1、up PoCs 2、add supply chain 2022-08-09

GhostTroops · Aug 9, 2022 · 52ead5d · 52ead5d
1 parent 34c4784
commit 52ead5d
Show file tree

Hide file tree

Showing 120 changed files with 897 additions and 9 deletions.
diff --git a/README_CN.md b/README_CN.md
@@ -214,13 +214,16 @@ more see: <a href=https://github.com/hktalent/scan4all/discussions>discussions</
 - 2022-06-24 优化指纹算法；增加工作流程图
 - 2022-06-23 添加参数ParseSSl，控制默认不深度分析SSL中的DNS信息，默认不对SSL中dns进行扫描；优化：nmap未自动加.exe的bug；优化windows下缓存文件未优化体积的bug
 - 2022-06-22 集成 N 种协议弱口令检测、密码爆破：ftp、mongodb、mssql、mysql、oracle、postgresql、rdp、redis、smb、ssh、telnet，同时优化支持外挂密码字典
+- 2022-06-21 决然做scan4all
+<!--
 - 2022-06-20 集成Subfinder，域名爆破，启动参数导出EnableSubfinder=true，注意启动后很慢； ssl证书中域名信息的自动深度钻取
   允许通过 config/config.json 配置定义自己的字典，或设置相关开关
 - 2022-06-17 优化一个域名多个IP的情况，所有IP都会被端口扫描，然后按照后续的扫描流程
 - 2022-06-15 此版本增加了过去实战中获得的几个weblogic密码字典和webshell字典
 - 2022-06-10 完成核的整合，当然包括核模板的整合
 - 2022-06-07 添加相似度算法来检测 404
 - 2022-06-07 增加http url列表精准扫描参数，根据环境变量UrlPrecise=true开启
+-->
 
 # 交流群(微信、QQ、Tg)
 | Wechat | Or | QQchat | Or | Tg |

diff --git a/brute/dicts/cprt.txt b/brute/dicts/cprt.txt
@@ -0,0 +1,3 @@
+技术支持
+运行维护单位
+开发单位
diff --git a/brute/dicts/softc.txt b/brute/dicts/softc.txt
@@ -0,0 +1,31 @@
+Amadeus
+Amadeus IT Group
+CA
+Fiserv
+HCL Technologies
+HCL科技
+Intuit
+Microsoft
+Oracle
+SAP
+VMware
+甲骨文
+赛门铁克
+同方股份有限公司
+长天科技有限公司
+万达信息股份有限公司
+东软集团股份有限公司
+山大地纬软件股份有限公司
+广州华南资讯科技有限公司
+广州华资软件技术有限公司
+浙大网新科技股份有限公司
+浙江天正信息科技有限公司
+山东地纬计算机软件有限公司
+易联众信息技术股份有限公司
+创智和宇信息技术股份有限公司
+北京中软国际信息技术有限公司
+南京莱斯信息技术股份有限公司
+四川久远银海软件股份有限公司
+新型农村社会养老保险信息系统
+长沙创智和宇信息技术有限公司
+北京北控电信通信息技术有限公司
diff --git a/brute/supportinfo.go b/brute/supportinfo.go
@@ -0,0 +1,22 @@
+package brute
+
+import (
+	_ "embed"
+	"github.com/hktalent/scan4all/lib/util"
+	"regexp"
+	"strings"
+)
+
+//go:embed dicts/cprt.txt
+var supplyChainPrefix string
+
+//go:embed dicts/softc.txt
+var supplyChainEndstr string
+
+func init() {
+	util.RegInitFunc(func() {
+		p1 := "((" + strings.Join(strings.Split(strings.TrimSpace(supplyChainPrefix), "\n"), ")|(") + "))\\s*[:：]\\s*"
+		p2 := "((" + strings.Join(strings.Split(strings.TrimSpace(supplyChainEndstr), "\n"), ")|(") + "))"
+		util.SupplyChainReg = regexp.MustCompile(p1 + p2)
+	})
+}
diff --git a/config/nuclei-templates/cves/2014/CVE-2014-3704.yaml b/config/nuclei-templates/cves/2014/CVE-2014-3704.yaml
@@ -16,6 +16,8 @@ info:
   remediation: Upgrade to Drupal core 7.32 or later.
   classification:
     cve-id: CVE-2014-3704
+  metadata:
+    shodan-query: http.component:"drupal"
   tags: cve,cve2014,drupal,sqli
 
 variables:

diff --git a/config/nuclei-templates/cves/2015/CVE-2015-1503.yaml b/config/nuclei-templates/cves/2015/CVE-2015-1503.yaml
@@ -15,6 +15,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2015-1503
     cwe-id: CWE-200
+  metadata:
+    shodan-query: title:"icewarp"
   tags: cve,cve2015,icewarp,lfi,mail
 
 requests:

