Web Source Code Enumeration via .git

rules/web/web_source_code_enumeration.yml

@@ -0,0 +1,20 @@
+title: Source Code Enumeration Detection by Keyword
+description: Detects source code enumeration that use GET requests by keyword searches in URL strings
+author: James Ahearn
+references: 
+    - 'https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html'
+    - 'https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1'
+logsource:
+    category: webserver
+detection:
+    keywords:
+        - '*.git/*'
+    condition: keywords
+fields:
+    - client_ip
+    - vhost
+    - url
+    - response
+falsepositives:
+    - unknown
+level: medium