From 4008d74523bd5b79a20c2e7c16c0b88b0687631c Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Wed, 24 May 2023 17:37:35 +0330 Subject: [PATCH 01/88] Update info.md update small details in side bar --- info.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/info.md b/info.md index 60950a4..35d4f69 100644 --- a/info.md +++ b/info.md @@ -1,13 +1,11 @@ ### ASVS Security Evaluation Templates with Nuclei Information * [Incubator Project](#) -* [Type of Project](#) * [Version 0.0.0](#) -* [Builder](#) +* [Defender](#) * [Breaker](#) -### Downloads or Social Links -* [Download](#) -* [Meetup](#) +### Community +* [Slack Channel](https://owasp.slack.com/archives/C052939BZ43) ### Code Repository * [repo](#) From 5d8fd48dc98fc05a64d527c1a5038128c82cce73 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sun, 28 May 2023 07:37:44 +0330 Subject: [PATCH 02/88] Update index.md add Licensing section --- index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/index.md b/index.md index 6992855..79c808c 100644 --- a/index.md +++ b/index.md @@ -20,3 +20,7 @@ tags: This is a space-delimited list of tags you associate with your project or level: For projects, this is your project level (2 - Incubator, 3 - Lab, 3.5 - Production, 4 - Flagship) type: code, tool, documentation, or other +Licensing +https://img.shields.io/github/license/cont/https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei + +This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. From 42b7fbe151b7d973f23dd1645dfecb92dc9d5987 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sun, 28 May 2023 07:59:31 +0330 Subject: [PATCH 03/88] Update index.md --- index.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/index.md b/index.md index 79c808c..e299832 100644 --- a/index.md +++ b/index.md @@ -20,7 +20,10 @@ tags: This is a space-delimited list of tags you associate with your project or level: For projects, this is your project level (2 - Incubator, 3 - Lab, 3.5 - Production, 4 - Flagship) type: code, tool, documentation, or other -Licensing -https://img.shields.io/github/license/cont/https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei + + + +## header H2 +[](https://img.shields.io/github/license/cont/https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. From 6263dee0383f0992afe8246918505c2e7bcd4796 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sun, 28 May 2023 08:00:36 +0330 Subject: [PATCH 04/88] Update index.md --- index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.md b/index.md index e299832..841704a 100644 --- a/index.md +++ b/index.md @@ -23,7 +23,7 @@ type: code, tool, documentation, or other -## header H2 +## Licensing [](https://img.shields.io/github/license/cont/https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. From 9c3fc9c41c1a63510a9f792f886c846678f4292d Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sun, 28 May 2023 08:25:43 +0330 Subject: [PATCH 05/88] Update info.md add link to the github repo --- info.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/info.md b/info.md index 35d4f69..0338027 100644 --- a/info.md +++ b/info.md @@ -4,11 +4,17 @@ * [Defender](#) * [Breaker](#) +### Classification +* Tool + ### Community * [Slack Channel](https://owasp.slack.com/archives/C052939BZ43) +### Statistics +* [Daily Project Stats](#) + ### Code Repository -* [repo](#) +* [repo](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) ### Change Log * [changes](#) From 60319c91bc71bf5589fa74b1571eeef9ddb96a0b Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sun, 28 May 2023 09:00:22 +0330 Subject: [PATCH 06/88] Create README.md --- README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ + From cdc10c331ec669fb839f8ae2227b7e4bf63c6db3 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 28 May 2023 09:37:57 +0330 Subject: [PATCH 07/88] Create MIT LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..636d84b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 OWASP + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 5d0497adffaa7659409b8d68a09802a7f562ca66 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Mon, 29 May 2023 07:59:43 +0330 Subject: [PATCH 08/88] Update index.md Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.md b/index.md index 841704a..e433e37 100644 --- a/index.md +++ b/index.md @@ -24,6 +24,6 @@ type: code, tool, documentation, or other ## Licensing -[](https://img.shields.io/github/license/cont/https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) +[![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE) This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. From a9ff8ed76fafebc87ada2ca3e2d14e8d2d6fbf7d Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Fri, 16 Jun 2023 12:58:32 +0330 Subject: [PATCH 09/88] Update index.md add project desc Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- index.md | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/index.md b/index.md index e433e37..2f02e06 100644 --- a/index.md +++ b/index.md @@ -2,26 +2,16 @@ layout: col-sidebar title: OWASP ASVS Security Evaluation Templates with Nuclei -tags: example-tag +tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates asvs asvs-evaluation PoC-generator vulnerablity level: 2 -type: -pitch: A very brief, one-line description of your project +type: tool +pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites. --- -This is an example of a Project or Chapter Page. Please change these items to indicate the actual information you wish to present. In addition to this information, the 'front-matter' above this text should be modified to reflect your actual information. An explanation of each of the front-matter items is below: - -layout: This is the layout used by project and chapter pages. You should leave this value as col-sidebar - -title: This is the title of your project or chapter page, usually the name. For example, OWASP Zed Attack Proxy or OWASP Baltimore - -tags: This is a space-delimited list of tags you associate with your project or chapter. If you are using tabs, at least one of these tags should be unique in order to be used in the tabs files (an example tab is included in this repo) - -level: For projects, this is your project level (2 - Incubator, 3 - Lab, 3.5 - Production, 4 - Flagship) - -type: code, tool, documentation, or other - +This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites and will involve creating templates that can be used to evaluate ASVS on websites, documenting the use of the templates, and designing and implementing a user interface for easy navigation and use of the templates. The templates and user interface will be tested for accuracy and usability, and once finalized, they will be made available for use. User feedback and usage of the templates and user interface will be monitored and analyzed, and updates will be made to the templates and user interface based on this feedback and usage. Finally, the project will be documented for future reference. +It's important to note that Since the implementation methods and frameworks used in web application design are very diverse, in this project, we will consider the existing best practice designs and develop nuclei templates based on them. ## Licensing [![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE) From fd8b3c0b227ba0d14ae6805a70fe36ac9b266264 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Fri, 16 Jun 2023 15:05:54 +0330 Subject: [PATCH 10/88] Create CONTRIBUTING.md add 'how to contribute' file Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- CONTRIBUTING.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..526ffda --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,16 @@ + +## Contributing + +If you have any idea to improve templates or want to share experience and give feedback on this project, we'd love to hear from you in following ways: + + +### Asking Questions +You can use either Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43) to ask questions. + +### Create issues + +Before raising pull requests, please create an [Issue](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/issues) first to be discussed for missing requirements, content or errors. Please explain the issue in detail including references if available and suggest where it could be added. + +### Open a Pull Request +- Your pull request may be merged after review. +- Commits must be [signed off](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). From 2db4a7a96abae3dd0ad766cb9d2c8dd1ef3908c4 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Fri, 16 Jun 2023 15:12:25 +0330 Subject: [PATCH 11/88] Update and rename tab_example.md to tab_contributing.md add contribution guideline on main owasp website of project Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- tab_contributing.md | 21 +++++++++++++++++++++ tab_example.md | 11 ----------- 2 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 tab_contributing.md delete mode 100644 tab_example.md diff --git a/tab_contributing.md b/tab_contributing.md new file mode 100644 index 0000000..2a82cf5 --- /dev/null +++ b/tab_contributing.md @@ -0,0 +1,21 @@ +--- +title: Contributing +layout: null +tab: true +order: 1 +tags: asvs-security-evaluation-templates-with-nuclei +--- + +## Contributing + +If you are interested in contributing to this project by sharing ideas to improve templates or giving feedback we will be happy to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43). + +For detailed information and guidelines about contributing in "ASVS evaluation template development" please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md) + +### Core Team +The project current core team are: +- [Hamed Salimain](https://github.com/Snbig) (Project Leader) +- [Mohammad Khodaiemehr](https://github.com/m0khd) +- [Amin Naserinia](https://github.com/aminnaseri) +- [Reza Saeedi](https://github.com/Reza-saeedi) +- [Dorna Azhirak](https://github.com/nameddorna) diff --git a/tab_example.md b/tab_example.md deleted file mode 100644 index d29bc45..0000000 --- a/tab_example.