From e095c6063ef5ba4f762bb98cdebdde600d9337c1 Mon Sep 17 00:00:00 2001 From: ErikOwen Date: Fri, 30 Jun 2023 15:40:59 -0700 Subject: [PATCH] Revert "remove exposure tag from misconfiguration templates" This reverts commit 3a815a58a1012203cb392d36bcf480e455f05471. --- http/misconfiguration/ace-admin-dashboard.yaml | 2 +- http/misconfiguration/aem/aem-crx-browser.yaml | 2 +- http/misconfiguration/aem/aem-crx-namespace.yaml | 2 +- http/misconfiguration/aem/aem-crx-search.yaml | 2 +- http/misconfiguration/aem/aem-disk-usage.yaml | 2 +- http/misconfiguration/aem/aem-explorer-nodetypes.yaml | 2 +- http/misconfiguration/aem/aem-external-link-checker.yaml | 2 +- http/misconfiguration/aem/aem-misc-admin.yaml | 2 +- http/misconfiguration/aem/aem-secrets.yaml | 2 +- http/misconfiguration/aem/aem-security-users.yaml | 2 +- http/misconfiguration/aem/aem-sling-userinfo.yaml | 2 +- http/misconfiguration/ampache-update-exposure.yaml | 2 +- http/misconfiguration/apache-drill-exposure.yaml | 2 +- http/misconfiguration/apache-struts-showcase.yaml | 2 +- http/misconfiguration/apache/kafka-manager-unauth.yaml | 2 +- http/misconfiguration/awstats-listing.yaml | 2 +- http/misconfiguration/blackbox-exporter-metrics.yaml | 2 +- http/misconfiguration/bootstrap-admin-panel-template.yaml | 2 +- http/misconfiguration/cadvisor-exposure.yaml | 2 +- http/misconfiguration/clockwork-dashboard-exposure.yaml | 2 +- http/misconfiguration/cloud-metadata.yaml | 2 +- http/misconfiguration/cobbler-exposed-directory.yaml | 2 +- http/misconfiguration/codemeter-webadmin.yaml | 2 +- http/misconfiguration/codis-dashboard.yaml | 2 +- http/misconfiguration/collectd-exporter-metrics.yaml | 2 +- http/misconfiguration/confluence-dashboard.yaml | 2 +- http/misconfiguration/corebos-htaccess.yaml | 2 +- http/misconfiguration/debug/bottle-debug.yaml | 2 +- http/misconfiguration/debug/flask-werkzeug-debug.yaml | 2 +- http/misconfiguration/dgraph-dashboard-exposure.yaml | 2 +- http/misconfiguration/docmosis-tornado-server.yaml | 2 +- http/misconfiguration/elastic-hd-dashboard.yaml | 2 +- http/misconfiguration/encompass-cm1-homepage.yaml | 2 +- http/misconfiguration/envoy-admin-exposure.yaml | 2 +- http/misconfiguration/espeasy-mega-exposure.yaml | 2 +- http/misconfiguration/esphome-dashboard.yaml | 2 +- http/misconfiguration/everything-listing.yaml | 2 +- http/misconfiguration/exposed-jquery-file-upload.yaml | 2 +- http/misconfiguration/exposed-kafdrop.yaml | 2 +- http/misconfiguration/front-page-misconfig.yaml | 2 +- http/misconfiguration/gitlab/gitlab-public-repos.yaml | 2 +- http/misconfiguration/gitlab/gitlab-public-snippets.yaml | 2 +- http/misconfiguration/global-traffic-statistics.yaml | 2 +- http/misconfiguration/gocd/gocd-cruise-configuration.yaml | 2 +- http/misconfiguration/gocd/gocd-encryption-key.yaml | 2 +- http/misconfiguration/haproxy-exporter-metrics.yaml | 2 +- http/misconfiguration/healthchecks-ui-exposure.yaml | 2 +- http/misconfiguration/hfs-exposure.yaml | 2 +- http/misconfiguration/ibm-friendly-path-exposure.yaml | 2 +- http/misconfiguration/ibm-websphere-xml.yaml | 3 ++- http/misconfiguration/installer/acunetix-360-installer.yaml | 2 +- http/misconfiguration/installer/ampache-music-installer.yaml | 2 +- http/misconfiguration/installer/bagisto-installer.yaml | 2 +- http/misconfiguration/installer/binom-installer.yaml | 2 +- http/misconfiguration/installer/blesta-installer.yaml | 2 +- http/misconfiguration/installer/circarlife-setup.yaml | 2 +- http/misconfiguration/installer/cloudcenter-Installer.yaml | 2 +- http/misconfiguration/installer/codeigniter-installer.yaml | 2 +- http/misconfiguration/installer/concrete-installer.yaml | 2 +- http/misconfiguration/installer/contentify-installer.yaml | 2 +- http/misconfiguration/installer/dokuwiki-installer.yaml | 2 +- http/misconfiguration/installer/dolibarr-installer.yaml | 2 +- http/misconfiguration/installer/eshop-installer.yaml | 2 +- http/misconfiguration/installer/espeasy-installer.yaml | 2 +- http/misconfiguration/installer/facturascripts-installer.yaml | 2 +- http/misconfiguration/installer/geniusocean-installer.yaml | 2 +- http/misconfiguration/installer/getsimple-installation.yaml | 2 +- http/misconfiguration/installer/gogs-installer.yaml | 2 +- http/misconfiguration/installer/impresspages-installer.yaml | 2 +- http/misconfiguration/installer/lmszai-installer.yaml | 2 +- http/misconfiguration/installer/lychee-installer.yaml | 2 +- http/misconfiguration/installer/magento-installer.yaml | 2 +- http/misconfiguration/installer/magnolia-installer.yaml | 2 +- http/misconfiguration/installer/mcloud-installer.yaml | 2 +- http/misconfiguration/installer/moodle-installer.yaml | 2 +- http/misconfiguration/installer/nagiosxi-installer.yaml | 2 +- .../installer/netsparker-enterprise-installer.yaml | 2 +- http/misconfiguration/installer/nginx-auto-installer.yaml | 2 +- http/misconfiguration/installer/nodebb-installer.yaml | 2 +- http/misconfiguration/installer/openmage-install.yaml | 2 +- http/misconfiguration/installer/opensis-installer.yaml | 2 +- http/misconfiguration/installer/orangehrm-installer.yaml | 2 +- .../installer/owncloud-installer-exposure.yaml | 2 +- http/misconfiguration/installer/oxid-eshop-installer.yaml | 2 +- http/misconfiguration/installer/pagekit-installer.yaml | 2 +- http/misconfiguration/installer/permissions-installer.yaml | 2 +- http/misconfiguration/installer/phpbb-installer.yaml | 2 +- http/misconfiguration/installer/phpwind-installer.yaml | 2 +- http/misconfiguration/installer/pmm-installer.yaml | 2 +- http/misconfiguration/installer/prestashop-installer.yaml | 2 +- http/misconfiguration/installer/processwire-installer.yaml | 2 +- http/misconfiguration/installer/server-monitor-installer.yaml | 2 +- http/misconfiguration/installer/smf-installer.yaml | 2 +- http/misconfiguration/installer/sumowebtools-installer.yaml | 2 +- http/misconfiguration/installer/tasmota-install.yaml | 2 +- http/misconfiguration/installer/testrail-install.yaml | 2 +- http/misconfiguration/installer/turbo-website-installer.yaml | 2 +- http/misconfiguration/installer/unifi-wizard-install.yaml | 2 +- http/misconfiguration/installer/uvdesk-install.yaml | 2 +- http/misconfiguration/installer/vtiger-installer.yaml | 2 +- http/misconfiguration/installer/webasyst-installer.yaml | 2 +- http/misconfiguration/installer/webuzo-installer.yaml | 2 +- http/misconfiguration/iot-vdme-simulator.yaml | 2 +- http/misconfiguration/kubernetes/kube-state-metrics.yaml | 2 +- http/misconfiguration/kubernetes/kubernetes-metrics.yaml | 2 +- .../kubernetes/kubernetes-resource-report.yaml | 2 +- http/misconfiguration/libvirt-exporter-metrics.yaml | 2 +- http/misconfiguration/liferay/liferay-api.yaml | 2 +- http/misconfiguration/liferay/liferay-axis.yaml | 2 +- http/misconfiguration/liferay/liferay-jsonws.yaml | 2 +- http/misconfiguration/linktap-gateway-exposure.yaml | 2 +- http/misconfiguration/locust-exposure.yaml | 2 +- http/misconfiguration/lvm-exporter-metrics.yaml | 2 +- http/misconfiguration/mobiproxy-dashboard.yaml | 2 +- http/misconfiguration/moleculer-microservices.yaml | 2 +- http/misconfiguration/mongodb-exporter-metrics.yaml | 2 +- http/misconfiguration/mysqld-exporter-metrics.yaml | 2 +- http/misconfiguration/namedprocess-exporter-metrics.yaml | 2 +- http/misconfiguration/node-exporter-metrics.yaml | 2 +- http/misconfiguration/ntop-panel-exposed.yaml | 2 +- http/misconfiguration/oneinstack-control-center.yaml | 2 +- http/misconfiguration/pa11y-dashboard.yaml | 2 +- http/misconfiguration/pghero-dashboard-exposure.yaml | 2 +- http/misconfiguration/phpmemcached-admin-panel.yaml | 2 +- http/misconfiguration/postgres-exporter-metrics.yaml | 2 +- http/misconfiguration/private-key-exposure.yaml | 2 +- http/misconfiguration/proxy/metadata-alibaba.yaml | 2 +- http/misconfiguration/proxy/metadata-aws.yaml | 2 ++ http/misconfiguration/proxy/metadata-azure.yaml | 2 +- http/misconfiguration/proxy/metadata-digitalocean.yaml | 2 +- http/misconfiguration/proxy/metadata-google.yaml | 2 +- http/misconfiguration/proxy/metadata-hetzner.yaml | 2 +- http/misconfiguration/proxy/metadata-openstack.yaml | 2 +- http/misconfiguration/proxy/metadata-oracle.yaml | 2 +- http/misconfiguration/proxy/open-proxy-internal.yaml | 2 +- http/misconfiguration/proxy/open-proxy-localhost.yaml | 2 +- http/misconfiguration/proxy/open-proxy-portscan.yaml | 2 +- http/misconfiguration/puppetdb-dashboard.yaml | 2 +- http/misconfiguration/python-metrics.yaml | 2 +- http/misconfiguration/questdb-console.yaml | 2 +- http/misconfiguration/rabbitmq-exporter-metrics.yaml | 2 +- http/misconfiguration/ray-dashboard.yaml | 2 +- http/misconfiguration/rekognition-image-validation.yaml | 2 +- http/misconfiguration/salesforce-aura.yaml | 2 +- http/misconfiguration/service-pwd.yaml | 2 +- http/misconfiguration/setup-github-enterprise.yaml | 2 +- http/misconfiguration/skycaiji-install.yaml | 2 +- http/misconfiguration/smarterstats-setup.yaml | 2 +- http/misconfiguration/sony-bravia-disclosure.yaml | 2 +- http/misconfiguration/spidercontrol-scada-server-info.yaml | 2 +- http/misconfiguration/springboot/spring-eureka.yaml | 2 +- http/misconfiguration/springboot/springboot-auditevents.yaml | 2 +- http/misconfiguration/springboot/springboot-autoconfig.yaml | 2 +- http/misconfiguration/springboot/springboot-beans.yaml | 2 +- http/misconfiguration/springboot/springboot-caches.yaml | 2 +- http/misconfiguration/springboot/springboot-conditions.yaml | 2 +- http/misconfiguration/springboot/springboot-configprops.yaml | 2 +- http/misconfiguration/springboot/springboot-dump.yaml | 2 +- http/misconfiguration/springboot/springboot-env.yaml | 2 +- http/misconfiguration/springboot/springboot-features.yaml | 2 +- http/misconfiguration/springboot/springboot-flyway.yaml | 2 +- http/misconfiguration/springboot/springboot-gateway.yaml | 2 +- http/misconfiguration/springboot/springboot-health.yaml | 2 +- http/misconfiguration/springboot/springboot-heapdump.yaml | 1 + http/misconfiguration/springboot/springboot-httptrace.yaml | 2 +- http/misconfiguration/springboot/springboot-jolokia.yaml | 2 +- http/misconfiguration/springboot/springboot-liquidbase.yaml | 2 +- http/misconfiguration/springboot/springboot-logfile.yaml | 2 +- http/misconfiguration/springboot/springboot-loggerconfig.yaml | 2 +- http/misconfiguration/springboot/springboot-loggers.yaml | 2 +- http/misconfiguration/springboot/springboot-mappings.yaml | 2 +- http/misconfiguration/springboot/springboot-metrics.yaml | 2 +- .../misconfiguration/springboot/springboot-scheduledtasks.yaml | 2 +- http/misconfiguration/springboot/springboot-status.yaml | 2 +- http/misconfiguration/springboot/springboot-trace.yaml | 2 +- http/misconfiguration/sql-server-report-viewer.yaml | 2 +- http/misconfiguration/syncthing-dashboard.yaml | 2 +- http/misconfiguration/system-properties-exposure.yaml | 2 +- http/misconfiguration/tasmota-config-webui.yaml | 2 +- http/misconfiguration/thinkphp-errors.yaml | 2 +- http/misconfiguration/tomcat-cookie-exposed.yaml | 2 +- http/misconfiguration/transmission-dashboard.yaml | 2 +- http/misconfiguration/typo3-composer.yaml | 2 +- http/misconfiguration/unauth-apache-kafka-ui.yaml | 2 +- http/misconfiguration/unauth-axyom-network-manager.yaml | 2 +- http/misconfiguration/unauth-kubecost.yaml | 2 +- http/misconfiguration/unauth-wavink-panel.yaml | 2 +- http/misconfiguration/unauthenticated-glances.yaml | 2 +- http/misconfiguration/viewpoint-system-status.yaml | 2 +- http/misconfiguration/wamp-server-configuration.yaml | 2 +- http/misconfiguration/webdav-enabled.yaml | 2 +- 191 files changed, 193 insertions(+), 189 deletions(-) diff --git a/http/misconfiguration/ace-admin-dashboard.yaml b/http/misconfiguration/ace-admin-dashboard.yaml index 798d0fde2f..bf496b44b7 100644 --- a/http/misconfiguration/ace-admin-dashboard.yaml +++ b/http/misconfiguration/ace-admin-dashboard.