├── .gitignore ├── LICENSE ├── README.mkd ├── go.mod ├── http.go ├── main.go ├── module.go ├── modules ├── apache-ambari-default-credentials.json ├── crowdsourced │ ├── CVE-2017-9140.json │ ├── CVE-2019-3402.json │ ├── CVE-2021-28169.json │ ├── CVE-2021-32820.json │ ├── activeadmin-panel-disclosure.json │ ├── aem-invalidate-cache.json │ ├── apache-airflow-debug-trace.json │ ├── apache-superset-default-credentials.json │ ├── appsec-yml-disclosure.json │ ├── clockwork-dashboard-exposure.json │ ├── dockerfile-hidden-disclosure.json │ ├── esmtprc-dotfile-disclosure.json │ ├── filezilla-disclosure.json │ ├── git-credentials-disclosure.json │ ├── github-workflows-disclosure.json │ ├── gitlab-snippets-exposed.json │ ├── hp-ilo-serial-key-disclosure.json │ ├── icewarp-mail-rce.json │ ├── ilo-serial-key-disclosure.json │ ├── kubernetes-kustomization-disclosure.json │ ├── laravel-telescope-exposure.json │ ├── nginx-merge-slashes-path-traversal.json │ ├── oracle-ebs-lfi.json │ ├── php-user-ini-disclosure.json │ ├── phpmyadmin-info-schema-disclosure.json │ ├── putty-private-key-disclosure.json │ ├── pyproject-disclosure.json │ ├── roundcube-log-disclosure.json │ ├── ruby-on-rails-secret-token-disclosure.json │ ├── showdoc-default-password.json │ ├── snyk-ignore-file-disclosure.json │ ├── spring-boot-loggers-disclosure.json │ ├── ssh-authorized-keys-disclosure.json │ ├── symfony-fragment-exposure.json │ └── thumbs-db-disclosure.json ├── exposed-docker-socket.json ├── exposed-jquery-file-upload.json ├── exposed-nginx-status.json ├── http-response-splitting.json ├── minimal.json ├── multipath.json ├── open-redirect-1.json ├── package-json.json ├── reflected-xss.json ├── spring-boot-env-route.json ├── test.json ├── test2.json └── test3.json └── semaphore.go /.gitignore: -------------------------------------------------------------------------------- 1 | *.sw* 2 | ugly-duckling 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/LICENSE -------------------------------------------------------------------------------- /README.mkd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/README.mkd -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/detectify/ugly-duckling 2 | 3 | go 1.15 4 | -------------------------------------------------------------------------------- /http.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/http.go -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/main.go -------------------------------------------------------------------------------- /module.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/module.go -------------------------------------------------------------------------------- /modules/apache-ambari-default-credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/apache-ambari-default-credentials.json -------------------------------------------------------------------------------- /modules/crowdsourced/CVE-2017-9140.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/CVE-2017-9140.json -------------------------------------------------------------------------------- /modules/crowdsourced/CVE-2019-3402.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/CVE-2019-3402.json -------------------------------------------------------------------------------- /modules/crowdsourced/CVE-2021-28169.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/CVE-2021-28169.json -------------------------------------------------------------------------------- /modules/crowdsourced/CVE-2021-32820.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/CVE-2021-32820.json -------------------------------------------------------------------------------- /modules/crowdsourced/activeadmin-panel-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/activeadmin-panel-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/aem-invalidate-cache.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/aem-invalidate-cache.json -------------------------------------------------------------------------------- /modules/crowdsourced/apache-airflow-debug-trace.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/apache-airflow-debug-trace.json -------------------------------------------------------------------------------- /modules/crowdsourced/apache-superset-default-credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/apache-superset-default-credentials.json -------------------------------------------------------------------------------- /modules/crowdsourced/appsec-yml-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/appsec-yml-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/clockwork-dashboard-exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/clockwork-dashboard-exposure.json -------------------------------------------------------------------------------- /modules/crowdsourced/dockerfile-hidden-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/dockerfile-hidden-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/esmtprc-dotfile-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/esmtprc-dotfile-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/filezilla-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/filezilla-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/git-credentials-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/git-credentials-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/github-workflows-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/github-workflows-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/gitlab-snippets-exposed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/gitlab-snippets-exposed.json -------------------------------------------------------------------------------- /modules/crowdsourced/hp-ilo-serial-key-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/hp-ilo-serial-key-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/icewarp-mail-rce.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/icewarp-mail-rce.json -------------------------------------------------------------------------------- /modules/crowdsourced/ilo-serial-key-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/ilo-serial-key-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/kubernetes-kustomization-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/kubernetes-kustomization-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/laravel-telescope-exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/laravel-telescope-exposure.json -------------------------------------------------------------------------------- /modules/crowdsourced/nginx-merge-slashes-path-traversal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/nginx-merge-slashes-path-traversal.json -------------------------------------------------------------------------------- /modules/crowdsourced/oracle-ebs-lfi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/oracle-ebs-lfi.json -------------------------------------------------------------------------------- /modules/crowdsourced/php-user-ini-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/php-user-ini-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/phpmyadmin-info-schema-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/phpmyadmin-info-schema-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/putty-private-key-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/putty-private-key-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/pyproject-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/pyproject-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/roundcube-log-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/roundcube-log-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/showdoc-default-password.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/showdoc-default-password.json -------------------------------------------------------------------------------- /modules/crowdsourced/snyk-ignore-file-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/snyk-ignore-file-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/spring-boot-loggers-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/spring-boot-loggers-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/ssh-authorized-keys-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/ssh-authorized-keys-disclosure.json -------------------------------------------------------------------------------- /modules/crowdsourced/symfony-fragment-exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/symfony-fragment-exposure.json -------------------------------------------------------------------------------- /modules/crowdsourced/thumbs-db-disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/crowdsourced/thumbs-db-disclosure.json -------------------------------------------------------------------------------- /modules/exposed-docker-socket.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/exposed-docker-socket.json -------------------------------------------------------------------------------- /modules/exposed-jquery-file-upload.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/exposed-jquery-file-upload.json -------------------------------------------------------------------------------- /modules/exposed-nginx-status.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/exposed-nginx-status.json -------------------------------------------------------------------------------- /modules/http-response-splitting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/http-response-splitting.json -------------------------------------------------------------------------------- /modules/minimal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/minimal.json -------------------------------------------------------------------------------- /modules/multipath.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/multipath.json -------------------------------------------------------------------------------- /modules/open-redirect-1.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/open-redirect-1.json -------------------------------------------------------------------------------- /modules/package-json.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/package-json.json -------------------------------------------------------------------------------- /modules/reflected-xss.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/reflected-xss.json -------------------------------------------------------------------------------- /modules/spring-boot-env-route.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/spring-boot-env-route.json -------------------------------------------------------------------------------- /modules/test.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/test.json -------------------------------------------------------------------------------- /modules/test2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/test2.json -------------------------------------------------------------------------------- /modules/test3.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/modules/test3.json -------------------------------------------------------------------------------- /semaphore.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/detectify/ugly-duckling/HEAD/semaphore.go --------------------------------------------------------------------------------