TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] 🤖

patch-1
GitHub Action 2024-01-29 11:58:34 +00:00
parent 5a763c043e
commit 5c4a72935f
115 changed files with 149 additions and 58 deletions

View File

@ -8,6 +8,7 @@ info:
Searches for Azure virtual machines via their registered DNS names. Searches for Azure virtual machines via their registered DNS names.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: cloud,cloud-enum,azure,fuzz,enum tags: cloud,cloud-enum,azure,fuzz,enum
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
Searches for Azure websites that are registered and responding. Searches for Azure websites that are registered and responding.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: cloud,enum,azure tags: cloud,enum,azure
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
Searches for App Engine Apps in GCP. Searches for App Engine Apps in GCP.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp tags: enum,cloud,cloud-enum,gcp
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
Searches for open and protected buckets in GCP. Searches for open and protected buckets in GCP.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: cloud,enum,cloud-enum,gcp tags: cloud,enum,cloud-enum,gcp
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Apps in GCP. Searches for Firebase Apps in GCP.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp tags: enum,cloud,cloud-enum,gcp
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Realtime Databases in GCP. Searches for Firebase Realtime Databases in GCP.
metadata: metadata:
verified: true verified: true
max-request: 1
tags: enum,cloud,cloud-enum,gcp tags: enum,cloud,cloud-enum,gcp
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/aa-exec/ - https://gtfobins.github.io/gtfobins/aa-exec/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,aa-exec,privesc tags: code,linux,aa-exec,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ash/ - https://gtfobins.github.io/gtfobins/ash/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,ash,privesc tags: code,linux,ash,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/awk/ - https://gtfobins.github.io/gtfobins/awk/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,awk,privesc tags: code,linux,awk,privesc
self-contained: true self-contained: true

