id: security-txt

info:
  name: security.txt File
  author: bad5ect0r,noraj
  severity: info
  description: |
    File similar to robots.txt but intended to be read by humans wishing to contact a website’s owner about security issues. Often defines a security policy and contact details.
  reference:
    - https://securitytxt.org/
    - https://community.turgensec.com/security-txt-progress-in-ethical-security-research/
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.securitytxt:contact http.status:200
  tags: miscellaneous,misc,generic

http:
  - method: GET
    path:
      - "{{RootURL}}/.well-known/security.txt"
      - "{{RootURL}}/security.txt"

    stop-at-first-match: true
    redirects: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Contact:"
          - "Expires:"
        condition: or

      - type: dsl
        dsl:
          - "len(body) <= 4096 && len(body) > 0"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - '(?mi)Contact:(.*)'
# digest: 490a00463044022063fee5d629fcd71041a28b75faa013e66292f3310e9a53d9e85e7c86f03c32fc02202dc6abf6a02388bcae551aa4d7fd53cc3b45f9d83fe8a2974bfb0e71db86f5ad:922c64590222798bb761d5b6d8e72950