Releases: projectdiscovery/nuclei-templates
v9.8.6
🔥 Release Highlights 🔥
- http/cves/2024/CVE-2024-23917.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-27956.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-2876.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-3136.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-31848.yaml by @pussycat0x 🔥
- http/cves/2024/CVE-2024-4040.yaml by @dhiyaneshdk,@pussycat0x 🔥
- http/cves/2023/CVE-2023-2227.yaml by @ritikchaddha,@princechaddha 🔥
- http/cves/2023/CVE-2023-31446.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-43208.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-6989.yaml by @Kazgangap 🔥
- http/cves/2019/CVE-2019-7139.yaml by @mastercho 🔥
What's Changed
New Templates Added: 65
| CVEs Added: 41
| First-time contributions: 3
- http/cves/2024/CVE-2024-0235.yaml by @princechaddha
- http/cves/2024/CVE-2024-0881.yaml by @Kazgangap
- http/cves/2024/CVE-2024-1183.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-22927.yaml by @ritikchaddha
- http/cves/2024/CVE-2024-2340.yaml by @t3l3machus
- http/cves/2024/CVE-2024-23917.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-24131.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-27956.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-2876.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-3136.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-31621.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-31848.yaml by @pussycat0x 🔥
- http/cves/2024/CVE-2024-31849.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-31850.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-31851.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-32399.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-32640.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2024/CVE-2024-32651.yaml by @edoardottt
- http/cves/2024/CVE-2024-33575.yaml by @Kazgangap
- http/cves/2024/CVE-2024-33724.yaml by @Kazgangap
- http/cves/2024/CVE-2024-4040.yaml by @dhiyaneshdk,@pussycat0x 🔥
- http/cves/2024/CVE-2024-4348.yaml by @Kazgangap
- http/cves/2023/CVE-2023-1892.yaml by @ritikchaddha,@princechaddha
- http/cves/2023/CVE-2023-2227.yaml by @ritikchaddha,@princechaddha 🔥
- http/cves/2023/CVE-2023-27032.yaml by @mastercho
- http/cves/2023/CVE-2023-2948.yaml by @ritikchaddha,@princechaddha
- http/cves/2023/CVE-2023-2949.yaml by @ritikchaddha,@princechaddha
- http/cves/2023/CVE-2023-31446.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-32077.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-38964.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-43208.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-44812.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-4521.yaml by @princechaddha
- http/cves/2023/CVE-2023-45375.yaml by @mastercho
- http/cves/2023/CVE-2023-46347.yaml by @mastercho
- http/cves/2023/CVE-2023-4973.yaml by @ritikchaddha,@princechaddha
- http/cves/2023/CVE-2023-5003.yaml by @Kazgangap
- http/cves/2023/CVE-2023-6389.yaml by @Kazgangap
- http/cves/2023/CVE-2023-6989.yaml by @Kazgangap 🔥
- http/cves/2019/CVE-2019-7139.yaml by @mastercho 🔥
- http/cves/2015/CVE-2015-4455.yaml by @mastercho
- http/vulnerabilities/citrix/citrix-oob-memory-read.yaml by @Ice3man
- http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml by @mastercho
- http/vulnerabilities/titan/titannit-web-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml by @mastercho
- http/default-logins/crushftp/crushftp-anonymous-login.yaml by @pussycat0x
- http/default-logins/crushftp/crushftp-default-login.yaml by @pussycat0x
- http/default-logins/soplanning/soplanning-default-login.yaml by @Kazgangap
- http/misconfiguration/installer/eyoucms-installer.yaml by @ritikchaddha
- http/misconfiguration/installer/sabnzbd-installer.yaml by @dhiyaneshdk
- http/misconfiguration/microsoft/ms-exchange-local-domain.yaml by @userdehghani
- http/misconfiguration/titannit-web-exposure.yaml by @dhiyaneshdk
- http/takeovers/squadcast-takeover.yaml by @philippedelteil
- http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml by @righettod
- http/exposed-panels/bonobo-server-panel.yaml by @bhutch
- http/exposed-panels/cassia-bluetooth-gateway-panel.yaml by @dhiyaneshdk
- http/exposed-panels/cyberchef-panel.yaml by @rxerium
- http/exposed-panels/femtocell-panel.yaml by @dhiyaneshdk
- http/exposed-panels/monitorr-panel.yaml by @ritikchaddha
- http/exposed-panels/openwebui-panel.yaml by @rxerium
- http/exposed-panels/teamforge-panel.yaml by @lstatro
- http/exposed-panels/tixeo-panel.yaml by @righettod
- http/exposed-panels/umami-panel.yaml by @userdehghani
- network/detection/aix-websm-detect.yaml by @righettod
- network/detection/bluecoat-telnet-proxy-detect.yaml by @righettod
New Contributors
- @theMiddleBlue made their first contribution in #9637
- @userdehghani made their first contribution in #9666
- @jason3e7 made their first contribution in #9731
Full Changelog: v9.8.5...v9.8.6
v9.8.5 - AWS Cloud Config Review
🔥 Release Highlights 🔥
We're excited to share about Nuclei-Templates v9.8.5! This new version includes newly added AWS cloud config review templates.
These templates can be used by companies or pentesters for identifying misconfigurations in the AWS cloud environment.
Similarly by leveraging aws code templates, security teams will be able to write their own checks for identifying misconfigurations that are specific to their particular workflows. This will enable them to effectively identify and remediate potential security issues within AWS environments.
To use cloud configuration review templates, first we need set up the environment. This setup is similar to using the aws-cli
, where you either add aws_access_key_id
and aws_secret_access_key
to the ~/.aws/credentials
file or export them as environment variables.
nuclei -id aws-code-env -code
We've also introduced the concept of profiles, which allow users to run a specific set of templates tailored for a particular use case. For running AWS templates, we have a profile named aws-cloud-config
.
Now you're all set to run the templates!
