nuclei-templates/token-spray
Prince Chaddha 7476fb1dd6
Merge pull request #2976 from dwisiswant0/add/api-strava
Add Strava API test
2021-10-25 12:59:56 +05:30
..
README.md misc update 2021-10-20 14:17:32 +05:30
api-adafruit-io.yaml Update and rename adafruit-io.yaml to api-adafruit-io.yaml 2021-10-25 12:53:50 +05:30
api-appveyor.yaml Update and rename appveyor.yaml to api-appveyor.yaml 2021-10-25 12:54:35 +05:30
api-dbt.yaml Update and rename dbt.yaml to api-dbt.yaml 2021-10-25 12:56:04 +05:30
api-leanix.yaml Update and rename leanix.yaml to api-leanix.yaml 2021-10-25 12:52:21 +05:30
api-particle.yaml Update and rename particle.yaml to api-particle.yaml 2021-10-24 13:56:44 +05:30
api-strava.yaml Update and rename strava.yaml to api-strava.yaml 2021-10-25 12:58:18 +05:30
api-taiga.yaml Rename taiga.yaml to api-taiga.yaml 2021-10-25 12:57:30 +05:30
api-vercel.yaml Update api-vercel.yaml 2021-10-24 13:57:05 +05:30
api-webex.yaml Update and rename webex.yaml to api-webex.yaml 2021-10-25 12:51:18 +05:30
apigee-edge.yaml Apigee Edge API test 2021-10-24 09:17:04 +07:00
asana.yaml more updates 2021-10-20 14:16:18 +05:30
bingmaps.yaml more updates 2021-10-20 14:16:18 +05:30
bitly.yaml more updates 2021-10-20 14:16:18 +05:30
buildkite.yaml more updates 2021-10-20 14:16:18 +05:30
buttercms.yaml more updates 2021-10-20 14:16:18 +05:30
calendly.yaml more updates 2021-10-20 14:16:18 +05:30
circleci.yaml more updates 2021-10-20 14:16:18 +05:30
deviantart.yaml more updates 2021-10-20 14:16:18 +05:30
dropbox.yaml more updates 2021-10-20 14:16:18 +05:30
facebook.yaml Added additional matcher 2021-10-23 14:12:55 +05:30
fontawesome.yaml Add FontAwesome API test 2021-10-24 11:28:51 +07:00
fortitoken-cloud.yaml Update fortitoken-cloud.yaml 2021-10-24 10:18:17 +05:30
github.yaml more updates 2021-10-20 14:16:18 +05:30
google-autocomplete.yaml more updates 2021-10-20 14:16:18 +05:30
google-customsearch.yaml more updates 2021-10-20 14:16:18 +05:30
google-directions.yaml more updates 2021-10-20 14:16:18 +05:30
google-elevation.yaml more updates 2021-10-20 14:16:18 +05:30
google-fcm.yaml more updates 2021-10-20 14:16:18 +05:30
google-findplacefromtext.yaml more updates 2021-10-20 14:16:18 +05:30
google-gedistancematrix.yaml more updates 2021-10-20 14:16:18 +05:30
google-geocode.yaml more updates 2021-10-20 14:16:18 +05:30
google-geolocation.yaml more updates 2021-10-20 14:16:18 +05:30
google-mapsembed.yaml more updates 2021-10-20 14:16:18 +05:30
google-mapsembedadvanced.yaml more updates 2021-10-20 14:16:18 +05:30
google-nearbysearch.yaml more updates 2021-10-20 14:16:18 +05:30
google-nearestroads.yaml more updates 2021-10-20 14:16:18 +05:30
google-placedetails.yaml more updates 2021-10-20 14:16:18 +05:30
google-placesphoto.yaml more updates 2021-10-20 14:16:18 +05:30
google-playablelocations.yaml more updates 2021-10-20 14:16:18 +05:30
google-routetotraveled.yaml more updates 2021-10-20 14:16:18 +05:30
google-speedlimit.yaml more updates 2021-10-20 14:16:18 +05:30
google-staticmaps.yaml more updates 2021-10-20 14:16:18 +05:30
google-streetview.yaml more updates 2021-10-20 14:16:18 +05:30
google-timezone.yaml more updates 2021-10-20 14:16:18 +05:30
googlet-extsearchplaces.yaml more updates 2021-10-20 14:16:18 +05:30
heroku.yaml more updates 2021-10-20 14:16:18 +05:30
hubspot.yaml more updates 2021-10-20 14:16:18 +05:30
instagram.yaml more updates 2021-10-20 14:16:18 +05:30
intercom.yaml Update intercom.yaml 2021-10-24 13:41:44 +05:30
ipstack.yaml more updates 2021-10-20 14:16:18 +05:30
iterable.yaml more updates 2021-10-20 14:16:18 +05:30
jumpcloud.yaml more updates 2021-10-20 14:16:18 +05:30
linkedin.yaml Add LinkedIn API test 2021-10-23 21:13:04 +07:00
lokalise.yaml more updates 2021-10-20 14:16:18 +05:30
loqate.yaml more updates 2021-10-20 14:16:18 +05:30
mailchimp.yaml more updates 2021-10-20 14:16:18 +05:30
mailgun.yaml more updates 2021-10-20 14:16:18 +05:30
mapbox.yaml more updates 2021-10-20 14:16:18 +05:30
nerdgraph.yaml more updates 2021-10-20 14:16:18 +05:30
netlify.yaml Add Netlify API test 2021-10-24 12:32:29 +07:00
npm.yaml more updates 2021-10-20 14:16:18 +05:30
onelogin.yaml Update onelogin.yaml 2021-10-24 10:22:10 +05:30
openweather.yaml more updates 2021-10-20 14:16:18 +05:30
optimizely.yaml Add Optimizely API test 2021-10-24 08:42:58 +07:00
pagerduty.yaml more updates 2021-10-20 14:16:18 +05:30
paypal.yaml Add negative regex matcher 2021-10-24 08:27:09 +07:00
pendo.yaml more updates 2021-10-20 14:16:18 +05:30
pivotaltracker.yaml more updates 2021-10-20 14:16:18 +05:30
postmark.yaml more updates 2021-10-20 14:16:18 +05:30
sendgrid.yaml more updates 2021-10-20 14:16:18 +05:30
slack.yaml more updates 2021-10-20 14:16:18 +05:30
sonarcloud.yaml more updates 2021-10-20 14:16:18 +05:30
spotify.yaml more updates 2021-10-20 14:16:18 +05:30
square.yaml more updates 2021-10-20 14:16:18 +05:30
stripe.yaml more updates 2021-10-20 14:16:18 +05:30
tink.yaml Add Tink API test 2021-10-24 11:58:52 +07:00
tinypng.yaml more updates 2021-10-20 14:16:18 +05:30
travisci.yaml more updates 2021-10-20 14:16:18 +05:30
twitter.yaml more updates 2021-10-20 14:16:18 +05:30
visualstudio.yaml more updates 2021-10-20 14:16:18 +05:30
wakatime.yaml more updates 2021-10-20 14:16:18 +05:30
weglot.yaml more updates 2021-10-20 14:16:18 +05:30
youtube.yaml more updates 2021-10-20 14:16:18 +05:30

README.md

About

This directory holds templates that have static API URL endpoints. Use these to test an API token against many API service endpoints. By providing token input using flag, Nuclei will test the token against all known API endpoints within the API templates, and return any successful results. By incorporating API checks as Nuclei Templates, users can test API keys that have no context (i.e., API keys that do not indicate for which API endpoint they are meant).

Usage

token-spray are self-contained template and does not requires URLs as input as the API endpoints have static URLs predefined in the template. Each template in the token-spray directory assumes the input API token/s will be provided using CLI var flag.

# Running token-spray templates against a single token to test
nuclei -t token-spray/ -var token=random-token-to-test

# Running token-spray templates against a file containing multiple new line delimited tokens
nuclei -t token-spray/ -var token=file_with_tokens.txt

Credits

These API testing templates were inspired by the streaak/keyhacks repository. The Bishop Fox Continuous Attack Surface Testing (CAST) team created additional API templates for testing API keys uncovered during investigations. You are welcome to add new templates based on the existing format to cover more APIs.