Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin' into fix-wp-FP
Browse files Browse the repository at this point in the history
  • Loading branch information
@princechaddha
princechaddha committed Apr 8, 2024
2 parents 188505a + 98f42f7 commit 01d9665
Show file tree
Hide file tree
Showing 2,743 changed files with 18,330 additions and 13,578 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/templateman.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- name: Run TemplateMan
id: tmc
run: |
echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e
echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e -at
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files
Expand Down
162 changes: 77 additions & 85 deletions .github/workflows/templates-sync.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,91 +3,83 @@ on:
push:
paths:
- '.new-additions'
- 'dns/soa-detect.yaml'
- 'dns/spf-record-detect.yaml'
- 'dns/txt-service-detect.yaml'
- 'file/keys/dependency/dependency-track.yaml'
- 'file/keys/docker/dockerhub-pat.yaml'
- 'file/keys/doppler/doppler-audit.yaml'
- 'file/keys/doppler/doppler-cli.yaml'
- 'file/keys/doppler/doppler-scim.yaml'
- 'file/keys/doppler/doppler-service-account.yaml'
- 'file/keys/doppler/doppler-service.yaml'
- 'file/keys/dropbox/dropbox-access.yaml'
- 'file/keys/huggingface/huggingface-user-access.yaml'
- 'file/keys/linkedin/linkedin-client.yaml'
- 'file/keys/linkedin/linkedin-secret.yaml'
- 'file/keys/newrelic/newrelic-api-service.yaml'
- 'file/keys/newrelic/newrelic-license-non.yaml'
- 'file/keys/newrelic/newrelic-license.yaml'
- 'file/keys/odbc/odbc-connection.yaml'
- 'file/keys/okta/okta-api.yaml'
- 'file/keys/particle/particle-access.yaml'
- 'file/keys/react/reactapp-password.yaml'
- 'file/keys/react/reactapp-username.yaml'
- 'file/keys/salesforce/salesforce-access.yaml'
- 'file/keys/thingsboard/thingsboard-access.yaml'
- 'file/keys/truenas/truenas-api.yaml'
- 'file/keys/twitter/twitter-client.yaml'
- 'file/keys/twitter/twitter-secret.yaml'
- 'file/keys/wireguard/wireguard-preshared.yaml'
- 'file/keys/wireguard/wireguard-private.yaml'
- 'http/cves/2023/CVE-2023-49785.yaml'
- 'http/cves/2023/CVE-2023-5830.yaml'
- 'http/cves/2023/CVE-2023-5914.yaml'
- 'http/cves/2023/CVE-2023-6114.yaml'
- 'http/cves/2023/CVE-2023-6567.yaml'
- 'http/cves/2024/CVE-2024-1212.yaml'
- 'http/cves/2024/CVE-2024-1698.yaml'
- 'http/cves/2024/CVE-2024-27954.yaml'
- 'http/default-logins/ispconfig-default-login.yaml'
- 'http/exposed-panels/bynder-panel.yaml'
- 'http/exposed-panels/c2/ares-rat-c2.yaml'
- 'http/exposed-panels/c2/caldera-c2.yaml'
- 'http/exposed-panels/c2/hack5-cloud-c2.yaml'
- 'http/exposed-panels/c2/pupyc2.yaml'
- 'http/exposed-panels/c2/supershell-c2.yaml'
- 'http/exposed-panels/cisco/cisco-expressway-panel.yaml'
- 'http/exposed-panels/emqx-panel.yaml'
- 'http/exposed-panels/fortinet/forticlientems-panel.yaml'
- 'http/exposed-panels/fortinet/fortiwlm-panel.yaml'
- 'http/exposed-panels/neocase-hrportal-panel.yaml'
- 'http/exposed-panels/osnexus-panel.yaml'
- 'http/exposed-panels/posteio-admin-panel.yaml'
- 'http/exposed-panels/skeepers-panel.yaml'
- 'http/exposed-panels/softether-vpn-panel.yaml'
