daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4773 from DhiyaneshGeek/master 

39 New Templates
patch-1
Prince Chaddha 2022-07-13 14:29:59 +05:30 committed by GitHub
parent 471cb2a45d 1ac45797db
commit cc0137be85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 1104 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
exposed-panels/claris-filemaker-webdirect.yaml Normal file
View File

@ -0,0 +1,32 @@
id: claris-filemaker-webdirect
info:
name: Claris FileMaker WebDirect
author: DhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/5669
metadata:
verified: true
shodan-dork: title:"Claris FileMaker WebDirect"
tags: panel
requests:
- method: GET
path:
- '{{BaseURL}}/fmi/webd/'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Claris FileMaker WebDirect</title>'
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200

30
exposed-panels/honeywell-xl-web-controller.yaml Normal file
View File

@ -0,0 +1,30 @@
id: honeywell-xl-web-controller
info:
name: Honeywell XL Web Controller
author: DhiyaneshDK
severity: info
reference:
- https://www.exploit-db.com/ghdb/7130
classification:
cwe-id: CWE-200
metadata:
verified: true
shodan-dork: title:"Honeywell XL Web Controller"
tags: panel,honeywell
requests:
- method: GET
path:
- '{{BaseURL}}/standard/default.php'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Honeywell XL Web Controller</title>'
- type: status
status:
- 200

22
exposed-panels/noescape-login.yaml Normal file
View File

@ -0,0 +1,22 @@
id: noescape-login
info:
name: NoEscape Login Panel
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"NoEscape - Login"
tags: panel,noescape
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'NoEscape - Login'

26
exposed-panels/sonicwall-analyzer-login.yaml Normal file
View File

@ -0,0 +1,26 @@
id: sonicwall-analyzer-login
info:
name: SonicWall Analyzer Login
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"SonicWall Analyzer Login"
tags: panel,sonicwall
requests:
- method: GET
path:
- '{{BaseURL}}/sgms/auth'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'SonicWall Analyzer Login'
- type: status
status:
- 200

27
exposed-panels/tembosocial-panel.yaml Normal file
View File

@ -0,0 +1,27 @@
id: tembosocial-panel
info:
name: TemboSocial Administration Panel
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-query: title:"TemboSocial Administration"
tags: panel,tembosocial
requests:
- method: GET
path:
- "{{BaseURL}}/admin.php"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- '<title>TemboSocial Administration</title>'
- type: status
status:
- 200

26
exposed-panels/tenda-web-master.yaml Normal file
View File

@ -0,0 +1,26 @@
id: tenda-web-master
info:
name: Tenda Web Master
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Tenda Web Master"
tags: panel,tenda,router
requests:
- method: GET
path:
- '{{BaseURL}}/login.html'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Tenda Web Master</title>'
- type: status
status:
- 200

28
exposed-panels/tiny-file-manager.yaml Normal file
View File

@ -0,0 +1,28 @@
id: tiny-file-manager
info:
name: Tiny File Manager
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Tiny File Manager"
tags: panel,filemanager
requests:
- method: GET
path:
- '{{BaseURL}}'
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Tiny File Manager'
- type: status
status:
- 200

25
exposed-panels/veeam-backup-gcp.yaml Normal file
View File

@ -0,0 +1,25 @@
id: veeam-backup-gcp
info:
name: Veeam Backup for GCP
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-query: title:"Veeam Backup for GCP"
tags: panel,google,cloud
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- '<title>Veeam Backup for GCP</title>'
- type: status
status:
- 200

26
exposed-panels/vmware-carbon-black-edr.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-carbon-black-edr
info:
name: VMware Carbon Black EDR
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"VMware Carbon Black EDR"
tags: panel,vmware
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'VMware Carbon Black EDR'
- type: status
status:
- 200

26
exposed-panels/vmware-cloud-availability.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-cloud-availability
info:
name: VMware Cloud Director Availability
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"VMware Cloud Director Availability"
tags: panel,vmware
requests:
- method: GET
path:
- '{{BaseURL}}/ui/login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>VMware Cloud Director Availability</title>'
- type: status
status:
- 200

26
exposed-panels/vmware-cloud-director.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-cloud-director
info:
name: VMware Cloud Director
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Welcome to VMware Cloud Director"
tags: panel,vmware
requests:
- method: GET
path:
- '{{BaseURL}}/login/'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Welcome to VMware Cloud Director</title>'
- type: status
status:
- 200

26
exposed-panels/vmware-ftp-server.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-ftp-server
info:
name: VMware FTP Server
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"VMWARE FTP SERVER"
tags: panel,vmware,ftp
requests:
- method: GET
path:
- '{{BaseURL}}/login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'VMWARE FTP SERVER'
- type: status
status:
- 200

