diff --git a/README.md b/README.md index cb308e2fb9..ea243ba79f 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ An overview of the nuclei template directory including number of templates assoc | --------------- | ------------------------------- | ---------------- | ------------------------------ | | cves | 193 | default-logins | 10 | | dns | 6 | exposed-panels | 74 | -| exposed-tokens | 9 | exposures | 45 | +| exposed-tokens | 9 | exposures | 46 | | fuzzing | 4 | helpers | 2 | | miscellaneous | 12 | misconfiguration | 43 | | takeovers | 1 | technologies | 45 | @@ -417,6 +417,7 @@ An overview of the nuclei template directory including number of templates assoc │   └── logs │   ├── elmah-log-file.yaml │   ├── error-logs.yaml +│   ├── npm-log-file.yaml │   ├── rails-debug-mode.yaml │   ├── struts-debug-mode.yaml │   └── trace-axd-detect.yaml @@ -669,7 +670,7 @@ An overview of the nuclei template directory including number of templates assoc -**61 directories, 561 files**. +**61 directories, 562 files**. 📖 Documentation ----- diff --git a/exposures/logs/elmah-log-file.yaml b/exposures/logs/elmah-log-file.yaml index acf3e9c002..1737c0e9eb 100644 --- a/exposures/logs/elmah-log-file.yaml +++ b/exposures/logs/elmah-log-file.yaml @@ -4,6 +4,7 @@ info: name: elmah.axd Disclosure author: shine severity: medium + tags: logs requests: - method: GET diff --git a/exposures/logs/error-logs.yaml b/exposures/logs/error-logs.yaml index e6e28d2d7e..591ca48cb4 100644 --- a/exposures/logs/error-logs.yaml +++ b/exposures/logs/error-logs.yaml @@ -3,6 +3,7 @@ info: name: common error log files author: geeknik severity: info + tags: logs requests: - method: GET diff --git a/exposures/logs/npm-log-file.yaml b/exposures/logs/npm-log-file.yaml new file mode 100644 index 0000000000..ba8ddbc78b --- /dev/null +++ b/exposures/logs/npm-log-file.yaml @@ -0,0 +1,22 @@ +id: npm-log-file + +info: + name: Publicly accessible NPM Log file + author: sheikhrishad + severity: low + tags: npm,logs + +requests: + - method: GET + path: + - "{{BaseURL}}/npm-debug.log" + + matchers-condition: and + matchers: + - type: word + words: + - "info it worked if it ends with ok" + + - type: status + status: + - 200 diff --git a/exposures/logs/rails-debug-mode.yaml b/exposures/logs/rails-debug-mode.yaml index 911965ae65..bc0a549a7d 100644 --- a/exposures/logs/rails-debug-mode.yaml +++ b/exposures/logs/rails-debug-mode.yaml @@ -4,6 +4,7 @@ info: name: Rails Debug Mode Enabled author: pd-team severity: medium + tags: logs,rails requests: - method: GET diff --git a/exposures/logs/struts-debug-mode.yaml b/exposures/logs/struts-debug-mode.yaml index fec6389cab..d72731b366 100644 --- a/exposures/logs/struts-debug-mode.yaml +++ b/exposures/logs/struts-debug-mode.yaml @@ -4,6 +4,7 @@ info: name: Apache Struts setup in Debug-Mode author: pd-team severity: low + tags: logs,struts requests: - method: GET diff --git a/exposures/logs/trace-axd-detect.yaml b/exposures/logs/trace-axd-detect.yaml index 1ea5404a13..6af306c8aa 100644 --- a/exposures/logs/trace-axd-detect.yaml +++ b/exposures/logs/trace-axd-detect.yaml @@ -5,6 +5,7 @@ info: author: dhiyaneshDK severity: low reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/ + tags: logs,asp requests: - method: GET