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"Dashboard - Ace Admin" - tags: misconfig,aceadmin + tags: misconfig,exposure,aceadmin http: - method: GET diff --git a/http/misconfiguration/aem/aem-crx-browser.yaml b/http/misconfiguration/aem/aem-crx-browser.yaml index 14962133f7..2c13bb3ea9 100644 --- a/http/misconfiguration/aem/aem-crx-browser.yaml +++ b/http/misconfiguration/aem/aem-crx-browser.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-crx-namespace.yaml b/http/misconfiguration/aem/aem-crx-namespace.yaml index 55912c04af..c7b3fc1457 100644 --- a/http/misconfiguration/aem/aem-crx-namespace.yaml +++ b/http/misconfiguration/aem/aem-crx-namespace.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: aem,adobe,misconfig + tags: exposure,aem,adobe,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-crx-search.yaml b/http/misconfiguration/aem/aem-crx-search.yaml index e8a805a256..72c2066ee0 100644 --- a/http/misconfiguration/aem/aem-crx-search.yaml +++ b/http/misconfiguration/aem/aem-crx-search.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-disk-usage.yaml b/http/misconfiguration/aem/aem-disk-usage.yaml index f11174a124..628a753941 100644 --- a/http/misconfiguration/aem/aem-disk-usage.yaml +++ b/http/misconfiguration/aem/aem-disk-usage.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-explorer-nodetypes.yaml b/http/misconfiguration/aem/aem-explorer-nodetypes.yaml index 9940c91147..da3d82c298 100644 --- a/http/misconfiguration/aem/aem-explorer-nodetypes.yaml +++ b/http/misconfiguration/aem/aem-explorer-nodetypes.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-external-link-checker.yaml b/http/misconfiguration/aem/aem-external-link-checker.yaml index 2dbfab58b5..316cb3e06b 100644 --- a/http/misconfiguration/aem/aem-external-link-checker.yaml +++ b/http/misconfiguration/aem/aem-external-link-checker.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-misc-admin.yaml b/http/misconfiguration/aem/aem-misc-admin.yaml index 2d6b3f46e8..5078301e8a 100644 --- a/http/misconfiguration/aem/aem-misc-admin.yaml +++ b/http/misconfiguration/aem/aem-misc-admin.yaml @@ -12,7 +12,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-secrets.yaml b/http/misconfiguration/aem/aem-secrets.yaml index 2c22854abc..0eab636ffc 100644 --- a/http/misconfiguration/aem/aem-secrets.yaml +++ b/http/misconfiguration/aem/aem-secrets.yaml @@ -11,7 +11,7 @@ info: metadata: max-request: 2 verified: true - tags: aem,adobe,misconfig + tags: aem,adobe,misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-security-users.yaml b/http/misconfiguration/aem/aem-security-users.yaml index b071d7d310..598dd877a0 100644 --- a/http/misconfiguration/aem/aem-security-users.yaml +++ b/http/misconfiguration/aem/aem-security-users.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/aem/aem-sling-userinfo.yaml b/http/misconfiguration/aem/aem-sling-userinfo.yaml index da282ebf18..5b804c10fc 100644 --- a/http/misconfiguration/aem/aem-sling-userinfo.yaml +++ b/http/misconfiguration/aem/aem-sling-userinfo.yaml @@ -11,7 +11,7 @@ info: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" - tags: misconfig,aem,adobe + tags: misconfig,aem,adobe,exposure http: - method: GET diff --git a/http/misconfiguration/ampache-update-exposure.yaml b/http/misconfiguration/ampache-update-exposure.yaml index 1140c34725..d5c8068cee 100644 --- a/http/misconfiguration/ampache-update-exposure.yaml +++ b/http/misconfiguration/ampache-update-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.html:"Ampache Update" - tags: misconfig,ampache + tags: misconfig,ampache,exposure http: - method: GET diff --git a/http/misconfiguration/apache-drill-exposure.yaml b/http/misconfiguration/apache-drill-exposure.yaml index c2d50e6d6e..69c86b5874 100644 --- a/http/misconfiguration/apache-drill-exposure.yaml +++ b/http/misconfiguration/apache-drill-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Apache Drill" - tags: misconfig,apache,drill + tags: misconfig,exposure,apache,drill http: - method: GET diff --git a/http/misconfiguration/apache-struts-showcase.yaml b/http/misconfiguration/apache-struts-showcase.yaml index e397c7642e..db630a9676 100644 --- a/http/misconfiguration/apache-struts-showcase.yaml +++ b/http/misconfiguration/apache-struts-showcase.yaml @@ -10,7 +10,7 @@ info: max-request: 2 verified: true shodan-query: title:"Struts2 Showcase" - tags: apache,struts,showcase,misconfig + tags: apache,struts,showcase,misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/apache/kafka-manager-unauth.yaml b/http/misconfiguration/apache/kafka-manager-unauth.yaml index bb37222e5d..4d9bccddd7 100644 --- a/http/misconfiguration/apache/kafka-manager-unauth.yaml +++ b/http/misconfiguration/apache/kafka-manager-unauth.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 1 fofa-query: app="Kafka-Manager" - tags: misconfig,apache,kafka,unauth + tags: misconfig,apache,kafka,unauth,exposure http: - method: GET diff --git a/http/misconfiguration/awstats-listing.yaml b/http/misconfiguration/awstats-listing.yaml index d6d2520b5a..74572a1f9f 100644 --- a/http/misconfiguration/awstats-listing.yaml +++ b/http/misconfiguration/awstats-listing.yaml @@ -5,7 +5,7 @@ info: author: tess severity: low description: Searches for exposed awstats Internal Information. - tags: misconfig,aws,amazon,awstats,oss + tags: misconfig,aws,exposure,amazon,awstats,oss metadata: max-request: 1 diff --git a/http/misconfiguration/blackbox-exporter-metrics.yaml b/http/misconfiguration/blackbox-exporter-metrics.yaml index b849b61ca4..ebeb32639e 100644 --- a/http/misconfiguration/blackbox-exporter-metrics.yaml +++ b/http/misconfiguration/blackbox-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Blackbox Exporter" - tags: blackbox,debug,misconfig + tags: blackbox,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/bootstrap-admin-panel-template.yaml b/http/misconfiguration/bootstrap-admin-panel-template.yaml index b4b3125351..78053feb45 100644 --- a/http/misconfiguration/bootstrap-admin-panel-template.yaml +++ b/http/misconfiguration/bootstrap-admin-panel-template.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"Dashboard - Bootstrap Admin Template" - tags: bootstrap,panel,misconfig + tags: bootstrap,panel,misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/cadvisor-exposure.yaml b/http/misconfiguration/cadvisor-exposure.yaml index 10ce627942..bdb9b22b8e 100644 --- a/http/misconfiguration/cadvisor-exposure.yaml +++ b/http/misconfiguration/cadvisor-exposure.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"cAdvisor" - tags: misconfig,dashboard + tags: exposure,misconfig,dashboard http: - method: GET diff --git a/http/misconfiguration/clockwork-dashboard-exposure.yaml b/http/misconfiguration/clockwork-dashboard-exposure.yaml index e870322540..e920d4ecb8 100644 --- a/http/misconfiguration/clockwork-dashboard-exposure.yaml +++ b/http/misconfiguration/clockwork-dashboard-exposure.yaml @@ -6,7 +6,7 @@ info: severity: high reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/clockwork-dashboard-exposure.json - tags: unauth,misconfig + tags: exposure,unauth,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/cloud-metadata.yaml b/http/misconfiguration/cloud-metadata.yaml index 207e4685a0..d2a91758ad 100644 --- a/http/misconfiguration/cloud-metadata.yaml +++ b/http/misconfiguration/cloud-metadata.yaml @@ -9,7 +9,7 @@ info: max-request: 1 verified: true shodan-query: html:"instance_metadata" - tags: misconfig,devops,cloud,aws,gcp + tags: misconfig,exposure,devops,cloud,aws,gcp http: - method: GET diff --git a/http/misconfiguration/cobbler-exposed-directory.yaml b/http/misconfiguration/cobbler-exposed-directory.yaml index 5ad934649e..be81a8e068 100644 --- a/http/misconfiguration/cobbler-exposed-directory.yaml +++ b/http/misconfiguration/cobbler-exposed-directory.yaml @@ -5,7 +5,7 @@ info: author: c-sh0 severity: medium description: Searches for exposed Cobbler Directories - tags: cobbler,misconfig + tags: cobbler,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/codemeter-webadmin.yaml b/http/misconfiguration/codemeter-webadmin.yaml index 72195d6e29..47e6c8e0bf 100644 --- a/http/misconfiguration/codemeter-webadmin.yaml +++ b/http/misconfiguration/codemeter-webadmin.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"CodeMeter" - tags: misconfig,codemeter + tags: misconfig,exposure,codemeter http: - method: GET diff --git a/http/misconfiguration/codis-dashboard.yaml b/http/misconfiguration/codis-dashboard.yaml index 62c1f9aff2..71fc8839c5 100644 --- a/http/misconfiguration/codis-dashboard.yaml +++ b/http/misconfiguration/codis-dashboard.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Codis • Dashboard" - tags: misconfig,codis + tags: misconfig,exposure,codis http: - method: GET diff --git a/http/misconfiguration/collectd-exporter-metrics.yaml b/http/misconfiguration/collectd-exporter-metrics.yaml index 66c8381eec..499911533b 100644 --- a/http/misconfiguration/collectd-exporter-metrics.yaml +++ b/http/misconfiguration/collectd-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Collectd Exporter" - tags: collectd,debug,misconfig + tags: collectd,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/confluence-dashboard.yaml b/http/misconfiguration/confluence-dashboard.yaml index bc080433c3..36de53666b 100644 --- a/http/misconfiguration/confluence-dashboard.yaml +++ b/http/misconfiguration/confluence-dashboard.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Dashboard - Confluence" - tags: misconfig,confluence,atlassian + tags: misconfig,exposure,confluence,atlassian http: - method: GET diff --git a/http/misconfiguration/corebos-htaccess.yaml b/http/misconfiguration/corebos-htaccess.yaml index fff4d89992..8ead5802d0 100644 --- a/http/misconfiguration/corebos-htaccess.yaml +++ b/http/misconfiguration/corebos-htaccess.yaml @@ -12,7 +12,7 @@ info: max-request: 1 verified: true shodan-query: http.html:"corebos" - tags: corebos,huntr,misconfig + tags: exposure,corebos,huntr,misconfig http: - method: GET diff --git a/http/misconfiguration/debug/bottle-debug.yaml b/http/misconfiguration/debug/bottle-debug.yaml index d5ebbaee40..9395cd343d 100644 --- a/http/misconfiguration/debug/bottle-debug.yaml +++ b/http/misconfiguration/debug/bottle-debug.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: html:"Sorry, the requested URL" - tags: bottle,debug,misconfig + tags: bottle,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/debug/flask-werkzeug-debug.yaml b/http/misconfiguration/debug/flask-werkzeug-debug.yaml index bc67b231a2..2c939b53ab 100644 --- a/http/misconfiguration/debug/flask-werkzeug-debug.yaml +++ b/http/misconfiguration/debug/flask-werkzeug-debug.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Werkzeug powered traceback interpreter" - tags: werkzeug,debug,misconfig + tags: werkzeug,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/dgraph-dashboard-exposure.yaml b/http/misconfiguration/dgraph-dashboard-exposure.yaml index 2cd78dde03..cef5ec1226 100644 --- a/http/misconfiguration/dgraph-dashboard-exposure.yaml +++ b/http/misconfiguration/dgraph-dashboard-exposure.yaml @@ -12,7 +12,7 @@ info: metadata: max-request: 1 shodan-query: http.title:"Dgraph Ratel Dashboard" - tags: unauth,panel,misconfig + tags: exposure,unauth,panel,misconfig http: - method: GET diff --git a/http/misconfiguration/docmosis-tornado-server.yaml b/http/misconfiguration/docmosis-tornado-server.yaml index 0e276861c5..2020932772 100644 --- a/http/misconfiguration/docmosis-tornado-server.yaml +++ b/http/misconfiguration/docmosis-tornado-server.