android.permission.USE_BIOMETRIC"
--- a/file/android/certificate-validation.yaml
+++ b/file/android/certificate-validation.yaml
@ -0,0 +1,16 @@
+id: improper-certificate-validation
+
+info:
+  name: Improper Certificate Validation
+  author: gaurang
+  severity: medium
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "Landroid/webkit/SslErrorHandler;->proceed()V"
--- a/file/android/content-scheme.yaml
+++ b/file/android/content-scheme.yaml
@ -0,0 +1,16 @@
+id: content-scheme
+
+info:
+  name: Content Scheme Enabled
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers:
+      - type: word
+        words:
+          - "android:scheme=\"content\""
--- a/file/android/debug-enabled.yaml
+++ b/file/android/debug-enabled.yaml
@ -0,0 +1,16 @@
+id: android-debug-enabled
+
+info:
+  name: Android Debug Enabled
+  author: gaurang
+  severity: low
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: regex
+        regex:
+          - "android:debuggable=\"true\""
--- a/file/android/dynamic-broadcast-receiver.yaml
+++ b/file/android/dynamic-broadcast-receiver.yaml
@ -0,0 +1,16 @@
+id: dynamic-registered-broadcast-receiver
+
+info:
+  name: Dynamic Registered Broadcast Receiver
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)"
--- a/file/android/file-scheme.yaml
+++ b/file/android/file-scheme.yaml
@ -0,0 +1,16 @@
+id: file-scheme
+
+info:
+  name: File Scheme Enabled
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers:
+      - type: word
+        words:
+          - "android:scheme=\"file\""
--- a/file/android/provider-path.yaml
+++ b/file/android/provider-path.yaml
@ -0,0 +1,17 @@
+id: insecure-provider-path
+
+info:
+  name: Insecure Provider Path
+  author: gaurang
+  severity: medium
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: regex
+        regex:
+          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\""
+          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\""
--- a/file/android/webview-addjavascript-interface.yaml
+++ b/file/android/webview-addjavascript-interface.yaml
@ -0,0 +1,16 @@
+id: webview-addjavascript-interface
+
+info:
+  name: Webview addJavascript Interface Usage
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V"
--- a/file/android/webview-javascript.yaml
+++ b/file/android/webview-javascript.yaml
@ -0,0 +1,16 @@
+id: webview-javascript-enabled
+
+info:
+  name: Webview JavaScript enabled
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V"
--- a/file/android/webview-load-url.yaml
+++ b/file/android/webview-load-url.yaml
@ -0,0 +1,16 @@
+id: webview-load-url
+
+info:
+  name: Webview loadUrl usage
+  author: gaurang
+  severity: info
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V"
--- a/file/android/webview-universal-access.yaml
+++ b/file/android/webview-universal-access.yaml
@ -0,0 +1,16 @@
+id: webview-universal-access
+
+info:
+  name: Webview Universal Access enabled
+  author: gaurang
+  severity: medium
+  tags: android,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V"
--- a/file/keys/amazon-mws-auth-token.yaml
+++ b/file/keys/amazon-mws-auth-token.yaml
@ -0,0 +1,16 @@
+id: amazon-mws-auth-token-value
+
+info:
+  name: Amazon MWS Auth Token
+  author: gaurang
+  severity: medium
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
--- a/file/keys/aws-access-id.yaml
+++ b/file/keys/aws-access-id.yaml
@ -0,0 +1,16 @@
+id: aws-access-key
+
+info:
+  name: AWS Access Key ID
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
--- a/file/keys/aws-cognito.yaml
+++ b/file/keys/aws-cognito.yaml
@ -0,0 +1,32 @@
+id: aws-cognito-pool
+
+info:
+  name: AWS Cognito Pool ID
