id: shell-history

info:
  name: Shell History
  author: pentest_swissky,geeknik
  severity: low
  description: Discover history for bash, ksh, sh, and zsh
  tags: misconfig

requests:
  - method: GET
    max-redirects: 1
    path:
      - "{{BaseURL}}/.bash_history"
      - "{{BaseURL}}/.ksh_history"
      - "{{BaseURL}}/.sh_history"
      - "{{BaseURL}}/.zsh_history"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "mkdir "
          - "chmod "
          - "mv "
          - "nano "
          - "vim "
          - "pico "
          - "sudo "
          - "cd "
          - "cp "
          - "ps aux "
        condition: or

      - type: word
        part: response
        words:
          - "<?xml"
          - "<env"
          - "application/javascript"
          - "application/json"
          - "application/xml"
          - "html>"
          - "text/html"
          - "image/"
        negative: true

      - type: status
        status:
          - 200