nuclei-templates/file/url-analyse/url-extension-inspector.yaml

220 lines
6.0 KiB
YAML

id: url-extension-inspector
info:
name: URL Extension Inspector
author: ayadim
severity: unknown
description: |
This template assists you in discovering intriguing extensions within a list of URLs.
reference:
- https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
tags: file,urls,extension
file:
- extensions:
- all
extractors:
- type: regex
name: Hot finding
regex:
- "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"
- type: regex
name: Backup file
regex:
- "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)"
- type: regex
name: PHP Source
regex:
- "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
- type: regex
name: ASP Source
regex:
- "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
- type: regex
name: Database file
regex:
- "(?i)\\.db|\\.sql"
- type: regex
name: Bash script
regex:
- "(?i)\\.sh|\\.bashrc|\\.zshrc"
- type: regex
name: 1Password password manager database file
regex:
- "(?i)\\.agilekeychain"
- type: regex
name: ASP configuration file
regex:
- "(?i)\\.asa"
- type: regex
name: Apple Keychain database file
regex:
- "(?i)\\.keychain"
- type: regex
name: Azure service configuration schema file
regex:
- "(?i)\\.cscfg"
- type: regex
name: Compressed archive file
regex:
- "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)"
- type: regex
name: Configuration file
regex:
- "(?i)(\\.ini|\\.config|\\.conf)"
- type: regex
name: Day One journal file
regex:
- "(?i)\\.dayone"
- type: regex
name: Document file
regex:
- "(?i)(\\.doc|\\.docx|\\.rtf)"
- type: regex
name: GnuCash database file
regex:
- "(?i)\\.gnucash"
- type: regex
name: Include file
regex:
- "(?i)\\.inc"
- type: regex
name: XML file
regex:
- "(?i)\\.xml"
- type: regex
name: Old file
regex:
- "(?i)\\.old"
- type: regex
name: Log file
regex:
- "(?i)\\.log"
- type: regex
name: Java file
regex:
- "(?i)\\.java"
- type: regex
name: SQL dump file
regex:
- "(?i)\\.sql"
- type: regex
name: Excel file
regex:
- "(?i)(\\.xls|\\.xlsx|\\.csv)"
- type: regex
name: Certificate file
regex:
- "(?i)(\\.cer|\\.crt|\\.p7b)"
- type: regex
name: Java key storte
regex:
- "(?i)\\.jks"
- type: regex
name: KDE Wallet Manager database file
regex:
- "(?i)\\.kwallet"
- type: regex
name: Little Snitch firewall configuration file
regex:
- "(?i)\\.xpl"
- type: regex
name: Microsoft BitLocker Trusted Platform Module password file
regex:
- "(?i)\\.tpm"
- type: regex
name: Microsoft BitLocker recovery key file
regex:
- "(?i)\\.bek"
- type: regex
name: Microsoft SQL database file
regex:
- "(?i)\\.mdf"
- type: regex
name: Microsoft SQL server compact database file
regex:
- "(?i)\\.sdf"
- type: regex
name: Network traffic capture file
regex:
- "(?i)\\.pcap"
- type: regex
name: OpenVPN client configuration file
regex:
- "(?i)\\.ovpn"
- type: regex
name: PDF file
regex:
- "(?i)\\.pdf"
- type: regex
name: PHP file
regex:
- "(?i)\\.pcap"
- type: regex
name: Password Safe database file
regex:
- "(?i)\\.psafe3"
- type: regex
name: Potential configuration file
regex:
- "(?i)\\.yml"
- type: regex
name: Potential cryptographic key bundle
regex:
- "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)"
- type: regex
name: Potential private key
regex:
- "(?i)otr.private_key"
- type: regex
name: Presentation file
regex:
- "(?i)(\\.ppt|\\.pptx)"
- type: regex
name: Python file
regex:
- "(?i)\\.py"
- type: regex
name: Remote Desktop connection file
regex:
- "(?i)\\.rdp"
- type: regex
name: Ruby On Rails file
regex:
- "(?i)\\.rb"
- type: regex
name: SQLite database file
regex:
- "(?i)\\.sqlite|\\.sqlitedb"
- type: regex
name: SQLite3 database file
regex:
- "(?i)\\.sqlite3"
- type: regex
name: Sequel Pro MySQL database manager bookmark file
regex:
- "(?i)\\.plist"
- type: regex
name: Shell configuration file
regex:
- "(?i)(\\.exports|\\.functions|\\.extra)"
- type: regex
name: Temporary file
regex:
- "(?i)\\.tmp"
- type: regex
name: Terraform variable config file
regex:
- "(?i)\\.tfvars"
- type: regex
name: Text file
regex:
- "(?i)\\.txt"
- type: regex
name: Tunnelblick VPN configuration file
regex:
- "(?i)\\.tblk"
- type: regex
name: Windows BitLocker full volume encrypted data file
regex:
- "(?i)\\.fve"