daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into main

patch-1
Ritik Chaddha 2024-01-22 12:02:39 +05:30 committed by GitHub
parent 31e8fdf87a b09f4db5a6
commit 9855277eab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2727 changed files with 16274 additions and 14156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/new-templates.yml vendored
View File

@ -7,6 +7,8 @@ on:
paths:
- '**.yaml'
workflow_dispatch:
release:
types: [published]
jobs:
templates:
@ -27,8 +29,8 @@ jobs:
- name: Commit files
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git config --local user.email "bot@projectdiscovery.io"
git config --local user.name "[PDBot]"
git add .new-additions -f
git commit --allow-empty -m "Auto Generated New Template Addition List [$(date)] :robot:" -a
@ -37,3 +39,7 @@ jobs:
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
- name: Trigger Remote Workflow with curl
run: |
curl -i -s -k -X 'POST' -H 'Host: api.github.com' -H "Authorization: token ${{ secrets.GTOKEN }}" --data-binary $'{\"ref\":\"main\"}' 'https://api.github.com/repos/projectdiscovery/early-templates/actions/workflows/reposync.yml/dispatches'

33
.github/workflows/templates-sync.yml vendored
View File

@ -3,25 +3,20 @@ on:
push:
paths:
- '.new-additions'
- 'http/cves/2015/CVE-2015-2794.yaml'
- 'http/cves/2023/CVE-2023-42343.yaml'
- 'http/cves/2023/CVE-2023-46574.yaml'
- 'http/exposures/docker-daemon-exposed.yaml'
- 'http/token-spray/api-openai.yaml'
- 'http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml'
- 'http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml'
- 'http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml'
- 'cloud/enum/aws-app-enum.yaml'
- 'cloud/enum/aws-s3-bucket-enum.yaml'
- 'cloud/enum/azure-db-enum.yaml'
- 'cloud/enum/azure-vm-cloud-enum.yaml'
- 'cloud/enum/azure-website-enum.yaml'
- 'cloud/enum/gcp-app-engine-enum.yaml'
- 'cloud/enum/gcp-bucket-enum.yaml'
- 'cloud/enum/gcp-firebase-app-enum.yaml'
- 'cloud/enum/gcp-firebase-rtdb-enum.yaml'
- 'http/cves/2023/CVE-2023-41109.yaml'
- 'network/misconfig/erlang-daemon.yaml'
- 'http/cves/2018/CVE-2018-10942.yaml'
- 'http/cves/2023/CVE-2023-27639.yaml'
- 'http/cves/2023/CVE-2023-27640.yaml'
- 'http/cves/2023/CVE-2023-48023.yaml'
- 'http/cves/2023/CVE-2023-6875.yaml'
- 'http/default-logins/node-red/nodered-default-login.yaml'
- 'http/default-logins/powershell/powershell-default-login.yaml'
- 'http/exposed-panels/autoset-detect.yaml'
- 'http/exposed-panels/compalex-detect.yaml'
- 'http/exposures/configs/vbulletin-path-disclosure.yaml'
- 'http/vulnerabilities/juniper/junos-xss.yaml'
- 'http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml'
- 'http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml'
- 'vulnerabilities/apache/apache-nifi-rce.yaml'
workflow_dispatch:
jobs:
triggerRemoteWorkflow:

41
.new-additions
View File

@ -1,27 +1,14 @@
cloud/enum/aws-app-enum.yaml
cloud/enum/aws-s3-bucket-enum.yaml
cloud/enum/azure-db-enum.yaml
cloud/enum/azure-vm-cloud-enum.yaml
cloud/enum/azure-website-enum.yaml
cloud/enum/gcp-app-engine-enum.yaml
cloud/enum/gcp-bucket-enum.yaml
cloud/enum/gcp-firebase-app-enum.yaml
cloud/enum/gcp-firebase-rtdb-enum.yaml
code/cves/2019/CVE-2019-14287.yaml
code/cves/2021/CVE-2021-3156.yaml
http/cves/2015/CVE-2015-2794.yaml
http/cves/2020/CVE-2020-12124.yaml
http/cves/2023/CVE-2023-41109.yaml
http/cves/2023/CVE-2023-42343.yaml
http/cves/2023/CVE-2023-46574.yaml
http/cves/2023/CVE-2023-50968.yaml
http/cves/2023/CVE-2023-51467.yaml
http/exposures/docker-daemon-exposed.yaml
http/misconfiguration/cookies-without-httponly.yaml
http/misconfiguration/php/php-composer-binary.yaml
http/token-spray/api-openai.yaml
http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml
http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
network/misconfig/erlang-daemon.yaml
http/cves/2018/CVE-2018-10942.yaml
http/cves/2023/CVE-2023-27639.yaml
http/cves/2023/CVE-2023-27640.yaml
http/cves/2023/CVE-2023-48023.yaml
http/cves/2023/CVE-2023-6875.yaml
http/default-logins/node-red/nodered-default-login.yaml
http/default-logins/powershell/powershell-default-login.yaml
http/exposed-panels/autoset-detect.yaml
http/exposed-panels/compalex-detect.yaml
http/exposures/configs/vbulletin-path-disclosure.yaml
http/vulnerabilities/juniper/junos-xss.yaml
http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml
http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml
vulnerabilities/apache/apache-nifi-rce.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
| cve | 2318 | dhiyaneshdk | 1135 | http | 6947 | info | 3351 | file | 312 |
| panel | 1040 | dwisiswant0 | 801 | file | 312 | high | 1471 | dns | 20 |
| wordpress | 941 | daffainfo | 789 | workflows | 191 | medium | 1445 | | |
| xss | 851 | pikpikcu | 353 | network | 132 | critical | 933 | | |
| exposure | 850 | pussycat0x | 313 | ssl | 27 | low | 251 | | |
| wp-plugin | 815 | ritikchaddha | 298 | javascript | 25 | unknown | 34 | | |
| osint | 678 | pdteam | 286 | dns | 17 | | | | |
| tech | 650 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 622 | geeknik | 225 | cloud | 9 | | | | |
| edb | 598 | theamanrawat | 221 | code | 5 | | | | |
**534 directories, 7902 files**.
**545 directories, 7957 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

9763
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2296 | dhiyaneshdk | 1123 | http | 6913 | info | 3337 | file | 312 |
| panel | 1038 | dwisiswant0 | 801 | file | 312 | high | 1458 | dns | 18 |
| wordpress | 938 | daffainfo | 788 | workflows | 191 | medium | 1439 | | |
| xss | 848 | pikpikcu | 353 | network | 131 | critical | 919 | | |
| exposure | 844 | pussycat0x | 307 | ssl | 27 | low | 248 | | |
| wp-plugin | 812 | ritikchaddha | 298 | javascript | 21 | unknown | 34 | | |
| osint | 677 | pdteam | 286 | dns | 17 | | | | |
| tech | 649 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 619 | geeknik | 224 | code | 3 | | | | |
| edb | 598 | theamanrawat | 221 | cves.json | 1 | | | | |
| cve | 2318 | dhiyaneshdk | 1135 | http | 6947 | info | 3351 | file | 312 |
| panel | 1040 | dwisiswant0 | 801 | file | 312 | high | 1471 | dns | 20 |
| wordpress | 941 | daffainfo | 789 | workflows | 191 | medium | 1445 | | |
| xss | 851 | pikpikcu | 353 | network | 132 | critical | 933 | | |
| exposure | 850 | pussycat0x | 313 | ssl | 27 | low | 251 | | |
| wp-plugin | 815 | ritikchaddha | 298 | javascript | 25 | unknown | 34 | | |
| osint | 678 | pdteam | 286 | dns | 17 | | | | |
| tech | 650 | ricardomaia | 229 | headless | 11 | | | | |
| lfi | 622 | geeknik | 225 | cloud | 9 | | | | |
| edb | 598 | theamanrawat | 221 | code | 5 | | | | |

5
cloud/enum/azure-vm-cloud-enum.yaml
View File

@ -8,7 +8,8 @@ info:
Searches for Azure virtual machines via their registered DNS names.
metadata:
verified: true
tags: cloud,cloud-enum,azure
tags: cloud,cloud-enum,azure,fuzz
self-contained: true
@ -62,4 +63,4 @@ dns:
part: answer
words:
- "IN\tA"
# digest: 4b0a004830460221008d223bfdb3585e335e8282ca206945a6f7704dab4a2899d3410229bf0db7132d022100b9de9af2b393a559575b67a5b25b6334fe8cddd1ceed5059ee634dc3b0292d50:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f91b6621181f8a7317c1ffc179ec2b81e33c8dd0dd28cc4871b13ffbb794ce84022100e7424a97fab1f6b745d735e7dad8f13b08ad36732b24216ae2826611af634318:922c64590222798bb761d5b6d8e72950

