Commit Graph

603 Commits (2bd965472c0ad8000fb3bd77d141a6ef1c988c71)

Author SHA1 Message Date
Prince Chaddha cf0edc490a
Rename crossdomin-xml.yaml to crossdomain-xml.yaml 2021-09-20 23:28:06 +05:30
Geeknik Labs 8eea40d15c
Update php-warning.yaml
Additional status matcher
2021-09-17 13:07:59 -05:00
Geeknik Labs 2cce7831a6
Update php-warning.yaml
Fixes #2705
2021-09-17 13:04:07 -05:00
Prince Chaddha ab4e6a4dd6
Merge pull request #2696 from DhiyaneshGeek/master
New Templates Added
2021-09-17 16:29:58 +05:30
Prince Chaddha 5858e3a01c
Update and rename exposures/logs/database-error.yaml to misconfiguration/database-error.yaml 2021-09-17 13:33:54 +05:30
Prince Chaddha 156daddde0
Update phpinfo.yaml 2021-09-17 13:20:06 +05:30
Prince Chaddha 0b7c12951c
Update php-warning.yaml 2021-09-17 13:13:40 +05:30
Prince Chaddha 52162716e5
Update and rename exposures/logs/zabbix-error.yaml to misconfiguration/zabbix-error.yaml 2021-09-17 13:00:35 +05:30
Prince Chaddha a3ce6426f6
Update database-error.yaml 2021-09-17 12:46:35 +05:30
Dhiyaneshwaran 24b40f5f5d
Update phpinfo.yaml 2021-09-17 08:19:28 +05:30
Dhiyaneshwaran 8554474fd2
Create database-error.yaml 2021-09-17 08:14:18 +05:30
Dhiyaneshwaran 4959b99a7d
Create zabbix-error.yaml 2021-09-17 08:11:38 +05:30
Dhiyaneshwaran 320c973288
Create php-warning.yaml 2021-09-17 08:07:18 +05:30
Sandeep Singh f47c4da9e8
Merge pull request #2694 from geeknik/geeknik-patch-1
MIscellaneous updates
2021-09-17 02:22:26 +05:30
sandeep f0cac598cb misc update 2021-09-17 02:18:04 +05:30
Geeknik Labs 56590675cf
Update squid-analysis-report-generator.yaml 2021-09-16 15:16:26 -05:00
Geeknik Labs 95664dfc18
Update credentials-disclosure.yaml 2021-09-16 15:13:12 -05:00
Geeknik Labs 42e644b7fd
Update bower-json.yaml 2021-09-16 15:11:24 -05:00
Dhiyaneshwaran cb80cbb537
Create dsm-terminator-error.yaml 2021-09-14 22:46:01 +05:30
Dhiyaneshwaran c225428932
Create struts-problem-report.yaml 2021-09-14 22:30:18 +05:30
Dhiyaneshwaran be24688a48
Create error-processing.yaml 2021-09-14 21:49:36 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Sandeep Singh cdd022c29d
Merge pull request #2550 from projectdiscovery/adding-sfm
Added stop-at-first-match in applicable templates
2021-09-02 23:09:21 +05:30
sandeep 8b37808730 misc update 2021-09-02 22:57:55 +05:30
Geeknik Labs 5414f9a618
Update general-tokens.yaml 2021-09-02 10:36:46 -05:00
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
Sandeep Singh 0d1d2b3b1b
Merge pull request #2512 from DhiyaneshGeek/master
Webpack Sourcemap Disclosure
2021-09-02 00:34:56 +05:30
sandeep aeac5bbec3 misc update 2021-08-31 01:03:44 +05:30
Sandeep Singh 7608386bb3
Update dbeaver-credentials.yaml 2021-08-30 15:24:34 +05:30
Philippe Delteil 7a9093c8a7
Update dbeaver-credentials.yaml
Change solve the false positives due to  {} (empty response)

Example

nuclei -t nuclei-templates/exposures/configs/dbeaver-credentials.yaml -u https://lbs.map.qq.com
