nuclei-templates/exposures/files/django-secret-key.yaml

47 lines
986 B
YAML

id: django-secret-key
info:
name: Django Secret Key Exposure
author: geeknik,DhiyaneshDk
severity: high
reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key
metadata:
verified: true
shodan-query: html:settings.py
tags: django,exposure,files
requests:
- method: GET
path:
- "{{BaseURL}}/settings.py"
- "{{BaseURL}}/app/settings.py"
- "{{BaseURL}}/django/settings.py"
- "{{BaseURL}}/settings/settings.py"
- "{{BaseURL}}/web/settings/settings.py"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SECRET_KEY ="
- type: word
part: header
words:
- "text/html"
negative: true
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"DJANGO_SECRET_KEY", "(.*)"'