From a551dcfbd8a577f185b0e46b047a00c3529c0115 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:17:07 +0100 Subject: [PATCH 01/18] package-json: add yarn and remove package-lock.json - add yarn that use and generates package.json too - remove package-lock.json since it's specific to npm --- exposures/configs/package-json.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/exposures/configs/package-json.yaml b/exposures/configs/package-json.yaml index c397c41544..88d6bcf625 100644 --- a/exposures/configs/package-json.yaml +++ b/exposures/configs/package-json.yaml @@ -2,16 +2,18 @@ id: package-json info: name: npm package.json disclosure - author: geeknik,afaq + author: geeknik,afaq,noraj severity: info - description: All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project. + description: All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm or yarn. + reference: + - https://docs.npmjs.com/cli/v9/configuring-npm/package-json + - https://classic.yarnpkg.com/lang/en/docs/package-json/ tags: config,exposure requests: - method: GET path: - "{{BaseURL}}/package.json" - - "{{BaseURL}}/package-lock.json" matchers-condition: and matchers: @@ -28,4 +30,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From 7ee9060007969c41c953d5fe414b1560a7f9d13d Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:19:54 +0100 Subject: [PATCH 02/18] yarn-lock: add ref --- exposures/files/yarn-lock.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/exposures/files/yarn-lock.yaml b/exposures/files/yarn-lock.yaml index 863daf19ec..0cdab5e5a0 100644 --- a/exposures/files/yarn-lock.yaml +++ b/exposures/files/yarn-lock.yaml @@ -2,9 +2,11 @@ id: yarn-lock info: name: yarn lock file disclosure - author: oppsec + author: oppsec,noraj severity: info - description: The yarn.lock file stores the versions of each Yarn dependency installed. + description: The yarn.lock file stores the versions of each Yarn dependency installed. It's a lock file for package.json. + reference: + - https://classic.yarnpkg.com/lang/en/docs/yarn-lock/ tags: exposure,files requests: From 89bdd0d158a656f75626abdfe11872878ed42081 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:23:51 +0100 Subject: [PATCH 03/18] npm-shrinkwrap-exposure: add ref and desc --- exposures/files/npm-shrinkwrap-exposure.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/exposures/files/npm-shrinkwrap-exposure.yaml b/exposures/files/npm-shrinkwrap-exposure.yaml index 8bd6061cc0..02a38bec76 100644 --- a/exposures/files/npm-shrinkwrap-exposure.yaml +++ b/exposures/files/npm-shrinkwrap-exposure.yaml @@ -2,11 +2,14 @@ id: npm-shrinkwrap-exposure info: name: Node Shrinkwrap Exposure - author: DhiyaneshDk + author: DhiyaneshDk,noraj severity: info metadata: verified: true shodan-query: html:"npm-shrinkwrap.json" + description: A file created by npm shrinkwrap. It is identical to package-lock.json. + reference: + - https://docs.npmjs.com/cli/v9/configuring-npm/npm-shrinkwrap-json tags: config,exposure,npm,files requests: From 87bfdfb3d84edb5470f8b356a7ab1270b261ceb4 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:32:36 +0100 Subject: [PATCH 04/18] npm-package-lock: creation move out from package.json template since package.json is both for npm and yarn while package-lock.json is npm specific lock file and yarn.lock for yarn --- exposures/files/npm-package-lock-json.yaml | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 exposures/files/npm-package-lock-json.yaml diff --git a/exposures/files/npm-package-lock-json.yaml b/exposures/files/npm-package-lock-json.yaml new file mode 100644 index 0000000000..9a738f4c6c --- /dev/null +++ b/exposures/files/npm-package-lock-json.yaml @@ -0,0 +1,32 @@ +id: npm-package-lock + +info: + name: npm package-lock.json disclosure + author: noraj + severity: info + description: File automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It's a lock file for package.json. + reference: + - https://docs.npmjs.com/cli/v9/configuring-npm/package-json + tags: exposure,files + +requests: + - method: GET + path: + - "{{BaseURL}}/package-lock.json" + + matchers-condition: and + matchers: + - type: word + words: + - "name" + - "version" + condition: and + + - type: word + words: + - "application/json" + part: header + + - type: status + status: + - 200 From 7188aa43b240f21e639f24c3abad9d771c5b524a Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:35:48 +0100 Subject: [PATCH 05/18] bower-json: add reference --- exposures/files/bower-json.