diff --git a/config/nuclei-templates/cves/2015/CVE-2015-7450.yaml b/config/nuclei-templates/cves/2015/CVE-2015-7450.yaml
@@ -15,6 +15,8 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2015-7450
     cwe-id: CWE-94
+  metadata:
+    shodan-query: http.html:"IBM WebSphere Portal"
   tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java,kev
 
 requests:

diff --git a/config/nuclei-templates/cves/2016/CVE-2016-0957.yaml b/config/nuclei-templates/cves/2016/CVE-2016-0957.yaml
@@ -13,6 +13,8 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2016-0957
+  metadata:
+    shodan-query: http.component:"Adobe Experience Manager"
   tags: cve,cve2016,adobe,aem
 
 requests:

diff --git a/config/nuclei-templates/cves/2016/CVE-2016-2389.yaml b/config/nuclei-templates/cves/2016/CVE-2016-2389.yaml
@@ -16,6 +16,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2016-2389
     cwe-id: CWE-22
+  metadata:
+    shodan-query: http.favicon.hash:-266008933
   tags: cve,cve2016,lfi,sap
 
 requests:

diff --git a/config/nuclei-templates/cves/2017/CVE-2017-12615.yaml b/config/nuclei-templates/cves/2017/CVE-2017-12615.yaml
@@ -17,7 +17,9 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2017-12615
     cwe-id: CWE-434
-  tags: cve,cve2017,apache,rce,tomcat,kev
+  metadata:
+    shodan-query: title:"Apache Tomcat"
+  tags: cve,cve2017,apache,rce,tomcat,kev,cisa
 
 requests:
   - method: PUT

diff --git a/config/nuclei-templates/cves/2017/CVE-2017-12637.yaml b/config/nuclei-templates/cves/2017/CVE-2017-12637.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2017-12637
     cwe-id: CWE-22
+  metadata:
+    shodan-query: http.favicon.hash:-266008933
   tags: cve,cve2017,sap,lfi,java,traversal
 
 requests:

diff --git a/config/nuclei-templates/cves/2017/CVE-2017-6090.yaml b/config/nuclei-templates/cves/2017/CVE-2017-6090.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2017-6090
     cwe-id: CWE-434
+  metadata:
+    shodan-query: http.title:"PhpCollab"
   tags: cve,cve2017,phpcollab,rce,fileupload
 
 requests:

diff --git a/config/nuclei-templates/cves/2017/CVE-2017-9506.yaml b/config/nuclei-templates/cves/2017/CVE-2017-9506.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2017-9506
     cwe-id: CWE-918
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2017,atlassian,jira,ssrf,oast
 
 requests:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-11759.yaml b/config/nuclei-templates/cves/2018/CVE-2018-11759.yaml
@@ -17,6 +17,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2018-11759
     cwe-id: CWE-22
+  metadata:
+    shodan-query: title:"Apache Tomcat"
   tags: cve,cve2018,apache,tomcat
 
 requests:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-11784.yaml b/config/nuclei-templates/cves/2018/CVE-2018-11784.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 4.3
     cve-id: CVE-2018-11784
     cwe-id: CWE-601
+  metadata:
+    shodan-query: title:"Apache Tomcat"
   tags: tomcat,redirect,cve,cve2018,apache
 
 requests:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-20824.yaml b/config/nuclei-templates/cves/2018/CVE-2018-20824.yaml
@@ -12,6 +12,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2018-20824
     cwe-id: CWE-79
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2018,atlassian,jira,xss
 
 requests:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-7600.yaml b/config/nuclei-templates/cves/2018/CVE-2018-7600.yaml
@@ -15,7 +15,9 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2018-7600
     cwe-id: CWE-20
-  tags: cve,cve2018,drupal,rce,kev
+  metadata:
+    shodan-query: http.component:"drupal"
+  tags: cve,cve2018,drupal,rce,kev,cisa
 
 requests:
   - raw:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-7602.yaml b/config/nuclei-templates/cves/2018/CVE-2018-7602.yaml
@@ -14,7 +14,9 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2018-7602
-  tags: cve,cve2018,drupal,authenticated,kev
+  metadata:
+    shodan-query: http.component:"drupal"
+  tags: cve,cve2018,drupal,authenticated,kev,cisa
 
 requests:
   - raw:

diff --git a/config/nuclei-templates/cves/2018/CVE-2018-9205.yaml b/config/nuclei-templates/cves/2018/CVE-2018-9205.yaml
@@ -16,6 +16,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2018-9205
     cwe-id: CWE-22
+  metadata:
+    shodan-query: http.component:"drupal"
   tags: cve,cve2018,lfi,drupal
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-0221.yaml b/config/nuclei-templates/cves/2019/CVE-2019-0221.yaml
@@ -19,6 +19,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2019-0221
     cwe-id: CWE-79
+  metadata:
+    shodan-query: title:"Apache Tomcat"
   tags: cve,cve2019,apache,xss,tomcat
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-11580.yaml b/config/nuclei-templates/cves/2019/CVE-2019-11580.yaml
@@ -13,7 +13,9 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2019-11580
-  tags: cve,cve2019,atlassian,rce,kev
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
+  tags: cve,cve2019,atlassian,rce,kev,cisa
 