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "ap-northeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ap-northeast-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ap-southeast-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ap-southeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ap-south-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ca-central-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "ca-central-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "eu-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "eu-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "eu-north-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "us-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "us-east-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
--- a/file/keys/cloudinary.yaml
+++ b/file/keys/cloudinary.yaml
@ -0,0 +1,16 @@
+id: cloudinary-basic-auth
+
+info:
+  name: Cloudinary Basic Auth
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
--- a/file/keys/credentials.yaml
+++ b/file/keys/credentials.yaml
@ -0,0 +1,16 @@
+id: basic-auth-creds
+
+info:
+  name: Basic Auth Credentials
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
--- a/file/keys/dynatrace-token.yaml
+++ b/file/keys/dynatrace-token.yaml
@ -0,0 +1,16 @@
+id: dynatrace-token
+
+info:
+  name: Dynatrace Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
--- a/file/keys/facebook-client-id.yaml
+++ b/file/keys/facebook-client-id.yaml
@ -0,0 +1,16 @@
+id: facebook-client-id
+
+info:
+  name: Facebook Client ID
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
--- a/file/keys/facebook-secret.yaml
+++ b/file/keys/facebook-secret.yaml
@ -0,0 +1,16 @@
+id: facebook-secret-key
+
+info:
+  name: Facebook Secret Key
+  author: gaurang
+  severity: low
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
--- a/file/keys/firebase-database.yaml
+++ b/file/keys/firebase-database.yaml
@ -0,0 +1,17 @@
+id: firebase-database
+
+info:
+  name: Firebase Database Detect
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "[a-z0-9.-]+\\.firebaseio\\.com"
+          - "[a-z0-9.-]+\\.firebaseapp\\.com"
--- a/file/keys/gcp-service-account.yaml
+++ b/file/keys/gcp-service-account.yaml
@ -0,0 +1,16 @@
+id: gcp-service-account
+
+info:
+  name: Google (GCP) Service-account
+  author: gaurang
+  severity: low
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "\"type\": \"service_account\""
--- a/file/keys/google-api.yaml
+++ b/file/keys/google-api.yaml
@ -0,0 +1,16 @@
+id: google-api-key
+
+info:
+  name: Google API key
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "AIza[0-9A-Za-z\\-_]{35}"
--- a/file/keys/linkedin-id.yaml
+++ b/file/keys/linkedin-id.yaml
@ -0,0 +1,16 @@
+id: linkedin-client-id
+
+info:
+  name: Linkedin Client ID
+  author: gaurang
+  severity: low
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
--- a/file/keys/mailchimp-api.yaml
+++ b/file/keys/mailchimp-api.yaml
@ -0,0 +1,16 @@
+id: mailchimp-api-key
+
+info:
+  name: Mailchimp API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "[0-9a-f]{32}-us[0-9]{1,2}"
--- a/file/keys/mailgun-api.yaml
+++ b/file/keys/mailgun-api.yaml
@ -0,0 +1,16 @@
+id: mailgun-api-key
+
+info:
+  name: Mailgun API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "key-[0-9a-zA-Z]{32}"
--- a/file/keys/paypal-braintree-token.yaml
+++ b/file/keys/paypal-braintree-token.yaml
@ -0,0 +1,16 @@
+id: paypal-braintree-token
+
+info:
+  name: Paypal Braintree Access Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
--- a/file/keys/pictatic-api-key.yaml
+++ b/file/keys/pictatic-api-key.yaml
@ -0,0 +1,16 @@
+id: pictatic-api-key
+
+info:
+  name: Pictatic API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "sk_live_[0-9a-z]{32}"