28
exposed-panels/vmware-horizon-daas.yaml Normal file
View File

@ -0,0 +1,28 @@
id: vmware-horizon-daas
info:
name: Desktop Portal VMware Horizon DaaS Trade Platform
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Horizon DaaS"
tags: panel,vmware
requests:
- method: GET
path:
- '{{BaseURL}}/index.action'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Desktop Portal | VMware&reg; Horizon DaaS&trade; Platform</title>'
- 'Desktop Portal | VMware Horizon DaaS'
condition: or
- type: status
status:
- 200

26
exposed-panels/vmware-vcenter-converter-standalone.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-vcenter-converter-standalone
info:
name: VMware vCenter Converter Standalone
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"VMware vCenter Converter Standalone"
tags: panel,vmware,vcenter
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'VMware vCenter Converter Standalone'
- type: status
status:
- 200

26
exposed-panels/vmware-vcloud-director.yaml Normal file
View File

@ -0,0 +1,26 @@
id: vmware-vcloud-director
info:
name: VMware vCloud Director
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"VMware vCloud Director"
tags: panel,vmware,vcloud
requests:
- method: GET
path:
- '{{BaseURL}}/cloud/'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>VMware vCloud Director</title>'
- type: status
status:
- 200

28
exposed-panels/web-file-manager.yaml Normal file
View File

@ -0,0 +1,28 @@
id: web-file-manager
info:
name: Web File Manager
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Web File Manager"
tags: panel,filemanager
requests:
- method: GET
path:
- '{{BaseURL}}/Login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Web File Manager'
- 'Login'
condition: and
- type: status
status:
- 200

30
exposures/configs/config-rb.yaml Normal file
View File

@ -0,0 +1,30 @@
id: config-rb
info:
name: Config Ruby File Disclosure
author: DhiyaneshDK
severity: medium
metadata:
verified: true
shodan-query: html:"config.rb"
tags: ruby,devops,exposure,config
requests:
- method: GET
path:
- "{{BaseURL}}/config.rb"
- "{BaseURL}}/.chef/config.rb"
- "{{BaseURL}}/assets/config.rb"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'images_dir'
- 'css_dir'
condition: and
- type: status
status:
- 200

29
exposures/configs/gcloud-config-default.yaml Normal file
View File

@ -0,0 +1,29 @@
id: gcloud-config-default
info:
name: Google Cloud Config Default
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-query: html:"access_tokens.db"
tags: google,cloud,devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/configurations/config_default"
- "{{BaseURL}}/.config/gcloud/configurations/config_default"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '[core]'
- 'account'
condition: and
- type: status
status:
- 200

32
exposures/configs/phpstan-config.yaml Normal file
View File

@ -0,0 +1,32 @@
id: phpstan-config
info:
name: PHPStan Configuration Exposure
author: DhiyaneshDK
severity: low
metadata:
verified: true
shodan-query: html:"phpstan.neon"
tags: devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/phpstan.neon"
matchers-condition: and
matchers:
- type: word
words:
- 'parameters:'
- type: word
part: header
words:
- "text/html"
- "application/javascript"
negative: true
- type: status
status:
- 200

33
exposures/configs/wgetrc-config.yaml Normal file
View File

@ -0,0 +1,33 @@
id: wgetrc-config
info:
name: Wgetrc Configuration File Exposure
author: DhiyaneshDK
severity: medium
metadata:
verified: true
shodan-query: html:".wgetrc"
tags: devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/wgetrc"
- "{{BaseURL}}/.wgetrc"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '/etc/wgetrc'
- 'wget.info'
- type: word
part: header
words:
- 'application/octet-stream'
- type: status
status:
- 200

30
exposures/files/composer-auth-json.yaml Normal file
View File

@ -0,0 +1,30 @@
id: composer-auth-json
info:
name: Composer-auth Json File Disclosure
author: DhiyaneshDK
severity: low
reference: https://www.exploit-db.com/ghdb/5768
metadata:
verified: true
google-query: intext:"index of /" ".composer-auth.json"
tags: exposure,devops
requests:
- method: GET
path:
- "{{BaseURL}}/.composer-auth.json"
- "{{BaseURL}}/vendor/webmozart/assert/.composer-auth.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'github-oauth'
- 'github.com'
condition: and
- type: status
status:
- 200

28
exposures/files/environment-rb.yaml Normal file
View File

@ -0,0 +1,28 @@
id: environment-rb
info:
name: Environment Ruby File Disclosure
author: DhiyaneshDK
severity: medium
metadata:
verified: true
google-query: intitle:"index of" "environment.rb"
tags: ruby,devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/environment.rb"
- "{{BaseURL}}/config/environment.rb"
- "{BaseURL}}/redmine/config/environment.rb"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '# Load the Rails application.'
- type: status
status:
- 200

