Added security headers templates

miscellaneous/http-present-security-headers.yaml

@@ -0,0 +1,116 @@
+id: http-present-security-headers
+
+info:
+  name: HTTP Present Security Headers
+  author: socketz
+  severity: info
+  description: It searches present security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
+  tags: config,headers
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    redirects: true
+    max-redirects: 3
+    extractors:
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Strict-Transport-Security):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-Frame-Options):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-Content-Type-Options):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Content-Security-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-Permitted-Cross-Domain-Policies):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Referrer-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Clear-Site-Data):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Cross-Origin-Embedder-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Cross-Origin-Opener-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Cross-Origin-Resource-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-XSS-Protection):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Public-Key-Pins):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Except-CT):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Feature-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Permissions-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Document-Policy):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-XSRF-TOKEN):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-CSRF-TOKEN):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(X-CSRFToken):(.*)"
+      - type: regex
+        part: header
+        group: 0
+        regex:
+          - "(?im)(Authorization):(.*)"

misconfiguration/http-missing-security-headers.yaml

@@ -0,0 +1,113 @@
+id: http-missing-security-headers
+
+info:
+  name: HTTP Missing Security Headers
+  author: socketz
+  severity: info
+  description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
+  tags: config,headers,misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    redirects: true
+    max-redirects: 3
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: "Strict-Transport-Security"
+        words:
+          - "Strict-Transport-Security"
+        part: header
+        negative: true
+      - type: word
+        name: "Content-Security-Policy"
+        words:
+          - "Content-Security-Policy"
+        part: header
+        negative: true
+      - type: word
+        name: "X-Frame-Options"
+        words:
+          - "X-Frame-Options"
+        part: header
+        negative: true
+      - type: word
+        name: "X-Content-Type-Options"
+        words:
+          - "X-Content-Type-Options"
+        part: header
+        negative: true
+      - type: word
+        name: "X-Permitted-Cross-Domain-Policies"
+        words:
+          - "X-Permitted-Cross-Domain-Policies"
+        part: header
+        negative: true
+      - type: word
+        name: "Referrer-Policy"
+        words:
+          - "Referrer-Policy"
+        part: header
+        negative: true
+      - type: word
+        name: "Clear-Site-Data"
+        words:
+          - "Clear-Site-Data"
+        part: header
+        negative: true
+      - type: word
+        name: "Cross-Origin-Embedder-Policy"
+        words:
+          - "Cross-Origin-Embedder-Policy"
+        part: header
+        negative: true
+      - type: word
+        name: "Cross-Origin-Opener-Policy"
+        words:
+          - "Cross-Origin-Opener-Policy"
+        part: header
+        negative: true
+      - type: word
+        name: "Cross-Origin-Resource-Policy"
+        words:
+          - "Cross-Origin-Resource-Policy"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Allow-Origin"
+        words:
+          - "Access-Control-Allow-Origin"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Allow-Credentials"
+        words:
+          - "Access-Control-Allow-Credentials"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Expose-Headers"
+        words:
+          - "Access-Control-Expose-Headers"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Max-Age"
+        words:
+          - "Access-Control-Max-Age"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Allow-Methods"
+        words:
+          - "Access-Control-Allow-Methods"
+        part: header
+        negative: true
+      - type: word
+        name: "Access-Control-Allow-Headers"
+        words:
+          - "Access-Control-Allow-Headers"
+        part: header
+        negative: true