Create apache-allura-detect.yaml

[icarot]

Detects a Apache Allura server, a open source implementation of a software "forge". Reference: https://allura.apache.org/

• References:

https://allura.apache.org/

I've validated this template locally?

• YES
• NO

Steps to test:

Apache Allura Docker:

1. Building Docker Image:

$ git clone https://github.com/apache/allura
$ cd allura/
$ docker build -t allura .

2. Running container:

$ docker compose run --rm web scripts/init-docker-dev.sh
$ docker compose run --rm -e ALLURA_TEST_DATA=False taskd paster setup-app docker-dev.ini

• Confirm root's user
• Define root's password

$ docker ps -a
The following containers have to bee up:

• allura-outmail-1
• allura-web-1
• allura-solr-1
• allura-mongo-1

4. Acessing the Apache Allura service:

Get your local IP address:
$ ip addr

In file "Allura/development.ini":
$ vim Allura/development.ini
Add/update the following lines after tag "[server:main]":
"
host = <local_machine_IP>
port = 8088
"

And add/update the following lines after tag "[app:main]":
"
domain = <local_machine_IP>
base_url = http://<local_machine_IP>:8088
"

Execute:
$ docker compose restart web

And the access URL will be http://<local_machine_IP>:8088

Nuclei execution:

$ ~/go/bin/nuclei -t apache-allura-detect.yaml -u "http://<local_machine_IP>:8088" -H "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"

[GeorginaReeder]

Thanks so much for your contribution @icarot !

[DhiyaneshGeek]

root@localhost:~# nuclei -u http://localhost:8080 -t test.yaml -vv -debug 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.9

		projectdiscovery.io

[INF] Current nuclei version: v3.2.9 (latest)
[INF] Current nuclei-templates version: v9.8.9 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 1
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[apache-allura-detect] Apache Allura - Detection (@icarot) [info]
[INF] [apache-allura-detect] Dumped HTTP request for http://localhost:8080/neighborhood

GET /neighborhood HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:45.0) Gecko/20100101 Firefox/45.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [apache-allura-detect] Dumped HTTP response http://localhost:8080/neighborhood

HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache
Content-Security-Policy: frame-ancestors 'self'; object-src 'none'
Content-Security-Policy-Report-Only: form-action 'self'; script-src-attr 'none' 'report-sample'; script-src 'self' www.google-analytics.com 'unsafe-inline' 'unsafe-eval' 'report-sample'; frame-src 'self' www.youtube-nocookie.com
Content-Type: text/html; charset=utf-8
Date: Mon, 24 Jun 2024 06:22:21 GMT
Feature-Policy: microphone 'none'; geolocation 'none'; camera 'none'; payment 'none'; document-domain 'none'; display 'none'; autoplay 'none'
Permissions-Policy: microphone=(), geolocation=(), camera=(), payment=(), document-domain=(), display-capture=(), autoplay=()
Pragma: no-cache
Referrer-Policy: 'same-origin'
Server: gunicorn
Set-Cookie: _session_id=2b83ff3464b15dc6c9c475bbd84d5f94304872c650eb822e0d9143932cd7ae409cb221dfb13bdb5d; Path=/
Vary: Accept-Encoding

<!DOCTYPE html>
<!-- Server: d5db0fea9335 -->


    

















<html lang="en" class="no-js">
<head>
    <meta content="text/html; charset=UTF-8" http-equiv="content-type"/>
    <title>All Neighborhoods</title>