From 4b97c79301db668788bb566b4b3aba8419bde582 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 30 Nov 2024 08:48:39 +0330 Subject: [PATCH 1/3] Update template-sign.yml Fix repo. Signed-off-by: Hamed Salimian --- .github/workflows/template-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-sign.yml b/.github/workflows/template-sign.yml index a6cdf75..6e089f6 100644 --- a/.github/workflows/template-sign.yml +++ b/.github/workflows/template-sign.yml @@ -11,7 +11,7 @@ on: jobs: build: runs-on: ubuntu-latest - if: github.repository == 'projectdiscovery/nuclei-templates' + if: github.repository == 'OWASP/www-project-asvs-security-evaluation-templates-with-nuclei' steps: - uses: actions/checkout@v4 - uses: projectdiscovery/actions/setup/nuclei@v1 From fe7e94fd8a9fb89254e59c08a6bb896b1f920931 Mon Sep 17 00:00:00 2001 From: ghost Date: Sat, 30 Nov 2024 06:35:40 +0000 Subject: [PATCH 2/3] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/12.1.1.yaml | 3 ++- templates/12.6.1.yaml | 2 ++ templates/13.2.1.yaml | 2 ++ templates/13.2.2.yaml | 2 ++ templates/13.3.1.yaml | 2 ++ templates/14.4.1.yaml | 2 ++ templates/14.4.2.yaml | 2 ++ templates/14.4.3.yaml | 2 ++ templates/14.4.4.yaml | 2 ++ templates/14.4.5.yaml | 2 ++ templates/14.4.6.yaml | 2 ++ templates/14.4.7.yaml | 2 ++ templates/14.5.1.yaml | 2 ++ templates/14.5.2.yaml | 2 ++ templates/14.5.3.yaml | 2 ++ templates/5.1.5.yaml | 2 ++ templates/8.2.1.yaml | 2 ++ templates/9.1.2.yaml | 2 ++ templates/9.1.3.yaml | 2 ++ templates/dast/12.3.3.yaml | 2 ++ templates/dast/5.2.5.1.yaml | 2 ++ templates/dast/5.2.6.yaml | 2 ++ templates/dast/5.3.3.2.yaml | 2 ++ templates/dast/5.5.2.yaml | 2 ++ templates/headless/14.2.3.yaml | 2 ++ templates/headless/5.3.3.1.yaml | 3 ++- 26 files changed, 52 insertions(+), 2 deletions(-) diff --git a/templates/12.1.1.yaml b/templates/12.1.1.yaml index 60d8604..5f3c1d6 100644 --- a/templates/12.1.1.yaml +++ b/templates/12.1.1.yaml @@ -61,4 +61,5 @@ http: condition: and dsl: - status_code_2 < 210 && status_code_2 >= 200 - - status_code_2 == status_code \ No newline at end of file + - status_code_2 == status_code +# digest: 4a0a00473045022100ed852a180529b97f21b9d9350e8d5b2767e07fb510c9679d996943fba23e089a0220511f0ae51c878706aacd36e2cff2ba3588d444555d6c92f6fddcacf680ccbd02:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/12.6.1.yaml b/templates/12.6.1.yaml index df170e0..220cf08 100644 --- a/templates/12.6.1.yaml +++ b/templates/12.6.1.yaml @@ -56,3 +56,5 @@ http: words: - "http" - "dns" + +# digest: 4b0a00483046022100cfb30937dcee2b4ad9d0283d5ac976acd3214a668bc4192bc723357a040eeb1f0221008ee0614a0fac834b615a792c135cb7dba9d5f113212c25030acdc7a4771a7eca:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/13.2.1.yaml b/templates/13.2.1.yaml index d996df8..4bf2d2b 100644 --- a/templates/13.2.1.yaml +++ b/templates/13.2.1.yaml @@ -77,3 +77,5 @@ http: - 501 - 400 - 404 + +# digest: 4a0a0047304502201e2b6ef9d5fad256778bebf27037ad8304fcd1f611f5506a12d01728a66057f8022100eea5743362910e6fb66690f49da281eba1c5f90c2c47887d77656cee01f668bf:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/13.2.2.yaml b/templates/13.2.2.yaml index f095523..9335b71 100644 --- a/templates/13.2.2.yaml +++ b/templates/13.2.2.yaml @@ -49,3 +49,5 @@ http: name: "JSON schema validation does not take place" dsl: - http_1_status_code == http_2_status_code + +# digest: 4a0a0047304502205a43e4e3d911399b0279a0e36d20c6df789cbc05e893c72c91223bbd5628c558022100c2c4e68d2c524bfad2d6abf7e68e73b3e6f23f6e3576b1118eec73867be21413:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/13.3.1.yaml b/templates/13.3.1.yaml index 58463c4..322c80e 100644 --- a/templates/13.3.1.yaml +++ b/templates/13.3.1.yaml @@ -50,3 +50,5 @@ http: name: "XSD schema validation does not take place" dsl: - http_1_status_code == http_2_status_code + +# digest: 4a0a004730450220553d29d64c11f522860d4ef744b33933542b6159bcf9e3ac9f489e622744a1db022100e94b0bf6b38bf9a610c861d28720f4fb973dd0a832fc57b4872f6e0a81969ac9:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.1.yaml b/templates/14.4.1.yaml index 6610704..443ac78 100644 --- a/templates/14.4.1.yaml +++ b/templates/14.4.1.yaml @@ -61,3 +61,5 @@ http: regex: - (?i)<\?xml\s+version\s*=\s*["'][0-9.]*["']\s+encoding\s*=\s*["'](utf-?8|utf-?16|iso-?8859-?1)["']\s*\?> part: body + +# digest: 4a0a00473045022100b131ce94c26edbe11d5324b84d29f79662a53d29df6fbfe4cc9b9b5a915a95e602206e3c2bbe09245de1b800857b5f05e63a97d4bc0e406e2fe8220d0e864f9f9fa0:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.2.yaml b/templates/14.4.2.yaml index 161a4a5..67dca2f 100644 --- a/templates/14.4.2.yaml +++ b/templates/14.4.2.yaml @@ -27,3 +27,5 @@ http: name: '"Content-Disposition: attachment; filename=" header does not exist.' dsl: - '!contains(header, "Content-Disposition: attachment; filename=")' + +# digest: 4a0a00473045022100977f242960e9d12febd55a9381f673e03fba6321e03b8f2d52a027653a2f23d0022074d165d4d83e3f0e04dfedd8a226344c17ad9b60e0b38679b11ed4d84543d516:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.3.yaml b/templates/14.4.3.yaml index 3b7c3c7..8e81e3e 100644 --- a/templates/14.4.3.yaml +++ b/templates/14.4.3.yaml @@ -36,3 +36,5 @@ http: negative: true regex: - (?i) + +# digest: 4a0a0047304502204e5ca28713bcdaaeb06822a90b46edb4cb86b627a43c88eb732bce4ce949974e0221008c1140ca2bad383399703840bafb577e482984f8fb501578664395430a3b9717:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.4.yaml b/templates/14.4.4.yaml index 6e4a257..b865c81 100644 --- a/templates/14.4.4.yaml +++ b/templates/14.4.4.yaml @@ -26,3 +26,5 @@ http: name: '"X-Content-Type-Options: nosniff" header does not exist.' dsl: - '!contains(header, "X-Content-Type-Options: nosniff")' + +# digest: 4a0a00473045022021b7cc0154b0c7bd2b5ac0ee5deab034b12a3cf59a47bd6a28c39c6a4bd0c7c4022100a24955829e13964f260b1dc1b581c14dfc6eb68789581c68753c873aabe062e7:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.5.yaml b/templates/14.4.5.yaml index 796e42f..65b6e23 100644 --- a/templates/14.4.5.yaml +++ b/templates/14.4.5.yaml @@ -42,3 +42,5 @@ http: regex: - (?i)Strict-Transport-Security:\s*.*\bincludeSubdomains\b part: header + +# digest: 4a0a004730450220644eb8e8c378d2cfe98dbe293b3962740473a3a8e6d67069040ac127f19c3bcf022100f5a7e3ffaef6a581b01b7277334cd6190a6459551e8db7a7df1ca7af83171976:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.6.yaml b/templates/14.4.6.yaml index 1879bb8..87c067a 100644 --- a/templates/14.4.6.yaml +++ b/templates/14.4.6.yaml @@ -42,3 +42,5 @@ http: regex: - (?i) part: body + +# digest: 4a0a00473045022100e70e0364f38ab74fea56856ce5d7a49002e63ffcfc5ad090e4dfd1bee11414ec02204832f0a14a3de7d0afd578e63024ba14eb70db8da4ba3f51b43611fdcc700d1e:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.4.7.yaml b/templates/14.4.7.yaml index 63fe662..3315944 100644 --- a/templates/14.4.7.yaml +++ b/templates/14.4.7.yaml @@ -54,3 +54,5 @@ http: regex: - (?i)]*content=["'][^"']*frame-ancestors[^"']*["'][^>]*> part: body + +# digest: 4a0a00473045022100fdf3617a3b40b43af7b9ea187ae58fd334c6a2cdaa66dc291637fb668545743602206082e3c4fd4e10b8988e214e0384493449542e7ab8a9e61d5b895dfdda05e598:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.5.1.yaml b/templates/14.5.1.yaml index ddb9334..604dda3 100644 --- a/templates/14.5.1.yaml +++ b/templates/14.5.1.yaml @@ -50,3 +50,5 @@ http: - 501 - 404 - 400 + +# digest: 4a0a00473045022100e9008d3ed80049e226d14238f49ec8d94dc8affd52fa512eb337e6970b7985eb022008c1996d924f80cc431443db55b4d5e0a70a33d350f53ff3f18edb6d88d1896c:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.5.2.yaml b/templates/14.5.2.yaml index 16eb225..2b057e0 100644 --- a/templates/14.5.2.yaml +++ b/templates/14.5.2.yaml @@ -46,3 +46,5 @@ http: dsl: - status_code < 210 && status_code >= 200 - to_number(forbidden_status_code) != status_code + +# digest: 490a0046304402204a85e8500309dfa1f935ef7d5506ddf8c9f25ac26171769773c3d8ab8d510a07022065cc0dc83b5dfb52b8e6ebfd23e125442e7340b0b2c5fd41dffc21c1b76323c1:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/14.5.3.yaml b/templates/14.5.3.yaml index 1d48bd1..a4e6761 100644 --- a/templates/14.5.3.yaml +++ b/templates/14.5.3.yaml @@ -48,3 +48,5 @@ http: part: access_control_allow_origin words: - "null" + +# digest: 490a0046304402203dab3e5b26d174760a953d85392340cb58608cb60fdd6ed9393872db1d8234010220255ae97983eec7c21acff3dfbcf29d50182883570aa29c77d2ba91f07d07ace8:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/5.1.5.yaml b/templates/5.1.5.yaml index 6c073bd..7a1e510 100644 --- a/templates/5.1.5.yaml +++ b/templates/5.1.5.yaml @@ -139,3 +139,5 @@ http: - 304 - 307 - 308 + +# digest: 4a0a0047304502206ec6244c2752f17ab14c609aafd0d07a79b5a12eabf28b5e50517b4e3096f3ad022100ca2376250e180e34bde495bcb73a07d9dfe3ccee8e9e2e559a70aef2a255a81d:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/8.2.1.yaml b/templates/8.2.1.yaml index 83002bb..038e03e 100644 --- a/templates/8.2.1.yaml +++ b/templates/8.2.1.yaml @@ -26,3 +26,5 @@ http: regex: - '(?i)cache-control:.*no-store' negative: true + +# digest: 490a00463044022039bd2b86a4b691ac7599de720790ff8a27691d1ebe290d654276f55be597ba08022003c8395bde847d221c4372a9b858d6b5d0b77dc902724de8e175bb2b82400f3d:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/9.1.2.yaml b/templates/9.1.2.yaml index 5170641..16c52dd 100644 --- a/templates/9.1.2.yaml +++ b/templates/9.1.2.yaml @@ -423,3 +423,5 @@ ssl: - "TLS_KRB5_WITH_RC4_128_SHA" - "TLS_RSA_WITH_NULL_SHA" condition: or + +# digest: 490a0046304402201974ed7754084528a7b752fa0f9306c1f8a02e444f3fefd222ff3da81d0a99b7022060e9f16508296e7e5b384550ff780c5a48fb67b2b2a49f5410153823293aca30:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index 325c9f2..3fa1fa6 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,3 +45,5 @@ ssl: - type: json json: - " .tls_version" + +# digest: 4a0a004730450220388a40c3cf9246743cc5b84c0789de363248c315b978b401c5db43ccfbcb27bb022100d85b44781554137e8896ef87b2138a6df6ab09d968685d78ac634878b3c94727:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/12.3.3.yaml b/templates/dast/12.3.3.yaml index 2d92495..6b2e699 100644 --- a/templates/dast/12.3.3.yaml +++ b/templates/dast/12.3.3.yaml @@ -45,3 +45,5 @@ http: words: - "http" - "dns" + +# digest: 4a0a00473045022100f368aa244774591af8882b0c7558e7485ad5e80a2b19d50188c9f93bde0f41a8022054eeb86288f988a190ba7eb40f538583653238ff2c07bc6118b4e7414fd11d40:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.2.5.1.yaml