2021-08-30 02:55:35 -04:00
sandeep 8c1de71ec9 wip - update 2021-08-29 18:50:29 +05:30
Dhiyaneshwaran 6bade73727
Create webpack-sourcemap-disclosure.yaml 2021-08-29 17:13:44 +05:30
forgedhallpass a4250b8f2f Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-26 15:04:14 +03:00
sandeep 39ce8ee5b2 misc updates 2021-08-26 15:03:35 +05:30
Douglas Santos 1685ce08b0 Apache Axis 1 and 2 templates 2021-08-26 02:11:02 +00:00
sandeep ee49f89109 misc update 2021-08-26 03:51:35 +05:30
sandeep 0d3d9a37d9 misc update 2021-08-26 03:47:32 +05:30
Sandeep Singh ce1daa8c80
Update glpi-status-ldap-domain-disclosure.yaml 2021-08-26 03:42:53 +05:30
Douglas Santos 22d0b35775 GLPI detection, status and telemetry exposure 2021-08-25 21:55:22 +00:00
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
sandeep ae0aabd905 misc update 2021-08-24 02:50:14 +05:30
forgedhallpass a124e393b4 Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 19:15:14 +03:00
Prince Chaddha 647d27925a
Merge pull request #2426 from projectdiscovery/generic
Templates by geeknik
2021-08-23 19:55:32 +05:30
Prince Chaddha b5ec33e4c0
Update dockercfg-config.yaml 2021-08-23 19:52:39 +05:30
Sandeep Singh 1def46a72e
Update firebase-config-exposure.yaml 2021-08-23 15:11:10 +05:30
Sandeep Singh 93894d5b8c
Update dbeaver-credentials.yaml 2021-08-23 15:09:33 +05:30
Sandeep Singh 43fe743729
Update and rename dockercfg.yaml to dockercfg-config.yaml 2021-08-23 15:07:02 +05:30
sandeep e160acb481 misc updates 2021-08-20 16:37:22 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 002e8db616 Moved the "vendor" custom attribute under reference
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:00:46 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass e68d15ab63 Fixed mistakes/typos in the templates.
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
Prince Chaddha f65a78bb5c
Create firebase-config-exposure.yaml 2021-08-19 16:56:13 +05:30
Prince Chaddha acbacf339d
Update dockercfg.yaml 2021-08-19 16:48:50 +05:30
Prince Chaddha 2e4c8e22f2
Create dockercfg.yaml 2021-08-19 16:47:22 +05:30
Prince Chaddha d7e7c39982
Update dbeaver-credentials.yaml 2021-08-19 16:34:32 +05:30
Prince Chaddha c980eea40b
Create dbeaver-credentials.yaml 2021-08-19 16:32:09 +05:30
Prince Chaddha 760af33ce9
Update db-schema.yaml 2021-08-19 15:03:10 +05:30
Prince Chaddha 4c27b5d5ee
Create db-schema.yaml 2021-08-19 15:00:00 +05:30
Prince Chaddha 20e66005b7
Update and rename couchbase-buckets-rest-api.yaml to couchbase-buckets-api.yaml 2021-08-19 14:57:01 +05:30
Prince Chaddha d10c81b2ba
Create couchbase-buckets-rest-api.yaml 2021-08-19 14:56:35 +05:30
Prince Chaddha 4d9bd2d13b
Update zend-config-file.yaml 2021-08-19 14:27:45 +05:30
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Sandeep Singh 5b17aea895
Merge pull request #2388 from geeknik/patch-17
Update general-tokens.yaml
2021-08-17 22:34:03 +05:30
Geeknik Labs 5c994cfad6
Update general-tokens.yaml
I believe this might work.
