nuclei-templates/http/token-spray/api-etherscan.yaml

id: api-etherscan

info:
  name: Etherscan API Test
  author: daffainfo
  severity: info
  description: Ethereum explorer API
  reference:
    - https://docs.etherscan.io/
    - https://github.com/daffainfo/all-about-apikey/tree/main/etherscan
  metadata:
    max-request: 1
  tags: token-spray,etherscan

self-contained: true

http:
  - method: GET
    path:
      - "https://api.etherscan.io/api?module=account&action=balance&address=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae&tag=latest&apikey={{token}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        negative: true
        words:
          - 'Invalid API Key'

      - type: word
        part: body
        words:
          - '"status":'
          - '"message":"OK"'
        condition: and

# digest: 4a0a00473045022100faebc9466aed40c1eea9248ec046914a39962bc70c878f97f6b35f5782002062022003a7849d6f0fc931ead368c33cce4319c58b8c1e37a430cffeedd728dd1d2535:922c64590222798bb761d5b6d8e72950