id: detect-sentry info: name: Detect Sentry Instance author: Sicksec severity: info reference: - https://hackerone.com/reports/374737 - https://twitter.com/itsecurityguard/status/1127893545619218432?lang=en metadata: max-request: 1 tags: ssrf,sentry,tech,hackerone http: - method: GET path: - "{{BaseURL}}" extractors: - type: regex part: body regex: - "https://[0-9a-f]*@[a-z0-9]+\\.[a-z.]+.?[0-9]+" # digest: 4a0a0047304502206a337fc97e880044be0de01faa202ad1cca2f4d7b67fe461bcc11f49eea1515c022100dce81df0cb17f0ca0d72ae8ebb749658efe8cf379598fc331463ccb4b48cade3:922c64590222798bb761d5b6d8e72950