nuclei -config ~/nuclei-templates/profiles/aws-cloud-config.yml -cloud-upload
What's Changed
New Templates Added: 142
| CVEs Added: 10
| First-time contributions: 6
- http/cves/2024/CVE-2024-26331.yaml by @carsonchan12345 🔥
- http/cves/2024/CVE-2024-3400.yaml by @Salts,@parthmalhotra 🔥
- http/cves/2024/CVE-2024-3273.yaml by @pussycat0x 🔥
- code/cves/2024/CVE-2024-3094.yaml by @pdteam 🔥
- http/cves/2024/CVE-2024-2879.yaml by @d4ly 🔥
- http/cves/2024/CVE-2024-2389.yaml by @pdresearch,@parthmalhotra 🔥
- http/cves/2024/CVE-2024-0337.yaml by @Kazgangap
- javascript/cves/2023/CVE-2023-48795.yaml by @pussycat0x
- http/cves/2022/CVE-2022-24627.yaml by @geeknik
- http/cves/2022/CVE-2022-0424.yaml by @Kazgangap
- http/vulnerabilities/other/opencart-core-sqli.yaml by @Kazgangap
- http/vulnerabilities/other/quick-cms-sqli.yaml by @Kazgangap
- http/vulnerabilities/other/user-management-system-sqli.yaml by @f0xy
- cloud/aws/acm/acm-cert-expired.yaml by @princechaddha
- cloud/aws/acm/acm-cert-renewal-30days.yaml by @princechaddha
- cloud/aws/acm/acm-cert-renewal-45days.yaml by @princechaddha
- cloud/aws/acm/acm-cert-validation.yaml by @princechaddha
- cloud/aws/acm/acm-wildcard-cert.yaml by @princechaddha
- cloud/aws/aws-code-env.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-data-events.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-disabled.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-dup-logs.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-global-disabled.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-integrated-cloudwatch.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-log-integrity.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-mfa-delete.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-mgmt-events.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-public-buckets.yaml by @princechaddha
- cloud/aws/cloudtrail/cloudtrail-s3-bucket-logging.yaml by @princechaddha
- cloud/aws/cloudtrail/s3-object-lock-not-enabled.yaml by @princechaddha
- cloud/aws/cloudwatch/cw-alarm-action-set.yaml by @princechaddha
- cloud/aws/cloudwatch/cw-alarms-actions.yaml by @princechaddha
- cloud/aws/ec2/ec2-imdsv2.yaml by @princechaddha
- cloud/aws/ec2/ec2-public-ip.yaml by @princechaddha
- cloud/aws/ec2/ec2-sg-egress-open.yaml by @princechaddha
- cloud/aws/ec2/ec2-sg-ingress.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-cifs.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-dns.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-ftp.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-http.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-https.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-icmp.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-memcached.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-mongodb.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-mssql.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-mysql.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-netbios.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-opensearch.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-oracle.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-pgsql.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-rdp.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-redis.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-smtp.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-ssh.yaml by @princechaddha
- cloud/aws/ec2/ec2-unrestricted-telnet.yaml by @princechaddha
- cloud/aws/ec2/publicly-shared-ami.yaml by @princechaddha
- cloud/aws/ec2/unencrypted-aws-ami.yaml by @princechaddha
- cloud/aws/iam/iam-access-analyzer.yaml by @princechaddha
- cloud/aws/iam/iam-expired-ssl.yaml by @princechaddha
- cloud/aws/iam/iam-full-admin-privileges.yaml by @princechaddha
- cloud/aws/iam/iam-key-rotation-90days.yaml by @princechaddha
- cloud/aws/iam/iam-mfa-enable.yaml by @princechaddha
- cloud/aws/iam/iam-password-policy.yaml by @princechaddha
- cloud/aws/iam/iam-root-mfa.yaml by @princechaddha
- cloud/aws/iam/iam-ssh-keys-rotation.yaml by @princechaddha
- cloud/aws/iam/iam-unapproved-policy.yaml by @princechaddha
- cloud/aws/iam/iam-user-password-change.yaml by @princechaddha
- cloud/aws/iam/ssl-cert-renewal.yaml by @princechaddha
- cloud/aws/rds/aurora-copy-tags-snap.yaml by @princechaddha
- cloud/aws/rds/aurora-delete-protect.yaml by @princechaddha
- cloud/aws/rds/iam-db-auth.yaml by @princechaddha
- cloud/aws/rds/rds-backup-enable.yaml by @princechaddha
- cloud/aws/rds/rds-deletion-protection.yaml by @princechaddha
- cloud/aws/rds/rds-encryption-check.yaml by @princechaddha
- cloud/aws/rds/rds-event-notify.yaml by @princechaddha
- cloud/aws/rds/rds-event-sub-enable.yaml by @princechaddha
- cloud/aws/rds/rds-event-sub.yaml by @princechaddha
- cloud/aws/rds/rds-gp-ssd-usage.yaml by @princechaddha
- cloud/aws/rds/rds-public-snapshot.yaml by @princechaddha
- cloud/aws/rds/rds-public-subnet.yaml by @princechaddha
- cloud/aws/rds/rds-ri-payment-fail.yaml by @princechaddha
- cloud/aws/rds/rds-snapshot-encryption.yaml by @princechaddha
- cloud/aws/s3/s3-access-logging.yaml by @princechaddha
- cloud/aws/s3/s3-auth-fullcontrol.yaml by @princechaddha
- cloud/aws/s3/s3-bucket-key.yaml by @princechaddha
- cloud/aws/s3/s3-bucket-policy-public-access.yaml by @princechaddha
- cloud/aws/s3/s3-mfa-delete-check.yaml by @princechaddha
- cloud/aws/s3/s3-public-read-acp.yaml by @princechaddha
- cloud/aws/s3/s3-public-read.yaml by @princechaddha
- cloud/aws/s3/s3-public-write-acp.yaml by @princechaddha
- cloud/aws/s3/s3-public-write.yaml by @princechaddha
- cloud/aws/s3/s3-server-side-encryption.yaml by @princechaddha
- cloud/aws/s3/s3-versioning.yaml by @princechaddha
- cloud/aws/vpc/nacl-open-inbound.yaml by @princechaddha
- cloud/aws/vpc/nacl-outbound-restrict.yaml by @princechaddha
- cloud/aws/vpc/nat-gateway-usage.yaml by @princechaddha
- cloud/aws/vpc/unrestricted-admin-ports.yaml by @princechaddha
- cloud/aws/vpc/vpc-endpoint-exposed.yaml by @princechaddha
- cloud/aws/vpc/vpc-endpoints-not-deployed.yaml by @princechaddha
- cloud/aws/vpc/vpc-flowlogs-not-enabled.yaml by @princechaddha
- cloud/aws/vpc/vpn-tunnel-down.yaml by @princechaddha
- http/misconfiguration/apple-cups-exposure.yaml by @dhiyaneshdk
- http/misconfiguration/dlink-unauth-cgi-script.yaml by @pussycat0x
- http/misconfiguration/helm-dashboard-exposure.yaml by @dhiyaneshdk
- http/misconfiguration/installer/phpipam-installer.yaml by @dhiyaneshdk
- http/misconfiguration/intelbras-dvr-unauth.yaml by @pussycat0x
- http/misconfiguration/sentinel-license-monitor.yaml by @dhiyaneshdk
- http/misconfiguration/thanos-prometheus-exposure.yaml by @dhiyaneshdk
- http/default-logins/allnet/allnet-default-login.yaml by @ritikchaddha
- http/default-logins/asus/asus-rtn16-default-login.yaml by @ritikchaddha
- http/default-logins/asus/asus-wl500g-default-login.yaml by @ritikchaddha
- http/default-logins/asus/asus-wl520GU-default-login.yaml by @ritikchaddha
- http/default-logins/barco-clickshare-default-login.yaml by @ritikchaddha
- http/exposed-panels/akhq-panel.yaml by @dhiyaneshdk
- http/exposed-panels/algonomia-panel.yaml by @righettod
- http/exposed-panels/beyondtrust-priv-panel.yaml by @righettod
- http/exposed-panels/chemotargets-clarityvista-panel.yaml by @righettod
- http/exposed-panels/mitel-micollab-panel.yaml by @righettod
- http/exposed-panels/mitric-checker-panel.yaml by @righettod
- http/exposed-panels/ni-web-based-panel.yaml by @dhiyaneshdk
- http/exposed-panels/ollama-llm-panel.yaml by @pbuff07
- http/exposed-panels/outsystems-servicecenter-panel.yaml by @righettod
- http/exposed-panels/powerchute-network-panel.yaml by @dhiyaneshdk
- http/exposed-panels/rtm-web-panel.yaml by @dhiyaneshdk
- http/exposed-panels/suprema-biostar-panel.yaml by @ritikchaddha
- http/exposed-panels/tibco-spotfire-panel.yaml by @righettod
- http/exposed-panels/uipath-orchestrator-panel.yaml by @righettod
- http/exposed-panels/urbackup-panel.yaml by @dhiyaneshdk
- http/exposed-panels/zenml-dashboard-panel.yaml by @dhiyaneshdk
- http/exposures/apis/aspnet-soap-webservices-asmx.yaml by @righettod
- http/exposures/apis/redfish-api.yaml by @righettod
- http/exposures/files/ht-deployment.yaml by @Michal-Mikolas
- http/takeovers/gohire-takeover.yaml by @philippedelteil
- http/takeovers/helpdocs-takeover.yaml by @philippedelteil
- http/takeovers/softr-takeover.yaml by @philippedelteil
- http/takeovers/uptime-takeover.yaml by @philippedelteil
- http/technologies/citrix-xenmobile-version.yaml by @pu...
