id: exposed-gitignore info: name: Gitignore - Detect author: TheZakMan,geeknik severity: info description: Gitignore configuration was detected. reference: - https://twitter.com/pratiky9967/status/1230001391701086208 - https://www.tenable.com/plugins/was/98595 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: exposure,tenable,config,git requests: - method: GET path: - "{{BaseURL}}/.gitignore" - "{{BaseURL}}/assets/.gitignore" - "{{BaseURL}}/includes/.gitignore" matchers-condition: and matchers: - type: dsl dsl: - 'len(body) > 50' - 'status_code == 200' condition: and - type: word words: - "application/javascript" - "application/x-javascript" - "application/json" - "application/xml" - "html" - "