diff --git a/.github/scripts/assign_tasks.py b/.github/scripts/assign_tasks.py index 03b35de468..393e17e87c 100644 --- a/.github/scripts/assign_tasks.py +++ b/.github/scripts/assign_tasks.py @@ -8,7 +8,7 @@ password = sys.argv[3] repo_owner = "projectdiscovery" repo_name = "nuclei-templates" pr_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha"] -issue_user_list = ["princechaddha", "DhiyaneshGeek", "pussycat0x", "ritikchaddha"] +issue_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha", "princechaddha"] headers = {'Authorization': f'Bearer {password}', 'Accept': 'application/vnd.github+json', diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml index 9f1f2d3a31..663e5a316a 100644 --- a/.github/workflows/templates-sync.yml +++ b/.github/workflows/templates-sync.yml @@ -3,12 +3,40 @@ on: push: paths: - '.new-additions' + - 'file/keys/dependency/dependency-track.yaml' + - 'file/keys/docker/dockerhub-pat.yaml' + - 'file/keys/doppler/doppler-audit.yaml' + - 'file/keys/doppler/doppler-cli.yaml' + - 'file/keys/doppler/doppler-scim.yaml' + - 'file/keys/doppler/doppler-service-account.yaml' + - 'file/keys/doppler/doppler-service.yaml' + - 'file/keys/dropbox/dropbox-access.yaml' + - 'file/keys/huggingface/huggingface-user-access.yaml' + - 'file/keys/linkedin/linkedin-client.yaml' + - 'file/keys/linkedin/linkedin-secret.yaml' + - 'file/keys/newrelic/newrelic-api-service.yaml' + - 'file/keys/newrelic/newrelic-license-non.yaml' + - 'file/keys/newrelic/newrelic-license.yaml' + - 'file/keys/odbc/odbc-connection.yaml' + - 'file/keys/okta/okta-api.yaml' + - 'file/keys/particle/particle-access.yaml' + - 'file/keys/react/reactapp-password.yaml' + - 'file/keys/react/reactapp-username.yaml' + - 'file/keys/salesforce/salesforce-access.yaml' + - 'file/keys/thingsboard/thingsboard-access.yaml' + - 'file/keys/truenas/truenas-api.yaml' + - 'file/keys/twitter/twitter-client.yaml' + - 'file/keys/twitter/twitter-secret.yaml' + - 'file/keys/wireguard/wireguard-preshared.yaml' + - 'file/keys/wireguard/wireguard-private.yaml' - 'http/cves/2023/CVE-2023-49785.yaml' - - 'http/cves/2024/CVE-2023-5914.yaml' + - 'http/cves/2023/CVE-2023-5830.yaml' + - 'http/cves/2023/CVE-2023-5914.yaml' - 'http/cves/2024/CVE-2024-1698.yaml' - 'http/exposed-panels/bynder-panel.yaml' + - 'http/exposed-panels/cisco/cisco-expressway-panel.yaml' - 'http/exposed-panels/emqx-panel.yaml' - - 'http/exposed-panels/forticlientems-panel.yaml' + - 'http/exposed-panels/fortinet/forticlientems-panel.yaml' - 'http/exposed-panels/fortinet/fortiwlm-panel.yaml' - 'http/exposed-panels/neocase-hrportal-panel.yaml' - 'http/exposed-panels/osnexus-panel.yaml' diff --git a/.new-additions b/.new-additions index 0fcf9e9134..4627f5e9d0 100644 --- a/.new-additions +++ b/.new-additions @@ -1,9 +1,37 @@ +file/keys/dependency/dependency-track.yaml +file/keys/docker/dockerhub-pat.yaml +file/keys/doppler/doppler-audit.yaml +file/keys/doppler/doppler-cli.yaml +file/keys/doppler/doppler-scim.yaml +file/keys/doppler/doppler-service-account.yaml +file/keys/doppler/doppler-service.yaml +file/keys/dropbox/dropbox-access.yaml +file/keys/huggingface/huggingface-user-access.yaml +file/keys/linkedin/linkedin-client.yaml +file/keys/linkedin/linkedin-secret.yaml +file/keys/newrelic/newrelic-api-service.yaml +file/keys/newrelic/newrelic-license-non.yaml +file/keys/newrelic/newrelic-license.yaml +file/keys/odbc/odbc-connection.yaml +file/keys/okta/okta-api.yaml +file/keys/particle/particle-access.yaml +file/keys/react/reactapp-password.yaml +file/keys/react/reactapp-username.yaml +file/keys/salesforce/salesforce-access.yaml +file/keys/thingsboard/thingsboard-access.yaml +file/keys/truenas/truenas-api.yaml +file/keys/twitter/twitter-client.yaml +file/keys/twitter/twitter-secret.yaml +file/keys/wireguard/wireguard-preshared.yaml +file/keys/wireguard/wireguard-private.yaml http/cves/2023/CVE-2023-49785.yaml -http/cves/2024/CVE-2023-5914.yaml +http/cves/2023/CVE-2023-5830.yaml +http/cves/2023/CVE-2023-5914.yaml http/cves/2024/CVE-2024-1698.yaml http/exposed-panels/bynder-panel.yaml +http/exposed-panels/cisco/cisco-expressway-panel.yaml http/exposed-panels/emqx-panel.yaml -http/exposed-panels/forticlientems-panel.yaml +http/exposed-panels/fortinet/forticlientems-panel.yaml http/exposed-panels/fortinet/fortiwlm-panel.yaml http/exposed-panels/neocase-hrportal-panel.yaml http/exposed-panels/osnexus-panel.yaml diff --git a/.nuclei-ignore b/.nuclei-ignore index 760f8543d0..bf055fe188 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -16,7 +16,6 @@ tags: - "dos" - "local" - "bruteforce" - - "phishing" # The following templates have been excluded because they have weak matchers and may generate FP results. # Please feel free to create PR if you can update the templates with strict matchers. @@ -33,4 +32,4 @@ files: - http/cves/2021/CVE-2021-28164.yaml - http/fuzzing/wordpress-themes-detect.yaml - http/fuzzing/mdb-database-file.yaml - - http/fuzzing/iis-shortname.yaml \ No newline at end of file + - http/fuzzing/iis-shortname.yaml diff --git a/contributors.json b/contributors.json index 73f519cdb6..3c9f71c42b 100644 --- a/contributors.json +++ b/contributors.json @@ -1,4 +1,54 @@ [ + { + "author": "princechaddha", + "links": { + "github": "https://github.com/princechaddha", + "twitter": "https://twitter.com/princechaddha", + "linkedin": "https://www.linkedin.com/in/princechaddha/", + "website": "https://pwnmachine.me/", + "email": "" + } + }, + { + "author": "gy741", + "links": { + "github": "https://github.com/gy741", + "twitter": "", + "linkedin": "", + "website": "", + "email": "" + } + }, + { + "author": "ritikchaddha", + "links": { + "github": "https://github.com/ritikchaddha", + "twitter": "https://twitter.com/ritikchaddha", + "linkedin": "", + "website": "", + "email": "" + } + }, + { + "author": "theamanrawat", + "links": { + "github": "https://github.com/theamanrawat", + "twitter": "https://twitter.com/theamanrawat", + "linkedin": "", + "website": "", + "email": "" + } + }, + { + "author": "dwisiswant0", + "links": { + "github": "https://github.com/dwisiswant0", + "twitter": "https://twitter.com/dwisiswant0", + "linkedin": "", + "website": "", + "email": "" + } + }, { "author": "Tirtha", "links": { @@ -20,7 +70,7 @@ } }, { - "author": "DhiyaneshDk", + "author": "dhiyaneshdk", "links": { "github": "https://github.com/DhiyaneshGeek", "twitter": "https://twitter.com/DhiyaneshDK", @@ -120,10 +170,10 @@ } }, { - "author": "Akokonunes", + "author": "0x_akoko", "links": { - "github": "https://www.github.com/Akokonunes", - "twitter": "", + "github": "https://github.com/akokonunes", + "twitter": "https://twitter.com/0x_Akoko", "linkedin": "", "website": "", "email": "" @@ -613,7 +663,7 @@ "author": "daffainfo", "links": { "github": "https://www.github.com/daffainfo", - "twitter": "", + "twitter": "https://twitter.com/daffainfo", "linkedin": "", "website": "", "email": "" @@ -713,7 +763,7 @@ "author": "geeknik", "links": { "github": "https://www.github.com/geeknik", - "twitter": "", + "twitter": "https://twitter.com/geeknik", "linkedin": "", "website": "", "email": "" @@ -1133,7 +1183,7 @@ "author": "pikpikcu", "links": { "github": "https://www.github.com/pikpikcu", - "twitter": "", + "twitter": "https://twitter.com/pikpikcu", "linkedin": "", "website": "", "email": "" diff --git a/file/js/js-analyse.yaml b/file/js/js-analyse.yaml index 4730f4e553..379cf34a68 100644 --- a/file/js/js-analyse.yaml +++ b/file/js/js-analyse.yaml @@ -31,8 +31,65 @@ file: name: extracted-uri regex: - "(?i)([a-z]{2,10}):(//|/)[a-z0-9\\./?&-_=:]+" + - type: regex - name: AMAZON-ACCES-KEY + name: amazon-access-key regex: - "(?i)(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" -# digest: 4a0a0047304502200738658ef4985c1261c662fd545a23504b402343ad994af584866d74d37e11ac022100c8213e439b8a574bee55ce0881363c0964830df8255bcd89249d37a778f038ba:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + + - type: regex + name: amazon-s3-url + regex: + - "(?i)([a-z0-9_\\-\\.]+\\.s3\\.amazonaws\\.com)" + - "(?i)([a-z0-9\\.-]+\\.s3-[a-z0-9-\\.]+\\.amazonaws\\.com)" + - "(?i)[a-z0-9\\.-]+\\.s3-website[\\.-](eu|ap|us|ca|sa|cn)" + - "(?i)(s3://[a-z0-9_\\-\\./]+)" + - "(?i)(s3\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)" + - "(?i)(s3\\.console\\.aws\\.com/s3/buckets/[a-z0-9/_\\-\\.]+)" + - "(?i)(s3-[a-z0-9-\\.]\\.amazonaws\\.com/[a-z0-9/_\\-\\.]+)" + + - type: regex + name: github-personal-access-token + regex: + - "(?i)(ghp_[a-z0-9]{36}|github_pat_[a-z0-9]{82})" + + - type: regex + name: github-oauth-access-token + regex: + - "(?i)(gho_[a-zA-Z0-9]{36})" + + - type: regex + name: github-app-token + regex: + - "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b" + + - type: regex + name: authorization-basic + regex: + - "(?i)(Authorization:\\sbasic\\s+[a-z0-9=:_\\-+/]{5,100})" + + - type: regex + name: authorization-bearer + regex: + - "(?i)(Authorization:\\sbearer\\s+[a-z0-9=:_\\-\\.+/]{5,100})" + + - type: regex + name: rsa-private-key + regex: + - "(?i)(-----BEGIN RSA PRIVATE KEY-----)" + + - type: regex + name: ssh-dsa-private-key + regex: + - "(?i)(-----BEGIN DSA PRIVATE KEY-----)" + + - type: regex + name: ssh-ec-private-key + regex: + - "(?i)(-----BEGIN EC PRIVATE KEY-----)" + + - type: regex + name: potential-ajax-request + regex: + - "(?i)(new\\s+xmlhttprequest\\(\\)|\\$\\.ajax\\(\\{)" +# digest: 4a0a00473045022100a1dfbb218bb6e589fe608e853b26ab2acd789a197a02d92e3f0499331b80e03602206ac9cf015a855085c501f0e372f587e6dd518133e9bb9781de0d34ee15266bb9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/dependency/dependency-track.yaml b/file/keys/dependency/dependency-track.yaml new file mode 100644 index 0000000000..1f7d0cc48a --- /dev/null +++ b/file/keys/dependency/dependency-track.yaml @@ -0,0 +1,25 @@ +id: dependency-track + +info: + name: Dependency Track API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dependency_track.yml + - https://docs.dependencytrack.org/integrations/rest-api/ + - https://docs.dependencytrack.org/getting-started/configuration/ + metadata: + verified: true + max-request: 1 + tags: dependency,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(odt_[A-Za-z0-9]{32,255})\b +# digest: 4a0a004730450220702a4c3c4219c5f6c449c503a1ada1924589fe8a8ee69ca9788a4fd1da542a7f022100c396ad3ca884547cbb32a55a497a33e09e9d592987536b27742dae33485e1abf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/docker/dockerhub-pat.yaml b/file/keys/docker/dockerhub-pat.yaml new file mode 100644 index 0000000000..1452bcec51 --- /dev/null +++ b/file/keys/docker/dockerhub-pat.yaml @@ -0,0 +1,23 @@ +id: dockerhub-pat + +info: + name: Docker Hub Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dockerhub.yml + - https://docs.docker.com/security/for-developers/access-tokens/ + metadata: + verified: true + tags: docker,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dckr_pat_[a-zA-Z0-9_-]{27})(?:$|[^a-zA-Z0-9_-]) +# digest: 4a0a00473045022100bc73fcf69453af6d917f363d99e57d06620e6b40f1e38b54ac72982c1aff0865022030218f700bce4f88878c34d596fcc3563ee6a6a0f233055703455751caaabd08:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/doppler/doppler-audit.yaml b/file/keys/doppler/doppler-audit.yaml new file mode 100644 index 0000000000..796795cba5 --- /dev/null +++ b/file/keys/doppler/doppler-audit.yaml @@ -0,0 +1,24 @@ +id: doppler-audit + +info: + name: Doppler Audit Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.audit\.[a-zA-Z0-9]{40,44})\b +# digest: 490a00463044022047f3853a49b38bfc41c3a21edae871fa20dbc00c3e4fec75a443da4c802ce4e702205fce2aa010ee24edfbc190aad5475ba28a4ea42e81476b2e36a2eb95de8c4479:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/doppler/doppler-cli.yaml b/file/keys/doppler/doppler-cli.yaml new file mode 100644 index 0000000000..6626234bb5 --- /dev/null +++ b/file/keys/doppler/doppler-cli.yaml @@ -0,0 +1,24 @@ +id: doppler-cli + +info: + name: Doppler CLI Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.ct\.[a-zA-Z0-9]{40,44})\b +# digest: 4b0a00483046022100de413ad22bea43d8292d3d22ed07b2d5c6a06bfb4819104c20eeb9134f913be2022100d2915ad20b135f4f8d477c1acec455af6c749833455e09d2542c0e849ab3fc7b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/doppler/doppler-scim.yaml b/file/keys/doppler/doppler-scim.yaml new file mode 100644 index 0000000000..dc67ff5e3d --- /dev/null +++ b/file/keys/doppler/doppler-scim.yaml @@ -0,0 +1,24 @@ +id: doppler-scim + +info: + name: Doppler SCIM Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.scim\.[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022010274194b3725b6ef14112e5fc7f4e0d5c60123a51583f044bf2e94b76077001022100a0caa7739f04c145ec8ee920c613f38a6b5befd04918931bd0ee39cfdbcf3a44:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/doppler/doppler-service-account.yaml b/file/keys/doppler/doppler-service-account.yaml new file mode 100644 index 0000000000..dd03b7a8f5 --- /dev/null +++ b/file/keys/doppler/doppler-service-account.yaml @@ -0,0 +1,24 @@ +id: doppler-service-account + +info: + name: Doppler Service Account Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.sa\.[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022100c8177f1a0244e794af08cc9615e65a415d8cb7dc3616acc9f779e61aab518eb002204d63814164c93815807eb87c0919830977be1d4f878bd1697b90644de744894c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/doppler/doppler-service.yaml b/file/keys/doppler/doppler-service.yaml new file mode 100644 index 0000000000..36faeb5ace --- /dev/null +++ b/file/keys/doppler/doppler-service.yaml @@ -0,0 +1,24 @@ +id: doppler-service + +info: + name: Doppler Service + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.st\.(?:[a-z0-9\-_]{2,35}\.)?[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022100b61969103e1649c2c330814280aea5b020d5f47ca55c9601d0647af01c47ddbf02200698f545c2217332324593dffcc44a82bccb5ec45faf31507c356b71ee4ad7cf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/dropbox/dropbox-access.yaml b/file/keys/dropbox/dropbox-access.yaml new file mode 100644 index 0000000000..34e24c072b --- /dev/null +++ b/file/keys/dropbox/dropbox-access.yaml @@ -0,0 +1,25 @@ +id: dropbox-access + +info: + name: Dropbox Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dropbox.yml + - https://developers.dropbox.com/oauth-guide + - https://www.dropbox.com/developers/ + - https://www.dropbox.com/developers/documentation/http/documentation + metadata: + verified: true + tags: dropbox,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(sl\.[a-zA-Z0-9_-]{130,152})(?:$|[^a-zA-Z0-9_-]) +# digest: 490a0046304402203d0305c1997e320e30d2d0ad0460beb9c8478986a0f1b75f621167a79f8ca17302206da5b41a7402312c0d16fc2665349e3caf8aac3cee677a34f34089d739a743c6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/huggingface/huggingface-user-access.yaml b/file/keys/huggingface/huggingface-user-access.yaml new file mode 100644 index 0000000000..e0b3ffced8 --- /dev/null +++ b/file/keys/huggingface/huggingface-user-access.yaml @@ -0,0 +1,23 @@ +id: huggingface-user-access + +info: + name: HuggingFace User Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/huggingface.yml + - https://huggingface.co/docs/hub/security-tokens + metadata: + verified: true + tags: huggingface,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '\b(hf_[a-zA-Z]{34})\b' +# digest: 4b0a00483046022100934e5db46a96a95fbd52e60737825b1ed564ae6f42363a5843a5317f25c8b15d0221008fd6451b353118cd6c0b7a054f49e79c36d5c4222658de97e4b5fea6731da789:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/linkedin/linkedin-client.yaml b/file/keys/linkedin/linkedin-client.yaml new file mode 100644 index 0000000000..03c271d09c --- /dev/null +++ b/file/keys/linkedin/linkedin-client.yaml @@ -0,0 +1,23 @@ +id: linkedin-client + +info: + name: LinkedIn Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml + - https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications + metadata: + verified: true + tags: linkedin,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)linkedin.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{12,14})\b +# digest: 4a0a00473045022100ade417f9932824017914990383cd867a37ba57dd1badc60aa55dac97e73cbf3f02203bb0babcad422204af64f70926c18827b3940c69f909d205f440468d18b0bb31:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/linkedin/linkedin-secret.yaml b/file/keys/linkedin/linkedin-secret.yaml new file mode 100644 index 0000000000..698117b82c --- /dev/null +++ b/file/keys/linkedin/linkedin-secret.yaml @@ -0,0 +1,23 @@ +id: linkedin-secret + +info: + name: LinkedIn Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml + - https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications + metadata: + verified: true + tags: linkedin,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)linkedin.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{16})\b +# digest: 4a0a0047304502205def151b767d6270018ea90666e56089b0dde70467ca94489c6ab9ec0b735fe2022100ea3cee5471199b7e21bd6a63b75a667adcddad7281d249e83cbb8eb8cda82fd7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/newrelic/newrelic-api-service.yaml b/file/keys/newrelic/newrelic-api-service.yaml new file mode 100644 index 0000000000..c65ec1a8eb --- /dev/null +++ b/file/keys/newrelic/newrelic-api-service.yaml @@ -0,0 +1,24 @@ +id: newrelic-api-service + +info: + name: New Relic API Service Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(nrak-[a-z0-9]{27})\b +# digest: 4a0a00473045022100b0305a1f0644ca813e1b1408183fb6100e36a5ccf5716a072f32d60cf9956d7102207b59c7dc0411cc69bf362c9a1035ac73c61bccbabbbfeea75aa3eff7db628214:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/newrelic/newrelic-license-non.yaml b/file/keys/newrelic/newrelic-license-non.yaml new file mode 100644 index 0000000000..030432762d --- /dev/null +++ b/file/keys/newrelic/newrelic-license-non.yaml @@ -0,0 +1,24 @@ +id: newrelic-license-non + +info: + name: New Relic License Key (non-suffixed) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)associated\ with\ your\ New\ Relic\ account\.\s+license_key:\s*([a-f0-9]{40})\b +# digest: 4b0a00483046022100cb892d11153aa7205e3a23dab514da50e195f959de8fc957589d622d9ab5cc2b0221008328f65ee06dc78d96499d42170e2fb036cfa2aacb467698c39c672dc53cba96:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/newrelic/newrelic-license.yaml b/file/keys/newrelic/newrelic-license.yaml new file mode 100644 index 0000000000..4e05af4fdb --- /dev/null +++ b/file/keys/newrelic/newrelic-license.yaml @@ -0,0 +1,24 @@ +id: newrelic-license + +info: + name: New Relic License Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b([a-z0-9]{6}[a-f0-9]{30}nral)\b +# digest: 4b0a00483046022100e041b8d63bb59009c36c1d2f8b42a95d352acb3c8d0345afae5b908a78ab8f090221009e2de0a5b782aa3b65c7cbf357c0c7cd47497bef6ade233b239afa63ff863fff:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/odbc/odbc-connection.yaml b/file/keys/odbc/odbc-connection.yaml new file mode 100644 index 0000000000..3c501cdf85 --- /dev/null +++ b/file/keys/odbc/odbc-connection.yaml @@ -0,0 +1,22 @@ +id: odbc-connection + +info: + name: ODBC Connection String + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/odbc.yml + metadata: + verified: true + tags: odbc,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:User|User\sId|UserId|Uid)\s*=\s*([^\s;]{3,100})\s*;[\ \t]*.{0,10}[\ \t]*(?:Password|Pwd)\s*=\s*([^\t\ ;]{3,100})\s*(?:[;]|$) +# digest: 4a0a004730450221009cdd18eb9c779b2230d9b141a315ef98d1da77f0173be2da4d099c46e3b5c46f02207ae6fac5ccfbcbe6ab6902e3e4431449873bf31680040ec3b616c0e3750e1c4d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/okta/okta-api.yaml b/file/keys/okta/okta-api.yaml new file mode 100644 index 0000000000..5bfae71a38 --- /dev/null +++ b/file/keys/okta/okta-api.yaml @@ -0,0 +1,24 @@ +id: okta-api + +info: + name: Okta API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/okta.yml + - https://devforum.okta.com/t/api-token-length/5519 + - https://developer.okta.com/docs/guides/create-an-api-token/main/ + metadata: + verified: true + tags: okta,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?s)(?:okta|ssws).{0,40}\b(00[a-z0-9_-]{39}[a-z0-9_])\b +# digest: 4b0a0048304602210099f31a1c5cf66963fb04f1f4a78317a1329098914e756d1a97879086ca81de74022100c51328ddf041ad3e06759c5ce691eed371adf63ef1c6d203b2a50d87b165b1f9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/particle/particle-access.yaml b/file/keys/particle/particle-access.yaml new file mode 100644 index 0000000000..e8dac9802f --- /dev/null +++ b/file/keys/particle/particle-access.yaml @@ -0,0 +1,24 @@ +id: particle-access + +info: + name: particle.io Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/particle.io.yml + - https://docs.particle.io/reference/cloud-apis/api/ + metadata: + verified: true + tags: particle,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - 'https://api\.particle\.io/v1/[a-zA-Z0-9_\-\s/"\\?]*(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b' + - '(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b[\s"\\]*https://api\.particle\.io/v1' +# digest: 4b0a00483046022100a93af0a2a59859c973d5551ca538c3445e1bbdcdb6ffae6bb511031ab0920b6e022100b5528e182489365a2d48d40ff6ef41f6b79a28fa270c311e4fe6f767e45e4414:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/react/reactapp-password.yaml b/file/keys/react/reactapp-password.yaml new file mode 100644 index 0000000000..1f12960e62 --- /dev/null +++ b/file/keys/react/reactapp-password.yaml @@ -0,0 +1,24 @@ +id: reactapp-password + +info: + name: React App Password + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml + - https://create-react-app.dev/docs/adding-custom-environment-variables/ + - https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app + metadata: + verified: true + tags: react,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \bREACT_APP(?:_[A-Z0-9]+)*_PASS(?:\s+WORD)?\s*=\s*['"]?([^\s'"$]{6,})(?:[\s'"$]|$) +# digest: 4b0a00483046022100b4791a0989f14242e6ffe187281643b8b1417e5aba7fe98f353e37dbdc2ffb6c022100c3eee981ff792f8372f7f9292d0e73e0718b69a12d6d40ba0a58dff15dc3f948:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/react/reactapp-username.yaml b/file/keys/react/reactapp-username.yaml new file mode 100644 index 0000000000..ef635e0823 --- /dev/null +++ b/file/keys/react/reactapp-username.yaml @@ -0,0 +1,24 @@ +id: reactapp-username + +info: + name: React App Username + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml + - https://create-react-app.dev/docs/adding-custom-environment-variables/ + - https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app + metadata: + verified: true + tags: react,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \bREACT_APP(?:_[A-Z0-9]+)*_USER(?:\s+NAME)?\s*=\s*['"]?([^\s'"$]{3,})(?:[\s'"$]|$) +# digest: 4a0a0047304502201077003a86f122901374676e5f9dfda39f6c54f870a6e4f12b7dd01707a3a5e2022100c998646fe193fa833a18772b90679efa1ba4cca48a55a2da1c839b79e50b4cfd:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/salesforce/salesforce-access.yaml b/file/keys/salesforce/salesforce-access.yaml new file mode 100644 index 0000000000..08d7ba7c15 --- /dev/null +++ b/file/keys/salesforce/salesforce-access.yaml @@ -0,0 +1,22 @@ +id: salesforce-access + +info: + name: Salesforce Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/salesforce.yml + metadata: + verified: true + tags: salesforce,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(00[a-zA-Z0-9]{13}![a-zA-Z0-9._]{96})(?:\b|$|[^a-zA-Z0-9._]) +# digest: 490a0046304402207a4efb9c2401eaa2ebf49fcc5ec4676dfc142a5f5d607777827383c94bf144f102207b75489de473e1c5e3264e2d664fbb87cecbfc5811b20e6ac658fcd3f1415806:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/thingsboard/thingsboard-access.yaml b/file/keys/thingsboard/thingsboard-access.yaml new file mode 100644 index 0000000000..b6ff0fd86b --- /dev/null +++ b/file/keys/thingsboard/thingsboard-access.yaml @@ -0,0 +1,24 @@ +id: thingsboard-access + +info: + name: ThingsBoard Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/thingsboard.yml + - https://thingsboard.io/docs/paas/reference/http-api/ + - https://thingsboard.io/docs/paas/reference/coap-api/ + metadata: + verified: true + tags: thingsboard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - thingsboard\.cloud/api/v1/([a-z0-9]{20}) +# digest: 4b0a00483046022100e85330533e34d275242ad231bb436951116dabe56acafa94f3db46fca45ed3ae022100a799502b27b8e16f77e8406be58127578dd5f3465dab8b0a2381ee944432c239:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/truenas/truenas-api.yaml b/file/keys/truenas/truenas-api.yaml new file mode 100644 index 0000000000..72b69be9b8 --- /dev/null +++ b/file/keys/truenas/truenas-api.yaml @@ -0,0 +1,28 @@ +id: truenas-api + +info: + name: TrueNAS API Key (WebSocket) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/truenas.yml + - https://www.truenas.com/docs/api/core_websocket_api.html + - https://www.truenas.com/docs/api/scale_rest_api.html + - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/ + - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ + - https://www.truenas.com/docs/scale/api/ + - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + metadata: + verified: true + tags: truenas,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '"params"\s*:\s*\[\s*"(\d+-[a-zA-Z0-9]{64})"\s*\]' +# digest: 490a0046304402207bb4c8c5d8688099a5fb0972662080602259b4356fa5f947f6bf7ace68af235702201273f66e211b1ddfafc26dd957bc970aa1b23f7c0de5c142347e4d83f5ce1b49:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/twitter-secret.yaml b/file/keys/twitter-secret.yaml deleted file mode 100644 index a37f289cfc..0000000000 --- a/file/keys/twitter-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: twitter-secret - -info: - name: Twitter Secret - author: gaurang,daffainfo - severity: medium - tags: file,keys,token,twitter -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" - - "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" -# digest: 490a00463044022070cedf48e8996b407257da229d7553720f700fc1f154260196c812ba9423159f022010695ee7d48aeac7287967c049bd5dfad24faf6e701db05ede091e8be3e79305:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/twitter/twitter-client.yaml b/file/keys/twitter/twitter-client.yaml new file mode 100644 index 0000000000..f897cd1364 --- /dev/null +++ b/file/keys/twitter/twitter-client.yaml @@ -0,0 +1,23 @@ +id: twitter-client + +info: + name: Twitter Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml + - https://developer.twitter.com/en/docs/authentication/overview + metadata: + verified: true + tags: twitter,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\btwitter.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{18,25})\b +# digest: 4a0a00473045022030cb9bb226fc38ff17accc2fbe89603cae16c35050ec725ad20ce14d5fbc5ad2022100860577843f28d261d7fbf35ef59577e5fd0e84a50eb370cfbd714f1039338c19:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/twitter/twitter-secret.yaml b/file/keys/twitter/twitter-secret.yaml new file mode 100644 index 0000000000..de49f434a7 --- /dev/null +++ b/file/keys/twitter/twitter-secret.yaml @@ -0,0 +1,23 @@ +id: twitter-secret + +info: + name: Twitter Secret Key + author: DhiyaneshDK,gaurang,daffainfo + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml + - https://developer.twitter.com/en/docs/authentication/overview + metadata: + verified: true + tags: twitter,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)twitter.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{35,44})\b +# digest: 4a0a00473045022100ae8d7dcc6d380f9b0ba6d16ca558e7af6254078b3f1a0a2230f8ddc28f47267102206348551061cffebd4da2b42ec393373ef0987eeeb4382f0e517c38c836fb46cf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/wireguard/wireguard-preshared.yaml b/file/keys/wireguard/wireguard-preshared.yaml new file mode 100644 index 0000000000..3062583748 --- /dev/null +++ b/file/keys/wireguard/wireguard-preshared.yaml @@ -0,0 +1,25 @@ +id: wireguard-preshared + +info: + name: WireGuard Preshared Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml + - https://www.wireguard.com/quickstart/ + - https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html + - https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd + metadata: + verified: true + tags: wireguard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - PresharedKey\s*=\s*([A-Za-z0-9+/]{43}=) +# digest: 4a0a00473045022055b7809c89c44f01db811de03d659329878fabbb6006f65a5cfc4c231e72b5ce022100916852a09714e7cf50f5e239c48dba2b243d889df28c54c7671cb3b0ec8dc9e5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/file/keys/wireguard/wireguard-private.yaml b/file/keys/wireguard/wireguard-private.yaml new file mode 100644 index 0000000000..72778a0539 --- /dev/null +++ b/file/keys/wireguard/wireguard-private.yaml @@ -0,0 +1,25 @@ +id: wireguard-private + +info: + name: WireGuard Private Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml + - https://www.wireguard.com/quickstart/ + - https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html + - https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd + metadata: + verified: true + tags: wireguard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - PrivateKey\s*=\s*([A-Za-z0-9+/]{43}=) +# digest: 4a0a004730450221008bd7fd7c9c74eb3c6d2f1d5e4c8cc9c0fcc230534b094814ee0ca7dff2f7f9800220688ed7ae288880609a373ea69defa1d5ed93ca3fcb312e5c4ea2acea46b2e27c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2023/CVE-2023-5830.yaml b/http/cves/2023/CVE-2023-5830.yaml new file mode 100644 index 0000000000..a9f28e145a --- /dev/null +++ b/http/cves/2023/CVE-2023-5830.yaml @@ -0,0 +1,63 @@ +id: CVE-2023-5830 + +info: + name: ColumbiaSoft DocumentLocator - Improper Authentication + author: Gonski + severity: critical + description: | + Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login. + impact: | + An attacker could exploit this vulnerability to gain unauthorized access to sensitive information. + remediation: | + Upgrade to a patched version of ColumbiaSoft DocumentLocator to fix the improper authentication issue. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2023-5830 + - https://vuldb.com/?ctiid.243729 + - https://github.com/advisories/GHSA-j89v-wm7x-4434 + - https://vuldb.com/?id.243729 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2023-5830 + cwe-id: CWE-287 + epss-score: 0.00091 + epss-percentile: 0.37579 + cpe: cpe:2.3:a:documentlocator:document_locator:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: documentlocator + product: document_locator + shodan-query: 'title:"Document Locator - WebTools"' + tags: cve,cve2023,ssrf,unauth,columbiasoft,intrusive,webtools + +http: + - raw: + - | + @timeout: 20s + POST /api/authentication/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json;charset=UTF-8 + Origin: {{BaseURL}} + Referer: {{BaseURL}} + + { + "LoginType":"differentWindows", + "User":"{{randstr}}", + "Password":"{{rand_base(5, "abc")}}", + "Domain":"{{randstr}}", + "Server":"{{interactsh-url}}", + "Repository":"{{randstr}}" + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: body + words: + - '"Authorized":false' +# digest: 4a0a0047304502201a739a9a323bb1ce5f468a13c31ecc02400b08053b2b81930e86f5decb5d83a2022100b712b21b2b241e8a04f480fe2c2b7cb3e7710265f1332dd9c2996d1a1e0cc3aa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2024/CVE-2023-5914.yaml b/http/cves/2023/CVE-2023-5914.yaml similarity index 99% rename from http/cves/2024/CVE-2023-5914.yaml rename to http/cves/2023/CVE-2023-5914.yaml index e46a02c08a..af96dd3713 100644 --- a/http/cves/2024/CVE-2023-5914.yaml +++ b/http/cves/2023/CVE-2023-5914.yaml @@ -41,4 +41,4 @@ http: - 'contains(content_type, "text/html")' - 'contains_all(body, "", "XmlException")' condition: and -# digest: 4b0a00483046022100c444c81b2b8b8c7685a7c8b6561444155245452a96458ce4ababf2b07efd197a022100cca7f9aa78063d40421d7bb070c601a698b3c6ea172e211040abb4bd0bb804e4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100c444c81b2b8b8c7685a7c8b6561444155245452a96458ce4ababf2b07efd197a022100cca7f9aa78063d40421d7bb070c601a698b3c6ea172e211040abb4bd0bb804e4:922c64590222798bb761d5b6d8e72950 diff --git a/http/exposed-panels/cisco/cisco-expressway-panel.yaml b/http/exposed-panels/cisco/cisco-expressway-panel.yaml new file mode 100644 index 0000000000..7dd5c5eed5 --- /dev/null +++ b/http/exposed-panels/cisco/cisco-expressway-panel.yaml @@ -0,0 +1,35 @@ +id: cisco-expressway-panel + +info: + name: CISCO Expressway Login Panel - Detect + author: righettod + severity: info + description: | + CISCO Expressway login panel was detected. + reference: + - https://www.cisco.com/c/en/us/products/unified-communications/expressway-series/index.html + metadata: + verified: true + max-request: 1 + shodan-query: html:"Cisco Expressway" + tags: panel,cisco,login,detect + +http: + - method: GET + path: + - "{{BaseURL}}/login" + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains_any(to_lower(body), "cisco expressway", "cisco expway")' + condition: and + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Cisco\s+(?:Expressway|Expway)\s+([A-Za-z\s]+)<\/legend>' +# digest: 4a0a004730450221009a93171a94b3dcd6d212e35ffa66bf4d9432bd4ccac43de4141f63c5e61c060e0220021d84484a72649f562eaf3d436b260c53cc31c830240371f88855c097a4c6c8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposed-panels/forticlientems-panel.yaml b/http/exposed-panels/fortinet/forticlientems-panel.yaml similarity index 99% rename from http/exposed-panels/forticlientems-panel.yaml rename to http/exposed-panels/fortinet/forticlientems-panel.yaml index aa71d7757d..92c39c7c20 100644 --- a/http/exposed-panels/forticlientems-panel.yaml +++ b/http/exposed-panels/fortinet/forticlientems-panel.yaml @@ -33,4 +33,4 @@ http: group: 1 regex: - 'VERSION_FULL\\u0022: \\u0022(.*?)\\u0022' -# digest: 4a0a00473045022100ca8f62bf9c299d2ef4a24562fab0cfa6df4bf3e529e144287b08a9bddd70bfff0220395f7b7c4d94585210c9476eb9589430b114ef7e13f20e84109aef636d456745:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a00473045022100ca8f62bf9c299d2ef4a24562fab0cfa6df4bf3e529e144287b08a9bddd70bfff0220395f7b7c4d94585210c9476eb9589430b114ef7e13f20e84109aef636d456745:922c64590222798bb761d5b6d8e72950 diff --git a/network/detection/wing-ftp-detect.yaml b/network/detection/wing-ftp-detect.yaml index 44f5795d94..f73ee40f28 100644 --- a/network/detection/wing-ftp-detect.yaml +++ b/network/detection/wing-ftp-detect.yaml @@ -24,3 +24,4 @@ tcp: part: body words: - "Wing FTP Server" +# digest: 490a00463044022041b78c4dea63a1fbdd51b152e120900093db0ab7e81b050e75d03c542d80b4a10220476a48aa15c3c12290b8d485e4ddd49d48d0173d1bc14ad16cbf0d2079fb8acf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/templates-checksum.txt b/templates-checksum.txt index 455c08c21f..916ac8838a 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -104,7 +104,7 @@ config/osint.yml:683fe1e52716d054760d707dbc123f5e09de5418 config/pentest.yml:c7b04a39e2efaf1a5f627da9b49ecf714d927f0e config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8 config/recommended.yml:eb4d0cb29634218f0279692e8c59fa1906d7148c -contributors.json:7aceb02f36b26022058d0a11cd8517df6aae4445 +contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159 cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605 cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4 dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4 @@ -164,7 +164,7 @@ file/audit/pfsense/set-hostname.yaml:c123a3b395ce655438028aab12c18d25423dc136 file/bash/bash-scanner.yaml:5bc8d723949612cfaed57eddf1e19d8c45b15f6e file/electron/electron-version-detect.yaml:9e6b4ced33952723bbf371889793cd69bfe918e2 file/electron/node-integration-enabled.yaml:772455563db410b4b9113615e1958a45a25965ff -file/js/js-analyse.yaml:1259e3d3620e8f698ad0f05b62be281febf350a1 +file/js/js-analyse.yaml:d3c27e7fbd123cc86c0f4fbb3ad8f51cb363db41 file/keys/adafruit-key.yaml:dc4ce3917a2ca4d061ef45032d59ccd68b9e1551 file/keys/adobe/adobe-client.yaml:bb33624aa34163fabe1d338d33239c8f566ecc7a file/keys/adobe/adobe-secret.yaml:e6e4152b3ff3a42223a8ac7169b0a38b0a622234 @@ -203,14 +203,22 @@ file/keys/credential-exposure-file.yaml:d6be05c931599edd628a0591224a0c7ba56fa987 file/keys/credentials.yaml:7d9557524fa206e8bb91295da81890e44084838f file/keys/databricks-api-token.yaml:a9bfc986be3fff96341f96b4213700a370c852a4 file/keys/datadog-access-token.yaml:12b74598ee375f3a5ffbcd81ef8d526c9b852638 +file/keys/dependency/dependency-track.yaml:9d4af12139dc253e1afa70ca7678f2b5a550e3c4 file/keys/digitalocean/digitalocean-access-token.yaml:29da3c43c8ff92cead04e92fd1961e8b8599c69a file/keys/digitalocean/digitalocean-personal-access.yaml:8e82ebd4f3e85120abc293e1e9312cef25531950 file/keys/digitalocean/digitalocean-refresh-token.yaml:07071ed0e0a505395e4557e9d7d366a95ef4b668 file/keys/discord/discord-api-token.yaml:2dedd90e44f3c638beab645b83a757d31673b880 file/keys/discord/discord-cilent-secret.yaml:1ecb39bf91f8bb1190acb0c183867d7feeea1890 file/keys/discord/discord-client-id.yaml:987ee6636deb77670c3578276cd9f46681d87bdb +file/keys/docker/dockerhub-pat.yaml:929cef0af54303dafb5262cbd000758da94e76e9 +file/keys/doppler/doppler-audit.yaml:e35727b74223049f36b0bb0ae61a6407a2b2796d +file/keys/doppler/doppler-cli.yaml:ab8577b4917f225376dadb06fa2291ff7cf3bf60 +file/keys/doppler/doppler-scim.yaml:ac4dc0cd37e6e6f1088321cccdc3446b816c8986 +file/keys/doppler/doppler-service-account.yaml:ee8d6ddbf75cb40624430ba3d054361e9fe43a20 +file/keys/doppler/doppler-service.yaml:af6d77daa3c56bc765f263849c4cec53fb202ccc file/keys/doppler-api-token.yaml:1c64194e0ee54ece342ac3be8abf4cd1e435cbab file/keys/droneci-access-token.yaml:50eecf6767282a184e8e35bed455ddc90aa77f5a +file/keys/dropbox/dropbox-access.yaml:bb07dd2c5200bf2d3ac92eef0040005f3777edc6 file/keys/dropbox/dropbox-api-token.yaml:73c1e3c967b0c8c2869417f9b0fbd9943e571814 file/keys/dropbox/dropbox-longlived-token.yaml:c39f688533f912ff0482778740f03ad46183824c file/keys/dropbox/dropbox-shortlived-token.yaml:4ede1ec7aa2b17ba7e8a60b3f01e5136ec4ec176 @@ -255,26 +263,38 @@ file/keys/grafana/grafana-cloud-api-token.yaml:7866324b7ee666df3acdac0d3f66c2345 file/keys/grafana/grafana-service-account-token.yaml:ab639575a2a2ee8e223f0e579c9fcd519b3bc2cd file/keys/hashicorp-api-token.yaml:9bb83e6cda00977645b1f613864243fd126576d6 file/keys/heroku-key.yaml:591f63afb7e7ebf8e75644e8dc0131f6524cdf39 +file/keys/huggingface/huggingface-user-access.yaml:cee36c254222da7a52d04a30522992c15bf0dd93 file/keys/jenkins-token.yaml:f48b5889c3815de3948e3eb5bb07fbd9e6902eb7 file/keys/kubernetes/kubernetes-dockercfg-secret.yaml:fdd22e6e0b0fac8772d949ba8bc6a296c9845074 file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml:f7ada6c8e01ad6561cb6d97e31bec4c95a71de9c +file/keys/linkedin/linkedin-client.yaml:7c3b0741a3dd4093054efcbed23ca1e728b1dc46 +file/keys/linkedin/linkedin-secret.yaml:6aebe5a012f34324a3d7f3bfbecdf707a8388614 file/keys/linkedin-id.yaml:39efe931f4ace6377fbc63d76bd12d88fcecd7e9 file/keys/mailchimp-api.yaml:5b1ee7bc57b19f46f705d27419e8d0b802258b71 file/keys/mailgun-api.yaml:7299dc580989b55622b2f460fce1c8724cbf7343 file/keys/mapbox-token.yaml:b911206f1ccba8f70d6e9387771ca97a18fee32a +file/keys/newrelic/newrelic-api-service.yaml:ef41de67162d12bedf4d6c5d90d74768214e57fe +file/keys/newrelic/newrelic-license-non.yaml:e7a7abb5354e833ee34a7f078aabd5529c2e4755 +file/keys/newrelic/newrelic-license.yaml:c4c9f83dba1796287e40555a794632adb71e7afd file/keys/newrelic/newrelic-pixie-apikey.yaml:6896635d7b4c891ffabb946ff9ab6deb8fba5d51 file/keys/newrelic/newrelic-pixie-deploykey.yaml:d038d136304e6c13d533f3302e1c1eafc39bdf38 file/keys/npm-accesstoken.yaml:a2ea270e9e7f1a236e7d4da33e833ab26031e5ce file/keys/nuget-key.yaml:4c0a481dc9873f455ed2dc3d990c17a8550b243a +file/keys/odbc/odbc-connection.yaml:758733489bf7b3defba93b1cda11f384ed7da182 +file/keys/okta/okta-api.yaml:e70809f9fbcaec530687ff077c63796b5eef3031 file/keys/openai-key.yaml:362b3e2c11d11f7183034aaa5cdb47f3b40700b9 +file/keys/particle/particle-access.yaml:676becab681ec168bae43c74b13e552af4657f5c file/keys/paypal-braintree-token.yaml:402e0754808e014fb8b0ebdb3fb1e0eb585c3be2 file/keys/pictatic-api-key.yaml:5d254108f9865c20a83080b3f92a3152b54d3c05 file/keys/postman-api-key.yaml:91b5bbc73ae8fc4430498d92e5ab029e332f8817 file/keys/private-key.yaml:c297f883a9ff39ab4807a35914edffc3f0cc01a9 file/keys/pypi-token.yaml:d5d89be532cce80e65a912bf277f94d7bcf8f1c2 file/keys/razorpay-client-id.yaml:a88d58769de655a660b4e5ee8a58aba9faeed91d +file/keys/react/reactapp-password.yaml:4613021cd4c5d458ab778000587b7229980e4238 +file/keys/react/reactapp-username.yaml:deb652d737576b6ae7c84eb9de36f0b329baf0bd file/keys/rubygems-key.yaml:fa5cdc44cbd4f734c9aedf00b112ccf27a073a50 file/keys/s3-bucket.yaml:5604162f278a70b8742678a1a006949ca62e64e2 +file/keys/salesforce/salesforce-access.yaml:6cb655725ac01c05b073db6645b96cf9e7e7bf8d file/keys/sauce-access-token.yaml:c9aa59af67698af4ffa2486af99819e3cb4147c3 file/keys/segment-public-api.yaml:a193504eea902e1c11b23f3e408a7b7593389b22 file/keys/sendgrid-api.yaml:15e1a6951aa39738c4fa1310f420a55340460f11 @@ -290,8 +310,13 @@ file/keys/square-oauth-secret.yaml:6d588fb6fcb3851617348b0cfa394d85824708f1 file/keys/stackhawk-api-key.yaml:0bfb39d55ad1ba8e731e72918dfc1b098059d1c8 file/keys/stripe-api-key.yaml:5df4a9e34d7acd181f0451c1e620cdbff2c8ff0b file/keys/telegram-token.yaml:a7fbf76a80e8dbb51ae3876632d15afae04eb519 +file/keys/thingsboard/thingsboard-access.yaml:2393412b4f8629f6fe28837cd394699e344c906e +file/keys/truenas/truenas-api.yaml:8cb5b99a4702f4fbe69c5ba1a09cc24b7093ba49 file/keys/twilio-api.yaml:b225fe4dd0f8f0f2bc7b76870aaac28f70993d12 -file/keys/twitter-secret.yaml:994272364c3c831d4a6db48e34a0154cb8f52983 +file/keys/twitter/twitter-client.yaml:9bd5486ea151363def2820c6282b380da52d9b25 +file/keys/twitter/twitter-secret.yaml:65827a76234f874f90f5323afd3ad625821d5b52 +file/keys/wireguard/wireguard-preshared.yaml:f30e419b0c15a28facb053e105c9f0916e3ac9cb +file/keys/wireguard/wireguard-private.yaml:1fb9592fb98b0e4b26f90bc2d4a5029dd09644dd file/keys/zapier-webhook.yaml:8d0f9312fd5acb2f63899a50b2ac8b670f389464 file/keys/zendesk-secret-key.yaml:cdf5d13a59f7036d60f6ea546087c7e48f016612 file/logs/django-framework-exceptions.yaml:84d8ecc728d13f3f5e756cf29b1b2691a64e031e @@ -3030,6 +3055,8 @@ http/cves/2023/CVE-2023-5244.yaml:32f7df605dda4c16610c548f773673f5b69c67a5 http/cves/2023/CVE-2023-5360.yaml:387bf52196ed2e1d383a97ea158fe90b94d213b9 http/cves/2023/CVE-2023-5375.yaml:394c4b2b0867a8922fcfad500616380c117983d8 http/cves/2023/CVE-2023-5556.yaml:7d50d6e2861161f90b7876147d3405d5c7eeccf4 +http/cves/2023/CVE-2023-5830.yaml:85965a9925a1cd03639181416b2c20995b33f501 +http/cves/2023/CVE-2023-5914.yaml:93f627b753ac975d5a74a2532a42aa9449682207 http/cves/2023/CVE-2023-6018.yaml:e840e467eab7d472ae719996be481de06fafb2cf http/cves/2023/CVE-2023-6020.yaml:68c05fb386a060d81834e2ddbaefb5779ae81b51 http/cves/2023/CVE-2023-6021.yaml:83ada3f6cf527a6e4f084151e60fc36c47a31785 @@ -3048,7 +3075,6 @@ http/cves/2023/CVE-2023-6895.yaml:0ef4052f3a65107072ee47d11c4028e55f54b472 http/cves/2023/CVE-2023-6909.yaml:e8c84b54fb87c65ef2afbbe6e44f305c8eb67188 http/cves/2023/CVE-2023-6977.yaml:5f16b7bdb7c8c98ab5e1c333cffaccbb4fbe51ae http/cves/2023/CVE-2023-7028.yaml:16a6a22a93bf8caea281ec34d32def83f8e06fac -http/cves/2024/CVE-2023-5914.yaml:8d84ed75ed56b35ba6e6f81a23ba37de27945e96 http/cves/2024/CVE-2024-0204.yaml:6fe6e29907168dd0d6bf7ca67ef70b3e5114430b http/cves/2024/CVE-2024-0305.yaml:81dbabe027bcd8f7733aefac310dcb7efa6e0a4f http/cves/2024/CVE-2024-0352.yaml:e324d6ccb69d2bee50aa487f5e068cc005c715d8 @@ -3406,6 +3432,7 @@ http/exposed-panels/cisco/cisco-ace-device-manager.yaml:c5c9e855c9978d5f1770f828 http/exposed-panels/cisco/cisco-anyconnect-vpn.yaml:426651066804491b7128cb9d1518adcece334719 http/exposed-panels/cisco/cisco-asa-panel.yaml:404619b86f43443c4cb6a77e46855879a1ad4778 http/exposed-panels/cisco/cisco-edge-340.yaml:cd15ec08c18c29079865df10dfec7f1fe23008f3 +http/exposed-panels/cisco/cisco-expressway-panel.yaml:27975d60e84a053e1473319a625a353d448dd516 http/exposed-panels/cisco/cisco-finesse-login.yaml:742d956488dcddf7305d32facc6a47b5a5e51f4e http/exposed-panels/cisco/cisco-integrated-login.yaml:1e712a4925fe31fb6076255a1ea1d3c5518d600e http/exposed-panels/cisco/cisco-ios-xe-panel.yaml:2c260bc7aeaaea7892a11b22c8d1f08007b7c479 @@ -3565,9 +3592,9 @@ http/exposed-panels/footprints-panel.yaml:12b1ff801c88bafe46638794e739adb9d5379f http/exposed-panels/forcepoint-applicance.yaml:f18ffbd665ae28a2bacec9117186e68621287db4 http/exposed-panels/forcepoint.yaml:c3c1417daa067deaf421ae9c0a30d4b88c3b0350 http/exposed-panels/forti/fortiadc-panel.yaml:8dfb7582c659d516cc6eb9d8dceb42a0424fe143 -http/exposed-panels/forticlientems-panel.yaml:376dfeea4aba569ce865208dc9fe81f7858b175d http/exposed-panels/fortinet/fortiap-panel.yaml:300ab4949fd73ca59e9e7c4706a2c616ada75914 http/exposed-panels/fortinet/fortiauthenticator-detect.yaml:c0f02944e1c861c523acfe6f5a3c823327339989 +http/exposed-panels/fortinet/forticlientems-panel.yaml:65d946fe428862980085d4410cf8a4367cd8f3fc http/exposed-panels/fortinet/fortimail-panel.yaml:c0202da50a4af46f6290259e367f7fa997ffa18e http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml:ba098255839e2c7f85c7793ea2b4056aea91839c http/exposed-panels/fortinet/fortinet-fortigate-panel.yaml:6b53e7e548ca993721fd221cc473775d56f8398d @@ -6500,8 +6527,8 @@ http/technologies/mappproxy-detect.yaml:34f8715bb04d15e410646087f140852d5e67e6a4 http/technologies/matrix-detect.yaml:33b6e2aef92cf34e8fdfa015ed1d7c4cbb0c9ca7 http/technologies/matrix-homeserver-detect.yaml:03f44055b1385667e1d860c9160c9b0a3b5b24b0 http/technologies/metatag-cms.yaml:dddeec9fe5817ce89ce12c7fb09e5702c6cf5ea7 -http/technologies/microsoft/aspnet-version-detect.yaml:c2322047d526d4cbf5e23afb5299227a493e76b7 -http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:ec99bbdc39f070ec50892003e8edc062b0526de4 +http/technologies/microsoft/aspnet-version-detect.yaml:5bed426fbdc77d0e323d7d3c0113c4bfb34ce8f6 +http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d022608a43527ec30e3df2c9 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81 @@ -8057,6 +8084,7 @@ network/detection/vmware-authentication-daemon-detect.yaml:fe32f8021fd370465c0f9 network/detection/vnc-service-detect.yaml:22f648aa53fa7fb08f258bcd06fa4b15d80eebca network/detection/weblogic-iiop-detect.yaml:05bf3f6fdfa938cfb88ee0e5f27da5e1b8d70bfa network/detection/weblogic-t3-detect.yaml:06f88de334b8bae8279d944c0cf4467919930e93 +network/detection/wing-ftp-detect.yaml:79fe3254d4657278f122977cda7145287f7b993c network/detection/ws_ftp-ssh-detect.yaml:558ac2fd876a7239ddfd7c5c9433769f166644bd network/detection/xlight-ftp-service-detect.yaml:c1bcbafb4cd2ad7a5b4b6c7b947779ee08367781 network/enumeration/beanstalk-service.yaml:4116fb96469ca087e5b79686fe57c54862835ad8 @@ -8142,7 +8170,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:5b1362ef552ea57e67c47c4d472d4386c9aa6368 +templates-checksum.txt:f6eaac90af8e77b23be2e3482cf5afbd3b015566 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4