Dhiyaneshwaran
GitHub
commit
a1ba33327a
|
|
@ -0,0 +1,120 @@
|
|||
id: aws-detect
|
||||
|
||||
info:
|
||||
name: AWS Service - Detect
|
||||
author: 6mile
|
||||
severity: info
|
||||
description: Detect if AWS is being used in the application.
|
||||
reference:
|
||||
- https://github.com/6mile/cloud-headers
|
||||
classification:
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: tech,aws,amazon,alb,cloudfront,codebuild,gateway,xray,captcha,dynamodb,kms
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 3
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
name: aws-service
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amz-Content-Sha256:'
|
||||
- 'X-Amz-Date:'
|
||||
- 'X-Amz-Version-Id:'
|
||||
- 'X-Amz-Id-2:'
|
||||
- 'X-Amz-Delete-Marker:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-alb
|
||||
part: header
|
||||
words:
|
||||
- 'Server: awselb/2.0'
|
||||
- 'Set-Cookie: AWSALB='
|
||||
- 'Set-Cookie: AWSALBCORS='
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-cloudfront
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amz-Cf-Id:'
|
||||
- 'X-Amz-Cf-Pop:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: dsl
|
||||
name: aws-cloudfront
|
||||
dsl:
|
||||
- "contains(tolower(header), 'x-cache: hit from cloudfront')"
|
||||
- "contains(tolower(header), 'x-cache: refreshhit from cloudfront')"
|
||||
- "contains(tolower(header), 'x-cache: miss from cloudfront')"
|
||||
- "contains(tolower(header), 'x-cache: error from cloudfront')"
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
name: aws-codebuild
|
||||
part: header
|
||||
words:
|
||||
- "arn: arn:aws:codebuild"
|
||||
- 'X-Amz-Meta-Codebuild-Buildarn:'
|
||||
- 'X-Amz-Meta-Codebuild-Content-Sha256:'
|
||||
- 'X-Amz-Meta-Codebuild-Content-Md5:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-api-gateway
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amz-Apigw-Id:'
|
||||
- 'X-Amzn-Requestid:'
|
||||
- 'X-Amzn-Errortype: MissingAuthenticationTokenException'
|
||||
- 'X-Amzn-Remapped-Connection:'
|
||||
- 'X-Amzn-Remapped-Content-Length:'
|
||||
- 'X-Amzn-Remapped-Date:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-kms
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amz-Server-Side-Encryption:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-xray
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amzn-Trace-Id:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-waf-captcha
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amzn-Waf-Action:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
name: aws-dynamodb
|
||||
part: header
|
||||
words:
|
||||
- 'X-Amz-Crc32:'
|
||||
- 'X-Amz-Target:'
|
||||
condition: or
|
||||
case-insensitive: true
|
||||
Loading…
Reference in New Issue