From 612e35dfba95382850382a6974ea2dbfe124bf75 Mon Sep 17 00:00:00 2001 From: toufik-airane Date: Tue, 21 Apr 2020 21:26:15 +0200 Subject: [PATCH] add zip-files.yaml Scan for potential compressed web folder at the root level of the target. Scan for few extensions and valid magic numbers for reliability. --- files/zip-files.yaml | 49 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 files/zip-files.yaml diff --git a/files/zip-files.yaml b/files/zip-files.yaml new file mode 100644 index 0000000000..bc255a19be --- /dev/null +++ b/files/zip-files.yaml @@ -0,0 +1,49 @@ +id: git-config + +info: + name: Compressed Web folder + author: Toufik Airane - https://medium.com/@toufik.airane + severity: medium + +requests: + - method: GET + path: + - "{{BaseURL}}/{{Hostname}}.7z" + - "{{BaseURL}}/{{Hostname}}.bz2" + - "{{BaseURL}}/{{Hostname}}.gz" + - "{{BaseURL}}/{{Hostname}}.lz" + - "{{BaseURL}}/{{Hostname}}.rar" + - "{{BaseURL}}/{{Hostname}}.tar.gz" + - "{{BaseURL}}/{{Hostname}}.xz" + - "{{BaseURL}}/{{Hostname}}.zip" + - "{{BaseURL}}/{{Hostname}}.z" + - "{{BaseURL}}/{{Hostname}}.tar.z" + - "{{BaseURL}}/{{Hostname}}.db" + - "{{BaseURL}}/{{Hostname}}.sqlite" + - "{{BaseURL}}/{{Hostname}}.sqlitedb" + - "{{BaseURL}}/{{Hostname}}.sql.7z" + - "{{BaseURL}}/{{Hostname}}.sql.bz2" + - "{{BaseURL}}/{{Hostname}}.sql.gz" + - "{{BaseURL}}/{{Hostname}}.sql.lz" + - "{{BaseURL}}/{{Hostname}}.sql.rar" + - "{{BaseURL}}/{{Hostname}}.sql.tar.gz" + - "{{BaseURL}}/{{Hostname}}.sql.xz" + - "{{BaseURL}}/{{Hostname}}.sql.zip" + - "{{BaseURL}}/{{Hostname}}.sql.z" + - "{{BaseURL}}/{{Hostname}}.sql.tar.z" + matchers: + - type: binary + binary: + - "377ABCAF271C" # 7z + - "425A68" # bz2 + - "53514c69746520666f726d6174203300" # SQLite format 3. + - "1f8b" # gz tar.gz + - "526172211A0700" # rar RAR archive version 1.50 + - "526172211A070100" # rar RAR archive version 5.0 + - "FD377A585A0000" # xz tar.xz + - "1F9D" # z tar.z + - "1FA0" # z tar.z + - "4C5A4950" # lz + - "504B0304" # zip + condition: or + part: body \ No newline at end of file