nuclei-templates/tokens/http-username-password.yaml

25 lines
530 B
YAML

id: http-username-password
# Extract something like https://username:password@vulnerable.com
# can be improved
info:
name: Http usernamme password
author: nadino
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: regex
part: body
regex:
- "(ftp|ftps|http|https)://[0-9A-Za-z\\-_%]+(:|@)"
extractors:
- type: regex
part: body
regex:
- "(ftp|ftps|http|https)://[0-9A-Za-z\\-_%]+(:|@)"