View File

@ -5,11 +5,12 @@ info:
author: daffainfo author: daffainfo
severity: high severity: high
description: | description: |
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again. Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
reference: reference:
- https://gtfobins.github.io/gtfobins/bash/ - https://gtfobins.github.io/gtfobins/bash/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,bash,privesc tags: code,linux,bash,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/cdist/ - https://gtfobins.github.io/gtfobins/cdist/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,cdist,privesc tags: code,linux,cdist,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/choom/ - https://gtfobins.github.io/gtfobins/choom/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,choom,privesc tags: code,linux,choom,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/cpulimit/ - https://gtfobins.github.io/gtfobins/cpulimit/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,cpulimit,privesc tags: code,linux,cpulimit,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/csh/ - https://gtfobins.github.io/gtfobins/csh/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,csh,privesc tags: code,linux,csh,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/csvtool/ - https://gtfobins.github.io/gtfobins/csvtool/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,csvtool,privesc tags: code,linux,csvtool,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/dash/ - https://gtfobins.github.io/gtfobins/dash/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,dash,privesc tags: code,linux,dash,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/dc/ - https://gtfobins.github.io/gtfobins/dc/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,dc,privesc tags: code,linux,dc,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/distcc/ - https://gtfobins.github.io/gtfobins/distcc/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,distcc,privesc tags: code,linux,distcc,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/elvish/ - https://gtfobins.github.io/gtfobins/elvish/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,elvish,privesc tags: code,linux,elvish,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/enscript/ - https://gtfobins.github.io/gtfobins/enscript/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,enscript,privesc tags: code,linux,enscript,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/env/ - https://gtfobins.github.io/gtfobins/env/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,env,privesc tags: code,linux,env,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/expect/ - https://gtfobins.github.io/gtfobins/expect/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,expect,privesc tags: code,linux,expect,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/find/ - https://gtfobins.github.io/gtfobins/find/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,find,privesc tags: code,linux,find,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/fish/ - https://gtfobins.github.io/gtfobins/fish/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,fish,privesc tags: code,linux,fish,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/flock/ - https://gtfobins.github.io/gtfobins/flock/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,flock,privesc tags: code,linux,flock,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/gawk/ - https://gtfobins.github.io/gtfobins/gawk/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,gawk,privesc tags: code,linux,gawk,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/grc/ - https://gtfobins.github.io/gtfobins/grc/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,grc,privesc tags: code,linux,grc,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ionice/ - https://gtfobins.github.io/gtfobins/ionice/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,ionice,privesc tags: code,linux,ionice,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/julia/ - https://gtfobins.github.io/gtfobins/julia/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,julia,privesc tags: code,linux,julia,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/lftp/ - https://gtfobins.github.io/gtfobins/lftp/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,lftp,privesc tags: code,linux,lftp,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ltrace/ - https://gtfobins.github.io/gtfobins/ltrace/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,ltrace,privesc tags: code,linux,ltrace,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/lua/ - https://gtfobins.github.io/gtfobins/lua/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,lua,privesc tags: code,linux,lua,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/mawk/ - https://gtfobins.github.io/gtfobins/mawk/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,mawk,privesc tags: code,linux,mawk,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/multitime/ - https://gtfobins.github.io/gtfobins/multitime/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,multitime,privesc tags: code,linux,multitime,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/mysql/ - https://gtfobins.github.io/gtfobins/mysql/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,mysql,privesc tags: code,linux,mysql,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nawk/ - https://gtfobins.github.io/gtfobins/nawk/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,nawk,privesc tags: code,linux,nawk,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nice/ - https://gtfobins.github.io/gtfobins/nice/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,nice,privesc tags: code,linux,nice,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/node/ - https://gtfobins.github.io/gtfobins/node/
metadata: metadata:
max-request: 4
verified: true verified: true
tags: code,linux,node,privesc tags: code,linux,node,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/nsenter/ - https://gtfobins.github.io/gtfobins/nsenter/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,nsenter,privesc tags: code,linux,nsenter,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/perl/ - https://gtfobins.github.io/gtfobins/perl/
metadata: metadata:
verified: true verified: true
max-request: 4
tags: code,linux,perl,privesc tags: code,linux,perl,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
https://gtfobins.github.io/gtfobins/pexec/ https://gtfobins.github.io/gtfobins/pexec/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,pexec,privesc tags: code,linux,pexec,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/php/ - https://gtfobins.github.io/gtfobins/php/
metadata: metadata:
verified: true verified: true
max-request: 4
tags: code,linux,php,privesc tags: code,linux,php,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/posh/ - https://gtfobins.github.io/gtfobins/posh/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,posh,privesc tags: code,linux,posh,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/python/ - https://gtfobins.github.io/gtfobins/python/
metadata: metadata:
verified: true verified: true
max-request: 4
tags: code,linux,php,privesc tags: code,linux,php,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rake/ - https://gtfobins.github.io/gtfobins/rake/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,rake,privesc tags: code,linux,rake,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/rc/ - https://gtfobins.github.io/gtfobins/rc/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,rc,privesc tags: code,linux,rc,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rlwrap/ - https://gtfobins.github.io/gtfobins/rlwrap/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,rlwrap,privesc tags: code,linux,rlwrap,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpm/ - https://gtfobins.github.io/gtfobins/rpm/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,rpm,privesc tags: code,linux,rpm,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpmdb/ - https://gtfobins.github.io/gtfobins/rpmdb/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,rpmdb,privesc tags: code,linux,rpmdb,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/rpmverify/ - https://gtfobins.github.io/gtfobins/rpmverify/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,rpmverify,privesc tags: code,linux,rpmverify,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ruby/ - https://gtfobins.github.io/gtfobins/ruby/
metadata: metadata:
verified: true verified: true
max-request: 4
tags: code,linux,ruby,privesc tags: code,linux,ruby,privesc
self-contained: true self-contained: true