v9.8.1
What's Changed
New Templates Added: 77
| CVEs Added: 29
| First-time contributions: 6
- http/cves/2024/CVE-2024-20767.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2024/CVE-2024-27564.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-28255.yaml by @dhiyaneshdk,@Iamnooob
- http/cves/2024/CVE-2024-28734.yaml by @Kazgangap
- http/cves/2024/CVE-2024-29059.yaml by @iamnoooob,@rootxharsh,@dhiyaneshdk,@pdresearch
- http/cves/2024/CVE-2024-29269.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-0159.yaml by @c4sper0
- http/cves/2023/CVE-2023-0678.yaml by @princechaddha,@ritikchaddha
- http/cves/2023/CVE-2023-34993.yaml by @dwisiswant0
- http/cves/2023/CVE-2023-47218.yaml by @ritikchaddha
- http/cves/2022/CVE-2022-29013.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-32430.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-41412.yaml by @null_hypothesis
- http/cves/2021/CVE-2021-46418.yaml by @dhiyaneshdk
- http/cves/2021/CVE-2021-46419.yaml by @dhiyaneshdk
- http/cves/2019/CVE-2019-9632.yaml by @pdteam
- http/cves/2018/CVE-2018-10735.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-10736.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-10737.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-10738.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-6605.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-7314.yaml by @dhiyaneshdk
- http/cves/2016/CVE-2016-5674.yaml by @dhiyaneshdk
- dast/cves/2018/CVE-2018-19518.yaml by @princechaddha
- dast/cves/2021/CVE-2021-45046.yaml by @princechaddha
- dast/cves/2022/CVE-2022-34265.yaml by @princechaddha
- dast/cves/2022/CVE-2022-42889.yaml by @MorDavid,@princechaddha
- dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml by @pdteam,@geeknik
- dast/vulnerabilities/cmdi/ruby-open-rce.yaml by @pdteam
- dast/vulnerabilities/crlf/cookie-injection.yaml by @pdteam
- dast/vulnerabilities/crlf/crlf-injection.yaml by @pdteam
- dast/vulnerabilities/csti/angular-client-side-template-injection.yaml by @theamanrawat
- dast/vulnerabilities/lfi/lfi-keyed.yaml by @pwnhxl
- dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml by @dhiyaneshdk
- dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml by @pussycat0x
- dast/vulnerabilities/redirect/open-redirect.yaml by @princechaddha
- dast/vulnerabilities/rfi/generic-rfi.yaml by @m4lwhere
- dast/vulnerabilities/sqli/sqli-error-based.yaml by @geeknik,@pdteam
- dast/vulnerabilities/ssrf/blind-ssrf.yaml by @pdteam
- dast/vulnerabilities/ssrf/response-ssrf.yaml by @pdteam,@pwnhxl,@j4vaovo
- dast/vulnerabilities/ssti/reflection-ssti.yaml by @pdteam
- dast/vulnerabilities/xss/dom-xss.yaml by @theamanrawat
- dast/vulnerabilities/xss/reflected-xss.yaml by @pdteam
- dast/vulnerabilities/xxe/generic-xxe.yaml by @pwnhxl
- http/vulnerabilities/dahua/dahua-eims-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/huatian/huatian-oa-sqli.yaml by @ritikchaddha
- http/vulnerabilities/landray/landray-eis-sqli.yaml by @dhiyaneshdk
- http/vulnerabilities/other/voyager-lfi.yaml by @mammad_rahimzada
- javascript/cves/2012/CVE-2012-2122.yaml by @pussycat0x
- javascript/cves/2019/CVE-2019-9193.yaml by @pussycat0x
- javascript/enumeration/minecraft-enum.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-default-db.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-file-read.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-list-database.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-list-users.yaml by @pussycat0x
- javascript/enumeration/pgsql/pgsql-version-detect.yaml by @pussycat0x
- javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml by @pussycat0x
- javascript/misconfiguration/pgsql/postgresql-empty-password.yaml by @pussycat0x
- javascript/udp/detection/tftp-detect.yaml by @pussycat0x
- http/default-logins/3com/3Com-wireless-default-login.yaml by @ritikchaddha
- http/default-logins/3ware-default-login.yaml by @ritikchaddha
- http/default-logins/next-terminal/next-terminal-default-login.yaml by @ritikchaddha
- http/exposed-panels/amprion-gridloss-panel.yaml by @righettod
- http/exposed-panels/safenet-authentication-panel.yaml by @righettod
- http/exposed-panels/syfadis-xperience-panel.yaml by @righettod
- http/exposures/configs/deployment-ini.yaml by @michal Mikolas (nanuqcz)
- http/miscellaneous/form-detection.yaml by @pdteam
- http/misconfiguration/https-to-http-redirect.yaml by @kazet
- http/technologies/celebrus-detect.yaml by @righettod
- http/technologies/privatebin-detect.yaml by @righettod
- http/technologies/simplesamlphp-detect.yaml by @righettod
- http/technologies/yourls-detect.yaml by @lstatro
- network/c2/darkcomet-trojan.yaml by @pussycat0x
- network/c2/darktrack-rat-trojan.yaml by @pussycat0x
- network/c2/orcus-rat-trojan.yaml by @pussycat0x
- network/c2/xtremerat-trojan.yaml by @pussycat0x
New Contributors
- @omkar7505 made their first contribution in #9407
- @lstatro made their first contribution in #9473
- @null-hyp0thesis made their first contribution in #9497
- @memmedrehimzade made their first contribution in #9463
- @denandz made their first contribution in #9480
- @hossamshady11 made their first contribution in #9514
Full Changelog: v9.8.0...v9.8.1
v9.8.0 - Catch 'Em All: Network Vulnerabilities
🔥 Release Highlights 🔥
We're thrilled to share that with the launch of Nuclei Templates version 9.8.0, we've broadened our scope in network security checks. Our template library now boasts over 8,000 entries, encompassing more than 7,202 templates for web applications. This collection includes 2,200 web-related CVEs and features more than 850 templates aimed at identifying web vulnerabilities.
With the help of active community contributions, we have been adding all the latest web CVEs and vulnerabilities in the wild. While we continue to do so, we are focused on expanding our template offerings to include network vulnerabilities, providing the most comprehensive scanning.
With this release, we're inviting contributors to aid us in enriching our network vulnerability detection, facilitated by the new JS protocol. This makes it simpler to incorporate network checks through the newly introduced JS modules. For guidance on crafting JS templates, check out our documentation here.
