Implement 9 new Nuclei Templates for ASVS 4.0.3 Compliance Checks (#4)

* Update info.md update small details in side bar * Update index.md add Licensing section * Update index.md * Update index.md * Update info.md add link to the github repo * Create README.md * Create MIT LICENSE * Update index.md Signed-off-by: Dorna Azhirak <[email protected]> * Update index.md add project desc Signed-off-by: Dorna Azhirak <[email protected]> * Create CONTRIBUTING.md add 'how to contribute' file Signed-off-by: Dorna Azhirak <[email protected]> * Update and rename tab_example.md to tab_contributing.md add contribution guideline on main owasp website of project Signed-off-by: Dorna Azhirak <[email protected]> * Update README.md add readme file content Signed-off-by: Dorna Azhirak <[email protected]> * Update info.md edit sidebar add icons Signed-off-by: Dorna Azhirak <[email protected]> * Update README.md Signed-off-by: Hamed Salimian <[email protected]> * Update README.md Signed-off-by: Hamed Salimian <[email protected]> * Create syntax-checking.yml Signed-off-by: Hamed Salimian <[email protected]> * Create template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Create templates folder Signed-off-by: Hamed Salimian <[email protected]> * Added static vulnerable project as submodule on dev * Create 13.2.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update syntax-checking.yml Add PUSH event to workflow Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create .yamllint Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml add PUSH event to workflow Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1.yaml Fix lint issues. Signed-off-by: Hamed Salimian <[email protected]> * Create 9-1-3.yaml Signed-off-by: Reza Saeedi <[email protected]> * Update 13.2.1.yaml Fix lint issue. Signed-off-by: Hamed Salimian <[email protected]> * Update 9-3-1.yaml Signed-off-by: Reza Saeedi <[email protected]> * Rename 9-3-1.yaml to 9.1.3.yaml Signed-off-by: Reza Saeedi <[email protected]> * Update 13.2.1.yaml Edit `id` and `reference` Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.1.yaml Create ASVS-4.0.3-V14.4.1 template. Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update tab_contributing.md Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.2.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.2.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update README.md Signed-off-by: Hamed Salimian <[email protected]> * Update tab_contributing.md Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.3.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.3.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.4.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.5.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.4.5.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.6.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.4.7.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update Submodule * Create 14.5.2.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.5.3.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update tab_contributing.md Signed-off-by: Hamed Salimian <[email protected]> * Update README.md Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 14.5.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 14.5.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 13.2.1 14.5.1 * Add 14.3.2 workflow * Create 14.2.3.yaml * Update Submodule * Update 14.2.3.yaml Signed-off-by: Hamed Salimian <[email protected]> * Create 13.3.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update 13.3.1.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Create 13.2.2.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update submodule * Fix reference of 9.1.3.yaml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * Update tab_contributing.md Signed-off-by: Hamed Salimian <[email protected]> * Update tab_contributing.md Signed-off-by: Hamed Salimian <[email protected]> * Update README.md Signed-off-by: Hamed Salimian <[email protected]> * Create 12.1.1.(2).yaml * Create 12.1.1.