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/exposures/files/bower-json.yaml b/exposures/files/bower-json.yaml index 322a0be909..6aaed4a6d7 100644 --- a/exposures/files/bower-json.yaml +++ b/exposures/files/bower-json.yaml @@ -2,9 +2,11 @@ id: bower-json info: name: bower.json file disclosure - author: oppsec + author: oppsec,noraj severity: info description: Bower is a package manager which stores package information in the bower.json file + reference: + - https://github.com/bower/spec/blob/master/json.md tags: exposure,files requests: From c6b355aecd917849c7e20322becb1bd6658e48e7 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:41:11 +0100 Subject: [PATCH 06/18] package-json: add pnpm --- exposures/configs/package-json.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/exposures/configs/package-json.yaml b/exposures/configs/package-json.yaml index 88d6bcf625..bb82784c2b 100644 --- a/exposures/configs/package-json.yaml +++ b/exposures/configs/package-json.yaml @@ -4,10 +4,11 @@ info: name: npm package.json disclosure author: geeknik,afaq,noraj severity: info - description: All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm or yarn. + description: All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm, yarn, pnpm. reference: - https://docs.npmjs.com/cli/v9/configuring-npm/package-json - https://classic.yarnpkg.com/lang/en/docs/package-json/ + - https://pnpm.io/package_json tags: config,exposure requests: From 09b8edd2d662537f3cab15f5a66407ecf0cd9deb Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:45:58 +0100 Subject: [PATCH 07/18] update id for package-lock.json to keep it uniforms with other templates --- exposures/files/npm-package-lock-json.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/files/npm-package-lock-json.yaml b/exposures/files/npm-package-lock-json.yaml index 9a738f4c6c..dd3d5350e5 100644 --- a/exposures/files/npm-package-lock-json.yaml +++ b/exposures/files/npm-package-lock-json.yaml @@ -1,4 +1,4 @@ -id: npm-package-lock +id: npm-package-lock-json info: name: npm package-lock.json disclosure From db4de6e261ead1c50e7ef5f48b68877a1f740a59 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:50:49 +0100 Subject: [PATCH 08/18] pnpm-pnpm-lock-yaml: creation --- exposures/files/pnpm-pnpm-lock-yaml.yaml | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 exposures/files/pnpm-pnpm-lock-yaml.yaml diff --git a/exposures/files/pnpm-pnpm-lock-yaml.yaml b/exposures/files/pnpm-pnpm-lock-yaml.yaml new file mode 100644 index 0000000000..90d6fdf265 --- /dev/null +++ b/exposures/files/pnpm-pnpm-lock-yaml.yaml @@ -0,0 +1,33 @@ +id: pnpm-pnpm-lock-yaml + +info: + name: pnpm pnpm-lock.yaml disclosure + author: noraj + severity: info + description: File automatically generated for any operations where pnpm modifies either the node_modules tree, or package.json. It's a lock file for package.json. + reference: + - https://pnpm.io/cli/install#tldr + tags: exposure,files + +requests: + - method: GET + path: + - "{{BaseURL}}/pnpm-lock.yaml" + + matchers-condition: and + matchers: + - type: word + words: + - "lockfileVersion" + - "specifiers" + - "dependencies" + condition: and + + - type: word + words: + - "application/yaml" + part: header + + - type: status + status: + - 200 From 6e28f4c88bb0818a81dbbca45f68150aa7db80c1 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:51:57 +0100 Subject: [PATCH 09/18] uniform naming --- exposures/files/npm-package-lock-json.