3
cloud/enum/azure-website-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Azure websites that are registered and responding.
metadata:
verified: true
max-request: 1
tags: cloud,azure
self-contained: true
@ -33,4 +34,4 @@ http:
- 200
- 302
condition: or
# digest: 490a00463044022001ff1a4cff9e33f3817df1e824a00e35f76c6f8e22cd34e3616e452978dc46f702200913c7710eba2b3df98325a1bb7da86b55cde6d4a3d7199a7d952f1f7988a3fa:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502204e87fb6ea9b294616dce1e74e429d8a83672921a242d1b3421a0c553eba83894022100bf53c3468808e2316f9194022db3618093873de428109de1984d0664f6bc89ee:922c64590222798bb761d5b6d8e72950

3
cloud/enum/gcp-app-engine-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for App Engine Apps in GCP.
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,gcp
self-contained: true
@ -39,4 +40,4 @@ http:
- "status_code==302"
- contains(location, "login")
condition: and
# digest: 490a0046304402204edc5a3fc90ff80b8397219e37a716d5b582c9821dbb0edda2c52c585aa241ca022067b0c7178f7f345975f765bdd56afc967505028e459ed113c8fbd450a1dcb76a:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022017250b6b9f7ccf30e614e7bfb992e2e9ec13fd27556137cf4b13dc2f2a8c70b602200e352bbaebbd9dfbced84b3f9dff65c9d1b3dac47a0eec812b738a987931a14c:922c64590222798bb761d5b6d8e72950

3
cloud/enum/gcp-bucket-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for open and protected buckets in GCP.
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,gcp
self-contained: true
@ -36,4 +37,4 @@ http:
name: "Protected GCP Bucket"
status:
- 403
# digest: 490a004630440220549241cfe0dbdadf24bcbdabd6cbf8e82a45bea577710e8409da53f3bdef37d202203bab8b09dea7b68aafc32f8214b331ee6dc4dbe85c0e7a34693b8062dec6fb6a:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100baff7bb9e12a115a59a755c8188c3544cc8497dc3a17860023486de9f4992def02210096b193c8507208f3d30cd9fc716d4be46cd9acb83418f2fa62f0d10ce305d026:922c64590222798bb761d5b6d8e72950

3
cloud/enum/gcp-firebase-app-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Apps in GCP.
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,gcp
self-contained: true
@ -31,4 +32,4 @@ http:
name: "Open GCP Firebase App"
status:
- 200
# digest: 490a004630440220721a516d58d71b3c20990c97c22986fd212caafa366f2641bdb4fe9df0a53f9802205ecd4bfcda0808d5002e9d1194e0ec0f4d2b2f2140170c0df4ffb11372a6470f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022065f44c35d042a0e98f90303a7f4181c0644c2e2fb8c7344c42d13104f89a454a022100cf17441e1fdb9ae05d7bdfca68f98abf3a4794b4d24e8ec69083e6323e96c39f:922c64590222798bb761d5b6d8e72950

3
cloud/enum/gcp-firebase-rtdb-enum.yaml
View File

@ -8,6 +8,7 @@ info:
Searches for Firebase Realtime Databases in GCP.
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,gcp
self-contained: true
@ -47,4 +48,4 @@ http:
name: "Deactivated GCP Firebase RTDB"
status:
- 423
# digest: 490a0046304402200dcb47ae02c77c619eea0d95a6ab7dc9f2be071cea09abee3a7ab748b11e561c022034956ced05346f9cfcc9d425d92fa1242c979572e8ae02030496597f64ccfe82:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402207b555ae31d639c4a2fa71c2988103f8eb74cd24ca8b3304e33059facb0c9275f02203b74c0ab6645d3c30970046284fffbea86b75f0bcf40192f6021b2297b616b7d:922c64590222798bb761d5b6d8e72950

10
code/cves/2023/CVE-2023-49105.yaml
View File

@ -15,15 +15,15 @@ info:
cvss-score: 9.8
cve-id: CVE-2023-49105
cwe-id: CWE-287
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
epss-score: 0.00091
epss-percentile: 0.38353
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: owncloud
max-request: 2
product: owncloud
shodan-query: title:"owncloud"
vendor: owncloud
verified: true
tags: cve,cve2023,owncloud,code,auth-bypass
variables:
@ -86,4 +86,4 @@ http:
- type: dsl
dsl:
- '"Username => "+ username'
# digest: 4a0a00473045022100f17bb3bb403b74c4e84e6190df79bf767df834017742b4b95607de42a3d948bb02205f2f1de3f09d31920d6bf102ba93c1ad271809327b5997d8d58e9f97f2886c11:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f1395fdef2764cce1bd751a6a94c3f89afc0fb10d9437288388d31d6460a983002203d431b3492fa8d2501b3387ae3cf0f975385c21f7ac74d2deafcf878645c6f45:922c64590222798bb761d5b6d8e72950

26
config/bugbounty.yml Normal file
View File

@ -0,0 +1,26 @@
# This is a configuration file for the bugbounty template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/bugbounty.yml -list target_list_to_scan.txt
severity:
- critical
- high
- medium
- low
- unknown
type:
- http
- tcp
- javascript
exclude-tags:
- tech
- dos
- fuzz
- creds-stuffing
- token-spray
- osint

10
config/cloud.yml Normal file
View File

@ -0,0 +1,10 @@
# This is a configuration file for the cloud template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/cloud.yml -list target_list_to_scan.txt
tags:
- cloud
- devops

29
config/compliance.yml Normal file
View File

@ -0,0 +1,29 @@
# This is a configuration file for the compliance template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/compliance.yml -list target_list_to_scan.txt
tags:
- misconfig
- cve
- exposure
- default-login
- xss
- lfi
- edb
- rce
- sqli
- unauth
- default-login
- ssrf
- redirect
- disclosure
- takeover
- traversal
- generic
- deserialization
- ssl
- keys
- token

16
config/osint.yml Normal file
View File

@ -0,0 +1,16 @@
# This is a configuration file for the osint template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/osint.yml -list target_list_to_scan.txt
tags:
- osint
- honeypot
- backdoor
- c2
- osint-social
- exposures
- malware
- enum

19
config/pentest.yml Normal file
View File

@ -0,0 +1,19 @@
# This is a configuration file for the pentest template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'config' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a config profile:
# nuclei -config config/pentest.yml -list target_list_to_scan.txt
type:
- http
- tcp
- javascript
- dns
- ssl
exclude-tags:
- dos
- fuzz
- osint

24
config/recommended.yml
View File

@ -5,8 +5,17 @@
# Here is an example of how to use a config profile:
# nuclei -config config/recommended.yml -list target_list_to_scan.txt
exclude-severity:
- info
severity:
- critical
- high
- medium
- low
- unknown
type:
- http
- tcp
- javascript
exclude-tags:
- tech
@ -14,15 +23,7 @@ exclude-tags:
- fuzz
- creds-stuffing
- token-spray
exclude-protocols:
- ssl
- dns
- file
- code
- whois
- headless
- workflow
- osint
exclude-id:
- CVE-2021-45967
@ -86,3 +87,4 @@ exclude-id:
- open-proxy-internal
- open-proxy-localhost
- open-proxy-portscan

9
cves.json
View File

@ -819,6 +819,7 @@
{"ID":"CVE-2020-11991","Info":{"Name":"Apache Cocoon 2.1.12 - XML Injection","Severity":"high","Description":"Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11991.yaml"}
{"ID":"CVE-2020-12054","Info":{"Name":"WordPress Catch Breadcrumb \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-12054.yaml"}
{"ID":"CVE-2020-12116","Info":{"Name":"Zoho ManageEngine OpManger - Arbitrary File Read","Severity":"high","Description":"Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12116.yaml"}
{"ID":"CVE-2020-12124","Info":{"Name":"WAVLINK WN530H4 live_api.cgi - Command Injection","Severity":"critical","Description":"A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12124.yaml"}
{"ID":"CVE-2020-12127","Info":{"Name":"WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure","Severity":"high","Description":"WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12127.yaml"}
{"ID":"CVE-2020-12256","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12256.yaml"}
{"ID":"CVE-2020-12259","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12259.yaml"}
@ -2213,6 +2214,7 @@
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
{"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"}
{"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"}
{"ID":"CVE-2023-44353","Info":{"Name":"Adobe ColdFusion WDDX Deserialization Gadgets","Severity":"critical","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-44353.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
{"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"}
@ -2230,6 +2232,9 @@
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}
{"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"}
{"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"}
@ -2238,8 +2243,12 @@
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
{"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"}
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
{"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"}
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"high","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
966878414639a1d70cbb937632710839
d205eefc147d9cb245a79c42d8aff090

5
dns/elasticbeanstalk-takeover.yaml
View File

@ -24,7 +24,7 @@ info:
For example:
CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com
Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c
tags: dns,takeover,aws
tags: dns,takeover,aws,elasticbeanstalk
dns:
- name: "{{FQDN}}"
@ -44,5 +44,4 @@ dns:
- type: dsl
dsl:
- cname
# digest: 4b0a00483046022100b17bf9a80ae6819d64cc1a58b2cf349b843548dcbfd9d9455230cace98f79b04022100cec30c98b7df5b5d7d359146fb95c16c511856e3d7648b50b0a3e671e4b81b01:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022050760ee5a49ba66950d709ad082c96f1f8cf59151573984107709cf7d108288b022100dddbce009750e8fb8c2018ff0937efe3be734a09791f0eb5715ea73b2593b0e2:922c64590222798bb761d5b6d8e72950

