From b9a4f8433e18a09402165f91be334a0f56774eb6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 19 Mar 2024 20:50:31 +0530 Subject: [PATCH] reverted bruteforce tags to fuzz --- .nuclei-ignore | 1 - cloud/enum/azure-vm-cloud-enum.yaml | 2 +- config/bugbounty.yml | 2 +- config/pentest.yml | 2 +- config/recommended.yml | 2 +- http/cves/2017/CVE-2017-17562.yaml | 2 +- http/cves/2019/CVE-2019-17382.yaml | 2 +- http/cves/2022/CVE-2022-2034.yaml | 2 +- http/cves/2022/CVE-2022-2599.yaml | 2 +- http/cves/2023/CVE-2023-24489.yaml | 2 +- http/default-logins/oracle/peoplesoft-default-login.yaml | 2 +- http/exposed-panels/adminer-panel-detect.yaml | 2 +- http/exposures/backups/php-backup-files.yaml | 2 +- http/fuzzing/cache-poisoning-fuzz.yaml | 2 +- http/fuzzing/header-command-injection.yaml | 2 +- http/fuzzing/iis-shortname.yaml | 2 +- http/fuzzing/linux-lfi-fuzzing.yaml | 2 +- http/fuzzing/mdb-database-file.yaml | 2 +- http/fuzzing/prestashop-module-fuzz.yaml | 2 +- http/fuzzing/ssrf-via-proxy.yaml | 2 +- http/fuzzing/valid-gmail-check.yaml | 2 +- http/fuzzing/waf-fuzz.yaml | 2 +- http/fuzzing/wordpress-plugins-detect.yaml | 4 ++-- http/fuzzing/wordpress-themes-detect.yaml | 2 +- http/fuzzing/wordpress-weak-credentials.yaml | 2 +- http/fuzzing/xff-403-bypass.yaml | 2 +- http/miscellaneous/defacement-detect.yaml | 2 +- http/miscellaneous/ntlm-directories.yaml | 2 +- http/misconfiguration/aem/aem-userinfo-servlet.yaml | 2 +- http/misconfiguration/gitlab/gitlab-user-enum.yaml | 2 +- http/misconfiguration/proxy/open-proxy-internal.yaml | 2 +- http/misconfiguration/proxy/open-proxy-localhost.yaml | 2 +- http/misconfiguration/proxy/open-proxy-portscan.yaml | 2 +- http/technologies/graylog/graylog-api-exposure.yaml | 2 +- http/vulnerabilities/tongda/tongda-auth-bypass.yaml | 2 +- http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml | 2 +- javascript/cves/2023/CVE-2023-34039.yaml | 3 ++- javascript/default-logins/ssh-default-logins.yaml | 2 +- network/misconfig/mysql-native-password.yaml | 2 +- network/misconfig/tidb-native-password.yaml | 2 +- 40 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.nuclei-ignore b/.nuclei-ignore index 4714e3b0df..40720ba50a 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -16,7 +16,6 @@ tags: - "fuzz" - "dos" - "local" - - "brute-force" - "bruteforce" - "phishing" diff --git a/cloud/enum/azure-vm-cloud-enum.yaml b/cloud/enum/azure-vm-cloud-enum.yaml index c9eb876265..62be7fe992 100644 --- a/cloud/enum/azure-vm-cloud-enum.yaml +++ b/cloud/enum/azure-vm-cloud-enum.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true max-request: 1 - tags: cloud,cloud-enum,azure,bruteforce,enum + tags: cloud,cloud-enum,azure,fuzz,enum self-contained: true diff --git a/config/bugbounty.yml b/config/bugbounty.yml index b75b98dc83..0b04440ca1 100644 --- a/config/bugbounty.yml +++ b/config/bugbounty.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - fuzz - creds-stuffing - token-spray - osint \ No newline at end of file diff --git a/config/pentest.yml b/config/pentest.yml index dc2466e291..2546416b85 100644 --- a/config/pentest.yml +++ b/config/pentest.yml @@ -15,5 +15,5 @@ type: exclude-tags: - dos - - brute-force + - fuzz - osint \ No newline at end of file diff --git a/config/recommended.yml b/config/recommended.yml index c3b24db1a9..fd09c67f0a 100644 --- a/config/recommended.yml +++ b/config/recommended.yml @@ -20,7 +20,7 @@ type: exclude-tags: - tech - dos - - brute-force + - fuzz - creds-stuffing - token-spray - osint diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index fd29113e97..a19b300778 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -28,7 +28,7 @@ info: max-request: 65 vendor: embedthis product: goahead - tags: cve,cve2017,rce,goahead,bruteforce,kev,vulhub,embedthis + tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis http: - raw: diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index e7cd0c42d7..babc75564f 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -27,7 +27,7 @@ info: max-request: 100 vendor: zabbix product: zabbix - tags: cve2019,cve,bruteforce,auth-bypass,login,edb,zabbix + tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix http: - raw: diff --git a/http/cves/2022/CVE-2022-2034.yaml b/http/cves/2022/CVE-2022-2034.yaml index f5297ad76b..81846921c0 100644 --- a/http/cves/2022/CVE-2022-2034.yaml +++ b/http/cves/2022/CVE-2022-2034.yaml @@ -28,7 +28,7 @@ info: vendor: automattic product: sensei_lms framework: wordpress - tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,bruteforce,hackerone,wordpress,wp-plugin,automattic + tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic http: - method: GET diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml index ce4dd18699..71cb695804 100644 --- a/http/cves/2022/CVE-2022-2599.yaml +++ b/http/cves/2022/CVE-2022-2599.yaml @@ -29,7 +29,7 @@ info: vendor: anti-malware_security_and_brute-force_firewall_project product: anti-malware_security_and_brute-force_firewall framework: wordpress - tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project + tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan http: - raw: diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index b2d05cd0a9..84207995d6 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -28,7 +28,7 @@ info: vendor: citrix product: sharefile_storage_zones_controller shodan-query: title:"ShareFile Storage Server" - tags: cve2023,cve,sharefile,rce,intrusive,fileupload,bruteforce,kev,citrix + tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix variables: fileName: '{{rand_base(8)}}' diff --git a/http/default-logins/oracle/peoplesoft-default-login.yaml b/http/default-logins/oracle/peoplesoft-default-login.yaml index ab570a5d23..5efacaf70e 100644 --- a/http/default-logins/oracle/peoplesoft-default-login.yaml +++ b/http/default-logins/oracle/peoplesoft-default-login.yaml @@ -16,7 +16,7 @@ info: verified: true max-request: 200 shodan-query: title:"Oracle PeopleSoft Sign-in" - tags: default-login,peoplesoft,oracle,bruteforce + tags: default-login,peoplesoft,oracle,fuzz http: - method: POST diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml index 1b29926f7b..8f3282ffe1 100644 --- a/http/exposed-panels/adminer-panel-detect.yaml +++ b/http/exposed-panels/adminer-panel-detect.yaml @@ -19,7 +19,7 @@ info: vendor: adminer product: adminer max-request: 741 - tags: panel,bruteforce,adminer,login,sqli + tags: panel,fuzz,adminer,login,sqli http: - raw: diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml index 6243db5b26..a6fba70644 100644 --- a/http/exposures/backups/php-backup-files.yaml +++ b/http/exposures/backups/php-backup-files.yaml @@ -7,7 +7,7 @@ info: description: PHP Source File is disclosed to external users. metadata: max-request: 1512 - tags: exposure,backup,php,disclosure,bruteforce + tags: exposure,backup,php,disclosure,fuzz http: - method: GET diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/cache-poisoning-fuzz.yaml