Nuclei Template:
id: server-status-check
info:
name: Apache Server-Status Endpoint Detection
author: ProjectDiscoveryAI
severity: info
description: |
Sandeep Singh ehsandeep
🏠
ehsandeep
/ shodan_ports.txt
Created
February 17, 2023 13:12
— forked from s0md3v/shodan_ports.txt
list of ports scanned by shodan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 7 | |
| 11 | |
| 13 | |
| 15 | |
| 17 | |
| 19 | |
| 20 | |
| 21 | |
| 22 | |
| 23 |
ehsandeep
/ KEV-TO-TEMPLATE Mapping.md
Last active
June 10, 2022 11:45
CVEs from Known Exploited Vulnerabilities Catalog list that can be scanned using nuclei template, updated till https://twitter.com/USCERT_gov/status/1534557036058378241
- CVE-2022-30525
- CVE-2022-29464
- CVE-2022-26134
- CVE-2022-23134
- CVE-2022-23131
- CVE-2022-22965
- CVE-2022-22954
- CVE-2022-22947
- CVE-2022-1040
- CVE-2022-0543
ehsandeep
/ one-template-for-all.md
Last active
September 23, 2022 08:38
graph TD;
Nuclei-Templates--> Customization;
Nuclei-Templates--> Automation;
Nuclei-Templates--> Collaboration;
Customization--> id1(No code, Simple as Editing a text file);
Automation--> Scan;
Automation--> Triage;
Automation--> Retest;
Automation--> Regression;
ehsandeep
/ log4j-keywords
Created
December 11, 2021 17:14
— forked from bugbountynights/log4j-keywords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${ctx:loginId} | |
| ${map:type} | |
| ${filename} | |
| ${date:MM-dd-yyyy} | |
| ${docker:containerId} | |
| ${docker:containerName} | |
| ${docker:imageName} | |
| ${env:USER} | |
| ${event:Marker} | |
| ${mdc:UserId} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gist-testing22gist-testing22gist-testing22gist-testing22 | |
| gist-testing22 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 |
ehsandeep
/ exploit_path_traversals_in_Java_webapps.txt
Created
April 27, 2020 11:11
— forked from harisec/exploit_path_traversals_in_Java_webapps.txt
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: detect-all-takeovers | |
| info: | |
| name: Subdomain takeover finder | |
| author: melbadry9 | |
| severity: high | |
| # update this list with new takeovers matchers | |
| # do not delete other template files for takeover |
ehsandeep
/ auto_git_query
Created
August 28, 2019 21:01
— forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
NewerOlder