id: api-abuseipdb

info:
  name: AbuseIPDB API - Test
  author: daffainfo
  severity: info
  description: AbuseIPDB API test was conducted.
  reference:
    - https://docs.abuseipdb.com/
    - https://github.com/daffainfo/all-about-apikey/tree/main/abuseipdb
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: token-spray,abuseipdb

self-contained: true

http:
  - raw:
      - |
        POST https://api.abuseipdb.com/api/v2/report HTTP/1.1
        Host: api.abuseipdb.com
        Key: {{token}}
        Accept: application/json
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 16

        ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root.

    matchers:
      - type: word
        part: body
        words:
          - 'data":'
          - 'ipAddress":'
        condition: and

# digest: 4a0a00473045022026c2d562a4f7dc93f0e27e3a45a21c8baad795377bcfeb24e6204a9243b63112022100ed4cabe0abae1bdaa6674449f8e3cdbc1eebeb4b6e7a3f4ced7b85f7288324bd:922c64590222798bb761d5b6d8e72950