13920adbaa | ||
---|---|---|
.. | ||
cloud | ||
self-hosted | ||
README.md |
README.md
Credential Stuffing Templates
This directory contains a collection of credential stuffing templates for both cloud and self-hosted services. These templates help automate the detection and prevention of credential stuffing attempts on your organization's websites and applications using the Nuclei vulnerability scanner.
Types of Templates
- Cloud Services: Templates for credential stuffing testing on cloud service providers.
- Self-Hosted Services: Templates for credential stuffing testing on self-hosted software instances that often have custom hosting environments.
Usage
Cloud Services Template
An example of using a cloud service credential stuffing template can be seen with the Datadog Login Check template:
nuclei -var username=testing@projectdiscovery.io -var password=test123 -id datadog-login-check
Here, the -var
option supplies the necessary inputs (username/email and password) to the template.
Self-Hosted Services Template
An example of using a self-hosted service credential stuffing template can be seen with the Jira Login Check template:
nuclei -u https://jira.projectdiscovery.io/ -id jira-login-check -var username=testing@projectdiscovery.io -var password=test123
In this case, you also need to provide the hostname/IP of the deployed instance using the -u
or --url
option along with the necessary credentials using the -var
option.
Attack Types
By default, Nuclei uses Pitchfork mode in which it takes the first line from email.txt
as the username input and the first line from pass.txt
as the password parameter input. Ensure that both email.txt
and pass.txt
have an equal number of entries, with email/password combinations aligned on the same line in both files.
Starting with Nuclei 2.8, you can override the default behavior using the -at
or --attack-type
CLI option. Specifying the attack-type option as clusterbomb
enables convenient verification of weak credentials for a list of given email addresses across various services.
For example, assuming email.txt
contains:
email1@example.com
email2@example.com
email3@example.com
And pass.txt
contains:
password1
password2
password3
The command below will check credential validity by sequentially testing each email from email.txt
with all entries in pass.txt
across different hosts stored in jira.txt
:
cat jira.txt | nuclei -var username=email.txt -var password=pass.txt -id jira-login-check -attack-type clusterbomb
Developing custom target-specific templates for internal/custom portals can yield even more comprehensive results.
Contributing and Updating Templates
Help us improve the credential stuffing templates by contributing new templates, reporting bugs, or requesting new features. Contributions are most welcome!
Fix issues, add new templates, and update existing ones by submitting a pull request. Always adhere to the best practices for YAML syntax and ensure that your template is tested before submitting.
Please refer to the template documentation to learn more about writing and submitting new templates to this repository: https://nuclei.projectdiscovery.io/templating-guide/