34
exposures/files/gcloud-access-token.yaml Normal file
View File

@ -0,0 +1,34 @@
id: gcloud-access-token
info:
name: Google Cloud Access Token
author: DhiyaneshDK
severity: medium
metadata:
verified: true
shodan-query: html:"access_tokens.db"
tags: google,cloud,devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/access_tokens.db"
- "{{BaseURL}}/.config/gcloud/access_tokens.db"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'SQLite'
- 'access_token'
condition: and
- type: word
part: header
words:
- 'application/octet-stream'
- type: status
status:
- 200

34
exposures/files/gcloud-credentials.yaml Normal file
View File

@ -0,0 +1,34 @@
id: gcloud-credentials
info:
name: Google Cloud Credentials
author: DhiyaneshDK
severity: medium
metadata:
verified: true
shodan-query: html:"credentials.db"
tags: google,cloud,devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/credentials.db"
- "{{BaseURL}}/.config/gcloud/credentials.db"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'SQLite'
- 'client_id'
condition: and
- type: word
part: header
words:
- 'application/octet-stream'
- type: status
status:
- 200

29
exposures/files/get-access-token-json.yaml Normal file
View File

@ -0,0 +1,29 @@
id: get-access-token-json
info:
name: Get Access Token Json
author: DhiyaneshDK
severity: low
metadata:
verified: true
google-query: intitle:"index of" "get_access_token.json"
tags: exposure
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/constant-contact-forms/vendor/constantcontact/constantcontact/test/Json/Auth/get_access_token.json"
- "{{BaseURL}}/wp-content/plugins/constant-contact-api-old/vendor/constantcontact/constantcontact/test/Json/Auth/get_access_token.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '"access_token":'
- '"token_type":'
condition: and
- type: status
status:
- 200

31
exposures/files/google-api-private-key.yaml Normal file
View File

@ -0,0 +1,31 @@
id: google-api-private-key
info:
name: Google Api Private Key
author: DhiyaneshDK
severity: medium
reference: https://www.exploit-db.com/ghdb/6037
metadata:
verified: true
google-query: intitle:"index of" "google-api-private-key.json"
tags: exposure,cloud,google,devops
requests:
- method: GET
path:
- "{{BaseURL}}/google-api-private-key.json"
- "{{BaseURL}}/app/config/pimcore/google-api-private-key.json"
- "{{BaseURL}}/pimcore/app/config/pimcore/google-api-private-key.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'private_key_id'
- 'private_key'
condition: and
- type: status
status:
- 200

31
exposures/files/google-services-json.yaml Normal file
View File

@ -0,0 +1,31 @@
id: google-services-json
info:
name: Google Service Json
author: DhiyaneshDK
severity: low
reference: https://www.exploit-db.com/ghdb/6886
metadata:
verified: true
google-query: intitle:"index of" "google-services.json"
tags: google,cloud,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/google-services.json"
- "{{BaseURL}}/app/google-services.json"
- "{{BaseURL}}/android/app/google-services.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'storage_bucket'
- 'oauth_client'
condition: and
- type: status
status:
- 200

28
exposures/files/jsapi-ticket-json.yaml Normal file
View File

@ -0,0 +1,28 @@
id: jsapi-ticket-json
info:
name: JsAPI Ticket Json
author: DhiyaneshDK
severity: low
reference: https://www.exploit-db.com/ghdb/6070
metadata:
verified: true
google-query: intitle:"index of" "jsapi_ticket.json"
tags: exposure,jsapi
requests:
- method: GET
path:
- "{{BaseURL}}/jsapi_ticket.json"
matchers-condition: and
matchers:
- type: word
words:
- '"expire_time":'
- '"jsapi_ticket":'
condition: and
- type: status
status:
- 200

29
exposures/files/npm-cli-metrics-json.yaml Normal file
View File

@ -0,0 +1,29 @@
id: npm-cli-metrics-json
info:
name: NPM Anonymous CLI Metrics Json
author: DhiyaneshDK
severity: low
metadata:
verified: true
shodan-query: html:"anonymous-cli-metrics.json"
tags: npm,devops,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/anonymous-cli-metrics.json"
- "{{BaseURL}}/.npm/anonymous-cli-metrics.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '"metricId"'
- '"metrics"'
condition: and
- type: status
status:
- 200

27
exposures/files/oauth-credentials-json.yaml Normal file
View File

@ -0,0 +1,27 @@
id: oauth-credentials-json
info:
name: Oauth Credentials Json
author: DhiyaneshDK
severity: low
metadata:
verified: true
google-query: intitle:"index of" "oauth-credentials.json"
tags: exposure,oauth
requests:
- method: GET
path:
- "{{BaseURL}}/oauth-credentials.json"
matchers-condition: and
matchers:
- type: word
words:
- '"client_id":'
- '"client_secret":'
condition: and
- type: status
status:
- 200

28
exposures/files/secret-token-rb.yaml Normal file
View File

@ -0,0 +1,28 @@
id: secret-token-rb
info:
name: Secret Token Ruby - File Disclosure
author: DhiyaneshDK
severity: medium
metadata:
verified: true
google-query: intitle:"index of" "secret_token.rb"
tags: redmine,devops,exposure,ruby
requests:
- method: GET
path:
- "{{BaseURL}}/secret_token.rb"
- "{{BaseURL}}/config/initializers/secret_token.rb"
- "{BaseURL}}/redmine/config/initializers/secret_token.rb"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '::Application.config.secret'
- type: status
status:
- 200

31
exposures/files/symfony-properties-ini.yaml Normal file
View File

@ -0,0 +1,31 @@
id: symfony-properties-ini
info:
name: Symfony properties.ini File Disclosure
author: DhiyaneshDK
severity: info
metadata:
verified: true
google-dork: intitle:"index of" "properties.ini"
tags: symfony,exposure
requests:
- method: GET
path:
- '{{BaseURL}}/properties.ini'
- '{{BaseURL}}/config/properties.ini'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'name='
- 'author='
- 'orm='
condition: and
- type: status
status:
- 200

29
exposures/files/token-info-json.yaml Normal file
View File

@ -0,0 +1,29 @@
id: token-info-json
info:
name: Token Info Json
author: DhiyaneshDK
severity: info
metadata:
verified: true
google-query: intitle:"index of" "token_info.json"
tags: exposure
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/constant-contact-forms/vendor/constantcontact/constantcontact/test/Json/Auth/token_info.json"
- "{{BaseURL}}/wp-content/plugins/constant-contact-api-old/vendor/constantcontact/constantcontact/test/Json/Auth/token_info.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '"client_id":'
- '"user_name":'
condition: and
- type: status
status:
- 200

29
exposures/files/token-json.yaml Normal file
View File

@ -0,0 +1,29 @@
id: token-json
info:
name: Token Json File Disclosure
author: DhiyaneshDK
severity: low
metadata:
verified: true
google-query: intitle:"index of" "token.json"
tags: exposure,cloud,google,devops
requests:
- method: GET
path:
- "{{BaseURL}}/token.json"
- "{{BaseURL}}/search/token.json"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '"access_token":'
- '"token_type":'
condition: and
- type: status
status:
- 200

25
exposures/files/wget-hsts-list-exposure.yaml Normal file
View File

@ -0,0 +1,25 @@
id: wget-hsts-list-exposure
info:
name: WGET HSTS List Exposure
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-query: html:".wget-hsts"
tags: devops,exposure,wget
requests:
- method: GET
path:
- "{{BaseURL}}/.wget-hsts"
matchers-condition: and
matchers:
- type: word
words:
- 'HSTS 1.0 Known Hosts database for GNU Wget'
- type: status
status:
- 200

31
exposures/files/ws-ftp-ini.yaml Normal file
View File

@ -0,0 +1,31 @@
id: ws-ftp-ini
info:
name: WS FTP File Disclosure
author: DhiyaneshDK
severity: low
metadata:
verified: true
google-dork: intitle:"Index of" ws_ftp.ini
tags: exposure,ftp
requests:
- method: GET
path:
- '{{BaseURL}}/ws_ftp.ini'
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'HOST='
- 'UID='
- 'DIR='
condition: and
- type: status
status:
- 200

25
technologies/default-page-azure-container.yaml Normal file
View File

@ -0,0 +1,25 @@
id: default-page-azure-container
info:
name: Azure Container Instance Default Page
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-query: title:"Welcome to Azure Container Instances!"
tags: tech,azure,cloud
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
words:
- '<title>Welcome to Azure Container Instances!</title>'
- type: status
status:
- 200

26
technologies/default-parallels-plesk.yaml Normal file
View File

@ -0,0 +1,26 @@
id: default-parallels-plesk
info:
name: Default Parallels Plesk Panel Page
author: DhiyaneshDK
severity: info
metadata:
verified: true
shodan-dork: title:"Default Parallels Plesk Panel Page"
tags: tech,default-page,parallels,plesk
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Default Parallels Plesk Panel Page</title>'
- type: status
status:
- 200

27
technologies/json-server.yaml Normal file
View File

@ -0,0 +1,27 @@
id: json-server
info:
name: Json Server
author: DhiyaneshDK
severity: low
reference: https://www.exploit-db.com/ghdb/4550
metadata:
verified: true
shodan-query: title:"JSON Server"
tags: exposure,devops
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>JSON Server</title>"
- type: status
status:
- 200