nuclei-templates/http/token-spray/api-abuseipdb.yaml

id: api-abuseipdb

info:
  name: AbuseIPDB API - Test
  author: daffainfo
  severity: info
  description: AbuseIPDB API test was conducted.
  reference:
    - https://docs.abuseipdb.com/
    - https://github.com/daffainfo/all-about-apikey/tree/main/abuseipdb
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
  tags: token-spray,abuseipdb
  metadata:
    max-request: 1

self-contained: true
http:
  - raw:
      - |
        POST https://api.abuseipdb.com/api/v2/report HTTP/1.1
        Host: api.abuseipdb.com
        Key: {{token}}
        Accept: application/json
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 16

        ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root.        

    matchers:
      - type: word
        part: body
        words:
          - 'data":'
          - 'ipAddress":'
        condition: and