Merge pull request #287 from manuelbua/fix-improve-wadl-template

Improve WADL detection, remove WSDL check, add additional checks
2020-08-07 01:22:20 +05:30 · 2020-08-07 01:22:20 +05:30 · e7514cffc5
parent 62089805d3 b48dc3b9c3
commit e7514cffc5
1 changed files with 21 additions and 3 deletions
--- a/files/wadl-files.yaml
+++ b/files/wadl-files.yaml
@ -2,16 +2,34 @@ id: wadl-files

 info:
  name: wadl file disclosure
-  author: 0xrudra
+  author: 0xrudra & manuelbua
  severity: info

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/application.wadl"
-      - "{{BaseURL}}/service?Wsdl"
+      - "{{BaseURL}}/application.wadl?detail=true"
+      - "{{BaseURL}}/api/application.wadl"
+      - "{{BaseURL}}/api/v1/application.wadl"
+      - "{{BaseURL}}/api/v2/application.wadl"
    matchers:
-      - type: word
+      - name: http-get
+        type: word
+        words:
+          - "This is simplified WADL with user and core resources only"
+          - "\"http://jersey.java.net/\""
+          - "http://wadl.dev.java.net/2009/02"
+        condition: or
+        part: body
+  - method: OPTIONS
+    path:
+      - "{{BaseURL}}/"
+      - "{{BaseURL}}/api/v1"
+      - "{{BaseURL}}/api/v2"
+    matchers:
+      - name: http-options
+        type: word
        words:
          - "This is simplified WADL with user and core resources only"
          - "\"http://jersey.java.net/\""