48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
id: security-txt
|
||
|
||
info:
|
||
name: security.txt File
|
||
author: bad5ect0r,noraj
|
||
severity: info
|
||
description: |
|
||
File similar to robots.txt but intended to be read by humans wishing to contact a website’s owner about security issues. Often defines a security policy and contact details.
|
||
reference:
|
||
- https://securitytxt.org/
|
||
- https://community.turgensec.com/security-txt-progress-in-ethical-security-research/
|
||
metadata:
|
||
verified: true
|
||
max-request: 2
|
||
shodan-query: http.securitytxt:contact http.status:200
|
||
tags: misc,generic
|
||
|
||
http:
|
||
- method: GET
|
||
path:
|
||
- "{{RootURL}}/.well-known/security.txt"
|
||
- "{{RootURL}}/security.txt"
|
||
|
||
stop-at-first-match: true
|
||
redirects: true
|
||
max-redirects: 2
|
||
matchers-condition: and
|
||
matchers:
|
||
- type: word
|
||
words:
|
||
- "Contact:"
|
||
- "Expires:"
|
||
condition: or
|
||
|
||
- type: dsl
|
||
dsl:
|
||
- "len(body) <= 4096 && len(body) > 0"
|
||
|
||
- type: status
|
||
status:
|
||
- 200
|
||
|
||
extractors:
|
||
- type: regex
|
||
group: 1
|
||
regex:
|
||
- '(?mi)Contact:(.*)'
|
||
# digest: 490a00463044022063fee5d629fcd71041a28b75faa013e66292f3310e9a53d9e85e7c86f03c32fc02202dc6abf6a02388bcae551aa4d7fd53cc3b45f9d83fe8a2974bfb0e71db86f5ad:922c64590222798bb761d5b6d8e72950 |