id: shell-history

info:
  name: Shell History
  author: pentest_swissky,geeknik
  severity: low
  description: Discover history for bash, ksh, sh, and zsh
  metadata:
    max-request: 4
  tags: misconfig

http:
  - method: GET
    max-redirects: 1
    path:
      - "{{BaseURL}}/.bash_history"
      - "{{BaseURL}}/.ksh_history"
      - "{{BaseURL}}/.sh_history"
      - "{{BaseURL}}/.zsh_history"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "mkdir "
          - "chmod "
          - "mv "
          - "nano "
          - "vim "
          - "pico "
          - "sudo "
          - "cd "
          - "cp "
          - "ps aux"
          - "ls "
          - "logout"
        condition: or

      - type: word
        part: response
        words:
          - "<?xml"
          - "<env"
          - "application/javascript"
          - "application/json"
          - "application/xml"
          - "html>"
          - "text/html"
          - "image/"
        negative: true

      - type: status
        status:
          - 200

# digest: 490a0046304402205c37286abcf1a7c68f4ae44caefdf33b72a60737e172479d0a80e97b15fb6afb02205b81e22b99eb761f141375f65283e71b510e620af1fd38a3db7fcec33762a2ee:922c64590222798bb761d5b6d8e72950