 requests:
   - method: GET

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-11581.yaml b/config/nuclei-templates/cves/2019/CVE-2019-11581.yaml
@@ -16,7 +16,9 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2019-11581
     cwe-id: CWE-74
-  tags: cve,cve2019,atlassian,jira,ssti,rce,kev
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
+  tags: cve,cve2019,atlassian,jira,ssti,rce,kev,cisa
 
 requests:
   - method: GET

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-12593.yaml b/config/nuclei-templates/cves/2019/CVE-2019-12593.yaml
@@ -17,6 +17,7 @@ info:
     cwe-id: CWE-22
   metadata:
     google-dork: Powered By IceWarp 10.4.4
+    shodan-query: title:"icewarp"
   tags: cve,cve2019,lfi,icewarp
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-3401.yaml b/config/nuclei-templates/cves/2019/CVE-2019-3401.yaml
@@ -12,6 +12,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2019-3401
     cwe-id: CWE-863
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,jira,atlassian,exposure
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-3402.yaml b/config/nuclei-templates/cves/2019/CVE-2019-3402.yaml
@@ -13,6 +13,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2019-3402
     cwe-id: CWE-79
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,xss
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-3403.yaml b/config/nuclei-templates/cves/2019/CVE-2019-3403.yaml
@@ -13,6 +13,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2019-3403
     cwe-id: CWE-863
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-6340.yaml b/config/nuclei-templates/cves/2019/CVE-2019-6340.yaml
@@ -15,7 +15,9 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2019-6340
     cwe-id: CWE-502
-  tags: cve,cve2019,drupal,rce,kev
+  metadata:
+    shodan-query: http.component:"drupal"
+  tags: cve,cve2019,drupal,rce,kev,cisa
 
 requests:
   - method: POST

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-8442.yaml b/config/nuclei-templates/cves/2019/CVE-2019-8442.yaml
@@ -13,6 +13,8 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2019-8442
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,lfi
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-8446.yaml b/config/nuclei-templates/cves/2019/CVE-2019-8446.yaml
@@ -13,6 +13,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2019-8446
     cwe-id: CWE-863
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,jira
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-8449.yaml b/config/nuclei-templates/cves/2019/CVE-2019-8449.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2019-8449
     cwe-id: CWE-306
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,disclosure
 
 requests:

diff --git a/config/nuclei-templates/cves/2019/CVE-2019-8451.yaml b/config/nuclei-templates/cves/2019/CVE-2019-8451.yaml
@@ -15,6 +15,8 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2019-8451
     cwe-id: CWE-918
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2019,atlassian,jira,ssrf,oast
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-11110.yaml b/config/nuclei-templates/cves/2020/CVE-2020-11110.yaml
@@ -16,6 +16,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2020-11110
     cwe-id: CWE-79
+  metadata:
+    shodan-query: title:"Grafana"
   tags: cve,cve2020,xss,grafana
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-14179.yaml b/config/nuclei-templates/cves/2020/CVE-2020-14179.yaml
@@ -12,6 +12,8 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
     cve-id: CVE-2020-14179
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2020,atlassian,jira,exposure,disclosure
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-14181.yaml b/config/nuclei-templates/cves/2020/CVE-2020-14181.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2020-14181
     cwe-id: CWE-200
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2020,atlassian,jira
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-1938.yaml b/config/nuclei-templates/cves/2020/CVE-2020-1938.yaml
@@ -15,7 +15,9 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2020-1938
     cwe-id: CWE-269
-  tags: cve,cve2020,apache,tomcat,lfi,network,kev
+  metadata:
+    shodan-query: title:"Apache Tomcat"
+  tags: cve,cve2020,apache,tomcat,lfi,network,kev,cisa
 
 network:
   - inputs:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-27982.yaml b/config/nuclei-templates/cves/2020/CVE-2020-27982.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2020-27982
     cwe-id: CWE-79
+  metadata:
+    shodan-query: title:"icewarp"
   tags: cve,cve2020,xss,icewarp
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-29453.yaml b/config/nuclei-templates/cves/2020/CVE-2020-29453.yaml
@@ -13,6 +13,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2020-29453
     cwe-id: CWE-22
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2020,atlassian,jira,lfi
 
 requests:

diff --git a/config/nuclei-templates/cves/2020/CVE-2020-36289.yaml b/config/nuclei-templates/cves/2020/CVE-2020-36289.yaml
@@ -14,6 +14,8 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2020-36289
     cwe-id: CWE-200
+  metadata:
+    shodan-query: http.component:"Atlassian Jira"
   tags: cve,cve2020,jira,atlassian,unauth
 
 requests: