Merge branch 'main' into verified-tokens

projectdiscovery · Mar 14, 2024 · 2c0b7c2 · 2c0b7c2
2 parents a154722 + 34edd4d
commit 2c0b7c2
Show file tree

Hide file tree

Showing 1,480 changed files with 14,760 additions and 8,018 deletions.
diff --git a/.github/workflows/cache-purge.yml b/.github/workflows/cache-purge.yml
diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
       - name: Yamllint

diff --git a/.github/workflows/template-sign.yml b/.github/workflows/template-sign.yml
@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml
@@ -3,49 +3,18 @@ on:
   push:
     paths:
     - '.new-additions'
-    - 'http/cnvd/2023/CNVD-2023-96945.yaml'
-    - 'http/cves/2023/CVE-2023-38203.yaml'
-    - 'http/cves/2023/CVE-2023-42344.yaml'
-    - 'http/cves/2023/CVE-2023-45671.yaml'
-    - 'http/cves/2023/CVE-2023-48777.yaml'
-    - 'http/cves/2024/CVE-2024-0305.yaml'
-    - 'http/cves/2024/CVE-2024-0713.yaml'
-    - 'http/cves/2024/CVE-2024-1021.yaml'
-    - 'http/cves/2024/CVE-2024-1208.yaml'
-    - 'http/cves/2024/CVE-2024-1209.yaml'
-    - 'http/cves/2024/CVE-2024-1210.yaml'
-    - 'http/cves/2024/CVE-2024-1709.yaml'
-    - 'http/cves/2024/CVE-2024-22319.yaml'
-    - 'http/cves/2024/CVE-2024-22320.yaml'
-    - 'http/cves/2024/CVE-2024-25600.yaml'
-    - 'http/default-logins/ibm/ibm-dcbc-default-login.yaml'
-    - 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
-    - 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
-    - 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
-    - 'http/exposed-panels/c2/meduza-stealer.yaml'
-    - 'http/exposed-panels/connectwise-panel.yaml'
-    - 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
-    - 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
-    - 'http/exposed-panels/ibm/ibm-decision-server-console.yaml'
-    - 'http/exposed-panels/ibm/ibm-odm-panel.yaml'
-    - 'http/exposed-panels/koel-panel.yaml'
-    - 'http/exposed-panels/kopano-webapp-panel.yaml'
-    - 'http/exposed-panels/linshare-panel.yaml'
-    - 'http/exposed-panels/openvas-panel.yaml'
-    - 'http/exposed-panels/opinio-panel.yaml'
-    - 'http/exposed-panels/rocketchat-panel.yaml'
-    - 'http/exposures/configs/sphinxsearch-config.yaml'
-    - 'http/misconfiguration/installer/connectwise-setup.yaml'
-    - 'http/technologies/ibm/ibm-decision-runner.yaml'
-    - 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
-    - 'http/technologies/ibm/ibm-odm-detect.yaml'
-    - 'http/technologies/pexip-detect.yaml'
-    - 'http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml'
-    - 'http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml'
-    - 'http/vulnerabilities/yonyou/yonyou-ufida-nc-lfi.yaml'
+    - 'http/cves/2023/CVE-2023-49785.yaml'
+    - 'http/exposed-panels/emqx-panel.yaml'
+    - 'http/exposed-panels/neocase-hrportal-panel.yaml'
+    - 'http/exposed-panels/osnexus-panel.yaml'
+    - 'http/exposed-panels/posteio-admin-panel.yaml'
+    - 'http/exposed-panels/skeepers-panel.yaml'
+    - 'http/misconfiguration/installer/posteio-installer.yaml'
+    - 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
   workflow_dispatch:
 jobs:
   triggerRemoteWorkflow:
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     runs-on: ubuntu-latest
     steps:
     - name: Trigger Remote Workflow with curl

diff --git a/.github/workflows/wordpress-plugins-update.yml b/.github/workflows/wordpress-plugins-update.yml
@@ -6,6 +6,7 @@ on:
 jobs:
   Update:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4

