TemplateMan Update [Tue Nov 7 05:24:50 UTC 2023] 🤖

http/misconfiguration/mysql-history.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - http://doc.docs.sk/mysql-refman-5.5/mysql-history-file.html
   metadata:
-    max-request: 1
     verified: true
+    max-request: 1
     shodan-query: html:"mysql_history"
   tags: misconfig,disclosure,config
 

http/technologies/wordpress/plugins/updraftplus.yaml

@@ -14,7 +14,6 @@ info:
 
 http:
   - method: GET
-
     path:
       - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt"
 

http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml

@@ -52,23 +52,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 4b0a00483046022100b5e26a39ec8e659d9a328ca3ccc4d4a267ef1c1937983c87d03cf4b44a1edc19022100a16a4eb3b0ebef7e1d2bff0b55f79af36b79e0c035501df0c1d8af6661ffd809:922c64590222798bb761d5b6d8e72950

http/vulnerabilities/code42/code42-log4j-rce.yaml

@@ -42,23 +42,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 490a00463044022057f58fb326fd41f2ba448ad56475806fec61bbad1a9b3f8d55af985bab85af900220238cdddcfece8857fb823c2dbaf1e47c371c77421b4213352e9ed1e5b920f41e:922c64590222798bb761d5b6d8e72950

http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml

@@ -40,23 +40,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 4a0a004730450220309d02fb2a14af51d6b3dd296b9d421619f900f7fea1ae7771ab375e5fb84f430221008b5eb4ddb57371bdd686e15e931342efb73e102e7539625e6f22a8c8fafc2548:922c64590222798bb761d5b6d8e72950

http/vulnerabilities/other/fortiportal-log4j-rce.yaml

@@ -44,23 +44,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 4a0a00473045022037f46fc4de680b650e54d74c1f8a6a65e092ba7e548b90992da1f51b828ac575022100be5e34c623eeb506f322c38890a5a638ee74525641827b2c5982c0fa737390b7:922c64590222798bb761d5b6d8e72950

http/vulnerabilities/other/logstash-log4j-rce.yaml

@@ -40,23 +40,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 4a0a00473045022041e2cc92ba6a2cc9920f7d74806ceb2570f3b0f6f08ac1c3bf26186630e44775022100f7bcae3be77b86e66ecd90c7df6e95093ceffca7167de0844ccc3f4cc28e5ee7:922c64590222798bb761d5b6d8e72950

http/vulnerabilities/vmware/vmware-nsx-log4j.yaml

@@ -50,23 +50,21 @@ http:
       - type: regex
         part: interactsh_request
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
+
 
     extractors:
       - type: kval
         kval:
-          - interactsh_ip # Print remote interaction IP in output
+
 
       - type: regex
         group: 2
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output
         part: interactsh_request
 
       - type: regex
         group: 1
         regex:
-          - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output
         part: interactsh_request
 
 # digest: 4a0a00473045022100b96d44b2b974d14dab76297531b2343eca8753e92a5b59f2ea9e3b0291eb9d71022062a47fe4c8f81b4288ec5430719483f92f754087e9f1702a41e8a0df922c6d2d:922c64590222798bb761d5b6d8e72950