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Docmosis Tornado" - tags: misconfig,tornado + tags: misconfig,tornado,exposure http: - method: GET diff --git a/http/misconfiguration/elastic-hd-dashboard.yaml b/http/misconfiguration/elastic-hd-dashboard.yaml index 4fad731a2b..6217bff003 100644 --- a/http/misconfiguration/elastic-hd-dashboard.yaml +++ b/http/misconfiguration/elastic-hd-dashboard.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Elastic HD Dashboard" - tags: misconfig,elastic + tags: misconfig,exposure,elastic http: - method: GET diff --git a/http/misconfiguration/encompass-cm1-homepage.yaml b/http/misconfiguration/encompass-cm1-homepage.yaml index bbd33edb58..2f8cefda00 100644 --- a/http/misconfiguration/encompass-cm1-homepage.yaml +++ b/http/misconfiguration/encompass-cm1-homepage.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"Encompass CM1 Home Page" - tags: misconfig,encompass + tags: misconfig,encompass,exposure http: - method: GET diff --git a/http/misconfiguration/envoy-admin-exposure.yaml b/http/misconfiguration/envoy-admin-exposure.yaml index 9b98d8f07a..a700cb51aa 100644 --- a/http/misconfiguration/envoy-admin-exposure.yaml +++ b/http/misconfiguration/envoy-admin-exposure.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Envoy Admin" - tags: misconfig,envoy + tags: misconfig,envoy,exposure http: - method: GET diff --git a/http/misconfiguration/espeasy-mega-exposure.yaml b/http/misconfiguration/espeasy-mega-exposure.yaml index 9e34f90548..d3b519eb46 100644 --- a/http/misconfiguration/espeasy-mega-exposure.yaml +++ b/http/misconfiguration/espeasy-mega-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.html:"ESP Easy Mega" - tags: misconfig,espeasy + tags: misconfig,espeasy,exposure http: - method: GET diff --git a/http/misconfiguration/esphome-dashboard.yaml b/http/misconfiguration/esphome-dashboard.yaml index 5ee7d62cb5..1459230a30 100644 --- a/http/misconfiguration/esphome-dashboard.yaml +++ b/http/misconfiguration/esphome-dashboard.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Dashboard - ESPHome" - tags: misconfig,esphome,iot + tags: misconfig,esphome,exposure,iot http: - method: GET diff --git a/http/misconfiguration/everything-listing.yaml b/http/misconfiguration/everything-listing.yaml index 71d47d833b..a2850b27d0 100644 --- a/http/misconfiguration/everything-listing.yaml +++ b/http/misconfiguration/everything-listing.yaml @@ -12,7 +12,7 @@ info: max-request: 1 verified: 'true' shodan-query: http.favicon.hash:-977323269 - tags: everything,listing,voidtools,misconfig + tags: exposure,everything,listing,voidtools,misconfig http: - method: GET diff --git a/http/misconfiguration/exposed-jquery-file-upload.yaml b/http/misconfiguration/exposed-jquery-file-upload.yaml index d15ffa7434..01fb075db6 100644 --- a/http/misconfiguration/exposed-jquery-file-upload.yaml +++ b/http/misconfiguration/exposed-jquery-file-upload.yaml @@ -12,7 +12,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cwe-id: CWE-434 - tags: jquery,edb,misconfig + tags: exposure,jquery,edb,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/exposed-kafdrop.yaml b/http/misconfiguration/exposed-kafdrop.yaml index 0e2a3324fe..a7fbef20bd 100644 --- a/http/misconfiguration/exposed-kafdrop.yaml +++ b/http/misconfiguration/exposed-kafdrop.yaml @@ -4,7 +4,7 @@ info: name: Publicly exposed Kafdrop Interface author: dhiyaneshDk severity: low - tags: misconfig,kafdrop + tags: exposure,misconfig,kafdrop metadata: max-request: 1 diff --git a/http/misconfiguration/front-page-misconfig.yaml b/http/misconfiguration/front-page-misconfig.yaml index ad5a7528a5..c009369d17 100644 --- a/http/misconfiguration/front-page-misconfig.yaml +++ b/http/misconfiguration/front-page-misconfig.yaml @@ -6,7 +6,7 @@ info: severity: info reference: - https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications - tags: misconfig,frontpage + tags: misconfig,exposure,frontpage metadata: max-request: 2 diff --git a/http/misconfiguration/gitlab/gitlab-public-repos.yaml b/http/misconfiguration/gitlab/gitlab-public-repos.yaml index 3b0432bdfe..f3c7441c13 100644 --- a/http/misconfiguration/gitlab/gitlab-public-repos.yaml +++ b/http/misconfiguration/gitlab/gitlab-public-repos.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 1 shodan-query: http.title:"GitLab" - tags: gitlab,misconfig + tags: gitlab,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/gitlab/gitlab-public-snippets.yaml b/http/misconfiguration/gitlab/gitlab-public-snippets.yaml index 842873238e..257786749b 100644 --- a/http/misconfiguration/gitlab/gitlab-public-snippets.yaml +++ b/http/misconfiguration/gitlab/gitlab-public-snippets.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 2 shodan-query: http.title:"GitLab" - tags: gitlab,misconfig + tags: gitlab,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/global-traffic-statistics.yaml b/http/misconfiguration/global-traffic-statistics.yaml index 3a3bf0adcb..ccbe034b19 100644 --- a/http/misconfiguration/global-traffic-statistics.yaml +++ b/http/misconfiguration/global-traffic-statistics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Global Traffic Statistics" - tags: misconfig,global + tags: misconfig,global,exposure http: - method: GET diff --git a/http/misconfiguration/gocd/gocd-cruise-configuration.yaml b/http/misconfiguration/gocd/gocd-cruise-configuration.yaml index 9705b7f26a..1a54539c2b 100644 --- a/http/misconfiguration/gocd/gocd-cruise-configuration.yaml +++ b/http/misconfiguration/gocd/gocd-cruise-configuration.yaml @@ -11,7 +11,7 @@ info: metadata: max-request: 1 shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version" - tags: go,gocd,config,misconfig + tags: go,gocd,config,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/gocd/gocd-encryption-key.yaml b/http/misconfiguration/gocd/gocd-encryption-key.yaml index ffc1503779..a57722007f 100644 --- a/http/misconfiguration/gocd/gocd-encryption-key.yaml +++ b/http/misconfiguration/gocd/gocd-encryption-key.yaml @@ -11,7 +11,7 @@ info: metadata: max-request: 1 shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version" - tags: go,gocd,misconfig + tags: go,gocd,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/haproxy-exporter-metrics.yaml b/http/misconfiguration/haproxy-exporter-metrics.yaml index b949ba9180..9e34eccc31 100644 --- a/http/misconfiguration/haproxy-exporter-metrics.yaml +++ b/http/misconfiguration/haproxy-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"haproxy exporter" - tags: haproxy,debug,misconfig + tags: haproxy,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/healthchecks-ui-exposure.yaml b/http/misconfiguration/healthchecks-ui-exposure.yaml index a8367fc095..e5c1b2546c 100644 --- a/http/misconfiguration/healthchecks-ui-exposure.yaml +++ b/http/misconfiguration/healthchecks-ui-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Health Checks UI" - tags: misconfig + tags: misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/hfs-exposure.yaml b/http/misconfiguration/hfs-exposure.yaml index ee819cdd4a..d3617cf526 100644 --- a/http/misconfiguration/hfs-exposure.yaml +++ b/http/misconfiguration/hfs-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"HFS /" - tags: misconfig,hfs + tags: misconfig,hfs,exposure http: - method: GET diff --git a/http/misconfiguration/ibm-friendly-path-exposure.yaml b/http/misconfiguration/ibm-friendly-path-exposure.yaml index 8fa8f6f88c..60a408ba10 100644 --- a/http/misconfiguration/ibm-friendly-path-exposure.yaml +++ b/http/misconfiguration/ibm-friendly-path-exposure.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 5 shodan-query: http.html:"IBM WebSphere Portal" - tags: ibm,websphere,misconfig + tags: ibm,exposure,websphere,misconfig http: - method: GET diff --git a/http/misconfiguration/ibm-websphere-xml.yaml b/http/misconfiguration/ibm-websphere-xml.yaml index 5c6b2d6257..f57d8a4dfa 100644 --- a/http/misconfiguration/ibm-websphere-xml.yaml +++ b/http/misconfiguration/ibm-websphere-xml.yaml @@ -11,7 +11,8 @@ info: metadata: max-request: 1 verified: true - tags: ibm,websphere,misconfig + tags: ibm,websphere,exposure,misconfig + verified: "true" http: - method: GET diff --git a/http/misconfiguration/installer/acunetix-360-installer.yaml b/http/misconfiguration/installer/acunetix-360-installer.yaml index 361ccb7f4d..4d6a084e40 100644 --- a/http/misconfiguration/installer/acunetix-360-installer.yaml +++ b/http/misconfiguration/installer/acunetix-360-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.favicon.hash:-347188002 - tags: misconfig,install,acunetix + tags: misconfig,exposure,install,acunetix http: - method: GET diff --git a/http/misconfiguration/installer/ampache-music-installer.yaml b/http/misconfiguration/installer/ampache-music-installer.yaml index 75d3247c71..0535ad028f 100644 --- a/http/misconfiguration/installer/ampache-music-installer.yaml +++ b/http/misconfiguration/installer/ampache-music-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"For the Love of Music - Installation" - tags: misconfig,ampache,install + tags: misconfig,ampache,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/bagisto-installer.yaml b/http/misconfiguration/installer/bagisto-installer.yaml index 0166de9eed..2529333ecf 100644 --- a/http/misconfiguration/installer/bagisto-installer.yaml +++ b/http/misconfiguration/installer/bagisto-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Bagisto Installer" - tags: misconfig,bagisto,install + tags: misconfig,bagisto,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/binom-installer.yaml b/http/misconfiguration/installer/binom-installer.yaml index 2cda21dc43..618165a29a 100644 --- a/http/misconfiguration/installer/binom-installer.yaml +++ b/http/misconfiguration/installer/binom-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 2 verified: true shodan-query: title:"Install Binom" - tags: misconfig,binom,install + tags: misconfig,binom,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/blesta-installer.yaml b/http/misconfiguration/installer/blesta-installer.yaml index 68ea2b9f97..fe7199aa13 100644 --- a/http/misconfiguration/installer/blesta-installer.yaml +++ b/http/misconfiguration/installer/blesta-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Blesta installer" - tags: misconfig,blesta,install + tags: misconfig,blesta,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/circarlife-setup.yaml b/http/misconfiguration/installer/circarlife-setup.yaml index 1a274b2ac5..c867aede4c 100644 --- a/http/misconfiguration/installer/circarlife-setup.yaml +++ b/http/misconfiguration/installer/circarlife-setup.yaml @@ -15,7 +15,7 @@ info: max-request: 1 verified: true shodan-query: title:"- setup" html:"Modem setup" - tags: scada,circontrol,circarlife,setup,panel,installer,misconfig + tags: scada,circontrol,circarlife,setup,exposure,panel,installer,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/cloudcenter-Installer.yaml b/http/misconfiguration/installer/cloudcenter-Installer.yaml index 370aa88128..910f57c3eb 100644 --- a/http/misconfiguration/installer/cloudcenter-Installer.yaml +++ b/http/misconfiguration/installer/cloudcenter-Installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"CloudCenter Installer" - tags: misconfig,cisco,cloudcenter,install + tags: misconfig,cisco,cloudcenter,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/codeigniter-installer.yaml b/http/misconfiguration/installer/codeigniter-installer.yaml index c57ab68c1c..e73562e35b 100644 --- a/http/misconfiguration/installer/codeigniter-installer.yaml +++ b/http/misconfiguration/installer/codeigniter-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Codeigniter Application Installer" - tags: misconfig,codeigniter,install + tags: misconfig,codeigniter,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/concrete-installer.yaml b/http/misconfiguration/installer/concrete-installer.yaml index 0d0901d4d0..0b33750992 100644 --- a/http/misconfiguration/installer/concrete-installer.yaml +++ b/http/misconfiguration/installer/concrete-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Install concrete" - tags: misconfig,install,concrete + tags: misconfig,exposure,install,concrete http: - method: GET diff --git a/http/misconfiguration/installer/contentify-installer.yaml b/http/misconfiguration/installer/contentify-installer.yaml index ce64c6b387..3dbb8f34c9 100644 --- a/http/misconfiguration/installer/contentify-installer.yaml +++ b/http/misconfiguration/installer/contentify-installer.