Next, we are aiming to expand coverage of LDAP and Kerberos related checks. We are looking forward to getting more contributions from the community
What's Changed
New Templates Added: 85
| CVEs Added: 8
| First-time contributions: 5
- http/cves/2023/CVE-2023-49785.yaml by @high 🔥
- http/cves/2023/CVE-2023-5830.yaml by @mbb5546
- http/cves/2023/CVE-2023-5914.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-6114.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-6567.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-1212.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-1698.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-27954.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- javascript/audit/mysql/mysql-load-file.yaml by @pussycat0x
- javascript/enumeration/mysql/mysql-default-login.yaml by @dhiyaneshdk,@pussycat0x,@ritikchaddha
- javascript/enumeration/mysql/mysql-info.yaml by @pussycat0x
- javascript/enumeration/mysql/mysql-show-databases.yaml by @dhiyaneshdk
- javascript/enumeration/mysql/mysql-show-variables.yaml by @dhiyaneshdk
- javascript/enumeration/mysql/mysql-user-enum.yaml by @pussycat0x
- javascript/enumeration/pop3/pop3-capabilities-enum.yaml by @pussycat0x
- javascript/enumeration/redis/redis-info.yaml by @dhiyaneshdk
- javascript/enumeration/redis/redis-require-auth.yaml by @dhiyaneshdk
- javascript/enumeration/rsync/rsync-version.yaml by @dhiyaneshdk
- javascript/enumeration/smb/smb-default-creds.yaml by @pussycat0x
- javascript/enumeration/smb/smb-enum-domains.yaml by @dhiyaneshdk
- javascript/enumeration/smb/smb-os-detect.yaml by @pussycat0x
- javascript/enumeration/smb/smb-version-detect.yaml by @pussycat0x
- javascript/enumeration/smb/smb2-server-time.yaml by @dhiyaneshdk
- javascript/misconfiguration/mysql/mysql-empty-password.yaml by @dhiyaneshdk
- http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml by @dhiyaneshdk
- http/vulnerabilities/idoc/idocview-2word-fileupload.yaml by @dhiyaneshdk
- http/vulnerabilities/idoc/idocview-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml by @fur1na
- http/vulnerabilities/other/office365-indexs-fileread.yaml by @dhiyaneshdk
- http/vulnerabilities/other/ups-network-lfi.yaml by @Kazgangap
- http/default-logins/ispconfig-default-login.yaml by @pussycat0x
- http/misconfiguration/installer/posteio-installer.yaml by @ritikchaddha
- http/exposures/files/generic-db.yaml by @michal Mikolas (nanuqcz)
- http/exposed-panels/bynder-panel.yaml by @righettod
- http/exposed-panels/c2/ares-rat-c2.yaml by @pussycat0x
- http/exposed-panels/c2/caldera-c2.yaml by @pussycat0x
- http/exposed-panels/c2/hack5-cloud-c2.yaml by @pussycat0x
- http/exposed-panels/c2/pupyc2.yaml by @pussycat0x
- http/exposed-panels/c2/supershell-c2.yaml by @pussycat0x
- http/exposed-panels/cisco/cisco-expressway-panel.yaml by @righettod
- http/exposed-panels/emqx-panel.yaml by @righettod
- http/exposed-panels/fortinet/forticlientems-panel.yaml by @h4sh5
- http/exposed-panels/fortinet/fortiwlm-panel.yaml by @EgemenKochisarli
- http/exposed-panels/neocase-hrportal-panel.yaml by @righettod
- http/exposed-panels/osnexus-panel.yaml by @charles D.
- http/exposed-panels/posteio-admin-panel.yaml by @ritikchaddha
- http/exposed-panels/skeepers-panel.yaml by @righettod
- http/exposed-panels/softether-vpn-panel.yaml by @bhutch
- network/detection/wing-ftp-detect.yaml by @ritikchaddha
- ssl/c2/venomrat.yaml by @pussycat0x
- http/osint/phishing/kakao-login-phish.yaml by @hahwul
- http/osint/phishing/naver-login-phish.yaml by @hahwul
- http/technologies/directus-detect.yaml by @ricardomaia
- http/technologies/microsoft/aspnet-version-detect.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/technologies/microsoft/aspnetmvc-version-disclosure.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/technologies/wing-ftp-service-detect.yaml by @ritikchaddha
- dns/soa-detect.yaml by @rxerium
- dns/spf-record-detect.yaml by @rxerium
- dns/txt-service-detect.yaml by @rxerium
- file/keys/dependency/dependency-track.yaml by @dhiyaneshdk
- file/keys/docker/dockerhub-pat.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-audit.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-cli.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-scim.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-service-account.yaml by @dhiyaneshdk
- file/keys/doppler/doppler-service.yaml by @dhiyaneshdk
- file/keys/dropbox/dropbox-access.yaml by @dhiyaneshdk
- file/keys/huggingface/huggingface-user-access.yaml by @dhiyaneshdk
- file/keys/linkedin/linkedin-client.yaml by @dhiyaneshdk
- file/keys/linkedin/linkedin-secret.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-api-service.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-license-non.yaml by @dhiyaneshdk
- file/keys/newrelic/newrelic-license.yaml by @dhiyaneshdk
- file/keys/odbc/odbc-connection.yaml by @dhiyaneshdk
- file/keys/okta/okta-api.yaml by @dhiyaneshdk
- file/keys/particle/particle-access.yaml by @dhiyaneshdk
- file/keys/react/reactapp-password.yaml by @dhiyaneshdk
- file/keys/react/reactapp-username.yaml by @dhiyaneshdk
- file/keys/salesforce/salesforce-access.yaml by @dhiyaneshdk
- file/keys/thingsboard/thingsboard-access.yaml by @dhiyaneshdk
- file/keys/truenas/truenas-api.yaml by @dhiyaneshdk
- file/keys/twitter/twitter-client.yaml by @dhiyaneshdk
- file/keys/twitter/twitter-secret.yaml by @dhiyaneshdk,@gaurang,@daffainfo
- file/keys/wireguard/wireguard-preshared.yaml by @dhiyaneshdk
- file/keys/wireguard/wireguard-private.yaml by @dhiyaneshdk
B636160776167737022757F6025667965636562702C6C6967702275667275637024627F636379644022757F602E6F602C656E6E61686360237564716C607D65647D29656C63657E60256864702E6960222C6C61402D654720286364716342202567616373756D602F64702E6F63727560702473727966602568645 🐛
New Contributors
- @EgemenKochisarli made their first contribution in #9353
- @s-kali made their first contribution in #9357
- @Facucuervo87 made their first contribution in #9254
- @h4sh5 made their first contribution in #9350
- @Kazgangap made their first contribution in #9395
Full Changelog: v9.7.8...v9.8.0
v9.7.8 - Fishing for Phishing
🔥 Release Highlights 🔥
In our latest release, we are thrilled to announce new addition of 120+ OSINT - Phishing Detection templates
, thanks to the contributions of our community member @rxerium. These templates are accessible at Phishing Detection templates.
These templates are specifically added to help OSINT analysts, threat researchers, and security professionals in discovering and studying phishing campaigns therefore, we have added them to the OSINT scan profile here. Users can execute the OSINT scan configuration profile with nuclei -u <host> -config ~/nuclei-templates/config/osint.yml
Please note that these templates are not included in the default run. To use them, users can simply include them in the scan using nuclei -u <host> -tags phishing -itags phishing
.
By identifying and analyzing phishing sites, OSINT analysts can discover patterns, monitor the activities of threat actors, and collect data essential for broader security research or investigative journalism. This makes it a valuable addition to the OSINT toolkit.
