-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathenv_exposed.yaml
103 lines (100 loc) · 3.35 KB
/
env_exposed.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
id: env-exposed
info:
name: .env File Discovery
author: BooBooHQ
severity: high
description: .env file was discovered.
tags: config,exposure,codeigniter
requests:
- method: GET
path:
- "{{BaseURL}}/.env"
- "{{BaseURL}}/.env.backup"
- "{{BaseURL}}/.env.bak"
- "{{BaseURL}}/.env.config"
- "{{BaseURL}}/.env.dev"
- "{{BaseURL}}/.env.dev.local"
- "{{BaseURL}}/.env.development.local"
- "{{BaseURL}}/.env.example"
- "{{BaseURL}}/.env.live"
- "{{BaseURL}}/.env.local"
- "{{BaseURL}}/.env.old"
- "{{BaseURL}}/.env.prod"
- "{{BaseURL}}/.env.prod.local"
- "{{BaseURL}}/.env.production"
- "{{BaseURL}}/.env.production.local"
- "{{BaseURL}}/.env.save"
- "{{BaseURL}}/.env.stage"
- "{{BaseURL}}/.env.staging"
- "{{BaseURL}}/.env.testing"
- "{{BaseURL}}/.env.www"
- "{{BaseURL}}/.env_1"
- "{{BaseURL}}/.env_sample"
- "{{BaseURL}}/.envrc"
- "{{BaseURL}}/actuator/env"
- "{{BaseURL}}/actuators/env"
- "{{BaseURL}}/api/.env"
- "{{BaseURL}}/cgi-bin/printenv.pl"
- "{{BaseURL}}/conf/cassandra-env.sh"
- "{{BaseURL}}/config/environment.rb"
- "{{BaseURL}}/env"
- "{{BaseURL}}/env.dev.js"
- "{{BaseURL}}/env.development.js"
- "{{BaseURL}}/env.js"
- "{{BaseURL}}/env.prod.js"
- "{{BaseURL}}/env.production.js"
- "{{BaseURL}}/env.sh"
- "{{BaseURL}}/env.test.js"
- "{{BaseURL}}/environment.rb"
- "{{BaseURL}}/proc/self/environ"
- "{{BaseURL}}/redmine/config/environment.rb"
- "{{BaseURL}}/..;/.env"
- "{{BaseURL}}/..;/.env.backup"
- "{{BaseURL}}/..;/.env.bak"
- "{{BaseURL}}/..;/.env.config"
- "{{BaseURL}}/..;/.env.dev"
- "{{BaseURL}}/..;/.env.dev.local"
- "{{BaseURL}}/..;/.env.development.local"
- "{{BaseURL}}/..;/.env.example"
- "{{BaseURL}}/..;/.env.live"
- "{{BaseURL}}/..;/.env.local"
- "{{BaseURL}}/..;/.env.old"
- "{{BaseURL}}/..;/.env.prod"
- "{{BaseURL}}/..;/.env.prod.local"
- "{{BaseURL}}/..;/.env.production"
- "{{BaseURL}}/..;/.env.production.local"
- "{{BaseURL}}/..;/.env.save"
- "{{BaseURL}}/..;/.env.stage"
- "{{BaseURL}}/..;/.env.staging"
- "{{BaseURL}}/..;/.env.testing"
- "{{BaseURL}}/..;/.env.www"
- "{{BaseURL}}/..;/.env_1"
- "{{BaseURL}}/..;/.env_sample"
- "{{BaseURL}}/..;/.envrc"
- "{{BaseURL}}/..;/actuator/env"
- "{{BaseURL}}/..;/actuators/env"
- "{{BaseURL}}/..;/api/.env"
- "{{BaseURL}}/..;/cgi-bin/printenv.pl"
- "{{BaseURL}}/..;/conf/cassandra-env.sh"
- "{{BaseURL}}/..;/config/environment.rb"
- "{{BaseURL}}/..;/env"
- "{{BaseURL}}/..;/env.dev.js"
- "{{BaseURL}}/..;/env.development.js"
- "{{BaseURL}}/..;/env.js"
- "{{BaseURL}}/..;/env.prod.js"
- "{{BaseURL}}/..;/env.production.js"
- "{{BaseURL}}/..;/env.sh"
- "{{BaseURL}}/..;/env.test.js"
- "{{BaseURL}}/..;/environment.rb"
- "{{BaseURL}}/..;/proc/self/environ"
- "{{BaseURL}}/..;/redmine/config/environment.rb"
matchers-condition: and
matchers:
- type: regex
regex:
- "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWORD)"
- "(?m)^DB_(HOST|PASSWORD|DATABASE)"
condition: or
- type: status
status:
- 200