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/files/npm-package-lock-json.yaml b/exposures/files/npm-package-lock-json.yaml index dd3d5350e5..13c59afae5 100644 --- a/exposures/files/npm-package-lock-json.yaml +++ b/exposures/files/npm-package-lock-json.yaml @@ -1,4 +1,4 @@ -id: npm-package-lock-json +id: package-lock-json info: name: npm package-lock.json disclosure From bfc5c40e738c8c8ef12ca8c9b60eea778e9d3ca4 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 18:52:18 +0100 Subject: [PATCH 10/18] uniform naming --- exposures/files/pnpm-pnpm-lock-yaml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposures/files/pnpm-pnpm-lock-yaml.yaml b/exposures/files/pnpm-pnpm-lock-yaml.yaml index 90d6fdf265..e82b8c0c28 100644 --- a/exposures/files/pnpm-pnpm-lock-yaml.yaml +++ b/exposures/files/pnpm-pnpm-lock-yaml.yaml @@ -1,4 +1,4 @@ -id: pnpm-pnpm-lock-yaml +id: pnpm-lock-yaml info: name: pnpm pnpm-lock.yaml disclosure From 29201973cdbde435cb4658c69cf11190d1c2c0fa Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Fri, 6 Jan 2023 19:18:32 +0100 Subject: [PATCH 11/18] add to contributors --- contributors.json | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/contributors.json b/contributors.json index abd26306fc..c1c47ca9df 100644 --- a/contributors.json +++ b/contributors.json @@ -1378,6 +1378,15 @@ "website": "https://the-empire.systems", "email": "" } - } - + }, + { + "author": "noraj", + "links": { + "github": "https://github.com/noraj", + "twitter": "https://twitter.com/noraj_rawsec", + "linkedin": "", + "website": "https://pwn.by/noraj", + "email": "" + } + }, ] From a9fc298b6211479b26af63be422fe0bca5e729a3 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:22:19 +0530 Subject: [PATCH 12/18] Update and rename exposures/configs/package-json.yaml to http/exposures/configs/package-json.yaml --- .../exposures}/configs/package-json.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) rename {exposures => http/exposures}/configs/package-json.yaml (61%) diff --git a/exposures/configs/package-json.yaml b/http/exposures/configs/package-json.yaml similarity index 61% rename from exposures/configs/package-json.yaml rename to http/exposures/configs/package-json.yaml index bb82784c2b..d2c019d432 100644 --- a/exposures/configs/package-json.yaml +++ b/http/exposures/configs/package-json.yaml @@ -1,20 +1,25 @@ id: package-json info: - name: npm package.json disclosure + name: NPM package.json Disclosure author: geeknik,afaq,noraj severity: info - description: All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm, yarn, pnpm. + description: | + All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm, yarn, pnpm. reference: - https://docs.npmjs.com/cli/v9/configuring-npm/package-json - https://classic.yarnpkg.com/lang/en/docs/package-json/ - https://pnpm.io/package_json - tags: config,exposure + metadata: + max-request: 2 + verified: true + tags: config,exposure,node,npm requests: - method: GET path: - "{{BaseURL}}/package.json" + - "{{BaseURL}}/package-lock.json" matchers-condition: and matchers: @@ -25,9 +30,9 @@ requests: condition: and - type: word + part: header words: - "application/json" - part: header - type: status status: From 2a7eff561e6b7668efe595ef656cf9d41c1348c6 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:23:24 +0530 Subject: [PATCH 13/18] Delete npm-package-lock-json.yaml --- exposures/files/npm-package-lock-json.yaml | 32 ---------------------- 1 file changed, 32 deletions(-) delete mode 100644 exposures/files/npm-package-lock-json.yaml diff --git a/exposures/files/npm-package-lock-json.yaml b/exposures/files/npm-package-lock-json.yaml deleted file mode 100644 index 13c59afae5..0000000000 --- a/exposures/files/npm-package-lock-json.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: package-lock-json - -info: - name: npm package-lock.json disclosure - author: noraj - severity: info - description: File automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It's a lock file for package.json. - reference: - - https://docs.npmjs.com/cli/v9/configuring-npm/package-json - tags: exposure,files - -requests: - - method: GET - path: - - "{{BaseURL}}/package-lock.json" - - matchers-condition: and - matchers: - - type: word - words: - - "name" - - "version" - condition: and - - - type: word - words: - - "application/json" - part: header - - - type: status - status: - - 200 From e2614b277c8a6697f1df8eb697e6e7dc650def6e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:24:55 +0530 Subject: [PATCH 14/18] Update and rename exposures/files/npm-shrinkwrap-exposure.yaml to http/exposures/files/npm-shrinkwrap-exposure.yaml --- .../exposures}/files/npm-shrinkwrap-exposure.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) rename {exposures => http/exposures}/files/npm-shrinkwrap-exposure.yaml (80%) diff --git a/exposures/files/npm-shrinkwrap-exposure.yaml b/http/exposures/files/npm-shrinkwrap-exposure.yaml similarity index 80% rename from exposures/files/npm-shrinkwrap-exposure.yaml rename to http/exposures/files/npm-shrinkwrap-exposure.yaml index 02a38bec76..c80289cb89 100644 --- a/exposures/files/npm-shrinkwrap-exposure.yaml +++ b/http/exposures/files/npm-shrinkwrap-exposure.yaml @@ -4,13 +4,15 @@ info: name: Node Shrinkwrap Exposure author: DhiyaneshDk,noraj severity: info - metadata: - verified: true - shodan-query: html:"npm-shrinkwrap.json" - description: A file created by npm shrinkwrap. It is identical to package-lock.json. + description: | + A file created by npm shrinkwrap. It is identical to package-lock.json. reference: - https://docs.npmjs.com/cli/v9/configuring-npm/npm-shrinkwrap-json - tags: config,exposure,npm,files + metadata: + verified: true + max-request: 1 + shodan-query: html:"npm-shrinkwrap.json" + tags: config,exposure,npm,files,node requests: - method: GET From 40ac62508535fa6ab0de8cec282012c7e234e448 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:26:37 +0530 Subject: [PATCH 15/18] Update and rename exposures/files/bower-json.yaml to http/exposures/files/bower-json.yaml --- {exposures => http/exposures}/files/bower-json.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) rename {exposures => http/exposures}/files/bower-json.yaml (73%) diff --git a/exposures/files/bower-json.yaml b/http/exposures/files/bower-json.yaml similarity index 73% rename from exposures/files/bower-json.yaml rename to http/exposures/files/bower-json.yaml index 6aaed4a6d7..41f2a1c95b 100644 --- a/exposures/files/bower-json.yaml +++ b/http/exposures/files/bower-json.yaml @@ -1,13 +1,14 @@ id: bower-json info: - name: bower.json file disclosure + name: bower.json File Disclosure author: oppsec,noraj severity: info - description: Bower is a package manager which stores package information in the bower.json file + description: | + Bower is a package manager which stores package information in the bower.json file reference: - https://github.com/bower/spec/blob/master/json.md - tags: exposure,files + tags: exposure,files,bower requests: - method: GET @@ -17,6 +18,7 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "name" - "description" @@ -24,9 +26,9 @@ requests: condition: and - type: word + part: header words: - "application/json" - part: header - type: status status: From e37285242e591980239410b6b8c58cd5e6e2d08b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:28:08 +0530 Subject: [PATCH 16/18] Update and rename exposures/files/yarn-lock.yaml to http/exposures/files/yarn-lock.yaml --- {exposures => http/exposures}/files/yarn-lock.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) rename {exposures => http/exposures}/files/yarn-lock.yaml (72%) diff --git a/exposures/files/yarn-lock.yaml b/http/exposures/files/yarn-lock.yaml similarity index 72% rename from exposures/files/yarn-lock.yaml rename to http/exposures/files/yarn-lock.yaml index 0cdab5e5a0..06671b0076 100644 --- a/exposures/files/yarn-lock.yaml +++ b/http/exposures/files/yarn-lock.yaml @@ -1,13 +1,14 @@ id: yarn-lock info: - name: yarn lock file disclosure + name: Yarn Lock File Disclosure author: oppsec,noraj severity: info - description: The yarn.lock file stores the versions of each Yarn dependency installed. It's a lock file for package.json. + description: | + The yarn.lock file stores the versions of each Yarn dependency installed. It's a lock file for package.json. reference: - https://classic.yarnpkg.com/lang/en/docs/yarn-lock/ - tags: exposure,files + tags: exposure,files,yarn requests: - method: GET @@ -17,15 +18,16 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - "# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY." - "# yarn lockfile v1" condition: and - type: word + part: header words: - "text/html" - part: header - type: status status: From 773d7099803be48ef7c7154afe4240332fe7c61a Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:35:20 +0530 Subject: [PATCH 17/18] Update and rename pnpm-pnpm-lock-yaml.yaml to pnpm-lock.yaml --- exposures/files/pnpm-lock.yaml | 34 ++++++++++++++++++++++++ exposures/files/pnpm-pnpm-lock-yaml.yaml | 33 ----------------------- 2 files changed, 34 insertions(+), 33 deletions(-) create mode 100644 exposures/files/pnpm-lock.yaml delete mode 100644 exposures/files/pnpm-pnpm-lock-yaml.yaml diff --git a/exposures/files/pnpm-lock.yaml b/exposures/files/pnpm-lock.yaml new file mode 100644 index 0000000000..67486109cd --- /dev/null +++ b/exposures/files/pnpm-lock.yaml @@ -0,0 +1,34 @@ +id: pnpm-lock + +info: + name: PNPM Lock Yaml File Disclosure + author: noraj + severity: info + description: | + The pnpm-lock.yaml file is similar to the package-lock.json file used by npm or the yarn.lock file used by Yarn. It serves as a lock file that ensures consistent and reproducible installations of dependencies across different environments. + reference: + - https://pnpm.io/cli/install#tldr + metadata: + max-request: 1 + verified: true + shodan-query: html:"pnpm-lock.yaml" + tags: exposure,files,node,npm,pnpm + +http: + - method: GET + path: + - "{{BaseURL}}/pnpm-lock.yaml" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "lockfileVersion:" + - "specifiers:" + - "packages:" + condition: and + + - type: status + status: + - 200 diff --git a/exposures/files/pnpm-pnpm-lock-yaml.yaml b/exposures/files/pnpm-pnpm-lock-yaml.yaml deleted file mode 100644 index e82b8c0c28..0000000000 --- a/exposures/files/pnpm-pnpm-lock-yaml.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: pnpm-lock-yaml - -info: - name: pnpm pnpm-lock.yaml disclosure - author: noraj - severity: info - description: File automatically generated for any operations where pnpm modifies either the node_modules tree, or package.json. It's a lock file for package.json. - reference: - - https://pnpm.io/cli/install#tldr - tags: exposure,files - -requests: - - method: GET - path: - - "{{BaseURL}}/pnpm-lock.yaml" - - matchers-condition: and - matchers: - - type: word - words: - - "lockfileVersion" - - "specifiers" - - "dependencies" - condition: and - - - type: word - words: - - "application/yaml" - part: header - - - type: status - status: - - 200 From a56d970da7622d792372cf549c1812db7c88b760 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 09:36:22 +0530 Subject: [PATCH 18/18] Update and rename exposures/files/pnpm-lock.yaml to http/exposures/files/pnpm-lock.yaml --- {exposures => http/exposures}/files/pnpm-lock.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {exposures => http/exposures}/files/pnpm-lock.yaml (100%) diff --git a/exposures/files/pnpm-lock.yaml b/http/exposures/files/pnpm-lock.yaml similarity index 100% rename from exposures/files/pnpm-lock.yaml rename to http/exposures/files/pnpm-lock.yaml