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: Example -layout: null -tab: true -order: 1 -tags: example-tag ---- - -## Example - -Put whatever you like here: news, screenshots, features, supporters, or remove this file and don't use tabs at all. \ No newline at end of file From ab565932717f285c6a49f0cdc3f972b049a6b545 Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Fri, 16 Jun 2023 15:57:58 +0330 Subject: [PATCH 12/88] Update README.md add readme file content Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index 8b13789..b22a866 100644 --- a/README.md +++ b/README.md @@ -1 +1,30 @@ +# OWASP ASVS Security Evaluation Templates with Nuclei + + +This project aims to develop [Nuclei](https://github.com/projectdiscovery/nuclei) templates for evaluating OWASP Application Security Verification Standard ([ASVS](https://owasp.org/www-project-application-security-verification-standard/)) on websites and will involve creating templates that can be used to evaluate ASVS on websites, documenting the use of the templates, and designing and implementing a user interface for easy navigation and use of the templates. + + The goal is to provide security professionals with an easy-to-use set of tools to test their web applications and identify potential vulnerabilities. +#### It's important to note that: +- Since the implementation methods and frameworks used in web application design are very diverse, in this project we will consider the existing best practice designs and develop nuclei templates based on them :) +- Also while these Nuclei templates are designed to help automate the process of evaluating web applications against ASVS requirements, they should not be considered a substitute for manual testing or other security best practices. +- Some templates are developed for a limited or specific scenario and should be modified and perfected according to the needs of the evaluator/user. + +## Licensing +[![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE) + +This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. + +## Contributing + +Contributions to this repository are welcome and encouraged. If you have created new Nuclei templates that evaluate additional ASVS requirements or have any idea about current templates, we'd love to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43). + +For detailed information and guidelines about contributing in developing template for ASVS evaluation, please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md) + +#### Core Team +The project current core team are: +- [Hamed Salimain](https://github.com/Snbig) (Project Leader) +- [Mohammad Khodaiemehr](https://github.com/m0khd) +- [Amin Naserinia](https://github.com/aminnaseri) +- [Reza Saeedi](https://github.com/Reza-saeedi) +- [Dorna Azhirak](https://github.com/nameddorna) From 9238f84eeb77c975e2f71e831c786cbad8b6439a Mon Sep 17 00:00:00 2001 From: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> Date: Sat, 17 Jun 2023 08:51:50 +0330 Subject: [PATCH 13/88] Update info.md edit sidebar add icons Signed-off-by: Dorna Azhirak <42513803+nameddorna@users.noreply.github.com> --- info.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/info.md b/info.md index 0338027..4abe302 100644 --- a/info.md +++ b/info.md @@ -1,11 +1,13 @@ -### ASVS Security Evaluation Templates with Nuclei Information +### Project Information * [Incubator Project](#) * [Version 0.0.0](#) -* [Defender](#) -* [Breaker](#) - + ### Classification -* Tool +* Tool + +### Audience +* Defender +* Breaker ### Community * [Slack Channel](https://owasp.slack.com/archives/C052939BZ43) From ccd819a5ad450ba8c49cf9041fd45198ef78712a Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 14 Jul 2023 20:48:02 +0330 Subject: [PATCH 14/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b22a866..c714ebb 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,6 @@ For detailed information and guidelines about contributing in developing templat #### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Mohammad Khodaiemehr](https://github.com/m0khd) - [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) - [Dorna Azhirak](https://github.com/nameddorna) From 8c515108766cd266e33f7f45be1693e9eb037d29 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 17 Jul 2023 13:23:57 +0330 Subject: [PATCH 15/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c714ebb..7037f89 100644 --- a/README.md +++ b/README.md @@ -25,5 +25,4 @@ The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) - [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) -- [Dorna Azhirak](https://github.com/nameddorna) From 52420bb343e19971a8d642d8c8994863b8da279f Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Thu, 20 Jul 2023 16:20:29 +0330 Subject: [PATCH 16/88] Create syntax-checking.yml Signed-off-by: Hamed Salimian --- .github/workflows/syntax-checking.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/syntax-checking.yml diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml new file mode 100644 index 0000000..d9fa932 --- /dev/null +++ b/.github/workflows/syntax-checking.yml @@ -0,0 +1,19 @@ +name: ❄️ YAML Lint + +on: + pull_request: + paths: + - '**.yaml' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Yamllint + uses: karancode/yamllint-github-action@v2.1.1 + with: + yamllint_config_filepath: .yamllint + yamllint_strict: false + yamllint_comment: true From 1885d568ce24a83bdbebf275e29f1e010c2005f7 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Thu, 20 Jul 2023 16:24:16 +0330 Subject: [PATCH 17/88] Create template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 29 +++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/template-validate.yml diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml new file mode 100644 index 0000000..6c80cd8 --- /dev/null +++ b/.github/workflows/template-validate.yml @@ -0,0 +1,29 @@ +name: 🛠 Template Validate + +on: + pull_request: + paths: + - '**.yaml' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.20.x + + - name: nuclei install + run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest + + - name: Template Validation + run: | + cp -r ${{ github.workspace }} $HOME + nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -w ./workflows -allow-local-file-access From 644803db011ad560b07e2262412e4bc3e9ab2952 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 22 Jul 2023 08:28:01 +0330 Subject: [PATCH 18/88] Create templates folder Signed-off-by: Hamed Salimian --- templates/.gitkeep | 1 + 1 file changed, 1 insertion(+) create mode 100644 templates/.gitkeep diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/templates/.gitkeep @@ -0,0 +1 @@ + From 0ad2eaa25fc317f2bf1581172dcb648e52b76f58 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 22 Jul 2023 08:55:00 +0330 Subject: [PATCH 19/88] Added static vulnerable project as submodule on dev --- .gitmodules | 4 ++++ Vulnerable-Pages | 1 + 2 files changed, 5 insertions(+) create mode 100644 .gitmodules create mode 160000 Vulnerable-Pages diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..18feab8 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "Vulnerable-Pages"] + path = Vulnerable-Pages + url = https://github.com/Snbig/Vulnerable-Pages + branch = dev diff --git a/Vulnerable-Pages b/Vulnerable-Pages new file mode 160000 index 0000000..982975c --- /dev/null +++ b/Vulnerable-Pages @@ -0,0 +1 @@ +Subproject commit 982975c8775116be62cd507660d125e888f17b4a From 5760ed48226501381de352a9d1192cedafb57c4d Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 20:41:33 +0330 Subject: [PATCH 20/88] Create 13.2.1.yaml Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 170 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 templates/13.2.1.yaml diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml new file mode 100644 index 0000000..f0194d3 --- /dev/null +++ b/templates/13.2.1.yaml @@ -0,0 +1,170 @@ +id: asvs_13_2_1 + +info: + name: ASVS 13.2.1 Check + author: Hamed Salimian + severity: high + classification: + cwe-id: CWE-650 + reference: + - https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods + - https://nmap.org/nsedoc/scripts/http-methods.html + tags: asvs,13.2.1 + description: | + Verify that enabled RESTful HTTP methods are a valid choice for the user or action, such as preventing normal users using DELETE or PUT on protected API or resources. + +http: + - method: OPTIONS + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + extractors: + - type: regex + name: "potentially risky methods (OPTIONS check)" + part: header + regex: + - "(PUT|DELETE|TRACE|PATCH|CONNECT)" + - type: kval + name: "Access-Control-Allow-Methods" + part: header + kval: + - Access_Control_Allow_Methods + matchers: + - type: regex + part: header + regex: + - "(PUT|DELETE|TRACE|PATCH|CONNECT)" + + - raw: + - | + {{to_upper(rand_text_alpha(4))}} {{Path}} HTTP/1.1 + Host: {{Hostname}} + Cookie: {{Cookie}} + extractors: + - type: dsl + internal: true + name: rand_resp + dsl: + - status_code + + - method: PUT + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + body: "HTTP PUT Method is Enabled" + extractors: + - type: dsl + name: "PUT method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: dsl + dsl: + - "(status_code < 210 && status_code >= 200) && (rand_resp != status_code)" + + - method: DELETE + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + extractors: + - type: dsl + name: "DELETE method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: dsl + negative: true + dsl: + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + + - method: TRACE + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + extractors: + - type: dsl + name: "TRACE method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: dsl + negative: true + dsl: + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + - type: regex + part: body + regex: + - '^TRACE \S+ HTTP\/[0-9]\.