index f76d291382..9e0174b891 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/cache-poisoning-fuzz.yaml @@ -9,7 +9,7 @@ info: - https://portswigger.net/web-security/web-cache-poisoning metadata: max-request: 5834 - tags: fuzzing,bruteforce,cache + tags: fuzz,cache http: - raw: diff --git a/http/fuzzing/header-command-injection.yaml b/http/fuzzing/header-command-injection.yaml index 550e7fbc9a..9863e8e4b0 100644 --- a/http/fuzzing/header-command-injection.yaml +++ b/http/fuzzing/header-command-injection.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-77 metadata: max-request: 7650 - tags: fuzzing,bruteforce,rce + tags: fuzz,rce http: - raw: diff --git a/http/fuzzing/iis-shortname.yaml b/http/fuzzing/iis-shortname.yaml index 6be72001b3..d6da7ac5b6 100644 --- a/http/fuzzing/iis-shortname.yaml +++ b/http/fuzzing/iis-shortname.yaml @@ -15,7 +15,7 @@ info: cwe-id: CWE-200 metadata: max-request: 4 - tags: bruteforce,edb + tags: iis,edb http: - raw: diff --git a/http/fuzzing/linux-lfi-fuzzing.yaml b/http/fuzzing/linux-lfi-fuzzing.yaml index f313bfc151..d21b76eb01 100644 --- a/http/fuzzing/linux-lfi-fuzzing.yaml +++ b/http/fuzzing/linux-lfi-fuzzing.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 22 - tags: fuzzing,linux,lfi,bruteforce + tags: linux,lfi,fuzzing http: - method: GET diff --git a/http/fuzzing/mdb-database-file.yaml b/http/fuzzing/mdb-database-file.yaml index 7c633cd03e..3239da2aee 100644 --- a/http/fuzzing/mdb-database-file.yaml +++ b/http/fuzzing/mdb-database-file.yaml @@ -13,7 +13,7 @@ info: cwe-id: CWE-200 metadata: max-request: 341 - tags: bruteforce,mdb,asp + tags: fuzz,mdb,asp http: - raw: diff --git a/http/fuzzing/prestashop-module-fuzz.yaml b/http/fuzzing/prestashop-module-fuzz.yaml index d280c39b77..812dc64365 100644 --- a/http/fuzzing/prestashop-module-fuzz.yaml +++ b/http/fuzzing/prestashop-module-fuzz.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 639 - tags: fuzzing,bruteforce,prestashop + tags: fuzz,prestashop http: - raw: diff --git a/http/fuzzing/ssrf-via-proxy.yaml b/http/fuzzing/ssrf-via-proxy.yaml index 013f9b777d..5959166489 100644 --- a/http/fuzzing/ssrf-via-proxy.yaml +++ b/http/fuzzing/ssrf-via-proxy.yaml @@ -10,7 +10,7 @@ info: - https://twitter.com/ImoJOnDz/status/1649089777629827072 metadata: max-request: 9 - tags: ssrf,proxy,oast,bruteforce + tags: ssrf,proxy,oast,fuzz http: - payloads: diff --git a/http/fuzzing/valid-gmail-check.yaml b/http/fuzzing/valid-gmail-check.yaml index 6d3a9fd0d6..11f2a8e76b 100644 --- a/http/fuzzing/valid-gmail-check.yaml +++ b/http/fuzzing/valid-gmail-check.yaml @@ -8,7 +8,7 @@ info: - https://github.com/dievus/geeMailUserFinder metadata: max-request: 1 - tags: bruteforce,gmail + tags: fuzzing,gmail self-contained: true diff --git a/http/fuzzing/waf-fuzz.yaml b/http/fuzzing/waf-fuzz.yaml index 392aa4cad0..a525a24f89 100644 --- a/http/fuzzing/waf-fuzz.yaml +++ b/http/fuzzing/waf-fuzz.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 58 - tags: fuzzing,waf,tech,bruteforce + tags: waf,tech,fuzz http: - raw: diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/wordpress-plugins-detect.yaml index ac4f0ded77..1b3d0851f9 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/wordpress-plugins-detect.yaml @@ -5,8 +5,8 @@ info: author: 0xcrypto severity: info metadata: - max-request: 100563 - tags: fuzzing,bruteforce,wordpress + max-request: 98135 + tags: fuzz,wordpress http: - raw: diff --git a/http/fuzzing/wordpress-themes-detect.yaml b/http/fuzzing/wordpress-themes-detect.yaml index 3bb2f31ff5..c5df4957c4 100644 --- a/http/fuzzing/wordpress-themes-detect.yaml +++ b/http/fuzzing/wordpress-themes-detect.