Commit Graph

6062 Commits (5f9a6aa798b9a83cfc80c744fdc91ad431e2f4fd)

Author SHA1 Message Date
bauthard 68bccbfdc2 added dead host with cname finder 2020-05-19 05:13:11 +00:00
Regala 5316f5dbcc
Update CVE-2020-7473.yaml
This is to avoid false positives. I think it would be better to only match 2xx and 3xx status code (don't know if nuclei supports this terminology)
2020-05-18 11:14:04 +01:00
bauthard 6e495e41e7
Merge pull request #88 from Pxmme/master
Updating open redirect detection with regex + more payloads
2020-05-17 04:11:36 +05:30
Pxmme 6961c63659
Adding @ for Twitter handles cause Andi bitched about it 2020-05-16 23:39:47 +02:00
Pxmme 22c85b660f
Updating authors with Twitter handles + forgot Andi for giving me a few path based payloads 2020-05-16 23:32:21 +02:00
Pxmme 42e05c89b5
Forgot to add fisher who gave me the GET param list! 2020-05-16 23:28:20 +02:00
Pxmme 7c25948a33
Update open-redirect.yaml 2020-05-16 23:25:31 +02:00
Pxmme e33d72e4f2
Update and rename path-based-open-redirect-1.yaml to open-redirect.yaml 2020-05-16 23:25:16 +02:00
bauthard 9b48667288
Merge pull request #81 from 73735/master
Add CVE-2020-7473.yaml
2020-05-16 15:39:42 +05:30
bauthard 601b3c086d
Merge pull request #87 from 73735/front-page-misconfig.yaml
Add front-page-misconfig.yaml
2020-05-16 15:38:39 +05:30
João Teles 78985eb603
Merge pull request #1 from 73735/front-page-misconfig.yaml
Add front-page-misconfig.yaml
2020-05-15 21:08:58 -03:00
João Teles 22c6b5e03b
Add front-page-misconfig.yaml 2020-05-15 21:08:27 -03:00
João Teles 7a37488076
Update CVE-2020-7473.yaml
Ready guys. Now the template will check for size. I didn't implement the "HEAD" method because the nuclei is not supported.
2020-05-15 20:59:23 -03:00
Nadino92 b6078b5d47 improve noisy 2020-05-15 12:08:27 +02:00
bauthard 49b45dc2dc
updating name 2020-05-15 01:55:12 +05:30
Nadino92 7b88d4258e adding 2 cves and crxde 2020-05-14 19:54:02 +02:00
Nadino92 536b9d9949 more precise tokens 2020-05-12 18:41:11 +02:00
Andrea 8ca66bd66d basic xss 2020-05-10 17:16:12 +02:00
Andrea b72489445c Merge branch 'master' into private 2020-05-09 10:59:38 +02:00
Andrea f66b732286 remove / 2020-05-09 10:59:35 +02:00
bauthard 0d5b682e94 updating cve names 2020-05-08 18:40:02 +00:00
bauthard 14fad57a86
Merge pull request #84 from michael1026/CVE-accuracy-fixes
Accuracy Fixes
2020-05-08 23:57:10 +05:30
bauthard c53c7ea8aa
Merge pull request #85 from bad5ect0r/master
Detect security.txt file.
2020-05-08 22:32:42 +05:30
Andrea 27e76fe494 Merge branch 'master' of https://github.com/Nadino92/nuclei-templates 2020-05-08 18:32:26 +02:00
Andrea fc797a94e1 fix crash for {{ 2020-05-08 18:31:59 +02:00
Andrea 1e49185e72 Merge branch 'master' of https://github.com/Nadino92/nuclei-templates into private 2020-05-08 18:25:09 +02:00
Andrea 455c47c220 Merge branch 'master' into private 2020-05-08 18:24:29 +02:00
Andrea 5f5cdac0d5 change noisy location 2020-05-08 15:05:58 +02:00
bad5ect0r 572105b16a
Add more strict rules for security.txt
Previous one had a few false positives. This should narrow that down.
2020-05-08 21:41:26 +10:00
bad5ect0r 4565f42799
Detect security.txt file.
Detect if a site supports responsible disclosure with a security.txt file: https://securitytxt.org/
2020-05-08 21:06:57 +10:00
Michael Blake 5caa7cecb9 Reduce false-positives for Moodle XSS 2020-05-07 21:50:17 -07:00
Michael Blake 339ac74114 Prevent false-positives for CVE-2019-19368 2020-05-07 21:47:47 -07:00
Michael Blake fe2efe6124 CVE-2019-14974 check and severity update 2020-05-07 21:45:25 -07:00
Nadino92 3d19cd5bb5 improve the regex case sensitive 2020-05-07 16:42:33 +02:00
Joao Teles d22d0745d2 Add CVE-2020-7473.yaml 2020-05-07 10:15:25 -03:00
bauthard 3eb49ad409
Merge pull request #79 from kotireddyaluri/master
jaspersoft-detect
2020-05-07 17:28:24 +05:30
bauthard e0f7914677
Merge pull request #80 from Nadino92/master
HTTP username and password
2020-05-07 17:26:57 +05:30
Nadino92 2fb9a3e57c
General tokens
General tokens
2020-05-07 12:14:17 +02:00
Nadino92 2654e0d0a4
HTTP username and password
Detect urls like https://username:password@vulnerable.com and https://apitoken@vulnerable.com
2020-05-07 12:09:09 +02:00
Koti Reddy Aluri 35335a8e68
Update jaspersoft-detect.yaml 2020-05-07 15:15:12 +05:30
Koti Reddy Aluri 85b6ec40cb
jaspersoft-detect 2020-05-07 15:10:45 +05:30
Andrea fba4aba846 add hosts file 2020-05-06 16:52:33 +02:00
Andrea 6845f96415 remove dupe docker 2020-05-06 16:51:45 +02:00
Nadino92 215b074604
Docker public repositories
Searches for public repositories with Docker API endpoint. They contain source code and it's often considered a critical issue.
2020-05-06 11:49:38 +02:00
bauthard 4c3eeba4eb
Merge pull request #77 from Nadino92/master
Slack access token
2020-05-05 20:04:57 +05:30
Nadino92 3cfabd1763
Slack access token
Fetch the slack access token for both bot/person
2020-05-05 13:01:22 +02:00
bauthard 59abc09ad1
Merge pull request #76 from Nadino92/master
Basic CORS misconfiguration
2020-05-04 22:03:08 +05:30
Nadino92 73d4a18752
CRLF injection
CRLF injection with normal encoding and unicode bypass encoding https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
2020-05-04 17:53:49 +02:00
Nadino92 68fff10c89
Basic CORS for flash
Detect misconfigured crossdomain.xml allowing Flash to fetch resources cross-domain
2020-05-04 17:26:17 +02:00
Nadino92 74c9ed3844
Basic CORS misconfiguration
Detect basic CORS misconfiguration allowing to fetch resources cross-domain
2020-05-04 17:03:50 +02:00