diff --git a/.nuclei-ignore b/.nuclei-ignore index 2337dd6f40..cd13b76014 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -10,7 +10,6 @@ tags: - "fuzz" - "dos" - - "misc" # files is a list of files to ignore template execution # unless asked for by the user. diff --git a/miscellaneous/addeventlistener-detect.yaml b/miscellaneous/addeventlistener-detect.yaml index 0b4b57ca9d..fb29b8ba5a 100644 --- a/miscellaneous/addeventlistener-detect.yaml +++ b/miscellaneous/addeventlistener-detect.yaml @@ -4,7 +4,7 @@ info: name: AddEventlistener detection author: yavolo severity: info - tags: xss + tags: xss,misc reference: https://portswigger.net/web-security/dom-based/controlling-the-web-message-source requests: @@ -14,6 +14,6 @@ requests: matchers: - type: word + part: body words: - 'window.addEventListener(' - part: body \ No newline at end of file diff --git a/miscellaneous/apple-app-site-association.yaml b/miscellaneous/apple-app-site-association.yaml index 9954c8d681..53fd428289 100644 --- a/miscellaneous/apple-app-site-association.yaml +++ b/miscellaneous/apple-app-site-association.yaml @@ -4,7 +4,7 @@ info: name: Apple app site association for harvesting end points author: panch0r3d severity: info - tags: misc + tags: misc,apple requests: - method: GET @@ -17,17 +17,17 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - 'applinks' - 'appID' - 'paths' - part: body condition: and - type: word + part: header words: - 'application/json' - part: header - type: status status: diff --git a/miscellaneous/dir-listing.yaml b/miscellaneous/dir-listing.yaml index 18562b5341..e210365059 100644 --- a/miscellaneous/dir-listing.yaml +++ b/miscellaneous/dir-listing.yaml @@ -11,6 +11,7 @@ requests: - method: GET path: - "{{BaseURL}}" + matchers: - type: word words: @@ -18,3 +19,4 @@ requests: - "Index of /" - "[To Parent Directory]" - "Directory: /" + condition: or \ No newline at end of file diff --git a/miscellaneous/display-via-header.yaml b/miscellaneous/display-via-header.yaml deleted file mode 100644 index 4f17e636dc..0000000000 --- a/miscellaneous/display-via-header.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: display-via-header - -info: - name: Display Via Header - author: geeknik - reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Via - severity: info - tags: misc,generic - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - extractors: - - type: regex - part: header - regex: - - "Via:.*" diff --git a/miscellaneous/joomla-htaccess.yaml b/miscellaneous/joomla-htaccess.yaml index ad0de0cd6f..cd711772f7 100644 --- a/miscellaneous/joomla-htaccess.yaml +++ b/miscellaneous/joomla-htaccess.yaml @@ -16,14 +16,14 @@ requests: matchers: - type: word words: - - "# @package Joomla" + - "Joomla" - "Open Source Matters. All rights reserved" condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: diff --git a/miscellaneous/joomla-manifest-file.yaml b/miscellaneous/joomla-manifest-file.yaml index 99d9cb4e1a..f7db23b3a2 100644 --- a/miscellaneous/joomla-manifest-file.yaml +++ b/miscellaneous/joomla-manifest-file.yaml @@ -21,9 +21,9 @@ requests: condition: and - type: word + part: header words: - "application/xml" - part: header - type: status status: diff --git a/miscellaneous/moodle-changelog.yaml b/miscellaneous/moodle-changelog.yaml index 3bb3c7e4e6..04c51359f0 100644 --- a/miscellaneous/moodle-changelog.yaml +++ b/miscellaneous/moodle-changelog.yaml @@ -22,9 +22,9 @@ requests: condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: diff --git a/miscellaneous/ntlm-directories.yaml b/miscellaneous/ntlm-directories.yaml index a36f3f1287..856199e66a 100644 --- a/miscellaneous/ntlm-directories.yaml +++ b/miscellaneous/ntlm-directories.yaml @@ -14,7 +14,7 @@ requests: Host: {{Hostname}} Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= - threads: 50 + threads: 10 payloads: path: - / diff --git a/miscellaneous/old-copyright.yaml b/miscellaneous/old-copyright.yaml index 75f00c2eed..ff09ae7d3d 100644 --- a/miscellaneous/old-copyright.yaml +++ b/miscellaneous/old-copyright.yaml @@ -16,9 +16,9 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - '2022' - part: body negative: true - type: regex @@ -28,10 +28,10 @@ requests: - '© [1-9]\d*' - '© [1-9]\d*' - '© [1-9]\d*' + extractors: - type: regex part: body - name: copyright_year regex: - 'Copyright [1-9]\d*' - '© [1-9]\d*' diff --git a/miscellaneous/detect-options-method.yaml b/miscellaneous/options-method.yaml similarity index 79% rename from miscellaneous/detect-options-method.yaml rename to miscellaneous/options-method.yaml index 2a0a126efc..91ba87f15a 100644 --- a/miscellaneous/detect-options-method.yaml +++ b/miscellaneous/options-method.yaml @@ -1,7 +1,7 @@ -id: detect-options-method +id: options-method info: - name: Detect enabled OPTIONS methods + name: Allowed Options Method author: pdteam severity: info tags: misc,generic diff --git a/miscellaneous/robots.txt.yaml b/miscellaneous/robots-txt.yaml similarity index 99% rename from miscellaneous/robots.txt.yaml rename to miscellaneous/robots-txt.yaml index f11e795855..f23d4b4951 100644 --- a/miscellaneous/robots.txt.yaml +++ b/miscellaneous/robots-txt.yaml @@ -9,6 +9,7 @@ requests: - method: GET path: - "{{BaseURL}}/robots.txt" + matchers-condition: and redirects: true matchers: @@ -17,9 +18,9 @@ requests: - "Disallow:" - type: word + part: header words: - text/plain - part: header - type: dsl dsl: diff --git a/miscellaneous/security.txt.yaml b/miscellaneous/security-txt.yaml similarity index 65% rename from miscellaneous/security.txt.yaml rename to miscellaneous/security-txt.yaml index 02d72a4c40..034f26556a 100644 --- a/miscellaneous/security.txt.yaml +++ b/miscellaneous/security-txt.yaml @@ -10,20 +10,28 @@ info: requests: - method: GET path: - - "{{BaseURL}}/.well-known/security.txt" - - "{{BaseURL}}/security.txt" + - "{{RootURL}}/.well-known/security.txt" + - "{{RootURL}}/security.txt" + + stop-at-first-match: true redirects: true - max-redirects: 3 + max-redirects: 2 matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "Contact:" - condition: and + - type: dsl dsl: - "len(body) <= 1024 && len(body) > 0" - condition: and + + extractors: + - type: regex + group: 1 + regex: + - '(?mi)Contact:(.*)' \ No newline at end of file diff --git a/miscellaneous/tabnabbing-check.yaml b/miscellaneous/tabnabbing-check.yaml deleted file mode 100644 index b92943f34c..0000000000 --- a/miscellaneous/tabnabbing-check.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: tabnabbing-check - -info: - name: Reverse Tabnabbing - author: bolli95 - severity: info - tags: misc - reference: - - https://owasp.org/www-community/attacks/Reverse_Tabnabbing - - https://www.youtube.com/watch?v=TMKZCHYmtD4 - - https://hackerone.com/reports/211065 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'regex("", replace_regex(replace_regex(body, "", ""), "", "")) || regex("window\.open\\([^,]+\\)", body)' - - type: dsl - dsl: - - "!contains(tolower(all_headers), 'referrer-policy: no-referrer')" \ No newline at end of file diff --git a/miscellaneous/trace-method.yaml b/miscellaneous/trace-method.yaml index 00f9b49b0e..73bd7bde6a 100644 --- a/miscellaneous/trace-method.yaml +++ b/miscellaneous/trace-method.yaml @@ -15,9 +15,9 @@ requests: matchers: - type: word name: trace-request + part: body words: - "TRACE / HTTP" - part: body - method: OPTIONS path: @@ -26,6 +26,6 @@ requests: matchers: - type: regex name: options-request + part: header regex: - "(?i)Allow: [A-Z,]*TRACE" - part: header