View File

@ -8,6 +8,7 @@ info:
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner. The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
reference: https://gtfobins.github.io/gtfobins/run-parts/ reference: https://gtfobins.github.io/gtfobins/run-parts/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,run-parts,privesc tags: code,linux,run-parts,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sash/ - https://gtfobins.github.io/gtfobins/sash/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,sash,privesc tags: code,linux,sash,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/slsh/ - https://gtfobins.github.io/gtfobins/slsh/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,slsh,privesc tags: code,linux,slsh,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/socat/ - https://gtfobins.github.io/gtfobins/socat/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,socat,privesc tags: code,linux,socat,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/softlimit/ - https://gtfobins.github.io/gtfobins/softlimit/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,softlimit,privesc tags: code,linux,softlimit,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sqlite3/ - https://gtfobins.github.io/gtfobins/sqlite3/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,sqlite3,privesc tags: code,linux,sqlite3,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/ssh-agent/ - https://gtfobins.github.io/gtfobins/ssh-agent/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,ssh-agent,privesc tags: code,linux,ssh-agent,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/sshpass/ - https://gtfobins.github.io/gtfobins/sshpass/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,sshpass,privesc tags: code,linux,sshpass,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/stdbuf/ - https://gtfobins.github.io/gtfobins/stdbuf/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,stdbuf,privesc tags: code,linux,stdbuf,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/strace/ - https://gtfobins.github.io/gtfobins/strace/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,strace,privesc tags: code,linux,strace,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tar/ - https://gtfobins.github.io/gtfobins/tar/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,tar,privesc tags: code,linux,tar,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tcsh/ - https://gtfobins.github.io/gtfobins/tcsh/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,tcsh,privesc tags: code,linux,tcsh,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/time/ - https://gtfobins.github.io/gtfobins/time/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,time,privesc tags: code,linux,time,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/timeout/ - https://gtfobins.github.io/gtfobins/timeout/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,timeout,privesc tags: code,linux,timeout,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/tmate/ - https://gtfobins.github.io/gtfobins/tmate/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,tmate,privesc tags: code,linux,tmate,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/torify/ - https://gtfobins.github.io/gtfobins/torify/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,torify,privesc tags: code,linux,torify,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/torsocks/ - https://gtfobins.github.io/gtfobins/torsocks/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,torsocks,privesc tags: code,linux,torsocks,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/unshare/ - https://gtfobins.github.io/gtfobins/unshare/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,unshare,privesc tags: code,linux,unshare,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/vi/ - https://gtfobins.github.io/gtfobins/vi/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,vi,privesc tags: code,linux,vi,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/view/ - https://gtfobins.github.io/gtfobins/view/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,view,privesc tags: code,linux,view,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/vim/ - https://gtfobins.github.io/gtfobins/vim/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,vim,privesc tags: code,linux,vim,privesc
self-contained: true self-contained: true

View File

@ -9,6 +9,7 @@ info:
reference: reference:
- https://gtfobins.github.io/gtfobins/xargs/ - https://gtfobins.github.io/gtfobins/xargs/
metadata: metadata:
max-request: 3
verified: true verified: true
tags: code,linux,xargs,privesc tags: code,linux,xargs,privesc

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/xdg-user-dir/ - https://gtfobins.github.io/gtfobins/xdg-user-dir/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,xdg-user-dir,privesc tags: code,linux,xdg-user-dir,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/yash/ - https://gtfobins.github.io/gtfobins/yash/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,yash,privesc tags: code,linux,yash,privesc
self-contained: true self-contained: true

View File

@ -10,6 +10,7 @@ info:
- https://gtfobins.github.io/gtfobins/zsh/ - https://gtfobins.github.io/gtfobins/zsh/
metadata: metadata:
verified: true verified: true
max-request: 3
tags: code,linux,zsh,privesc tags: code,linux,zsh,privesc
self-contained: true self-contained: true

View File

@ -7,6 +7,7 @@ info:
reference: reference:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
metadata: metadata:
max-request: 2
verified: true verified: true
tags: code,linux,privesc tags: code,linux,privesc

View File

@ -8,6 +8,7 @@ info:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d
metadata: metadata:
verified: true verified: true
max-request: 2
tags: code,linux,privesc tags: code,linux,privesc
self-contained: true self-contained: true

View File

@ -16,6 +16,7 @@ info:
cwe-id: CWE-350 cwe-id: CWE-350
metadata: metadata:
verified: true verified: true
max-request: 2
tags: redirect,dns,network tags: redirect,dns,network
dns: dns:

View File

@ -13,7 +13,7 @@ info:
classification: classification:
cve-id: CVE-2018-10942 cve-id: CVE-2018-10942
metadata: metadata:
max-request: 2 max-request: 8
tags: prestashop,attributewizardpro,intrusive,file-upload tags: prestashop,attributewizardpro,intrusive,file-upload
variables: variables:

View File

@ -6,25 +6,26 @@ info:
severity: medium severity: medium
description: | description: |
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
impact: | impact: |
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server. The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
remediation: | remediation: |
Apply the latest security patches or updates provided by the KeyCloak vendor. Apply the latest security patches or updates provided by the KeyCloak vendor.
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score: 6.5 cvss-score: 6.5
cve-id: CVE-2020-27838 cve-id: CVE-2020-27838
cwe-id: CWE-287 cwe-id: CWE-287
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
epss-score: 0.00154 epss-score: 0.00154
epss-percentile: 0.5163 epss-percentile: 0.5163
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
metadata: metadata:
vendor: redhat vendor: redhat
product: keycloak product: keycloak
shodan-query: title:"keycloak" shodan-query: "title:\"keycloak\""
max-request: 1
tags: cve,cve2020,keyclock,exposure tags: cve,cve2020,keyclock,exposure
http: http:

View File

@ -17,14 +17,15 @@ info:
cvss-score: 7.5 cvss-score: 7.5
cve-id: CVE-2022-47501 cve-id: CVE-2022-47501
cwe-id: CWE-22 cwe-id: CWE-22
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
epss-score: 0.00183 epss-score: 0.00183
epss-percentile: 0.55601 epss-percentile: 0.55601
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata: metadata:
vendor: apache
product: ofbiz product: ofbiz
shodan-query: html:"OFBiz" shodan-query: "html:\"OFBiz\""
fofa-query: app="Apache_OFBiz" fofa-query: "app=\"Apache_OFBiz\""
max-request: 2
vendor: apache
tags: cve,cve2022,apache,ofbiz,lfi tags: cve,cve2022,apache,ofbiz,lfi
http: http:

View File

@ -16,8 +16,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata: metadata:
vendor: ivanti vendor: ivanti
product: connect_secure product: "connect_secure"
shodan-query: html:"welcome.cgi?p=logo" shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
tags: cve,cve2023,kev,auth-bypass,ivanti tags: cve,cve2023,kev,auth-bypass,ivanti
http: http:

View File

@ -14,12 +14,12 @@ info:
cvss-score: 8.6 cvss-score: 8.6
cve-id: CVE-2023-47211 cve-id: CVE-2023-47211
cwe-id: CWE-22 cwe-id: CWE-22
epss-score: 0.000610000
epss-percentile: 0.238320000
cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
epss-score: 0.00061
epss-percentile: 0.23832
metadata: metadata:
max-request: 1 max-request: 3
shodan-query: http.title:"OpManager Plus" shodan-query: "http.title:\"OpManager Plus\""
tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi
http: http:

View File

@ -7,15 +7,16 @@ info:
description: | description: |
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
impact: |
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
reference: reference:
- https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables - https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
- https://x.com/sirifu4k1/status/1746755165066236216?s=20 - https://x.com/sirifu4k1/status/1746755165066236216?s=20
- https://nvd.nist.gov/vuln/detail/CVE-2023-50290 - https://nvd.nist.gov/vuln/detail/CVE-2023-50290
impact: |
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
metadata: metadata:
shodan-query: title:"Apache Solr" shodan-query: "title:\"Apache Solr\""
max-request: 1
tags: cve,cve2023,apache,solr,exposure tags: cve,cve2023,apache,solr,exposure
http: http:

View File

@ -18,7 +18,7 @@ info:
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2023-6875 cve-id: CVE-2023-6875
metadata: metadata:
max-request: 1 max-request: 3
verified: true verified: true
publicwww-query: "/wp-content/plugins/post-smtp" publicwww-query: "/wp-content/plugins/post-smtp"
tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass

View File

@ -14,9 +14,10 @@ info:
cwe-id: CWE-77 cwe-id: CWE-77
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata: metadata:
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
vendor: ivanti vendor: ivanti
product: connect_secure product: "connect_secure"
shodan-query: html:"welcome.cgi?p=logo"
tags: cve,cve2024,kev,rce,ivanti tags: cve,cve2024,kev,rce,ivanti
http: http:

