nuclei-templates/http/misconfiguration/application-yaml.yaml

id: application-yaml

info:
  name: application.yaml detection
  author: Cristi vlad (@cristivlad25)
  severity: info
  description: Finds Application YAML files which often contain sensitive information.
  tags: misconfig
  metadata:
    max-request: 4

http:
  - method: GET
    path:
      - "{{BaseURL}}/app.yaml"
      - "{{BaseURL}}/app.yml"
      - "{{BaseURL}}/application.yaml"
      - "{{BaseURL}}/application.yml"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        condition: or
        words:
          - "runtime:"
          - "spring:"
          - "datasource:"
          - "platform:"
          - "server:"
          - "job:"

      - type: status
        status:
          - 200

      - type: dsl
        condition: or
        dsl:
          - "!contains(tolower(body), '<html')"
          - "!contains(tolower(body), '<body')"
          - "!contains(tolower(body), '</h1>')"
          - "!contains(tolower(body), '</h2>')"
          - "!contains(tolower(body), '</h3>')"
          - "!contains(tolower(body), '<?xml')"