nuclei-templates/exposures/configs/server-private-keys.yaml

53 lines
1.4 KiB
YAML

id: server-private-keys
info:
name: Detect Private SSH, TLS, and JWT Keys
author: geeknik
severity: high
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/localhost.key"
- "{{BaseURL}}/host.key"
- "{{BaseURL}}/www.key"
- "{{BaseURL}}/private-key"
- "{{BaseURL}}/privatekey.key"
- "{{BaseURL}}/server.key"
- "{{BaseURL}}/my.key"
- "{{BaseURL}}/key.pem"
- "{{BaseURL}}/ssl/localhost.key"
- "{{BaseURL}}/ssl/{{Hostname}}.key"
- "{{BaseURL}}/id_rsa"
- "{{BaseURL}}/id_dsa"
- "{{BaseURL}}/.ssh/id_rsa"
- "{{BaseURL}}/.ssh/id_dsa"
- "{{BaseURL}}/{{Hostname}}.key"
- "{{BaseURL}}/{{Hostname}}.pem"
- "{{BaseURL}}/config/jwt/private.pem"
- "{{BaseURL}}/jwt/private.pem"
- "{{BaseURL}}/var/jwt/private.pem"
- "{{BaseURL}}/private.pem"
matchers-condition: and
matchers:
- type: word
words:
- "BEGIN OPENSSH PRIVATE KEY"
- "BEGIN PRIVATE KEY"
- "BEGIN RSA PRIVATE KEY"
- "BEGIN DSA PRIVATE KEY"
- "BEGIN EC PRIVATE KEY"
- "BEGIN PGP PRIVATE KEY BLOCK"
condition: or
- type: status
status:
- 200
- type: dsl
dsl:
- '!contains(body_2, "<html")'
- '!contains(body_2, "<HTML")'
condition: and