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 verified: true - tags: misconfig,contentify,install + tags: misconfig,contentify,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/dokuwiki-installer.yaml b/http/misconfiguration/installer/dokuwiki-installer.yaml index 1a67a856f3..3cb902dba1 100644 --- a/http/misconfiguration/installer/dokuwiki-installer.yaml +++ b/http/misconfiguration/installer/dokuwiki-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"DokuWiki" - tags: misconfig,dokuwiki,install + tags: misconfig,dokuwiki,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/dolibarr-installer.yaml b/http/misconfiguration/installer/dolibarr-installer.yaml index c3c43a9e3c..96a6232690 100644 --- a/http/misconfiguration/installer/dolibarr-installer.yaml +++ b/http/misconfiguration/installer/dolibarr-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Dolibarr install or upgrade" - tags: misconfig,install + tags: misconfig,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/eshop-installer.yaml b/http/misconfiguration/installer/eshop-installer.yaml index 93f1fa7639..46a67f0c76 100644 --- a/http/misconfiguration/installer/eshop-installer.yaml +++ b/http/misconfiguration/installer/eshop-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"eShop Installer" - tags: misconfig,eshop,install + tags: misconfig,eshop,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/espeasy-installer.yaml b/http/misconfiguration/installer/espeasy-installer.yaml index 2907943719..b61c46ac71 100644 --- a/http/misconfiguration/installer/espeasy-installer.yaml +++ b/http/misconfiguration/installer/espeasy-installer.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 verified: true - tags: misconfig,espeasy,install + tags: misconfig,espeasy,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/facturascripts-installer.yaml b/http/misconfiguration/installer/facturascripts-installer.yaml index 8b7eee5e88..b591c7d21d 100644 --- a/http/misconfiguration/installer/facturascripts-installer.yaml +++ b/http/misconfiguration/installer/facturascripts-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"FacturaScripts installer" - tags: misconfig,facturascripts,install + tags: misconfig,facturascripts,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/geniusocean-installer.yaml b/http/misconfiguration/installer/geniusocean-installer.yaml index 1aac71c445..8946af1ba7 100644 --- a/http/misconfiguration/installer/geniusocean-installer.yaml +++ b/http/misconfiguration/installer/geniusocean-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"GeniusOcean Installer" - tags: misconfig,geniusocean,install + tags: misconfig,geniusocean,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/getsimple-installation.yaml b/http/misconfiguration/installer/getsimple-installation.yaml index d5c8a39f86..ba766a1e3c 100644 --- a/http/misconfiguration/installer/getsimple-installation.yaml +++ b/http/misconfiguration/installer/getsimple-installation.yaml @@ -11,7 +11,7 @@ info: cwe-id: CWE-284 reference: - http://get-simple.info/ - tags: getsimple,installer,misconfig + tags: getsimple,exposure,installer,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/installer/gogs-installer.yaml b/http/misconfiguration/installer/gogs-installer.yaml index 44fc2f4313..0da4cef821 100644 --- a/http/misconfiguration/installer/gogs-installer.yaml +++ b/http/misconfiguration/installer/gogs-installer.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Installation - Gogs" - tags: misconfig,gogs,install + tags: misconfig,exposure,gogs,install http: - method: GET diff --git a/http/misconfiguration/installer/impresspages-installer.yaml b/http/misconfiguration/installer/impresspages-installer.yaml index ed44cb73ba..7340eadade 100644 --- a/http/misconfiguration/installer/impresspages-installer.yaml +++ b/http/misconfiguration/installer/impresspages-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"ImpressPages installation wizard" - tags: misconfig,install,impresspages + tags: misconfig,exposure,install,impresspages http: - method: GET diff --git a/http/misconfiguration/installer/lmszai-installer.yaml b/http/misconfiguration/installer/lmszai-installer.yaml index 597755eed8..7484b0ff0c 100644 --- a/http/misconfiguration/installer/lmszai-installer.yaml +++ b/http/misconfiguration/installer/lmszai-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"LMSZAI - Learning Management System" - tags: misconfig,blesta,install + tags: misconfig,blesta,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/lychee-installer.yaml b/http/misconfiguration/installer/lychee-installer.yaml index 44b9c9e79d..6ca930ddc4 100644 --- a/http/misconfiguration/installer/lychee-installer.yaml +++ b/http/misconfiguration/installer/lychee-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Lychee-installer" - tags: misconfig,lychee,install + tags: misconfig,lychee,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/magento-installer.yaml b/http/misconfiguration/installer/magento-installer.yaml index c116fd000f..1d6da8466e 100644 --- a/http/misconfiguration/installer/magento-installer.yaml +++ b/http/misconfiguration/installer/magento-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Magento Installation" - tags: misconfig,magento,install + tags: misconfig,magento,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/magnolia-installer.yaml b/http/misconfiguration/installer/magnolia-installer.yaml index 3413470357..0b5a4315ca 100644 --- a/http/misconfiguration/installer/magnolia-installer.yaml +++ b/http/misconfiguration/installer/magnolia-installer.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Magnolia Installation" - tags: magnolia,installer,misconfig + tags: magnolia,exposure,installer,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/mcloud-installer.yaml b/http/misconfiguration/installer/mcloud-installer.yaml index 6b469b7123..376263daad 100644 --- a/http/misconfiguration/installer/mcloud-installer.yaml +++ b/http/misconfiguration/installer/mcloud-installer.yaml @@ -15,7 +15,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"mcloud-installer-web" - tags: panel,mcloud,misconfig + tags: panel,mcloud,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/moodle-installer.yaml b/http/misconfiguration/installer/moodle-installer.yaml index c2ba14e021..5fafee21b0 100644 --- a/http/misconfiguration/installer/moodle-installer.yaml +++ b/http/misconfiguration/installer/moodle-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Installation Moodle" - tags: misconfig,moodle,install + tags: misconfig,moodle,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/nagiosxi-installer.yaml b/http/misconfiguration/installer/nagiosxi-installer.yaml index 1109a2ec96..b7ae335ee1 100644 --- a/http/misconfiguration/installer/nagiosxi-installer.yaml +++ b/http/misconfiguration/installer/nagiosxi-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Nagios XI" - tags: misconfig,install,nagiosxi + tags: misconfig,exposure,install,nagiosxi http: - method: GET diff --git a/http/misconfiguration/installer/netsparker-enterprise-installer.yaml b/http/misconfiguration/installer/netsparker-enterprise-installer.yaml index b5f38e3405..d6fec0b55b 100644 --- a/http/misconfiguration/installer/netsparker-enterprise-installer.yaml +++ b/http/misconfiguration/installer/netsparker-enterprise-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.favicon.hash:-1575154882 - tags: misconfig,install,netsparker + tags: misconfig,exposure,install,netsparker http: - method: GET diff --git a/http/misconfiguration/installer/nginx-auto-installer.yaml b/http/misconfiguration/installer/nginx-auto-installer.yaml index 3685a4663c..ed36827ea6 100644 --- a/http/misconfiguration/installer/nginx-auto-installer.yaml +++ b/http/misconfiguration/installer/nginx-auto-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"NginX Auto Installer" - tags: misconfig,nginx,install + tags: misconfig,nginx,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/nodebb-installer.yaml b/http/misconfiguration/installer/nodebb-installer.yaml index 942a8bcd28..d8ec1bd66c 100644 --- a/http/misconfiguration/installer/nodebb-installer.yaml +++ b/http/misconfiguration/installer/nodebb-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"NodeBB Web Installer" - tags: misconfig,nodebb,install + tags: misconfig,nodebb,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/openmage-install.yaml b/http/misconfiguration/installer/openmage-install.yaml index 5602f5a819..38c3a5aca5 100644 --- a/http/misconfiguration/installer/openmage-install.yaml +++ b/http/misconfiguration/installer/openmage-install.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"OpenMage Installation Wizard" - tags: misconfig,openmage,install + tags: misconfig,openmage,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/opensis-installer.yaml b/http/misconfiguration/installer/opensis-installer.yaml index cc0ce060e5..e06525b21c 100644 --- a/http/misconfiguration/installer/opensis-installer.yaml +++ b/http/misconfiguration/installer/opensis-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"openSIS" - tags: misconfig,opensis,install + tags: misconfig,opensis,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/orangehrm-installer.yaml b/http/misconfiguration/installer/orangehrm-installer.yaml index be81cfb83a..1a39e9b35d 100644 --- a/http/misconfiguration/installer/orangehrm-installer.yaml +++ b/http/misconfiguration/installer/orangehrm-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"OrangeHRM Web Installation Wizard" - tags: misconfig,install,orangehrm + tags: misconfig,exposure,install,orangehrm http: - method: GET diff --git a/http/misconfiguration/installer/owncloud-installer-exposure.yaml b/http/misconfiguration/installer/owncloud-installer-exposure.yaml index 18bd404f45..82f8fc4ddf 100644 --- a/http/misconfiguration/installer/owncloud-installer-exposure.yaml +++ b/http/misconfiguration/installer/owncloud-installer-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 2 verified: true shodan-query: title:"owncloud" - tags: misconfig,owncloud,install + tags: misconfig,owncloud,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/oxid-eshop-installer.yaml b/http/misconfiguration/installer/oxid-eshop-installer.yaml index ad7a32bd98..fd622b3ee1 100644 --- a/http/misconfiguration/installer/oxid-eshop-installer.yaml +++ b/http/misconfiguration/installer/oxid-eshop-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"OXID eShop installation" - tags: misconfig,oxid,eshop,install + tags: misconfig,oxid,eshop,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/pagekit-installer.yaml b/http/misconfiguration/installer/pagekit-installer.yaml index 7021a8e3ef..b8bae2821e 100644 --- a/http/misconfiguration/installer/pagekit-installer.yaml +++ b/http/misconfiguration/installer/pagekit-installer.