(2).yaml * Update template-validate.yml Signed-off-by: Hamed Salimian <[email protected]> * fix template validation action * Add workflow templates * Fix workflows * Add status badges Signed-off-by: Hamed Salimian <[email protected]> * Add status badges. Signed-off-by: Hamed Salimian <[email protected]> * Create 12.6.1.yaml * fix template validation action * Vulnerable Page Updated. * Fix status badge * Update Submodule * Create 5.1.5.yaml * fix 5.1.5.yaml * fix template validation action * Create 8.2.1.yaml * Update 8.2.1.yaml * Update 8.2.1.yaml * Add logo README.md Signed-off-by: Hamed Salimian <[email protected]> * Update Submodule * Create 12.3.3.yaml * Add LOGO README.md Signed-off-by: Hamed Salimian <[email protected]> * Fix logo alignment Signed-off-by: Hamed Salimian <[email protected]> * Create 9.1.2.yaml * Create 5.5.2.yaml * Add 5.3.3.1.yaml * Create 5.3.3.2.yaml * Update 5.3.3.1.yaml * Create 5.2.6.yaml & Update 5.5.2.yaml * Fix 5.2.6.yaml * Fix 12.6.1.yaml * Update 12.6.1.yaml * Update 5.1.5.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 5.2.6.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 5.2.6.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 5.3.3.2.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 5.3.3.2.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 5.5.2.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Add 12.1.1, 12,3,3, 12,6,1, 5.1.5, 5.3.3 Vulnerable pages * Update 8.2.1.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 9.1.2.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 12.3.3.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Update 12.6.1.yaml Signed-off-by: AmirHossein Raeisi <[email protected]> * Ajibe * Ajibe * Fixed * Fixed * Chore: Fix Late night --------- Signed-off-by: Dorna Azhirak <[email protected]> Signed-off-by: Hamed Salimian <[email protected]> Signed-off-by: Reza Saeedi <[email protected]> Signed-off-by: AmirHossein Raeisi <[email protected]> Co-authored-by: Dorna Azhirak <[email protected]> Co-authored-by: Reza Saeedi <[email protected]> Co-authored-by: AmirHossein Raeisi <[email protected]>
OWASP · Sep 11, 2024 · e683faa · e683faa
1 parent 1dbdc38
commit e683faa
Show file tree

Hide file tree

Showing 42 changed files with 2,717 additions and 29 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,4 +1,4 @@
 [submodule "Vulnerable-Pages"]
 	path = Vulnerable-Pages
 	url = https://github.com/Snbig/Vulnerable-Pages
-	branch = dev
+	branch = main
diff --git a/README.md b/README.md
@@ -1,3 +1,11 @@
+[![❄️ YAML Lint](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml)
+[![🛠 Template Validate](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml)
+[![Vulnerable Pages](https://img.shields.io/website?labelColor=3D444C&link=https://vulnerable-pages.onrender.com/&label=%F0%9F%8E%AFVulnerable%20Pages&url=https://vulnerable-pages.onrender.com/)](https://vulnerable-pages.onrender.com/)
+
+<p align="center">
+<img src="https://github.com/user-attachments/assets/8f0b666e-a54c-45e9-9f33-4fa414fb122e">
+</p>
+
 # OWASP ASVS Security Evaluation Templates with Nuclei
 
 
@@ -23,4 +31,3 @@ For detailed information and guidelines about contributing in developing templat
 #### Core Team
 The project current core team are:
 - [Hamed Salimain](https://github.com/Snbig)  (Project Leader)
-
diff --git a/Vulnerable-Pages b/Vulnerable-Pages
diff --git a/templates/12.1.1.yaml b/templates/12.1.1.yaml
@@ -0,0 +1,64 @@
+id: ASVS-4-0-3-V12-1-1
+
+info:
+  name: ASVS 12.1.1 Check
+  author: Hamed Salimian
+  severity: medium
+  classification:
+    cwe-id: CWE-400
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods
+    - https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_12_1_1/index.html
+  tags: asvs,12.1.1
+  description: |
+    Verify that the application will not accept large files that could fill up storage or cause a denial of service.
+
+
+variables:
+  large_file_size: 10000000
+  small_file_size: 100
+  file_type: "text/plain"
+  file_ext: "txt"
+
+http:
+  - raw:
+      - |
+        POST {{BaseURL}} HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryiugABg7zoMAxIKId
+
+        ------WebKitFormBoundaryiugABg7zoMAxIKId
+        Content-Disposition: form-data; name="file"; filename="{{randstr}}.{{file_ext}}"
+        Content-Type: {{file_type}}
+
+        {{rand_text_alpha({{small_file_size}})}}
+        ------WebKitFormBoundaryiugABg7zoMAxIKId--
+
+      - |
+        POST {{BaseURL}} HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryiugABg7zoMAxIKId
+
+        ------WebKitFormBoundaryiugABg7zoMAxIKId
+        Content-Disposition: form-data; name="file"; filename="{{randstr}}.{{file_ext}}"
+        Content-Type: {{file_type}}
+
+        {{rand_text_alpha({{large_file_size}})}}
+        ------WebKitFormBoundaryiugABg7zoMAxIKId--
+
+    extractors:
+      - type: dsl
+        name: status code of large file upload.
