id: shellscripts info: name: Public shellscripts author: panch0r3d severity: low description: This template checks exposure of bash scripts. metadata: max-request: 27 tags: bash,exposure,files http: - method: GET path: - "{{BaseURL}}{{paths}}" payloads: paths: - "/.build.sh" - "/.jenkins.sh" - "/.travis.sh" - "/install.sh" - "/update.sh" - "/upload.sh" - "/config.sh" - "/build.sh" - "/setup.sh" - "/run.sh" - "/backup.sh" - "/compile.sh" - "/env.sh" - "/init.sh" - "/startup.sh" - "/wp-setup.sh" - "/deploy.sh" - "/aws.sh" - "/reminder.sh" - "/mysqlbackup.sh" - "/dev2local.sh" - "/local2dev.sh" - "/local2prod.sh" - "/prod2local.sh" - "/rsync.sh" - "/sync.sh" - "/test.sh" matchers-condition: and matchers: - type: regex part: body regex: - ".*?bin.*?sh" - ".*?bin.*?bash" condition: or - type: word part: header words: - "application/x-sh" - "text/plain" - "text/x-sh" condition: or - type: status status: - 200 # digest: 4a0a00473045022000e537557952bfc5afb65259350ca730c54449042571269e1fef45cf04899aec022100b7be07fd7ee81139a198e53592a3766b8c55a4220813a298139b70990778bdce:922c64590222798bb761d5b6d8e72950