Created app.yaml Template
parent
b8aaf28eb6
commit
8632760893
|
@ -0,0 +1,38 @@
|
|||
id: app-yaml
|
||||
|
||||
info:
|
||||
name: app.yaml Finder
|
||||
author: Cristi vlad (@cristivlad25)
|
||||
severity: high
|
||||
description: Finds app.yaml files which often contain sensitive information.
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/app.yaml"
|
||||
- "{{BaseURL}}/app.yml"
|
||||
- "{{BaseURL}}/application.yaml"
|
||||
- "{{BaseURL}}/application.yml"
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "runtime: "
|
||||
condition: or
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "!contains(tolower(body), '<html')"
|
||||
- "!contains(tolower(body), '<body')"
|
||||
- "!contains(tolower(body), '</h1>')"
|
||||
- "!contains(tolower(body), '</h2>')"
|
||||
- "!contains(tolower(body), '</h3>')"
|
||||
condition: and
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- yaml
|
||||
- yml
|
Loading…
Reference in New Issue