From e09bb5d47892b92e44fb6916c6959fc31a0d95e9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 2 Dec 2022 12:50:22 +0530 Subject: [PATCH 1/3] Update putty-private-key-disclosure.yaml --- exposures/files/putty-private-key-disclosure.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/exposures/files/putty-private-key-disclosure.yaml b/exposures/files/putty-private-key-disclosure.yaml index f9b43ced3e..bf37cb013a 100644 --- a/exposures/files/putty-private-key-disclosure.yaml +++ b/exposures/files/putty-private-key-disclosure.yaml @@ -2,16 +2,26 @@ id: putty-private-key-disclosure info: name: Putty Private Key Disclosure - author: dhiyaneshDk + author: DhiyaneshDk,geeknik severity: medium reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/putty-private-key-disclosure.json + metadata: + verified: true + github-query: filename:putty.ppk tags: exposure,files requests: - method: GET path: - "{{BaseURL}}/my.ppk" + - "{{BaseURL}}/putty.ppk" + - "{{BaseURL}}/{{Hostname}}.ppk" + - "{{BaseURL}}/.ssh/putty.ppk" + - "{{BaseURL}}/.ssh/{{Hostname}}.ppk" + - "{{BaseURL}}/.putty/my.ppk" + - "{{BaseURL}}/.putty/putty.ppk" + - "{{BaseURL}}/.putty/{{Hostname}}.ppk" matchers-condition: and matchers: From 0e603358f53daf1aa974fc53f0328dc03a98ff70 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 2 Dec 2022 12:51:21 +0530 Subject: [PATCH 2/3] Update putty-private-key-disclosure.yaml --- exposures/files/putty-private-key-disclosure.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposures/files/putty-private-key-disclosure.yaml b/exposures/files/putty-private-key-disclosure.yaml index bf37cb013a..2f724217a0 100644 --- a/exposures/files/putty-private-key-disclosure.yaml +++ b/exposures/files/putty-private-key-disclosure.yaml @@ -23,6 +23,7 @@ requests: - "{{BaseURL}}/.putty/putty.ppk" - "{{BaseURL}}/.putty/{{Hostname}}.ppk" + stop-at-first-match: true matchers-condition: and matchers: - type: word From 7182ecb48df220b695e9bc719b151f79769b5077 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 8 Dec 2022 14:58:06 +0530 Subject: [PATCH 3/3] Update putty-private-key-disclosure.yaml --- exposures/files/putty-private-key-disclosure.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/files/putty-private-key-disclosure.yaml b/exposures/files/putty-private-key-disclosure.yaml index 2f724217a0..5226890a13 100644 --- a/exposures/files/putty-private-key-disclosure.yaml +++ b/exposures/files/putty-private-key-disclosure.yaml @@ -27,10 +27,10 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "PuTTY-User-Key-File" - "Encryption:" - part: body condition: and - type: status