What's Changed
New Templates Added: 126
- http/cves/2023/CVE-2023-43187.yaml by @0xParth
- http/cves/2023/CVE-2023-5089.yaml by @JPG0mez
- http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-passreset.yaml by @0xr2r
- http/exposed-panels/atlassian-bamboo-panel.yaml by @righettod
- http/exposed-panels/cleanweb-panel.yaml by @righettod
- http/exposed-panels/eset-protect-panel.yaml by @charles D.
- http/exposed-panels/graylog-panel.yaml by @righettod
- http/exposed-panels/lockself-panel.yaml by @righettod
- http/exposed-panels/moodle-workplace-panel.yaml by @righettod
- http/exposed-panels/nexus-panel.yaml by @righettod
- http/exposed-panels/pahtool-panel.yaml by @righettod
- http/technologies/hcpanywhere-detect.yaml by @righettod
- http/technologies/admiralcloud-detect.yaml by @righettod
- http/osint/phishing/1password-phish.yaml by @rxerium
- http/osint/phishing/adobe-phish.yaml by @rxerium
- http/osint/phishing/aliexpress-phish.yaml by @rxerium
- http/osint/phishing/amazon-phish.yaml by @rxerium
- http/osint/phishing/amazon-web-services-phish.yaml by @rxerium
- http/osint/phishing/american-express-phish.yaml by @rxerium
- http/osint/phishing/anydesk-phish.yaml by @rxerium
- http/osint/phishing/avast-phish.yaml by @rxerium
- http/osint/phishing/avg-phish.yaml by @rxerium
- http/osint/phishing/bank-of-america-phish.yaml by @rxerium
- http/osint/phishing/battlenet-phish.yaml by @rxerium
- http/osint/phishing/bestbuy-phish.yaml by @rxerium
- http/osint/phishing/bitdefender-phish.yaml by @rxerium
- http/osint/phishing/bitwarden-phish.yaml by @rxerium
- http/osint/phishing/blender-phish.yaml by @rxerium
- http/osint/phishing/booking-phish.yaml by @rxerium
- http/osint/phishing/box-storage-phish.yaml by @rxerium
- http/osint/phishing/brave-phish.yaml by @rxerium
- http/osint/phishing/brighthr-phish.yaml by @rxerium
- http/osint/phishing/ccleaner-phish.yaml by @rxerium
- http/osint/phishing/chase-phish.yaml by @rxerium
- http/osint/phishing/chrome-phish.yaml by @rxerium
- http/osint/phishing/costa-phish.yaml by @rxerium
- http/osint/phishing/dashlane-phish.yaml by @rxerium
- http/osint/phishing/deezer-phish.yaml by @rxerium
- http/osint/phishing/deliveroo-phish.yaml by @rxerium
- http/osint/phishing/digital-ocean-phish.yaml by @rxerium
- http/osint/phishing/discord-phish.yaml by @rxerium
- http/osint/phishing/disneyplus-phish.yaml by @rxerium
- http/osint/phishing/dropbox-phish.yaml by @rxerium
- http/osint/phishing/duckduckgo-phish.yaml by @rxerium
- http/osint/phishing/ebay-phish.yaml by @rxerium
- http/osint/phishing/edge-phish.yaml by @rxerium
- http/osint/phishing/ee-mobile-phish.yaml by @rxerium
- http/osint/phishing/eset-phish.yaml by @rxerium
- http/osint/phishing/evernote-phish.yaml by @rxerium
- http/osint/phishing/facebook-phish.yaml by @rxerium
- http/osint/phishing/figma-phish.yaml by @rxerium
- http/osint/phishing/filezilla-phish.yaml by @rxerium
- http/osint/phishing/firefox-phish.yaml by @rxerium
- http/osint/phishing/gimp-phish.yaml by @rxerium
- http/osint/phishing/github-phish.yaml by @rxerium
- http/osint/phishing/google-phish.yaml by @rxerium
- http/osint/phishing/icloud-phish.yaml by @rxerium
- http/osint/phishing/instagram-phish.yaml by @rxerium
- http/osint/phishing/kaspersky-phish.yaml by @rxerium
- http/osint/phishing/kayak-phish.yaml by @rxerium
- http/osint/phishing/keepass-phish.yaml by @rxerium
- http/osint/phishing/keepersecurity-phish.yaml by @rxerium
- http/osint/phishing/keybase-phish.yaml by @rxerium
- http/osint/phishing/lastpass-phish.yaml by @rxerium
- http/osint/phishing/libre-office-phish.yaml by @rxerium
- http/osint/phishing/linkedin-phish.yaml by @rxerium
- http/osint/phishing/malwarebytes-phish.yaml by @rxerium
- http/osint/phishing/mcafee-phish.yaml by @rxerium
- http/osint/phishing/mega-phish.yaml by @rxerium
- http/osint/phishing/messenger-phish.yaml by @rxerium
- http/osint/phishing/microcenter-phish.yaml by @rxerium
- http/osint/phishing/microsoft-phish.yaml by @rxerium
- http/osint/phishing/microsoft-teams-phish.yaml by @rxerium
- http/osint/phishing/netflix-phish.yaml by @rxerium
- http/osint/phishing/nordpass-phish.yaml by @rxerium
- http/osint/phishing/norton-phish.yaml by @rxerium
- http/osint/phishing/notion-phish.yaml by @rxerium
- http/osint/phishing/o2-mobile-phish.yaml by @rxerium
- http/osint/phishing/openai-phish.yaml by @rxerium
- http/osint/phishing/opera-phish.yaml by @rxerium
- http/osint/phishing/paramountplus-phish.yaml by @rxerium
- http/osint/phishing/paypal-phish.yaml by @rxerium
- http/osint/phishing/pcloud-phish.yaml by @rxerium
- http/osint/phishing/pintrest-phish.yaml by @rxerium
- http/osint/phishing/plusnet-phish.yaml by @rxerium
- http/osint/phishing/proton-phish.yaml by @rxerium
- http/osint/phishing/putty-phish.yaml by @rxerium
- http/osint/phishing/python-phish.yaml by @rxerium
- http/osint/phishing/quora-phish.yaml by @rxerium
- http/osint/phishing/reddit-phish.yaml by @rxerium
- http/osint/phishing/roblox-phish.yaml by @rxerium
- http/osint/phishing/roboform-phish.yaml by @rxerium
- http/osint/phishing/royal-mail-phish.yaml by @rxerium
- http/osint/phishing/samsung-phish.yaml by @rxerium
- http/osint/phishing/signal-phish.yaml by @rxerium
- http/osint/phishing/sky-phish.yaml by @rxerium
- http/osint/phishing/skype-phish.yaml by @rxerium
- http/osint/phishing/skyscanner-phish.yaml by @rxerium
- http/osint/phishing/slack-phish.yaml by @rxerium
- http/osint/phishing/sophos-phish.yaml by @rxerium
- http/osint/phishing/spotify-phish.yaml by @rxerium
- http/osint/phishing/steam-phish.yaml by @rxerium
- http/osint/phishing/sync-storage-phish.yaml by @rxerium
- http/osint/phishing/target-phish.yaml by @rxerium
- http/osint/phishing/teamviewer-phish.yaml by @rxerium
- http/osint/phishing/telegram-phish.yaml by @rxerium
- http/osint/phishing/three-mobile-phish.yaml by @rxerium
- http/osint/phishing/thunderbird-phish.yaml by @rxerium
- http/osint/phishing/ticketmaster-phish.yaml by @rxerium
- http/osint/phishing/tiktok-phish.yaml by @rxerium
- http/osint/phishing/trading212-phish.yaml by @rxerium
- http/osint/phishing/trend-micro-phish.yaml by @rxerium
- http/osint/phishing/trip-phish.yaml by @rxerium
- http/osint/phishing/twitch-phish.yaml by @rxerium
- http/osint/phishing/uber-phish.yaml by @rxerium
- http/osint/phishing/visual-studio-code-phish.yaml by @rxerium
- http/osint/phishing/vlc-player-phish.yaml by @rxerium
- http/osint/phishing/vodafone-phish.yaml by @rxerium
- http/osint/phishing/vultr-phish.yaml by @rxerium
- http/osint/phishing/walmart-phish.yaml by @rxerium
- http/osint/phishing/wetransfer-phish.yaml by @rxerium
- http/osint/phishing/whatsapp-phish.yaml by @rxerium
- http/osint/phishing/wikipedia-phish.yaml by @rxerium
- http/osint/phishing/winscp-phish.yaml by @rxerium
- http/osint/phishing/yahoo-phish.yaml by @rxerium
- http/osint/phishing/zoom-phish.yaml by @rxerium
New Contributors
- @Sandr0x00 made their first contribution in #9297
- @0xParth made their first contribution in #9294
Full Changelog: v9.7.7...v9.7.8
v9.7.7
🔥 Release Highlights 🔥
- http/cves/2024/CVE-2024-1071.yaml by @dhiyaneshdk,@Iamnooob 🔥
- http/cves/2024/CVE-2024-1709.yaml by @johnk3r 🔥
- http/cves/2024/CVE-2024-23334.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-25600.yaml by @Christbowel 🔥
- http/cves/2024/CVE-2024-27198.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-27199.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-27497.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-38203.yaml by @yiran 🔥
- http/cves/2023/CVE-2023-42344.yaml by @0xr2r 🔥
- http/cves/2023/CVE-2023-48777.yaml by @dhiyaneshdk 🔥
What's Changed
New Templates Added: 82
| CVEs Added: 21
| First-time contributions: 8
- http/cves/2024/CVE-2024-0305.yaml by @BMcEL
- http/cves/2024/CVE-2024-0713.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-1021.yaml by @BMcEL
- http/cves/2024/CVE-2024-1071.yaml by @dhiyaneshdk,@Iamnooob 🔥
- http/cves/2024/CVE-2024-1208.yaml by @ritikchaddha
- http/cves/2024/CVE-2024-1209.yaml by @ritikchaddha
- http/cves/2024/CVE-2024-1210.yaml by @ritikchaddha
- http/cves/2024/CVE-2024-1709.yaml by @johnk3r 🔥
- http/cves/2024/CVE-2024-22319.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-22320.yaml by @dhiyaneshdk
- http/cves/2024/CVE-2024-23334.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-25600.yaml by @Christbowel 🔥
- http/cves/2024/CVE-2024-27198.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-27199.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-27497.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-38203.yaml by @yiran 🔥
- http/cves/2023/CVE-2023-42344.yaml by @0xr2r 🔥
- http/cves/2023/CVE-2023-45671.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-48777.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-6895.yaml by @Archer
- http/cnvd/2023/CNVD-2023-96945.yaml by @dhiyaneshdk
- http/cves/2015/CVE-2015-1635.yaml by @phillipo
- http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-update.yaml by @0xr2r
- http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml by @dhiyaneshdk
- http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml by @ritikchaddha
- http/vulnerabilities/other/lucee-unset-credentials.yaml by @JPG0mez
- http/vulnerabilities/yonyou/yonyou-ufida-nc-lfi.yaml by @dhiyaneshdk
- http/misconfiguration/cloudflare-rocketloader-htmli.yaml by @j3ssie
- http/misconfiguration/installer/connectwise-setup.yaml by @dhiyaneshdk
- http/default-logins/ibm/ibm-dcbc-default-login.yaml by @dhiyaneshdk
- http/default-logins/ibm/ibm-dcec-default-login.yaml by @dhiyaneshdk
- http/default-logins/ibm/ibm-dsc-default-login.yaml by @dhiyaneshdk
- http/default-logins/ibm/ibm-hmc-default-login.yaml by @r3s OST
- http/default-logins/ibm/imm-default-login.yaml by @JPG0mez
- http/default-logins/lucee/lucee-default-login.yaml by @JPG0mez
- http/exposed-panels/c2/meduza-stealer.yaml by @dwisiswant0
- http/exposed-panels/cisco-unity-panel.yaml by @HeeresS
- http/exposed-panels/connectwise-panel.yaml by @johnk3r
- http/exposed-panels/fortinet/fortiauthenticator-detect.yaml by @johnk3r
- http/exposed-panels/ibm/ibm-dcec-panel.yaml by @dhiyaneshdk
- http/exposed-panels/ibm/ibm-decision-server-console.yaml by @dhiyaneshdk
- http/exposed-panels/ibm/ibm-odm-panel.yaml by @dhiyaneshdk
- http/exposed-panels/koel-panel.yaml by @rxerium
- http/exposed-panels/kopano-webapp-panel.yaml by @righettod
- http/exposed-panels/linshare-panel.yaml by @righettod
- http/exposed-panels/openvas-panel.yaml by @rxerium
- http/exposed-panels/opinio-panel.yaml by @righettod
- http/exposed-panels/redmine-panel.yaml by @righettod
- http/exposed-panels/rocketchat-panel.yaml by @righettod
- http/exposed-panels/webtransfer-client-panel.yaml by @righettod
- http/exposures/configs/sphinxsearch-config.yaml by @gtrrnr
- http/exposures/tokens/dependency/dependency-track-api.yaml by @dhiyaneshdk
- http/exposures/tokens/docker/docker-hub-pat.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-audit-token.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-cli-token.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-scim-token.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-service-account-token.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-service-token.yaml by @dhiyaneshdk
- http/exposures/tokens/dropbox/dropbox-access-token.yaml by @dhiyaneshdk
- http/exposures/tokens/huggingface/huggingface-user-access-token.yaml by @dhiyaneshdk
- http/exposures/tokens/linkedin/linkedin-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/linkedin/linkedin-secret-key.yaml by @dhiyaneshdk
- http/exposures/tokens/newrelic/newrelic-api-service-key.yaml by @dhiyaneshdk
- http/exposures/tokens/newrelic/newrelic-license-key-non.yaml by @dhiyaneshdk
- http/exposures/tokens/newrelic/newrelic-license-key.yaml by @dhiyaneshdk
- http/exposures/tokens/odbc/odbc-connection-string.yaml by @dhiyaneshdk