View File

@ -5,12 +5,12 @@ info:
author: savik author: savik
severity: critical severity: critical
description: | description: |
Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials. Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
reference: reference:
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/ - https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
metadata: metadata:
max-request: 1
verified: true verified: true
max-request: 1
shodan-query: http.favicon.hash:321591353 shodan-query: http.favicon.hash:321591353
tags: default-login,node-red,dashboard tags: default-login,node-red,dashboard

View File

@ -9,9 +9,9 @@ info:
reference: reference:
- https://ironmansoftware.com/powershell-universal - https://ironmansoftware.com/powershell-universal
metadata: metadata:
max-request: 1
shodan-query: html:"PowerShell Universal"
verified: true verified: true
max-request: 3
shodan-query: "html:\"PowerShell Universal\""
tags: default-login,powershell-universal tags: default-login,powershell-universal
http: http:

View File

@ -7,8 +7,8 @@ info:
reference: reference:
- http://autoset.net/xe/ - http://autoset.net/xe/
metadata: metadata:
max-request: 1
verified: true verified: true
max-request: 1
shodan-query: title:"AutoSet" shodan-query: title:"AutoSet"
tags: tech,php,autoset,apache tags: tech,php,autoset,apache

View File

@ -8,7 +8,8 @@ info:
- http://compalex.net/ - http://compalex.net/
metadata: metadata:
verified: true verified: true
shodan-query: title:"COMPALEX" max-request: 15
shodan-query: "title:\"COMPALEX\""
tags: tech,php,compalex,sql tags: tech,php,compalex,sql
http: http:

View File

@ -6,8 +6,8 @@ info:
severity: info severity: info
description: Doris panel detection template. description: Doris panel detection template.
metadata: metadata:
max-request: 1
verified: true verified: true
max-request: 1
shodan-query: http.favicon.hash:24048806 shodan-query: http.favicon.hash:24048806
tags: doris,panel,login,detect tags: doris,panel,login,detect

View File

@ -9,8 +9,8 @@ info:
reference: reference:
- https://github.com/bensheldon/good_job - https://github.com/bensheldon/good_job
metadata: metadata:
max-request: 2
verified: true verified: true
max-request: 2
tags: unauth,panel,goodjob tags: unauth,panel,goodjob
http: http:

View File

@ -9,8 +9,8 @@ info:
reference: reference:
- https://lomnido.com/ - https://lomnido.com/
metadata: metadata:
max-request: 1
verified: true verified: true
max-request: 1
shodan-query: http.title:"Lomnido Login" shodan-query: http.title:"Lomnido Login"
tags: lomnido,panel,login,detect tags: lomnido,panel,login,detect

View File

@ -9,11 +9,10 @@ info:
- https://securenvoy.com/ - https://securenvoy.com/
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
max-request: 1 max-request: 4
shodan-query: http.title:"securenvoy" shodan-query: "http.title:\"securenvoy\""
tags: panel,securenvoy tags: panel,securenvoy
http: http:

View File

@ -10,8 +10,8 @@ info:
cvss-score: 0 cvss-score: 0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
max-request: 2
verified: true verified: true
max-request: 2
shodan-query: http.favicon.hash:-919788577 shodan-query: http.favicon.hash:-919788577
tags: panel,vault,detect tags: panel,vault,detect

View File

@ -6,7 +6,7 @@ info:
severity: medium severity: medium
description: PHP Source File is disclosed to external users. description: PHP Source File is disclosed to external users.
metadata: metadata:
max-request: 1222 max-request: 1512
tags: exposure,backup,php,disclosure,fuzz tags: exposure,backup,php,disclosure,fuzz
http: http:

View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
max-request: 6 max-request: 7
tags: exposure,backup tags: exposure,backup
http: http:

View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
max-request: 20 max-request: 21
tags: exposure,backup,mysql tags: exposure,backup,mysql
http: http:

View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
max-request: 650 max-request: 1440
tags: exposure,backup tags: exposure,backup
http: http:

Some files were not shown because too many files have changed in this diff Show More