TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] 🤖

patch-4
GitHub Action 2024-06-07 10:04:29 +00:00
parent 262b446300
commit f559aeaeb9
2476 changed files with 9883 additions and 4859 deletions

View File

@ -11,8 +11,9 @@ info:
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes. Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes. Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed. Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html - https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate. Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -7,6 +7,8 @@ info:
Checks if AWS CLI is set up and all necessary tools are installed on the environment. Checks if AWS CLI is set up and all necessary tools are installed on the environment.
reference: reference:
- https://aws.amazon.com/cli/ - https://aws.amazon.com/cli/
metadata:
max-request: 2
tags: cloud,devops,aws,amazone,aws-cloud-config tags: cloud,devops,aws,amazone,aws-cloud-config
variables: variables:

View File

@ -11,8 +11,9 @@ info:
Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance. Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring. Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Configure only one multi-region trail to log global service events and disable global service logging for all other trails. Configure only one multi-region trail to log global service events and disable global service logging for all other trails.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring. Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest. Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs. Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI. Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI. Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,9 +11,9 @@ info:
Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events. Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible. Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket. Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets. Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets.
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html - https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"

View File

@ -11,8 +11,9 @@ info:
Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues. Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues.
reference: reference:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms. Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms.
reference: reference:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,9 +11,9 @@ info:
Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API. Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups. Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege. Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls. Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible. Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ami,aws-cloud-config tags: cloud,devops,aws,amazon,ami,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security. Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -7,6 +7,8 @@ info:
Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html - https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config
flow: | flow: |

View File

@ -11,8 +11,9 @@ info:
Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI. Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI. Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control. Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Enable automated backups for RDS instances by setting the backup retention period to a value other than 0. Enable automated backups for RDS instances by setting the backup retention period to a value other than 0.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,9 +11,9 @@ info:
Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI. Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard. Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads. Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads.
reference: reference:
- https://aws.amazon.com/rds/features/storage/ - https://aws.amazon.com/rds/features/storage/
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts. Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Migrate RDS instances to private subnets within the VPC and ensure proper network ACLs and security group settings are in place to restrict access. Migrate RDS instances to private subnets within the VPC and ensure proper network ACLs and security group settings are in place to restrict access.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Review the payment methods on file and retry the reservation purchase for RDS instances to secure discounted rates. Review the payment methods on file and retry the reservation purchase for RDS instances to secure discounted rates.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -11,8 +11,9 @@ info:
Enable encryption for RDS snapshots by using AWS KMS Customer Master Keys (CMKs) for enhanced data security and compliance. Enable encryption for RDS snapshots by using AWS KMS Customer Master Keys (CMKs) for enhanced data security and compliance.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_EncryptSnapshot.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_EncryptSnapshot.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"

View File

@ -7,6 +7,8 @@ info:
This template verifies if the Server Access Logging feature is enabled for Amazon S3 buckets, which is essential for tracking access requests for security and audit purposes. This template verifies if the Server Access Logging feature is enabled for Amazon S3 buckets, which is essential for tracking access requests for security and audit purposes.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets grant FULL_CONTROL access to authenticated users, preventing unauthorized operations Checks if Amazon S3 buckets grant FULL_CONTROL access to authenticated users, preventing unauthorized operations
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
This template verifies if Amazon S3 buckets have bucket keys enabled to optimize the cost of AWS Key Management Service (SSE-KMS) for server-side encryption This template verifies if Amazon S3 buckets have bucket keys enabled to optimize the cost of AWS Key Management Service (SSE-KMS) for server-side encryption
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
This template checks if Amazon S3 buckets are configured to prevent public access via bucket policies This template checks if Amazon S3 buckets are configured to prevent public access via bucket policies
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
This template verifies that Amazon S3 buckets are configured with Multi-Factor Authentication (MFA) Delete feature, ensuring enhanced protection against unauthorized deletion of versioned objects This template verifies that Amazon S3 buckets are configured with Multi-Factor Authentication (MFA) Delete feature, ensuring enhanced protection against unauthorized deletion of versioned objects
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-versioning.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-versioning.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -8,6 +8,8 @@ info:
Verifies that Amazon S3 buckets do not permit public 'READ_ACP' (LIST) access to anonymous users, protecting against unauthorized data exposure Verifies that Amazon S3 buckets do not permit public 'READ_ACP' (LIST) access to anonymous users, protecting against unauthorized data exposure
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -8,6 +8,8 @@ info:
Verifies that Amazon S3 buckets do not permit public 'READ' (LIST) access to anonymous users, protecting against unauthorized data exposure Verifies that Amazon S3 buckets do not permit public 'READ' (LIST) access to anonymous users, protecting against unauthorized data exposure
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets are secured against public WRITE_ACP access, preventing unauthorized modifications to access control permissions. Checks if Amazon S3 buckets are secured against public WRITE_ACP access, preventing unauthorized modifications to access control permissions.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets are secured against public WRITE access, preventing unauthorized modifications to access control permissions. Checks if Amazon S3 buckets are secured against public WRITE access, preventing unauthorized modifications to access control permissions.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
This template verifies if Amazon S3 buckets have server-side encryption enabled for protecting sensitive content at rest, using either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). This template verifies if Amazon S3 buckets have server-side encryption enabled for protecting sensitive content at rest, using either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -7,6 +7,8 @@ info:
Verifies that Amazon S3 buckets have object versioning enabled, providing a safeguard for recovering overwritten or deleted objects Verifies that Amazon S3 buckets have object versioning enabled, providing a safeguard for recovering overwritten or deleted objects
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |

View File

@ -8,6 +8,8 @@ info:
This template checks if Amazon SNS topics are configured to prevent public access via topic policies. This template checks if Amazon SNS topics are configured to prevent public access via topic policies.
reference: reference:
- https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html - https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,sns,aws-cloud-config tags: cloud,devops,aws,amazon,sns,aws-cloud-config
flow: | flow: |

View File

@ -11,8 +11,9 @@ info:
Restrict Network ACL inbound rules to only allow necessary IP ranges and ports as per the Principle of Least Privilege. Restrict Network ACL inbound rules to only allow necessary IP ranges and ports as per the Principle of Least Privilege.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Modify NACL outbound rules to limit traffic to only the ports required for legitimate business needs. Modify NACL outbound rules to limit traffic to only the ports required for legitimate business needs.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Replace NAT instances with Amazon Managed NAT Gateway to ensure high availability and scalability in your VPC network. Replace NAT instances with Amazon Managed NAT Gateway to ensure high availability and scalability in your VPC network.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Restrict access to ports 22 and 3389 to trusted IPs or IP ranges to adhere to the Principle of Least Privilege (POLP). Restrict access to ports 22 and 3389 to trusted IPs or IP ranges to adhere to the Principle of Least Privilege (POLP).
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Update the VPC endpoint's policy to restrict access only to authorized entities and ensure all requests are signed. Update the VPC endpoint's policy to restrict access only to authorized entities and ensure all requests are signed.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Implement VPC endpoints for supported AWS services to secure and optimize connectivity within your VPC, minimizing external access risks. Implement VPC endpoints for supported AWS services to secure and optimize connectivity within your VPC, minimizing external access risks.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Enable VPC Flow Logs in the AWS Management Console under the VPC dashboard to collect data on IP traffic going to and from network interfaces in your VPC. Enable VPC Flow Logs in the AWS Management Console under the VPC dashboard to collect data on IP traffic going to and from network interfaces in your VPC.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html - https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -11,8 +11,9 @@ info:
Monitor VPN tunnel status via the AWS Management Console or CLI. If a tunnel is DOWN, troubleshoot according to AWS documentation and ensure redundancy by configuring multiple tunnels. Monitor VPN tunnel status via the AWS Management Console or CLI. If a tunnel is DOWN, troubleshoot according to AWS documentation and ensure redundancy by configuring multiple tunnels.
reference: reference:
- https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html - https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpn,aws-cloud-config tags: cloud,devops,aws,amazon,vpn,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 1 max-request: 1
tags: cloud,enum,cloud-enum,azure tags: cloud,enum,cloud-enum,azure,dns
self-contained: true self-contained: true

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 1 max-request: 1
tags: cloud,cloud-enum,azure,fuzz,enum tags: cloud,cloud-enum,azure,fuzz,enum,dns
self-contained: true self-contained: true

View File

@ -25,7 +25,7 @@ info:
max-request: 2 max-request: 2
vendor: sudo_project vendor: sudo_project
product: sudo product: sudo
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
self-contained: true self-contained: true
code: code:

View File

@ -24,7 +24,7 @@ info:
verified: true verified: true
vendor: sudo_project vendor: sudo_project
product: sudo product: sudo
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
self-contained: true self-contained: true
code: code:

View File

@ -29,6 +29,7 @@ info:
max-request: 2 max-request: 2
vendor: canonical vendor: canonical
product: ubuntu_linux product: ubuntu_linux
shodan-query: cpe:"cpe:2.3:o:canonical:ubuntu_linux"
tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical
self-contained: true self-contained: true

View File

@ -17,14 +17,18 @@ info:
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2023-49105 cve-id: CVE-2023-49105
cwe-id: CWE-287 cwe-id: CWE-287
epss-score: 0.21237 epss-score: 0.18166
epss-percentile: 0.96302 epss-percentile: 0.96172
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:* cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
metadata: metadata:
max-request: 2 max-request: 2
vendor: owncloud vendor: owncloud
product: owncloud product: owncloud
shodan-query: title:"owncloud" shodan-query:
- title:"owncloud"
- http.title:"owncloud"
fofa-query: title="owncloud"
google-query: intitle:"owncloud"
tags: cve,cve2023,code,owncloud,auth-bypass tags: cve,cve2023,code,owncloud,auth-bypass
variables: variables:
username: admin username: admin

View File

@ -24,7 +24,7 @@ info:
max-request: 1 max-request: 1
vendor: gnu vendor: gnu
product: glibc product: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
self-contained: true self-contained: true
code: code:

View File

@ -24,7 +24,7 @@ info:
max-request: 1 max-request: 1
vendor: gnu vendor: gnu
product: glibc product: glibc
tags: cve,cve2023,code,glibc,linux,privesc,local tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
self-contained: true self-contained: true
code: code:

View File

@ -24,7 +24,7 @@ info:
verified: true verified: true
vendor: tukaani vendor: tukaani
product: xz product: xz
tags: cve,cve2024,local,code,xz,backdoor tags: cve,cve2024,local,code,xz,backdoor,tukaani
self-contained: true self-contained: true
code: code:

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 3 max-request: 3
tags: code,linux,sqlite3,privesc,local tags: code,linux,sqlite3,privesc,local,sqli
self-contained: true self-contained: true
code: code:

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2018-19518 cve-id: CVE-2018-19518
cwe-id: CWE-88 cwe-id: CWE-88
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php tags: imap,dast,vulhub,cve,cve2018,rce,oast,php

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2021-45046 cve-id: CVE-2021-45046
cwe-id: CWE-502 cwe-id: CWE-502
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: cve,cve2021,rce,oast,log4j,injection,dast tags: cve,cve2021,rce,oast,log4j,injection,dast

View File

@ -6,19 +6,20 @@ info:
severity: critical severity: critical
description: | description: |
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
reference: reference:
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om - https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
- http://www.openwall.com/lists/oss-security/2022/10/13/4 - http://www.openwall.com/lists/oss-security/2022/10/13/4
- http://www.openwall.com/lists/oss-security/2022/10/18/1 - http://www.openwall.com/lists/oss-security/2022/10/18/1
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ - https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
- https://github.com/silentsignal/burp-text4shell - https://github.com/silentsignal/burp-text4shell
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2022-42889 cve-id: CVE-2022-42889
cwe-id: CWE-94 cwe-id: CWE-94
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: cve,cve2022,rce,oast,text4shell,dast tags: cve,cve2022,rce,oast,text4shell,dast

View File

@ -10,6 +10,8 @@ info:
reference: reference:
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities - https://portswigger.net/research/hunting-asynchronous-vulnerabilities
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
metadata:
max-request: 4
tags: cmdi,oast,dast,blind,polyglot tags: cmdi,oast,dast,blind,polyglot
variables: variables:

View File

@ -9,6 +9,8 @@ info:
reference: reference:
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits - https://bishopfox.com/blog/ruby-vulnerabilities-exploits
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/ - https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
metadata:
max-request: 1
tags: cmdi,oast,dast,blind,ruby,rce tags: cmdi,oast,dast,blind,ruby,rce
variables: variables:

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/ - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
metadata:
max-request: 1
tags: reflected,dast,cookie,injection tags: reflected,dast,cookie,injection
variables: variables:

View File

@ -4,6 +4,8 @@ info:
name: CRLF Injection name: CRLF Injection
author: pdteam author: pdteam
severity: low severity: low
metadata:
max-request: 41
tags: crlf,dast tags: crlf,dast
http: http:

View File

@ -6,6 +6,8 @@ info:
severity: unknown severity: unknown
reference: reference:
- https://owasp.org/www-community/attacks/Unicode_Encoding - https://owasp.org/www-community/attacks/Unicode_Encoding
metadata:
max-request: 25
tags: dast,pathtraversal,lfi tags: dast,pathtraversal,lfi
variables: variables:

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
metadata:
max-request: 46
tags: lfi,dast,linux tags: lfi,dast,linux
http: http:

View File

@ -4,6 +4,8 @@ info:
name: Local File Inclusion - Windows name: Local File Inclusion - Windows
author: pussycat0x author: pussycat0x
severity: high severity: high
metadata:
max-request: 39
tags: lfi,windows,dast tags: lfi,windows,dast
http: http:

View File

@ -4,6 +4,8 @@ info:
name: Open Redirect Detection name: Open Redirect Detection
author: princechaddha,AmirHossein Raeisi author: princechaddha,AmirHossein Raeisi
severity: medium severity: medium
metadata:
max-request: 1
tags: redirect,dast tags: redirect,dast
http: http:

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
reference: reference:
- https://www.invicti.com/learn/remote-file-inclusion-rfi/ - https://www.invicti.com/learn/remote-file-inclusion-rfi/
metadata:
max-request: 1
tags: rfi,dast,oast tags: rfi,dast,oast
http: http:

View File

@ -8,6 +8,8 @@ info:
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
or to override valuable ones, or even to execute dangerous system level commands on the database host. or to override valuable ones, or even to execute dangerous system level commands on the database host.
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query . This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
metadata:
max-request: 3
tags: sqli,error,dast tags: sqli,error,dast
http: http:

View File

@ -4,6 +4,8 @@ info:
name: Blind SSRF OAST Detection name: Blind SSRF OAST Detection
author: pdteam author: pdteam
severity: medium severity: medium
metadata:
max-request: 3
tags: ssrf,dast,oast tags: ssrf,dast,oast
http: http:

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
reference: reference:
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
metadata:
max-request: 12
tags: ssrf,dast tags: ssrf,dast
http: http:

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java - https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
metadata:
max-request: 14
tags: ssti,dast tags: ssti,dast
variables: variables:

View File

@ -4,6 +4,8 @@ info:
name: Reflected Cross Site Scripting name: Reflected Cross Site Scripting
author: pdteam author: pdteam
severity: medium severity: medium
metadata:
max-request: 1
tags: xss,rxss,dast tags: xss,rxss,dast
variables: variables:

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
reference: reference:
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
metadata:
max-request: 2
tags: dast,xxe tags: dast,xxe
variables: variables:

View File

@ -8,8 +8,9 @@ info:
A BIMI record was detected A BIMI record was detected
reference: reference:
- https://postmarkapp.com/blog/what-the-heck-is-bimi - https://postmarkapp.com/blog/what-the-heck-is-bimi
metadata:
max-request: 1
tags: dns,bimi tags: dns,bimi
dns: dns:
- name: "{{FQDN}}" - name: "{{FQDN}}"
type: TXT type: TXT

View File

@ -5,7 +5,7 @@ info:
author: Sy3Omda,geeknik,forgedhallpass,ayadi author: Sy3Omda,geeknik,forgedhallpass,ayadi
severity: unknown severity: unknown
description: Check for multiple keys/tokens/passwords hidden inside of files. description: Check for multiple keys/tokens/passwords hidden inside of files.
tags: exposure,token,file,disclosure tags: exposure,token,file,disclosure,keys
# Extract secrets regex like api keys, password, token, etc ... for different services. # Extract secrets regex like api keys, password, token, etc ... for different services.
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.

View File

@ -27,7 +27,10 @@ info:
max-request: 1 max-request: 1
vendor: smartbear vendor: smartbear
product: swagger_ui product: swagger_ui
shodan-query: http.component:"Swagger" shodan-query:
- http.component:"Swagger"
- http.component:"swagger"
- http.favicon.hash:"-1180440057"
fofa-query: icon_hash="-1180440057" fofa-query: icon_hash="-1180440057"
tags: headless,cve,cve2018,swagger,xss,smartbear tags: headless,cve,cve2018,swagger,xss,smartbear
headless: headless:

View File

@ -13,8 +13,9 @@ info:
reference: reference:
- https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps - https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage
tags: javascript,webpack,sourcemaps metadata:
max-request: 9
tags: javascript,webpack,sourcemaps,headless
headless: headless:
- steps: - steps:
- args: - args:

View File

@ -2,16 +2,15 @@ id: CNVD-2017-06001
info: info:
name: Dahua DSS - SQL Injection name: Dahua DSS - SQL Injection
severity: high
author: napgh0st,ritikchaddha author: napgh0st,ritikchaddha
severity: high
reference: reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2017-06001 - https://www.cnvd.org.cn/flaw/show/CNVD-2017-06001
metadata: metadata:
max-request: 1
verified: true verified: true
fofa-query: app="dahua-DSS" max-request: 2
fofa-query: "app=\"dahua-DSS\""
tags: cnvd,cnvd2017,sqli,dahua tags: cnvd,cnvd2017,sqli,dahua
variables: variables:
num: "999999999" num: "999999999"

View File

@ -15,9 +15,8 @@ info:
cvss-score: 10 cvss-score: 10
cwe-id: CWE-77 cwe-id: CWE-77
metadata: metadata:
max-request: 1 max-request: 2
tags: cnvd,cnvd2019,rce,catfishcms tags: cnvd,cnvd2019,rce,catfishcms
flow: http(1) && http(2) flow: http(1) && http(2)
http: http:

View File

@ -29,7 +29,10 @@ info:
max-request: 1 max-request: 1
vendor: cisco vendor: cisco
product: ios product: ios
shodan-query: product:"Cisco IOS http config" && 200 shodan-query:
- product:"Cisco IOS http config" && 200
- product:"cisco ios http config"
- cpe:"cpe:2.3:o:cisco:ios"
tags: cve,cve2001,cisco,ios,auth-bypass tags: cve,cve2001,cisco,ios,auth-bypass
http: http:

View File

@ -20,14 +20,16 @@ info:
cvss-score: 7.5 cvss-score: 7.5
cve-id: CVE-2002-1131 cve-id: CVE-2002-1131
cwe-id: CWE-80 cwe-id: CWE-80
epss-score: 0.06018 epss-score: 0.04774
epss-percentile: 0.92781 epss-percentile: 0.92677
cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
metadata: metadata:
max-request: 5 max-request: 5
vendor: squirrelmail vendor: squirrelmail
product: squirrelmail product: squirrelmail
shodan-query: http.title:"squirrelmail" shodan-query:
- http.title:"squirrelmail"
- cpe:"cpe:2.3:a:squirrelmail:squirrelmail"
fofa-query: title="squirrelmail" fofa-query: title="squirrelmail"
google-query: intitle:"squirrelmail" google-query: intitle:"squirrelmail"
tags: cve,cve2002,edb,xss,squirrelmail tags: cve,cve2002,edb,xss,squirrelmail

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2005-2428 cve-id: CVE-2005-2428
cwe-id: CWE-200 cwe-id: CWE-200
epss-score: 0.01188 epss-score: 0.01188
epss-percentile: 0.83623 epss-percentile: 0.85053
cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:* cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -29,7 +29,9 @@ info:
max-request: 1 max-request: 1
vendor: sap vendor: sap
product: sap_web_application_server product: sap_web_application_server
shodan-query: html:"SAP Business Server Pages Team" shodan-query:
- html:"SAP Business Server Pages Team"
- http.html:"sap business server pages team"
fofa-query: body="sap business server pages team" fofa-query: body="sap business server pages team"
tags: cve,cve2005,sap,redirect,business,xss tags: cve,cve2005,sap,redirect,business,xss

View File

@ -27,7 +27,9 @@ info:
max-request: 1 max-request: 1
vendor: squirrelmail vendor: squirrelmail
product: squirrelmail product: squirrelmail
shodan-query: http.title:"squirrelmail" shodan-query:
- http.title:"squirrelmail"
- cpe:"cpe:2.3:a:squirrelmail:squirrelmail"
fofa-query: title="squirrelmail" fofa-query: title="squirrelmail"
google-query: intitle:"squirrelmail" google-query: intitle:"squirrelmail"
tags: cve,cve2006,lfi,squirrelmail,edb tags: cve,cve2006,lfi,squirrelmail,edb

View File

@ -29,10 +29,15 @@ info:
max-request: 1 max-request: 1
vendor: alcatel-lucent vendor: alcatel-lucent
product: omnipcx product: omnipcx
shodan-query: title:"OmniPCX for Enterprise" shodan-query:
fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise" - title:"OmniPCX for Enterprise"
- http.title:"omnipcx for enterprise"
fofa-query:
- app="Alcatel_Lucent-OmniPCX-Enterprise"
- app="alcatel_lucent-omnipcx-enterprise"
- title="omnipcx for enterprise"
google-query: intitle:"omnipcx for enterprise" google-query: intitle:"omnipcx for enterprise"
tags: cve,cve2007,kev,rce,alcatel tags: cve,cve2007,kev,rce,alcatel,alcatel-lucent
http: http:
- method: GET - method: GET

Some files were not shown because too many files have changed in this diff Show More