--- a/file/keys/private-key.yaml
+++ b/file/keys/private-key.yaml
@ -0,0 +1,22 @@
+id: private-key
+
+info:
+  name: Private Key Detect
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "\"BEGIN OPENSSH PRIVATE KEY\""
+          - "\"BEGIN PRIVATE KEY\""
+          - "\"BEGIN RSA PRIVATE KEY\""
+          - "\"BEGIN DSA PRIVATE KEY\""
+          - "\"BEGIN EC PRIVATE KEY\""
+          - "\"BEGIN PGP PRIVATE KEY BLOCK\""
+          - "\"ssh-rsa\""
--- a/file/keys/s3-bucket.yaml
+++ b/file/keys/s3-bucket.yaml
@ -0,0 +1,20 @@
+id: s3-bucket
+
+info:
+  name: S3 Bucket Detect
+  author: gaurang
+  severity: info
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "[a-z0-9.-]+\\.s3\\.amazonaws\\.com"
+          - "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com"
+          - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)"
+          - "//s3\\.amazonaws\\.com/[a-z0-9._-]+"
+          - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+"
--- a/file/keys/sendgrid-api.yaml
+++ b/file/keys/sendgrid-api.yaml
@ -0,0 +1,16 @@
+id: sendgrid-api-key
+
+info:
+  name: Sendgrid API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
--- a/file/keys/shopify-custom-token.yaml
+++ b/file/keys/shopify-custom-token.yaml
@ -0,0 +1,16 @@
+id: shopify-custom-token
+
+info:
+  name: Shopify Custom App Access Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "shpca_[a-fA-F0-9]{32}"
--- a/file/keys/shopify-private-token.yaml
+++ b/file/keys/shopify-private-token.yaml
@ -0,0 +1,16 @@
+id: shopify-private-token
+
+info:
+  name: Shopify Private App Access Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "shppa_[a-fA-F0-9]{32}"
--- a/file/keys/shopify-shared-secret.yaml
+++ b/file/keys/shopify-shared-secret.yaml
@ -0,0 +1,16 @@
+id: shopify-shared-secret
+
+info:
+  name: Shopify Shared Secret
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "shpss_[a-fA-F0-9]{32}"
--- a/file/keys/shopify-token.yaml
+++ b/file/keys/shopify-token.yaml
@ -0,0 +1,16 @@
+id: shopify-access-token
+
+info:
+  name: Shopify Access Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "shpat_[a-fA-F0-9]{32}"
--- a/file/keys/slack-api.yaml
+++ b/file/keys/slack-api.yaml
@ -0,0 +1,16 @@
+id: slack-api
+
+info:
+  name: Slack API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "xox[baprs]-([0-9a-zA-Z]{10,48})?"
--- a/file/keys/slack-webhook.yaml
+++ b/file/keys/slack-webhook.yaml
@ -0,0 +1,16 @@
+id: slack-webhook
+
+info:
+  name: Slack Webhook
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}"
--- a/file/keys/square-access-token.yaml
+++ b/file/keys/square-access-token.yaml
@ -0,0 +1,16 @@
+id: square-access-token
+
+info:
+  name: Square Accesss Token
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "sq0atp-[0-9A-Za-z\\-_]{22}"
--- a/file/keys/square-oauth-secret.yaml
+++ b/file/keys/square-oauth-secret.yaml
@ -0,0 +1,16 @@
+id: square-oauth-secret
+
+info:
+  name: Square OAuth Secret
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "sq0csp-[0-9A-Za-z\\-_]{43}"
--- a/file/keys/stripe-api-key.yaml
+++ b/file/keys/stripe-api-key.yaml
@ -0,0 +1,16 @@
+id: stripe-api-key
+
+info:
+  name: Stripe API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
--- a/file/keys/twilio-api.yaml
+++ b/file/keys/twilio-api.yaml
@ -0,0 +1,16 @@
+id: twilio-api
+
+info:
+  name: Twilio API Key
+  author: gaurang
+  severity: high
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
--- a/file/keys/twitter-secret.yaml
+++ b/file/keys/twitter-secret.yaml
@ -0,0 +1,16 @@
+id: twitter-secret
+
+info:
+  name: Twitter Secret
+  author: gaurang
+  severity: medium
+  tags: token,file
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"