- 'http/exposures/files/generic-db.yaml'
- 'http/misconfiguration/installer/posteio-installer.yaml'
- 'http/osint/phishing/kakao-login-phish.yaml'
- 'http/osint/phishing/naver-login-phish.yaml'
- 'http/technologies/directus-detect.yaml'
- 'http/technologies/microsoft/aspnet-version-detect.yaml'
- 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml'
- 'http/technologies/wing-ftp-service-detect.yaml'
- 'http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml'
- 'http/vulnerabilities/idoc/idocview-2word-fileupload.yaml'
- 'http/vulnerabilities/idoc/idocview-lfi.yaml'
- 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
- 'http/vulnerabilities/other/office365-indexs-fileread.yaml'
- 'http/vulnerabilities/other/ups-network-lfi.yaml'
- 'javascript/audit/mysql/mysql-load-file.yaml'
- 'javascript/enumeration/mysql/mysql-default-login.yaml'
- 'javascript/enumeration/mysql/mysql-info.yaml'
- 'javascript/enumeration/mysql/mysql-show-databases.yaml'
- 'javascript/enumeration/mysql/mysql-show-variables.yaml'
- 'javascript/enumeration/mysql/mysql-user-enum.yaml'
- 'javascript/enumeration/pop3/pop3-capabilities-enum.yaml'
- 'javascript/enumeration/redis/redis-info.yaml'
- 'javascript/enumeration/redis/redis-require-auth.yaml'
- 'javascript/enumeration/rsync/rsync-version.yaml'
- 'javascript/enumeration/smb/smb-default-creds.yaml'
- 'javascript/enumeration/smb/smb-enum-domains.yaml'
- 'javascript/enumeration/smb/smb-os-detect.yaml'
- 'javascript/enumeration/smb/smb-version-detect.yaml'
- 'javascript/enumeration/smb/smb2-server-time.yaml'
- 'javascript/misconfiguration/mysql/mysql-empty-password.yaml'
- 'network/detection/wing-ftp-detect.yaml'
- 'ssl/c2/venomrat.yaml'
- 'dast/cves/2018/CVE-2018-19518.yaml'
- 'dast/cves/2021/CVE-2021-45046.yaml'
- 'dast/cves/2022/CVE-2022-34265.yaml'
- 'dast/cves/2022/CVE-2022-42889.yaml'
- 'dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml'
- 'dast/vulnerabilities/cmdi/ruby-open-rce.yaml'
- 'dast/vulnerabilities/crlf/cookie-injection.yaml'
- 'dast/vulnerabilities/crlf/crlf-injection.yaml'
- 'dast/vulnerabilities/csti/angular-client-side-template-injection.yaml'
- 'dast/vulnerabilities/lfi/lfi-keyed.yaml'
- 'dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml'
- 'dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml'
- 'dast/vulnerabilities/redirect/open-redirect.yaml'
- 'dast/vulnerabilities/rfi/generic-rfi.yaml'
- 'dast/vulnerabilities/sqli/sqli-error-based.yaml'
- 'dast/vulnerabilities/ssrf/blind-ssrf.yaml'
- 'dast/vulnerabilities/ssrf/response-ssrf.yaml'
- 'dast/vulnerabilities/ssti/reflection-ssti.yaml'
- 'dast/vulnerabilities/xss/dom-xss.yaml'
- 'dast/vulnerabilities/xss/reflected-xss.yaml'
- 'dast/vulnerabilities/xxe/generic-xxe.yaml'
- 'http/cves/2016/CVE-2016-5674.yaml'
- 'http/cves/2018/CVE-2018-10735.yaml'
- 'http/cves/2018/CVE-2018-10736.yaml'
- 'http/cves/2018/CVE-2018-10737.yaml'
- 'http/cves/2018/CVE-2018-10738.yaml'
- 'http/cves/2018/CVE-2018-6605.yaml'
- 'http/cves/2018/CVE-2018-7314.yaml'
- 'http/cves/2019/CVE-2019-9632.yaml'
- 'http/cves/2021/CVE-2021-46418.yaml'
- 'http/cves/2021/CVE-2021-46419.yaml'
- 'http/cves/2022/CVE-2022-29013.yaml'
- 'http/cves/2022/CVE-2022-32430.yaml'
- 'http/cves/2022/CVE-2022-41412.yaml'
- 'http/cves/2023/CVE-2023-0159.yaml'
- 'http/cves/2023/CVE-2023-0678.yaml'
- 'http/cves/2023/CVE-2023-34993.yaml'
- 'http/cves/2023/CVE-2023-47218.yaml'
- 'http/cves/2024/CVE-2024-20767.yaml'
- 'http/cves/2024/CVE-2024-27564.yaml'
- 'http/cves/2024/CVE-2024-28255.yaml'
- 'http/cves/2024/CVE-2024-28734.yaml'
- 'http/cves/2024/CVE-2024-29059.yaml'
- 'http/cves/2024/CVE-2024-29269.yaml'
- 'http/default-logins/3com/3Com-wireless-default-login.yaml'
- 'http/default-logins/3ware-default-login.yaml'
- 'http/default-logins/next-terminal/next-terminal-default-login.yaml'
- 'http/exposed-panels/amprion-gridloss-panel.yaml'
- 'http/exposed-panels/safenet-authentication-panel.yaml'
- 'http/exposed-panels/syfadis-xperience-panel.yaml'
- 'http/exposures/configs/deployment-ini.yaml'
- 'http/miscellaneous/form-detection.yaml'
- 'http/misconfiguration/https-to-http-redirect.yaml'
- 'http/technologies/celebrus-detect.yaml'
- 'http/technologies/privatebin-detect.yaml'
- 'http/technologies/simplesamlphp-detect.yaml'
- 'http/technologies/yourls-detect.yaml'
- 'http/vulnerabilities/dahua/dahua-eims-rce.yaml'
- 'http/vulnerabilities/huatian/huatian-oa-sqli.yaml'
- 'http/vulnerabilities/landray/landray-eis-sqli.yaml'
- 'http/vulnerabilities/other/voyager-lfi.yaml'
- 'javascript/cves/2012/CVE-2012-2122.yaml'
- 'javascript/cves/2019/CVE-2019-9193.yaml'
- 'javascript/enumeration/minecraft-enum.yaml'
- 'javascript/enumeration/pgsql/pgsql-default-db.yaml'
- 'javascript/enumeration/pgsql/pgsql-file-read.yaml'
- 'javascript/enumeration/pgsql/pgsql-list-database.yaml'
- 'javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml'
- 'javascript/enumeration/pgsql/pgsql-list-users.yaml'
- 'javascript/enumeration/pgsql/pgsql-version-detect.yaml'
- 'javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml'
- 'javascript/misconfiguration/pgsql/postgresql-empty-password.yaml'
- 'javascript/udp/detection/tftp-detect.yaml'
- 'network/c2/darkcomet-trojan.yaml'
- 'network/c2/darktrack-rat-trojan.yaml'
- 'network/c2/orcus-rat-trojan.yaml'
- 'network/c2/xtremerat-trojan.yaml'
workflow_dispatch:
jobs:
triggerRemoteWorkflow:
Expand Down
162 changes: 77 additions & 85 deletions .new-additions
View file
Original file line number Diff line number Diff line change
@@ -1,85 +1,77 @@
dns/soa-detect.yaml
dns/spf-record-detect.yaml
dns/txt-service-detect.yaml
file/keys/dependency/dependency-track.yaml
file/keys/docker/dockerhub-pat.yaml
file/keys/doppler/doppler-audit.yaml
file/keys/doppler/doppler-cli.yaml
file/keys/doppler/doppler-scim.yaml
file/keys/doppler/doppler-service-account.yaml
file/keys/doppler/doppler-service.yaml
file/keys/dropbox/dropbox-access.yaml
file/keys/huggingface/huggingface-user-access.yaml
file/keys/linkedin/linkedin-client.yaml
file/keys/linkedin/linkedin-secret.yaml
file/keys/newrelic/newrelic-api-service.yaml
file/keys/newrelic/newrelic-license-non.yaml
file/keys/newrelic/newrelic-license.yaml
file/keys/odbc/odbc-connection.yaml
file/keys/okta/okta-api.yaml
file/keys/particle/particle-access.yaml
file/keys/react/reactapp-password.yaml
file/keys/react/reactapp-username.yaml
file/keys/salesforce/salesforce-access.yaml
file/keys/thingsboard/thingsboard-access.yaml
file/keys/truenas/truenas-api.yaml
file/keys/twitter/twitter-client.yaml
file/keys/twitter/twitter-secret.yaml
file/keys/wireguard/wireguard-preshared.yaml
file/keys/wireguard/wireguard-private.yaml
http/cves/2023/CVE-2023-49785.yaml
http/cves/2023/CVE-2023-5830.yaml
http/cves/2023/CVE-2023-5914.yaml
http/cves/2023/CVE-2023-6114.yaml
http/cves/2023/CVE-2023-6567.yaml
http/cves/2024/CVE-2024-1212.yaml
http/cves/2024/CVE-2024-1698.yaml
http/cves/2024/CVE-2024-27954.yaml
http/default-logins/ispconfig-default-login.yaml
http/exposed-panels/bynder-panel.yaml
http/exposed-panels/c2/ares-rat-c2.yaml
http/exposed-panels/c2/caldera-c2.yaml
http/exposed-panels/c2/hack5-cloud-c2.yaml
http/exposed-panels/c2/pupyc2.yaml
http/exposed-panels/c2/supershell-c2.yaml
http/exposed-panels/cisco/cisco-expressway-panel.yaml
http/exposed-panels/emqx-panel.yaml
http/exposed-panels/fortinet/forticlientems-panel.yaml
http/exposed-panels/fortinet/fortiwlm-panel.yaml
http/exposed-panels/neocase-hrportal-panel.yaml
http/exposed-panels/osnexus-panel.yaml
http/exposed-panels/posteio-admin-panel.yaml
http/exposed-panels/skeepers-panel.yaml
http/exposed-panels/softether-vpn-panel.yaml
http/exposures/files/generic-db.yaml
http/misconfiguration/installer/posteio-installer.yaml
http/osint/phishing/kakao-login-phish.yaml
http/osint/phishing/naver-login-phish.yaml
http/technologies/directus-detect.yaml
http/technologies/microsoft/aspnet-version-detect.yaml
http/technologies/microsoft/aspnetmvc-version-disclosure.yaml
http/technologies/wing-ftp-service-detect.yaml
http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml
http/vulnerabilities/idoc/idocview-2word-fileupload.yaml
http/vulnerabilities/idoc/idocview-lfi.yaml
http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
http/vulnerabilities/other/office365-indexs-fileread.yaml
http/vulnerabilities/other/ups-network-lfi.yaml
javascript/audit/mysql/mysql-load-file.yaml
javascript/enumeration/mysql/mysql-default-login.yaml
javascript/enumeration/mysql/mysql-info.yaml
javascript/enumeration/mysql/mysql-show-databases.yaml
javascript/enumeration/mysql/mysql-show-variables.yaml
javascript/enumeration/mysql/mysql-user-enum.yaml
javascript/enumeration/pop3/pop3-capabilities-enum.yaml
javascript/enumeration/redis/redis-info.yaml
javascript/enumeration/redis/redis-require-auth.yaml
javascript/enumeration/rsync/rsync-version.yaml
javascript/enumeration/smb/smb-default-creds.yaml
javascript/enumeration/smb/smb-enum-domains.yaml
javascript/enumeration/smb/smb-os-detect.yaml
javascript/enumeration/smb/smb-version-detect.yaml
javascript/enumeration/smb/smb2-server-time.yaml
javascript/misconfiguration/mysql/mysql-empty-password.yaml
network/detection/wing-ftp-detect.yaml
ssl/c2/venomrat.yaml
dast/cves/2018/CVE-2018-19518.yaml
dast/cves/2021/CVE-2021-45046.yaml
dast/cves/2022/CVE-2022-34265.yaml
dast/cves/2022/CVE-2022-42889.yaml
dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml
dast/vulnerabilities/cmdi/ruby-open-rce.yaml
dast/vulnerabilities/crlf/cookie-injection.yaml
dast/vulnerabilities/crlf/crlf-injection.yaml
dast/vulnerabilities/csti/angular-client-side-template-injection.yaml
dast/vulnerabilities/lfi/lfi-keyed.yaml
dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml
dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml
dast/vulnerabilities/redirect/open-redirect.yaml
dast/vulnerabilities/rfi/generic-rfi.yaml
dast/vulnerabilities/sqli/sqli-error-based.yaml
dast/vulnerabilities/ssrf/blind-ssrf.yaml
dast/vulnerabilities/ssrf/response-ssrf.yaml
dast/vulnerabilities/ssti/reflection-ssti.yaml
dast/vulnerabilities/xss/dom-xss.yaml
dast/vulnerabilities/xss/reflected-xss.yaml
dast/vulnerabilities/xxe/generic-xxe.yaml
http/cves/2016/CVE-2016-5674.yaml
http/cves/2018/CVE-2018-10735.yaml
http/cves/2018/CVE-2018-10736.yaml
http/cves/2018/CVE-2018-10737.yaml
http/cves/2018/CVE-2018-10738.yaml
http/cves/2018/CVE-2018-6605.yaml
http/cves/2018/CVE-2018-7314.yaml
http/cves/2019/CVE-2019-9632.yaml
http/cves/2021/CVE-2021-46418.yaml
http/cves/2021/CVE-2021-46419.yaml
http/cves/2022/CVE-2022-29013.yaml
http/cves/2022/CVE-2022-32430.yaml
http/cves/2022/CVE-2022-41412.yaml
http/cves/2023/CVE-2023-0159.yaml
http/cves/2023/CVE-2023-0678.yaml
http/cves/2023/CVE-2023-34993.yaml
http/cves/2023/CVE-2023-47218.yaml
http/cves/2024/CVE-2024-20767.yaml
http/cves/2024/CVE-2024-27564.yaml
http/cves/2024/CVE-2024-28255.yaml
http/cves/2024/CVE-2024-28734.yaml
http/cves/2024/CVE-2024-29059.yaml
http/cves/2024/CVE-2024-29269.yaml
http/default-logins/3com/3Com-wireless-default-login.yaml
http/default-logins/3ware-default-login.yaml
http/default-logins/next-terminal/next-terminal-default-login.yaml
http/exposed-panels/amprion-gridloss-panel.yaml
http/exposed-panels/safenet-authentication-panel.yaml
http/exposed-panels/syfadis-xperience-panel.yaml
http/exposures/configs/deployment-ini.yaml
http/miscellaneous/form-detection.yaml
http/misconfiguration/https-to-http-redirect.yaml
http/technologies/celebrus-detect.yaml
http/technologies/privatebin-detect.yaml
http/technologies/simplesamlphp-detect.yaml
http/technologies/yourls-detect.yaml
http/vulnerabilities/dahua/dahua-eims-rce.yaml
http/vulnerabilities/huatian/huatian-oa-sqli.yaml
http/vulnerabilities/landray/landray-eis-sqli.yaml
http/vulnerabilities/other/voyager-lfi.yaml
javascript/cves/2012/CVE-2012-2122.yaml
javascript/cves/2019/CVE-2019-9193.yaml
javascript/enumeration/minecraft-enum.yaml
javascript/enumeration/pgsql/pgsql-default-db.yaml
javascript/enumeration/pgsql/pgsql-file-read.yaml
javascript/enumeration/pgsql/pgsql-list-database.yaml
javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml
javascript/enumeration/pgsql/pgsql-list-users.yaml
javascript/enumeration/pgsql/pgsql-version-detect.yaml
javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml
javascript/misconfiguration/pgsql/postgresql-empty-password.yaml
javascript/udp/detection/tftp-detect.yaml
network/c2/darkcomet-trojan.yaml
network/c2/darktrack-rat-trojan.yaml
network/c2/orcus-rat-trojan.yaml
network/c2/xtremerat-trojan.yaml
8 changes: 6 additions & 2 deletions .nuclei-ignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# ====================================
#
# This is default list of tags and files to excluded from default nuclei scan.
# More details - https://nuclei.projectdiscovery.io/nuclei/get-started/#template-exclusion
# More details - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion
#
# ============ DO NOT EDIT ============
# Automatically updated by nuclei on execution from nuclei-templates
Expand All @@ -13,9 +13,9 @@
# unless asked for by the user.

tags:
- "fuzz"
- "dos"
- "local"
- "fuzz"
- "bruteforce"

# The following templates have been excluded because they have weak matchers and may generate FP results.
Expand All @@ -34,3 +34,7 @@ files:
- http/fuzzing/wordpress-themes-detect.yaml
- http/fuzzing/mdb-database-file.yaml
- http/fuzzing/iis-shortname.yaml
- dns/soa-detect.yaml
- dns/txt-service-detect.yaml
- javascript/enumeration/pop3/pop3-capabilities-enum.yaml
- javascript/enumeration/redis/redis-require-auth.yaml
20 changes: 10 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,

| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2388 | dhiyaneshdk | 1189 | http | 7229 | info | 3544 | file | 312 |
| panel | 1093 | daffainfo | 864 | file | 312 | high | 1583 | dns | 21 |
| wordpress | 954 | dwisiswant0 | 802 | workflows | 191 | medium | 1464 | | |
| exposure | 892 | pikpikcu | 353 | network | 132 | critical | 960 | | |
| xss | 892 | pussycat0x | 313 | code | 80 | low | 258 | | |
| wp-plugin | 829 | ritikchaddha | 308 | ssl | 27 | unknown | 35 | | |
| osint | 791 | pdteam | 285 | javascript | 26 | | | | |
| tech | 661 | ricardomaia | 231 | dns | 18 | | | | |
| lfi | 634 | geeknik | 227 | headless | 11 | | | | |
| cve | 2396 | dhiyaneshdk | 1233 | http | 7267 | info | 3605 | file | 337 |
| panel | 1105 | daffainfo | 864 | file | 337 | high | 1601 | dns | 24 |
| wordpress | 958 | dwisiswant0 | 802 | workflows | 191 | medium | 1463 | | |
| exposure | 894 | pikpikcu | 353 | network | 133 | critical | 967 | | |
| xss | 893 | pussycat0x | 328 | code | 80 | low | 257 | | |
| wp-plugin | 833 | ritikchaddha | 313 | javascript | 42 | unknown | 35 | | |
| osint | 799 | pdteam | 285 | ssl | 28 | | | | |
| tech | 667 | ricardomaia | 232 | dns | 21 | | | | |
| lfi | 640 | geeknik | 227 | headless | 11 | | | | |
| edb | 598 | theamanrawat | 221 | cloud | 9 | | | | |

**571 directories, 8318 files**.
**594 directories, 8406 files**.

</td>
</tr>
Expand Down
2 changes: 1 addition & 1 deletion TEMPLATES-STATS.json
View file

Large diffs are not rendered by default.

Loading

0 comments on commit 01d9665

Please sign in to comment.