Merge pull request #107 from projectdiscovery/master

Updation

token-spray/api-abuseipdb.yaml

@@ -0,0 +1,29 @@
+id: api-abuseipdb
+
+info:
+  name: AbuseIPDB API Test
+  author: daffainfo
+  severity: info
+  reference: https://docs.abuseipdb.com/
+  tags: token-spray,abuseipdb
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        POST https://api.abuseipdb.com/api/v2/report HTTP/1.1
+        Host: api.abuseipdb.com
+        Key: {{token}}
+        Accept: application/json
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 16
+
+        ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root.
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'data":'
+          - 'ipAddress":'
+        condition: and

token-spray/api-alienvault.yaml

@@ -0,0 +1,24 @@
+id: api-alienvault
+
+info:
+  name: AlienVault Open Threat Exchange (OTX) API Test
+  author: daffainfo
+  severity: info
+  reference: https://otx.alienvault.com/api
+  tags: token-spray,alienvault
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1
+        Host: otx.alienvault.com
+        X-OTX-API-KEY: {{token}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"$schema":'
+          - '"properties":'
+        condition: and

token-spray/api-aniapi.yaml

@@ -0,0 +1,24 @@
+id: api-aniapi
+
+info:
+  name: AniAPI API Test
+  author: daffainfo
+  severity: info
+  reference: https://aniapi.com/docs/authentication
+  tags: token-spray,aniapi
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://api.aniapi.com/v1/auth/me"
+    headers:
+      Authorization: Bearer {{token}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"username":'
+          - '"data":'
+        condition: and

token-spray/api-dribbble.yaml

@@ -0,0 +1,19 @@
+id: api-dribbble
+
+info:
+  name: Dribbble API Test
+  author: daffainfo
+  severity: info
+  reference: https://developer.dribbble.com/v2/
+  tags: token-spray,dribbble
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://api.dribbble.com/v2/user?access_token={{token}}"
+
+    matchers:
+      - type: status
+        status:
+          - 200

token-spray/api-europeana.yaml

@@ -0,0 +1,19 @@
+id: api-europeana
+
+info:
+  name: Europeana API Test
+  author: daffainfo
+  severity: info
+  reference: https://pro.europeana.eu/page/search
+  tags: token-spray,europeana
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets"
+
+    matchers:
+      - type: status
+        status:
+          - 200

token-spray/api-iucn.yaml

@@ -0,0 +1,23 @@
+id: api-iucn
+
+info:
+  name: IUCN API Test
+  author: daffainfo
+  severity: info
+  reference: http://apiv3.iucnredlist.org/api/v3/docs
+  tags: token-spray,iucn
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "http://apiv3.iucnredlist.org/api/v3/country/list?token={{token}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'taxonid'
+          - 'scientific_name'
+          - 'subspecies'
+        condition: and

token-spray/api-myanimelist.yaml

@@ -0,0 +1,25 @@
+id: api-myanimelist
+
+info:
+  name: MyAnimeList API Test
+  author: daffainfo
+  severity: info
+  reference: https://myanimelist.net/apiconfig/references/api/v2
+  tags: token-spray,myanimelist
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://api.myanimelist.net/v2/anime?q=one&limit=4"
+    headers:
+      Authorization: Bearer {{token}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"data":'
+          - '"paging":'
+          - '"next":'
+        condition: and

token-spray/api-rijksmuseum.yaml

@@ -0,0 +1,23 @@
+id: api-rijksmuseum
+
+info:
+  name: Rijksmuseum API Test
+  author: daffainfo
+  severity: info
+  reference: https://data.rijksmuseum.nl/user-generated-content/api/
+  tags: token-spray,rijksmuseum
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - "https://www.rijksmuseum.nl/api/nl/usersets?key={{token}}&format=json&page=2"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"count":'
+          - '"userSets":'
+          - '"user":'
+        condition: and

token-spray/api-urlscan.yaml

@@ -0,0 +1,26 @@
+id: api-urlscan
+
+info:
+  name: URLScan API Test
+  author: daffainfo
+  severity: info
+  reference: https://urlscan.io/docs/api/
+  tags: token-spray,urlscan
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        GET https://urlscan.io/user/quotas/ HTTP/1.1
+        Host: urlscan.io
+        Content-Type: application/json
+        API-Key: {{token}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'X-Rate-Limit-Scope:'
+          - 'X-Rate-Limit-Limit:'
+          - 'X-Rate-Limit-Remaining:'
+        condition: and

token-spray/api-virustotal.yaml

@@ -0,0 +1,28 @@
+id: api-virustotal
+
+info:
+  name: VirusTotal API Test
+  author: daffainfo
+  severity: info
+  reference: https://developers.virustotal.com/reference#getting-started
+  tags: token-spray,virustotal
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        POST https://www.virustotal.com/vtapi/v2/url/scan HTTP/1.1
+        Host: www.virustotal.com
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 86
+
+        apikey={{token}}&url=google.com
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "'verbose_msg':"
+          - "'scan_date':"
+          - "'permalink':"
+        condition: and