漏洞描述
This template assists you in discovering intriguing extensions within a list of URLs.
url-extension-inspector: URL Extension Inspector
PoC代码[已公开]
id: url-extension-inspector
info:
name: URL Extension Inspector
author: ayadim
severity: unknown
description: |
This template assists you in discovering intriguing extensions within a list of URLs.
reference:
- https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
tags: file,url-analyse,urls,extension
file:
- extensions:
- all
extractors:
- type: regex
name: Hot finding
regex:
- "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"
- type: regex
name: Backup file
regex:
- "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")"
- type: regex
name: PHP Source
regex:
- "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"
- type: regex
name: ASP Source
regex:
- "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"
- type: regex
name: Database file
regex:
- "(?i)\\.db|\\.sql('|\")"
- type: regex
name: Bash script
regex:
- "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")"
- type: regex
name: 1Password password manager database file
regex:
- "(?i)\\.agilekeychain('|\")"
- type: regex
name: ASP configuration file
regex:
- "(?i)\\.asa('|\")"
- type: regex
name: Apple Keychain database file
regex:
- "(?i)\\.keychain('|\")"
- type: regex
name: Azure service configuration schema file
regex:
- "(?i)\\.cscfg('|\")"
- type: regex
name: Compressed archive file
regex:
- "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")"
- type: regex
name: Configuration file
regex:
- "(?i)(\\.ini|\\.config|\\.conf)('|\")"
- type: regex
name: Day One journal file
regex:
- "(?i)\\.dayone('|\")"
- type: regex
name: Document file
regex:
- "(?i)(\\.doc|\\.docx|\\.rtf)('|\")"
- type: regex
name: GnuCash database file
regex:
- "(?i)\\.gnucash('|\")"
- type: regex
name: Include file
regex:
- "(?i)\\.inc('|\")"
- type: regex
name: XML file
regex:
- "(?i)\\.xml('|\")"
- type: regex
name: Old file
regex:
- "(?i)\\.old('|\")"
- type: regex
name: Log file
regex:
- "(?i)\\.log('|\")"
- type: regex
name: Java file
regex:
- "(?i)\\.java('|\")"
- type: regex
name: SQL dump file
regex:
- "(?i)\\.sql('|\")"
- type: regex
name: Excel file
regex:
- "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")"
- type: regex
name: Certificate file
regex:
- "(?i)(\\.cer|\\.crt|\\.p7b)('|\")"
- type: regex
name: Java key storte
regex:
- "(?i)\\.jks('|\")"
- type: regex
name: KDE Wallet Manager database file
regex:
- "(?i)\\.kwallet('|\")"
- type: regex
name: Little Snitch firewall configuration file
regex:
- "(?i)\\.xpl('|\")"
- type: regex
name: Microsoft BitLocker Trusted Platform Module password file
regex:
- "(?i)\\.tpm('|\")"
- type: regex
name: Microsoft BitLocker recovery key file
regex:
- "(?i)\\.bek('|\")"
- type: regex
name: Microsoft SQL database file
regex:
- "(?i)\\.mdf('|\")"
- type: regex
name: Microsoft SQL server compact database file
regex:
- "(?i)\\.sdf('|\")"
- type: regex
name: Network traffic capture file
regex:
- "(?i)\\.pcap('|\")"
- type: regex
name: OpenVPN client configuration file
regex:
- "(?i)\\.ovpn('|\")"
- type: regex
name: PDF file
regex:
- "(?i)\\.pdf('|\")"
- type: regex
name: PHP file
regex:
- "(?i)\\.pcap('|\")"
- type: regex
name: Password Safe database file
regex:
- "(?i)\\.psafe3('|\")"
- type: regex
name: Potential configuration file
regex:
- "(?i)\\.yml('|\")"
- type: regex
name: Potential cryptographic key bundle
regex:
- "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")"
- type: regex
name: Potential private key
regex:
- "(?i)otr.private_key('|\")"
- type: regex
name: Presentation file
regex:
- "(?i)(\\.ppt|\\.pptx)('|\")"
- type: regex
name: Python file
regex:
- "(?i)\\.py('|\")"
- type: regex
name: Remote Desktop connection file
regex:
- "(?i)\\.rdp('|\")"
- type: regex
name: Ruby On Rails file
regex:
- "(?i)\\.rb('|\")"
- type: regex
name: SQLite database file
regex:
- "(?i)\\.sqlite|\\.sqlitedb('|\")"
- type: regex
name: SQLite3 database file
regex:
- "(?i)\\.sqlite3('|\")"
- type: regex
name: Sequel Pro MySQL database manager bookmark file
regex:
- "(?i)\\.plist('|\")"
- type: regex
name: Shell configuration file
regex:
- "(?i)(\\.exports|\\.functions|\\.extra)('|\")"
- type: regex
name: Temporary file
regex:
- "(?i)\\.tmp"
- type: regex
name: Terraform variable config file
regex:
- "(?i)\\.tfvars('|\")"
- type: regex
name: Text file
regex:
- "(?i)\\.txt('|\")"
- type: regex
name: Tunnelblick VPN configuration file
regex:
- "(?i)\\.tblk('|\")"
- type: regex
name: Windows BitLocker full volume encrypted data file
regex:
- "(?i)\\.fve('|\")"
# digest: 490a0046304402205b2080f516f955839eaf0396d3db2b4b8b390e39f65840c2807d992257eafc000220633e1999e0c2de945088150cf68403e7889d9e7376245478b2cc2c28974afd95:922c64590222798bb761d5b6d8e72950