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: max-request: 24434 - tags: bruteforce,wordpress,wp + tags: fuzz,wordpress http: - raw: diff --git a/http/fuzzing/wordpress-weak-credentials.yaml b/http/fuzzing/wordpress-weak-credentials.yaml index 55bff6004d..f2f4adfe9d 100644 --- a/http/fuzzing/wordpress-weak-credentials.yaml +++ b/http/fuzzing/wordpress-weak-credentials.yaml @@ -14,7 +14,7 @@ info: cwe-id: CWE-1391 metadata: max-request: 276 - tags: wordpress,default-login,bruteforce + tags: wordpress,default-login,fuzz http: - raw: diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/xff-403-bypass.yaml index 564e32ff7e..868adda120 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/xff-403-bypass.yaml @@ -7,7 +7,7 @@ info: description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: max-request: 3 - tags: fuzzing,bruteforce + tags: fuzzing http: - raw: diff --git a/http/miscellaneous/defacement-detect.yaml b/http/miscellaneous/defacement-detect.yaml index 3e6a8b0352..e3151f3d8f 100644 --- a/http/miscellaneous/defacement-detect.yaml +++ b/http/miscellaneous/defacement-detect.yaml @@ -16,7 +16,7 @@ info: metadata: verified: true max-request: 85 - tags: misc,defacement,spam,hacktivism,bruteforce + tags: misc,defacement,spam,hacktivism,fuzz http: - method: GET diff --git a/http/miscellaneous/ntlm-directories.yaml b/http/miscellaneous/ntlm-directories.yaml index 33d464a191..babfb2e205 100644 --- a/http/miscellaneous/ntlm-directories.yaml +++ b/http/miscellaneous/ntlm-directories.yaml @@ -8,7 +8,7 @@ info: - https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666 metadata: max-request: 47 - tags: miscellaneous,misc,bruteforce,windows + tags: miscellaneous,misc,fuzz,windows http: - raw: diff --git a/http/misconfiguration/aem/aem-userinfo-servlet.yaml b/http/misconfiguration/aem/aem-userinfo-servlet.yaml index a9f4c34b1f..8fb9cd75de 100644 --- a/http/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/http/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -8,7 +8,7 @@ info: metadata: max-request: 1 shodan-query: http.component:"Adobe Experience Manager" - tags: aem,bruteforce,misconfig + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/gitlab/gitlab-user-enum.yaml b/http/misconfiguration/gitlab/gitlab-user-enum.yaml index d4a246907a..32032a9d63 100644 --- a/http/misconfiguration/gitlab/gitlab-user-enum.yaml +++ b/http/misconfiguration/gitlab/gitlab-user-enum.yaml @@ -9,7 +9,7 @@ info: metadata: max-request: 100 shodan-query: http.title:"GitLab" - tags: gitlab,enum,misconfig,bruteforce + tags: gitlab,enum,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-internal.yaml b/http/misconfiguration/proxy/open-proxy-internal.yaml index 4f55147edc..2c2ffb316d 100644 --- a/http/misconfiguration/proxy/open-proxy-internal.yaml +++ b/http/misconfiguration/proxy/open-proxy-internal.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 25 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-localhost.yaml b/http/misconfiguration/proxy/open-proxy-localhost.yaml index 4bbd6ea3f8..05e927aeb7 100644 --- a/http/misconfiguration/proxy/open-proxy-localhost.yaml +++ b/http/misconfiguration/proxy/open-proxy-localhost.