[0-9]' + + - method: PATCH + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + body: "" + extractors: + - type: dsl + name: "PATCH method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: dsl + negative: true + dsl: + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + + - method: CONNECT + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Cookie: "{{Cookie}}" + extractors: + - type: dsl + name: "CONNECT method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: dsl + negative: true + dsl: + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" From b6c66c91d340c4546476c91a2b5796d7f058a88c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 20:48:20 +0330 Subject: [PATCH 21/88] Update syntax-checking.yml Add PUSH event to workflow Signed-off-by: Hamed Salimian --- .github/workflows/syntax-checking.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml index d9fa932..f641b2a 100644 --- a/.github/workflows/syntax-checking.yml +++ b/.github/workflows/syntax-checking.yml @@ -1,6 +1,7 @@ name: ❄️ YAML Lint -on: +on: + push: pull_request: paths: - '**.yaml' From 59c79dc4b97111d8558c76817d67d9ca5663b0b8 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 20:48:49 +0330 Subject: [PATCH 22/88] Update 13.2.1.yaml Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index f0194d3..8f1cc9e 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -168,3 +168,4 @@ http: negative: true dsl: - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + From 21866cdc33e24d5c1ea0c706505e076f3bd25f7c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 20:53:16 +0330 Subject: [PATCH 23/88] Create .yamllint Signed-off-by: Hamed Salimian --- .yamllint | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .yamllint diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8d5ac48 --- /dev/null +++ b/.yamllint @@ -0,0 +1,25 @@ +--- +extends: default + +ignore: | + .pre-commit-config.yml + .github/ + .git/ + *.yml + +rules: + document-start: disable + line-length: disable + new-lines: disable + new-line-at-end-of-file: disable + truthy: disable + comments: + require-starting-space: true + ignore-shebangs: true + min-spaces-from-content: 1 + empty-lines: + max: 5 + braces: + forbid: true + brackets: + forbid: true From 3b60624bebedaac5656ab94459c5f66909d4a745 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 20:55:27 +0330 Subject: [PATCH 24/88] Update template-validate.yml add PUSH event to workflow Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 6c80cd8..0b29477 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -1,6 +1,7 @@ name: 🛠 Template Validate on: + push: pull_request: paths: - '**.yaml' From 5c0dfde3f2be4b3e41b0990ffa088ec9ef0a982f Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 21:04:56 +0330 Subject: [PATCH 25/88] Update 13.2.1.yaml Fix lint issues. Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 8f1cc9e..94d569e 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -35,7 +35,7 @@ http: - type: regex part: header regex: - - "(PUT|DELETE|TRACE|PATCH|CONNECT)" + - "(PUT|DELETE|TRACE|PATCH|CONNECT)" - raw: - | @@ -70,7 +70,7 @@ http: - 501 - type: dsl dsl: - - "(status_code < 210 && status_code >= 200) && (rand_resp != status_code)" + - "(status_code < 210 && status_code >= 200) && (rand_resp != status_code)" - method: DELETE path: @@ -93,8 +93,8 @@ http: - type: dsl negative: true dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + - method: TRACE path: - "{{BaseURL}}" @@ -116,7 +116,7 @@ http: - type: dsl negative: true dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - type: regex part: body regex: @@ -144,7 +144,7 @@ http: - type: dsl negative: true dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - method: CONNECT path: @@ -167,5 +167,4 @@ http: - type: dsl negative: true dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - + - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" From fb1dce842744e6aadf58aa6a2759df9f3a871c08 Mon Sep 17 00:00:00 2001 From: Reza Saeedi Date: Fri, 4 Aug 2023 21:06:13 +0330 Subject: [PATCH 26/88] Create 9-1-3.yaml Signed-off-by: Reza Saeedi --- templates/9-3-1.yaml | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 templates/9-3-1.yaml diff --git a/templates/9-3-1.yaml b/templates/9-3-1.yaml new file mode 100644 index 0000000..cbba2d7 --- /dev/null +++ b/templates/9-3-1.yaml @@ -0,0 +1,50 @@ +id: 9-1-3 + +info: + name: Client Communication Security + author: righettod,forgedhallpass,RezaSaeedi + severity: low + reference: + - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security + - https://wiki.mozilla.org/Security/Server_Side_TLS + - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html + - https://ssl-config.mozilla.org/#config=intermediate + description: | + Verify that only the latest recommended versions of the TLS protocol are enabled, such as TLS 1.2 and TLS 1.3. The latest version of the TLS protocol should be the preferred option. + remediation: | + Update the web server's TLS configuration to disable TLS 1.1,1.0 and SSLv3. + metadata: + max-request: 4 + shodan-query: ssl.version:sslv2 ssl.version:sslv3 ssl.version:tlsv1 ssl.version:tlsv1.1 + tags: ssl,ClientCommunicationSecurity,tls,misconfig,9.1.3,asvsV4 + +ssl: + - address: "{{Host}}:{{Port}}" + min_version: ssl30 + max_version: ssl30 + + extractors: + - type: json + name : test + json: + - " .tls_version" + + - address: "{{Host}}:{{Port}}" + min_version: tls10 + max_version: tls10 + + extractors: + - type: json + name : test + json: + - " .tls_version" + + - address: "{{Host}}:{{Port}}" + min_version: tls11 + max_version: tls11 + + extractors: + - type: json + name : test + json: + - " .tls_version" \ No newline at end of file From f9b62fa73a5d744f3cccc81b817d0f65878dcfd3 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 4 Aug 2023 21:10:37 +0330 Subject: [PATCH 27/88] Update 13.2.1.yaml Fix lint issue. Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 94d569e..5180abd 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -94,7 +94,7 @@ http: negative: true dsl: - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - + - method: TRACE path: - "{{BaseURL}}" From ff0694424b053f93ae0169a8d8e8f2405e984325 Mon Sep 17 00:00:00 2001 From: Reza Saeedi Date: Fri, 4 Aug 2023 22:05:39 +0330 Subject: [PATCH 28/88] Update 9-3-1.yaml Signed-off-by: Reza Saeedi --- templates/9-3-1.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/9-3-1.yaml b/templates/9-3-1.yaml index cbba2d7..fd5bf0e 100644 --- a/templates/9-3-1.yaml +++ b/templates/9-3-1.yaml @@ -25,7 +25,6 @@ ssl: extractors: - type: json - name : test json: - " .tls_version" @@ -35,7 +34,6 @@ ssl: extractors: - type: json - name : test json: - " .tls_version" @@ -45,6 +43,5 @@ ssl: extractors: - type: json - name : test json: - - " .tls_version" \ No newline at end of file + - " .tls_version" From b98b98f8e0865e9c6226043a786068d5c57d1419 Mon Sep 17 00:00:00 2001 From: Reza Saeedi Date: Fri, 4 Aug 2023 22:07:29 +0330 Subject: [PATCH 29/88] Rename 9-3-1.yaml to 9.1.3.yaml Signed-off-by: Reza Saeedi --- templates/{9-3-1.yaml => 9.1.3.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/{9-3-1.yaml => 9.1.3.yaml} (100%) diff --git a/templates/9-3-1.yaml b/templates/9.1.3.yaml similarity index 100% rename from templates/9-3-1.yaml rename to templates/9.1.3.yaml From 7b302771dfe25ce467a9631b3ead4a82a4708ff9 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 5 Aug 2023 14:59:57 +0330 Subject: [PATCH 30/88] Add workflows Add syntax checking and template validation workflow --- .github/workflows/syntax-checking.yml | 20 +++++++++++++++++ .github/workflows/template-validate.yml | 30 +++++++++++++++++++++++++ .yamllint | 25 +++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 .github/workflows/syntax-checking.yml create mode 100644 .github/workflows/template-validate.yml create mode 100644 .yamllint diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml new file mode 100644 index 0000000..f641b2a --- /dev/null +++ b/.github/workflows/syntax-checking.yml @@ -0,0 +1,20 @@ +name: ❄️ YAML Lint + +on: + push: + pull_request: + paths: + - '**.yaml' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Yamllint + uses: karancode/yamllint-github-action@v2.1.1 + with: + yamllint_config_filepath: .yamllint + yamllint_strict: false + yamllint_comment: true diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml new file mode 100644 index 0000000..0b29477 --- /dev/null +++ b/.github/workflows/template-validate.yml @@ -0,0 +1,30 @@ +name: 🛠 Template Validate + +on: + push: + pull_request: + paths: + - '**.yaml' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.20.x + + - name: nuclei install + run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest + + - name: Template Validation + run: | + cp -r ${{ github.workspace }} $HOME + nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -w ./workflows -allow-local-file-access diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8d5ac48 --- /dev/null +++ b/.yamllint @@ -0,0 +1,25 @@ +--- +extends: default + +ignore: | + .pre-commit-config.yml + .github/ + .git/ + *.yml + +rules: + document-start: disable + line-length: disable + new-lines: disable + new-line-at-end-of-file: disable + truthy: disable + comments: + require-starting-space: true + ignore-shebangs: true + min-spaces-from-content: 1 + empty-lines: + max: 5 + braces: + forbid: true + brackets: + forbid: true From 4e246f4020fd89bb7571e3a50ed7706543d01ebd Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 10:55:27 +0330 Subject: [PATCH 31/88] Update 13.2.1.yaml Edit `id` and `reference` Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 5180abd..2657a2f 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -1,4 +1,4 @@ -id: asvs_13_2_1 +id: ASVS-4.0.3-V13.2.1 info: name: ASVS 13.2.1 Check @@ -7,7 +7,7 @@ info: classification: cwe-id: CWE-650 reference: - - https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods - https://nmap.org/nsedoc/scripts/http-methods.html tags: asvs,13.2.1 description: | From 786db02afcc47171e575f1fa8fad1ec96167306c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:05:41 +0330 Subject: [PATCH 32/88] Create 14.4.1.yaml Create ASVS-4.0.3-V14.4.1 template. Signed-off-by: Hamed Salimian --- templates/14.4.1.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 templates/14.4.1.yaml diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml new file mode 100644 index 0000000..98ca000 --- /dev/null +++ b/templates/14.4.1.yaml @@ -0,0 +1,30 @@ +id: ASVS-4.0.3-V14.4.1 + +info: + name: ASVS 14.4.1 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-173 + reference: + - https://github.