From 652903d37414e7fc31b91b0f069d4315309f0f60 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 12 Feb 2024 23:02:40 +0530 Subject: [PATCH] replaced fuzz tag to brute-force --- cloud/enum/azure-vm-cloud-enum.yaml | 2 +- config/bugbounty.yml | 2 +- config/pentest.yml | 2 +- config/recommended.yml | 2 +- http/cves/2017/CVE-2017-17562.yaml | 2 +- http/cves/2019/CVE-2019-17382.yaml | 2 +- http/cves/2022/CVE-2022-2034.yaml | 2 +- http/cves/2023/CVE-2023-24489.yaml | 2 +- http/default-logins/oracle/peoplesoft-default-login.yaml | 2 +- http/exposed-panels/adminer-panel-detect.yaml | 2 +- http/exposures/backups/php-backup-files.yaml | 2 +- http/fuzzing/cache-poisoning-fuzz.yaml | 2 +- http/fuzzing/header-command-injection.yaml | 2 +- http/fuzzing/iis-shortname.yaml | 2 +- http/fuzzing/linux-lfi-fuzzing.yaml | 2 +- http/fuzzing/mdb-database-file.yaml | 2 +- http/fuzzing/prestashop-module-fuzz.yaml | 2 +- http/fuzzing/ssrf-via-proxy.yaml | 2 +- http/fuzzing/valid-gmail-check.yaml | 2 +- http/fuzzing/waf-fuzz.yaml | 2 +- http/fuzzing/wordpress-plugins-detect.yaml | 2 +- http/fuzzing/wordpress-themes-detect.yaml | 2 +- http/fuzzing/wordpress-weak-credentials.yaml | 2 +- http/fuzzing/xff-403-bypass.yaml | 2 +- http/miscellaneous/defacement-detect.yaml | 2 +- http/miscellaneous/ntlm-directories.yaml | 2 +- http/misconfiguration/aem/aem-userinfo-servlet.yaml | 2 +- http/misconfiguration/gitlab/gitlab-user-enum.yaml | 2 +- http/misconfiguration/proxy/open-proxy-internal.yaml | 2 +- http/misconfiguration/proxy/open-proxy-localhost.yaml | 2 +- http/misconfiguration/proxy/open-proxy-portscan.yaml | 2 +- http/technologies/graylog/graylog-api-exposure.yaml | 2 +- http/vulnerabilities/tongda/tongda-auth-bypass.yaml | 2 +- http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml | 2 +- javascript/cves/2023/CVE-2023-34039.yaml | 2 +- javascript/default-logins/ssh-default-logins.yaml | 2 +- network/misconfig/mysql-native-password.yaml | 2 +- network/misconfig/tidb-native-password.yaml | 2 +- 38 files changed, 38 insertions(+), 38 deletions(-) diff --git a/cloud/enum/azure-vm-cloud-enum.yaml b/cloud/enum/azure-vm-cloud-enum.yaml index a9b7e09a59..982ad4514d 100644 --- a/cloud/enum/azure-vm-cloud-enum.yaml +++ b/cloud/enum/azure-vm-cloud-enum.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: cloud,cloud-enum,azure,fuzz,enum + tags: cloud,cloud-enum,azure,brute-force,enum self-contained: true diff --git a/config/bugbounty.yml b/config/bugbounty.yml index 0b04440ca1..b75b98dc83 100644 --- a/config/bugbounty.yml +++ b/config/bugbounty.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - fuzz + - brute-force - creds-stuffing - token-spray - osint \ No newline at end of file diff --git a/config/pentest.yml b/config/pentest.yml index 2546416b85..dc2466e291 100644 --- a/config/pentest.yml +++ b/config/pentest.yml @@ -15,5 +15,5 @@ type: exclude-tags: - dos - - fuzz + - brute-force - osint \ No newline at end of file diff --git a/config/recommended.yml b/config/recommended.yml index fd09c67f0a..c3b24db1a9 100644 --- a/config/recommended.yml +++ b/config/recommended.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - fuzz + - brute-force - creds-stuffing - token-spray - osint diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index 1860a427fa..5539321298 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -28,7 +28,7 @@ info: max-request: 65 vendor: embedthis product: goahead - tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis + tags: cve,cve2017,rce,goahead,brute-force,kev,vulhub,embedthis http: - raw: diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index 67a67700fd..c8c3df6cb0 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -27,7 +27,7 @@ info: max-request: 100 vendor: zabbix product: zabbix - tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix + tags: cve2019,cve,brute-force,auth-bypass,login,edb,zabbix http: - raw: diff --git a/http/cves/2022/CVE-2022-2034.yaml b/http/cves/2022/CVE-2022-2034.yaml index 01fe966c3f..99cd1cb18b 100644 --- a/http/cves/2022/CVE-2022-2034.yaml +++ b/http/cves/2022/CVE-2022-2034.yaml @@ -28,7 +28,7 @@ info: vendor: automattic product: sensei_lms framework: wordpress - tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic + tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,brute-force,hackerone,wordpress,wp-plugin,automattic http: - method: GET diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index 94f03f1298..c53af1a599 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -28,7 +28,7 @@ info: vendor: citrix product: sharefile_storage_zones_controller shodan-query: title:"ShareFile Storage Server" - tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix + tags: cve2023,cve,sharefile,rce,intrusive,fileupload,brute-force,kev,citrix variables: fileName: '{{rand_base(8)}}' diff --git a/http/default-logins/oracle/peoplesoft-default-login.yaml b/http/default-logins/oracle/peoplesoft-default-login.yaml index 74fbb39ceb..374a267cfe 100644 --- a/http/default-logins/oracle/peoplesoft-default-login.yaml +++ b/http/default-logins/oracle/peoplesoft-default-login.yaml @@ -16,7 +16,7 @@ info: verified: true max-request: 200 shodan-query: title:"Oracle PeopleSoft Sign-in" - tags: default-login,peoplesoft,oracle,fuzz + tags: default-login,peoplesoft,oracle,brute-force http: - method: POST diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml index 44dea6c5b2..3e1afbf0ff 100644 --- a/http/exposed-panels/adminer-panel-detect.yaml +++ b/http/exposed-panels/adminer-panel-detect.yaml @@ -17,7 +17,7 @@ info: # Is generally handy if you find SQL creds metadata: max-request: 741 - tags: panel,fuzz,adminer,login,sqli + tags: panel,brute-force,adminer,login,sqli http: - raw: diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml index 2fc4b01e91..fc819ea52a 100644 --- a/http/exposures/backups/php-backup-files.yaml +++ b/http/exposures/backups/php-backup-files.yaml @@ -7,7 +7,7 @@ info: description: PHP Source File is disclosed to external users. metadata: max-request: 1512 - tags: exposure,backup,php,disclosure,fuzz + tags: exposure,backup,php,disclosure,brute-force http: - method: GET diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/cache-poisoning-fuzz.yaml index a1eede3fde..ce10652cfb 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/cache-poisoning-fuzz.yaml @@ -9,7 +9,7 @@ info: - https://portswigger.net/web-security/web-cache-poisoning metadata: max-request: 5834 - tags: fuzzing,fuzz,cache + tags: fuzzing,brute-force,cache http: - raw: diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/header-command-injection.yaml index 24ee48ddf3..76daba735d 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/header-command-injection.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-77 metadata: max-request: 7650 - tags: fuzzing,fuzz,rce + tags: fuzzing,brute-force,rce http: - raw: diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/iis-shortname.yaml index 6ebb89d291..74a0ca76e1 100644 --- a/http/fuzzing/iis-shortname.yaml +++ b/http/fuzzing/iis-shortname.yaml @@ -15,7 +15,7 @@ info: cwe-id: CWE-200 metadata: max-request: 4 - tags: fuzzing,fuzz,edb + tags: brute,edb http: - raw: diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/linux-lfi-fuzzing.yaml index 745275f0e8..70cfa1e241 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/linux-lfi-fuzzing.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 22 - tags: fuzzing,linux,lfi,fuzz + tags: fuzzing,linux,lfi,brute-force http: - method: GET diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/mdb-database-file.yaml index c645e90d50..fb4e1e49b4 100644 --- a/http/fuzzing/mdb-database-file.yaml +++ b/http/fuzzing/mdb-database-file.yaml @@ -13,7 +13,7 @@ info: cwe-id: CWE-200 metadata: max-request: 341 - tags: fuzzing,fuzz,mdb,asp + tags: brute,mdb,asp http: - raw: diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/prestashop-module-fuzz.yaml index de7e43f53b..d925baeffa 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/prestashop-module-fuzz.