daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Seperate technology template (#3430) 

* Edit magmi workflow

* Add some workflow template + edit some template

* Changing some templates

* minor update

* workflow matcher fixes

* tech update

* Seperate technology template

* Update metabase-panel.yaml

* Update lucee-detect.yaml

* Update oneblog-detect.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update gespage-panel.yaml

* Update gespage-panel.yaml

* Update mautic-crm-panel.yaml

* Update kibana-panel.yaml

* Update metabase-panel.yaml

* Update home-assistant-detect.yaml

* Update jitsi-meet-detect.yaml

* Update lucee-detect.yaml

* Update gotmls-plugin-lfi.yaml

* Update and rename technologies/opencast-detect.yaml to exposed-panels/opencast-detect.yaml

* duplicate template - cves/2020/CVE-2020-11738.yaml

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
patch-1
Muhammad Daffa 2021-12-31 19:27:46 +07:00 committed by GitHub
parent af6f66a37d
commit c83d035fff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
59 changed files with 392 additions and 343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
technologies/daybyday-detect.yaml → exposed-panels/daybyday-panel.yaml
View File

@ -1,10 +1,12 @@
id: daybyday-detect
id: daybyday-panel
info:
name: DaybydayCRM Detect
author: pikpikcu
name: DaybydayCRM Panel Login
author: pikpikcu,daffainfo
severity: info
tags: tech,daybyday
metadata:
shodan-query: http.title:"Daybyday"
tags: panel,daybyday
requests:
- method: GET

39
exposed-panels/dolibarr-panel.yaml Normal file
View File

@ -0,0 +1,39 @@
id: dolibarr-panel
info:
name: Dolibarr Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: http.title:"Dolibarr"
tags: panel,dolibarr
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie: DOLSESSID_'
- type: word
part: body
words:
- '<meta name="author" content="Dolibarr Development Team">'
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '<td align="center">Dolibarr ([0-9.]+)<\/td>'
- '<td class="center">Dolibarr ([0-9.]+)<\/td>'
- '<div id="infoVersion">Dolibarr ([0-9.]+)<\/div>'

27
exposed-panels/dotclear-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: dotclear-panel
info:
name: Dotclear Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: http.title:"Dotclear"
tags: panel,dotclear
requests:
- method: GET
path:
- "{{BaseURL}}/dc2/admin/auth.php"
- "{{BaseURL}}/auth.php"
matchers-condition: and
matchers:
- type: word
words:
- '<body id="dotclear-admin" class="auth">'
- '<title>Dotclear</title>'
condition: or
- type: status
status:
- 200

9
technologies/druid-detect.yaml → exposed-panels/druid-panel.yaml
View File

@ -1,10 +1,10 @@
id: druid-detect
id: druid-panel
info:
name: Druid monitor Detect
author: pikpikcu
name: Druid monitor Panel Login
author: pikpikcu,daffainfo
severity: info
tags: tech,druid
tags: panel,druid
requests:
- method: GET
@ -13,7 +13,6 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:

61
technologies/ems-webclient-detect.yaml → exposed-panels/ems-webclient-panel.yaml
View File

@ -1,27 +1,34 @@
id: ems-webclient-detect
info:
name: EMS Web Client
author: pussycat0x
severity: info
metadata:
google-dork: inurl:EMSWebClient/
tags: tech,ems
requests:
- method: GET
path:
- "{{BaseURL}}/emswebclient/Login.aspx"
- "{{BaseURL}}/Login.aspx"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "EMS Web Client - Login"
- type: status
status:
- 200
id: ems-webclient-panel
info:
name: EMS Web Client Panel Login
author: pussycat0x,daffainfo
severity: info
metadata:
google-dork: inurl:EMSWebClient/
tags: panel,ems
requests:
- method: GET
path:
- "{{BaseURL}}/emswebclient/Login.aspx"
- "{{BaseURL}}/Login.aspx"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "EMS Web Client - Login"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'Web Client Version (.*)</span>'

8
technologies/fortinet-detect.yaml → exposed-panels/fortinet-panel.yaml
View File

