Commit Graph

43241 Commits (39891ed558c897e01de4dd66525e73cd54dd5109)

Author SHA1 Message Date
bauthard b62e5f88d9
Update GUIDE.md 2020-06-30 16:27:24 +05:30
bauthard eaa0a75395
adding workflow-example 2020-06-30 16:26:32 +05:30
bauthard fc95489690
Update CVE-2019-8449.yaml 2020-06-30 16:13:35 +05:30
bauthard 3c28475816
Merge pull request #160 from harsh-bothra/patch-2
Create CVE-2019-8449.yaml
2020-06-30 16:12:34 +05:30
Harsh Bothra d6027b67d2
Create CVE-2019-8449.yaml
CVE-2019-8449 which allows an Unauthenticated Attacker to enumerate all the users and their information such as Username, Avatars, Emails, Keys, etc.
Reference - https://www.doyler.net/security-not-included/more-jira-enumeration
2020-06-30 16:06:15 +05:30
bauthard ba30333045
updating trailing space 2020-06-30 15:55:45 +05:30
bauthard cd3b1a9804
Merge pull request #159 from harsh-bothra/patch-1
Create CVE-2018-11409.yaml
2020-06-30 15:54:13 +05:30
Harsh Bothra 53a47cc1bc
Create CVE-2018-11409.yaml
CVE-2018-11409  allows an unauthenticated user to get sensitive information such as license key from a Splunk instance by appending /__raw/services/server/info/server-info?output_mode=json to a query.
2020-06-30 15:49:43 +05:30
bauthard 12bff93ab2
Update and rename Wp-user to wordpress-user-enumaration.yaml 2020-06-30 10:30:57 +05:30
bauthard 9f44292e0c
Merge pull request #158 from manasjha7/patch-1
Wp-user
2020-06-30 10:29:48 +05:30
bauthard b9ea4ecaf3
Update CVE-2020-12720.yaml 2020-06-30 02:04:13 +05:30
bauthard c718848a88
Update CVE-2020-8512.yaml 2020-06-30 01:59:13 +05:30
Manas d471642340
Wp-user
If this endpoint is misconfigured, we can enumerate Wordpress admins and their userID.
2020-06-30 01:49:40 +05:30
bauthard 01378933c6
Update CVE-2020-12720.yaml 2020-06-29 19:25:45 +05:30
bauthard 75e2166cc5
updating CVE-2020-12720 2020-06-29 19:24:56 +05:30
bauthard 4eee21265b
Delete .DS_Store 2020-06-28 02:29:49 +05:30
bauthard bc9a6736c2
updating file name 2020-06-28 02:13:57 +05:30
bauthard 0043043f12
Merge pull request #155 from udit-thakkur/patch-2
Detect exposed .svn Directory
2020-06-28 02:13:16 +05:30
Udit Bhadauria 73622a256a
Update exposed-svn 2020-06-28 00:19:52 +05:30
Udit Bhadauria 8dd580dca4
Detect exposed .svn Directory
Provides a way to detect the version control instance - exposed .svn directory.
2020-06-27 18:30:25 +05:30
bauthard 91cd0e1ec4 updating template details 2020-06-27 12:25:14 +00:00
bauthard 3d8b9d7e5b
Merge pull request #154 from udit-thakkur/patch-1
Detect wordpress xmlrpc (sometimes leads to ssrf)
2020-06-27 17:52:56 +05:30
Udit Bhadauria d58974c479
Detect wordpress xmlrpc (sometimes get ssrf)
Provides a way to detect the wordpress xmlrpc endpoint that can help and leads to possible ssrf sometimes.
I am not sure if it is worth to add. But I have got a few good findings using this.

Let me know if I'm doing it right, You guys are doing great work, Love this project. Kudos..! 
Trying to contribute a little.
2020-06-27 17:14:59 +05:30
bauthard 3b8e5ae229 Added Wappalyzer Technology Detection
Ported hakluke PR into single template
2020-06-27 16:39:16 +05:30
bauthard 084a745600 added CVE-2020-8512 2020-06-26 09:14:54 +05:30
bauthard d7a5af2b28 updating severity of multiple templates 2020-06-25 02:37:58 +05:30
bauthard 7372b169f8
Merge pull request #153 from manuelbua/detect-linkerd-service
Initial Linkerd service detection rules
2020-06-23 03:36:00 +05:30
bauthard 2d56871bd0
Update CVE-2019-3799.yaml 2020-06-23 03:22:51 +05:30
bauthard 2d8efb04ba
Update CVE-2018-20824.yaml 2020-06-23 03:21:54 +05:30
bauthard d8a79274ae
Update CVE-2018-19439.yaml 2020-06-23 03:17:00 +05:30
Manuel Bua 410423834c Tweak flags 2020-06-22 23:41:24 +02:00
Manuel Bua 19edc73166 Fix formatting 2020-06-22 23:31:30 +02:00
Manuel Bua c5fc99af49 Add rules Linkerd service detection 2020-06-22 23:25:52 +02:00
Ice3man e9c23dffe0
Merge pull request #126 from projectdiscovery/iceman-regex-fix
Regex issues fix by simplifying and fixing some edge cases
2020-06-22 08:36:29 -07:00
Ice3man 445ddf6002
Merge pull request #152 from manuelbua/iceman-regex-fix
Handle some more edge cases in crlf-injection and open-redirect tests
2020-06-22 08:35:33 -07:00
bauthard b7103a2197 Pushing newly added cves 2020-06-22 19:05:37 +05:30
Manuel Bua 7df644ed6a Handle more spacing edge-cases, anchor at end of line 2020-06-22 13:15:01 +02:00
Manuel Bua 15fa8f2244 Switch to multiline matching to avoid false positives 2020-06-22 12:26:30 +02:00
Manuel Bua c7262c3ee7 Handle spaces in non-standard response headers 2020-06-22 10:55:52 +02:00
dudez 4ec258bd16
Handle protocol-relative URL in redirects 2020-06-22 10:02:43 +02:00
bauthard 32d9373273
adding more path with recent PR 2020-06-22 03:50:29 +05:30
Manuel Bua c08676116c Handle some more edge cases 2020-06-21 23:04:37 +02:00
bauthard c120a00735
Merge pull request #149 from bsysop/master
Add Fortinet FortiGate VPN panel template
2020-06-21 01:23:00 +05:30
bsysop a4ed54453b
Add Fortinet FortiGate VPN panel template 2020-06-20 16:45:16 -03:00
bauthard f432598a93
Merge pull request #148 from bsysop/master
Add Pulse Secure VPN panel template
2020-06-21 01:09:57 +05:30
bsysop f4fbc50186
Add Pulse Secure VPN panel template 2020-06-20 16:38:15 -03:00
bauthard 42e72ff843
added Tomcat Exposed Scripts detection 2020-06-20 16:02:29 +05:30
bauthard 80e2ee5bb4
Merge pull request #146 from mohammedshine/patch-1
Create elasticsearch.yaml
2020-06-20 13:16:08 +05:30
mohammedshine 0f73d7b9fb
Create elasticsearch.yaml 2020-06-20 05:07:41 +05:30
bauthard 3b3ab42984
Merge pull request #144 from maverickNerd/master
Add directory traversal CVE-2020-5410 affecting Spring Cloud Config
2020-06-18 16:48:30 +05:30