daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: false negative rundeck 

- Fix false negative rundeck by changing the matcher
- Added version detection for old rundeck and new rundeck
patch-1
Muhammad Daffa 2022-10-23 15:15:28 +07:00 committed by GitHub
parent 8e89f23c2f
commit bc40cf9c12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
exposed-panels/rundeck-login.yaml
View File

@ -1,8 +1,8 @@
id: rundeck-login id: rundeck-login
info: info:
name: RunDeck Login name: RunDeck Login Panel
author: DhiyaneshDk author: DhiyaneshDk, daffainfo
severity: info severity: info
metadata: metadata:
verified: true verified: true
@ -16,14 +16,24 @@ requests:
host-redirects: true host-redirects: true
max-redirects: 2 max-redirects: 2
matchers-condition: or matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body part: body
words: words:
- 'Rundeck - Login</title>' - 'utm_source=rundeckapp'
- 'name="j_username" id="login"'
- 'name="j_password" id="password"'
condition: and
- type: word - type: status
status:
- 200
extractors:
- type: regex
part: body part: body
words: group: 1
- 'RUNDECK ENTERPRISE - Login</title>' regex:
- '<a href=\"https:\/\/docs.rundeck.com\/([0-9.]+)'
- '<a href=\"http:\/\/rundeck\.org\/([0-9.]+)' ## Detection version on old rundeck