@ -1,10 +1,12 @@
id: fortinet-detect
id: fortinet-panel
info:
name: Fortinet detected
name: Fortinet Panel Login
author: pikpikcu,daffainfo
severity: info
tags: tech,jboss
metadata:
shodan-query: http.title:"FORTINET LOGIN"
tags: panel,fotinet
requests:
- method: GET

34
exposed-panels/gespage-panel.yaml Normal file
View File

@ -0,0 +1,34 @@
id: gespage-panel
info:
name: Gespage Panel Login
author: pikpikcu,daffainfo
severity: info
metadata:
shodan-query: "Path=/gespage"
tags: panel,gespage
requests:
- method: GET
path:
- "{{BaseURL}}/gespage/webapp/login.xhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<link rel="stylesheet" href="css/gespage.css" />'
- '<link rel="stylesheet" href="css/menugrey.css" />'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '\(Ver: ([0-9._A-Z]+)\)'

18
technologies/glpi-cms-detect.yaml → exposed-panels/glpi-panel.yaml
View File

@ -1,10 +1,12 @@
id: glpi-cms-detect
id: glpi-panel
info:
name: GLPI Cms Detection
author: dogasantos
name: GLPI Panel Login
author: dogasantos,daffainfo
severity: info
tags: glpi,cms,php
metadata:
shodan-query: http.title:"GLPI"
tags: panel,glpi
requests:
- method: GET
@ -13,6 +15,7 @@ requests:
- "{{BaseURL}}/glpi/"
- "{{BaseURL}}/glpi2/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
@ -25,3 +28,10 @@ requests:
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'base.min.js?v=(.*)'

29
exposed-panels/jaspersoft-panel.yaml Normal file
View File

@ -0,0 +1,29 @@
id: jaspersoft-panel
info:
name: Jaspersoft Panel Login
author: koti2,daffainfo
severity: info
metadata:
shodan-query: http.title:"Jaspersoft"
tags: panel,jaspersoft
requests:
- method: GET
path:
- "{{BaseURL}}/jasperserver/login.html?error=1"
- "{{BaseURL}}/jasperserver-pro/login.html?error=1"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "TIBCO Jaspersoft: Login"
- "Could not login to JasperReports Server"
- "About TIBCO JasperReports Server"
condition: or
- type: status
status:
- 200

13
technologies/jeedom-detect.yaml → exposed-panels/jeedom-panel.yaml
View File

@ -1,10 +1,12 @@
id: jeedom-detect
id: jeedom-panel
info:
name: Jeedom Detect
author: pikpikcu
name: Jeedom Login Panel
author: pikpikcu,daffainfo
severity: info
tags: tech,jeedom
metadata:
shodan-query: http.title:"Jeedom"
tags: panel,jeedom
requests:
- method: GET
@ -13,11 +15,12 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Jeedom</title>"
- "JEEDOM_PRODUCT_NAME"
condition: and
- type: status
status:

26
exposed-panels/kibana-panel.yaml Normal file
View File

@ -0,0 +1,26 @@
id: kibana-panel
info:
name: Kibana Panel Login
author: petruknisme,daffainfo
severity: info
metadata:
shodan-query: http.title:"Kibana"
tags: panel,kibana
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: or
matchers:
- type: word
part: body
words:
- "<title>Kibana</title>"
- type: word
part: header
words:
- "Kbn-Name:"

9
technologies/landrayoa-detect.yaml → exposed-panels/landrayoa-panel.yaml
View File

@ -1,10 +1,10 @@
id: landrayoa-detect
id: landrayoa-panel
info:
name: LandrayOA detect
name: LandrayOA Panel Login
author: YanYun
severity: info
tags: tech,landrayoa
tags: panel,landrayoa
requests:
- method: GET
@ -16,11 +16,14 @@ requests:
- type: status
status:
- 200
- type: word
part: body
words:
- 'lui_login_input_username'
- 'lui_login_input_password'
condition: and
- type: word
words:
- 'isopen='