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 639 - tags: fuzzing,fuzz,prestashop + tags: fuzzing,brute-force,prestashop http: - raw: diff --git a/http/fuzzing/ssrf-via-proxy.yaml b/http/fuzzing/ssrf-via-proxy.yaml index 77ccacfe3b..061c0b3da4 100644 --- a/http/fuzzing/ssrf-via-proxy.yaml +++ b/http/fuzzing/ssrf-via-proxy.yaml @@ -10,7 +10,7 @@ info: - https://twitter.com/ImoJOnDz/status/1649089777629827072 metadata: max-request: 9 - tags: fuzzing,ssrf,proxy,oast,fuzz + tags: ssrf,proxy,oast,brute-force http: - payloads: diff --git a/http/fuzzing/valid-gmail-check.yaml b/http/fuzzing/valid-gmail-check.yaml index 51b23eb81c..bd4509741b 100644 --- a/http/fuzzing/valid-gmail-check.yaml +++ b/http/fuzzing/valid-gmail-check.yaml @@ -8,7 +8,7 @@ info: - https://github.com/dievus/geeMailUserFinder metadata: max-request: 1 - tags: fuzzing,fuzz,gmail + tags: brute-force,gmail self-contained: true diff --git a/http/fuzzing/waf-fuzz.yaml b/http/fuzzing/waf-fuzz.yaml index 76f9d5e113..22a89fc7f5 100644 --- a/http/fuzzing/waf-fuzz.yaml +++ b/http/fuzzing/waf-fuzz.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 58 - tags: fuzzing,waf,tech,fuzz + tags: fuzzing,waf,tech,brute-force http: - raw: diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/wordpress-plugins-detect.yaml index a520fe811f..be5c8ca9bc 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/wordpress-plugins-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 98135 - tags: fuzzing,fuzz,wordpress + tags: fuzzing,brute-force,wordpress http: - raw: diff --git a/http/fuzzing/wordpress-themes-detect.yaml b/http/fuzzing/wordpress-themes-detect.yaml index 29d8ccf392..6b4b31b899 100644 --- a/http/fuzzing/wordpress-themes-detect.yaml +++ b/http/fuzzing/wordpress-themes-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 24434 - tags: fuzzing,fuzz,wordpress + tags: brute,wordpress,wp http: - raw: diff --git a/http/fuzzing/wordpress-weak-credentials.yaml b/http/fuzzing/wordpress-weak-credentials.yaml index 00ce5a9f0b..9f73b7abd2 100644 --- a/http/fuzzing/wordpress-weak-credentials.yaml +++ b/http/fuzzing/wordpress-weak-credentials.yaml @@ -14,7 +14,7 @@ info: cwe-id: CWE-1391 metadata: max-request: 276 - tags: fuzzing,wordpress,default-login,fuzz + tags: wordpress,default-login,brute-force http: - raw: diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/xff-403-bypass.yaml index 18f1a1cc38..67bcf55ecc 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/xff-403-bypass.yaml @@ -7,7 +7,7 @@ info: description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: max-request: 3 - tags: fuzzing,fuzz + tags: fuzzing,brute-force http: - raw: diff --git a/http/miscellaneous/defacement-detect.yaml b/http/miscellaneous/defacement-detect.yaml index be6080def0..ff087d4876 100644 --- a/http/miscellaneous/defacement-detect.yaml +++ b/http/miscellaneous/defacement-detect.yaml @@ -16,7 +16,7 @@ info: metadata: verified: true max-request: 85 - tags: misc,defacement,spam,hacktivism,fuzz + tags: misc,defacement,spam,hacktivism,brute-force http: - method: GET diff --git a/http/miscellaneous/ntlm-directories.yaml b/http/miscellaneous/ntlm-directories.yaml index 4051fc35bc..1eb95b58f4 100644 --- a/http/miscellaneous/ntlm-directories.yaml +++ b/http/miscellaneous/ntlm-directories.yaml @@ -8,7 +8,7 @@ info: - https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666 metadata: max-request: 47 - tags: miscellaneous,misc,fuzz,windows + tags: miscellaneous,misc,brute-force,windows http: - raw: diff --git a/http/misconfiguration/aem/aem-userinfo-servlet.yaml b/http/misconfiguration/aem/aem-userinfo-servlet.yaml index 319dc32467..ff4c270546 100644 --- a/http/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/http/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -8,7 +8,7 @@ info: metadata: max-request: 1 shodan-query: http.component:"Adobe Experience Manager" - tags: aem,bruteforce,misconfig + tags: aem,brute-force,misconfig http: - method: GET diff --git a/http/misconfiguration/gitlab/gitlab-user-enum.yaml b/http/misconfiguration/gitlab/gitlab-user-enum.yaml index 965847c752..11f5a6b597 100644 --- a/http/misconfiguration/gitlab/gitlab-user-enum.yaml +++ b/http/misconfiguration/gitlab/gitlab-user-enum.yaml @@ -9,7 +9,7 @@ info: metadata: max-request: 100 shodan-query: http.title:"GitLab" - tags: gitlab,enum,misconfig,fuzz + tags: gitlab,enum,misconfig,brute-force http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-internal.yaml b/http/misconfiguration/proxy/open-proxy-internal.yaml index afa1ae5e7e..429d627851 100644 --- a/http/misconfiguration/proxy/open-proxy-internal.yaml +++ b/http/misconfiguration/proxy/open-proxy-internal.