id: shellscripts

info:
  name: Public shellscripts
  author: panch0r3d
  severity: low
  description: This template checks exposure of bash scripts.
  metadata:
    max-request: 27
  tags: bash,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/.build.sh"
      - "{{BaseURL}}/.jenkins.sh"
      - "{{BaseURL}}/.travis.sh"
      - "{{BaseURL}}/install.sh"
      - "{{BaseURL}}/update.sh"
      - "{{BaseURL}}/upload.sh"
      - "{{BaseURL}}/config.sh"
      - "{{BaseURL}}/build.sh"
      - "{{BaseURL}}/setup.sh"
      - "{{BaseURL}}/run.sh"
      - "{{BaseURL}}/backup.sh"
      - "{{BaseURL}}/compile.sh"
      - "{{BaseURL}}/env.sh"
      - "{{BaseURL}}/init.sh"
      - "{{BaseURL}}/startup.sh"
      - "{{BaseURL}}/wp-setup.sh"
      - "{{BaseURL}}/deploy.sh"
      - "{{BaseURL}}/aws.sh"
      - "{{BaseURL}}/reminder.sh"
      - "{{BaseURL}}/mysqlbackup.sh"
      - "{{BaseURL}}/dev2local.sh"
      - "{{BaseURL}}/local2dev.sh"
      - "{{BaseURL}}/local2prod.sh"
      - "{{BaseURL}}/prod2local.sh"
      - "{{BaseURL}}/rsync.sh"
      - "{{BaseURL}}/sync.sh"
      - "{{BaseURL}}/test.sh"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - ".*?bin.*?sh"
          - ".*?bin.*?bash"
        condition: or

      - type: word
        part: header
        words:
          - "application/x-sh"
          - "text/plain"
          - "text/x-sh"
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a0047304502203eed3f6c9d8e944eff0cc0c62b52a0908a3ec38dfb5ff54cd6245f48b954353d022100a052fe3641894045ffa5a7b4b803d3c6125b63efd513b4edde7b10313b5f01f1:922c64590222798bb761d5b6d8e72950