27
exposed-panels/mautic-crm-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: mautic-crm-panel
info:
name: Mautic CRM Panel Login
author: cyllective,daffainfo
severity: info
description: Mautic is a free and open-source marketing automation tool for Content Management, Social Media, Email Marketing, and can be used for the integration of social networks, campaign management, forms, questionnaires, reports, etc.
reference: https://github.com/mautic/mautic
tags: tech,mautic,crm
requests:
- method: GET
path:
- "{{BaseURL}}/s/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Mautic</title>'
- 'var mauticBasePath'
condition: and
- type: status
status:
- 200

13
technologies/metabase-detect.yaml → exposed-panels/metabase-panel.yaml
View File

@ -1,11 +1,13 @@
id: metabase-version-detect
id: metabase-panel
info:
name: Detect Metabase Version
author: revblock
name: Metabase Login Panel
author: revblock,daffainfo
description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source
metadata:
shodan-query: http.title:"Metabase"
severity: info
tags: tech,metabase
tags: panel,metabase
requests:
- method: GET
@ -14,17 +16,16 @@ requests:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "<title>Metabase</title>"
- "window.MetabaseBootstrap"
- "window.MetabaseRoot"
part: body
condition: and
extractors:

25
exposed-panels/opencast-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: opencast-panel
info:
name: Opencast Panel Login
author: cyllective,daffainfo
severity: info
description: The free and open source solution for automated video capture and distribution at scale.
reference: https://github.com/opencast/opencast
tags: panel,opencast
requests:
- method: GET
path:
- "{{BaseURL}}/admin-ng/login.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Opencast</title>'
- type: status
status:
- 200

0
technologies/clockwork-php-page.yaml → exposures/logs/clockwork-php-page.yaml
View File

8
technologies/chevereto-detect.yaml
View File

@ -4,12 +4,14 @@ info:
name: Chevereto detect
author: pikpikcu
severity: info
metadata:
shodan-query: http.title:"Centreon"
tags: tech,chevereto
requests:
- method: GET
path:
- "{{BaseURL}}/login"
- "{{BaseURL}}"
matchers-condition: and
matchers:
@ -18,6 +20,10 @@ requests:
regex:
- 'content="Chevereto(.*)">'
- type: status
status:
- 200
extractors:
- type: regex
part: body

1
technologies/craft-cms-detect.yaml
View File

@ -15,7 +15,6 @@ requests:
redirects: true
max-redirects: 2
matchers:
- type: word
part: header

21
technologies/crush-ftp-detect.yaml
View File

@ -1,21 +0,0 @@
id: crush-ftp-detect
info:
name: Crush FTP
author: pussycat0x
severity: info
tags: tech,ftp
requests:
- method: GET
path:
- "{{BaseURL}}/WebInterface/login.html"
redirects: true
matchers-condition: and
matchers:
- type: word
words:
- "<title>CrushFTP WebInterface</title>"
- type: status
status:
- 200

0
technologies/lighttpd-default.yaml → technologies/default-lighttpd-page.yaml
View File

25
technologies/dolibarr-detect.yaml
View File

@ -1,25 +0,0 @@
id: dolibarr-detect
info:
name: Dolibarr detect
author: pikpikcu
severity: info
tags: tech,dolibarr
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: regex
part: body
regex:
- '<title>Dolibarr - Login Dolibarr(.*)</title>'
extractors:
- type: regex
part: body
group: 1
regex:
- 'center">(.*)</td>'

22
technologies/dotclear-detect.yaml
View File

@ -1,22 +0,0 @@
id: dotclear-detect
info:
name: Dotclear Detect
author: pikpikcu
severity: info
tags: tech,dotclear
requests:
- method: GET
path:
- "{{BaseURL}}/dc2/admin/auth.php"
- "{{BaseURL}}/auth.php"
matchers-condition: and
matchers:
- type: word
words:
- "<title>Dotclear</title>"
- type: status
status:
- 200

1
technologies/fanruanoa-detect.yaml
View File

@ -13,6 +13,7 @@ requests:
- "{{BaseURL}}/WebReport/ReportServer"
- "{{BaseURL}}/ReportServer"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status

24
technologies/gespage-detect.yaml
View File

@ -1,24 +0,0 @@
id: gespage-detect
info:
name: Gespage Detect
author: pikpikcu
severity: info
tags: tech,gespage
requests:
- method: GET
path:
- "{{BaseURL}}/gespage/webapp/login.xhtml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Login utilisateur Gespage</title>"
- type: status
status:
- 200

2
technologies/gilacms-detect.yaml
View File

@ -12,9 +12,9 @@ requests:
- "{{BaseURL}}"
- "{{BaseURL}}/user"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:

7
technologies/graphiql-detect.yaml
View File

@ -12,8 +12,13 @@ requests:
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>GraphiQL'
- '<title>GraphiQL'
- type: status
status:
- 200

2
technologies/graylog-api-browser.yaml
View File

@ -10,6 +10,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/api/api-browser/"
matchers-condition: and
matchers:
- type: word
@ -19,6 +20,7 @@ requests:
- "REST API browser"
- "swagger"
condition: and
- type: status
status:
- 200

3
technologies/gunicorn-detect.yaml
View File

@ -3,7 +3,8 @@ id: gunicorn-detect
info:
name: Detect Gunicorn Server
author: joanbono
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
description: Gunicorn Python WSGI HTTP Server for UNIX
reference: https://github.com/benoitc/gunicorn
severity: info
tags: tech,gunicorn

2
technologies/harbor-detect.yaml
View File

@ -9,7 +9,7 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/'
- '{{BaseURL}}'
matchers-condition: and
matchers:

25
technologies/home-assistant-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: home-assistant-detect
info:
name: Home Assistant Detect
author: fabaff,daffainfo
severity: info
metadata:
shodan-query: http.title:"Home Assistant"
tags: tech,iot
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Home Assistant</title>'
- type: status
status:
- 200

16
technologies/home-assistant.yaml
View File

@ -1,16 +0,0 @@
id: home-assistant
info:
name: Detect Home Assistant
author: fabaff
severity: info
tags: tech,iot
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
words:
- "<title>Home Assistant</title>"

3
technologies/hp-blade-admin-detect.yaml
View File

@ -4,7 +4,8 @@ info:
name: HP BladeSystem Onboard Administrator
author: pussycat0x
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22HP+BladeSystem%22
metadata:
shodan-query: http.title:"HP BladeSystem"
tags: panel,hp
requests:

3
technologies/influxdb-detect.yaml
View File

@ -4,6 +4,8 @@ info:
name: InfluxDB Detect
author: pikpikcu
severity: info
metadata:
shodan-query: http.title:"InfluxDB - Admin Interface"
tags: tech,influxdb
requests:
@ -13,7 +15,6 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:

24
technologies/itop-detect.yaml
View File

@ -1,24 +0,0 @@
id: itop-detect
info:
name: iTop Detect
author: pikpikcu
severity: info
tags: tech,itop
requests:
- method: GET
path:
- "{{BaseURL}}/pages/UI.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>iTop login</title>"
- type: status
status:
- 200

19
technologies/jaspersoft-detect.yaml
View File

@ -1,19 +0,0 @@
id: jaspersoft-detect
info:
name: Jaspersoft detected
author: koti2
severity: info
tags: tech,jaspersoft
requests:
- method: GET
path:
- "{{BaseURL}}/jasperserver/login.html?error=1"
matchers:
- type: word
words:
- "TIBCO Jaspersoft: Login"
- "Could not login to JasperReports Server"
- "About TIBCO JasperReports Server"
condition: or

5
technologies/jboss-detect.yaml
View File

@ -11,6 +11,7 @@ requests:
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
@ -19,3 +20,7 @@ requests:
- "<title>Welcome to JBoss Application Server"
- "JBoss EAP 7"
condition: or
- type: status
status:
- 200

7
technologies/jenkins-detect.yaml
View File

@ -2,7 +2,7 @@ id: jenkins-detect
info:
name: Jenkins detect (version)
author: philippdelteil
author: philippdelteil,daffainfo
severity: info
tags: tech,jenkins
@ -10,16 +10,19 @@ requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- "X-Jenkins"
- "X-Jenkins-Session"
part: header
condition: and
- type: word
words:
- "<title>Sign in [Jenkins]</title>"
- "<title>Dashboard [Jenkins]</title>"
part: body
extractors:

11
technologies/jitsi-meet.yaml → technologies/jitsi-meet-detect.yaml
View File

@ -1,11 +1,12 @@
id: jitsi-meet
id: jitsi-meet-detect
info:
name: Jitsi Meet Page
name: Jitsi Meet Page Detect
author: dhiyaneshDK
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Jitsi+Meet%22
tags: tech
metadata:
shodan-query: http.title:"Jitsi Meet"
tags: tech,jitsi
requests:
- method: GET
@ -15,8 +16,10 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Jitsi Meet</title>"
- type: status
status:
- 200

2
technologies/jolokia.yaml → technologies/jolokia-detect.yaml
View File

@ -1,4 +1,4 @@
id: jolokia-instance
id: jolokia-detect
info:
name: Jolokia Version Disclosure

24
technologies/kibana-detect.yaml
View File

@ -1,24 +0,0 @@
id: kibana-detect
info:
name: Kibana Service Detection
author: petruknisme
severity: info
tags: tech,kibana
requests:
- method: GET
path:
- "{{BaseURL}}/login?next=%2F"
- "{{BaseURL}}/bundles/login.bundle.js"
- "{{BaseURL}}/bundles/kibana.style.css"
matchers:
- type: word
words:
- "<title>Kibana</title>"
- "kibanaLoaderWrap"
- "kibanaLoader"
- "xpack"
- "Elasticsearch B.V"
condition: or

3
technologies/kong-detect.yaml
View File

@ -2,7 +2,8 @@ id: kong-detect
info:
name: Detect Kong
author: geeknik
description: The Cloud-Native API Gateway - https://github.com/Kong/kong
description: The Cloud-Native API Gateway
reference: https://github.com/Kong/kong
severity: info
tags: tech,kong

0
technologies/linkerd-badrule-detect.yaml → technologies/linkerd-detect.yaml
View File

6
technologies/lucee-detect.yaml
View File

@ -11,8 +11,8 @@ requests:
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
@ -20,3 +20,7 @@ requests:
- "(?i)X-CB-Server: LUCEE"
- "(?i)X-IDG-Appserver: Lucee"
condition: or
- type: status
status:
- 200

31
technologies/mautic-crm-detect.yaml
View File

@ -1,31 +0,0 @@
id: mautic-crm-detect
info:
name: mautic crm detect
author: cyllective
severity: info
description: Detects Mautic CRM
tags: tech,mautic,crm
reference:
- https://github.com/mautic/mautic
requests:
- method: GET
path:
- "{{BaseURL}}/s/login"
matchers-condition: or
matchers:
- type: word
part: body
condition: or
words:
- '<title>Mautic</title>'
- '<div class="mautic-logo'
- type: regex
part: body
condition: or
regex:
- 'var\s+?mautic(?:BasePath|BaseUrl|AjaxUrl|AjaxCsrf|AssetPrefix|Content|Env|Lang)\s+?='
- 'Copyright \d{4} Mautic\. All Rights Reserved\.'

5
technologies/moinmoin-detect.yaml
View File

@ -14,6 +14,7 @@ requests:
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
@ -22,6 +23,10 @@ requests:
- '<a href="http://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin Powered</a>'
- '<a href="http://moinmo.in/Python" title="MoinMoin is written in Python.">Python Powered</a>'
- type: status
status:
- 200
extractors:
- type: regex
part: body

4
technologies/mrtg-detect.yaml
View File

@ -3,7 +3,8 @@ id: mrtg-detect
info:
name: Detect MRTG
author: geeknik
description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/
description: The Multi Router Traffic Grapher
reference: https://oss.oetiker.ch/mrtg/
severity: info
tags: tech,mrtg
@ -14,6 +15,7 @@ requests:
- "{{BaseURL}}/mrtg/"
- "{{BaseURL}}/MRTG/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status

3
technologies/nifi-detech.yaml
View File

@ -17,13 +17,16 @@ requests:
- "{{BaseURL}}/system-diagnostics"
- "{{BaseURL}}/nifi-api/access/config"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "supportsLogin"
- "disconnectedNodeAcknowledged"
- "(aggregate|node)Snapshots?"
condition: or
- type: status
status:

1
technologies/node-red-detect.yaml
View File

@ -13,7 +13,6 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:

1
technologies/octobercms-detect.yaml
View File

@ -14,6 +14,7 @@ requests:
- "{{BaseURL}}"
- "{{BaseURL}}/modules/system/assets/js/framework.combined-min.js"
stop-at-first-match: true
redirects: true
max-redirects: 1
matchers:

1
technologies/oidc-detect.yaml
View File

@ -11,6 +11,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/.well-known/openid-configuration"
matchers-condition: and
matchers:
- type: status

4
technologies/olivetti-crf-detect.yaml
View File

@ -1,9 +1,11 @@
id: olivetti-crf-detect
info:
name: Olivetti CRF Detect
author: pussycat0x
severity: info
reference: https://www.shodan.io/search?query=http.title%3A%22Olivetti+CRF%22
metadata:
shodan-query: http.title:"Olivetti CRF"
tags: tech,olivetti
requests:

9
technologies/oneblog-detect.yaml
View File

@ -2,22 +2,23 @@ id: oneblog-detect
info:
name: OneBlog Detect
author: pikpikcu
author: pikpikcu,daffainfo
severity: info
tags: tech,oneblog
requests:
- method: GET
path:
- "{{BaseURL}}/passport/login/"
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>OneBlog开源博客后台管理系统</title>"
- '<title>OneBlog开源博客后台管理系统</title>'
- '<meta name="keywords" content="OneBlog'
condition: or
- type: status
status:

2
technologies/openam-detection.yaml → technologies/openam-detect.yaml
View File

@ -1,4 +1,4 @@
id: openam-detection
id: openam-detect
info:
name: Detect OpenAM and OpenSSO

21
technologies/opencast-detect.yaml
View File

@ -1,21 +0,0 @@
id: opencast-detect
info:
name: Opencast detect
author: cyllective
severity: info
description: Detects Opencast
tags: tech,opencast
reference:
- https://github.com/opencast/opencast
requests:
- method: GET
path:
- "{{BaseURL}}/admin-ng/login.html"
matchers:
- type: word
part: body
words:
- '<title>Opencast</title>'

6
technologies/openx-detect.yaml
View File

@ -9,8 +9,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/www/admin/"
- "{{BaseURL}}/www/admin/index.php"
- "{{BaseURL}}/admin/index.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
@ -27,4 +29,4 @@ requests:
part: body
group: 1
regex:
- 'content="(.*)- http://www.openx.org">'
- '(.*)- http://www.openx.org'

1
technologies/wondercms-detect.yaml
View File

@ -13,7 +13,6 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:

2
technologies/wordpress-detect.yaml
View File

@ -11,7 +11,7 @@ info:
requests:
- method: GET
path:
- "{{RootURL}}"
- "{{BaseURL}}"
redirects: true
max-redirects: 2

30
technologies/wordpress-gotmls-detect.yaml
View File

@ -1,30 +0,0 @@
id: wordpress-gotmls-detect
info:
name: Detect WordPress Plugin Anti-Malware Security and Bruteforce Firewall
author: vsh00t
reference: https://www.exploit-db.com/exploits/50107
severity: info
tags: wordpress,wp-plugin,gotmls
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action={{randstr}}&file=../../../../../../../../../Windows/win.ini"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "gotmls"
- type: status
status:
- 302
extractors:
- type: kval
part: header
kval:
- location

0
technologies/linkerd-service-detect.yaml → vulnerabilities/linkerd/linkerd-ssrf.yaml
View File