updates

updated the template and moved into right folder

.gitignore

@@ -0,0 +1,2 @@
+
+.DS_Store

cves/CVE-2020-6286.yaml

@@ -1,40 +0,0 @@
-id: CVE-2020-6286
-
-info:
-  name: SAP RECON LFI
-  author: samueladi_ & organiccrap
-  severity: medium
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean"
-      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean?wsdl"
-      - "{{BaseURL}}/CTCWebService/Config1?wsdl"
-    matchers-condition: or
-    matchers:
-      - type: status
-        status:
-          - 405
-          - 200
-      - type: word
-        name: Check1
-        words:
-          - "Method Not Allowed"
-          - "Expected request method POST. Found GET."
-        condition: and
-        part: body
-      - type: word
-        name: Check2
-        words:
-          - "wsdl:definitions"
-          - "tns:CTCWebServiceSiBinding"
-        condition: and
-        part: body
-      - type: word
-        name: Check3
-        words:
-          - "Generated by WSDLDefinitionsParser"
-          - "bns0:Config1Binding"
-        condition: and
-        part: body

dns/azure-cnames-finder.yaml

@@ -1,37 +0,0 @@
-id: azure-cnames-finder
-
-info:
-  name: Azure CNAMEs
-  author: mzack9999
-  severity: informative
-
-  # Update the list with more CNAMEs related to azure
-
-dns:
-  - name: "{{FQDN}}"
-    type: A
-    class: inet
-    recursion: true
-    retries: 3
-    matchers:
-      - type: word
-        words:
-          - "azure-api.net"
-          - "azure-mobile.net"
-          - "azurecontainer.io"
-          - "azurecr.io"
-          - "azuredatalakestore.net"
-          - "azureedge.net"
-          - "azurefd.net"
-          - "azurehdinsight.net"
-          - "azurewebsites.net"
-          - "azurewebsites.windows.net"
-          - "blob.core.windows.net"
-          - "cloudapp.azure.com"
-          - "cloudapp.net"
-          - "database.windows.net"
-          - "redis.cache.windows.net"
-          - "search.windows.net"
-          - "servicebus.windows.net"
-          - "trafficmanager.net"
-          - "visualstudio.com"

dns/filter-valid.yaml

@@ -1,19 +0,0 @@
-id: filter-valid
-
-info:
-  name: Valid Domains Filter
-  author: mzack9999
-  severity: informative
-
-dns:
-  - name: "{{FQDN}}"  # Random prefix
-    type: A
-    class: inet
-    recursion: true
-    retries: 3
-    matchers:
-      - type: word
-        words:
-          - "NOERROR"
-          - "IN\tCNAME"
-          - "IN\tA"

dns/filter-wildcard.yaml

@@ -1,19 +0,0 @@
-id: filter-wildcard
-
-info:
-  name: Wildcard Filter
-  author: mzack9999
-  severity: informative
-
-dns:
-  - name: "0831058744.{{FQDN}}"  # Random prefix
-    type: A
-    class: inet
-    recursion: true
-    retries: 3
-    matchers:
-      - type: word
-        words:
-          - "NXDOMAIN"
-          - "SERVFAIL"
-          - "REFUSED"

panels/sap-recon-detect.yaml

@@ -0,0 +1,35 @@
+id: sap-recon-detect
+
+info:
+  name: SAP RECON Finder
+  author: samueladi_ & organiccrap
+  severity: medium
+
+  # Source:- https://github.com/chipik/SAP_RECON
+  # This is detection template, please use above poc to exploit this further. 
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean"
+      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean?wsdl"
+      - "{{BaseURL}}/CTCWebService/Config1?wsdl"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - Method Not Allowed
+          - Expected request method POST. Found GET.
+          - Generated by WSDLDefinitionsParser
+          - bns0:Config1Binding
+          - wsdl:definitions
+          - tns:CTCWebServiceSiBinding
+        condition: or
+
+      - type: status
+        status:
+          - 405
+          - 200
+        condition: or