From 614fc901d184504cb47cee2d4fda19b7c69070e2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 28 Jan 2022 15:54:49 +0530 Subject: [PATCH] Miscellaneous template updates --- .nuclei-ignore | 1 - miscellaneous/addeventlistener-detect.yaml | 4 +-- miscellaneous/apple-app-site-association.yaml | 6 ++--- miscellaneous/dir-listing.yaml | 2 ++ miscellaneous/display-via-header.yaml | 20 --------------- miscellaneous/joomla-htaccess.yaml | 4 +-- miscellaneous/joomla-manifest-file.yaml | 2 +- miscellaneous/moodle-changelog.yaml | 2 +- miscellaneous/ntlm-directories.yaml | 2 +- miscellaneous/old-copyright.yaml | 4 +-- ...ptions-method.yaml => options-method.yaml} | 4 +-- .../{robots.txt.yaml => robots-txt.yaml} | 3 ++- .../{security.txt.yaml => security-txt.yaml} | 18 +++++++++---- miscellaneous/tabnabbing-check.yaml | 25 ------------------- miscellaneous/trace-method.yaml | 4 +-- 15 files changed, 33 insertions(+), 68 deletions(-) delete mode 100644 miscellaneous/display-via-header.yaml rename miscellaneous/{detect-options-method.yaml => options-method.yaml} (79%) rename miscellaneous/{robots.txt.yaml => robots-txt.yaml} (99%) rename miscellaneous/{security.txt.yaml => security-txt.yaml} (65%) delete mode 100644 miscellaneous/tabnabbing-check.yaml diff --git a/.nuclei-ignore b/.nuclei-ignore index 2337dd6f409..cd13b760144 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -10,7 +10,6 @@ tags: - "fuzz" - "dos" - - "misc" # files is a list of files to ignore template execution # unless asked for by the user. diff --git a/miscellaneous/addeventlistener-detect.yaml b/miscellaneous/addeventlistener-detect.yaml index 0b4b57ca9dd..fb29b8ba5a5 100644 --- a/miscellaneous/addeventlistener-detect.yaml +++ b/miscellaneous/addeventlistener-detect.yaml @@ -4,7 +4,7 @@ info: name: AddEventlistener detection author: yavolo severity: info - tags: xss + tags: xss,misc reference: https://portswigger.net/web-security/dom-based/controlling-the-web-message-source requests: @@ -14,6 +14,6 @@ requests: matchers: - type: word + part: body words: - 'window.addEventListener(' - part: body \ No newline at end of file diff --git a/miscellaneous/apple-app-site-association.yaml b/miscellaneous/apple-app-site-association.yaml index 9954c8d6812..53fd4282894 100644 --- a/miscellaneous/apple-app-site-association.yaml +++ b/miscellaneous/apple-app-site-association.yaml @@ -4,7 +4,7 @@ info: name: Apple app site association for harvesting end points author: panch0r3d severity: info - tags: misc + tags: misc,apple requests: - method: GET @@ -17,17 +17,17 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - 'applinks' - 'appID' - 'paths' - part: body condition: and - type: word + part: header words: - 'application/json' - part: header - type: status status: diff --git a/miscellaneous/dir-listing.yaml b/miscellaneous/dir-listing.yaml index 18562b53410..e2103650597 100644 --- a/miscellaneous/dir-listing.yaml +++ b/miscellaneous/dir-listing.yaml @@ -11,6 +11,7 @@ requests: - method: GET path: - "{{BaseURL}}" + matchers: - type: word words: @@ -18,3 +19,4 @@ requests: - "Index of /" - "[To Parent Directory]" - "Directory: /" + condition: or \ No newline at end of file diff --git a/miscellaneous/display-via-header.yaml b/miscellaneous/display-via-header.yaml deleted file mode 100644 index 4f17e636dc7..00000000000 --- a/miscellaneous/display-via-header.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: display-via-header - -info: - name: Display Via Header - author: geeknik - reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Via - severity: info - tags: misc,generic - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - extractors: - - type: regex - part: header - regex: - - "Via:.*" diff --git a/miscellaneous/joomla-htaccess.yaml b/miscellaneous/joomla-htaccess.yaml index ad0de0cd6fd..cd711772f70 100644 --- a/miscellaneous/joomla-htaccess.yaml +++ b/miscellaneous/joomla-htaccess.yaml @@ -16,14 +16,14 @@ requests: matchers: - type: word words: - - "# @package Joomla" + - "Joomla" - "Open Source Matters. All rights reserved" condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: diff --git a/miscellaneous/joomla-manifest-file.yaml b/miscellaneous/joomla-manifest-file.yaml index 99d9cb4e1ad..f7db23b3a21 100644 --- a/miscellaneous/joomla-manifest-file.yaml +++ b/miscellaneous/joomla-manifest-file.yaml @@ -21,9 +21,9 @@ requests: condition: and - type: word + part: header words: - "application/xml" - part: header - type: status status: diff --git a/miscellaneous/moodle-changelog.yaml b/miscellaneous/moodle-changelog.yaml index 3bb3c7e4e64..04c51359f08 100644 --- a/miscellaneous/moodle-changelog.yaml +++ b/miscellaneous/moodle-changelog.yaml @@ -22,9 +22,9 @@ requests: condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: diff --git a/miscellaneous/ntlm-directories.yaml b/miscellaneous/ntlm-directories.yaml index a36f3f12873..856199e66a9 100644 --- a/miscellaneous/ntlm-directories.yaml +++ b/miscellaneous/ntlm-directories.yaml @@ -14,7 +14,7 @@ requests: Host: {{Hostname}} Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= - threads: 50 + threads: 10 payloads: path: - / diff --git a/miscellaneous/old-copyright.yaml b/miscellaneous/old-copyright.yaml index 75f00c2eed5..ff09ae7d3de 100644 --- a/miscellaneous/old-copyright.yaml +++ b/miscellaneous/old-copyright.yaml @@ -16,9 +16,9 @@ requests: matchers-condition: and matchers: - type: word + part: body words: - '2022' - part: body negative: true - type: regex @@ -28,10 +28,10 @@ requests: - '© [1-9]\d*' - '© [1-9]\d*' - '© [1-9]\d*' + extractors: - type: regex part: body - name: copyright_year regex: - 'Copyright [1-9]\d*' - '© [1-9]\d*' diff --git a/miscellaneous/detect-options-method.yaml b/miscellaneous/options-method.yaml similarity index 79% rename from miscellaneous/detect-options-method.yaml rename to miscellaneous/options-method.yaml index 2a0a126efce..91ba87f15a0 100644 --- a/miscellaneous/detect-options-method.yaml +++ b/miscellaneous/options-method.yaml @@ -1,7 +1,7 @@ -id: detect-options-method +id: options-method info: - name: Detect enabled OPTIONS methods + name: Allowed Options Method author: pdteam severity: info tags: misc,generic diff --git a/miscellaneous/robots.txt.yaml b/miscellaneous/robots-txt.yaml similarity index 99% rename from miscellaneous/robots.txt.yaml rename to miscellaneous/robots-txt.yaml index f11e795855a..f23d4b4951f 100644 --- a/miscellaneous/robots.txt.yaml +++ b/miscellaneous/robots-txt.yaml @@ -9,6 +9,7 @@ requests: - method: GET path: - "{{BaseURL}}/robots.txt" + matchers-condition: and redirects: true matchers: @@ -17,9 +18,9 @@ requests: - "Disallow:" - type: word + part: header words: - text/plain - part: header - type: dsl dsl: diff --git a/miscellaneous/security.txt.yaml b/miscellaneous/security-txt.yaml similarity index 65% rename from miscellaneous/security.txt.yaml rename to miscellaneous/security-txt.yaml index 02d72a4c40a..034f26556aa 100644 --- a/miscellaneous/security.txt.yaml +++ b/miscellaneous/security-txt.yaml @@ -10,20 +10,28 @@ info: requests: - method: GET path: - - "{{BaseURL}}/.well-known/security.txt" - - "{{BaseURL}}/security.txt" + - "{{RootURL}}/.well-known/security.txt" + - "{{RootURL}}/security.txt" + + stop-at-first-match: true redirects: true - max-redirects: 3 + max-redirects: 2 matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "Contact:" - condition: and + - type: dsl dsl: - "len(body) <= 1024 && len(body) > 0" - condition: and + + extractors: + - type: regex + group: 1 + regex: + - '(?mi)Contact:(.*)' \ No newline at end of file diff --git a/miscellaneous/tabnabbing-check.yaml b/miscellaneous/tabnabbing-check.yaml deleted file mode 100644 index b92943f34ce..00000000000 --- a/miscellaneous/tabnabbing-check.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: tabnabbing-check - -info: - name: Reverse Tabnabbing - author: bolli95 - severity: info - tags: misc - reference: - - https://owasp.org/www-community/attacks/Reverse_Tabnabbing - - https://www.youtube.com/watch?v=TMKZCHYmtD4 - - https://hackerone.com/reports/211065 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'regex("", replace_regex(replace_regex(body, "", ""), "", "")) || regex("window\.open\\([^,]+\\)", body)' - - type: dsl - dsl: - - "!contains(tolower(all_headers), 'referrer-policy: no-referrer')" \ No newline at end of file diff --git a/miscellaneous/trace-method.yaml b/miscellaneous/trace-method.yaml index 00f9b49b0e3..73bd7bde6ab 100644 --- a/miscellaneous/trace-method.yaml +++ b/miscellaneous/trace-method.yaml @@ -15,9 +15,9 @@ requests: matchers: - type: word name: trace-request + part: body words: - "TRACE / HTTP" - part: body - method: OPTIONS path: @@ -26,6 +26,6 @@ requests: matchers: - type: regex name: options-request + part: header regex: - "(?i)Allow: [A-Z,]*TRACE" - part: header