Merge pull request #878 from projectdiscovery/npm-log-file

Added npm-log-file
2021-02-17 16:14:03 +05:30 · 2021-02-17 16:14:03 +05:30 · ae65542712
parent 7f83a3a275 16ca562696
commit ae65542712
7 changed files with 30 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -30,7 +30,7 @@ An overview of the nuclei template directory including number of templates assoc
 | --------------- | ------------------------------- | ---------------- | ------------------------------ |
 | cves            | 193            | default-logins   | 10 |
 | dns             | 6               | exposed-panels   | 74   |
-| exposed-tokens  | 9  | exposures        | 45      |
+| exposed-tokens  | 9  | exposures        | 46      |
 | fuzzing         | 4           | helpers          | 2        |
 | miscellaneous   | 12     | misconfiguration | 43 |
 | takeovers       | 1         | technologies     | 45     |
@ -417,6 +417,7 @@ An overview of the nuclei template directory including number of templates assoc
 │   └── logs
 │       ├── elmah-log-file.yaml
 │       ├── error-logs.yaml
+│       ├── npm-log-file.yaml
 │       ├── rails-debug-mode.yaml
 │       ├── struts-debug-mode.yaml
 │       └── trace-axd-detect.yaml
@ -669,7 +670,7 @@ An overview of the nuclei template directory including number of templates assoc

 </details>

-**61 directories, 561 files**.
+**61 directories, 562 files**.

 📖 Documentation
 -----
--- a/exposures/logs/elmah-log-file.yaml
+++ b/exposures/logs/elmah-log-file.yaml
@ -4,6 +4,7 @@ info:
  name: elmah.axd Disclosure
  author: shine
  severity: medium
+  tags: logs

 requests:
  - method: GET
--- a/exposures/logs/error-logs.yaml
+++ b/exposures/logs/error-logs.yaml
@ -3,6 +3,7 @@ info:
  name: common error log files
  author: geeknik
  severity: info
+  tags: logs

 requests:
  - method: GET
--- a/exposures/logs/npm-log-file.yaml
+++ b/exposures/logs/npm-log-file.yaml
@ -0,0 +1,22 @@
+id: npm-log-file
+
+info:
+  name: Publicly accessible NPM Log file
+  author: sheikhrishad
+  severity: low
+  tags: npm,logs
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/npm-debug.log"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "info it worked if it ends with ok"
+
+      - type: status
+        status:
+          - 200
--- a/exposures/logs/rails-debug-mode.yaml
+++ b/exposures/logs/rails-debug-mode.yaml
@ -4,6 +4,7 @@ info:
  name: Rails Debug Mode Enabled
  author: pd-team
  severity: medium
+  tags: logs,rails

 requests:
  - method: GET
--- a/exposures/logs/struts-debug-mode.yaml
+++ b/exposures/logs/struts-debug-mode.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Struts setup in Debug-Mode
  author: pd-team
  severity: low
+  tags: logs,struts

 requests:
  - method: GET
--- a/exposures/logs/trace-axd-detect.yaml
+++ b/exposures/logs/trace-axd-detect.yaml
@ -5,6 +5,7 @@ info:
  author: dhiyaneshDK
  severity: low
  reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
+  tags: logs,asp

 requests:
  - method: GET