diff --git a/README.md b/README.md index 36c6ea8761..c18879f112 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc | Templates | Counts | Templates | Counts | Templates | Counts | | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- | | cves | 297 | vulnerabilities | 134 | exposed-panels | 121 | -| takeovers | 67 | exposures | 79 | technologies | 64 | +| takeovers | 67 | exposures | 87 | technologies | 64 | | misconfiguration | 56 | workflows | 30 | miscellaneous | 20 | | default-logins | 24 | exposed-tokens | 0 | dns | 8 | | fuzzing | 8 | helpers | 7 | iot | 11 | -**102 directories, 1003 files**. +**102 directories, 1011 files**. diff --git a/exposed-panels/open-stack-dashboard-login.yaml b/exposed-panels/open-stack-dashboard-login.yaml index 4f8a19279e..b2fe114513 100644 --- a/exposed-panels/open-stack-dashboard-login.yaml +++ b/exposed-panels/open-stack-dashboard-login.yaml @@ -2,15 +2,17 @@ id: open-stack-dashboard-login info: name: OpenStack Dashboard - author: dhiyaneshDK + author: dhiyaneshDK & hackergautam severity: info reference: https://www.exploit-db.com/ghdb/6464 - tags: panel + tags: panel,openstack requests: - method: GET path: - '{{BaseURL}}/dashboard/auth/login/' + - '{{BaseURL}}/horizon/auth/login/?next=/horizon/' + redirects: true matchers-condition: and matchers: diff --git a/exposures/configs/apache-config.yaml b/exposures/configs/apache-config.yaml new file mode 100644 index 0000000000..ff29e6336f --- /dev/null +++ b/exposures/configs/apache-config.yaml @@ -0,0 +1,19 @@ +id: apache-config + +info: + name: Apache Config file disclosure + author: sheikhrishad + severity: low + tags: config,exposure,apache + +requests: + - method: GET + path: + - "{{BaseURL}}/apache.conf" + + matchers: + - type: dsl + dsl: + - "contains(body, '') && status_code == 200" + - "contains(body, '') && status_code == 200" + condition: or \ No newline at end of file diff --git a/exposures/configs/exposed-sharepoint-list.yaml b/exposures/configs/exposed-sharepoint-list.yaml new file mode 100644 index 0000000000..66b5110ad9 --- /dev/null +++ b/exposures/configs/exposed-sharepoint-list.yaml @@ -0,0 +1,28 @@ +id: exposed-sharepoint-list + +info: + name: Exposed sharepoint list + author: ELSFA7110 + severity: low + reference: | + - https://hackerone.com/reports/761158 + - https://hackerone.com/reports/300539 + tags: config,exposure,sharepoint + +requests: + - method: GET + path: + - "{{BaseURL}}/_vti_bin/lists.asmx?WSDL" + + matchers-condition: and + matchers: + - type: word + words: + - "GetListResponse" + - "GetList" + part: body + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/httpd-config.yaml b/exposures/configs/httpd-config.yaml new file mode 100644 index 0000000000..34a97a18ed --- /dev/null +++ b/exposures/configs/httpd-config.yaml @@ -0,0 +1,24 @@ +id: httpd-config + +info: + name: Httpd Config file disclosure + author: sheikhrishad + severity: info + tags: config,exposure,httpd + +requests: + - method: GET + path: + - "{{BaseURL}}/httpd.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "LoadModule" + - "# LoadModule" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/nginx-config.yaml b/exposures/configs/nginx-config.yaml new file mode 100644 index 0000000000..f4c8f226b3 --- /dev/null +++ b/exposures/configs/nginx-config.yaml @@ -0,0 +1,25 @@ +id: nginx-config + +info: + name: Nginx Config file disclosure + author: sheikhrishad + severity: info + tags: config,exposure,nginx + +requests: + - method: GET + path: + - "{{BaseURL}}/nginx.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "server" + - "listen" + - "server_name" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/php-fpm-config.yaml b/exposures/configs/php-fpm-config.yaml new file mode 100644 index 0000000000..8ee6d315d2 --- /dev/null +++ b/exposures/configs/php-fpm-config.yaml @@ -0,0 +1,24 @@ +id: php-fpm-config + +info: + name: PHP-FPM Config file disclosure + author: sheikhrishad + severity: low + tags: config,exposure,php + +requests: + - method: GET + path: + - "{{BaseURL}}/php-fpm.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "FPM Configuration" + - "Pool Definitions" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/proftpd-config.yaml b/exposures/configs/proftpd-config.yaml new file mode 100644 index 0000000000..ed5a4a8b08 --- /dev/null +++ b/exposures/configs/proftpd-config.yaml @@ -0,0 +1,24 @@ +id: proftpd-config + +info: + name: ProFTPD Config file disclosure + author: sheikhrishad + severity: low + tags: config,exposure,proftpd + +requests: + - method: GET + path: + - "{{BaseURL}}/proftpd.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "ProFTPD" + - "ServerName" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/samba-config.yaml b/exposures/configs/samba-config.yaml new file mode 100644 index 0000000000..bf58536c4f --- /dev/null +++ b/exposures/configs/samba-config.yaml @@ -0,0 +1,24 @@ +id: samba-config + +info: + name: Samba config file disclosure + author: sheikhrishad + severity: info + tags: config,exposure,smb + +requests: + - method: GET + path: + - "{{BaseURL}}/smb.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "configuration file" + - "samba" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/exposures/configs/svnserve-config.yaml b/exposures/configs/svnserve-config.yaml new file mode 100644 index 0000000000..443b519f85 --- /dev/null +++ b/exposures/configs/svnserve-config.yaml @@ -0,0 +1,22 @@ +id: svnserve-config + +info: + name: svnserve config file disclosure + author: sheikhrishad + severity: low + tags: config,exposure,svnserve + +requests: + - method: GET + path: + - "{{BaseURL}}/svnserve.conf" + + matchers-condition: and + matchers: + - type: word + words: + - "This file controls the configuration of the svnserve daemon" + + - type: status + status: + - 200 \ No newline at end of file