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/blob/main/14-Configuration/14-4-1-Charset.md + tags: asvs,14.4.1 + description: | + Verify that every HTTP response contains a Content-Type header. Also specify a safe character set (e.g., UTF-8, ISO-8859-1) if the content types are text/*, /+xml and application/xml. Content must match with the provided Content-Type header. + +http: + - raw: + - | + GET {{Path}} HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Connection: close + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) + Accept: */* + + extractors: + - type: kval + name: "Content-Type" + part: header + kval: + - Content_Type From 0c307da3132b45a5ae13185159cd317a61d6d539 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:27:04 +0330 Subject: [PATCH 33/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 0b29477..430cc02 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -27,4 +27,3 @@ jobs: run: | cp -r ${{ github.workspace }} $HOME nuclei -duc -validate -allow-local-file-access - nuclei -duc -validate -w ./workflows -allow-local-file-access From 7c58dc2a82c220c3255235cef1eaebdcc3664285 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:36:25 +0330 Subject: [PATCH 34/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 430cc02..e31adb3 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -26,4 +26,4 @@ jobs: - name: Template Validation run: | cp -r ${{ github.workspace }} $HOME - nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -allow-local-file-access -t $HOME/templates From f24d66e2cf92745ea046e3f1699609998906880f Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:43:12 +0330 Subject: [PATCH 35/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index e31adb3..ced5499 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -25,5 +25,4 @@ jobs: - name: Template Validation run: | - cp -r ${{ github.workspace }} $HOME - nuclei -duc -validate -allow-local-file-access -t $HOME/templates + nuclei -duc -validate -allow-local-file-access -t ${{ github.workspace }}/templates From 42675988539c0699ad18c82dfcb31ac59fac4110 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:50:56 +0330 Subject: [PATCH 36/88] Update 13.2.1.yaml Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 2657a2f..5e3f4b0 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -1,4 +1,4 @@ -id: ASVS-4.0.3-V13.2.1 +id: ASVS-4-0-3-V13-2-1 info: name: ASVS 13.2.1 Check From 07bf661660c4c1e1eb23d37e3a6d3f82b6ad0d48 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:55:04 +0330 Subject: [PATCH 37/88] Update 14.4.1.yaml Signed-off-by: Hamed Salimian --- templates/14.4.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml index 98ca000..aff5c31 100644 --- a/templates/14.4.1.yaml +++ b/templates/14.4.1.yaml @@ -1,4 +1,4 @@ -id: ASVS-4.0.3-V14.4.1 +id: ASVS-4-0-3-V14-4-1 info: name: ASVS 14.4.1 Check From dc63a98350e22f6d8a856ce33ff535c085a0e9ec Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 11:58:17 +0330 Subject: [PATCH 38/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 0b29477..ebec010 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -25,6 +25,4 @@ jobs: - name: Template Validation run: | - cp -r ${{ github.workspace }} $HOME - nuclei -duc -validate -allow-local-file-access - nuclei -duc -validate -w ./workflows -allow-local-file-access + nuclei -duc -validate -allow-local-file-access -t ${{ github.workspace }}\templates From 2fd529b6e66a31a06e57bab35dc33dad7e2fffe2 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 12:01:08 +0330 Subject: [PATCH 39/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index ced5499..2656ccd 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -25,4 +25,5 @@ jobs: - name: Template Validation run: | - nuclei -duc -validate -allow-local-file-access -t ${{ github.workspace }}/templates + cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates + nuclei -duc -validate -allow-local-file-access From cd3329ad05079f3c9e59078a8db2ddbd5613e94c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 12:06:34 +0330 Subject: [PATCH 40/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index ebec010..2656ccd 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -25,4 +25,5 @@ jobs: - name: Template Validation run: | - nuclei -duc -validate -allow-local-file-access -t ${{ github.workspace }}\templates + cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates + nuclei -duc -validate -allow-local-file-access From d073d702851e756007196771439cbb43a0663802 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 16:35:24 +0330 Subject: [PATCH 41/88] Update 14.4.1.yaml Signed-off-by: Hamed Salimian --- templates/14.4.1.yaml | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml index aff5c31..8b042bd 100644 --- a/templates/14.4.1.yaml +++ b/templates/14.4.1.yaml @@ -7,7 +7,7 @@ info: classification: cwe-id: CWE-173 reference: - - https://github.com/BlazingWind/OWASP-ASVS-4.0-testing-guide/blob/main/14-Configuration/14-4-1-Charset.md + - https://github.com/OWASP/ASVS/issues/710 tags: asvs,14.4.1 description: | Verify that every HTTP response contains a Content-Type header. Also specify a safe character set (e.g., UTF-8, ISO-8859-1) if the content types are text/*, /+xml and application/xml. Content must match with the provided Content-Type header. @@ -15,11 +15,10 @@ info: http: - raw: - | - GET {{Path}} HTTP/1.1 + GET {{BaseURL}} HTTP/1.1 Host: {{Hostname}} - Origin: {{BaseURL}} Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Accept: */* extractors: @@ -28,3 +27,38 @@ http: part: header kval: - Content_Type + - type: regex + name: "HTML meta charset" + regex: + - (?i) + part: body + - type: regex + name: "XML declaration encoding" + regex: + - (?i)<\?xml\s+version\s*=\s*["'][0-9.]*["']\s+encoding\s*=\s*["'](utf-?8|utf-?16|iso-?8859-?1)["']\s*\?> + part: body + + matchers-condition: and + stop-at-first-match: true + matchers: + - type: regex + name: "Content-Type header" + negative: true + regex: + - (?i)Content-Type:\s+text/(\w+);\s+charset=(utf-?8|iso-?8859?-1) + - (?i)Content-Type:\s+(application/xml|\+xml);\s+charset=(utf-?8|utf-?16) + part: header + + - type: regex + name: "HTML meta charset" + negative: true + regex: + - (?i) + part: body + + - type: regex + name: "XML declaration encoding" + negative: true + regex: + - (?i)<\?xml\s+version\s*=\s*["'][0-9.]*["']\s+encoding\s*=\s*["'](utf-?8|utf-?16|iso-?8859-?1)["']\s*\?> + part: body From 6686c565a1e3f857ae5f6e47e6dca73674ddae8c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 16:40:32 +0330 Subject: [PATCH 42/88] Update 14.4.1.yaml Signed-off-by: Hamed Salimian --- templates/14.4.1.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml index 8b042bd..999b3e6 100644 --- a/templates/14.4.1.yaml +++ b/templates/14.4.1.yaml @@ -11,7 +11,6 @@ info: tags: asvs,14.4.1 description: | Verify that every HTTP response contains a Content-Type header. Also specify a safe character set (e.g., UTF-8, ISO-8859-1) if the content types are text/*, /+xml and application/xml. Content must match with the provided Content-Type header. - http: - raw: - | @@ -26,7 +25,7 @@ http: name: "Content-Type" part: header kval: - - Content_Type + - Content_Type - type: regex name: "HTML meta charset" regex: From bc18b26a211926e26952396c1f79c74323b3650c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 18 Aug 2023 16:42:05 +0330 Subject: [PATCH 43/88] Update 14.4.1.yaml Signed-off-by: Hamed Salimian --- templates/14.4.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml index 999b3e6..6610704 100644 --- a/templates/14.4.1.yaml +++ b/templates/14.4.1.yaml @@ -36,7 +36,7 @@ http: regex: - (?i)<\?xml\s+version\s*=\s*["'][0-9.]*["']\s+encoding\s*=\s*["'](utf-?8|utf-?16|iso-?8859-?1)["']\s*\?> part: body - + matchers-condition: and stop-at-first-match: true matchers: From 2bb7d8b52cea665ba41d751ff719f8fd26df5a50 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 20 Aug 2023 11:00:16 +0330 Subject: [PATCH 44/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/tab_contributing.md b/tab_contributing.md index 2a82cf5..e5bec91 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,7 +15,5 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Mohammad Khodaiemehr](https://github.com/m0khd) - [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) -- [Dorna Azhirak](https://github.com/nameddorna) From 87451d9ad0c2e67b4f0c1c63ed4cb7b2791eab6e Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 20 Aug 2023 11:00:35 +0330 Subject: [PATCH 45/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/tab_contributing.md b/tab_contributing.md index 2a82cf5..e5bec91 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,7 +15,5 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Mohammad Khodaiemehr](https://github.com/m0khd) - [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) -- [Dorna Azhirak](https://github.com/nameddorna) From ab4126e581ae7204994ebe75ffb634d8dd81c088 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Thu, 31 Aug 2023 14:03:08 +0330 Subject: [PATCH 46/88] Create 14.4.2.yaml Signed-off-by: Hamed Salimian --- templates/14.4.2.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 templates/14.4.2.yaml diff --git a/templates/14.4.2.yaml b/templates/14.4.2.yaml new file mode 100644 index 0000000..309fecf --- /dev/null +++ b/templates/14.4.2.yaml @@ -0,0 +1,30 @@ +id: ASVS-4-0-3-V14-4-2 + +info: + name: ASVS 14.4.2 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-116 + reference: + - https://github.com/OWASP/ASVS/issues/1009 + - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition + tags: asvs,14.4.2 + description: | + Verify that all API responses contain a Content-Disposition: attachment; filename="api.json" header (or other appropriate filename for the content type). + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + matchers: + - type: dsl + name: '"Content-Disposition: attachment; filename=" header does not exist.' + dsl: + - '!contains(header, "Content-Disposition: attachment; filename=")' + From ac442f84ff7558d9f880b23a6ca4d088aacdfd93 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Thu, 31 Aug 2023 14:07:43 +0330 Subject: [PATCH 47/88] Update 14.4.2.yaml Signed-off-by: Hamed Salimian --- templates/14.4.2.