+        dsl:
+          - status_code_2
+
+    matchers:
+      - type: dsl
+        name: status_code
+        condition: and
+        dsl:
+          - status_code_2 < 210 && status_code_2 >= 200
+          - status_code_2 == status_code
diff --git a/templates/12.6.1.yaml b/templates/12.6.1.yaml
@@ -0,0 +1,58 @@
+id: ASVS-4-0-3-V12-6-1
+
+info:
+  name: ASVS 12.6.1 Check
+  author: AmirHossein Raeisi
+  severity: high
+  classification:
+    cwe-id: CWE-918
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery
+    - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
+    - https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/ssrf/blind-ssrf.yaml
+    - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_12_6_1/
+  tags: asvs,12.6.1
+  description: |
+    Verify that the web or application server is configured with an allow list of resources or systems to which the server can send requests or load data/files from.
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      ssrf:
+        - "{{interactsh-url}}"
+        - "{{FQDN}}.{{interactsh-url}}"
+        - "{{RDN}}.{{interactsh-url}}"
+        - "{{FQDN}}@{{interactsh-url}}"
+        - "{{RDN}}@{{interactsh-url}}"
+
+    fuzzing:
+      - part: query
+        mode: single
+        fuzz:
+          - "https://{{ssrf}}"
+          - "{{ssrf}}:80"
+
+      - part: body
+        mode: single
+        fuzz:
+          - "https://{{ssrf}}"
+          - "{{ssrf}}:80"
+
+      - part: header
+        mode: single
+        fuzz:
+          - "https://{{ssrf}}"
+          - "{{ssrf}}:80"
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        part: interactsh_protocol  # Confirms the HTTP Interaction
+        words:
+          - "http"
+          - "dns"
diff --git a/templates/5.1.5.yaml b/templates/5.1.5.yaml
@@ -0,0 +1,141 @@
+id: ASVS-4-0-3-V5-1-5
+
+info:
+  name: ASVS 5.1.5 Check
+  author: AmirHossein Raeisi
+  severity: low
+  classification:
+    cwe-id: CWE-601
+  reference:
+    - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
+    - https://cwe.mitre.org/data/definitions/601.html
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect
+    - https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/generic/open-redirect-generic.yaml
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_5_1_5/
+  tags: asvs,5.1.5
+  description: |
+    Verify that URL redirects and forwards only allow destinations which appear on an allow list, or show a warning when redirecting to potentially untrusted content.
+
+variables:
+  vulnerable_parameter: "url"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/{{payload}}"
+      - "{{BaseURL}}//{{payload}}"
+      - "{{BaseURL}}/?{{vulnerable_parameter}}={{payload}}"
+      - "{{BaseURL}}?{{vulnerable_parameter}}={{payload}}"
+
+    payloads:
+      payload:
+        - '%0a/evil.com/'
+        - '%0d/evil.com/'
+        - '%00/evil.com/'
+        - '%09/evil.com/'
+        - '%5C%5Cevil.com/%252e%252e%252f'
+        - '%5Cevil.com'
+        - '%5cevil.com/%2f%2e%2e'
+        - '%5c{{RootURL}}evil.com/%2f%2e%2e'
+        - '../evil.com'
+        - '.evil.com'
+        - '/%5cevil.com'
+        - '////\;@evil.com'
+        - '////evil.com'
+        - '///evil.com'
+        - '///evil.com/%2f%2e%2e'
+        - '///evil.com@//'
+        - '///{{RootURL}}evil.com/%2f%2e%2e'
+        - '//;@evil.com'
+        - '//\/evil.com/'
+        - '//\@evil.com'
+        - '//\evil.com'
+        - '//\tevil.com/'
+        - '//evil.com/%2F..'
+        - '//evil.com//'
+        - '//%69%6e%74%65%72%61%63%74%2e%73%68'
+        - '//evil.com@//'
+        - '//evil.com\tevil.com/'
+        - '//https://evil.com@//'
+        - '/<>//evil.com'
+        - '/\/\/evil.com/'
+        - '/\/evil.com'
+        - '/\evil.com'
+        - '/evil.com'
+        - '/evil.com/%2F..'
+        - '/evil.com/'
+        - '/evil.com/..;/css'
+        - '/https:evil.com'
+        - '/{{RootURL}}evil.com/'
+        - '/〱evil.com'
+        - '/〵evil.com'
+        - '/ゝevil.com'
+        - '/ーevil.com'
+        - '/ｰevil.com'
+        - '<>//evil.com'
+        - '@evil.com'
+        - '@https://evil.com'
+        - '\/\/evil.com/'
+        - 'evil%E3%80%82com'
+        - 'evil.com'
+        - 'evil.com/'
+        - 'evil.com//'
+        - 'evil.com;@'
+        - 'https%3a%2f%2fevil.com%2f'
+        - 'https:%0a%0devil.com'
+        - 'https://%0a%0devil.com'
+        - 'https://%09/evil.com'
+        - 'https://%2f%2f.evil.com/'
+        - 'https://%3F.evil.com/'
+        - 'https://%5c%5c.evil.com/'
+        - 'https://%5cevil.com@'
+        - 'https://%23.evil.com/'
+        - 'https://.evil.com'
+        - 'https://////evil.com'
+        - 'https:///evil.com'
+        - 'https:///evil.com/%2e%2e'
+        - 'https:///evil.com/%2f%2e%2e'
+        - 'https:///[email protected]/%2e%2e'
+        - 'https:///[email protected]/%2f%2e%2e'
+        - 'https://:80#@evil.com/'
+        - 'https://:[email protected]/'
+        - 'https://:@\@evil.com'
+        - 'https://:@evil.com\@evil.com'
+        - 'https://;@evil.com'
+        - 'https://\tevil.com/'
+        - 'https://evil.com/evil.com'
+        - 'https://evil.com/https://evil.com/'
+        - 'https://www.\.evil.com'
+        - 'https:/\/\evil.com'
+        - 'https:/\evil.com'
+        - 'https:/evil.com'
+        - 'https:evil.com'
+        - '{{RootURL}}evil.com'
+        - '〱evil.com'
+        - '〵evil.com'
+        - 'ゝevil.com'
+        - 'ーevil.com'
+        - 'ｰevil.com'
+        - 'redirect/evil.com'
+        - 'cgi-bin/redirect.cgi?evil.com'
+        - 'out?evil.com'
+        - 'login?to=http://evil.com'
+        - '1/[email protected]'
+        - 'redirect?targeturl=https://evil.com'
+
+    redirects: false
+    matchers-condition: and
+    stop-at-first-match: true
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
+      - type: status
+        status:
+          - 301
+          - 302
+          - 303
+          - 304
+          - 307
+          - 308
diff --git a/templates/8.2.1.yaml b/templates/8.2.1.yaml
@@ -0,0 +1,28 @@
+id: ASVS-4-0-3-V8-2-1
+
+info:
+  name: ASVS 8.2.1 Check
+  author: AmirHossein Raeisi
+  severity: info
+  classification:
+    cwe-id: CWE-525
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
+    - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+  tags: asvs,8.2.1
+  description: |
+    Verify the application sets sufficient anti-caching headers so that sensitive data is not cached in modern browsers.
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    stop-at-first-match: true
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?i)cache-control:.*no-store'
+        negative: true
+59 −0		.github/workflows/vulnerable-pages-table.yml
+82 −0		ASVS_12_1_1/index.html
+75 −0		ASVS_12_3_3/index.html
+1 −0		ASVS_12_3_3/rfi.txt
+175 −0		ASVS_12_6_1/index.css
+37 −0		ASVS_12_6_1/index.html
+77 −0		ASVS_12_6_1/index.js
+140 −29		ASVS_13_2_2/index.html
+140 −40		ASVS_13_3_1/index.html
+11 −20		ASVS_14_5_2/index.html
+12 −0		ASVS_14_5_2/script.js
+86 −0		ASVS_14_5_2/styles.css
+13 −29		ASVS_14_5_3/index.html
+16 −0		ASVS_14_5_3/script.js
+55 −0		ASVS_14_5_3/styles.css
+72 −0		ASVS_5_1_5/index.html
+26 −0		ASVS_5_3_3/index.html
+50 −0		ASVS_5_3_3/style.css
+0 −0		Libs/__init__.py
+2,134 −0		Libs/zipfile.py
+6 −4		README.md
+220 −5		app.py
+ −		favicon.ico
+3 −1		requirements.txt
+30 −0		static/etc.txt