From 0524e2f0c0591d50e5aeaea6fe87fcd39192d170 Mon Sep 17 00:00:00 2001
From: geeknik <466878+geeknik@users.noreply.github.com>
Date: Tue, 17 Dec 2024 09:42:21 -0600
Subject: [PATCH] Create credit-card-number-detection.yaml

---
 .../credit-card-number-detection.yaml         | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 http/miscellaneous/credit-card-number-detection.yaml

diff --git a/http/miscellaneous/credit-card-number-detection.yaml b/http/miscellaneous/credit-card-number-detection.yaml
new file mode 100644
index 00000000000..ca0cf5fd3fa
--- /dev/null
+++ b/http/miscellaneous/credit-card-number-detection.yaml
@@ -0,0 +1,65 @@
+id: credit-card-number-detection
+
+info:
+  name: Enhanced Credit and Debit Card Number Detection
+  author: spiderSilk,morsy,geeknik
+  severity: medium
+  description: This template detects credit and debit card numbers with improved accuracy. It reduces false positives by using precise regex patterns and additional context checks.
+  reference:
+    - https://www.tenable.com/plugins/was/98129
+    - https://en.wikipedia.org/wiki/Payment_card_number
+    - https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
+  tags: credit, debit, card, payment, security, pci
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        name: creditcard
+        regex:
+          - "\\b4[0-9]{12}(?:[0-9]{3})?\\b" # Visa
+          - "\\b3[47][0-9]{13}\\b" # American Express
+          - "\\b5[1-5][0-9]{14}\\b|\\b(222[1-9]|22[3-9]\\d|2[3-6]\\d{2}|27[0-1]\\d|2720)[0-9]{12}\\b" # MasterCard
+          - "\\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}|(622(?:12[6-9]|1[3-9][0-9]|[2-8][0-9][0-9]|9[01][0-9]|92[0-5])[0-9]{10})\\b" # Discover
+          - "\\b(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}\\b" # Maestro
+          - "\\b62[0-9]{14,17}\\b" # UnionPay
+          - "\\b3(?:0[0-5]|[68][0-9])[0-9]{11}\\b" # Diners Club
+          - "\\b(?:2131|1800|35\\d{3})\\d{11}\\b" # JCB
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        condition: or
+        regex:
+          - "\\b4[0-9]{12}(?:[0-9]{3})?\\b" # Visa
+          - "\\b3[47][0-9]{13}\\b" # American Express
+          - "\\b5[1-5][0-9]{14}\\b|\\b(222[1-9]|22[3-9]\\d|2[3-6]\\d{2}|27[0-1]\\d|2720)[0-9]{12}\\b" # MasterCard
+          - "\\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}|(622(?:12[6-9]|1[3-9][0-9]|[2-8][0-9][0-9]|9[01][0-9]|92[0-5])[0-9]{10})\\b" # Discover
+          - "\\b(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}\\b" # Maestro
+          - "\\b62[0-9]{14,17}\\b" # UnionPay
+          - "\\b3(?:0[0-5]|[68][0-9])[0-9]{11}\\b" # Diners Club
+          - "\\b(?:2131|1800|35\\d{3})\\d{11}\\b" # JCB
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "credit card"
+          - "card number"
+          - "expiry date"
+          - "cvv"
+          - "cardholder"
+        condition: or
+        part: body
+
+      - type: word
+        words:
+          - "<h1>Access Denied</h1>"
+          - "The requested URL was rejected"
+        condition: or
+        negative: true