diff --git a/exposed-tokens/aws/amazon-mws-auth-token-value.yaml b/exposed-tokens/aws/amazon-mws-auth-token-value.yaml index 7014b6572f..e0f70808f5 100644 --- a/exposed-tokens/aws/amazon-mws-auth-token-value.yaml +++ b/exposed-tokens/aws/amazon-mws-auth-token-value.yaml @@ -4,6 +4,7 @@ info: author: puzzlepeaches name: "Amazon MWS Auth Token" severity: medium + tags: token,aws requests: - method: GET diff --git a/exposed-tokens/aws/aws-access-key-value.yaml b/exposed-tokens/aws/aws-access-key-value.yaml index 6fb604ca25..f1873560bd 100644 --- a/exposed-tokens/aws/aws-access-key-value.yaml +++ b/exposed-tokens/aws/aws-access-key-value.yaml @@ -4,6 +4,7 @@ info: name: AWS Access Key ID Value author: Swissky severity: info + tags: token,aws requests: - method: GET diff --git a/exposed-tokens/generic/credentials-disclosure.yaml b/exposed-tokens/generic/credentials-disclosure.yaml index 8b6e1cb008..af0bf1f361 100644 --- a/exposed-tokens/generic/credentials-disclosure.yaml +++ b/exposed-tokens/generic/credentials-disclosure.yaml @@ -15,6 +15,7 @@ info: author: Sy3Omda severity: info description: Look for multiple keys/tokens/passwords in the page response. + tags: token requests: - method: GET diff --git a/exposed-tokens/generic/general-tokens.yaml b/exposed-tokens/generic/general-tokens.yaml index d0708fea47..db7cff9ef8 100644 --- a/exposed-tokens/generic/general-tokens.yaml +++ b/exposed-tokens/generic/general-tokens.yaml @@ -4,11 +4,7 @@ info: name: Generic Tokens author: nadino severity: info - - # Notes:- - # This template requires manual inspection once found valid match. - # Generic token could be anything matching below regex. - # Impact of leaked token depends on validation of leaked token. + tags: token requests: - method: GET diff --git a/exposed-tokens/generic/http-username-password.yaml b/exposed-tokens/generic/http-username-password.yaml index 34eec3fe1b..bf59102302 100644 --- a/exposed-tokens/generic/http-username-password.yaml +++ b/exposed-tokens/generic/http-username-password.yaml @@ -1,14 +1,10 @@ id: http-username-password -# Extract something like https://username:password@vulnerable.com - info: name: Http usernamme password author: nadino severity: info - -# Notes:- -# This template requires manual inspection once found valid match. + tags: token requests: - method: GET diff --git a/exposed-tokens/google/fcm-server-key.yaml b/exposed-tokens/google/fcm-server-key.yaml index b5d0331291..e8f038eb49 100644 --- a/exposed-tokens/google/fcm-server-key.yaml +++ b/exposed-tokens/google/fcm-server-key.yaml @@ -4,9 +4,8 @@ info: name: FCM Server Key author: Abss (@absshax) severity: high - - # Reference:- https://abss.me/posts/fcm-takeover - # FCM Project Credentials + tags: token,google + reference: https://abss.me/posts/fcm-takeover requests: - method: GET diff --git a/exposed-tokens/google/google-api-key.yaml b/exposed-tokens/google/google-api-key.yaml index 54318e396e..96f7b78c72 100644 --- a/exposed-tokens/google/google-api-key.yaml +++ b/exposed-tokens/google/google-api-key.yaml @@ -3,7 +3,8 @@ id: google-api-key info: name: Google API Key author: Swissky - severity: low + severity: info + tags: token,google requests: - method: GET diff --git a/exposed-tokens/mailchimp/mailchimp-api-key.yaml b/exposed-tokens/mailchimp/mailchimp-api-key.yaml index 36bca0caec..b7edc4e0a1 100644 --- a/exposed-tokens/mailchimp/mailchimp-api-key.yaml +++ b/exposed-tokens/mailchimp/mailchimp-api-key.yaml @@ -4,6 +4,7 @@ info: name: Mailchimp API Value author: puzzlepeaches severity: medium + tags: token,mailchimp requests: - method: GET diff --git a/exposed-tokens/slack/slack-access-token.yaml b/exposed-tokens/slack/slack-access-token.yaml index f8a03674f4..a082412fdd 100644 --- a/exposed-tokens/slack/slack-access-token.yaml +++ b/exposed-tokens/slack/slack-access-token.yaml @@ -7,6 +7,7 @@ info: name: Slack access token author: nadino severity: medium + tags: token,slack requests: - method: GET diff --git a/exposures/apis/wadl-api.yaml b/exposures/apis/wadl-api.yaml index 94c70ca79a..182428c01f 100644 --- a/exposures/apis/wadl-api.yaml +++ b/exposures/apis/wadl-api.yaml @@ -5,10 +5,9 @@ info: author: 0xrudra & manuelbua severity: info tags: api - - # References: - # - https://github.com/dwisiswant0/wadl-dumper - # - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/ + reference: | + - https://github.com/dwisiswant0/wadl-dumper + - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/ requests: - method: GET diff --git a/exposures/apis/wsdl-api.yaml b/exposures/apis/wsdl-api.yaml index df3a326bcb..0ad7af54cb 100644 --- a/exposures/apis/wsdl-api.yaml +++ b/exposures/apis/wsdl-api.yaml @@ -5,9 +5,7 @@ info: author: jarijaas severity: info tags: api - -# This detects web services that have WSDL (https://www.w3.org/TR/wsdl/) -# For instance, SOAP services, such as: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/web-services/asmx + description: Detects web services that have WSDL (https://www.w3.org/TR/wsdl/) requests: - method: GET diff --git a/exposures/files/golang-metrics.yaml b/exposures/configs/golang-metrics.yaml similarity index 92% rename from exposures/files/golang-metrics.yaml rename to exposures/configs/golang-metrics.yaml index 40940d8b41..5124d3520a 100644 --- a/exposures/files/golang-metrics.yaml +++ b/exposures/configs/golang-metrics.yaml @@ -5,6 +5,7 @@ info: author: dhiyaneshDK severity: low reference: https://hackerone.com/reports/1026196 + tags: config requests: - method: GET diff --git a/exposures/files/server-private-keys.yaml b/exposures/configs/server-private-keys.yaml similarity index 98% rename from exposures/files/server-private-keys.yaml rename to exposures/configs/server-private-keys.yaml index 0e1f95b880..75ee750fce 100644 --- a/exposures/files/server-private-keys.yaml +++ b/exposures/configs/server-private-keys.yaml @@ -4,6 +4,8 @@ info: name: Detect Private SSH and TLS Keys author: geeknik severity: high + tags: config + requests: - method: GET path: diff --git a/exposures/files/xprober-service.yaml b/exposures/configs/xprober-service.yaml similarity index 74% rename from exposures/files/xprober-service.yaml rename to exposures/configs/xprober-service.yaml index 3433622609..5debf98fdf 100644 --- a/exposures/files/xprober-service.yaml +++ b/exposures/configs/xprober-service.yaml @@ -4,8 +4,8 @@ info: name: X Prober server information leakage author: pdteam severity: low - - # Source:- https://twitter.com/bugbounty_tips/status/1339984643517423616 + tags: config + reference: https://twitter.com/bugbounty_tips/status/1339984643517423616 requests: - method: GET diff --git a/exposures/files/bower-json.yaml b/exposures/files/bower-json.yaml index 1c5fd7bc2a..3bdbeef3e9 100644 --- a/exposures/files/bower-json.yaml +++ b/exposures/files/bower-json.yaml @@ -5,6 +5,7 @@ info: author: oppsec severity: info description: Bower is a package manager which stores packages informations in bower.json file + tags: file requests: - method: GET diff --git a/exposures/files/domcfg-page.yaml b/exposures/files/domcfg-page.yaml index 16ac6e5e6e..423510b570 100644 --- a/exposures/files/domcfg-page.yaml +++ b/exposures/files/domcfg-page.yaml @@ -4,6 +4,7 @@ info: author: gevakun severity: low reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824 + tags: file requests: - method: GET diff --git a/exposures/files/drupal-install.yaml b/exposures/files/drupal-install.yaml index 6159ac6c7e..eec8928a55 100644 --- a/exposures/files/drupal-install.yaml +++ b/exposures/files/drupal-install.yaml @@ -4,6 +4,7 @@ info: name: Drupal Install author: NkxxkN severity: low + tags: file requests: - method: GET diff --git a/exposures/files/ds_store.yaml b/exposures/files/ds_store.yaml index c67ec90bb0..7d3ef84cb9 100644 --- a/exposures/files/ds_store.yaml +++ b/exposures/files/ds_store.yaml @@ -4,6 +4,7 @@ info: name: Directory Listing via DS_Store author: 0w4ys severity: info + tags: file requests: - method: GET diff --git a/exposures/files/exposed-alps-spring.yaml b/exposures/files/exposed-alps-spring.yaml index 758b046cc7..822a1cb4fc 100644 --- a/exposures/files/exposed-alps-spring.yaml +++ b/exposures/files/exposed-alps-spring.yaml @@ -4,8 +4,8 @@ info: name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS) author: dwisiswant0 severity: medium - - # https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/ + tags: file + reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/ requests: - method: GET diff --git a/exposures/files/filezilla.yaml b/exposures/files/filezilla.yaml index 433093831e..d4b559492e 100644 --- a/exposures/files/filezilla.yaml +++ b/exposures/files/filezilla.yaml @@ -4,6 +4,8 @@ info: name: Filezilla author: amsda severity: medium + tags: file + requests: - method: GET path: diff --git a/exposures/files/keycloak-json.yaml b/exposures/files/keycloak-json.yaml index 31e0c989de..5a1843f91b 100644 --- a/exposures/files/keycloak-json.yaml +++ b/exposures/files/keycloak-json.yaml @@ -3,6 +3,7 @@ info: name: Keycloak Json File author: oppsec severity: info + tags: file requests: - method: GET diff --git a/exposures/files/lazy-file.yaml b/exposures/files/lazy-file.yaml index 800212497d..8cbc5073ad 100644 --- a/exposures/files/lazy-file.yaml +++ b/exposures/files/lazy-file.yaml @@ -4,6 +4,7 @@ info: name: Lazy File Manager author: amsda severity: medium + tags: file requests: - method: GET diff --git a/exposures/files/yarn-lock.yaml b/exposures/files/yarn-lock.yaml index 58595710ea..088fb588a8 100644 --- a/exposures/files/yarn-lock.yaml +++ b/exposures/files/yarn-lock.yaml @@ -5,6 +5,7 @@ info: author: oppsec severity: info description: yarn.lock is a file which store all exactly versions of each dependency were installed. + tags: file requests: - method: GET diff --git a/exposures/logs/elmah-log-file.yaml b/exposures/logs/elmah-log-file.yaml index 1737c0e9eb..2f44594c6b 100644 --- a/exposures/logs/elmah-log-file.yaml +++ b/exposures/logs/elmah-log-file.yaml @@ -4,7 +4,7 @@ info: name: elmah.axd Disclosure author: shine severity: medium - tags: logs + tags: log requests: - method: GET diff --git a/exposures/logs/error-logs.yaml b/exposures/logs/error-logs.yaml index 09a939bda7..fe5e278090 100644 --- a/exposures/logs/error-logs.yaml +++ b/exposures/logs/error-logs.yaml @@ -3,7 +3,7 @@ info: name: common error log files author: geeknik & daffainfo severity: low - tags: logs + tags: log requests: - method: GET diff --git a/exposures/logs/laravel-log-file.yaml b/exposures/logs/laravel-log-file.yaml index 75a8e8ba72..dca4272bd0 100644 --- a/exposures/logs/laravel-log-file.yaml +++ b/exposures/logs/laravel-log-file.yaml @@ -4,7 +4,7 @@ info: name: Laravel log file publicly accessible author: sheikhrishad severity: low - tags: laravel,logs + tags: laravel,log requests: - method: GET diff --git a/exposures/logs/npm-log-file.yaml b/exposures/logs/npm-log-file.yaml index ba8ddbc78b..e0d8000222 100644 --- a/exposures/logs/npm-log-file.yaml +++ b/exposures/logs/npm-log-file.yaml @@ -4,7 +4,7 @@ info: name: Publicly accessible NPM Log file author: sheikhrishad severity: low - tags: npm,logs + tags: npm,log requests: - method: GET diff --git a/exposures/logs/rails-debug-mode.yaml b/exposures/logs/rails-debug-mode.yaml index bc0a549a7d..ce33d403a2 100644 --- a/exposures/logs/rails-debug-mode.yaml +++ b/exposures/logs/rails-debug-mode.yaml @@ -4,7 +4,7 @@ info: name: Rails Debug Mode Enabled author: pd-team severity: medium - tags: logs,rails + tags: log,rails requests: - method: GET diff --git a/exposures/logs/struts-debug-mode.yaml b/exposures/logs/struts-debug-mode.yaml index 3371fb9fca..bc5a8ffc65 100644 --- a/exposures/logs/struts-debug-mode.yaml +++ b/exposures/logs/struts-debug-mode.yaml @@ -4,7 +4,7 @@ info: name: Apache Struts setup in Debug-Mode author: pd-team severity: low - tags: logs,struts,apache + tags: log,struts,apache requests: - method: GET diff --git a/exposures/logs/trace-axd-detect.yaml b/exposures/logs/trace-axd-detect.yaml index 6af306c8aa..a34ca0c093 100644 --- a/exposures/logs/trace-axd-detect.yaml +++ b/exposures/logs/trace-axd-detect.yaml @@ -5,7 +5,7 @@ info: author: dhiyaneshDK severity: low reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/ - tags: logs,asp + tags: log,asp requests: - method: GET