2021-08-17 11:52:31 -05:00
sandeep 9850ced093 strict matchers 2021-08-17 22:11:28 +05:30
Prince Chaddha 5e55dc1e24
Create django-debug-exposure.yaml 2021-08-17 17:37:57 +05:30
sandeep 51b15ff0d4 severity update 2021-08-14 17:28:23 +05:30
sandeep ffcfaa5cb1 minor update 2021-08-14 16:51:20 +05:30
Prince Chaddha 739622c7ab
Merge pull request #2394 from gabrielb3lmont/exposures_templates
Added crossdomain-xml Template
2021-08-14 15:46:53 +05:30
Prince Chaddha 77f59df9c8
Update crossdomin-xml.yaml 2021-08-14 15:45:34 +05:30
Prince Chaddha d13bc82a2e
Update crossdomin-xml.yaml 2021-08-14 14:42:16 +05:30
Prince Chaddha 3183242eb3
Merge pull request #2366 from pikpikcu/patch-250
Create iceflow-vpn-disclosure
2021-08-14 14:37:09 +05:30
Prince Chaddha 9c51bc0abb
Update iceflow-vpn-disclosure.yaml 2021-08-14 14:35:41 +05:30
Prince Chaddha 6b65897dd9
Update iceflow-vpn-disclosure.yaml 2021-08-14 14:30:29 +05:30
LogicalHunter e6d9a1ec90 Fixed crossdomain-xml template 2021-08-13 11:25:10 -07:00
LogicalHunter 126e27e3b2 Added crossdomain-xml Template 2021-08-13 10:49:41 -07:00
Geeknik Labs c9daa11bd8
Update general-tokens.yaml 2021-08-12 09:54:57 -05:00
Geeknik Labs 166049bf0b
Update general-tokens.yaml
more FP work
2021-08-12 09:53:33 -05:00
Sandeep Singh 68dad33565
Merge pull request #2365 from daffainfo/patch-144
Update laravel-env.yaml
2021-08-12 18:48:11 +05:30
Geeknik Labs 39e0fd7c54
Update general-tokens.yaml
Nuking more false positives
2021-08-12 07:55:11 -05:00
PikPikcU ca3af4527d
Update iceflow-vpn-disclosure.yaml 2021-08-10 14:31:05 +07:00
PikPikcU 2956610eab
Create iceflow-vpn-disclosure.yaml 2021-08-10 10:02:17 +07:00
Muhammad Daffa 999a8febb9
Update laravel-env.yaml 2021-08-10 09:54:37 +07:00
Sandeep Singh a6e3a6a458
Merge branch 'master' into master 2021-08-09 16:09:41 +05:30
adriyansyah-mf 8ab6fc07bc
Update laravel-env.yaml
added new path
2021-08-09 13:43:29 +07:00
sandeep b86e8eabf9 Update codeigniter-env.yaml 2021-08-08 01:22:58 +05:30
sandeep a5500cca02 Additional optional matcher 2021-08-08 01:19:15 +05:30
sandeep 5767a0d5a2 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/1241 2021-08-08 01:13:41 +05:30
sandeep b111aeadc3 Update laravel-env.yaml 2021-08-08 01:11:14 +05:30
PikPikcU 31a77d4e02
Update symfony-profiler.yaml 2021-08-07 09:19:05 +07:00
PikPikcU f01678b9c6
Update symfony-database-config.yaml 2021-08-07 09:18:02 +07:00
sandeep 685183858e minor update 2021-08-06 23:35:35 +05:30
sandeep 30c5d2c3b8 Update ruijie-eg-password-leak.yaml 2021-08-06 23:07:27 +05:30
sandeep 6a3a7ae691 password extractor 2021-08-06 23:04:32 +05:30
sandeep fc1af10daa Added ruijie-eg-password-leak 2021-08-06 22:42:41 +05:30
PikPikcU 5952685f5c
Create ruijie-nbr1300g-cli-password-leak.yaml 2021-08-06 17:46:57 +07:00
sandeep 24efdfd678 Update qdpm-info-leak.yaml 2021-08-05 16:17:30 +05:30
Prince Chaddha 8e0a730e3d
Rename vulnerabilities/other/qdpm-info-leak.yaml to exposures/configs/qdpm-info-leak.yaml 2021-08-05 16:10:17 +05:30
Geeknik Labs a02ae7bef7
Update general-tokens.yaml 2021-08-02 12:27:07 -05:00
Geeknik Labs 61bb675add
Update general-tokens.yaml
squashing false positives
2021-08-02 12:25:54 -05:00
Geeknik Labs 3c713144d4
Update general-tokens.yaml
fix more fp
2021-08-02 10:17:06 -05:00
Sandeep Singh 162cf14687
Merge pull request #782 from hahwul/master
Create github-page-files.yml
2021-07-30 18:15:28 +05:30
sandeep 7fe896ae45 Update github-page-config.yaml 2021-07-30 18:13:32 +05:30
sandeep efb5b9e7a3 Added tags 2021-07-30 18:12:12 +05:30
sandeep 51915f8f9a Template improvements 2021-07-30 18:01:05 +05:30
nxnjz a7f75416f0
Update and rename appsec-yml-disclosure.yaml to appspec-yml-disclosure.yaml 2021-07-30 13:16:30 +03:00
Geeknik Labs 5e3cc340ee
Update credentials-disclosure.yaml
I feel like we should make these regex case insensitive so they match unexpected variations. For example, the `api[_-]?key(=| =|:| :)` regex before my change would match `apikey :`, `api_key =` and `api-key:` but not `apiKey=`.