6
file/android/adb-backup-enabled.yaml
View File

@ -10,7 +10,8 @@ info:
- https://adb-backup.com/
classification:
cwe-id: CWE-200
tags: android,file
tags: android,file,adb
file:
- extensions:
- all
@ -18,5 +19,4 @@ file:
- type: word
words:
- "android:allowBackup=\"true\""
# digest: 490a00463044022079148ddcb17d63e510878ffcf923d2c9074822a68a15975e82dfacf0b823b75b02201099b266190b9e360ff401f621c9b6e6362c5bdcc37de07adc1c01c379307ad0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100efd6e8093a922583aa94e11240ba3c3fb79aa141ced3c67e7b534b376fc42f45022003b0f537ff8b6454419a0e21321004215151a906dcb13a3144f0514d0a595658:922c64590222798bb761d5b6d8e72950

5
file/android/biometric-detect.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: android,file
tags: android,file,biometric
file:
- extensions:
- all
@ -20,4 +21,4 @@ file:
- "android.permission.USE_BIOMETRIC"
# Enhanced by md on 2023/05/02
# digest: 4b0a00483046022100f43f7c82a443df1bdd1728b98b23a3d63aaa901d0338bf24a418fa62aa5b99c3022100d42fbf9d55efd87f006503421e1589c32046deb9fe240809156c321d870cfec9:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402201effa64fdef8e198849c4be2acf87c6be5c4efed84e9d5bb9d66f5df3db60b5d02200c7003f9a4e737c6fc6cf7137ec2184a7c9f79ed6e3abe97f4c2a02ec90b437e:922c64590222798bb761d5b6d8e72950

5
file/android/certificate-validation.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
@ -17,6 +18,4 @@ file:
- type: word
words:
- "Landroid/webkit/SslErrorHandler;->proceed()V"
# Enhanced by md on 2023/05/02
# digest: 4a0a00473045022100aef4ef4ea43eae93cb0373d207d40684412a63044e33386a05852840b2ee110702203dce816c57358a4a1b8ddf362be46263693e4295e9bcff78bfd6d7f2e32f6cd3:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220641d6e69fc91755ec4dbe940f170858c07c11f7662b3517e5636fc16ee47215e022100de151b50e70241e3c3673f8a482928542ad8791b2b16c54b87b2225ffca7ef5b:922c64590222798bb761d5b6d8e72950

5
file/android/content-scheme.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
@ -17,6 +18,4 @@ file:
- type: word
words:
- "android:scheme=\"content\""
# Enhanced by md on 2023/05/03
# digest: 4a0a0047304502201ca83928239ca3b0a3219fa4f2907f800eb31702bca0f70be096d4c26d041343022100a07bae71e1117a4eee7953c74184cb2bc2ee89e96b8c9af492bd20f66e6e9a6c:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c2c3c725fa7b2730a2a97a411041023f26e69c0a799b4e8de850bdac3946b620022100cb36d81a813131983cdce4a0b9ef5eb94c6278ed4c5a9f862bb347fbfad5a0fa:922c64590222798bb761d5b6d8e72950

4
file/android/debug-enabled.yaml
View File

@ -6,6 +6,7 @@ info:
severity: low
description: Android debug enabling was detected.
tags: android,file
file:
- extensions:
- all
@ -13,5 +14,4 @@ file:
- type: regex
regex:
- "android:debuggable=\"true\""
# digest: 4a0a0047304502203616fe532eee00daa7402f8e6595e34c0ce7bc19cc6777f164d069adb081267e022100cf17913c42a3a234371ca0236fbd066317c53d36b3c6ceabffb130eeffadbcf8:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022036652150abcc863fe683d75f6ef4ed133b21a536c30fa521bccde3e54da770d802210098c054b0d8e64528d1cd18755e42123fc045ca80522a19ba7ee6bbb93d59d817:922c64590222798bb761d5b6d8e72950

3
file/android/deep-link-detect.yaml
View File

@ -16,6 +16,7 @@ info:
metadata:
verified: true
tags: android,file,deeplink
file:
- extensions:
- xml
@ -30,4 +31,4 @@ file:
condition: and
# Enhanced by md on 2023/05/02
# digest: 490a0046304402207edbcd24d76af152b6368274009d835e0462d0256c4e99c2819ca0f9e691ec34022078cfca39b64958091ac474623fb5bdc89f79e3e0e716ecc706b092fd003b9987:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a95d3d2fdeae1df7454ddd0f0ea7f10bbd8edb608c502695f7b6cf66b9415790022100f86fce7ae52479b32a1c4374965476a799a95f8e9fcd0926b35649ba022eacd0:922c64590222798bb761d5b6d8e72950

5
file/android/dynamic-broadcast-receiver.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
@ -17,6 +18,4 @@ file:
- type: word
words:
- ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)"
# Enhanced by md on 2023/05/02
# digest: 490a0046304402200a21274be70d274c77c63cf66b98e1d17b14fcbfff10995feefc37a44c7cbc6a022076339e3fbebc6122b4991b64b1c1208697e31560886e2d86f5a0ac665c582758:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100aa618eba1f07180c9ed91a94c26f3eaa3104134311b4c7c52567ec235f73e01f02204b8920dc1a170a1e7843abc4562c5a453248be604442c0b50ebc0690d1a4c90a:922c64590222798bb761d5b6d8e72950

3
file/android/file-scheme.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- xml
@ -19,4 +20,4 @@ file:
- "android:scheme=\"file\""
# Enhanced by md on 2023/05/03
# digest: 4a0a00473045022100e1b3965f57f869c3babac5d0d8eaab8473fbd547ede00744e8e2dc2bb683f10c02200491a767c6fda145c2b792a960fdfac4f541c9ae9db0256dcffc1b858d9ddd13:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100af4a17caa84888f0caecdc441156d030d844f3839f37936b3d8689a8a7d1aaad0221009c00d9b0ab3ce7efa0ba61485569a0df903a3783c0748289aa4c384ec0896465:922c64590222798bb761d5b6d8e72950

4
file/android/google-storage-bucket.yaml
View File

@ -8,6 +8,7 @@ info:
verified: "true"
github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
tags: file,android,google
file:
- extensions:
- all
@ -16,5 +17,4 @@ file:
- type: regex
regex:
- "[a-z0-9.-]+\\.appspot\\.com"
# digest: 4b0a00483046022100f5b1873c8bca743330c13ec8aa0470d0456310ee42d1afcf58efba79f1a645720221008f58f9cff9e8ccfea0b4a3d8e6ed14c9d20c5ddb8d6106f113a6ff0d28f29b62:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221008d65b2c2642e1ab203ccf7f0a1227352ca7da9f7daf46d085b9dc5ebf0994721022074fba51478f8e72d2bd15ca78b40d7022715cd02124e33a1cf76db1ec0ab838d:922c64590222798bb761d5b6d8e72950

5
file/android/provider-path.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
file:
- extensions:
- all
@ -18,6 +19,4 @@ file:
regex:
- "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\""
- "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\""
# Enhanced by md on 2023/05/02
# digest: 4b0a00483046022100c7a1b1c2556047998abaef0b98976b35c8058ceaa66838bf8711c30ef2cf36980221009595cab483ee1f8c602d9d2c936db350b1d8622fb32470d74e62e88c43c72452:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206c94650aa17a95f664a3b02618c0aaf5935a8140b515903041ea94574cf1548d02203fcc98c6c0d286b2ebec48a54955e783d285ca26837e63c869000d48907d03f5:922c64590222798bb761d5b6d8e72950

5
file/android/webview-addjavascript-interface.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
tags: android,file,webview
file:
- extensions:
- all
@ -19,4 +20,4 @@ file:
- ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V"
# Enhanced by md on 2023/05/02
# digest: 490a0046304402203981bdb59f2dcb96fc32d914a6ad857c3ab9cc7a7e13721fbb70d5e02d56479602203f304de4f54bc79bb48097452fe53cf82aed0a50741027791fecdc92909a32a0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022017350c5e7005e173cb17ad1178c2d04297ca669e7911c3aa35ab14e38b4dd63a02210087c5e48401c75a4f6be45c77cdfa376651c0c082a8c204ce021f6fca5c008369:922c64590222798bb761d5b6d8e72950

7
file/android/webview-javascript.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: android,file,javascript
tags: android,file,js,webview
file:
- extensions:
- all
@ -17,6 +18,4 @@ file:
- type: word
words:
- "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V"
# Enhanced by md on 2023/05/03
# digest: 490a0046304402202cb44b3b176f00694b16cac7a61f5db343e65232d7dbb0e4c3f19815322ffa30022041f4229478a122c2b2f3b7878815a3391f9725e527b8eb7c18488d0c958b3324:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100eeec2d42663cc7c3ba34fa2ae0fba3d4f9e75512967a520a3cd681061476702b02202489b8e69fa532c77c282d7702053492103e9f643863885b397bec5197c7ee6b:922c64590222798bb761d5b6d8e72950

5
file/android/webview-load-url.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: android,file
tags: android,file,webview
file:
- extensions:
- all
@ -19,4 +20,4 @@ file:
- "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V"
# Enhanced by md on 2023/05/02
# digest: 4a0a0047304502203e6573c6bd46a8ffccb46b934de85f8489aa4206ace3c395eb97ded8a483ca6d022100dc2c1947834d8746ee19b34dc7ca18c67691235cb4d04c3530b52d9a072cdf22:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d61e6bcd00f5e0afaa1969aed4daca70e51186005b245ecb509f3bff3aec9e72022100c0e219ac8ba638bed9f5e01d2f2accf82b2bc8ef612ff3ba220c1f2eeb65dc5e:922c64590222798bb761d5b6d8e72950

7
file/android/webview-universal-access.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: android,file
tags: android,file,webview
file:
- extensions:
- all
@ -17,6 +18,4 @@ file:
- type: word
words:
- "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V"
# Enhanced by md on 2023/05/03
# digest: 4a0a00473045022100a47e2082fc66a04948c89867eea66d41624cf5a26a7e0e6faebecd5e18281a74022025ef3b1093b7cfa7eeb45aea5a30518577674355526f2621c96bde80d175642a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b3824610ba6b2026b8af411ad1f050590e6d7d443422e6018531dfd6afc4e2c202207791f1506db5b7ed7e28371cc10d6ec040f0e9a60f719c11ef68204c7d53b030:922c64590222798bb761d5b6d8e72950

3
file/audit/cisco/configure-aaa-service.yaml
View File

@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -29,4 +30,4 @@ file:
- "configure terminal"
# Enhanced by md on 2023/05/02
# digest: 4a0a00473045022079df055c2e5696994818ce4c85c08341ceb33ee8812c8f7c489991bbb85c13e5022100889d8d69f0812d3402167ff57e13d702a8fde570d27ec634e6ec90edc647b81e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502203740bf9627bfcf3a5c391bc4f46b5e56478ee42cb4c16c75bb58da2ae4b09cf50221009aee74ec6f76f1a45c959deff776be4e87ffbe20aeb3877af07fd32780939c26:922c64590222798bb761d5b6d8e72950

3
file/audit/cisco/configure-service-timestamps-debug.yaml
View File

@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -29,4 +30,4 @@ file:
- "configure terminal"
# Enhanced by md on 2023/05/02
# digest: 4a0a00473045022100bc3785d0a7b24f396ab4fed4a8d9f901369fe263a0749c872fcaf5385e07db80022003bd8f4e1e5c637b8226641ce70b584a59608f1311c98f43fa7b74f0605ffe75:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e790db4f51fe29f83ad4fc1ff116a49d5d6f819db02218ca8ae48ffdbb5cc971022100d1d2198ae6f712fd4dae37de01404a47d64fc3ba16fb53baac1b81583b94a080:922c64590222798bb761d5b6d8e72950

5
file/audit/cisco/configure-service-timestamps-logmessages.yaml
View File

@ -1,4 +1,4 @@
id: configure-service-log-messages
id: configure-service-timestamps-logmessages
info:
name: Cisco Configure Service Timestamps Log Messages - Detect
@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -29,4 +30,4 @@ file:
- "configure terminal"
# Enhanced by md on 2023/05/02
# digest: 4a0a00473045022100eec5568ee37b9570d34f5a84ef8cb6c87e0d4c328c563a315bae6485d81f34c602205dd2190d468102b996589f3d15fca169cf6805a71b5cd76c30f5db5d02189b25:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e7452eed7b2d85e75724d3e9a62e49f196464dac3c7ac97e0f58e95aeb3e6c9002205542b25308e388b9416cd69807356efb7e6dd237b649511d38324980c426c3c4:922c64590222798bb761d5b6d8e72950

4
file/audit/cisco/disable-ip-source-route.yaml
View File

@ -14,6 +14,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -28,5 +29,4 @@ file:
- type: word
words:
- "configure terminal"
# digest: 4a0a00473045022074c0a1cf8e4aa1aae86601df3d56f2d8a24cbdfd644ff047cfb34ed4c79397080221009b5f95e3a473009298bb7cf875d282617fb93ad30dafc9c3f2efcba049e672ea:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100fb06c6898c536312af8b160e589921b6f2f70c54a0ff68e91e34a066c17b7e57022100b1cd8c2a0750157db54e355350673a9768ae1f495a373dbb2861e588d725d4ea:922c64590222798bb761d5b6d8e72950

4
file/audit/cisco/disable-pad-service.yaml
View File

@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -27,5 +28,4 @@ file:
- type: word
words:
- "configure terminal"
# digest: 4a0a00473045022100c59ff03045b104e65dc2f92569ebc4ed981b39844b3e1fc03d48b1ed82e1e0a3022056fd96605d454caebc29595bf2d7771efe3b438061f4c50245a3897f7176ddcd:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206545afa7a9ba8a70dbe681b29bf035590dea62a60e8f85cea30e0735b2e7f285022069446b84c98b3e67d4d9998793382c7b201f46c7ccabc37ee8afd7023cfe0ff2:922c64590222798bb761d5b6d8e72950

4
file/audit/cisco/enable-secret-for-password-user-and-.yaml → file/audit/cisco/enable-secret-for-user-and-password.yaml
View File

@ -9,6 +9,7 @@ info:
reference:
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
tags: cisco,config-audit,cisco-switch,file,router
file:
- extensions:
- conf
@ -23,5 +24,4 @@ file:
- type: word
words:
- "configure terminal"
# digest: 4a0a0047304502204f6beffea112852a6e7dbf11a7fd8fe97da58385e475b5d3485a12678568107f022100afe3edd05b216cb7a94d9080430e939c95b36d13f0195516681a1e2b31874aec:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100dac4f6aa319499a727b4ee08faa1fe35473c0e8c1c5ec166d3b5ef62f267800c0220547bd47bb206453c355eabcd9eb490c10ff6d4f02f10029b954d0d4befffaef0:922c64590222798bb761d5b6d8e72950

3
file/audit/cisco/logging-enable.yaml
View File

@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf
@ -29,4 +30,4 @@ file:
- "configure terminal"
# Enhanced by md on 2023/05/03
# digest: 4a0a0047304502202a8c038850f96007448de5721920df67d783f04b494c7cad889ff010905c651a0221008d64ff006c97de269f9503222257a6d9bf550a462eddb4112d600a65513b1321:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100caba033b9ff86c08ee521b8dcba5e23dea9fa405b725b307d136cf633441873e022100abb3eddb6e9b64447e5bcd1b649a1fc8f03ac775c458c06742110abb1d27e51d:922c64590222798bb761d5b6d8e72950

3
file/audit/cisco/set-and-secure-passwords.yaml
View File

@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: cisco,config-audit,cisco-switch,file
file:
- extensions:
- conf
@ -29,4 +30,4 @@ file:
- "configure terminal"
# Enhanced by md on 2023/05/03
# digest: 490a0046304402207029e29a2d75aea030e8818991a5da7ab7c47204f24a1c238ddcfd78138d8c2e022013f3a96886a9daa37c9df80d46fe6ec3f59a1cce3423fae634016908b8e5ee2c:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221008d1198eadac82d76c50dc2b2a4ce4a69e7aa47be41b620cea5c6698ceaca11f9022100d41c0d031adf5f7ea3cc3cb992be9ae871fd53516a0c97276383364a78a5f896:922c64590222798bb761d5b6d8e72950

5
file/audit/fortigate/auto-usb-install.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -29,6 +30,4 @@ file:
- "config router"
- "config firewall"
condition: or
# Enhanced by md on 2023/05/03
# digest: 4b0a00483046022100ccc576bcc6257505a68ceaefbbe56b0c66e38c49ec5b93942176d669e5e01959022100fab05994e7edde53474a33d7e43c9513f59ff7a55d485122457864b2390aeb5e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502207705ba820df9f78c5d686bb2cf0a2945360c63e2774a2bd9984e2b676dfc3a71022100f9dc533ffa5f2fe96faee48a7249bf2982a55b89e7d5f40e7f49330d47dc5d2c:922c64590222798bb761d5b6d8e72950

5
file/audit/fortigate/heuristic-scan.yaml
View File

@ -12,6 +12,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -30,6 +31,4 @@ file:
- "config router"
- "config firewall"
condition: or
# Enhanced by md on 2023/05/03
# digest: 4a0a00473045022100fa37189cba4ed2ec0013bb0b51b8a53f8d0cbc15e173827ddb5936e9d9bf7f1e02206dfeeaf7dffec71e85545522022158bb29aa157802a79a06a040ed4c112abbb5:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f4ec56fac28c66a16f4465dc3f38dfa1e32914d9a9f4a920eecfcd7531fd8eb1022100ded6bebd35754564f8d3f44d45f442fd0e8b1bd377f5da1d2013659cc8eea484:922c64590222798bb761d5b6d8e72950

3
file/audit/fortigate/inactivity-timeout.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -30,4 +31,4 @@ file:
condition: or
# Enhanced by md on 2023/05/03
# digest: 4a0a00473045022100cea6b95920897938fc382b500396ac8f32ff99b0eec0ecaf088fb5cb0449776802202a68db332abee65d2afb58c2fa4c6934543e89992df389a9f324ad70d6a67c9b:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022041387e7ef55b094494bcfb9a6eae4ff8ad3c74272b997521e525cfbbeccc90cf022100db5505a6eef5616090297755b5660c0a7365fbde04b2bf137704f64913258eff:922c64590222798bb761d5b6d8e72950

4
file/audit/fortigate/maintainer-account.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -28,5 +29,4 @@ file:
- "config router"
- "config firewall"
condition: or
# digest: 4a0a0047304502210095dfe6f50e1344c29cb73fdf72e79eec9b146ee421cafb0ec09d8b252f26cd18022019682a67d6b6265c8c4ca6ba95d900ce429ad5bbb188af95953698ab445dad8b:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502210089379903b0135adfb1a8bd3e2d4a590950d73ab241cdceabd0c397e6912349f60220557b68a43baf7c7c7e01590b8751530c0f840c1ff27b2d604ee368501fb8a61e:922c64590222798bb761d5b6d8e72950

4
file/audit/fortigate/password-policy.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: fortigate,config,audit,file,firewall
file:
- extensions:
- conf
@ -28,5 +29,4 @@ file:
- "config router"
- "config firewall"
condition: or
# digest: 4a0a00473045022100973422e6e42cfee55eeb7bcb78a54ebc4382c2e74d87bd231fcdd44e89c42b5d02207cf72f8c099025aa5c7aad767d31a2847cf74fbbe73c43194502bf807d9c81b7:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502204e65bbfdaa2bfe99fe16885a24ff47c4949526d02fadc7b87f6c20a4ba08c4ca022100c0985aaaf07d38f38325fb6bbda5f5b5b2db068356432ff3cf67cb159110cd33:922c64590222798bb761d5b6d8e72950

4
file/audit/fortigate/remote-auth-timeout.yaml
View File

@ -12,6 +12,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -29,5 +30,4 @@ file:
- "config router"
- "config firewall"
condition: or
# digest: 4a0a004730450220460b3387929bbf2d35f5e220f1501f7e95aee4169633d49cab715e89830e44b102210090004afc4f71c06bfc0c3b2762dd2f6094c2abbe7cef201ebd30f98b7c38e3a5:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220536fe3e2f19529faa2dad59b0925da645e04a7197e96304c47eb89df2f5f1a8e02202bc21cdd56a7d7194d1573306690289ba0306167ad2eb3cb9ca9728b83b919b2:922c64590222798bb761d5b6d8e72950

4
file/audit/fortigate/scp-admin.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -28,5 +29,4 @@ file:
- "config router"
- "config firewall"
condition: or
# digest: 4a0a00473045022017907ef84d543d31938a81f98b74c0e2cbb8046446564d60d93ab016b211ccbe022100bf653ab2e2a8cd2b59fe160d7c5a605fdb079fff2eb049540f0c0e59d79272dd:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022066b03eab029db2877bcea75f43ae255dae8812134411e467f84b8487e9ec3c61022100d84b44b02b7c57bade8ec9df9cec76874296bd865c80b8af87e45f18e8350d1c:922c64590222798bb761d5b6d8e72950

4
file/audit/fortigate/strong-ciphers.yaml
View File

@ -7,6 +7,7 @@ info:
description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
tags: audit,config,file,firewall,fortigate
file:
- extensions:
- conf
@ -24,5 +25,4 @@ file:
- "config router"
- "config firewall"
condition: or
# digest: 4a0a00473045022100c807aaceda1d677145cd86b23d68df8651d47461ff50883ab407b999b3ab89d8022066419939b0b5d9f1d44fecd6958ab45e46a3f1c931ef94f2f36ca71907d46974:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c04b9bbf0bec674b8578767a5dc94cdc2101bdb316d13bdd54fb7da604f5e7c8022100d35a558a808abf032280bdb60e7c9091bc4a2d28966836c4af0f0ac583252b3a:922c64590222798bb761d5b6d8e72950

3
file/audit/pfsense/configure-dns-server.yaml
View File

@ -15,6 +15,7 @@ info:
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
@ -33,4 +34,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 4a0a0047304502206e6b95e81bec7d3776c15a7d13ee6ceec276641f2cea2b0e3f27cfbff11ffb0b022100dc3dd5041f7ff2b046b72bb868c4e08c18766913069ee573ca4da3347a603e75:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022033cb74c6b00552467f5bc077d514ea4991e3a3222666f07b004e0d7bd978098f022100a10c92466915077df2b21b37b18aabc5d0122bb34af9bec017432af9736b0238:922c64590222798bb761d5b6d8e72950

5
file/audit/pfsense/configure-session-timeout.yaml
View File

@ -1,7 +1,7 @@
id: configure-session-timeout
info:
name: PfSence Configure Sessions Timeout Not Set - Detect
name: PfSense Configure Sessions Timeout Not Set - Detect
author: pussycat0x
severity: info
description: |
@ -15,6 +15,7 @@ info:
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
@ -36,4 +37,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 4a0a004730450220428bd620e5177de61a4b58993a27ef7ff13adb0f5fbbd6590d7801c1f719b1710221009a9c3c9efdc4581d55bbbdebf48baf7d32ebd75cfb3cd0f0e2326b91922aceed:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221008eba08b85ba95940807021dd80e8d2aa75fabfbe6706871968b674720671fa85022100cc57c109bd39376341a80bf84d4c5ef3f2a6f396792ca7ea3876860f54cf38d6:922c64590222798bb761d5b6d8e72950

7
file/audit/pfsense/enable-https-protocol.yaml
View File

@ -1,11 +1,11 @@
id: enable-https-protocol
info:
name: Pfsence Web Admin Management Portal HTTPS Not Set - Detect
name: Pfsense Web Admin Management Portal HTTPS Not Set - Detect
author: pussycat0x
severity: info
description: |
PfSence Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
PfSense Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
reference: |
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
@ -15,6 +15,7 @@ info:
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
@ -35,4 +36,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 4a0a0047304502200b7f468fa03dc5a9da4434cc16c2158051689e6367855fc15e3bbebc5396ce03022100dfcf501466defaa4960609da00c79d3015a88752b60735097487324e61281425:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202121bc19669faaa0f0e0fc8bc72138f3eb44eea7209ff5bbc2d8121f58350389022100d43403a09e74c0d72f54de7d9dad2e0af0f1fa4ba7ea551188dccde47e010856:922c64590222798bb761d5b6d8e72950

7
file/audit/pfsense/known-default-account.yaml
View File

@ -1,11 +1,11 @@
id: known-default-account
info:
name: PfSence Known Default Account - Detect
name: PfSense Known Default Account - Detect
author: pussycat0x
severity: info
description: |
PfSence configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
reference: |
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
classification:
@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,pfsense
file:
- extensions:
- xml
@ -27,4 +28,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 490a004630440220021b724d5c938c772dce4f4fb69947f5b07bb278e82211289af983207ea2091902205e36a512ae90e197d329cfa247658297e6bf6ffdde97aa1f6c54900c057c1448:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022063556ee4b394affce60a28ef8106e7bafe299aaee1d4e84e1e295562373442bd022068de7e8f0dbacab446bc723067113de16f48cb61438deb36b1fa2a0d79d9236b:922c64590222798bb761d5b6d8e72950

7
file/audit/pfsense/password-protected-consolemenu.yaml
View File

@ -1,11 +1,11 @@
id: password-protected-consolemenu
info:
name: PfSence Consolemenu Password Protection Not Implememnted - Detect
name: PfSense Consolemenu Password Protection Not Implememnted - Detect
author: pussycat0x
severity: info
description: |
PfSence password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
PfSense password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
reference: |
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
@ -15,6 +15,7 @@ info:
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
@ -36,4 +37,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 490a00463044022012ee67126f50b5cf259b101b1f2b9ea34d9675f8d1741eb4edfb87b4abfeca6202207f3522cd9d8e35fe7d2dcccc815c28638b0799ceded0dbeea3572cb3f612e891:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022078bebe23791220eee7587337be7cdd8f3dc36ae8e2fffcb62e57b6d4697609af02202a015c2d5eacb159debb08f84abf1d1a158ded646676fd555d1eae7dfe17007a:922c64590222798bb761d5b6d8e72950

7
file/audit/pfsense/set-hostname.yaml
View File

@ -1,11 +1,11 @@
id: set-hostname
info:
name: PfSence Hostname Not Set - Detect
name: PfSense Hostname Not Set - Detect
author: pussycat0x
severity: info
description: |
PfSence Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
PfSense Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
reference: |
https://docs.netgate.com/pfsense/en/latest/config/general.html
classification:
@ -13,6 +13,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
@ -27,4 +28,4 @@ file:
condition: and
# Enhanced by md on 2023/05/04
# digest: 4a0a00473045022052d3112a4e98adccd6b8fccd98f95244557d07eb4caef53dc9f09b7f996d642e022100e56f7d85f2d9bcbb8a03fc01e20588b9d2cb93de814a82b1e77069c2b48be485:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100ef138110a286e5da0fd75606e2bdd7a522477fa1a4cfd60452976fb5d96e8d97022100e02bb223d094d5b9546c6bf6fd8786ed0c6f4fd2c03c943d7073143b81c98e61:922c64590222798bb761d5b6d8e72950

4
file/bash/bash-scanner.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
- https://phoenixnap.com/kb/dangerous-linux-terminal-commands
tags: bash,file,shell,sh
file:
- extensions:
- sh
@ -44,5 +45,4 @@ file:
name: unknown filedownload
regex:
- '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$'
# digest: 4a0a00473045022100db6e5f84fe8da8728aa4f05dd83a5d033d062fe552a148d3cf2fd599277d1eaf022040d4296bef6df6b57b8381af30fc75730d9bf8103ce7d37bdcfbe91317fc5344:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221009ad4de0abc82c172ead956fa70e1a84b3baff31c544569a254f7cf7d255e41cf02200bae7cf84580e9b008236464ea25f105d51c97951521af9c5e96b3ca11a1ad48:922c64590222798bb761d5b6d8e72950

4
file/electron/electron-version-detect.yaml
View File

@ -11,6 +11,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: electron,file
file:
- extensions:
- json
@ -19,5 +20,4 @@ file:
- type: regex
regex:
- '"electronVersion":"[^"]*"'
# digest: 4b0a00483046022100a04f77fdda5916ff33b294ee3addb5451db77585a39ae8673f4cdfed08974d7b022100d421b8bd0600e4310c8ef55ea0b2a18771258f3c6c6ab884e8d661a6965c3112:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a93dfde5beb023a02145111d3e9c07e640ec686696e643c5370c9e442e2497d5022100f81edbb6c9bbd6977b3c7955b95aab77938f943b6878f161182fbf0e265d2efa:922c64590222798bb761d5b6d8e72950

4
file/electron/node-integration-enabled.yaml
View File

@ -10,6 +10,7 @@ info:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
tags: electron,file,nodejs
file:
- extensions:
- all
@ -17,5 +18,4 @@ file:
- type: word
words:
- "nodeIntegration: true"
# digest: 4a0a00473045022070caab60eefc323b37e341d70c757d85c7fedf66d0e35b51a425a8aa7ec6c847022100bca4045fc5d68b14d123532d732daa73ffbc5af0e124764325706d859da74e9f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f1c2f407e3d860f1475606524ca3c1faf44f32f0bf0a4a888c17addbaec16cb502200a3c9c1c519b7b4df9937a4ee61ee0eff2d2f81626c0f5748b1978d268183777:922c64590222798bb761d5b6d8e72950

6
file/js/js-analyse.yaml
View File

@ -8,7 +8,8 @@ info:
This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
metadata:
verified: true
tags: file,js-analyse,js,javascript
tags: file,js-analyse,js
file:
- extensions:
- js
@ -30,5 +31,4 @@ file:
name: extracted-uri
regex:
- "(?i)([a-z]{0,10}):(//|/)[a-z0-9\\./?&-_=:]+"
# digest: 490a004630440220295fa966d911a692e343adc830f080654abda1d1b1f3e59a421a54a5e9d29fe802203b8bf407243a4e13d0567bf99a9c6b4f6bcb863600c1a6a54c53cc67bec50f51:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022074fd41f8b59517248d39216756a55be729fe598400825417fc9ab281c4c626d6022100f3a770bad05731314a45020b4a94b393b96dfae3590e0e526327ac84fa760aa2:922c64590222798bb761d5b6d8e72950

4
file/keys/adobe/adobe-client.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: adobe,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022100eff30b8e55f06b16c9d6319765c2ad58854c26856e355f039d1d5414b5d8258f02205c05e1a7b8edf37112c3c501eafc3207179c8e9afdda5f9c6ca93dc1dc7b9438:922c64590222798bb761d5b6d8e72950
# digest: 4b0a0048304602210091a0e3501d5a733f864b2f9968c99682909abadd098f0e7f97ef156ff606fa78022100b958c067fcb337ad26b199eefb0fdf714fc75f99e13fd47b73aa784c327adffa:922c64590222798bb761d5b6d8e72950

4
file/keys/adobe/adobe-secret.yaml
View File

@ -12,6 +12,7 @@ info:
metadata:
verified: true
tags: adobe,oauth,file,token
file:
- extensions:
- all
@ -21,5 +22,4 @@ file:
part: body
regex:
- '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)'
# digest: 4b0a0048304602210086cdebe3a78bf4282ea6b7e8107b833e98c6242501edc53c34ffad1d06dd8d760221009a912c40a016bdff61787eeb9d6fc9386c840a2b69b4c96915612c00fce6b493:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e42e81fe796be63ea8a17d7104c13e40aa707befc3158947008d42ca9f2faf040220411056eb6de154e275c71e0b87d434ca067d94e77b4025e44699ac5d91a13483:922c64590222798bb761d5b6d8e72950

4
file/keys/age/age-identity-secret-key.yaml
View File

@ -11,6 +11,7 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all
@ -20,5 +21,4 @@ file:
part: body
regex:
- '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b'
# digest: 4a0a0047304502201a1f14a0a6f72bbd8e353c6db3647c596ccee294516249b42df3757df4fa56b7022100fe1dc8b4a2e83bd842dced9fff217732d392b28eb0dd027f7e6f75f5aff9d634:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022064669ad050e9b0726b9868d4ca53ab1cacb87b8584c1d64227d98e55368b6c34022009e28bdb40c1b6ae685130e919f5a8767a16e5ade621248835bf13e780640463:922c64590222798bb761d5b6d8e72950

4
file/keys/age/age-recipient-public-key.yaml
View File

@ -11,6 +11,7 @@ info:
metadata:
verified: true
tags: age-encryption,file,token
file:
- extensions:
- all
@ -20,5 +21,4 @@ file:
part: body
regex:
- '\bage1[0-9a-z]{58}\b'
# digest: 4a0a004730450221009fb14853721aa355f4dff9b164fd098ba99f8c579e3ef82325210e6fbbb8918f02203f2a50f4e91298e867107a4af77f80f70cbc2a5c7cad4fa4133d2d7233d51dda:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202af9959d77b3ff2a64ae96a469e13298ea2e0adc5949d537b4393f9af61e9f68022100eefe6feaa9e6947627487767d6669d17e7c0b4deeeb67357930e7b9b85112979:922c64590222798bb761d5b6d8e72950

4
file/keys/alibaba/alibaba-key-id.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: alibaba,access,file,keys
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022010d9489b8b59a742d40af13eab87d1a56acc81ae51021beacd81f2cb3c2020670221008cfa46cab56f8ffd121bb8dad1d515c8136517f1da385fe6d1c364fcb95ef9b2:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402202a929c5a7c56fdcba6baf8a05f5ee26de1dc68039a330a33dba7e6973876605b0220499fe8d24c2d03e30f7ffa4077775380ea6b237262bfdc1319821135d3bf0faf:922c64590222798bb761d5b6d8e72950

4
file/keys/alibaba/alibaba-secret-id.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: alibaba,secret,file,keys
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 490a00463044022035a425a3c37a997471e5a91829014ba9e0e5be1e272e0cecd67317fcd54f5ea202204eaf1dd7997603c327ade970d78398373e7aa475aed015b70c2c6f2ec012c25d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a0048304602210087f98e454e5064757753028db3f4a280d96ee2ba47163b503031bb9000820d73022100f8348ca58ad2ee80dba4b7ccbca37a95b7ba44742a4f0ed2f5fd64b952843ef1:922c64590222798bb761d5b6d8e72950

3
file/keys/amazon/amazon-account-id.yaml
View File

@ -14,6 +14,7 @@ info:
metadata:
verified: true
tags: aws,amazon,token,file
file:
- extensions:
- all
@ -25,4 +26,4 @@ file:
- '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})'
# Enhanced by md on 2023/05/04
# digest: 490a0046304402204cdf5ae5eafb194436533d3bd5d707d3ed6e82bde669a90a33d3d6e7f841a4f1022016cc2daac84b2c82e2566fd7f5c68b83f2f1cbf93a5a19d259ac963a0ac330d0:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205389747c4b766d2eabc321eed84410d0dc58fb73d6c34ca8f2a9f04f959db2c902203f4493b71cbf4c1fc4714eac9912185979e2254c89a3942054b90c573b7ca0ea:922c64590222798bb761d5b6d8e72950

7
file/keys/amazon/amazon-mws-auth-token.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
tags: token,file,amazon,auth
tags: token,file,amazon,auth,mws
file:
- extensions:
- all
@ -18,6 +19,4 @@ file:
- type: regex
regex:
- "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
# Enhanced by md on 2023/05/04
# digest: 4a0a00473045022100a22e9ab4357449ff0b0d0e1d56fd2a2a815900eb260c13cdc8ca5b4904508d76022030e701c98fff70a3c0e8174fe27c30c87c60b0a4acdc97555a71970ab6e5e83a:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220085b6891206a2eaedf43e844734be57edd4101169c7ab497fc781192f4a2d654022072e50beb43840b56a0edf40a07e60091680ee8885ddd9a7053af207ee8ad756d:922c64590222798bb761d5b6d8e72950

3
file/keys/amazon/amazon-session-token.yaml
View File

@ -14,6 +14,7 @@ info:
metadata:
verified: true
tags: aws,amazon,token,file,session
file:
- extensions:
- all
@ -25,4 +26,4 @@ file:
- '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]'
# Enhanced by md on 2023/05/04
# digest: 490a00463044022042bbced45aee0d6943da5aac1efe8367af4c8d494a624bf45d428530a6fcba6e02204537fb05ae1ae72607f23bf06b9c8e0d20b917ba425905e80ce47cc7835d0a70:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022033eda0332d6984a3d9791ca0214a79ae1a32dffee71937b9959525089b91d11002207bb6ea85467d50a89825fb1ec994f3439372542a017465d7b609706f6803ed85:922c64590222798bb761d5b6d8e72950

5
file/keys/amazon/amazon-sns-token.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: file,token,amazon,aws
tags: file,token,amazon,aws,sns
file:
- extensions:
- all
@ -21,4 +22,4 @@ file:
- 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+'
# Enhanced by md on 2023/05/04
# digest: 4a0a004730450220498ac9e1f8922b28f9d1bdf0b66f41b9d55ab995d2eae1c6b4fc40b0bd7b39e5022100dae071582233b67060a20eda722d8204d7fc923666496cb98c164f884e09d8d7:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d2deab882cdb733293add11e14546b30ca84acfba22c45eb90567c7f8e9f5196022020747550b914361238f1fafd634fbe084a46a7905adeebf53e0225f136958ea7:922c64590222798bb761d5b6d8e72950

7
file/keys/amazon/aws-access-id.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: token,file
tags: token,file,aws,amazon
file:
- extensions:
- all
@ -18,6 +19,4 @@ file:
- type: regex
regex:
- "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
# Enhanced by md on 2023/05/04
# digest: 4a0a00473045022001180031643147e369ad54d397f6e1ec99e061e1a771b8ec6b9f024bb97300a7022100b5b3b3027d3e8edea6822f05c18070f5cbd64b111c6ac7aa37e3603fcb4b08ea:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220628a0e57dbb9e04afdeed6059972dcc9efd4c710f46965c9865705a92a395e50022100da58cee28a4466eeecb25b463ebfef29536642581c848db81192a27f90674972:922c64590222798bb761d5b6d8e72950

7
file/keys/amazon/aws-cognito.yaml
View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: token,file
tags: token,file,aws,amazon
file:
- extensions:
- all
@ -34,6 +35,4 @@ file:
- "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
- "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
- "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
# Enhanced by md on 2023/05/04
# digest: 4b0a00483046022100b065a7fffa3f1696948239b6546af3ff6d33ddd2ab72ce11e55831f029a152c5022100ce912a53c74a47179c62dbf4a78e93a8f5fdcbbbf497a94e6e4f4ef2e76efd91:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502204260c124c1640ef645cbd64edf52ce841872dbd9fbd174acde383368d8282c7d0221009646ae3e39f71cc7f47445ddcc54bb42c9b8382a39ade5c2a6ca7358bff96b70:922c64590222798bb761d5b6d8e72950

4
file/keys/asana/asana-clientid.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: asana,client,file,keys
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a00483046022100b5bca9cba24b0a4f3098d7a320c20a2152d1a115ea4677c6ca9eb9db50503b29022100c3189ce143a347cdb085e6eefa198c7c990e16049efd071154f7012490783fac:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ee80a7c2a35b34bc0d48c69c1e26169ef5a2181505d3836e47974bc04e41fbde0220796c13e9c14005e438971b5e1aa2f241fb1a2736a98df48c1acc98e50b1562b9:922c64590222798bb761d5b6d8e72950

4
file/keys/asana/asana-clientsecret.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: asana,client,file,keys,secret
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a0047304502206b120f6ce1d96f67b8b676972a3f185e765c9b078a4023386c0aac41ca5f9ce6022100e263135d7df9faa92ca170f9da0cb5498ae505b0f70226672dcfed5dc23d13b5:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a61527e5da6fb4b6f5e194679ac675364422d0a7a09fef2ed10c8d3982694d55022100a24d80c553e4d28e07ce752f5ab161faff53f39ea00a37ea4872f3c8564c4f6d:922c64590222798bb761d5b6d8e72950

4
file/keys/atlassian/atlassian-api-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: atlassian,file,token,api
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a00483046022100f0bda35ab0c6f042d2fe14f13a5f210b1dc29f733309f6b8f4da56ce8fa8bfcb022100a0e0348deb81e70fd2cdb84edb4365eba4d60a08075348d8ada6a6e0c7e687b4:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100ebbae7fcd649042462726342075bb82167ebc030e167913bdd215110d1761dcf0221009b64881b370a41ea63a791f39798379f96d2f2332535cfedb8c73aa59e28b9ec:922c64590222798bb761d5b6d8e72950

4
file/keys/azure/azure-connection-string.yaml
View File

@ -11,6 +11,7 @@ info:
metadata:
verified: true
tags: azure,file,token
file:
- extensions:
- all
@ -20,5 +21,4 @@ file:
part: body
regex:
- (?i)(?:AccountName|SharedAccessKeyName|SharedSecretIssuer)\s*=\s*([^;]{1,80})\s*;\s*.{0,10}\s*(?:AccountKey|SharedAccessKey|SharedSecretValue)\s*=\s*([^;]{1,100})(?:;|$)
# digest: 4b0a00483046022100e3adc030f2440f9928c46dd7ba3c430433c9b61b05b9c6fa51b61386028de5a502210084816e5118a166f01afc27f551f211c50e2200b9b7376bc224a4ba6a2f983750:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100dfb23302a9ceb17126da0f94eed10280f6bfb79e608360ab1d607b69c6b68272022006f8f2d7c27d7493e2cf94d730ae2472a5e280fe1a647d5ab6f0ac32bbe6cf49:922c64590222798bb761d5b6d8e72950

4
file/keys/bitbucket/bitbucket-client-id.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a0047304502201d21d831f228092a48fbaca110d697441266b632058d244ce2f20498b0e6000c022100ee669aafd4ecd541fd947246bb16d689558c0957c790f0c5046431fea45b5535:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e6046ec5dfe733833770588e314968b35e04375bc7340c24d8aca97ca93f358d0220026ca893ed0ddc8c9a60f35a1d31d247cfdc17cdf612943ca848fefd3181f917:922c64590222798bb761d5b6d8e72950

4
file/keys/bitbucket/bitbucket-client-secret.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a004730450220077c0a8011a358c155733dbfe67dfc5b4984e6e5ed7ac87be17c696422f33918022100fbb6ed954223d2567fb5c462f9902038f8fd1e2f0203cf2f277d5b75ab469740:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a4d39f5c2fd2be554b05ce9c4083291a6b85cddb89f41ee9eecda0e541e627c10221008663140025be9489731252822d5356a3329af4d1a27e72a529dd2763d31db9c8:922c64590222798bb761d5b6d8e72950

4
file/keys/bittrex/bittrex-access-key.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a0047304502204d0670fdc66229097bc3957b07710ce86dccba983dfa36c3c980bc7fe748d229022100a77a41e67b147b7408dbc4d590e1701095a148ab10fbcc8d547d132c93a458c8:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502210092f10185730fc282cf246891414ae7458e1422e6b6beeebc49a77015996af8350220526407f1e9925291d0f0704df3559fcfdf73c99dc82d320481af5fa0f3f12f3a:922c64590222798bb761d5b6d8e72950

4
file/keys/bittrex/bittrex-secret-key.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a00483046022100ebad288300a3b81794e829b7c3dad39ffda89ded326bd9238f601448199ebb49022100866ce04aabbf608302418d16d1ce75703e026a3e046b94f94e9dd1e3b9077ef1:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022070241503bd7584bcac20ccf11fea419f840577fb1de85bf3f0bbf85ebd87a1900220293ba0e136ccd1d001d5577c3c8fd8289e797db6b7ef041d68e3f59720b90661:922c64590222798bb761d5b6d8e72950

4
file/keys/confluent/confluent-access-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 490a0046304402204842d991c39eecda77a96ba0a6063d18df92203f992cb18dc17835886787fd4e0220701a4b876eb4a3a74571e7bb840da9180e53f0dae10f1df68c2aecde452b1c5b:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100fded7576b69aa3756852fc814b5dd7226ae4bc4cdaa2cbde0d46a10aa0332fba02200fb320560a551dad13b5493b58888efe4db9965c62b33e5236a63b6d4662cc15:922c64590222798bb761d5b6d8e72950

4
file/keys/confluent/confluent-secret-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 490a0046304402200346db34dcaaddf6a1767cc7c4d1bfa0a91465f8755da46711eae64be5aece7202207b8215d4202c7d6bba81bbb31d8f5d49dc1e4156f378096d547bea734224c7c2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221009a3fa8f6525aba2d1be593ec8ec61377d816f8c5dbe9a2d2fd4835c77516d65c02205465f59258947ef9a2e9701069d7e883ad3b4ee07f54846ae74338cbf088e0b4:922c64590222798bb761d5b6d8e72950

