Noam Rathaus 2021-04-26 12:13:33 +03:00
commit 71ba0dfbda
10 changed files with 196 additions and 4 deletions

View File

@ -39,12 +39,12 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 297 | vulnerabilities | 134 | exposed-panels | 121 |
| takeovers | 67 | exposures | 79 | technologies | 64 |
| takeovers | 67 | exposures | 87 | technologies | 64 |
| misconfiguration | 56 | workflows | 30 | miscellaneous | 20 |
| default-logins | 24 | exposed-tokens | 0 | dns | 8 |
| fuzzing | 8 | helpers | 7 | iot | 11 |
**102 directories, 1003 files**.
**102 directories, 1011 files**.
</td>
</tr>

View File

@ -2,15 +2,17 @@ id: open-stack-dashboard-login
info:
name: OpenStack Dashboard
author: dhiyaneshDK
author: dhiyaneshDK & hackergautam
severity: info
reference: https://www.exploit-db.com/ghdb/6464
tags: panel
tags: panel,openstack
requests:
- method: GET
path:
- '{{BaseURL}}/dashboard/auth/login/'
- '{{BaseURL}}/horizon/auth/login/?next=/horizon/'
redirects: true
matchers-condition: and
matchers:

View File

@ -0,0 +1,19 @@
id: apache-config
info:
name: Apache Config file disclosure
author: sheikhrishad
severity: low
tags: config,exposure,apache
requests:
- method: GET
path:
- "{{BaseURL}}/apache.conf"
matchers:
- type: dsl
dsl:
- "contains(body, '<Directory') && contains(body, '</Directory>') && status_code == 200"
- "contains(body, '<VirtualHost') && contains(body, '</VirtualHost>') && status_code == 200"
condition: or

View File

@ -0,0 +1,28 @@
id: exposed-sharepoint-list
info:
name: Exposed sharepoint list
author: ELSFA7110
severity: low
reference: |
- https://hackerone.com/reports/761158
- https://hackerone.com/reports/300539
tags: config,exposure,sharepoint
requests:
- method: GET
path:
- "{{BaseURL}}/_vti_bin/lists.asmx?WSDL"
matchers-condition: and
matchers:
- type: word
words:
- "GetListResponse"
- "GetList"
part: body
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: httpd-config
info:
name: Httpd Config file disclosure
author: sheikhrishad
severity: info
tags: config,exposure,httpd
requests:
- method: GET
path:
- "{{BaseURL}}/httpd.conf"
matchers-condition: and
matchers:
- type: word
words:
- "LoadModule"
- "# LoadModule"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,25 @@
id: nginx-config
info:
name: Nginx Config file disclosure
author: sheikhrishad
severity: info
tags: config,exposure,nginx
requests:
- method: GET
path:
- "{{BaseURL}}/nginx.conf"
matchers-condition: and
matchers:
- type: word
words:
- "server"
- "listen"
- "server_name"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: php-fpm-config
info:
name: PHP-FPM Config file disclosure
author: sheikhrishad
severity: low
tags: config,exposure,php
requests:
- method: GET
path:
- "{{BaseURL}}/php-fpm.conf"
matchers-condition: and
matchers:
- type: word
words:
- "FPM Configuration"
- "Pool Definitions"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: proftpd-config
info:
name: ProFTPD Config file disclosure
author: sheikhrishad
severity: low
tags: config,exposure,proftpd
requests:
- method: GET
path:
- "{{BaseURL}}/proftpd.conf"
matchers-condition: and
matchers:
- type: word
words:
- "ProFTPD"
- "ServerName"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,24 @@
id: samba-config
info:
name: Samba config file disclosure
author: sheikhrishad
severity: info
tags: config,exposure,smb
requests:
- method: GET
path:
- "{{BaseURL}}/smb.conf"
matchers-condition: and
matchers:
- type: word
words:
- "configuration file"
- "samba"
condition: and
- type: status
status:
- 200

View File

@ -0,0 +1,22 @@
id: svnserve-config
info:
name: svnserve config file disclosure
author: sheikhrishad
severity: low
tags: config,exposure,svnserve
requests:
- method: GET
path:
- "{{BaseURL}}/svnserve.conf"
matchers-condition: and
matchers:
- type: word
words:
- "This file controls the configuration of the svnserve daemon"
- type: status
status:
- 200