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Pagekit Installer" - tags: misconfig,pagekit,install + tags: misconfig,pagekit,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/permissions-installer.yaml b/http/misconfiguration/installer/permissions-installer.yaml index 13f2963fc5..a2a2b4264d 100644 --- a/http/misconfiguration/installer/permissions-installer.yaml +++ b/http/misconfiguration/installer/permissions-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:" Permissions | Installer" - tags: misconfig,permissions,install + tags: misconfig,permissions,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/phpbb-installer.yaml b/http/misconfiguration/installer/phpbb-installer.yaml index cd086f4c55..65c3457828 100644 --- a/http/misconfiguration/installer/phpbb-installer.yaml +++ b/http/misconfiguration/installer/phpbb-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Installation Panel" - tags: misconfig,phpbb,install + tags: misconfig,phpbb,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/phpwind-installer.yaml b/http/misconfiguration/installer/phpwind-installer.yaml index e4a899bbb9..808b181e7d 100644 --- a/http/misconfiguration/installer/phpwind-installer.yaml +++ b/http/misconfiguration/installer/phpwind-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Powered by phpwind" - tags: misconfig,phpwind,install + tags: misconfig,phpwind,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/pmm-installer.yaml b/http/misconfiguration/installer/pmm-installer.yaml index 6e1d734ac5..71e36809b5 100644 --- a/http/misconfiguration/installer/pmm-installer.yaml +++ b/http/misconfiguration/installer/pmm-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"PMM Installation Wizard" - tags: misconfig,install,pmm + tags: misconfig,exposure,install,pmm http: - method: GET diff --git a/http/misconfiguration/installer/prestashop-installer.yaml b/http/misconfiguration/installer/prestashop-installer.yaml index 12bc3aaf50..72f37583b1 100644 --- a/http/misconfiguration/installer/prestashop-installer.yaml +++ b/http/misconfiguration/installer/prestashop-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"PrestaShop Installation Assistant" - tags: misconfig,prestashop,install + tags: misconfig,prestashop,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/processwire-installer.yaml b/http/misconfiguration/installer/processwire-installer.yaml index de1206c72b..15769013b2 100644 --- a/http/misconfiguration/installer/processwire-installer.yaml +++ b/http/misconfiguration/installer/processwire-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 2 verified: true shodan-query: title:"ProcessWire 3.x Installer" - tags: misconfig,processwire,install + tags: misconfig,processwire,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/server-monitor-installer.yaml b/http/misconfiguration/installer/server-monitor-installer.yaml index d95d49f985..7b27e614f2 100644 --- a/http/misconfiguration/installer/server-monitor-installer.yaml +++ b/http/misconfiguration/installer/server-monitor-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"SERVER MONITOR - Install" - tags: misconfig,monitor,install + tags: misconfig,monitor,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/smf-installer.yaml b/http/misconfiguration/installer/smf-installer.yaml index dd79cac71b..f5c08c5ac0 100644 --- a/http/misconfiguration/installer/smf-installer.yaml +++ b/http/misconfiguration/installer/smf-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"SMF Installer" - tags: misconfig,smf,install + tags: misconfig,smf,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/sumowebtools-installer.yaml b/http/misconfiguration/installer/sumowebtools-installer.yaml index f363bf8e96..dfb04eaf79 100644 --- a/http/misconfiguration/installer/sumowebtools-installer.yaml +++ b/http/misconfiguration/installer/sumowebtools-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"SumoWebTools Installer" - tags: misconfig,sumowebtools,install + tags: misconfig,sumowebtools,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/tasmota-install.yaml b/http/misconfiguration/installer/tasmota-install.yaml index ed0a9aecbf..b3307862ea 100644 --- a/http/misconfiguration/installer/tasmota-install.yaml +++ b/http/misconfiguration/installer/tasmota-install.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Tasmota" - tags: misconfig,tasmota,install + tags: misconfig,tasmota,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/testrail-install.yaml b/http/misconfiguration/installer/testrail-install.yaml index 95ae9ab555..fddace6e3a 100644 --- a/http/misconfiguration/installer/testrail-install.yaml +++ b/http/misconfiguration/installer/testrail-install.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"TestRail Installation Wizard" - tags: misconfig,testrail,install + tags: misconfig,testrail,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/turbo-website-installer.yaml b/http/misconfiguration/installer/turbo-website-installer.yaml index 2502b3d918..e76ec30db6 100644 --- a/http/misconfiguration/installer/turbo-website-installer.yaml +++ b/http/misconfiguration/installer/turbo-website-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Turbo Website Reviewer" - tags: turbo,misconfig,install + tags: turbo,misconfig,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/unifi-wizard-install.yaml b/http/misconfiguration/installer/unifi-wizard-install.yaml index 297c7eb19a..f1ce3569be 100644 --- a/http/misconfiguration/installer/unifi-wizard-install.yaml +++ b/http/misconfiguration/installer/unifi-wizard-install.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"UniFi Wizard" - tags: misconfig,install,unifi + tags: misconfig,install,unifi,exposure http: - method: GET diff --git a/http/misconfiguration/installer/uvdesk-install.yaml b/http/misconfiguration/installer/uvdesk-install.yaml index 5fdabb0a7f..16603bf141 100644 --- a/http/misconfiguration/installer/uvdesk-install.yaml +++ b/http/misconfiguration/installer/uvdesk-install.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"UVDesk Helpdesk Community Edition - Installation Wizard" - tags: misconfig,uvdesk,install + tags: misconfig,uvdesk,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/vtiger-installer.yaml b/http/misconfiguration/installer/vtiger-installer.yaml index ee889c4313..e4d11b1156 100644 --- a/http/misconfiguration/installer/vtiger-installer.yaml +++ b/http/misconfiguration/installer/vtiger-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: html:"Welcome to Vtiger CRM" - tags: misconfig,vtiger,install + tags: misconfig,vtiger,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/webasyst-installer.yaml b/http/misconfiguration/installer/webasyst-installer.yaml index c94b150321..c84bf7530a 100644 --- a/http/misconfiguration/installer/webasyst-installer.yaml +++ b/http/misconfiguration/installer/webasyst-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.html:"Webasyst Installer" - tags: misconfig,webasyst,install + tags: misconfig,webasyst,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/webuzo-installer.yaml b/http/misconfiguration/installer/webuzo-installer.yaml index 7d37a808da..e575895e97 100644 --- a/http/misconfiguration/installer/webuzo-installer.yaml +++ b/http/misconfiguration/installer/webuzo-installer.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Webuzo Installer" - tags: misconfig,webuzo,install + tags: misconfig,webuzo,install,exposure http: - method: GET diff --git a/http/misconfiguration/iot-vdme-simulator.yaml b/http/misconfiguration/iot-vdme-simulator.yaml index c8d292ccbc..5635615a84 100644 --- a/http/misconfiguration/iot-vdme-simulator.yaml +++ b/http/misconfiguration/iot-vdme-simulator.yaml @@ -14,7 +14,7 @@ info: max-request: 2 verified: true shodan-query: http.title:"IoT vDME Simulator" - tags: misconfig,panel + tags: exposure,misconfig,panel http: - method: GET diff --git a/http/misconfiguration/kubernetes/kube-state-metrics.yaml b/http/misconfiguration/kubernetes/kube-state-metrics.yaml index 9d6de5c290..25b0a450ac 100644 --- a/http/misconfiguration/kubernetes/kube-state-metrics.yaml +++ b/http/misconfiguration/kubernetes/kube-state-metrics.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:Kube-state-metrics - tags: misconfig,kube-state-metrics,k8s,kubernetes + tags: misconfig,exposure,kube-state-metrics,k8s,kubernetes http: - method: GET diff --git a/http/misconfiguration/kubernetes/kubernetes-metrics.yaml b/http/misconfiguration/kubernetes/kubernetes-metrics.yaml index 76935c7462..0a34a584e0 100644 --- a/http/misconfiguration/kubernetes/kubernetes-metrics.yaml +++ b/http/misconfiguration/kubernetes/kubernetes-metrics.yaml @@ -7,7 +7,7 @@ info: description: Information Disclosure of Garbage Collection reference: - https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#metrics-in-kubernetes - tags: kubernetes,devops,misconfig + tags: kubernetes,exposure,devops,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/kubernetes/kubernetes-resource-report.yaml b/http/misconfiguration/kubernetes/kubernetes-resource-report.yaml index 5f385f3f38..bb0dd8de6c 100644 --- a/http/misconfiguration/kubernetes/kubernetes-resource-report.yaml +++ b/http/misconfiguration/kubernetes/kubernetes-resource-report.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: medium description: Information Disclosure of Kubernetes Resource Report - tags: kubernetes,misconfig + tags: kubernetes,exposure,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/libvirt-exporter-metrics.yaml b/http/misconfiguration/libvirt-exporter-metrics.yaml index 2700b97e1f..9202b6dd16 100644 --- a/http/misconfiguration/libvirt-exporter-metrics.yaml +++ b/http/misconfiguration/libvirt-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Libvirt" - tags: libvirt,debug,misconfig + tags: libvirt,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/liferay/liferay-api.yaml b/http/misconfiguration/liferay/liferay-api.yaml index 59691ffa5f..40f0ada3b8 100644 --- a/http/misconfiguration/liferay/liferay-api.yaml +++ b/http/misconfiguration/liferay/liferay-api.yaml @@ -9,7 +9,7 @@ info: verified: true shodan-query: title:"Liferay" reference: https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LiferayAPI.java - tags: liferay,api,misconfig + tags: liferay,exposure,api,misconfig http: - method: GET diff --git a/http/misconfiguration/liferay/liferay-axis.yaml b/http/misconfiguration/liferay/liferay-axis.yaml index 39b44d81c2..8a22f20eb8 100644 --- a/http/misconfiguration/liferay/liferay-axis.yaml +++ b/http/misconfiguration/liferay/liferay-axis.yaml @@ -9,7 +9,7 @@ info: max-request: 1 verified: true shodan-query: title:"Liferay" - tags: misconfig,liferay,api + tags: misconfig,exposure,liferay,api http: - method: GET diff --git a/http/misconfiguration/liferay/liferay-jsonws.yaml b/http/misconfiguration/liferay/liferay-jsonws.yaml index d44d3702ad..7103a00be8 100644 --- a/http/misconfiguration/liferay/liferay-jsonws.yaml +++ b/http/misconfiguration/liferay/liferay-jsonws.yaml @@ -11,7 +11,7 @@ info: max-request: 1 verified: true shodan-query: title:"Liferay" - tags: liferay,api,misconfig + tags: liferay,exposure,api,misconfig http: - method: GET diff --git a/http/misconfiguration/linktap-gateway-exposure.yaml b/http/misconfiguration/linktap-gateway-exposure.yaml index cf8c7ceabc..0869d4a2e4 100644 --- a/http/misconfiguration/linktap-gateway-exposure.yaml +++ b/http/misconfiguration/linktap-gateway-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"LinkTap Gateway" - tags: misconfig,linktap,iot + tags: misconfig,linktap,iot,exposure http: - method: GET diff --git a/http/misconfiguration/locust-exposure.yaml b/http/misconfiguration/locust-exposure.yaml index ab5df5d99a..1bb8313957 100644 --- a/http/misconfiguration/locust-exposure.yaml +++ b/http/misconfiguration/locust-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Locust" - tags: locust,misconfig + tags: exposure,locust,misconfig http: - method: GET diff --git a/http/misconfiguration/lvm-exporter-metrics.yaml b/http/misconfiguration/lvm-exporter-metrics.yaml index 0ac14a1d8d..33c448eb6c 100644 --- a/http/misconfiguration/lvm-exporter-metrics.yaml +++ b/http/misconfiguration/lvm-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"LVM Exporter" - tags: lvm,debug,misconfig + tags: lvm,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/mobiproxy-dashboard.yaml b/http/misconfiguration/mobiproxy-dashboard.yaml index 91f1f3d049..476af11cdc 100644 --- a/http/misconfiguration/mobiproxy-dashboard.yaml +++ b/http/misconfiguration/mobiproxy-dashboard.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"MobiProxy" - tags: dashboard,mobiproxy,misconfig + tags: dashboard,exposure,mobiproxy,misconfig http: - method: GET diff --git a/http/misconfiguration/moleculer-microservices.yaml b/http/misconfiguration/moleculer-microservices.yaml index c82f7d31b1..13c926b0c8 100644 --- a/http/misconfiguration/moleculer-microservices.yaml +++ b/http/misconfiguration/moleculer-microservices.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Moleculer Microservices Project" - tags: misconfig,microservice,moleculer + tags: misconfig,microservice,moleculer,exposure http: - method: GET diff --git a/http/misconfiguration/mongodb-exporter-metrics.yaml b/http/misconfiguration/mongodb-exporter-metrics.yaml index 48b5ccc8b2..7456b8b552 100644 --- a/http/misconfiguration/mongodb-exporter-metrics.yaml +++ b/http/misconfiguration/mongodb-exporter-metrics.yaml @@ -15,7 +15,7 @@ info: cwe-id: CWE-200 reference: - https://github.com/percona/mongodb_exporter - tags: mongodb,debug,misconfig + tags: mongodb,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/mysqld-exporter-metrics.yaml b/http/misconfiguration/mysqld-exporter-metrics.yaml index c4288ed2ee..4b8ab53da1 100644 --- a/http/misconfiguration/mysqld-exporter-metrics.yaml +++ b/http/misconfiguration/mysqld-exporter-metrics.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"MySQLd exporter" - tags: mysqld,debug,misconfig + tags: mysqld,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/namedprocess-exporter-metrics.yaml b/http/misconfiguration/namedprocess-exporter-metrics.yaml index f5d29af977..5f816d4696 100644 --- a/http/misconfiguration/namedprocess-exporter-metrics.yaml +++ b/http/misconfiguration/namedprocess-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Named Process Exporter" - tags: namedprocess,debug,misconfig + tags: namedprocess,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/node-exporter-metrics.yaml b/http/misconfiguration/node-exporter-metrics.yaml index 16df710958..712d75131a 100644 --- a/http/misconfiguration/node-exporter-metrics.yaml +++ b/http/misconfiguration/node-exporter-metrics.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: low description: Information Disclosure of Garbage Collection - tags: node,debug,misconfig + tags: node,exposure,debug,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/ntop-panel-exposed.yaml b/http/misconfiguration/ntop-panel-exposed.yaml index f69624d90c..38d855fb20 100644 --- a/http/misconfiguration/ntop-panel-exposed.yaml +++ b/http/misconfiguration/ntop-panel-exposed.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Configure ntop" - tags: misconfig,ntop + tags: misconfig,ntop,exposure http: - method: GET diff --git a/http/misconfiguration/oneinstack-control-center.yaml b/http/misconfiguration/oneinstack-control-center.yaml index 1341cc8055..6f2b06c0cb 100644 --- a/http/misconfiguration/oneinstack-control-center.yaml +++ b/http/misconfiguration/oneinstack-control-center.yaml @@ -17,7 +17,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"OneinStack" - tags: misconfig,panel,oneinstack + tags: misconfig,exposure,panel,oneinstack http: - method: GET diff --git a/http/misconfiguration/pa11y-dashboard.yaml b/http/misconfiguration/pa11y-dashboard.yaml index 3487da57c1..1cd110590a 100644 --- a/http/misconfiguration/pa11y-dashboard.yaml +++ b/http/misconfiguration/pa11y-dashboard.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Pa11y Dashboard" - tags: misconfig,pa11y + tags: misconfig,exposure,pa11y http: - method: GET diff --git a/http/misconfiguration/pghero-dashboard-exposure.yaml b/http/misconfiguration/pghero-dashboard-exposure.yaml index 87b5274549..5c3330f429 100644 --- a/http/misconfiguration/pghero-dashboard-exposure.yaml +++ b/http/misconfiguration/pghero-dashboard-exposure.yaml @@ -15,7 +15,7 @@ info: max-request: 1 verified: true shodan-query: title:"PgHero" - tags: panel,pghero,misconfig + tags: exposure,panel,pghero,misconfig http: - method: GET diff --git a/http/misconfiguration/phpmemcached-admin-panel.yaml b/http/misconfiguration/phpmemcached-admin-panel.yaml index 4ee30b5823..71370a61c7 100644 --- a/http/misconfiguration/phpmemcached-admin-panel.yaml +++ b/http/misconfiguration/phpmemcached-admin-panel.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"phpMemcachedAdmin" - tags: phpmemcached,misconfig + tags: phpmemcached,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/postgres-exporter-metrics.yaml b/http/misconfiguration/postgres-exporter-metrics.yaml index f2136eefb4..1a60b3097b 100644 --- a/http/misconfiguration/postgres-exporter-metrics.yaml +++ b/http/misconfiguration/postgres-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Postgres exporter" - tags: postgres,debug,misconfig + tags: postgres,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/private-key-exposure.yaml b/http/misconfiguration/private-key-exposure.yaml index f21c911d06..25b48cb168 100644 --- a/http/misconfiguration/private-key-exposure.yaml +++ b/http/misconfiguration/private-key-exposure.yaml @@ -5,7 +5,7 @@ info: author: aashiq severity: high description: Searches for private key exposure by attempting to query the helper endpoint on node_modules - tags: node,misconfig + tags: exposure,node,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/proxy/metadata-alibaba.yaml b/http/misconfiguration/proxy/metadata-alibaba.yaml index 258d3f383f..fa218fd9fd 100644 --- a/http/misconfiguration/proxy/metadata-alibaba.yaml +++ b/http/misconfiguration/proxy/metadata-alibaba.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,alibaba,proxy,misconfig,metadata + tags: exposure,config,alibaba,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-aws.yaml b/http/misconfiguration/proxy/metadata-aws.yaml index a72f563785..f8fa2279c4 100644 --- a/http/misconfiguration/proxy/metadata-aws.yaml +++ b/http/misconfiguration/proxy/metadata-aws.yaml @@ -24,6 +24,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N cvss-score: 9.3 cwe-id: CWE-441 + remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. + tags: exposure,proxy,aws,amazon,misconfig,metadata metadata: max-request: 4 tags: exposure,proxy,aws,amazon,misconfig,metadata diff --git a/http/misconfiguration/proxy/metadata-azure.yaml b/http/misconfiguration/proxy/metadata-azure.yaml index bc0e6b9283..554164e929 100644 --- a/http/misconfiguration/proxy/metadata-azure.yaml +++ b/http/misconfiguration/proxy/metadata-azure.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,azure,microsoft,proxy,misconfig,metadata + tags: exposure,config,azure,microsoft,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-digitalocean.yaml b/http/misconfiguration/proxy/metadata-digitalocean.yaml index 2e2dc9c747..1c49028334 100644 --- a/http/misconfiguration/proxy/metadata-digitalocean.yaml +++ b/http/misconfiguration/proxy/metadata-digitalocean.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,digitalocean,proxy,misconfig,metadata + tags: exposure,config,digitalocean,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-google.yaml b/http/misconfiguration/proxy/metadata-google.yaml index 145dc4042f..3ffc361fb7 100644 --- a/http/misconfiguration/proxy/metadata-google.yaml +++ b/http/misconfiguration/proxy/metadata-google.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,google,gcp,proxy,misconfig,metadata + tags: exposure,config,google,gcp,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-hetzner.yaml b/http/misconfiguration/proxy/metadata-hetzner.yaml index 519918f8e0..460f307796 100644 --- a/http/misconfiguration/proxy/metadata-hetzner.yaml +++ b/http/misconfiguration/proxy/metadata-hetzner.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,hetzner,proxy,misconfig,metadata + tags: exposure,config,hetzner,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-openstack.yaml b/http/misconfiguration/proxy/metadata-openstack.yaml index 9475628423..cfc1139326 100644 --- a/http/misconfiguration/proxy/metadata-openstack.yaml +++ b/http/misconfiguration/proxy/metadata-openstack.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,openstack,proxy,misconfig,metadata + tags: exposure,config,openstack,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/metadata-oracle.yaml b/http/misconfiguration/proxy/metadata-oracle.yaml index 23d1669e6a..866f0ebbac 100644 --- a/http/misconfiguration/proxy/metadata-oracle.yaml +++ b/http/misconfiguration/proxy/metadata-oracle.yaml @@ -22,7 +22,7 @@ info: cvss-score: 9.3 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible. - tags: config,oracle,proxy,misconfig,metadata + tags: exposure,config,oracle,proxy,misconfig,metadata metadata: max-request: 2 diff --git a/http/misconfiguration/proxy/open-proxy-internal.yaml b/http/misconfiguration/proxy/open-proxy-internal.yaml index 8f8a765e97..1d2c520930 100644 --- a/http/misconfiguration/proxy/open-proxy-internal.yaml +++ b/http/misconfiguration/proxy/open-proxy-internal.yaml @@ -14,7 +14,7 @@ info: cvss-score: 8.6 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. - tags: config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,fuzz metadata: max-request: 25 diff --git a/http/misconfiguration/proxy/open-proxy-localhost.yaml b/http/misconfiguration/proxy/open-proxy-localhost.yaml index 15c0718ee7..f5edeaddff 100644 --- a/http/misconfiguration/proxy/open-proxy-localhost.yaml +++ b/http/misconfiguration/proxy/open-proxy-localhost.yaml @@ -14,7 +14,7 @@ info: cvss-score: 8.6 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. - tags: config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,fuzz metadata: max-request: 6 diff --git a/http/misconfiguration/proxy/open-proxy-portscan.yaml b/http/misconfiguration/proxy/open-proxy-portscan.yaml index 05f7aa41ae..a4a9953167 100644 --- a/http/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/http/misconfiguration/proxy/open-proxy-portscan.yaml @@ -14,7 +14,7 @@ info: cvss-score: 8.6 cwe-id: CWE-441 remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. - tags: config,proxy,misconfig,fuzz + tags: exposure,config,proxy,misconfig,fuzz metadata: max-request: 8 diff --git a/http/misconfiguration/puppetdb-dashboard.yaml b/http/misconfiguration/puppetdb-dashboard.yaml index ed55bc6a69..0430efbf75 100644 --- a/http/misconfiguration/puppetdb-dashboard.yaml +++ b/http/misconfiguration/puppetdb-dashboard.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: 'title:"PuppetDB: Dashboard"' - tags: misconfig,puppetdb + tags: misconfig,exposure,puppetdb http: - method: GET diff --git a/http/misconfiguration/python-metrics.yaml b/http/misconfiguration/python-metrics.yaml index 7b404b8819..33c9dabef0 100644 --- a/http/misconfiguration/python-metrics.yaml +++ b/http/misconfiguration/python-metrics.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 1 shodan-query: html:"python_gc_objects_collected_total" - tags: devops,python,misconfig + tags: exposure,devops,python,misconfig http: - method: GET diff --git a/http/misconfiguration/questdb-console.yaml b/http/misconfiguration/questdb-console.yaml index 05d2dc0e36..606cc07843 100644 --- a/http/misconfiguration/questdb-console.yaml +++ b/http/misconfiguration/questdb-console.yaml @@ -15,7 +15,7 @@ info: max-request: 1 verified: true shodan-query: title:"QuestDB · Console" - tags: misconfig,questdb + tags: misconfig,questdb,exposure http: - method: GET diff --git a/http/misconfiguration/rabbitmq-exporter-metrics.yaml b/http/misconfiguration/rabbitmq-exporter-metrics.yaml index 7d2540baab..0dcf11311e 100644 --- a/http/misconfiguration/rabbitmq-exporter-metrics.yaml +++ b/http/misconfiguration/rabbitmq-exporter-metrics.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"RabbitMQ Exporter" - tags: rabbitmq,debug,misconfig + tags: rabbitmq,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/ray-dashboard.yaml b/http/misconfiguration/ray-dashboard.yaml index 2cb2f931f1..46563d9b18 100644 --- a/http/misconfiguration/ray-dashboard.yaml +++ b/http/misconfiguration/ray-dashboard.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Ray Dashboard" - tags: misconfig,ray + tags: misconfig,exposure,ray http: - method: GET diff --git a/http/misconfiguration/rekognition-image-validation.yaml b/http/misconfiguration/rekognition-image-validation.yaml index ae9c558d8c..5451d00b37 100644 --- a/http/misconfiguration/rekognition-image-validation.yaml +++ b/http/misconfiguration/rekognition-image-validation.yaml @@ -13,7 +13,7 @@ info: max-request: 1 verified: true shodan-query: title:"Rekognition Image Validation Debug UI" - tags: misconfig + tags: misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/salesforce-aura.yaml b/http/misconfiguration/salesforce-aura.yaml index b9ba873fda..54ccbaa7a1 100644 --- a/http/misconfiguration/salesforce-aura.yaml +++ b/http/misconfiguration/salesforce-aura.yaml @@ -12,7 +12,7 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 - tags: aura,unauth,salesforce,misconfig + tags: aura,unauth,salesforce,exposure,misconfig metadata: max-request: 5 diff --git a/http/misconfiguration/service-pwd.yaml b/http/misconfiguration/service-pwd.yaml index 4691e87af9..17757f869a 100644 --- a/http/misconfiguration/service-pwd.yaml +++ b/http/misconfiguration/service-pwd.yaml @@ -7,7 +7,7 @@ info: description: service.pwd was discovered, which is likely to contain sensitive information. reference: - https://www.exploit-db.com/ghdb/7256 - tags: listing,service,edb,misconfig + tags: exposure,listing,service,edb,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/setup-github-enterprise.yaml b/http/misconfiguration/setup-github-enterprise.yaml index fe16ef1415..1b0d1811b0 100644 --- a/http/misconfiguration/setup-github-enterprise.yaml +++ b/http/misconfiguration/setup-github-enterprise.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.favicon.hash:-1373456171 - tags: panel,setup,github,misconfig + tags: panel,exposure,setup,github,misconfig http: - method: GET diff --git a/http/misconfiguration/skycaiji-install.yaml b/http/misconfiguration/skycaiji-install.yaml index a904e32191..615c3e8de8 100644 --- a/http/misconfiguration/skycaiji-install.yaml +++ b/http/misconfiguration/skycaiji-install.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: high description: SkyCaiji was discovered. - tags: tech,skycaiji,misconfig + tags: tech,skycaiji,exposure,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/smarterstats-setup.yaml b/http/misconfiguration/smarterstats-setup.yaml index eba92b618e..ad807a9c61 100644 --- a/http/misconfiguration/smarterstats-setup.yaml +++ b/http/misconfiguration/smarterstats-setup.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Welcome to SmarterStats!" - tags: misconfig,smarterstats + tags: misconfig,smarterstats,exposure http: - method: GET diff --git a/http/misconfiguration/sony-bravia-disclosure.yaml b/http/misconfiguration/sony-bravia-disclosure.yaml index 41839a10b3..1c4b90e8f2 100644 --- a/http/misconfiguration/sony-bravia-disclosure.yaml +++ b/http/misconfiguration/sony-bravia-disclosure.yaml @@ -9,7 +9,7 @@ info: reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt - tags: misconfig,sony,unauth + tags: misconfig,sony,unauth,exposure metadata: max-request: 1 diff --git a/http/misconfiguration/spidercontrol-scada-server-info.yaml b/http/misconfiguration/spidercontrol-scada-server-info.yaml index 4ee0cf43a0..12425346e1 100644 --- a/http/misconfiguration/spidercontrol-scada-server-info.yaml +++ b/http/misconfiguration/spidercontrol-scada-server-info.yaml @@ -7,7 +7,7 @@ info: description: SpiderControl SCADA Web Server is vulnerable to sensitive information exposure. Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl. reference: - https://spidercontrol.net/spidercontrol-inside/ - tags: spidercontrol,scada,misconfig + tags: spidercontrol,scada,exposure,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/springboot/spring-eureka.yaml b/http/misconfiguration/springboot/spring-eureka.yaml index d09e0ee49a..5e4a3306c2 100644 --- a/http/misconfiguration/springboot/spring-eureka.yaml +++ b/http/misconfiguration/springboot/spring-eureka.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot,eureka + tags: misconfig,springboot,exposure,eureka http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-auditevents.yaml b/http/misconfiguration/springboot/springboot-auditevents.yaml index cc63edc850..28e185e220 100644 --- a/http/misconfiguration/springboot/springboot-auditevents.yaml +++ b/http/misconfiguration/springboot/springboot-auditevents.yaml @@ -15,7 +15,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-autoconfig.yaml b/http/misconfiguration/springboot/springboot-autoconfig.yaml index 374cb85670..234ebfacb7 100644 --- a/http/misconfiguration/springboot/springboot-autoconfig.yaml +++ b/http/misconfiguration/springboot/springboot-autoconfig.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: low description: Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied. - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-beans.yaml b/http/misconfiguration/springboot/springboot-beans.yaml index bf1e5a9e1f..bdca65d657 100644 --- a/http/misconfiguration/springboot/springboot-beans.yaml +++ b/http/misconfiguration/springboot/springboot-beans.yaml @@ -5,7 +5,7 @@ info: author: ajaysenr severity: low description: Displays a complete list of all the Spring beans in the application - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-caches.yaml b/http/misconfiguration/springboot/springboot-caches.yaml index d49ff3ea37..2c11de9e0b 100644 --- a/http/misconfiguration/springboot/springboot-caches.yaml +++ b/http/misconfiguration/springboot/springboot-caches.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 2 verified: true - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-conditions.yaml b/http/misconfiguration/springboot/springboot-conditions.yaml index ee6be25799..0c9b63c4ff 100644 --- a/http/misconfiguration/springboot/springboot-conditions.yaml +++ b/http/misconfiguration/springboot/springboot-conditions.yaml @@ -10,7 +10,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-configprops.yaml b/http/misconfiguration/springboot/springboot-configprops.yaml index f0c393bc03..65df3dff42 100644 --- a/http/misconfiguration/springboot/springboot-configprops.yaml +++ b/http/misconfiguration/springboot/springboot-configprops.yaml @@ -5,7 +5,7 @@ info: author: that_juan_,dwisiswant0,wdahlenb severity: low description: Sensitive environment variables may not be masked - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-dump.yaml b/http/misconfiguration/springboot/springboot-dump.yaml index ddefb3807c..5719fb3b15 100644 --- a/http/misconfiguration/springboot/springboot-dump.yaml +++ b/http/misconfiguration/springboot/springboot-dump.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: low description: Performs a thread dump - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-env.yaml b/http/misconfiguration/springboot/springboot-env.yaml index ae588f79f5..2f22ea0929 100644 --- a/http/misconfiguration/springboot/springboot-env.yaml +++ b/http/misconfiguration/springboot/springboot-env.yaml @@ -5,7 +5,7 @@ info: author: that_juan_,dwisiswant0,wdahlenb,philippedelteil,stupidfish severity: low description: Sensitive environment variables may not be masked - tags: misconfig,springboot,env + tags: misconfig,springboot,env,exposure metadata: max-request: 4 diff --git a/http/misconfiguration/springboot/springboot-features.yaml b/http/misconfiguration/springboot/springboot-features.yaml index 62c5f69f08..b937281862 100644 --- a/http/misconfiguration/springboot/springboot-features.yaml +++ b/http/misconfiguration/springboot/springboot-features.yaml @@ -8,7 +8,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-flyway.yaml b/http/misconfiguration/springboot/springboot-flyway.yaml index 90ee2074cc..9bd6ab4c88 100644 --- a/http/misconfiguration/springboot/springboot-flyway.yaml +++ b/http/misconfiguration/springboot/springboot-flyway.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 2 verified: true - tags: misconfig,springboot,flyway + tags: misconfig,springboot,exposure,flyway http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-gateway.yaml b/http/misconfiguration/springboot/springboot-gateway.yaml index 6383205788..ce528c8ca3 100644 --- a/http/misconfiguration/springboot/springboot-gateway.yaml +++ b/http/misconfiguration/springboot/springboot-gateway.yaml @@ -7,7 +7,7 @@ info: description: Sensitive environment variables may not be masked reference: - https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/ - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-health.yaml b/http/misconfiguration/springboot/springboot-health.yaml index e6fee86e20..b455d4cc05 100644 --- a/http/misconfiguration/springboot/springboot-health.yaml +++ b/http/misconfiguration/springboot/springboot-health.yaml @@ -9,7 +9,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-heapdump.yaml b/http/misconfiguration/springboot/springboot-heapdump.yaml index e17e449dc0..5828c791ff 100644 --- a/http/misconfiguration/springboot/springboot-heapdump.yaml +++ b/http/misconfiguration/springboot/springboot-heapdump.yaml @@ -8,6 +8,7 @@ info: A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests. reference: - https://github.com/pyn3rd/Spring-Boot-Vulnerability + tags: springboot,exposure,misconfig metadata: max-request: 3 tags: springboot,exposure,misconfig diff --git a/http/misconfiguration/springboot/springboot-httptrace.yaml b/http/misconfiguration/springboot/springboot-httptrace.yaml index 727c4ba803..795b25dcca 100644 --- a/http/misconfiguration/springboot/springboot-httptrace.yaml +++ b/http/misconfiguration/springboot/springboot-httptrace.yaml @@ -5,7 +5,7 @@ info: author: that_juan_,dwisiswant0,wdahlenb severity: low description: View recent HTTP requests and responses - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-jolokia.yaml b/http/misconfiguration/springboot/springboot-jolokia.yaml index 166e3e01a4..6fb5be4816 100644 --- a/http/misconfiguration/springboot/springboot-jolokia.yaml +++ b/http/misconfiguration/springboot/springboot-jolokia.yaml @@ -10,7 +10,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-liquidbase.yaml b/http/misconfiguration/springboot/springboot-liquidbase.yaml index 9ad2413258..3f335e23e4 100644 --- a/http/misconfiguration/springboot/springboot-liquidbase.yaml +++ b/http/misconfiguration/springboot/springboot-liquidbase.yaml @@ -10,7 +10,7 @@ info: metadata: max-request: 2 verified: true - tags: misconfig,springboot,liquibase + tags: misconfig,springboot,exposure,liquibase http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-logfile.yaml b/http/misconfiguration/springboot/springboot-logfile.yaml index a0aa041e4d..d7076448f0 100644 --- a/http/misconfiguration/springboot/springboot-logfile.yaml +++ b/http/misconfiguration/springboot/springboot-logfile.yaml @@ -10,7 +10,7 @@ info: max-request: 3 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-loggerconfig.yaml b/http/misconfiguration/springboot/springboot-loggerconfig.yaml index be82a40bba..01a0229a8a 100644 --- a/http/misconfiguration/springboot/springboot-loggerconfig.yaml +++ b/http/misconfiguration/springboot/springboot-loggerconfig.yaml @@ -15,7 +15,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-loggers.yaml b/http/misconfiguration/springboot/springboot-loggers.yaml index ff4faafad1..85408ca4ac 100644 --- a/http/misconfiguration/springboot/springboot-loggers.yaml +++ b/http/misconfiguration/springboot/springboot-loggers.yaml @@ -4,7 +4,7 @@ info: name: Detect Springboot Loggers author: that_juan_,dwisiswant0,wdahlenb severity: low - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-mappings.yaml b/http/misconfiguration/springboot/springboot-mappings.yaml index 15c3c94473..17f602c958 100644 --- a/http/misconfiguration/springboot/springboot-mappings.yaml +++ b/http/misconfiguration/springboot/springboot-mappings.yaml @@ -5,7 +5,7 @@ info: author: that_juan_,dwisiswant0,wdahlenb severity: low description: Additional routes may be displayed - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-metrics.yaml b/http/misconfiguration/springboot/springboot-metrics.yaml index 648ce688d5..4920f564f2 100644 --- a/http/misconfiguration/springboot/springboot-metrics.yaml +++ b/http/misconfiguration/springboot/springboot-metrics.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: low description: Additional routes may be displayed - tags: springboot,misconfig + tags: springboot,exposure,misconfig metadata: max-request: 2 diff --git a/http/misconfiguration/springboot/springboot-scheduledtasks.yaml b/http/misconfiguration/springboot/springboot-scheduledtasks.yaml index 449bb6f48a..9a0cbb9e02 100644 --- a/http/misconfiguration/springboot/springboot-scheduledtasks.yaml +++ b/http/misconfiguration/springboot/springboot-scheduledtasks.yaml @@ -14,7 +14,7 @@ info: metadata: max-request: 2 verified: true - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-status.yaml b/http/misconfiguration/springboot/springboot-status.yaml index 674ee512dd..a925f7dd68 100644 --- a/http/misconfiguration/springboot/springboot-status.yaml +++ b/http/misconfiguration/springboot/springboot-status.yaml @@ -13,7 +13,7 @@ info: max-request: 2 verified: true shodan-query: title:"Eureka" - tags: misconfig,springboot + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-trace.yaml b/http/misconfiguration/springboot/springboot-trace.yaml index 2de0064bde..f7751037cf 100644 --- a/http/misconfiguration/springboot/springboot-trace.yaml +++ b/http/misconfiguration/springboot/springboot-trace.yaml @@ -5,7 +5,7 @@ info: author: that_juan_,dwisiswant0,wdahlenb severity: low description: View recent HTTP requests and responses - tags: misconfig,springboot + tags: misconfig,springboot,exposure metadata: max-request: 1 diff --git a/http/misconfiguration/sql-server-report-viewer.yaml b/http/misconfiguration/sql-server-report-viewer.yaml index 58c40b3686..88fa143a35 100644 --- a/http/misconfiguration/sql-server-report-viewer.yaml +++ b/http/misconfiguration/sql-server-report-viewer.yaml @@ -10,7 +10,7 @@ info: max-request: 2 verified: true google-query: inurl:"/Reports/Pages/Folder.aspx" - tags: misconfig,sql,report + tags: misconfig,sql,report,exposure http: - raw: diff --git a/http/misconfiguration/syncthing-dashboard.yaml b/http/misconfiguration/syncthing-dashboard.yaml index 54ae488412..74241d85e0 100644 --- a/http/misconfiguration/syncthing-dashboard.yaml +++ b/http/misconfiguration/syncthing-dashboard.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: http.html:'ng-app="syncthing"' - tags: misconfig,syncthing + tags: misconfig,syncthing,exposure http: - method: GET diff --git a/http/misconfiguration/system-properties-exposure.yaml b/http/misconfiguration/system-properties-exposure.yaml index 69bf227c32..10f4948bfc 100644 --- a/http/misconfiguration/system-properties-exposure.yaml +++ b/http/misconfiguration/system-properties-exposure.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:"System Properties" - tags: misconfig,system + tags: misconfig,system,exposure http: - method: GET diff --git a/http/misconfiguration/tasmota-config-webui.yaml b/http/misconfiguration/tasmota-config-webui.yaml index 1e1f1bb4d5..e60c234a24 100644 --- a/http/misconfiguration/tasmota-config-webui.yaml +++ b/http/misconfiguration/tasmota-config-webui.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: title:"Tasmota" - tags: misconfig,tasmota,config + tags: misconfig,tasmota,exposure,config http: - method: GET diff --git a/http/misconfiguration/thinkphp-errors.yaml b/http/misconfiguration/thinkphp-errors.yaml index 8fe1b460ae..a45e16ea17 100644 --- a/http/misconfiguration/thinkphp-errors.yaml +++ b/http/misconfiguration/thinkphp-errors.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true fofa-query: app="ThinkPHP" && title="System Error" - tags: thinkphp,misconfig + tags: thinkphp,misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/tomcat-cookie-exposed.yaml b/http/misconfiguration/tomcat-cookie-exposed.yaml index 57f7c49246..56e1118f57 100644 --- a/http/misconfiguration/tomcat-cookie-exposed.yaml +++ b/http/misconfiguration/tomcat-cookie-exposed.yaml @@ -9,7 +9,7 @@ info: metadata: max-request: 1 verified: true - tags: misconfig,apache,tomcat + tags: misconfig,apache,tomcat,exposure http: - method: GET diff --git a/http/misconfiguration/transmission-dashboard.yaml b/http/misconfiguration/transmission-dashboard.yaml index 5de016568b..4f5af1a680 100644 --- a/http/misconfiguration/transmission-dashboard.yaml +++ b/http/misconfiguration/transmission-dashboard.yaml @@ -15,7 +15,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Transmission Web Interface" - tags: misconfig,transmission,dashboard + tags: misconfig,transmission,exposure,dashboard http: - method: GET diff --git a/http/misconfiguration/typo3-composer.yaml b/http/misconfiguration/typo3-composer.yaml index cf438e751e..7f64d8c230 100644 --- a/http/misconfiguration/typo3-composer.yaml +++ b/http/misconfiguration/typo3-composer.yaml @@ -12,7 +12,7 @@ info: max-request: 1 verified: true shodan-query: "X-TYPO3-Parsetime: 0ms" - tags: typo3,cms,misconfig + tags: typo3,cms,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/unauth-apache-kafka-ui.yaml b/http/misconfiguration/unauth-apache-kafka-ui.yaml index 489ad5c6d6..6e129dca05 100644 --- a/http/misconfiguration/unauth-apache-kafka-ui.yaml +++ b/http/misconfiguration/unauth-apache-kafka-ui.yaml @@ -12,7 +12,7 @@ info: max-request: 2 verified: true shodan-query: http.title:"UI for Apache Kafka" - tags: misconfig,apache,kafka,unauth + tags: misconfig,apache,kafka,unauth,exposure http: - method: GET diff --git a/http/misconfiguration/unauth-axyom-network-manager.yaml b/http/misconfiguration/unauth-axyom-network-manager.yaml index b128f4976a..38e5de4aea 100644 --- a/http/misconfiguration/unauth-axyom-network-manager.yaml +++ b/http/misconfiguration/unauth-axyom-network-manager.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Axyom Network Manager" - tags: misconfig,axyom,unauth + tags: misconfig,axyom,exposure,unauth http: - method: GET diff --git a/http/misconfiguration/unauth-kubecost.yaml b/http/misconfiguration/unauth-kubecost.yaml index a4d88c1106..79b2cbb8b3 100644 --- a/http/misconfiguration/unauth-kubecost.yaml +++ b/http/misconfiguration/unauth-kubecost.yaml @@ -8,7 +8,7 @@ info: max-request: 1 verified: true shodan-query: title:kubecost - tags: misconfig,unauth,kubecost + tags: misconfig,exposure,unauth,kubecost http: - method: GET diff --git a/http/misconfiguration/unauth-wavink-panel.yaml b/http/misconfiguration/unauth-wavink-panel.yaml index 806b86f718..5dd5bacf87 100644 --- a/http/misconfiguration/unauth-wavink-panel.yaml +++ b/http/misconfiguration/unauth-wavink-panel.yaml @@ -9,7 +9,7 @@ info: max-request: 1 verified: true shodan-query: http.title:"Wi-Fi APP Login" - tags: wavlink,unauth,misconfig,router + tags: exposure,wavlink,unauth,misconfig,router http: - method: GET diff --git a/http/misconfiguration/unauthenticated-glances.yaml b/http/misconfiguration/unauthenticated-glances.yaml index 7c1f206bb7..0cf9cc859e 100644 --- a/http/misconfiguration/unauthenticated-glances.yaml +++ b/http/misconfiguration/unauthenticated-glances.yaml @@ -7,7 +7,7 @@ info: description: Glance running web server mode & Unauthenticated leads system monitoring to info disclosure reference: - https://glances.readthedocs.io/en/latest/quickstart.html#how-to-protect-your-server-or-web-server-with-a-login-password - tags: glances,misconfig + tags: exposure,glances,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/viewpoint-system-status.yaml b/http/misconfiguration/viewpoint-system-status.yaml index 0248c3ecc0..6227b9ac40 100644 --- a/http/misconfiguration/viewpoint-system-status.yaml +++ b/http/misconfiguration/viewpoint-system-status.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 shodan-query: http.title:"ViewPoint System Status" - tags: status,viewpoint,misconfig + tags: status,exposure,viewpoint,misconfig http: - method: GET diff --git a/http/misconfiguration/wamp-server-configuration.yaml b/http/misconfiguration/wamp-server-configuration.yaml index d4ef85188d..151267a9ab 100644 --- a/http/misconfiguration/wamp-server-configuration.yaml +++ b/http/misconfiguration/wamp-server-configuration.yaml @@ -6,7 +6,7 @@ info: severity: medium description: Wamp default page will expose sensitive configuration and vhosts. reference: https://www.exploit-db.com/ghdb/6891. - tags: wamp,misconfig + tags: wamp,exposure,misconfig metadata: max-request: 1 diff --git a/http/misconfiguration/webdav-enabled.yaml b/http/misconfiguration/webdav-enabled.yaml index e8d0996cff..1b1d85d755 100644 --- a/http/misconfiguration/webdav-enabled.yaml +++ b/http/misconfiguration/webdav-enabled.yaml @@ -18,7 +18,7 @@ info: max-request: 3 verified: true shodan-query: "Ms-Author-Via: DAV" - tags: webdav,misconfig + tags: webdav,misconfig,exposure http: - raw: