admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

misc changes + added profile

Browse Source
This commit is contained in:
Prince Chaddha
2024-10-24 13:54:16 +07:00
parent de895311c6
commit 9ea5b414b8
7 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
code/windows/audit/anonymous-sid-enumeration-enabled.yaml
View File

@@ -22,7 +22,6 @@ code:
args: args:
- -ExecutionPolicy - -ExecutionPolicy
- Bypass - Bypass
- -Command
pattern: "*.ps1" pattern: "*.ps1"
source: | source: |
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'EveryoneIncludesAnonymous' Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'EveryoneIncludesAnonymous'

1
code/windows/audit/audit-logging-disabled.yaml
View File

@@ -22,7 +22,6 @@ code:
args: args:
- -ExecutionPolicy - -ExecutionPolicy
- Bypass - Bypass
- -Command
pattern: "*.ps1" pattern: "*.ps1"
source: | source: |
AuditPol /get /category:"Account Logon" AuditPol /get /category:"Account Logon"

2
code/windows/audit/automatic-windows-updates-disabled.yaml
View File

@@ -9,7 +9,7 @@ info:
Without regular updates, systems may miss important security patches. Without regular updates, systems may miss important security patches.
remediation: | remediation: |
Enable automatic Windows Updates to ensure timely updates for system security. Enable automatic Windows Updates to ensure timely updates for system security.
tags: windows,updates,disabled tags: windows,updates,disabled,windows-audit
self-contained: true self-contained: true

2
code/windows/audit/windows-defender-realtime-protection-disabled.yaml
View File

@@ -9,7 +9,7 @@ info:
Disabling real-time protection increases the risk of malware infections. Disabling real-time protection increases the risk of malware infections.
remediation: | remediation: |
Enable Windows Defender real-time protection to secure the system. Enable Windows Defender real-time protection to secure the system.
tags: windows,defender,antivirus,disabled tags: windows,defender,windows-audit
self-contained: true self-contained: true

1
code/windows/audit/winrm-remote-shell-access-allowed.yaml
View File

@@ -22,6 +22,7 @@ code:
args: args:
- -ExecutionPolicy - -ExecutionPolicy
- Bypass - Bypass
pattern: "*.ps1"
source: | source: |
(Get-Item WSMan:\localhost\Shell).AllowRemoteShellAccess (Get-Item WSMan:\localhost\Shell).AllowRemoteShellAccess

3
profiles/azure-cloud-config.yml
View File

@@ -15,6 +15,3 @@ code: true # enable code templates
tags: tags:
- azure-cloud-config # filter templates with "azure-cloud-config" tags - azure-cloud-config # filter templates with "azure-cloud-config" tags
var:
- region=us-east-1 # template input for "region" variable

17
profiles/windows-audit.yml Normal file
View File

@@ -0,0 +1,17 @@
# Nuclei Configuration Profile for Windows Audit
#
# This configuration file is specifically tailored for auditing Windows environments using Nuclei.
#
# Purpose:
# This profile is focused on identifying misconfigurations and vulnerabilities in Windows systems. Ensuring proper configuration and security controls is crucial for protecting Windows environments and ensuring that only authorized entities have access.
#
# Included Templates:
# This configuration references specific templates tagged with 'windows-audit' to cover comprehensive scanning of Windows systems.
#
# Running this profile:
# You can run this profile using the following command:
# nuclei -profile windows-audit
code: true # enable code templates
tags:
- windows-audit # filter templates with "windows-audit" tags