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/14.4.2.yaml b/templates/14.4.2.yaml index 309fecf..161a4a5 100644 --- a/templates/14.4.2.yaml +++ b/templates/14.4.2.yaml @@ -12,7 +12,7 @@ info: tags: asvs,14.4.2 description: | Verify that all API responses contain a Content-Disposition: attachment; filename="api.json" header (or other appropriate filename for the content type). - + http: - raw: - | @@ -27,4 +27,3 @@ http: name: '"Content-Disposition: attachment; filename=" header does not exist.' dsl: - '!contains(header, "Content-Disposition: attachment; filename=")' - From f8ef8d345595e6fbfbff573ccc8fde4431b50789 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 4 Sep 2023 07:15:15 +0330 Subject: [PATCH 48/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 1 - 1 file changed, 1 deletion(-) diff --git a/tab_contributing.md b/tab_contributing.md index e5bec91..e1a150d 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,5 +15,4 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) From dd9eeedbab7e4493191f85f5b660210dd8201d78 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 4 Sep 2023 07:16:05 +0330 Subject: [PATCH 49/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 7037f89..091b4a0 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,5 @@ For detailed information and guidelines about contributing in developing templat #### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) From ec231539e1fac7838ec80ebe468c178ccbd136a7 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 12 Sep 2023 15:07:45 +0330 Subject: [PATCH 50/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 7037f89..091b4a0 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,5 @@ For detailed information and guidelines about contributing in developing templat #### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) From 39fbde2f2c780731698b40c5f10dc3d4529c6a41 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 12 Sep 2023 15:08:05 +0330 Subject: [PATCH 51/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 1 - 1 file changed, 1 deletion(-) diff --git a/tab_contributing.md b/tab_contributing.md index e5bec91..e1a150d 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,5 +15,4 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Amin Naserinia](https://github.com/aminnaseri) - [Reza Saeedi](https://github.com/Reza-saeedi) From 6370c4098afdb5b6737762ac6fb136d29dab54f6 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 13 Sep 2023 08:54:38 +0330 Subject: [PATCH 52/88] Create 14.4.3.yaml Signed-off-by: Hamed Salimian --- templates/14.4.3.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 templates/14.4.3.yaml diff --git a/templates/14.4.3.yaml b/templates/14.4.3.yaml new file mode 100644 index 0000000..7dd5bfc --- /dev/null +++ b/templates/14.4.3.yaml @@ -0,0 +1,38 @@ +id: ASVS-4-0-3-V14-4-3 + +info: + name: ASVS 14.4.3 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-1021 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html + tags: asvs,14.4.3 + description: | + Verify that a Content Security Policy (CSP) response header is in place that helps mitigate impact for XSS attacks like HTML, DOM, JSON, and JavaScript injection vulnerabilities. + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + matchers-condition: and + matchers: + - type: word + name: 'Content Security Policy (CSP) header does not exist.' + part: header + negative: true + words: + - 'Content-Security-Policy:' + - 'Content-Security-Policy-Report-Only:' + - type: regex + name: 'Content Security Policy (CSP) Meta Tag does not exist.' + part: body + negative: true + regex: + - (?i) From 1e4bb9d60a7fec803a08890f60137f252176962f Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 13 Sep 2023 09:00:05 +0330 Subject: [PATCH 53/88] Update 14.4.3.yaml Signed-off-by: Hamed Salimian --- templates/14.4.3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/14.4.3.yaml b/templates/14.4.3.yaml index 7dd5bfc..3b7c3c7 100644 --- a/templates/14.4.3.yaml +++ b/templates/14.4.3.yaml @@ -35,4 +35,4 @@ http: part: body negative: true regex: - - (?i) + - (?i) From 15491fc09040c76b0ddd8b7a97a095c5c98b6485 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 27 Sep 2023 09:54:44 +0330 Subject: [PATCH 54/88] Create 14.4.4.yaml Signed-off-by: Hamed Salimian --- templates/14.4.4.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 templates/14.4.4.yaml diff --git a/templates/14.4.4.yaml b/templates/14.4.4.yaml new file mode 100644 index 0000000..6e4a257 --- /dev/null +++ b/templates/14.4.4.yaml @@ -0,0 +1,28 @@ +id: ASVS-4-0-3-V14-4-4 + +info: + name: ASVS 14.4.4 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-116 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html + tags: asvs,14.4.4 + description: | + Verify that all responses contain a X-Content-Type-Options: nosniff header. + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + matchers: + - type: dsl + name: '"X-Content-Type-Options: nosniff" header does not exist.' + dsl: + - '!contains(header, "X-Content-Type-Options: nosniff")' From 39807c34311243b13b1bc7e5d35a0a89fd118a43 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 27 Sep 2023 12:08:34 +0330 Subject: [PATCH 55/88] Create 14.4.5.yaml Signed-off-by: Hamed Salimian --- templates/14.4.5.yaml | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 templates/14.4.5.yaml diff --git a/templates/14.4.5.yaml b/templates/14.4.5.yaml new file mode 100644 index 0000000..54e39ff --- /dev/null +++ b/templates/14.4.5.yaml @@ -0,0 +1,44 @@ +id: ASVS-4-0-3-V14-4-5 + +info: + name: ASVS 14.4.5 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-523 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html + tags: asvs,14.4.5 + description: | + Verify that a Strict-Transport-Security header is included on all responses and for all subdomains, such as Strict-Transport-Security: max-age=15724800; includeSubdomains. + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + extractors: + - type: kval + name: "Strict-Transport-Security" + part: header + kval: + - Strict_Transport_Security + + stop-at-first-match: true + matchers: + - type: word + name: 'Strict-Transport-Security (HSTS) header does not exist.' + part: header + negative: true + words: + - 'Strict-Transport-Security:' + - type: regex + name: "Strict-Transport-Security (HSTS) header does not include subdomains." + negative: true + regex: + - (?i)Strict-Transport-Security:\s*.*\bincludeSubdomains\b + part: header From c061a415cf63ef6845259c3598802fcb5ec0522c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 27 Sep 2023 15:14:13 +0330 Subject: [PATCH 56/88] Update 14.4.5.yaml Signed-off-by: Hamed Salimian --- templates/14.4.5.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/14.4.5.yaml b/templates/14.4.5.yaml index 54e39ff..796e42f 100644 --- a/templates/14.4.5.yaml +++ b/templates/14.4.5.yaml @@ -31,13 +31,13 @@ http: stop-at-first-match: true matchers: - type: word - name: 'Strict-Transport-Security (HSTS) header does not exist.' + name: "'Strict-Transport-Security' (HSTS) header does not exist." part: header negative: true words: - 'Strict-Transport-Security:' - type: regex - name: "Strict-Transport-Security (HSTS) header does not include subdomains." + name: "'Strict-Transport-Security' (HSTS) header does not include subdomains." negative: true regex: - (?i)Strict-Transport-Security:\s*.*\bincludeSubdomains\b From 5f556b039d6f414c1c5a823a6baf2f5baa146a96 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 27 Sep 2023 15:15:41 +0330 Subject: [PATCH 57/88] Create 14.4.6.yaml Signed-off-by: Hamed Salimian --- templates/14.4.6.yaml | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 templates/14.4.6.yaml diff --git a/templates/14.4.6.yaml b/templates/14.4.6.yaml new file mode 100644 index 0000000..1879bb8 --- /dev/null +++ b/templates/14.4.6.yaml @@ -0,0 +1,44 @@ +id: ASVS-4-0-3-V14-4-6 + +info: + name: ASVS 14.4.6 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-116 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#referrer-policy + tags: asvs,14.4.6 + description: | + Verify that a suitable Referrer-Policy header is included to avoid exposing sensitive information in the URL through the Referer header to untrusted parties. + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + extractors: + - type: kval + name: "Referrer-Policy" + part: header + kval: + - Referrer_Policy + + matchers-condition: and + matchers: + - type: regex + name: "'Referrer-Policy' header does not exist or does not contain 'strict-origin-when-cross-origin'" + negative: true + regex: + - (?i)Referrer-Policy:\s*.*\bstrict-origin-when-cross-origin\b + part: header + - type: regex + name: "referrer policy inside HTML meta tag does not exist or does not contain 'strict-origin-when-cross-origin'." + negative: true + regex: + - (?i) + part: body From 39cfc156d406b34e3591bc01117153f7092ffb21 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 27 Sep 2023 18:32:10 +0330 Subject: [PATCH 58/88] Create 14.4.7.yaml Signed-off-by: Hamed Salimian --- templates/14.4.7.yaml | 56 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 templates/14.4.7.yaml diff --git a/templates/14.4.7.yaml b/templates/14.4.7.yaml new file mode 100644 index 0000000..63fe662 --- /dev/null +++ b/templates/14.4.7.yaml @@ -0,0 +1,56 @@ +id: ASVS-4-0-3-V14-4-7 + +info: + name: ASVS 14.4.7 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-1021 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-frame-options + - https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#content-security-policy + tags: asvs,14.4.7 + description: | + Verify that the content of a web application cannot be embedded in a third-party site by default and that embedding of the exact resources is only allowed where necessary by using suitable Content-Security-Policy: frame-ancestors and X-Frame-Options response headers. + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: close + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + extractors: + - type: kval + name: "X-Frame-Options header" + part: header + kval: + - X_Frame_Options + - type: kval + name: "Content-Security-Policy header" + part: header + kval: + - Content_Security_Policy + - type: regex + name: 'Content Security Policy (CSP) Meta Tag' + part: body + regex: + - (?i) + + matchers-condition: and + matchers: + - type: regex + name: "'X-Frame-Options' header with 'DENY' or 'SAMEORIGIN' and 'Content-Security-Policy' (CSP) header with 'frame-ancestors' directive do not exist." + negative: true + regex: + - (?i)X-Frame-Options:\s*.