Merge pull request #8779 from antoinet/main

Additional matcher for security.txt
patch-1
Ritik Chaddha 2023-12-09 16:14:31 +07:00 committed by GitHub
commit 9d4aa1f633
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 8 deletions

View File

@ -4,12 +4,14 @@ info:
name: security.txt File
author: bad5ect0r,noraj
severity: info
description: File similar to robots.txt but intended to be read by humans wishing to contact a websites owner about security issues. Often defines a security policy and contact details.
description: |
File similar to robots.txt but intended to be read by humans wishing to contact a websites owner about security issues. Often defines a security policy and contact details.
reference:
- https://securitytxt.org/
- https://community.turgensec.com/security-txt-progress-in-ethical-security-research/
metadata:
max-request: 2
verified: true
shodan-query: http.securitytxt:contact http.status:200
tags: misc,generic
@ -20,23 +22,24 @@ http:
- "{{RootURL}}/security.txt"
stop-at-first-match: true
host-redirects: true
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "Contact:"
- "Expires:"
condition: or
- type: dsl
dsl:
- "len(body) <= 4096 && len(body) > 0"
- type: status
status:
- 200
extractors:
- type: regex
group: 1