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 6 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/misconfiguration/proxy/open-proxy-portscan.yaml b/http/misconfiguration/proxy/open-proxy-portscan.yaml index f9e8c625c5..e59ad881a8 100644 --- a/http/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/http/misconfiguration/proxy/open-proxy-portscan.yaml @@ -16,7 +16,7 @@ info: cwe-id: CWE-441 metadata: max-request: 8 - tags: exposure,config,proxy,misconfig,bruteforce + tags: exposure,config,proxy,misconfig,fuzz http: - raw: diff --git a/http/technologies/graylog/graylog-api-exposure.yaml b/http/technologies/graylog/graylog-api-exposure.yaml index ef9301e3a1..1ff34721ff 100644 --- a/http/technologies/graylog/graylog-api-exposure.yaml +++ b/http/technologies/graylog/graylog-api-exposure.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 50 shodan-query: Graylog - tags: tech,graylog,api,swagger,bruteforce + tags: tech,graylog,api,swagger,fuzz http: - method: GET diff --git a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml index 2366e35ff2..e161a36a79 100644 --- a/http/vulnerabilities/tongda/tongda-auth-bypass.yaml +++ b/http/vulnerabilities/tongda/tongda-auth-bypass.yaml @@ -14,7 +14,7 @@ info: shodan-query: title:"通达OA" fofa-query: title="通达OA" zoomeye-query: app:"通达OA" - tags: tongda,auth-bypass,bruteforce + tags: tongda,auth-bypass,fuzz http: - raw: diff --git a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml index 4f2ba6473d..8aaa5f0c80 100644 --- a/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml +++ b/http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml @@ -10,7 +10,7 @@ info: - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ metadata: max-request: 276 - tags: wordpress,php,xmlrpc,bruteforce + tags: wordpress,php,xmlrpc,fuzz http: - raw: diff --git a/javascript/cves/2023/CVE-2023-34039.yaml b/javascript/cves/2023/CVE-2023-34039.yaml index f71d6ad270..cd606aeb7f 100644 --- a/javascript/cves/2023/CVE-2023-34039.yaml +++ b/javascript/cves/2023/CVE-2023-34039.yaml @@ -29,7 +29,8 @@ info: verified: true vendor: vmware product: aria_operations_for_networks - tags: js,packetstorm,cve,cve2019,vmware,aria,rce,bruteforce,vrealize + tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize + variables: keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory diff --git a/javascript/default-logins/ssh-default-logins.yaml b/javascript/default-logins/ssh-default-logins.yaml index c048e1bbf5..d3dcf075dd 100644 --- a/javascript/default-logins/ssh-default-logins.yaml +++ b/javascript/default-logins/ssh-default-logins.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 223 shodan-query: port:1433 - tags: js,ssh,default-login,network,bruteforce + tags: js,ssh,default-login,network,fuzz javascript: - pre-condition: | diff --git a/network/misconfig/mysql-native-password.yaml b/network/misconfig/mysql-native-password.yaml index 0c2b16762b..2ade9b58cc 100644 --- a/network/misconfig/mysql-native-password.yaml +++ b/network/misconfig/mysql-native-password.yaml @@ -12,7 +12,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,mysql,bruteforce,db,misconfig + tags: network,mysql,db,misconfig tcp: - host: diff --git a/network/misconfig/tidb-native-password.yaml b/network/misconfig/tidb-native-password.yaml index 94c0f0b903..684baa5174 100644 --- a/network/misconfig/tidb-native-password.yaml +++ b/network/misconfig/tidb-native-password.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - tags: network,tidb,bruteforce,db,misconfig + tags: network,tidb,db,misconfig tcp: - host: