diff --git a/Allin1gf.json b/Allin1gf.json new file mode 100644 index 0000000..78f1365 --- /dev/null +++ b/Allin1gf.json @@ -0,0 +1,527 @@ +{ + "flags": "-iE", + "patterns": [ + + + "access=", + "admin=", + "dbg=", + "debug=", + "edit=", + "grant=", + "test=", + "alter=", + "clone=", + "create=", + "delete=", + "disable=", + "enable=", + "exec=", + "execute=", + "load=", + "make=", + "modify=", + "rename=", + "reset=", + "shell=", + "toggle=", + "adm=", + "root=", + "cfg=", + "config=" + "id=", + "user=", + "account=", + "number=", + "order=", + "no=", + "doc=", + "key=", + "email=", + "group=", + "profile=", + "edit=", + "report=" + "=.*.jpg", + "=.*.jpeg", + "=.*.gif", + "=.*.png" + "\\.action", + "\\.adr", + "\\.ascx", + "\\.asmx", + "\\.axd", + "\\.backup", + "\\.bak", + "\\.bkf", + "\\.bkp", + "\\.bok", + "\\.achee", + "\\.cfg", + "\\.cfm", + "\\.cgi", + "\\.cnf", + "\\.conf", + "\\.config", + "\\.crt", + "\\.csr", + "\\.csv", + "\\.dat", + "\\.doc", + "\\.docx", + "\\.eml", + "\\.env", + "\\.exe", + "\\.gz", + "\\.ica", + "\\.inf", + "\\.ini", + "\\.java", + "\\.json", + "\\.key", + "\\.log", + "\\.lst", + "\\.mai", + "\\.mbox", + "\\.mbx", + "\\.md", + "\\.mdb", + "\\.nsf", + "\\.old", + "\\.ora", + "\\.pac", + "\\.passwd", + "\\.pcf", + "\\.pdf", + "\\.pem", + "\\.pgp", + "\\.pl", + " plist", + "\\.pwd", + "\\.rdp", + "\\.reg", + "\\.rtf", + "\\.skr", + "\\.sql", + "\\.swf", + "\\.tpl", + "\\.txt", + "\\.url", + "\\.wml", + "\\.xls", + "\\.xlsx", + "\\.xml", + "\\.xsd", + "\\.yml" + "template=", + "preview=", + "id=", + "view=", + "activity=", + "name=", + "content=", + "redirect=", + "(&|[?])access(&|=)", + "(&|[?])admin(&|=)", + "(&|[?])dbg(&|=)", + "(&|[?])debug(&|=)", + "(&|[?])edit(&|=)", + "(&|[?])grant(&|=)", + "(&|[?])test(&|=)", + "(&|[?])alter(&|=)", + "(&|[?])clone(&|=)", + "(&|[?])create(&|=)", + "(&|[?])delete(&|=)", + "(&|[?])disable(&|=)", + "(&|[?])enable(&|=)", + "(&|[?])exec(&|=)", + "(&|[?])execute(&|=)", + "(&|[?])load(&|=)", + "(&|[?])make(&|=)", + "(&|[?])modify(&|=)", + "(&|[?])rename(&|=)", + "(&|[?])reset(&|=)", + "(&|[?])shell(&|=)", + "(&|[?])toggle(&|=)", + "(&|[?])adm(&|=)", + "(&|[?])root(&|=)", + "(&|[?])cfg(&|=)", + "(&|[?])dest(&|=)", + "(&|[?])redirect(&|=)", + "(&|[?])uri(&|=)", + "(&|[?])path(&|=)", + "(&|[?])continue(&|=)", + "(&|[?])url(&|=)", + "(&|[?])window(&|=)", + "(&|[?])next(&|=)", + "(&|[?])data(&|=)", + "(&|[?])reference(&|=)", + "(&|[?])site(&|=)", + "(&|[?])html(&|=)", + "(&|[?])val(&|=)", + "(&|[?])validate(&|=)", + "(&|[?])domain(&|=)", + "(&|[?])callback(&|=)", + "(&|[?])return(&|=)", + "(&|[?])feed(&|=)", + "(&|[?])host(&|=)", + "(&|[?])port(&|=)", + "(&|[?])to(&|=)", + "(&|[?])out(&|=)", + "(&|[?])view(&|=)", + "(&|[?])dir(&|=)", + "(&|[?])show(&|=)", + "(&|[?])navigation(&|=)", + "(&|[?])open(&|=)", + "(&|[?])file(&|=)", + "(&|[?])document(&|=)", + "(&|[?])folder(&|=)", + "(&|[?])pg(&|=)", + "(&|[?])php_path(&|=)", + "(&|[?])style(&|=)", + "(&|[?])doc(&|=)", + "(&|[?])img(&|=)", + "(&|[?])filename(&|=)", + "id=", + "select=", + "report=", + "role=", + "update=", + "query=", + "user=", + "name=", + "sort=", + "where=", + "search=", + "params=", + "process=", + "row=", + "view=", + "table=", + "from=", + "sel=", + "results=", + "sleep=", + "fetch=", + "order=", + "keyword=", + "column=", + "field=", + "delete=", + "string=", + "number=", + "filter=", + "(&|[?])callback=", + "(&|[?])cgi-bin/redirect.cgi", + "(&|[?])checkout=", + "(&|[?])checkout_url=", + "(&|[?])continue=", + "(&|[?])data=", + "(&|[?])dest=", + "(&|[?])destination=", + "(&|[?])dir=", + "(&|[?])domain=", + "(&|[?])feed=", + "(&|[?])file=", + "(&|[?])file_name=", + "(&|[?])file_url=", + "(&|[?])folder=", + "(&|[?])folder_url=", + "(&|[?])forward=", + "(&|[?])from_url=", + "(&|[?])go=", + "(&|[?])goto=", + "(&|[?])host=", + "(&|[?])html=", + "(&|[?])image_url=", + "(&|[?])img_url=", + "(&|[?])load_file=", + "(&|[?])load_url=", + "(&|[?])login_url=", + "(&|[?])logout=", + "(&|[?])navigation=", + "(&|[?])next=", + "(&|[?])next_page=", + "(&|[?])Open=", + "(&|[?])out=", + "(&|[?])page_url=", + "(&|[?])path=", + "(&|[?])port=", + "(&|[?])redir=", + "(&|[?])redirect=", + "(&|[?])redirect_to=", + "(&|[?])redirect_uri=", + "(&|[?])redirect_url=", + "(&|[?])reference=", + "(&|[?])return=", + "(&|[?])return_path=", + "(&|[?])return_to=", + "(&|[?])returnTo=", + "(&|[?])return_url=", + "(&|[?])rt=", + "(&|[?])rurl=", + "(&|[?])show=", + "(&|[?])site=", + "(&|[?])target=", + "(&|[?])to=", + "(&|[?])uri=", + "(&|[?])url=", + "(&|[?])val=", + "(&|[?])validate=", + "(&|[?])view=", + "(&|[?])window=", + "daemon=", + "upload=", + "dir=", + "execute=", + "download=", + "log=", + "ip=", + "cli=", + "cmd=", + "file=", + "document=", + "folder=", + "root=", + "path=", + "pg=", + "style=", + "pdf=", + "template=", + "php_path=", + "doc=", + "page=", + "name=", + "id=", + "user=", + "account=", + "number=", + "order=", + "no=", + "doc=", + "key=", + "email=", + "group=", + "profile=", + "edit=", + "report=", + "access=", + "admin=", + "dbg=", + "debug=", + "edit=", + "grant=", + "test=", + "alter=", + "clone=", + "create=", + "delete=", + "disable=", + "enable=", + "exec=", + "execute=", + "load=", + "make=", + "modify=", + "rename=", + "reset=", + "shell=", + "toggle=", + "adm=", + "root=", + "cfg=", + "config=" + "admin", + "jenkins", + "test", + "proxy", + "stage", + "test", + "dev", + "devops", + "staff", + "db", + "qa", + "internal" + "file=", + "document=", + "folder=", + "root=", + "path=", + "pg=", + "style=", + "pdf=", + "template=", + "php_path=", + "doc=", + "page=", + "name=" + "daemon=", + "upload=", + "dir=", + "execute=", + "download=", + "log=", + "ip=", + "cli=", + "cmd=" + "(&|[?])callback=", + "(&|[?])cgi-bin/redirect.cgi", + "(&|[?])checkout=", + "(&|[?])checkout_url=", + "(&|[?])continue=", + "(&|[?])data=", + "(&|[?])dest=", + "(&|[?])destination=", + "(&|[?])dir=", + "(&|[?])domain=", + "(&|[?])feed=", + "(&|[?])file=", + "(&|[?])file_name=", + "(&|[?])file_url=", + "(&|[?])folder=", + "(&|[?])folder_url=", + "(&|[?])forward=", + "(&|[?])from_url=", + "(&|[?])go=", + "(&|[?])goto=", + "(&|[?])host=", + "(&|[?])html=", + "(&|[?])image_url=", + "(&|[?])img_url=", + "(&|[?])load_file=", + "(&|[?])load_url=", + "(&|[?])login_url=", + "(&|[?])logout=", + "(&|[?])navigation=", + "(&|[?])next=", + "(&|[?])next_page=", + "(&|[?])Open=", + "(&|[?])out=", + "(&|[?])page_url=", + "(&|[?])path=", + "(&|[?])port=", + "(&|[?])redir=", + "(&|[?])redirect=", + "(&|[?])redirect_to=", + "(&|[?])redirect_uri=", + "(&|[?])redirect_url=", + "(&|[?])reference=", + "(&|[?])return=", + "(&|[?])return_path=", + "(&|[?])return_to=", + "(&|[?])returnTo=", + "(&|[?])return_url=", + "(&|[?])rt=", + "(&|[?])rurl=", + "(&|[?])show=", + "(&|[?])site=", + "(&|[?])target=", + "(&|[?])to=", + "(&|[?])uri=", + "(&|[?])url=", + "(&|[?])val=", + "(&|[?])validate=", + "(&|[?])view=", + "(&|[?])window=" + "id=", + "select=", + "report=", + "role=", + "update=", + "query=", + "user=", + "name=", + "sort=", + "where=", + "search=", + "params=", + "process=", + "row=", + "view=", + "table=", + "from=", + "sel=", + "results=", + "sleep=", + "fetch=", + "order=", + "keyword=", + "column=", + "field=", + "delete=", + "string=", + "number=", + "filter=" + "(&|[?])access(&|=)", + "(&|[?])admin(&|=)", + "(&|[?])dbg(&|=)", + "(&|[?])debug(&|=)", + "(&|[?])edit(&|=)", + "(&|[?])grant(&|=)", + "(&|[?])test(&|=)", + "(&|[?])alter(&|=)", + "(&|[?])clone(&|=)", + "(&|[?])create(&|=)", + "(&|[?])delete(&|=)", + "(&|[?])disable(&|=)", + "(&|[?])enable(&|=)", + "(&|[?])exec(&|=)", + "(&|[?])execute(&|=)", + "(&|[?])load(&|=)", + "(&|[?])make(&|=)", + "(&|[?])modify(&|=)", + "(&|[?])rename(&|=)", + "(&|[?])reset(&|=)", + "(&|[?])shell(&|=)", + "(&|[?])toggle(&|=)", + "(&|[?])adm(&|=)", + "(&|[?])root(&|=)", + "(&|[?])cfg(&|=)", + "(&|[?])dest(&|=)", + "(&|[?])redirect(&|=)", + "(&|[?])uri(&|=)", + "(&|[?])path(&|=)", + "(&|[?])continue(&|=)", + "(&|[?])url(&|=)", + "(&|[?])window(&|=)", + "(&|[?])next(&|=)", + "(&|[?])data(&|=)", + "(&|[?])reference(&|=)", + "(&|[?])site(&|=)", + "(&|[?])html(&|=)", + "(&|[?])val(&|=)", + "(&|[?])validate(&|=)", + "(&|[?])domain(&|=)", + "(&|[?])callback(&|=)", + "(&|[?])return(&|=)", + "(&|[?])feed(&|=)", + "(&|[?])host(&|=)", + "(&|[?])port(&|=)", + "(&|[?])to(&|=)", + "(&|[?])out(&|=)", + "(&|[?])view(&|=)", + "(&|[?])dir(&|=)", + "(&|[?])show(&|=)", + "(&|[?])navigation(&|=)", + "(&|[?])open(&|=)", + "(&|[?])file(&|=)", + "(&|[?])document(&|=)", + "(&|[?])folder(&|=)", + "(&|[?])pg(&|=)", + "(&|[?])php_path(&|=)", + "(&|[?])style(&|=)", + "(&|[?])doc(&|=)", + "(&|[?])img(&|=)", + "(&|[?])filename(&|=)" + "template=", + "preview=", + "id=", + "view=", + "activity=", + "name=", + "content=", + "redirect=" + +] +} diff --git a/allparam.json b/allparam.json new file mode 100644 index 0000000..6a13964 --- /dev/null +++ b/allparam.json @@ -0,0 +1,4 @@ +{ + "flags": "-IE", + "pattern": "[?].*[&]?" +} \ No newline at end of file diff --git a/api-keys.json b/api-keys.json new file mode 100644 index 0000000..79741f9 --- /dev/null +++ b/api-keys.json @@ -0,0 +1,124 @@ +{ + "flags": "-HnriaE", + "patterns": [ + "access_key", + "access_token", + "accessKey", + "accessToken", + "api_key", + "api_secret", + "apikey", + "app_id", + "app_key", + "app_secret", + "application_id", + "asws_secret_token", + "aws_access", + "aws_config", + "aws_key", + "aws_secret", + "aws_secret_access_key", + "aws_secret_key", + "aws_token", + "bucket_password", + "client_secret", + "connectionstring", + "consumer_secret", + "credentials", + "db_password", + "db_server", + "db_username", + "dbpasswd", + "dbpassword", + "dbuser", + "django_password", + "email_host_password", + "facebook_app_secret", + "facebook_secret", + "fb_app_secret", + "fb_secret", + "google_id", + "google_oauth", + "google_oauth_client_id", + "google_oauth_client_secret", + "google_oauth_secret", + "google_secret", + "google_server_key", + "gsecr", + "heroku_api_key", + "heroku_key", + "heroku_oauth", + "heroku_oauth_secret", + "heroku_oauth_token", + "heroku_secret", + "heroku_secret_token", + "jwt_secret", + "jwt_token", + "jwt_secret_token", + "keyPassword", + "mailgun_key", + "mailgun_secret", + "mysql_password", + "oauth_key", + "oauth_token", + "oauth2_secret", + "password", + "paypal_identity_token", + "paypal_sandbox", + "paypal_secret", + "paypal_token", + "postgres_password", + "private", + "private_key", + "redis_password", + "root_password", + "sa_password", + "secret", + "secret_access_key", + "secret_bearer", + "secret_key", + "secret_token", + "secretKey", + "security_credentials", + "send_keys", + "sf_username", + "slack_channel", + "slack_key", + "slack_secret", + "slack_token", + "slack_url", + "slack_webhook", + "slack_webhook_url", + "square_access_token", + "square_apikey", + "square_app", + "square_app_id", + "square_appid", + "square_secret", + "square_token", + "squareSecret", + "squareToken", + "ssh2_auth_password", + "sshkey", + "storePassword", + "strip_key", + "strip_secret", + "strip_secret_token", + "strip_token", + "stripe_key", + "stripe_secret", + "stripe_secret_token", + "stripe_token", + "stripSecret", + "stripToken", + "twitter_api_secret", + "twitter_consumer_key", + "twitter_consumer_secret", + "twitter_key", + "twitter_secret", + "twitter_token", + "twitterKey", + "twitterSecret", + "wordpress_password" + ] +} diff --git a/bufferoverflow.json b/bufferoverflow.json new file mode 100644 index 0000000..97c901c --- /dev/null +++ b/bufferoverflow.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanriE", + "pattern": "(stack smashing detected |Backtrace|Memory map)" +} diff --git a/ccode.json b/ccode.json new file mode 100644 index 0000000..556f671 --- /dev/null +++ b/ccode.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanriE", + "pattern": "(alloc|free|strcpy|gets|strncpy|strcat|sprintf|scanf)" +} diff --git a/cors.json b/cors.json new file mode 100644 index 0000000..d4e8637 --- /dev/null +++ b/cors.json @@ -0,0 +1,6 @@ +{ + "flags": "-HnriE", + "patterns": [ + "Access-Control-Allow" + ] +} diff --git a/crypto.json b/crypto.json new file mode 100644 index 0000000..53ccdf6 --- /dev/null +++ b/crypto.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanriE", + "pattern": "(aes|rsa|dsa|des|cbc|ecb|hmac|gcm|privatekey|publickey|md5|sha1|sha256|cipher|crypto|encrypt|decrypt|digest)" +} diff --git a/debug-pages.json b/debug-pages.json new file mode 100644 index 0000000..9a14e76 --- /dev/null +++ b/debug-pages.json @@ -0,0 +1,5 @@ +{ + "flags": "-HnraiE", + "pattern": "(Application-Trace|Routing Error|DEBUG\"? ?[=:] ?True|Caused by:|stack trace:|Microsoft .NET Framework|Traceback|[0-9]:in `|#!/us|WebApplicationException|java\\.lang\\.|phpinfo|swaggerUi|on line [0-9]|SQLSTATE)" + +} diff --git a/debug_logic.json b/debug_logic.json new file mode 100644 index 0000000..b6a1c75 --- /dev/null +++ b/debug_logic.json @@ -0,0 +1,32 @@ +{ + "flags": "-iE", + "patterns": [ + + "access=", + "admin=", + "dbg=", + "debug=", + "edit=", + "grant=", + "test=", + "alter=", + "clone=", + "create=", + "delete=", + "disable=", + "enable=", + "exec=", + "execute=", + "load=", + "make=", + "modify=", + "rename=", + "reset=", + "shell=", + "toggle=", + "adm=", + "root=", + "cfg=", + "config=" +] +} diff --git a/domxss.json b/domxss.json new file mode 100644 index 0000000..4fd643c --- /dev/null +++ b/domxss.json @@ -0,0 +1,13 @@ +{ + "flags": "-iE", + "patterns": [ +"postMessage", +"messageListener", +".innerHTML", +"document.write(", +"document.cookie", +"location.href", +"redirectUrl", +"window.hash" +] +} diff --git a/endpoints.json b/endpoints.json new file mode 100644 index 0000000..e86ed81 --- /dev/null +++ b/endpoints.json @@ -0,0 +1,8 @@ +{ + "flags": "-HanriE", + "pattern": "((?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{ +0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/ +]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|/][^"|']{0,}|))|([a-zA +-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\?[^"|^']{0,}| +)))(?:"|'))" +} diff --git a/execs.json b/execs.json new file mode 100644 index 0000000..db56196 --- /dev/null +++ b/execs.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanriE", + "pattern": "(eval|run|exec|process|system|popen|spawn|dup2)" +}