more tags update
parent
1712727d95
commit
8601b2167d
|
@ -4,6 +4,7 @@ info:
|
||||||
author: puzzlepeaches
|
author: puzzlepeaches
|
||||||
name: "Amazon MWS Auth Token"
|
name: "Amazon MWS Auth Token"
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: token,aws
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: AWS Access Key ID Value
|
name: AWS Access Key ID Value
|
||||||
author: Swissky
|
author: Swissky
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: token,aws
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -15,6 +15,7 @@ info:
|
||||||
author: Sy3Omda
|
author: Sy3Omda
|
||||||
severity: info
|
severity: info
|
||||||
description: Look for multiple keys/tokens/passwords in the page response.
|
description: Look for multiple keys/tokens/passwords in the page response.
|
||||||
|
tags: token
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,11 +4,7 @@ info:
|
||||||
name: Generic Tokens
|
name: Generic Tokens
|
||||||
author: nadino
|
author: nadino
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: token
|
||||||
# Notes:-
|
|
||||||
# This template requires manual inspection once found valid match.
|
|
||||||
# Generic token could be anything matching below regex.
|
|
||||||
# Impact of leaked token depends on validation of leaked token.
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,14 +1,10 @@
|
||||||
id: http-username-password
|
id: http-username-password
|
||||||
|
|
||||||
# Extract something like https://username:password@vulnerable.com
|
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Http usernamme password
|
name: Http usernamme password
|
||||||
author: nadino
|
author: nadino
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: token
|
||||||
# Notes:-
|
|
||||||
# This template requires manual inspection once found valid match.
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,9 +4,8 @@ info:
|
||||||
name: FCM Server Key
|
name: FCM Server Key
|
||||||
author: Abss (@absshax)
|
author: Abss (@absshax)
|
||||||
severity: high
|
severity: high
|
||||||
|
tags: token,google
|
||||||
# Reference:- https://abss.me/posts/fcm-takeover
|
reference: https://abss.me/posts/fcm-takeover
|
||||||
# FCM Project Credentials
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,7 +3,8 @@ id: google-api-key
|
||||||
info:
|
info:
|
||||||
name: Google API Key
|
name: Google API Key
|
||||||
author: Swissky
|
author: Swissky
|
||||||
severity: low
|
severity: info
|
||||||
|
tags: token,google
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Mailchimp API Value
|
name: Mailchimp API Value
|
||||||
author: puzzlepeaches
|
author: puzzlepeaches
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: token,mailchimp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -7,6 +7,7 @@ info:
|
||||||
name: Slack access token
|
name: Slack access token
|
||||||
author: nadino
|
author: nadino
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: token,slack
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,10 +5,9 @@ info:
|
||||||
author: 0xrudra & manuelbua
|
author: 0xrudra & manuelbua
|
||||||
severity: info
|
severity: info
|
||||||
tags: api
|
tags: api
|
||||||
|
reference: |
|
||||||
# References:
|
- https://github.com/dwisiswant0/wadl-dumper
|
||||||
# - https://github.com/dwisiswant0/wadl-dumper
|
- https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
|
||||||
# - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,9 +5,7 @@ info:
|
||||||
author: jarijaas
|
author: jarijaas
|
||||||
severity: info
|
severity: info
|
||||||
tags: api
|
tags: api
|
||||||
|
description: Detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
|
||||||
# This detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
|
|
||||||
# For instance, SOAP services, such as: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/web-services/asmx
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: low
|
||||||
reference: https://hackerone.com/reports/1026196
|
reference: https://hackerone.com/reports/1026196
|
||||||
|
tags: config
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
|
@ -4,6 +4,8 @@ info:
|
||||||
name: Detect Private SSH and TLS Keys
|
name: Detect Private SSH and TLS Keys
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: high
|
severity: high
|
||||||
|
tags: config
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
|
@ -4,8 +4,8 @@ info:
|
||||||
name: X Prober server information leakage
|
name: X Prober server information leakage
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: low
|
severity: low
|
||||||
|
tags: config
|
||||||
# Source:- https://twitter.com/bugbounty_tips/status/1339984643517423616
|
reference: https://twitter.com/bugbounty_tips/status/1339984643517423616
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: oppsec
|
author: oppsec
|
||||||
severity: info
|
severity: info
|
||||||
description: Bower is a package manager which stores packages informations in bower.json file
|
description: Bower is a package manager which stores packages informations in bower.json file
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
author: gevakun
|
author: gevakun
|
||||||
severity: low
|
severity: low
|
||||||
reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824
|
reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Drupal Install
|
name: Drupal Install
|
||||||
author: NkxxkN
|
author: NkxxkN
|
||||||
severity: low
|
severity: low
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Directory Listing via DS_Store
|
name: Directory Listing via DS_Store
|
||||||
author: 0w4ys
|
author: 0w4ys
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,8 +4,8 @@ info:
|
||||||
name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
|
name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: file
|
||||||
# https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
|
reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,8 @@ info:
|
||||||
name: Filezilla
|
name: Filezilla
|
||||||
author: amsda
|
author: amsda
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -3,6 +3,7 @@ info:
|
||||||
name: Keycloak Json File
|
name: Keycloak Json File
|
||||||
author: oppsec
|
author: oppsec
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Lazy File Manager
|
name: Lazy File Manager
|
||||||
author: amsda
|
author: amsda
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: oppsec
|
author: oppsec
|
||||||
severity: info
|
severity: info
|
||||||
description: yarn.lock is a file which store all exactly versions of each dependency were installed.
|
description: yarn.lock is a file which store all exactly versions of each dependency were installed.
|
||||||
|
tags: file
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: elmah.axd Disclosure
|
name: elmah.axd Disclosure
|
||||||
author: shine
|
author: shine
|
||||||
severity: medium
|
severity: medium
|
||||||
tags: logs
|
tags: log
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -3,7 +3,7 @@ info:
|
||||||
name: common error log files
|
name: common error log files
|
||||||
author: geeknik & daffainfo
|
author: geeknik & daffainfo
|
||||||
severity: low
|
severity: low
|
||||||
tags: logs
|
tags: log
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Laravel log file publicly accessible
|
name: Laravel log file publicly accessible
|
||||||
author: sheikhrishad
|
author: sheikhrishad
|
||||||
severity: low
|
severity: low
|
||||||
tags: laravel,logs
|
tags: laravel,log
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Publicly accessible NPM Log file
|
name: Publicly accessible NPM Log file
|
||||||
author: sheikhrishad
|
author: sheikhrishad
|
||||||
severity: low
|
severity: low
|
||||||
tags: npm,logs
|
tags: npm,log
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Rails Debug Mode Enabled
|
name: Rails Debug Mode Enabled
|
||||||
author: pd-team
|
author: pd-team
|
||||||
severity: medium
|
severity: medium
|
||||||
tags: logs,rails
|
tags: log,rails
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,7 +4,7 @@ info:
|
||||||
name: Apache Struts setup in Debug-Mode
|
name: Apache Struts setup in Debug-Mode
|
||||||
author: pd-team
|
author: pd-team
|
||||||
severity: low
|
severity: low
|
||||||
tags: logs,struts,apache
|
tags: log,struts,apache
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: low
|
||||||
reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
|
reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
|
||||||
tags: logs,asp
|
tags: log,asp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
Loading…
Reference in New Issue