mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
id: apache-kvrocks-exposed
|
|
|
|
info:
|
|
name: Apache Kvrocks - Exposed
|
|
author: icarot
|
|
severity: high
|
|
description: |
|
|
Detects if an Apache Kvrocks server is exposed with no authentication credentials, this application is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol.
|
|
reference:
|
|
- https://github.com/apache/kvrocks
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: apache,kvrocks,network,unauth,js,exposed
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port);
|
|
|
|
code: |
|
|
const redis = require('nuclei/redis');
|
|
const info = redis.GetServerInfo(Host,Port);
|
|
Export(info);
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: "6379"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "kvrocks_version"
|
|
- "kvrocks_git_sha1"
|
|
- "kvrocks_mode"
|
|
condition: or
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: response
|
|
regex:
|
|
- "kvrocks_version:[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"
|
|
- "kvrocks_git_sha1:\\w+"
|
|
- "kvrocks_mode:standalone"
|
|
# digest: 4a0a00473045022100d040b084def2f6406f801a9bb7000e7b50884ec0ad9d1f479b42407f894a8d400220298c583c3b4c96924e108841f77131405d74b4ab7295f054abdd5cc9e777f9a3:922c64590222798bb761d5b6d8e72950 |