daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2759 from projectdiscovery/generic-ssrf 

generic-ssrf
patch-1
Sandeep Singh 2021-09-30 03:31:52 +05:30 committed by GitHub
parent 3cf123a9d7 553a7a2480
commit e9f81943b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 927 additions and 798 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

1579
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 725 | pikpikcu | 273 | cves | 725 | info | 643 | http | 1965 |
| lfi | 260 | dhiyaneshdk | 258 | vulnerabilities | 301 | high | 553 | file | 46 |
| panel | 248 | daffainfo | 213 | exposed-panels | 247 | medium | 448 | network | 41 |
| xss | 244 | pdteam | 195 | technologies | 191 | critical | 273 | dns | 12 |
| exposure | 231 | geeknik | 152 | exposures | 188 | low | 152 | | |
| wordpress | 223 | dwisiswant0 | 131 | misconfiguration | 136 | | | | |
| rce | 198 | gy741 | 72 | takeovers | 64 | | | | |
| tech | 181 | pussycat0x | 67 | default-logins | 56 | | | | |
| cve2020 | 164 | madrobot | 61 | file | 46 | | | | |
| wp-plugin | 149 | princechaddha | 61 | workflows | 36 | | | | |
| cve | 731 | pikpikcu | 273 | cves | 731 | info | 650 | http | 1983 |
| lfi | 265 | dhiyaneshdk | 263 | vulnerabilities | 307 | high | 558 | file | 46 |
| panel | 252 | daffainfo | 216 | exposed-panels | 250 | medium | 451 | network | 42 |
| xss | 246 | pdteam | 196 | technologies | 192 | critical | 276 | dns | 12 |
| exposure | 233 | geeknik | 153 | exposures | 188 | low | 153 | | |
| wordpress | 229 | dwisiswant0 | 131 | misconfiguration | 136 | | | | |
| rce | 199 | gy741 | 75 | takeovers | 64 | | | | |
| tech | 183 | pussycat0x | 68 | default-logins | 56 | | | | |
| cve2020 | 164 | princechaddha | 61 | file | 46 | | | | |
| wp-plugin | 155 | madrobot | 61 | workflows | 37 | | | | |

47
vulnerabilities/generic/oob-header-based-interaction.yaml Normal file
View File

@ -0,0 +1,47 @@
id: oob-header-based-interaction
info:
name: Header Based Generic OOB Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed URL from the request headers.
reference: https://github.com/PortSwigger/collaborator-everywhere
tags: oob,ssrf,generic
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@{{interactsh-url}}
Referer: http://{{interactsh-url}}/ref
Cf-Connecting_ip: spoofed.{{interactsh-url}}
X-Real-Ip: spoofed.{{interactsh-url}}
From: root@{{interactsh-url}}
True-Client-Ip: spoofed.{{interactsh-url}}
Client-Ip: spoofed.{{interactsh-url}}
Forwarded: for=spoofed.{{interactsh-url}};by=spoofed.{{interactsh-url}};host=spoofed.{{interactsh-url}}
X-Client-Ip: spoofed.{{interactsh-url}}
X-Originating-Ip: spoofed.{{interactsh-url}}
X-Wap-Profile: http://{{interactsh-url}}/wap.xml
X-Forwarded-For: spoofed.{{interactsh-url}}
Contact: root@{{interactsh-url}}
X-Forwarded-Host: spoofed.{{interactsh-url}}
X-Host: spoofed.{{interactsh-url}}
X-Forwarded-Server: spoofed.{{interactsh-url}}
X-HTTP-Host-Override: spoofed.{{interactsh-url}}
Cache-Control: no-transform
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: word
part: interactsh_protocol
name: dns
words:
- "dns"

21
vulnerabilities/generic/oob-param-based-interaction.yaml Normal file
View File

@ -0,0 +1,21 @@
id: oob-param-based-interaction
info:
name: Parameter Based Generic OOB Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed URL from the request parameters.
reference: https://github.com/PortSwigger/collaborator-everywhere
tags: oob,ssrf,generic
requests:
- method: GET
path:
- "{{BaseURL}}/?u=http://{{interactsh-url}}/&href=http://{{interactsh-url}}/&action=http://{{interactsh-url}}/&host={{interactsh-url}}&http_host={{interactsh-url}}&email=root@{{interactsh-url}}&url=http://{{interactsh-url}}/&load=http://{{interactsh-url}}/&preview=http://{{interactsh-url}}/&target=http://{{interactsh-url}}/&proxy=http://{{interactsh-url}}/&from=http://{{interactsh-url}}/&src=http://{{interactsh-url}}/&ref=http://{{interactsh-url}}/&referrer=http://{{interactsh-url}}/"
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"

56
vulnerabilities/generic/request-based-interaction.yaml Normal file
View File

@ -0,0 +1,56 @@
id: request-based-interaction
info:
name: OOB Request Based Interaction
author: pdteam
severity: info
description: The remote server fetched a spoofed DNS Name from the request.
reference: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
tags: oob,ssrf,generic
requests:
- raw:
- |+
GET / HTTP/1.1
Host: {{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET / HTTP/1.1
Host: @{{interactsh-url}}
Cache-Control: no-transform
Accept: */*
- |+
GET http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET @{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
- |+
GET {{interactsh-url}}:80/ HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-transform
Accept: */*
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
- type: word
part: interactsh_protocol
name: dns
words:
- "dns"