- http/exposures/tokens/okta/okta-api-token.yaml by @dhiyaneshdk
- http/exposures/tokens/particle/particle-access-token.yaml by @dhiyaneshdk
- http/exposures/tokens/react/react-app-password.yaml by @dhiyaneshdk
- http/exposures/tokens/react/react-app-username.yaml by @dhiyaneshdk
- http/exposures/tokens/salesforce/salesforce-access-token.yaml by @dhiyaneshdk
- http/exposures/tokens/thingsboard/thingsboard-access-token.yaml by @dhiyaneshdk
- http/exposures/tokens/truenas/truenas-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/twitter/twitter-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/twitter/twitter-secret-key.yaml by @dhiyaneshdk
- http/exposures/tokens/wireguard/wireguard-preshared-key.yaml by @dhiyaneshdk
- http/exposures/tokens/wireguard/wireguard-private-key.yaml by @dhiyaneshdk
- http/miscellaneous/maxforwards-headers-detect.yaml by @righettod
- http/technologies/ibm/ibm-decision-runner.yaml by @dhiyaneshdk
- http/technologies/ibm/ibm-decision-server-runtime.yaml by @dhiyaneshdk
- http/technologies/ibm/ibm-odm-detect.yaml by @dhiyaneshdk
- http/technologies/pexip-detect.yaml by @righettod
New Contributors
- @Christbowel made their first contribution in #9181
- @bmcxxx made their first contribution in #9225
- @zyrnj made their first contribution in #9235
- @g33gs made their first contribution in #9211
- @NeckBeardPrince made their first contribution in #9255
- @JPG0mez made their first contribution in #9271
- @trolldbois made their first contribution in #9289
- @Michal-Mikolas made their first contribution in #9282
Full Changelog: v9.7.6...v9.7.7
v9.7.6
🔥 Release Highlights 🔥
- http/cves/2024/CVE-2024-21893.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-22024.yaml by @watchtowr 🔥
- code/cves/2023/CVE-2023-6246.yaml by @gy741 🔥
What's Changed
New Templates Added: 49
| CVEs Added: 22
| First-time contributions: 12
- code/cves/2023/CVE-2023-6246.yaml by @gy741 🔥
- http/cves/2024/CVE-2024-1061.yaml by @xxcdd
- http/cves/2024/CVE-2024-21644.yaml by @West-wise
- http/cves/2024/CVE-2024-21645.yaml by @isacaya
- http/cves/2024/CVE-2024-21893.yaml by @dhiyaneshdk 🔥
- http/cves/2024/CVE-2024-22024.yaml by @watchtowr 🔥
- http/cves/2024/CVE-2024-25669.yaml by @r3naissance
- http/cves/2024/CVE-2024-25735.yaml by @johnk3r
- http/cves/2023/CVE-2023-28662.yaml by @xxcdd
- http/cves/2023/CVE-2023-40355.yaml by @amir-h-fallahi
- http/cves/2023/CVE-2023-47115.yaml by @isacaya
- http/cves/2023/CVE-2023-52085.yaml by @Sanineng
- http/cves/2023/CVE-2023-6360.yaml by @xxcdd
- http/cves/2023/CVE-2023-6831.yaml by @byObin
- http/cves/2023/CVE-2023-6909.yaml by @Hyunsoo-ds
- http/cves/2022/CVE-2022-38131.yaml by @xxcdd
- http/cves/2021/CVE-2021-24442.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-24849.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-24943.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-40651.yaml by @ctflearner
- http/cves/2011/CVE-2011-4640.yaml by @ctflearner
- http/cves/2007/CVE-2007-3010.yaml by @king-alexander
- http/vulnerabilities/generic/xss-fuzz.yaml by @kazet
- http/vulnerabilities/lucee-rce.yaml by @rootxharsh,@iamnoooob,@pdresearch
- http/vulnerabilities/other/glodon-linkworks-sqli.yaml by @dhiyaneshdk
- http/vulnerabilities/wordpress/wp-user-enum.yaml by @Manas_Harsh,@daffainfo,@geeknik,@dr0pd34d
- http/misconfiguration/node-express-dev-env.yaml by @flx
- http/misconfiguration/sap/sap-public-admin.yaml by @t3l3machus
- http/default-logins/webmethod/webmethod-integration-default-login.yaml by @ChristianPoeschl,@OleWagner,@usdAG
- http/exposures/logs/teampass-ldap.yaml by @josecosta
- http/exposed-panels/apigee-panel.yaml by @righettod
- http/exposed-panels/dockge-panel.yaml by @rxerium
- http/exposed-panels/dokuwiki-panel.yaml by @righettod
- http/exposed-panels/easyjob-panel.yaml by @righettod
- http/exposed-panels/friendica-panel.yaml by @righettod
- http/exposed-panels/gotify-panel.yaml by @righettod
- http/exposed-panels/haivision-gateway-panel.yaml by @righettod
- http/exposed-panels/haivision-media-platform-panel.yaml by @righettod
- http/exposed-panels/ivanti-connect-secure-panel.yaml by @rxerium
- http/exposed-panels/juniper-panel.yaml by @bhutch
- http/exposed-panels/ms-exchange-web-service.yaml by @bhutch
- http/exposed-panels/pairdrop-panel.yaml by @rxerium
- http/exposed-panels/passbolt-panel.yaml by @righettod
- http/exposed-panels/proofpoint-protection-server-panel.yaml by @johnk3r
- http/exposed-panels/sentry-panel.yaml by @righettod
- http/exposed-panels/vistaweb-panel.yaml by @righettod
- http/miscellaneous/balada-injector-malware.yaml by @kazet
- http/technologies/google/chromecast-detect.yaml by @LucianNitescu
- http/technologies/identity-server-v3-detect.yaml by @righettod
New Contributors
- @t3l3machus made their first contribution in #9044
- @West-wise made their first contribution in #9042
- @xxcdd made their first contribution in #9058
- @hazaldrv made their first contribution in #9049
- @Hyunsoo-ds made their first contribution in #9074
- @Deadbeastrs made their first contribution in #9103
- @Sanineng made their first contribution in #9075
- @attritionorg made their first contribution in #9144
- @byObin made their first contribution in #9098
- @k11h-de made their first contribution in #9145
- @amir-h-fallahi made their first contribution in #9135
- @msegoviag made their first contribution in #9155
Full Changelog: v9.7.5...v9.7.6
v9.7.5 - Local Privilege Escalation
🔥 Release Highlights 🔥
In our latest release, we have added a significant number of trending CVEs and are excited to announce the addition of new local privilege escalation templates. These valuable contributions come from our community, with a notable contribution from @daffainfo, and are available at Local Privilege Escalation Templates. These templates utilize the newly introduced code protocol, enhancing their capability to detect vulnerabilities more effectively.
It's important to note that these templates are specifically designed for local execution to identify privilege escalation vulnerabilities. For security reasons, they are not executed as part of the default Nuclei scan. We ensure the security and authenticity of these templates by signing them officially. To run these templates, users need to provide the -code
flag along with -itags local
. These additions are particularly useful for penetration testing and red-teaming focusing on privilege escalation, and we plan to further expand their coverage in future updates. Following are the other highlights of this release:
- javascript/cves/2024/CVE-2024-23897.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-0204.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-47211.yaml by @gy741 🔥
- http/cves/2023/CVE-2023-22527.yaml by @Iamnooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-6875.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2019/CVE-2019-16469.yaml by @DomenicoVeneziano 🔥
What's Changed
New Templates Added: 106
| CVEs Added: 14
| First-time contributions: 14
- javascript/cves/2024/CVE-2024-23897.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-0204.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-48023.yaml by @cookiehanhoan,@harryha
- http/cves/2023/CVE-2023-47643.yaml by @isacaya
- http/cves/2023/CVE-2023-47211.yaml by @gy741 🔥
- http/cves/2023/CVE-2023-44352.yaml by @pwnwithlove
- http/cves/2023/CVE-2023-27640.yaml by @mastercho
- http/cves/2023/CVE-2023-27639.yaml by @mastercho
- http/cves/2023/CVE-2023-22527.yaml by @Iamnooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-6977.yaml by @gy741
- http/cves/2023/CVE-2023-6875.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-6023.yaml by @M0ck3d,@cookiehanhoan
- http/cves/2019/CVE-2019-16469.yaml by @DomenicoVeneziano 🔥
- http/cves/2018/CVE-2018-10942.yaml by @mastercho
- http/vulnerabilities/apache/apache-nifi-rce.yaml by @arliya
- http/vulnerabilities/juniper/junos-xss.yaml by @dhiyaneshdk
- http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml by @mastercho
- http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml by @mastercho
- code/privilege-escalation/linux/binary/privesc-aa-exec.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-ash.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-awk.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-bash.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-cdist.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-choom.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-cpulimit.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-csh.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-csvtool.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-dash.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-dc.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-distcc.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-elvish.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-enscript.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-env.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-expect.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-find.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-fish.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-flock.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-gawk.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-grc.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-ionice.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-julia.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-lftp.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-ltrace.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-lua.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-mawk.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-multitime.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-mysql.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-nawk.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-nice.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-node.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-nsenter.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-perl.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-pexec.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-php.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-posh.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-python.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rake.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rc.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rlwrap.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rpm.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rpmdb.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-rpmverify.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-ruby.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-run-parts.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-sash.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-slsh.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-socat.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-softlimit.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-sqlite3.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-ssh-agent.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-sshpass.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-stdbuf.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-strace.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-tar.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-tcsh.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-time.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-timeout.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-tmate.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-torify.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-torsocks.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-unshare.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-vi.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-view.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-vim.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-xargs.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-xdg-user-dir.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-yash.yaml by @daffainfo
- code/privilege-escalation/linux/binary/privesc-zsh.yaml by @daffainfo
- code/privilege-escalation/linux/rw-shadow.yaml by @daffainfo
- code/privilege-escalation/linux/rw-sudoers.yaml by @daffainfo
- code/privilege-escalation/linux/sudo-nopasswd.yaml by @daffainfo
- code/privilege-escalation/linux/writable-etc-passwd.yaml by @daffainfo
- http/default-logins/node-red/nodered-default-login.yaml by @savik
- http/default-logins/powershell/powershell-default-login.yaml by @ap3r
- http/exposed-panels/autoset-detect.yaml by @mastercho
- http/exposed-panels/compalex-panel-detect.yaml by @mastercho
- http/exposed-panels/doris-panel.yaml by @ritikchaddha
- http/exposed-panels/lomnido-panel.yaml by @righettod
- http/exposures/configs/vbulletin-path-disclosure.yaml by @mastercho
- http/exposures/logs/go-pprof-debug.yaml by @w8ay
- http/miscellaneous/defacement-detect.yaml by @ricardomaia
- http/misconfiguration/doris-dashboard.yaml by @ritikchaddha
- http/misconfiguration/springboot/springboot-integrationgraph.yaml by @ELSFA7110
- http/misconfiguration/springboot/springboot-startup.yaml by @ELSFA7110
- http/technologies/tibco-businessconnect-detect.yaml by @righettod
- dns/dns-rebinding.yaml by @ricardomaia
New Contributors
- @PhillipoTF2 made their first contribution in #8965
- @sea-god made their first contribution in #7042
- @jmoraissec made their first contribution in #8966
- @hieuha made their first contribution in #8978
- @shivamsaraswat made their first contribution in #8919
- @dkasak made their first contribution in #8974
- @boy-hack made their first...
v9.7.4
🔥 Release Highlights 🔥
- http/cves/2020/CVE-2020-27838.yaml by @mchklt 🔥
- http/cves/2022/CVE-2022-47501.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-46805.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-50290.yaml by @banana69,@dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-6634.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2024/CVE-2024-21887.yaml by @pdresearch,@parthmalhotra,@iamnoooob 🔥
Full Changelog: v9.7.3...v9.7.4
v9.7.3
🔥 Release Highlights 🔥
- code/cves/2019/CVE-2019-14287.yaml by @daffainfo 🔥
- code/cves/2021/CVE-2021-3156.yaml by @pussycat0x 🔥
- http/cves/2023/CVE-2023-44353.yaml by @Salts 🔥
- http/cves/2023/CVE-2023-50917.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-50968.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-51467.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-6063.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-7028.yaml by @dhiyaneshdk,@rootxharsh,@Iamnooob,@pdresearch 🔥
What's Changed
New Templates Added: 45
| CVEs Added: 16
| First-time contributions: 6
- code/cves/2019/CVE-2019-14287.yaml by @daffainfo 🔥
- code/cves/2021/CVE-2021-3156.yaml by @pussycat0x 🔥
- http/cves/2015/CVE-2015-2794.yaml by @1337kro
- http/cves/2020/CVE-2020-12124.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-41109.yaml by @princechaddha
- http/cves/2023/CVE-2023-42343.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-44353.yaml by @Salts 🔥
- http/cves/2023/CVE-2023-46574.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-50917.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-50968.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-51467.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-6063.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-6379.yaml by @msegoviag
- http/cves/2023/CVE-2023-6623.yaml by @iamnoooob,@rootxharsh,@pdresearch,@coldfish
- http/cves/2023/CVE-2023-7028.yaml by @dhiyaneshdk,@rootxharsh,@Iamnooob,@pdresearch 🔥
- http/cves/2024/CVE-2024-0352.yaml by @cookiehanhoan,@babybash,@samuelsamuelsamuel
- http/vulnerabilities/dahua/dahua-icc-backdoor-user.yaml by @dhiyaneshdk
- http/vulnerabilities/dlink/dlink-netgear-xss.yaml by @gtrrnr,@vulnspace
- http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/wanhu/wanhuoa-downloadservlet-lfi.yaml by @wpsec
- http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml by @dhiyaneshdk
- javascript/network/smb/smb-anonymous-access.yaml by @pussycat0x
- javascript/network/smb/smb-shares.yaml by @pussycat0x
- javascript/network/smb/smb-signing-not-required.yaml by @pussycat0x
- javascript/network/smb/smb2-capabilities.yaml by @pussycat0x
- http/misconfiguration/apache/apache-server-status.yaml by @Thabisocn
- http/misconfiguration/cookies-without-httponly-secure.yaml by @princechaddha,@Mr.Bobo HP
- http/misconfiguration/php/php-composer-binary.yaml by @mayank_pandey01
- network/misconfig/erlang-daemon.yaml by @pussycat0x
- http/default-logins/camunda/camunda-default-login.yaml by @bhutch
- http/exposed-panels/goodjob-dashboard.yaml by @hahwul
- http/exposed-panels/onlyoffice-login-panel.yaml by @eremit4
- http/exposures/docker-daemon-exposed.yaml by @arm!tage
- http/osint/piratebay.yaml by @philippedelteil
- cloud/enum/aws-app-enum.yaml by @initstring
- cloud/enum/aws-s3-bucket-enum.yaml by @initstring
- cloud/enum/azure-db-enum.yaml by @initstring
- cloud/enum/azure-vm-cloud-enum.yaml by @initstring
- cloud/enum/azure-website-enum.yaml by @initstring
- cloud/enum/gcp-app-engine-enum.yaml by @initstring
- cloud/enum/gcp-bucket-enum.yaml by @initstring
- cloud/enum/gcp-firebase-app-enum.yaml by @initstring
- cloud/enum/gcp-firebase-rtdb-enum.yaml by @initstring
- http/technologies/cisco-asa-detect.yaml by @sdcampbell
New Contributors
- @Blackbird594 made their first contribution in #8858
- @malacupa made their first contribution in #8812
- @fail-open made their first contribution in #8896
- @mailler0xa made their first contribution in #8925
- @juicewrldxxx made their first contribution in #8924
- @wpsec made their first contribution in #8931
Full Changelog: v9.7.2...v9.7.3