id: url-extension-inspector info: name: URL Extension Inspector author: ayadim severity: unknown description: | This template assists you in discovering intriguing extensions within a list of URLs. reference: - https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/ tags: file,url-analyse,urls,extension file: - extensions: - all extractors: - type: regex name: Hot finding regex: - "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)" - type: regex name: Backup file regex: - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")" - type: regex name: PHP Source regex: - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")" - type: regex name: ASP Source regex: - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")" - type: regex name: Database file regex: - "(?i)\\.db|\\.sql('|\")" - type: regex name: Bash script regex: - "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")" - type: regex name: 1Password password manager database file regex: - "(?i)\\.agilekeychain('|\")" - type: regex name: ASP configuration file regex: - "(?i)\\.asa('|\")" - type: regex name: Apple Keychain database file regex: - "(?i)\\.keychain('|\")" - type: regex name: Azure service configuration schema file regex: - "(?i)\\.cscfg('|\")" - type: regex name: Compressed archive file regex: - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")" - type: regex name: Configuration file regex: - "(?i)(\\.ini|\\.config|\\.conf)('|\")" - type: regex name: Day One journal file regex: - "(?i)\\.dayone('|\")" - type: regex name: Document file regex: - "(?i)(\\.doc|\\.docx|\\.rtf)('|\")" - type: regex name: GnuCash database file regex: - "(?i)\\.gnucash('|\")" - type: regex name: Include file regex: - "(?i)\\.inc('|\")" - type: regex name: XML file regex: - "(?i)\\.xml('|\")" - type: regex name: Old file regex: - "(?i)\\.old('|\")" - type: regex name: Log file regex: - "(?i)\\.log('|\")" - type: regex name: Java file regex: - "(?i)\\.java('|\")" - type: regex name: SQL dump file regex: - "(?i)\\.sql('|\")" - type: regex name: Excel file regex: - "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")" - type: regex name: Certificate file regex: - "(?i)(\\.cer|\\.crt|\\.p7b)('|\")" - type: regex name: Java key storte regex: - "(?i)\\.jks('|\")" - type: regex name: KDE Wallet Manager database file regex: - "(?i)\\.kwallet('|\")" - type: regex name: Little Snitch firewall configuration file regex: - "(?i)\\.xpl('|\")" - type: regex name: Microsoft BitLocker Trusted Platform Module password file regex: - "(?i)\\.tpm('|\")" - type: regex name: Microsoft BitLocker recovery key file regex: - "(?i)\\.bek('|\")" - type: regex name: Microsoft SQL database file regex: - "(?i)\\.mdf('|\")" - type: regex name: Microsoft SQL server compact database file regex: - "(?i)\\.sdf('|\")" - type: regex name: Network traffic capture file regex: - "(?i)\\.pcap('|\")" - type: regex name: OpenVPN client configuration file regex: - "(?i)\\.ovpn('|\")" - type: regex name: PDF file regex: - "(?i)\\.pdf('|\")" - type: regex name: PHP file regex: - "(?i)\\.pcap('|\")" - type: regex name: Password Safe database file regex: - "(?i)\\.psafe3('|\")" - type: regex name: Potential configuration file regex: - "(?i)\\.yml('|\")" - type: regex name: Potential cryptographic key bundle regex: - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")" - type: regex name: Potential private key regex: - "(?i)otr.private_key('|\")" - type: regex name: Presentation file regex: - "(?i)(\\.ppt|\\.pptx)('|\")" - type: regex name: Python file regex: - "(?i)\\.py('|\")" - type: regex name: Remote Desktop connection file regex: - "(?i)\\.rdp('|\")" - type: regex name: Ruby On Rails file regex: - "(?i)\\.rb('|\")" - type: regex name: SQLite database file regex: - "(?i)\\.sqlite|\\.sqlitedb('|\")" - type: regex name: SQLite3 database file regex: - "(?i)\\.sqlite3('|\")" - type: regex name: Sequel Pro MySQL database manager bookmark file regex: - "(?i)\\.plist('|\")" - type: regex name: Shell configuration file regex: - "(?i)(\\.exports|\\.functions|\\.extra)('|\")" - type: regex name: Temporary file regex: - "(?i)\\.tmp" - type: regex name: Terraform variable config file regex: - "(?i)\\.tfvars('|\")" - type: regex name: Text file regex: - "(?i)\\.txt('|\")" - type: regex name: Tunnelblick VPN configuration file regex: - "(?i)\\.tblk('|\")" - type: regex name: Windows BitLocker full volume encrypted data file regex: - "(?i)\\.fve('|\")" # digest: 490a0046304402202fdd8df60e47d5428b4d97d4ba47f93898efa3684b316c3d2479f46f063495a6022061157464c0ef21307e4f8e852f5be86e0673c15f0c4a67ee24c230436e177a25:922c64590222798bb761d5b6d8e72950