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 25 - tags: exposure,config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,brute-force http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-localhost.yaml b/http/misconfiguration/proxy/open-proxy-localhost.yaml index c33ff25bf4..fbb23c6ef3 100644 --- a/http/misconfiguration/proxy/open-proxy-localhost.yaml +++ b/http/misconfiguration/proxy/open-proxy-localhost.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 6 - tags: exposure,config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,brute-force http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-portscan.yaml b/http/misconfiguration/proxy/open-proxy-portscan.yaml index e399ecbb5f..645638d77b 100644 --- a/http/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/http/misconfiguration/proxy/open-proxy-portscan.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 8 - tags: exposure,config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,brute-force http: - raw: diff --git a/http/technologies/graylog/graylog-api-exposure.yaml b/http/technologies/graylog/graylog-api-exposure.yaml index e00d21abcb..141c9338c7 100644 --- a/http/technologies/graylog/graylog-api-exposure.yaml +++ b/http/technologies/graylog/graylog-api-exposure.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 50 shodan-query: Graylog - tags: tech,graylog,api,swagger,fuzz + tags: tech,graylog,api,swagger,brute-force http: - method: GET diff --git a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml index 3ea1caa2a4..4e959b355a 100644 --- a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml +++ b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml @@ -14,7 +14,7 @@ info: shodan-query: title:"通达OA" fofa-query: title="通达OA" zoomeye-query: app:"通达OA" - tags: tongda,auth-bypass,fuzz + tags: tongda,auth-bypass,brute-force http: - raw: diff --git a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml index 27cca94e88..58e1929223 100644 --- a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml +++ b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml @@ -10,7 +10,7 @@ info: - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ metadata: max-request: 276 - tags: wordpress,php,xmlrpc,fuzz + tags: wordpress,php,xmlrpc,brute-force http: - raw: diff --git a/javascript/cves/2023/CVE-2023-34039.yaml b/javascript/cves/2023/CVE-2023-34039.yaml index 2ca935f1c8..648b949e17 100644 --- a/javascript/cves/2023/CVE-2023-34039.yaml +++ b/javascript/cves/2023/CVE-2023-34039.yaml @@ -29,7 +29,7 @@ info: verified: true vendor: vmware product: aria_operations_for_networks - tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize + tags: js,packetstorm,cve,cve2019,vmware,aria,rce,brute-force,vrealize variables: keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory diff --git a/javascript/default-logins/ssh-default-logins.yaml b/javascript/default-logins/ssh-default-logins.yaml index be9a0ac69a..00c3c7ed12 100644 --- a/javascript/default-logins/ssh-default-logins.yaml +++ b/javascript/default-logins/ssh-default-logins.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 223 shodan-query: port:1433 - tags: js,ssh,default-login,network,fuzz + tags: js,ssh,default-login,network,brute-force javascript: - pre-condition: | diff --git a/network/misconfig/mysql-native-password.yaml b/network/misconfig/mysql-native-password.yaml index ba4b0a61fb..88ba39e366 100644 --- a/network/misconfig/mysql-native-password.yaml +++ b/network/misconfig/mysql-native-password.yaml @@ -12,7 +12,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,mysql,bruteforce,db,misconfig + tags: network,mysql,brute-force,db,misconfig tcp: - host: diff --git a/network/misconfig/tidb-native-password.yaml b/network/misconfig/tidb-native-password.yaml index 465539193f..643381f710 100644 --- a/network/misconfig/tidb-native-password.yaml +++ b/network/misconfig/tidb-native-password.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,tidb,bruteforce,db,misconfig + tags: network,tidb,brute-force,db,misconfig tcp: - host: