Merge pull request #8906 from boy-hack/main

Add go pprof debug and Java web config detection and optimize payload.
2024-01-24 11:53:17 +05:30 · 2024-01-24 11:53:17 +05:30 · e275e2d501
parent 1ca267f04d b4cabf1590
commit e275e2d501
5 changed files with 53 additions and 0 deletions
--- a/http/exposures/backups/php-backup-files.yaml
+++ b/http/exposures/backups/php-backup-files.yaml
@ -69,7 +69,9 @@ http:
        - /wp-login.php
        - /config.php
        - /config
+        - /const.DB.php.bak
        - /const.DB.php
+
      bakext:
        - ".~"
        - ".bk"
--- a/http/exposures/backups/zip-backup-files.yaml
+++ b/http/exposures/backups/zip-backup-files.yaml
@ -56,6 +56,20 @@ http:
        - "database"
        - "Release"
        - "inetpub"
+        - "temp"
+        - "package"
+        - "tmp"
+        - "db"
+        - "data"
+        - "database"
+        - "ftp"
+        - "output"
+        - "admin"
+        - "upload"
+        - "src"
+        - "conf/conf"
+        - "old"
+
      EXT:
        - "tar"
        - "7z"
--- a/http/exposures/configs/dockerfile-hidden-disclosure.yaml
+++ b/http/exposures/configs/dockerfile-hidden-disclosure.yaml
@ -20,6 +20,7 @@ http:
    path:
      - "{{BaseURL}}/.dockerfile"
      - "{{BaseURL}}/.Dockerfile"
+      - "{{BaseURL}}/Dockerfile"

    matchers-condition: and
    matchers:
--- a/http/exposures/files/shellscripts.yaml
+++ b/http/exposures/files/shellscripts.yaml
@ -17,6 +17,7 @@ http:
      - "{{BaseURL}}/.travis.sh"
      - "{{BaseURL}}/install.sh"
      - "{{BaseURL}}/update.sh"
+      - "{{BaseURL}}/upload.sh"
      - "{{BaseURL}}/config.sh"
      - "{{BaseURL}}/build.sh"
      - "{{BaseURL}}/setup.sh"
@ -35,6 +36,9 @@ http:
      - "{{BaseURL}}/local2dev.sh"
      - "{{BaseURL}}/local2prod.sh"
      - "{{BaseURL}}/prod2local.sh"
+      - "{{BaseURL}}/rsync.sh"
+      - "{{BaseURL}}/sync.sh"
+      - "{{BaseURL}}/test.sh"

    matchers-condition: and
    matchers:
--- a/http/exposures/logs/go-pprof-debug.yaml
+++ b/http/exposures/logs/go-pprof-debug.yaml
@ -0,0 +1,32 @@
+id: go-pprof-debug
+
+info:
+  name: Go pprof Debug Page
+  author: w8ay
+  severity: low
+  description: go pprof debug page was exposed.
+  tags: logs,exposure,go,pprof
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/debug/pprof/heap?debug=1"
+      - "{{BaseURL}}/pprof/heap?debug=1"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'heap profile:'
+          - 'Alloc'
+        condition: and
+
+      - type: word
+        words:
+          - "text/plain"
+        part: header
+
+      - type: status
+        status:
+          - 200