This template is designed to identify the presence of credit or debit card numbers exposed within web pages, APIs, or other application responses. It searches for patterns matching card numbers using regular expressions aligned with common card formats, including Visa, MasterCard, American Express, and Discover cards. Detecting exposed card information can help identify potential compliance issues with standards like PCI DSS and mitigate risks of data leaks.
PoC代码[已公开]
id: credit-card-number-detect
info:
name: Credit and Debit Card Number - Detection
author: spiderSilk,morsy,geeknik
severity: medium
description: |
This template is designed to identify the presence of credit or debit card numbers exposed within web pages, APIs, or other application responses. It searches for patterns matching card numbers using regular expressions aligned with common card formats, including Visa, MasterCard, American Express, and Discover cards. Detecting exposed card information can help identify potential compliance issues with standards like PCI DSS and mitigate risks of data leaks.
reference:
- https://www.tenable.com/plugins/was/98129
- https://en.wikipedia.org/wiki/Payment_card_number
- https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
tags: credit,debit,card,payment,security,pci,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "\\b4[0-9]{12}(?:[0-9]{3})?\\b" # Visa
- "\\b3[47][0-9]{13}\\b" # American Express
- "\\b5[1-5][0-9]{14}\\b|\\b(222[1-9]|22[3-9]\\d|2[3-6]\\d{2}|27[0-1]\\d|2720)[0-9]{12}\\b" # MasterCard
- "\\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}|(622(?:12[6-9]|1[3-9][0-9]|[2-8][0-9][0-9]|9[01][0-9]|92[0-5])[0-9]{10})\\b" # Discover
- "\\b(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}\\b" # Maestro
- "\\b62[0-9]{14,17}\\b" # UnionPay
- "\\b3(?:0[0-5]|[68][0-9])[0-9]{11}\\b" # Diners Club
- "\\b(?:2131|1800|35\\d{3})\\d{11}\\b" # JCB
condition: or
- type: status
status:
- 200
- type: word
part: body
words:
- "credit card"
- "card number"
- "expiry date"
- "cvv"
- "cardholder"
- "payment"
- "billing"
condition: or
- type: regex
part: body
regex:
- "\\b4[0-9]{12}(?:[0-9]{3})?-[a-fA-F0-9]" # Exclude hex patterns after card-like numbers
- "\\b[0-9]{13,19}\\.[a-zA-Z]{2,4}\\b" # Exclude file extensions
- "\\b\\.[0-9]{13,19}\\b" # Exclude float numbers that have fractional part equals cc number
- "href=[\"'][^\"']*[0-9]{13,19}[a-fA-F0-9]" # Exclude URLs with long hex strings
- "src=[\"'][^\"']*[0-9]{13,19}[a-fA-F0-9]" # Exclude asset URLs
condition: or
negative: true
- type: word
part: body
words:
- "<h1>Access Denied</h1>"
- "The requested URL was rejected"
condition: or
negative: true
extractors:
- type: regex
name: creditcard
regex:
- "\\b4[0-9]{12}(?:[0-9]{3})?\\b" # Visa
- "\\b3[47][0-9]{13}\\b" # American Express
- "\\b5[1-5][0-9]{14}\\b|\\b(222[1-9]|22[3-9]\\d|2[3-6]\\d{2}|27[0-1]\\d|2720)[0-9]{12}\\b" # MasterCard
- "\\b65[4-9][0-9]{13}|64[4-9][0-9]{13}|6011[0-9]{12}|(622(?:12[6-9]|1[3-9][0-9]|[2-8][0-9][0-9]|9[01][0-9]|92[0-5])[0-9]{10})\\b" # Discover
- "\\b(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}\\b" # Maestro
- "\\b62[0-9]{14,17}\\b" # UnionPay
- "\\b3(?:0[0-5]|[68][0-9])[0-9]{11}\\b" # Diners Club
- "\\b(?:2131|1800|35\\d{3})\\d{11}\\b" # JCB
# digest: 4a0a0047304502207e6b017d9c0407034fd92cc7510b1adda7256554cb2487bc0cb1d305abbf043a022100ec106faf4632bba13fdca55ecbbb1c6e80aba1b329b45384f7a774dc146f7ede:922c64590222798bb761d5b6d8e72950