2021-07-29 14:08:41 -05:00
Nicolas Mattiocco 8da48bbea8
Update git-config.yaml
improvement suggestion to keep it simple and flexible
2021-07-29 15:17:15 +02:00
sandeep e9210d80bf strict negative matchers 2021-07-26 15:14:33 +05:30
sandeep b990243906 uniform tags 2021-07-26 14:25:43 +05:30
sandeep d4a3f345fb tags update 2021-07-26 14:23:27 +05:30
Sandeep Singh eaa2561c70
Merge pull request #2170 from geeknik/patch-13
Create development-logs.yaml
2021-07-26 14:21:12 +05:30
Sandeep Singh c15e827b84
Update development-logs.yaml 2021-07-26 14:18:24 +05:30
Sandeep Singh 7c7e3f06bc
Merge pull request #2169 from geeknik/patch-12
Create production-logs.yaml
2021-07-26 01:53:26 +05:30
Sandeep Singh 09a5ea061a
Update production-logs.yaml 2021-07-26 01:52:26 +05:30
Sandeep Singh 9f66b8925d
Merge pull request #2115 from geeknik/patch-5
Update general-tokens.yaml
2021-07-26 01:47:39 +05:30
Sandeep Singh 5441d97bea
Merge pull request #2131 from geeknik/patch-8
Create wp-app-log.yaml
2021-07-26 01:22:37 +05:30
Sandeep Singh d43b57b56a
Update wp-app-log.yaml 2021-07-26 01:21:43 +05:30
Sandeep Singh 130f3576b6
Merge pull request #2130 from geeknik/patch-7
Create cold-fusion-cfcache-map.yaml
2021-07-26 01:17:15 +05:30
Sandeep Singh 037c531d58
Update cold-fusion-cfcache-map.yaml 2021-07-26 01:15:39 +05:30
sandeep c9f5f01bb9 minor update 2021-07-26 00:39:16 +05:30
Geeknik Labs 41c41abdb7
Update exposed-gitignore.yaml
Fixes the issue here: https://github.com/projectdiscovery/nuclei-templates/issues/1898#issuecomment-886237512
2021-07-25 18:29:28 +00:00
Geeknik Labs 7afc39cb32
Create development-logs.yaml 2021-07-24 14:29:43 -05:00
Geeknik Labs e428dc6454
Create production-logs.yaml 2021-07-24 14:28:33 -05:00
Sandeep Singh 4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep b1d8ab1193 more matchers update 2021-07-24 03:13:09 +05:30
sandeep 1ea3b8a8bf matcher updates 2021-07-24 03:03:31 +05:30
sandeep 9788ebbf27 more matcher updates 2021-07-24 02:54:09 +05:30
sandeep 19533bcc08 removed content type check to avoid valid matches 2021-07-24 02:53:11 +05:30
Geeknik Labs 4795c084e1
Update nginx-config.yaml
fixes a false positive
2021-07-23 15:18:51 -05:00
Sandeep Singh a957dc230c
Update exposures/files/snyk-ignore-file-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:51:05 +05:30
sandeep 96c78d8695 additional negative matcher 2021-07-24 00:39:30 +05:30
sandeep 1f4f8ce332 matcher update 2021-07-24 00:30:53 +05:30
sandeep 840d3ee4e3 Update github-workflows-disclosure.yaml
removing content type check as this might miss valid results with no content type in response
2021-07-24 00:26:56 +05:30
Sandeep Singh 5f4127cdaf
Update exposures/files/ruby-on-rails-secret-token-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:45 +05:30
Sandeep Singh b0b737e0eb
Update exposures/configs/hp-ilo-serial-key-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:26 +05:30
Sandeep Singh 2dbeb70480
Update exposures/configs/github-workflows-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:11 +05:30
Sandeep Singh fccc31717a
Update exposures/configs/github-workflows-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:16:13 +05:30
sandeep 763591bc97 lint fixes 2021-07-24 00:12:28 +05:30
Dhiyaneshwaran 1d9979fead
Update exposures/configs/hp-ilo-serial-key-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 17:54:36 +05:30
Dhiyaneshwaran 3528cd7bef
Update exposures/configs/github-workflows-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 17:54:27 +05:30
Dhiyaneshwaran 62c2693d34
Update exposures/configs/appsec-yml-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 17:54:17 +05:30
Dhiyaneshwaran 834d6b8f2a
Update dockerfile-hidden-disclosure.yaml 2021-07-23 17:49:32 +05:30
Dhiyaneshwaran 1671b074c0
Update exposures/logs/roundcube-log-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 09:47:22 +05:30