4
file/keys/digitalocean/digitalocean-access-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)\b(doo_v1_[a-f0-9]{64})\b
# digest: 4b0a00483046022100858d2cff4b452e35180468a6695191f9d1ae08ca70b8ca90b7e28bdbec1fdbeb022100a3be26c4c317526ccadda313039c98db82cbfd3cb1597ae24a12609797fda9d1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d3d6d0f1e9be0f6e5287ac6e8fcb2816270ffea11166f3429ce18866ee45b54b02202463ab752a6b1d6a2772695ac2590ec714d9e9cb40d704ba045f9e19ecef0ead:922c64590222798bb761d5b6d8e72950

4
file/keys/digitalocean/digitalocean-personal-access.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)\b(dop_v1_[a-f0-9]{64})\b
# digest: 4a0a00473045022100dcb8aaa82d6aefd3b01408d72a296c75c1deaff5819db85c822b7e45bff6d77202201b15ceff0eba81cd1f09340c78185fc750e7be78bc4af44b07714afd0aaae9f5:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100cb4688251040944452309e3d416dee2399a8c4a8d50b00e14bfc1c25c182ae5d02203521a1f9ec3975391ad08d2e1758adbd4a3badf59e74381370e5878190c06341:922c64590222798bb761d5b6d8e72950

4
file/keys/digitalocean/digitalocean-refresh-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)\b(dor_v1_[a-f0-9]{64})\b
# digest: 4b0a00483046022100931591d2a2069a31daa58995279b2782b0afada6a2220bec853c5bec6c1d3aa80221008c1a3f9aae96d9e07ec0a4f409d91db3236b9abd6a0d1c4ed51926f0798fd27b:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502201f9abea26dba51fe260ac718a061f5036ced848c361850f84c766b83b1d3387a022100abd7bf3aac4636945bad304eef5dbea1312003dbada471f2f69b0ac9b34173dd:922c64590222798bb761d5b6d8e72950

4
file/keys/discord/discord-api-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022036aba4243305e0c7ebf0fc10d5881e524ab82a68415015798b9baaed8bafc6bf022100dfb1277553666c29673cba6499260d5842e0d71c0c24a0ea77fe4ba20c3d2485:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e48a6aad6b2b386fa3a1c22a48b31d463d819bdc423b2422ad577fa1b83767fc022062a897354c1694e9a231e4b6af8c5bb3bc48b3e6d4cd82ef9d423fc530086696:922c64590222798bb761d5b6d8e72950

4
file/keys/discord/discord-cilent-secret.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022100da6c23c3fcf97b042569585276fdcab7635947ffb0cf6f2d5dae1d48fb38812902202f06f8d8203daf1529f43a2173ffff1eb112f78c8035a49e3aa138d67b1bbb26:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402203bf91b78ba54e271ab754773a0a2148823954f090d2af762f86d808aedb21c1402200261af609f7e4dfda184f98e3bd4f0978d4dc299a616bf29089693a60518afe4:922c64590222798bb761d5b6d8e72950

4
file/keys/discord/discord-client-id.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022014da9d0f239f7d501553ac906b9054714870fc2312887ed490cc59b2ba5ca2ee0221008b6f010727658b75178680fcea57746f49e27803292485eee7af6de904db741d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022015de41029eb1e1c05c2d6205845d638b5c5c53246299ec044da6587a72f9933d022100937b55b9fd885f14bf78b14ed4a64970cb04b922fa491b93b0950d885eecb7d4:922c64590222798bb761d5b6d8e72950

4
file/keys/dropbox/dropbox-api-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4a0a00473045022019bc488cb0a89a175bc3e928235f20bddc23095cea36a7710ad2178514467f28022100dbc59db66b17230f8573e8f9327e703cc7f3d20487cce343b7c7ba765b13e26d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100bf1039d2b6add065e40f7407f0595ed82655bbd6db8f131d2973ecf05d577efc022100db6dd42947aaaea99b0ad6fbb204fa6ec5752d88d83e3ad76d5086f5eefb8d1d:922c64590222798bb761d5b6d8e72950

4
file/keys/dropbox/dropbox-longlived-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a00483046022100ee9fa7d0912714a6b869f837f02095f6227cdb2267a2eba99a85ffbfc40891d3022100e1a8fe58ff358521d3164330dcd414e337b0c3fb3e07179874db247be79a19b0:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d3d5d27b9ba04aaff00d0fae1cf377ab9996388128a91c24c9a0a3e134632147022100cbd5a4171b490e3044e2e9b6c8395bd2b54556ecf9b022dbce9a9d841bd4e591:922c64590222798bb761d5b6d8e72950

4
file/keys/dropbox/dropbox-shortlived-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a00483046022100c6c63fb125dd56aac1691499be2236b6becd898dd20d76cc881c41482f591d5102210099593df2de5ea00a2ac6d85321ee740126acbc19f6e6fc1e64e98dc4b1570544:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502203e8b212e1c896ddd657207169eb6956149768ff8daaa1ae3a7a10110c9e44b2a02210097bb0541ddba12b7671226c59eabb2b3bee7232489a7e182c8e19d23e819e349:922c64590222798bb761d5b6d8e72950

4
file/keys/easypost/easypost-api-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: easypost,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- EZAK(?i)[a-z0-9]{54}
# digest: 490a00463044022004f1ebfb9f2f0ebd7428361989c6486052a7824344dcdc958d678ab6abd61642022010c132d078db8b4628c13bb47ca798450c5af0a655854fcd2231da9a8a5c8934:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202f3b6b442b14544ebc55eb6a73b25f2267bdb82338565fcb2334b326dd446800022100acf2e0e6731c078e17d675cfb05f436a83d49f482ddf349992cdc83559c6250f:922c64590222798bb761d5b6d8e72950

4
file/keys/easypost/easypost-test-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: easypost,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- EZTK(?i)[a-z0-9]{54}
# digest: 4a0a0047304502202205a242f36163c78f02e5793fa0ef5d707ecce2bc367cad05ce286d75e556b302210087b1d1ce6b50b243c3a28291aed68b1f5f68cf3308330443afbdcb3b87fab4a5:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502206c94595047a51f2a2d633eb8038b3d32d6878c2b1761dfb90d8173c95aaa4d2c02210088568ca0c1335e039436ab3bc5be20984830ae57487be7131785065f5d942602:922c64590222798bb761d5b6d8e72950

4
file/keys/facebook/facebook-api-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: facebook,file,token
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
# digest: 4b0a004830460221008e8d958b80d8556751101ab43f9cc2e681d16c97f0f31f221d21f0fbc5adf2dd022100a59299e03799791f28ada771791a5df4db221054dbd9ef30b0338c98e413ab77:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b9fd30ab013d35e321f08ec14b2239d76f7fb1383f020f7ddce29b4929c77cf2022046fc6ee2a33cac63d9f5da4b09a7b6ccda582d9f5b4d1cd7ab59bb0d5b5a5d31:922c64590222798bb761d5b6d8e72950

3
file/keys/facebook/facebook-client-id.yaml
View File

@ -10,6 +10,7 @@ info:
cvss-score: 0
cwe-id: CWE-200
tags: token,file,facebook
file:
- extensions:
- all
@ -20,4 +21,4 @@ file:
- "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
# Enhanced by md on 2023/05/04
# digest: 4a0a0047304502203ee04956e38d1c90207d18c341921f34cad6a619c8675827516cc1044c385cc70221009e2ca83865dc10f0a2310c5bd7e73a82e21a9f562734e8d44475f506bb72ed8f:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022073ef8ddf5b8fe1b39192f47d8fc46b65616fdea16b174fcc9e4df337a858cc4f0220034db1eb7391c147e5189e1202d9803d4c1eb07b7552af9309c73a5f8a83c319:922c64590222798bb761d5b6d8e72950

5
file/keys/facebook/facebook-secret.yaml
View File

@ -6,6 +6,7 @@ info:
severity: low
description: Facebook secret key token was detected.
tags: token,file,facebook
file:
- extensions:
- all
@ -14,6 +15,4 @@ file:
- type: regex
regex:
- "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
# Enhanced by md on 2023/05/04
# digest: 4b0a00483046022100c8f297f448fb4903d7a38171d2ebcbb1ae4cecc818f00c5042a4d50dcb216150022100d6e7270b96ebd866b3b5f9d26deb721ef4626d502aa7be161c75379de7f39de4:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502200c58a84c8ace2b8d977683558ac5207cb4b65a8c6b9d2d16d1414c050e41e92a022100f93af38f4eac5e3d8304af49332506260d60b8dac463abf48a7d5b6e226d207b:922c64590222798bb761d5b6d8e72950

4
file/keys/facebook/fb-access-token.yaml
View File

@ -10,6 +10,7 @@ info:
metadata:
verified: true
tags: facebook,token,file
file:
- extensions:
- all
@ -19,5 +20,4 @@ file:
part: body
regex:
- '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b'
# digest: 4a0a00473045022100849d707008c69218562f7bde2c69a9aa3ed82d2d9ee236d1e99a5885f885915702200fa99a785b94a0f76dd311407317707c399db097ae2a7e525ee21d6e19e14249:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a95b4d0ef6a560d1ecce073552c1845f6918e61a34d99e10316873d8c7cabcb7022100d9e7a0ed4e5c942ee24e904f38b2339a1524b15d19c2bc5cc942edbf74de7d9b:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More