aa47b1d97b
* Added 23 Nuclei Templates * Update cofense-vision-detection.yml * Update sophos-mobile-panel-detection.yml * Update cofense-vision-detection.yml * Update httpbin-open-redirect.yml * Update httpbin-xss.yml * Update ansible-semaphore-panel.yml * Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml * Update and rename avatier_password_management.yml to avatier-password-management.yaml * Update and rename buddy-panel.yml to buddy-panel.yaml * Update and rename buildbot-panel.yml to buildbot-panel.yaml * Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml * Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml * Update and rename drone-ci-panel.yml to drone-ci-panel.yaml * Update and rename flowci-detection.yml to flowci-panel.yaml * Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml * Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml * Update and rename httpbin-detection.yml to httpbin-panel.yaml * Update and rename leostream-detection.yml to leostream-panel.yaml * Delete redash-detection.yml * Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml * Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml * Update splunk-enterprise-panel.yaml * Update and rename stridercd-detection.yml to stridercd-panel.yaml * Update and rename zuul-panel.yml to zuul-panel.yaml * Update and rename zentral-detection.yml to zentral-panel.yaml * Update and rename api-fastly.yml to api-fastly.yaml * Update and rename api-gitlab.yml to api-gitlab.yaml * Update and rename httpbin-xss.yml to httpbin-xss.yaml * Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml * Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml * minor matcher fixes * added missing hostname variable * meta data update Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io> |
||
|---|---|---|
| .. | ||
| README.md | ||
| api-abstractapi.yaml | ||
| api-abuseipdb.yaml | ||
| api-accuweather.yaml | ||
| api-adafruit-io.yaml | ||
| api-adoptapet.yaml | ||
| api-alchemy.yaml | ||
| api-alienvault.yaml | ||
| api-aniapi.yaml | ||
| api-apigee-edge.yaml | ||
| api-appveyor.yaml | ||
| api-asana.yaml | ||
| api-bhagavadgita.yaml | ||
| api-bible.yaml | ||
| api-binance.yaml | ||
| api-bingmaps.yaml | ||
| api-bitcoinaverage.yaml | ||
| api-bitly.yaml | ||
| api-bitquery.yaml | ||
| api-bitrise.yaml | ||
| api-block.yaml | ||
| api-blockchain.yaml | ||
| api-blockfrost.yaml | ||
| api-box.yaml | ||
| api-bravenewcoin.yaml | ||
| api-buildkite.yaml | ||
| api-buttercms.yaml | ||
| api-calendarific.yaml | ||
| api-calendly.yaml | ||
| api-charity.yaml | ||
| api-circleci.yaml | ||
| api-clearbit.yaml | ||
| api-coinapi.yaml | ||
| api-coinlayer.yaml | ||
| api-cooperhewitt.yaml | ||
| api-covalent.yaml | ||
| api-dbt.yaml | ||
| api-ddownload.yaml | ||
| api-deviantart.yaml | ||
| api-dribbble.yaml | ||
| api-dropbox.yaml | ||
| api-ebird.yaml | ||
| api-etherscan.yaml | ||
| api-europeana.yaml | ||
| api-facebook.yaml | ||
| api-fastly.yaml | ||
| api-festivo.yaml | ||
| api-fontawesome.yaml | ||
| api-fortitoken-cloud.yaml | ||
| api-github.yaml | ||
| api-gitlab.yaml | ||
| api-gofile.yaml | ||
| api-harvardart.yaml | ||
| api-heroku.yaml | ||
| api-holidayapi.yaml | ||
| api-hubspot.yaml | ||
| api-iconfinder.yaml | ||
| api-improvmx.yaml | ||
| api-instagram.yaml | ||
| api-instatus.yaml | ||
| api-intercom.yaml | ||
| api-ipstack.yaml | ||
| api-iterable.yaml | ||
| api-iucn.yaml | ||
| api-jumpcloud.yaml | ||
| api-launchdarkly.yaml | ||
| api-leanix.yaml | ||
| api-linkedin.yaml | ||
| api-lokalise.yaml | ||
| api-loqate.yaml | ||
| api-mailboxvalidator.yaml | ||
| api-mailchimp.yaml | ||
| api-mailgun.yaml | ||
| api-malshare.yaml | ||
| api-malwarebazaar.yaml | ||
| api-mapbox.yaml | ||
| api-micro-user-service.yaml | ||
| api-mojoauth.yaml | ||
| api-myanimelist.yaml | ||
| api-mywot.yaml | ||
| api-nerdgraph.yaml | ||
| api-netlify.yaml | ||
| api-nownodes.yaml | ||
| api-npm.yaml | ||
| api-onelogin.yaml | ||
| api-openweather.yaml | ||
| api-optimizely.yaml | ||
| api-orbintelligence.yaml | ||
| api-pagerduty.yaml | ||
| api-particle.yaml | ||
| api-pastebin.yaml | ||
| api-paypal.yaml | ||
| api-pendo.yaml | ||
| api-petfinder.yaml | ||
| api-pinata.yaml | ||
| api-pivotaltracker.yaml | ||
| api-postmark.yaml | ||
| api-quip.yaml | ||
| api-rijksmuseum.yaml | ||
| api-scanii.yaml | ||
| api-sendgrid.yaml | ||
| api-slack.yaml | ||
| api-smartsheet.yaml | ||
| api-sonarcloud.yaml | ||
| api-spotify.yaml | ||
| api-square.yaml | ||
| api-strava.yaml | ||
| api-stripe.yaml | ||
| api-stytch.yaml | ||
| api-taiga.yaml | ||
| api-thecatapi.yaml | ||
| api-thedogapi.yaml | ||
| api-tink.yaml | ||
| api-tinypng.yaml | ||
| api-travisci.yaml | ||
| api-trello.yaml | ||
| api-twitter.yaml | ||
| api-urlscan.yaml | ||
| api-vercel.yaml | ||
| api-virustotal.yaml | ||
| api-visualstudio.yaml | ||
| api-wakatime.yaml | ||
| api-web3storage.yaml | ||
| api-webex.yaml | ||
| api-weglot.yaml | ||
| api-wordcloud.yaml | ||
| api-youtube.yaml | ||
| google-autocomplete.yaml | ||
| google-books.yaml | ||
| google-customsearch.yaml | ||
| google-directions.yaml | ||
| google-elevation.yaml | ||
| google-fcm.yaml | ||
| google-findplacefromtext.yaml | ||
| google-gedistancematrix.yaml | ||
| google-geocode.yaml | ||
| google-geolocation.yaml | ||
| google-mapsembed.yaml | ||
| google-mapsembedadvanced.yaml | ||
| google-nearbysearch.yaml | ||
| google-nearestroads.yaml | ||
| google-placedetails.yaml | ||
| google-placesphoto.yaml | ||
| google-playablelocations.yaml | ||
| google-routetotraveled.yaml | ||
| google-speedlimit.yaml | ||
| google-staticmaps.yaml | ||
| google-streetview.yaml | ||
| google-timezone.yaml | ||
| googlet-extsearchplaces.yaml | ||
README.md
About
This directory holds templates that have static API URL endpoints. Use these to test an API token against many API service endpoints. By providing token input using flag, Nuclei will test the token against all known API endpoints within the API templates, and return any successful results. By incorporating API checks as Nuclei Templates, users can test API keys that have no context (i.e., API keys that do not indicate for which API endpoint they are meant).
Usage
token-spray are self-contained template and does not requires URLs as input as the API endpoints have static URLs predefined in the template. Each template in the token-spray directory assumes the input API token/s will be provided using CLI var flag.
# Running token-spray templates against a single token to test
nuclei -t token-spray/ -var token=random-token-to-test
# Running token-spray templates against a file containing multiple new line delimited tokens
nuclei -t token-spray/ -var token=file_with_tokens.txt
Credits
These API testing templates were inspired by the streaak/keyhacks repository. The Bishop Fox Continuous Attack Surface Testing (CAST) team created additional API templates for testing API keys uncovered during investigations. You are welcome to add new templates based on the existing format to cover more APIs.