commit
f121770ecc
|
@ -9,6 +9,22 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/phpmyadmin/"
|
- "{{BaseURL}}/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/admin//phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/Admin/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/admin/phpMyAdmin/"
|
||||||
|
- "{{BaseURL}}/Admin/phpMyAdmin/"
|
||||||
|
- "{{BaseURL}}/_PHPMYADMIN/"
|
||||||
|
- "{{BaseURL}}/_pHpMyAdMiN/"
|
||||||
|
- "{{BaseURL}}/_phpMyAdmin/"
|
||||||
|
- "{{BaseURL}}/administrator/components/com_joommyadmin/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/apache-default/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/blog/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/forum/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/php/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/typo3/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/web/phpmyadmin/"
|
||||||
|
- "{{BaseURL}}/xampp/phpmyadmin/"
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
|
|
|
@ -0,0 +1,101 @@
|
||||||
|
id: ntlm-directories
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Discovering directories w/ NTLM
|
||||||
|
author: puzzlepeaches
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/abs/"
|
||||||
|
- "{{BaseURL}}/adfs/services/trust/2005/windowstransport"
|
||||||
|
- "{{BaseURL}}/aspnet_client/"
|
||||||
|
- "{{BaseURL}}/autodiscover/"
|
||||||
|
- "{{BaseURL}}/autoupdate/"
|
||||||
|
- "{{BaseURL}}/certenroll/"
|
||||||
|
- "{{BaseURL}}/certprov/"
|
||||||
|
- "{{BaseURL}}/certsrv/"
|
||||||
|
- "{{BaseURL}}/conf/"
|
||||||
|
- "{{BaseURL}}/deviceupdatefiles_ext/"
|
||||||
|
- "{{BaseURL}}/deviceupdatefiles_int/"
|
||||||
|
- "{{BaseURL}}/dialin/"
|
||||||
|
- "{{BaseURL}}/ecp/"
|
||||||
|
- "{{BaseURL}}/etc/"
|
||||||
|
- "{{BaseURL}}/ews/"
|
||||||
|
- "{{BaseURL}}/exchange/"
|
||||||
|
- "{{BaseURL}}/exchweb/"
|
||||||
|
- "{{BaseURL}}/hybridconfig/"
|
||||||
|
- "{{BaseURL}}/groupexpansion/"
|
||||||
|
- "{{BaseURL}}/mcx/"
|
||||||
|
- "{{BaseURL}}/mcx/mcxservice.svc"
|
||||||
|
- "{{BaseURL}}/meet/"
|
||||||
|
- "{{BaseURL}}/meeting/"
|
||||||
|
- "{{BaseURL}}/microsoft-server-activesync/"
|
||||||
|
- "{{BaseURL}}/oab/"
|
||||||
|
- "{{BaseURL}}/ocsp/"
|
||||||
|
- "{{BaseURL}}/owa/"
|
||||||
|
- "{{BaseURL}}/persistentchat/"
|
||||||
|
- "{{BaseURL}}/phoneconferencing/"
|
||||||
|
- "{{BaseURL}}/powershell/"
|
||||||
|
- "{{BaseURL}}/public/"
|
||||||
|
- "{{BaseURL}}/reach/sip.svc"
|
||||||
|
- "{{BaseURL}}/requesthandler/"
|
||||||
|
- "{{BaseURL}}/requesthandlerext/"
|
||||||
|
- "{{BaseURL}}/rgs/"
|
||||||
|
- "{{BaseURL}}/rgsclients/"
|
||||||
|
- "{{BaseURL}}/rpc/"
|
||||||
|
- "{{BaseURL}}/rpcwithcert/"
|
||||||
|
- "{{BaseURL}}/scheduler/"
|
||||||
|
- "{{BaseURL}}/ucwa/"
|
||||||
|
- "{{BaseURL}}/unifiedmessaging/"
|
||||||
|
- "{{BaseURL}}/webticket/"
|
||||||
|
- "{{BaseURL}}/webticket/webticketservice.svcabs/"
|
||||||
|
- "{{BaseURL}}/adfs/services/trust/2005/windowstransport"
|
||||||
|
- "{{BaseURL}}/aspnet_client/"
|
||||||
|
- "{{BaseURL}}/autodiscover/"
|
||||||
|
- "{{BaseURL}}/autoupdate/"
|
||||||
|
- "{{BaseURL}}/certenroll/"
|
||||||
|
- "{{BaseURL}}/certprov/"
|
||||||
|
- "{{BaseURL}}/certsrv/"
|
||||||
|
- "{{BaseURL}}/conf/"
|
||||||
|
- "{{BaseURL}}/deviceupdatefiles_ext/"
|
||||||
|
- "{{BaseURL}}/deviceupdatefiles_int/"
|
||||||
|
- "{{BaseURL}}/dialin/"
|
||||||
|
- "{{BaseURL}}/ecp/"
|
||||||
|
- "{{BaseURL}}/etc/"
|
||||||
|
- "{{BaseURL}}/ews/"
|
||||||
|
- "{{BaseURL}}/exchange/"
|
||||||
|
- "{{BaseURL}}/exchweb/"
|
||||||
|
- "{{BaseURL}}/hybridconfig/"
|
||||||
|
- "{{BaseURL}}/groupexpansion/"
|
||||||
|
- "{{BaseURL}}/mcx/"
|
||||||
|
- "{{BaseURL}}/mcx/mcxservice.svc"
|
||||||
|
- "{{BaseURL}}/meet/"
|
||||||
|
- "{{BaseURL}}/meeting/"
|
||||||
|
- "{{BaseURL}}/microsoft-server-activesync/"
|
||||||
|
- "{{BaseURL}}/oab/"
|
||||||
|
- "{{BaseURL}}/ocsp/"
|
||||||
|
- "{{BaseURL}}/owa/"
|
||||||
|
- "{{BaseURL}}/persistentchat/"
|
||||||
|
- "{{BaseURL}}/phoneconferencing/"
|
||||||
|
- "{{BaseURL}}/powershell/"
|
||||||
|
- "{{BaseURL}}/public/"
|
||||||
|
- "{{BaseURL}}/reach/sip.svc"
|
||||||
|
- "{{BaseURL}}/requesthandler/"
|
||||||
|
- "{{BaseURL}}/requesthandlerext/"
|
||||||
|
- "{{BaseURL}}/rgs/"
|
||||||
|
- "{{BaseURL}}/rgsclients/"
|
||||||
|
- "{{BaseURL}}/rpc/"
|
||||||
|
- "{{BaseURL}}/rpcwithcert/"
|
||||||
|
- "{{BaseURL}}/scheduler/"
|
||||||
|
- "{{BaseURL}}/ucwa/"
|
||||||
|
- "{{BaseURL}}/unifiedmessaging/"
|
||||||
|
- "{{BaseURL}}/webticket/"
|
||||||
|
- "{{BaseURL}}/webticket/webticketservice.svc"
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "WWW-Authenticate"
|
||||||
|
condition: and
|
||||||
|
part: header
|
Loading…
Reference in New Issue