b/templates/dast/5.2.5.1.yaml index a0d8247..b783266 100644 --- a/templates/dast/5.2.5.1.yaml +++ b/templates/dast/5.2.5.1.yaml @@ -56,3 +56,5 @@ http: part: body words: - "{{result}}" + +# digest: 4a0a00473045022029fb655e06763dedf9fc3f7e20519cf4509815ec382b3fc2d57dd86fa52e7cc0022100b40611297a0154436b6b424d0a66c886087063dd32b860bd921a1d6861f75a28:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.2.6.yaml b/templates/dast/5.2.6.yaml index 48d7186..2931a2f 100644 --- a/templates/dast/5.2.6.yaml +++ b/templates/dast/5.2.6.yaml @@ -104,3 +104,5 @@ http: part: body regex: - 'id[\s\S]+interfaces\/' + +# digest: 4a0a0047304502206db35451526c61ae1137857401104fd6fa9ee4991fade362ca16604b56afad20022100e374582eca20f469b35f0a7c915f89b21b9bca7e60a941e3303bd867e7c626d1:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.3.3.2.yaml b/templates/dast/5.3.3.2.yaml index a8d0005..e0b52d5 100644 --- a/templates/dast/5.3.3.2.yaml +++ b/templates/dast/5.3.3.2.yaml @@ -54,3 +54,5 @@ http: part: header words: - "text/html" + +# digest: 4a0a00473045022100dfac5ffdf63003cee159b45ec392c444099dae34f644c2d2b36a8d48542dcb3402203eff2789a448f595c7914604f3b07c377e62dfe21a8061a9220c831a81c16c7d:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.5.2.yaml b/templates/dast/5.5.2.yaml index 13f7fe5..5002388 100644 --- a/templates/dast/5.5.2.yaml +++ b/templates/dast/5.5.2.yaml @@ -60,3 +60,5 @@ http: part: interactsh_protocol words: - "http" + +# digest: 490a0046304402201e80e06dcff15f20d237fabdd7d41a14a5c92d9a8fce39ace9258fabbc0842dc022012dd0137fc6531475d08aea9e2cd60b35791c1c5465b70272185914f925d8347:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/headless/14.2.3.yaml b/templates/headless/14.2.3.yaml index 95bc987..8e3eead 100644 --- a/templates/headless/14.2.3.yaml +++ b/templates/headless/14.2.3.yaml @@ -49,3 +49,5 @@ headless: - type: dsl dsl: - len(trim(split(assets_with_external_fqdn, '|'), '[]')) > 0 + +# digest: 490a00463044022030bba129d709e98d69e14df93e8a8f77cbb7e3d605a26e284d7824bd29b2fcac02204f55d5a72ebb2d880e95eff630c941f07d0ced9bee8e0313dbe2e9b06d4ac496:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/headless/5.3.3.1.yaml b/templates/headless/5.3.3.1.yaml index f3fb1a5..6d1dc54 100644 --- a/templates/headless/5.3.3.1.yaml +++ b/templates/headless/5.3.3.1.yaml @@ -51,4 +51,5 @@ headless: - type: word part: header words: - - "text/html" \ No newline at end of file + - "text/html" +# digest: 4a0a0047304502207b12903e99b743a556ae90095cce7171a97305e2d33278c4879ffe7918f256df022100c21f4981412a310142c2b6a888152566b23dcbed1280ece0fedb4cadf02c01d6:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From da1e3cbe9130bcb7ab5a78782f34081b5fa5a567 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sat, 30 Nov 2024 10:07:55 +0330 Subject: [PATCH 3/3] Update 12.1.1.2.yaml Signed-off-by: Hamed Salimian --- templates/code/12.1.1.2.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/code/12.1.1.2.yaml b/templates/code/12.1.1.2.yaml index 62b4987..74f1042 100644 --- a/templates/code/12.1.1.2.yaml +++ b/templates/code/12.1.1.2.yaml @@ -56,4 +56,3 @@ http: status: - 500 - 503 -# digest: 490a0046304402203b8787953e9fa8a0e551fc309787addc534c07c2b32f3665f6b307fb8e4cc28802206af2bc67ad42c54ee002eb47b45765e2417ac7bc1ee88414ac0c5c8352bacec1:99354b7c2d97285abe7401b783fba350 \ No newline at end of file