*\b(DENY|SAMEORIGIN)\b + - (?i)Content-Security-Policy:[^;]*frame-ancestors + part: header + - type: regex + name: "Content Security Policy (CSP) inside HTML meta tag with 'frame-ancestors' directive does not exist." + negative: true + regex: + - (?i)]*content=["'][^"']*frame-ancestors[^"']*["'][^>]*> + part: body From 05710245d77da50210aa5a06650520553918f5dd Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 29 Sep 2023 12:28:36 +0330 Subject: [PATCH 59/88] Update 13.2.1.yaml Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 5e3f4b0..9a99776 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -3,7 +3,7 @@ id: ASVS-4-0-3-V13-2-1 info: name: ASVS 13.2.1 Check author: Hamed Salimian - severity: high + severity: medium classification: cwe-id: CWE-650 reference: From 4a47e7b995beb09f0c92e5a0364e19a279f3e35b Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 1 Oct 2023 04:58:11 +0000 Subject: [PATCH 60/88] Update Submodule --- Vulnerable-Pages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vulnerable-Pages b/Vulnerable-Pages index 982975c..507f941 160000 --- a/Vulnerable-Pages +++ b/Vulnerable-Pages @@ -1 +1 @@ -Subproject commit 982975c8775116be62cd507660d125e888f17b4a +Subproject commit 507f941014b049f142efe02c3bda411c34b376e2 From 5331b7243e3b93aebff96ab6c23efca3517a7afb Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 6 Oct 2023 15:28:21 +0330 Subject: [PATCH 61/88] Create 14.5.2.yaml Signed-off-by: Hamed Salimian --- templates/14.5.2.yaml | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 templates/14.5.2.yaml diff --git a/templates/14.5.2.yaml b/templates/14.5.2.yaml new file mode 100644 index 0000000..16eb225 --- /dev/null +++ b/templates/14.5.2.yaml @@ -0,0 +1,48 @@ +id: ASVS-4-0-3-V14-5-2 + +info: + name: ASVS 14.5.2 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-346 + reference: + - https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_2/ + tags: asvs,14.5.2 + description: | + Verify that the supplied Origin header is not used for authentication or access control decisions, as the Origin header can easily be changed by an attacker. + +variables: + forbidden_status_code: 403 + +http: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Origin: {{origin_schema}}{{origin_host}}{{origin_port}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: */* + + cookie-reuse: true + payloads: + origin_host: + - 127.0.0.1 + - localhost + - '{{resolve("{{FQDN}}")}}' + origin_schema: + - http:// + - https:// + origin_port: + - + - :80 + - :443 + attack: clusterbomb + + stop-at-first-match: true + matchers: + - type: dsl + name: 'Access Restriction Bypass Via Origin Spoof' + dsl: + - status_code < 210 && status_code >= 200 + - to_number(forbidden_status_code) != status_code From 952a0ef929406112101deb222f8df6c19b702513 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 6 Oct 2023 19:40:51 +0330 Subject: [PATCH 62/88] Create 14.5.3.yaml Signed-off-by: Hamed Salimian --- templates/14.5.3.yaml | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 templates/14.5.3.yaml diff --git a/templates/14.5.3.yaml b/templates/14.5.3.yaml new file mode 100644 index 0000000..1d48bd1 --- /dev/null +++ b/templates/14.5.3.yaml @@ -0,0 +1,50 @@ +id: ASVS-4-0-3-V14-5-3 + +info: + name: ASVS 14.5.3 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-346 + reference: + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing + - https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_3/ + tags: asvs,14.5.3 + description: | + Verify that the Cross-Origin Resource Sharing (CORS) Access-Control-Allow-Origin header uses a strict allow list of trusted domains and subdomains to match against and does not support the "null" origin. + +http: + - method: DELETE + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Access-Control-Request-Method: DELETE + Origin: https://attacker.com + Referer: https://attacker.com/ + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 + Accept: "*/*" + + extractors: + - type: kval + part: header + name: "Access-Control-Allow-Origin header" + kval: + - Access_Control_Allow_Origin + + matchers: + - type: word + name: "Wildcard directive in Access-Control-Allow-Origin" + part: access_control_allow_origin + words: + - "*" + - type: word + name: "Access-Control-Allow-Origin reflects Origin header" + part: access_control_allow_origin + words: + - "attacker.com" + - type: word + name: "Access-Control-Allow-Origin is null" + part: access_control_allow_origin + words: + - "null" From 651eb3d7402ce1ff71d457eb2e74b31f774ceede Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 14 Oct 2023 11:52:27 +0330 Subject: [PATCH 63/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 1 - 1 file changed, 1 deletion(-) diff --git a/tab_contributing.md b/tab_contributing.md index e1a150d..633a668 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,4 +15,3 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Reza Saeedi](https://github.com/Reza-saeedi) From 75b9111b4cfd8523373889dd622b34c7e78b552a Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 14 Oct 2023 11:52:48 +0330 Subject: [PATCH 64/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 091b4a0..3654252 100644 --- a/README.md +++ b/README.md @@ -23,5 +23,4 @@ For detailed information and guidelines about contributing in developing templat #### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Reza Saeedi](https://github.com/Reza-saeedi) From 74c40d9dfca00459be9dff5928d31acc4220901d Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 14 Oct 2023 11:53:51 +0330 Subject: [PATCH 65/88] Update tab_contributing.md Signed-off-by: Hamed Salimian --- tab_contributing.md | 1 - 1 file changed, 1 deletion(-) diff --git a/tab_contributing.md b/tab_contributing.md index e1a150d..633a668 100644 --- a/tab_contributing.md +++ b/tab_contributing.md @@ -15,4 +15,3 @@ For detailed information and guidelines about contributing in "ASVS evaluation t ### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Reza Saeedi](https://github.com/Reza-saeedi) From 8f7c2515f43e19c5ddc56661a63fb3938f83d1f3 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 14 Oct 2023 11:54:11 +0330 Subject: [PATCH 66/88] Update README.md Signed-off-by: Hamed Salimian --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 091b4a0..3654252 100644 --- a/README.md +++ b/README.md @@ -23,5 +23,4 @@ For detailed information and guidelines about contributing in developing templat #### Core Team The project current core team are: - [Hamed Salimain](https://github.com/Snbig) (Project Leader) -- [Reza Saeedi](https://github.com/Reza-saeedi) From f0bcbbb363324fff6452ea927791cd621f59fd45 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 16 Oct 2023 18:24:21 +0330 Subject: [PATCH 67/88] Update 13.2.1.yaml Signed-off-by: Hamed Salimian --- templates/13.2.1.yaml | 113 ++++-------------------------------------- 1 file changed, 9 insertions(+), 104 deletions(-) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 9a99776..1f57bb9 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -21,33 +21,21 @@ http: Host: "{{Hostname}}" Cookie: "{{Cookie}}" extractors: - - type: regex - name: "potentially risky methods (OPTIONS check)" - part: header - regex: - - "(PUT|DELETE|TRACE|PATCH|CONNECT)" - type: kval - name: "Access-Control-Allow-Methods" part: header kval: - Access_Control_Allow_Methods + - type: kval + part: header + kval: + - Allow matchers: - type: regex + name: "potentially risky methods (OPTIONS check)" part: header regex: - - "(PUT|DELETE|TRACE|PATCH|CONNECT)" - - - raw: - - | - {{to_upper(rand_text_alpha(4))}} {{Path}} HTTP/1.1 - Host: {{Hostname}} - Cookie: {{Cookie}} - extractors: - - type: dsl - internal: true - name: rand_resp - dsl: - - status_code + - (?i)Access-Control-Allow-Methods:\s*.*\b(PUT|DELETE)\b + - (?i)Allow:\s*.*\b(PUT|DELETE)\b - method: PUT path: @@ -58,19 +46,15 @@ http: body: "HTTP PUT Method is Enabled" extractors: - type: dsl - name: "PUT method is Enabled" dsl: - status_code - matchers-condition: and matchers: - type: status + name: "PUT method is Enabled" negative: true status: - 405 - 501 - - type: dsl - dsl: - - "(status_code < 210 && status_code >= 200) && (rand_resp != status_code)" - method: DELETE path: @@ -80,91 +64,12 @@ http: Cookie: "{{Cookie}}" extractors: - type: dsl - name: "DELETE method is Enabled" dsl: - status_code - matchers-condition: and - matchers: - - type: status - negative: true - status: - - 405 - - 501 - - type: dsl - negative: true - dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - - - method: TRACE - path: - - "{{BaseURL}}" - headers: - Host: "{{Hostname}}" - Cookie: "{{Cookie}}" - extractors: - - type: dsl - name: "TRACE method is Enabled" - dsl: - - status_code - matchers-condition: and - matchers: - - type: status - negative: true - status: - - 405 - - 501 - - type: dsl - negative: true - dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - - type: regex - part: body - regex: - - '^TRACE \S+ HTTP\/[0-9]\.[0-9]' - - - method: PATCH - path: - - "{{BaseURL}}" - headers: - Host: "{{Hostname}}" - Cookie: "{{Cookie}}" - body: "" - extractors: - - type: dsl - name: "PATCH method is Enabled" - dsl: - - status_code - matchers-condition: and - matchers: - - type: status - negative: true - status: - - 405 - - 501 - - type: dsl - negative: true - dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" - - - method: CONNECT - path: - - "{{BaseURL}}" - headers: - Host: "{{Hostname}}" - Cookie: "{{Cookie}}" - extractors: - - type: dsl - name: "CONNECT method is Enabled" - dsl: - - status_code - matchers-condition: and matchers: - type: status + name: "DELETE method is Enabled" negative: true status: - 405 - 501 - - type: dsl - negative: true - dsl: - - "(status_code < 600 && status_code >= 400) || (rand_resp == status_code)" From 53366864053009783fef2c4229ed566132e622b7 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 16 Oct 2023 18:25:17 +0330 Subject: [PATCH 68/88] Create 14.5.1.yaml Signed-off-by: Hamed Salimian --- templates/14.5.1.yaml | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 templates/14.5.1.yaml diff --git a/templates/14.5.1.yaml b/templates/14.5.1.yaml new file mode 100644 index 0000000..cc9f89d --- /dev/null +++ b/templates/14.5.1.yaml @@ -0,0 +1,48 @@ +id: ASVS-4-0-3-V14-5-1 + +info: + name: ASVS 14.5.1 Check + author: Hamed Salimian + severity: medium + classification: + cwe-id: CWE-749 + reference: + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods.html + tags: asvs,14.5.1 + description: | + Verify that the application server only accepts the HTTP methods in use by the application/API, including pre-flight OPTIONS, and logs/alerts on any requests that are not valid for the application context. + +http: + - method: TRACE + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + extractors: + - type: dsl + name: "TRACE method is Enabled" + dsl: + - status_code + matchers-condition: and + matchers: + - type: status + negative: true + status: + - 405 + - 501 + - type: regex + part: body + regex: + - '^TRACE \S+ HTTP\/[0-9]\.[0-9]' + + - raw: + - | + {{to_upper(rand_text_alpha(4))}} {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + matchers: + - type: status + name: "CUSTOM method is allowed." + negative: true + status: + - 405 + - 501 From bd8ac05d92f91ece35cedcd77e82f5a365eec391 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 17 Oct 2023 07:54:15 +0330 Subject: [PATCH 69/88] Update 14.5.1.yaml Signed-off-by: Hamed Salimian --- templates/14.5.1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/14.5.1.yaml b/templates/14.5.1.yaml index cc9f89d..bdde8bd 100644 --- a/templates/14.5.1.yaml +++ b/templates/14.5.1.yaml @@ -3,7 +3,7 @@ id: ASVS-4-0-3-V14-5-1 info: name: ASVS 14.5.1 Check author: Hamed Salimian - severity: medium + severity: low classification: cwe-id: CWE-749 reference: From 764c29901fcdd10cf2692b294052eb77fadb6d83 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 17 Oct 2023 05:31:37 +0000 Subject: [PATCH 70/88] Update 13.2.1 14.5.1 --- templates/13.2.1.yaml | 4 ++++ templates/14.5.1.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index 1f57bb9..d996df8 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -55,6 +55,8 @@ http: status: - 405 - 501 + - 400 + - 404 - method: DELETE path: @@ -73,3 +75,5 @@ http: status: - 405 - 501 + - 400 + - 404 diff --git a/templates/14.5.1.yaml b/templates/14.5.1.yaml index bdde8bd..ddb9334 100644 --- a/templates/14.5.1.yaml +++ b/templates/14.5.1.yaml @@ -30,6 +30,8 @@ http: status: - 405 - 501 + - 404 + - 400 - type: regex part: body regex: @@ -46,3 +48,5 @@ http: status: - 405 - 501 + - 404 + - 400 From e848627bec2cbddb31eb35eced9e009f9bc1df0d Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 12 Nov 2023 06:08:10 +0000 Subject: [PATCH 71/88] Add 14.3.2 workflow --- templates/workflows/14.3.2.yaml | 40 +++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 templates/workflows/14.3.2.yaml diff --git a/templates/workflows/14.3.2.yaml b/templates/workflows/14.3.2.yaml new file mode 100644 index 0000000..ce7ab3e --- /dev/null +++ b/templates/workflows/14.3.2.yaml @@ -0,0 +1,40 @@ +id: ASVS-4-0-3-V14-3-2 + +info: + name: ASVS 14.3.2 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-497 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html + tags: asvs,14.3.2,debug + description: | + Verify that web or application server and application framework debug modes are disabled in production to eliminate debug features, developer consoles, and unintended security disclosures. + +workflows: + - template: misconfiguration/symfony-debug.yaml + - template: exposures/logs/rails-debug-mode.yaml + - template: misconfiguration/debug/bottle-debug.yaml + - template: misconfiguration/debug/ampache-debug.yaml + - template: misconfiguration/laravel-debug-enabled.yaml + - template: misconfiguration/laravel-debug-infoleak.yaml + - template: misconfiguration/laravel-debug-error.yaml + - template: misconfiguration/aspx-debug-mode.yaml + - template: exposures/logs/jboss-seam-debug-page.yaml + - template: misconfiguration/struts-ognl-console.yaml + - template: exposures/logs/struts-problem-report.yaml + - template: misconfiguration/sitecore-debug-page.yaml + - template: exposures/logs/django-debug-exposure.yaml + - template: misconfiguration/rekognition-image-validation.yaml + - template: misconfiguration/browserless-debugger.yaml + - template: exposures/logs/struts-debug-mode.yaml + - template: misconfiguration/django-debug-detect.yaml + - template: misconfiguration/airflow/airflow-debug.yaml + - template: misconfiguration/php-debugbar-exposure.yaml + - template: misconfiguration/wamp-xdebug-detect.yaml + - template: misconfiguration/typo3-debug-mode.yaml + - template: exposures/logs/pyramid-debug-toolbar.yaml + - template: misconfiguration/php-errors.yaml + - template: vulnerabilities/jenkins/jenkins-stack-trace.yaml + - template: technologies/werkzeug-debugger-detect.yaml \ No newline at end of file From 83412b15e382561e8bee7a4829fa16d4de1674ee Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 25 Nov 2023 07:20:55 +0000 Subject: [PATCH 72/88] Create 14.2.3.yaml --- templates/headless/14.2.3.yaml | 51 ++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 templates/headless/14.2.3.yaml diff --git a/templates/headless/14.2.3.yaml b/templates/headless/14.2.3.yaml new file mode 100644 index 0000000..c83b2d3 --- /dev/null +++ b/templates/headless/14.2.3.yaml @@ -0,0 +1,51 @@ +id: ASVS-4-0-3-V14-2-3 + +info: + name: ASVS 14.2.3 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-829 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity + tags: asvs,14.2.3 + description: | + Verify that if application assets, such as JavaScript libraries, CSS or web fonts, are hosted externally on a Content Delivery Network (CDN) or external provider, Subresource Integrity (SRI) is used to validate the integrity of the asset. + +headless: + - steps: + - args: + url: "{{BaseURL}}" + action: navigate + + - action: waitload + + - action: script + name: assets_with_external_fqdn + args: + code: | + () => { + var currentLocation = document.location.host; + var xpathExpression = "//*[self::script or self::link]" + + "[not(contains(@src, '" + currentLocation + "') or contains(@href, '" + currentLocation + "'))" + + " and ((contains(@href,'//') or contains(@src,'//')) and not(contains(translate(@integrity,'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz'),'sha')))]"; + + var matchingNodes = document.evaluate(xpathExpression, document, null, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null); + + var matchingTagsAsString = []; + for (var i = 0; i < matchingNodes.snapshotLength; i++) { + var node = matchingNodes.snapshotItem(i); + matchingTagsAsString.push(new XMLSerializer().serializeToString(node)); + } + return matchingTagsAsString.join(''); + } + + extractors: + - type: kval + kval: + - assets_with_external_fqdn + + matchers: + - type: dsl + dsl: + - len(assets_with_external_fqdn) > 0 \ No newline at end of file From 677e15699f0db116912269809af898d5ad61ef55 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 25 Nov 2023 07:50:46 +0000 Subject: [PATCH 73/88] Update Submodule --- Vulnerable-Pages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vulnerable-Pages b/Vulnerable-Pages index 507f941..fe1dced 160000 --- a/Vulnerable-Pages +++ b/Vulnerable-Pages @@ -1 +1 @@ -Subproject commit 507f941014b049f142efe02c3bda411c34b376e2 +Subproject commit fe1dced06e1e47a9985477251a8f02914d901031 From 1f981bf442210f6b17ed7609d891b2f03ee784de Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 25 Nov 2023 17:17:21 +0330 Subject: [PATCH 74/88] Update 14.2.3.yaml Signed-off-by: Hamed Salimian --- templates/headless/14.2.3.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/headless/14.2.3.yaml b/templates/headless/14.2.3.yaml index c83b2d3..95bc987 100644 --- a/templates/headless/14.2.3.yaml +++ b/templates/headless/14.2.3.yaml @@ -37,15 +37,15 @@ headless: var node = matchingNodes.snapshotItem(i); matchingTagsAsString.push(new XMLSerializer().serializeToString(node)); } - return matchingTagsAsString.join(''); + return matchingTagsAsString.join('|'); } extractors: - - type: kval - kval: - - assets_with_external_fqdn + - type: dsl + dsl: + - trim(split(assets_with_external_fqdn, '|'), '[]') matchers: - type: dsl dsl: - - len(assets_with_external_fqdn) > 0 \ No newline at end of file + - len(trim(split(assets_with_external_fqdn, '|'), '[]')) > 0 From a28064859e20fd113fb18bcebbb56fa77af50e7f Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 11 Dec 2023 10:09:49 +0330 Subject: [PATCH 75/88] Create 13.3.1.yaml Signed-off-by: Hamed Salimian --- templates/13.3.1.yaml | 52 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 templates/13.3.1.yaml diff --git a/templates/13.3.1.yaml b/templates/13.3.1.yaml new file mode 100644 index 0000000..8969e5c --- /dev/null +++ b/templates/13.3.1.yaml @@ -0,0 +1,52 @@ +id: ASVS-4-0-3-V13-3-1 + +info: + name: ASVS 13.3.1 Check + author: Hamed Salimian + severity: medium + classification: + cwe-id: CWE-20 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html + - https://snbig.github.io/Vulnerable-Pages/ASVS_13_3_1/index.html + tags: asvs,13.3.1 + description: | + Verify that XSD schema validation takes place to ensure a properly formed XML document, followed by validation of each input field before any processing of that data takes place. + +variables: + valid_xml: JohnJohn.Doe@mail.com + invalid_xml: JohnJohn.Doe + +http: + - method: POST + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Content-type: "application/xml" + body: "{{valid_xml}}" + + - method: POST + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Content-type: "application/xml" + body: "{{invalid_xml}}" + + extractors: + - type: dsl + name: "Valid xml submission status code" + dsl: + - http_1_status_code + + - type: dsl + name: "Invalid xml submission status code" + dsl: + - http_2_status_code + + matchers: + - type: dsl + name: "XSD schema validation does not take place" + dsl: + - http_1_status_code == http_2_status_code From 06ea7cd535c89d72ff358c84ea2f612ac492b39b Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 11 Dec 2023 10:12:01 +0330 Subject: [PATCH 76/88] Update 13.3.1.yaml Signed-off-by: Hamed Salimian --- templates/13.3.1.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/13.3.1.yaml b/templates/13.3.1.yaml index 8969e5c..58463c4 100644 --- a/templates/13.3.1.yaml +++ b/templates/13.3.1.yaml @@ -25,7 +25,7 @@ http: Host: "{{Hostname}}" Content-type: "application/xml" body: "{{valid_xml}}" - + - method: POST path: - "{{BaseURL}}" @@ -39,7 +39,7 @@ http: name: "Valid xml submission status code" dsl: - http_1_status_code - + - type: dsl name: "Invalid xml submission status code" dsl: From ce9dae453d31ad1cd10ecc2583667981bdc3d493 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 11 Dec 2023 10:16:53 +0330 Subject: [PATCH 77/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 2656ccd..b12b53f 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -11,7 +11,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 @@ -21,9 +21,10 @@ jobs: go-version: 1.20.x - name: nuclei install - run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest + run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest - name: Template Validation run: | cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -w ./templates/workflows -allow-local-file-access From 91f872d10826eef04595416c5049a3b3790cdc76 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 11 Dec 2023 10:23:39 +0330 Subject: [PATCH 78/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index b12b53f..806221e 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -18,7 +18,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x - name: nuclei install run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest @@ -27,4 +27,4 @@ jobs: run: | cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates nuclei -duc -validate -allow-local-file-access - nuclei -duc -validate -w ./templates/workflows -allow-local-file-access + nuclei -duc -validate -w nuclei-templates/workflows -allow-local-file-access From b125204938f36cbce56ad7093fb30628fe207b0a Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Mon, 11 Dec 2023 10:26:15 +0330 Subject: [PATCH 79/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 806221e..946c11b 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -27,4 +27,4 @@ jobs: run: | cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates nuclei -duc -validate -allow-local-file-access - nuclei -duc -validate -w nuclei-templates/workflows -allow-local-file-access + nuclei -duc -validate -w ./workflows -allow-local-file-access From 4465acb4303088f1d9e5246acf30801e73b3767c Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 12 Dec 2023 08:35:55 +0330 Subject: [PATCH 80/88] Create 13.2.2.yaml Signed-off-by: Hamed Salimian --- templates/13.2.2.yaml | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 templates/13.2.2.yaml diff --git a/templates/13.2.2.yaml b/templates/13.2.2.yaml new file mode 100644 index 0000000..f095523 --- /dev/null +++ b/templates/13.2.2.yaml @@ -0,0 +1,51 @@ +id: ASVS-4-0-3-V13-2-2 + +info: + name: ASVS 13.2.2 Check + author: Hamed Salimian + severity: medium + classification: + cwe-id: CWE-20 + reference: + - https://snbig.github.io/Vulnerable-Pages/ASVS_13_2_2/index.html + tags: asvs,13.2.2 + description: | + Verify that JSON schema validation is in place and verified before accepting input. + +variables: + valid_json: '{"name":"John Doe","age":20}' + invalid_json: '{"name":"John Doe","age":200}' + +http: + - method: POST + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Content-type: "application/json" + body: "{{valid_json}}" + + - method: POST + path: + - "{{BaseURL}}" + headers: + Host: "{{Hostname}}" + Content-type: "application/json" + body: "{{invalid_json}}" + + extractors: + - type: dsl + name: "Valid json submission status code" + dsl: + - http_1_status_code + + - type: dsl + name: "Invalid json submission status code" + dsl: + - http_2_status_code + + matchers: + - type: dsl + name: "JSON schema validation does not take place" + dsl: + - http_1_status_code == http_2_status_code From 3f1279e6810b34fc616f53bc160ee202813c9651 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 12 Dec 2023 08:38:55 +0330 Subject: [PATCH 81/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 946c11b..3caedc5 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -27,4 +27,3 @@ jobs: run: | cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates nuclei -duc -validate -allow-local-file-access - nuclei -duc -validate -w ./workflows -allow-local-file-access From 6d03ed74d6fb2bd9f2df914ee112404174bae8c2 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 12 Dec 2023 05:16:48 +0000 Subject: [PATCH 82/88] Update submodule --- Vulnerable-Pages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vulnerable-Pages b/Vulnerable-Pages index fe1dced..266f974 160000 --- a/Vulnerable-Pages +++ b/Vulnerable-Pages @@ -1 +1 @@ -Subproject commit fe1dced06e1e47a9985477251a8f02914d901031 +Subproject commit 266f9741658e1da4ac76d42e5121f0721063070c From b6fb75318f07034b3dd9d5260535d67a35e84746 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 2 Jan 2024 07:30:03 +0330 Subject: [PATCH 83/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 2656ccd..3caedc5 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -11,17 +11,17 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x - name: nuclei install - run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest + run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest - name: Template Validation run: | From edfac2de988f2bccc44af6cb21f21145e9de040b Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Tue, 16 Apr 2024 08:25:36 +0330 Subject: [PATCH 84/88] Update CONTRIBUTING.md Signed-off-by: Hamed Salimian --- CONTRIBUTING.md | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 526ffda..56ce161 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,16 +1,25 @@ +# Contributing -## Contributing +If you have any idea to improve templates or want to share experience and give feedback on this project, we'd love to hear from you in the following ways: -If you have any idea to improve templates or want to share experience and give feedback on this project, we'd love to hear from you in following ways: +## Asking Questions - -### Asking Questions You can use either Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43) to ask questions. -### Create issues +## Create Issues Before raising pull requests, please create an [Issue](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/issues) first to be discussed for missing requirements, content or errors. Please explain the issue in detail including references if available and suggest where it could be added. -### Open a Pull Request -- Your pull request may be merged after review. -- Commits must be [signed off](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). +## Open a Pull Request + +Your pull request should be placed against the `dev` branch. + +Here are some guidelines for opening a pull request: + +- Ensure your changes align with the project's goals and coding standards. +- Keep your pull request focused and specific; avoid bundling unrelated changes. +- Write clear and descriptive commit messages. +- Your pull request may be merged after review. +- Commits must be [signed off](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). + +Thank you for contributing to our project! From 762325a9fd1e20bdd0d11c1de7f456c8c21c82e1 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 5 Jun 2024 19:42:50 +0330 Subject: [PATCH 85/88] =?UTF-8?q?Create=20FUNDING.yml=20=E2=9D=A4=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hamed Salimian --- .github/FUNDING.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..c9aaa22 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: OWASP +custom: "https://owasp.org/donate/?reponame=www-project-asvs-security-evaluation-templates-with-nuclei&title=OWASP+ASVS+Security+Evaluation+Templates+with+Nuclei" From afa9143bced4e5a1a75713dc883e815b324873c2 Mon Sep 17 00:00:00 2001 From: Starr Brown <112129498+mamicidal@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:54:53 -0400 Subject: [PATCH 86/88] Update leaders.md Update email Signed-off-by: Starr Brown <112129498+mamicidal@users.noreply.github.com> --- leaders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/leaders.md b/leaders.md index bd772a6..63cf898 100644 --- a/leaders.md +++ b/leaders.md @@ -1,2 +1,2 @@ ### Leaders -* [Hamed Salimian](mailto:snbig@pm.me) +* [Hamed Salimian](mailto:hamed.salimian@owasp.org) From a52f2ddf53cb29679f97f45e312aa67c0fa53b86 Mon Sep 17 00:00:00 2001 From: Starr Brown <112129498+mamicidal@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:54:53 -0400 Subject: [PATCH 87/88] Update leaders.md Update email Signed-off-by: Starr Brown <112129498+mamicidal@users.noreply.github.com> --- leaders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/leaders.md b/leaders.md index bd772a6..63cf898 100644 --- a/leaders.md +++ b/leaders.md @@ -1,2 +1,2 @@ ### Leaders -* [Hamed Salimian](mailto:snbig@pm.me) +* [Hamed Salimian](mailto:hamed.salimian@owasp.org) From 1dbdc388b9475273093734ce36661002d8609cd6 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Wed, 11 Sep 2024 07:48:42 +0330 Subject: [PATCH 88/88] Update template-validate.yml Signed-off-by: Hamed Salimian --- .github/workflows/template-validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 3caedc5..213dda0 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -27,3 +27,4 @@ jobs: run: | cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -allow-local-file-access -w /home/runner/nuclei-templates/workflows