diff --git a/.new-additions b/.new-additions
@@ -1,40 +1,8 @@
-http/cnvd/2023/CNVD-2023-96945.yaml
-http/cves/2023/CVE-2023-38203.yaml
-http/cves/2023/CVE-2023-42344.yaml
-http/cves/2023/CVE-2023-45671.yaml
-http/cves/2023/CVE-2023-48777.yaml
-http/cves/2024/CVE-2024-0305.yaml
-http/cves/2024/CVE-2024-0713.yaml
-http/cves/2024/CVE-2024-1021.yaml
-http/cves/2024/CVE-2024-1208.yaml
-http/cves/2024/CVE-2024-1209.yaml
-http/cves/2024/CVE-2024-1210.yaml
-http/cves/2024/CVE-2024-1709.yaml
-http/cves/2024/CVE-2024-22319.yaml
-http/cves/2024/CVE-2024-22320.yaml
-http/cves/2024/CVE-2024-25600.yaml
-http/default-logins/ibm/ibm-dcbc-default-login.yaml
-http/default-logins/ibm/ibm-dcec-default-login.yaml
-http/default-logins/ibm/ibm-dsc-default-login.yaml
-http/default-logins/ibm/ibm-hmc-default-login.yaml
-http/exposed-panels/c2/meduza-stealer.yaml
-http/exposed-panels/connectwise-panel.yaml
-http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
-http/exposed-panels/ibm/ibm-dcec-panel.yaml
-http/exposed-panels/ibm/ibm-decision-server-console.yaml
-http/exposed-panels/ibm/ibm-odm-panel.yaml
-http/exposed-panels/koel-panel.yaml
-http/exposed-panels/kopano-webapp-panel.yaml
-http/exposed-panels/linshare-panel.yaml
-http/exposed-panels/openvas-panel.yaml
-http/exposed-panels/opinio-panel.yaml
-http/exposed-panels/rocketchat-panel.yaml
-http/exposures/configs/sphinxsearch-config.yaml
-http/misconfiguration/installer/connectwise-setup.yaml
-http/technologies/ibm/ibm-decision-runner.yaml
-http/technologies/ibm/ibm-decision-server-runtime.yaml
-http/technologies/ibm/ibm-odm-detect.yaml
-http/technologies/pexip-detect.yaml
-http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml
-http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml
-http/vulnerabilities/yonyou/yonyou-ufida-nc-lfi.yaml
+http/cves/2023/CVE-2023-49785.yaml
+http/exposed-panels/emqx-panel.yaml
+http/exposed-panels/neocase-hrportal-panel.yaml
+http/exposed-panels/osnexus-panel.yaml
+http/exposed-panels/posteio-admin-panel.yaml
+http/exposed-panels/skeepers-panel.yaml
+http/misconfiguration/installer/posteio-installer.yaml
+http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
diff --git a/.nuclei-ignore b/.nuclei-ignore
@@ -18,6 +18,7 @@ tags:
   - "local"
   - "brute-force"
   - "bruteforce"
+  - "phishing"
 
 # The following templates have been excluded because they have weak matchers and may generate FP results.
 # Please feel free to create PR if you can update the templates with strict matchers.
@@ -32,3 +33,6 @@ files:
   - http/cves/2020/CVE-2020-28351.yaml
   - http/vulnerabilities/oracle/oracle-ebs-xss.yaml
   - http/cves/2021/CVE-2021-28164.yaml
+  - http/fuzzing/wordpress-themes-detect.yaml
+  - http/fuzzing/mdb-database-file.yaml
+  - http/fuzzing/iis-shortname.yaml
diff --git a/README.md b/README.md
@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR    | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2365 | dhiyaneshdk  |  1140 | http       |  7022 | info     |  3375 | file |   312 |
-| panel     |  1070 | daffainfo    |   864 | file       |   312 | high     |  1562 | dns  |    21 |
-| wordpress |   947 | dwisiswant0  |   801 | workflows  |   191 | medium   |  1458 |      |       |
-| xss       |   891 | pikpikcu     |   353 | network    |   132 | critical |   950 |      |       |
-| exposure  |   861 | pussycat0x   |   313 | code       |    80 | low      |   257 |      |       |
-| wp-plugin |   822 | ritikchaddha |   303 | ssl        |    27 | unknown  |    35 |      |       |
-| osint     |   678 | pdteam       |   285 | javascript |    26 |          |       |      |       |
-| tech      |   655 | ricardomaia  |   231 | dns        |    18 |          |       |      |       |
-| lfi       |   632 | geeknik      |   227 | headless   |    11 |          |       |      |       |
+| cve       |  2388 | dhiyaneshdk  |  1189 | http       |  7229 | info     |  3544 | file |   312 |
+| panel     |  1093 | daffainfo    |   864 | file       |   312 | high     |  1583 | dns  |    21 |
+| wordpress |   954 | dwisiswant0  |   802 | workflows  |   191 | medium   |  1464 |      |       |
+| exposure  |   892 | pikpikcu     |   353 | network    |   132 | critical |   960 |      |       |
+| xss       |   892 | pussycat0x   |   313 | code       |    80 | low      |   258 |      |       |
+| wp-plugin |   829 | ritikchaddha |   308 | ssl        |    27 | unknown  |    35 |      |       |
+| osint     |   791 | pdteam       |   285 | javascript |    26 |          |       |      |       |
+| tech      |   661 | ricardomaia  |   231 | dns        |    18 |          |       |      |       |
+| lfi       |   634 | geeknik      |   227 | headless   |    11 |          |       |      |       |
 | edb       |   598 | theamanrawat |   221 | cloud      |     9 |          |       |      |       |
 
-**555 directories, 8111 files**.
+**571 directories, 8318 files**.
 
 </td>
 </tr>

diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json