-
Notifications
You must be signed in to change notification settings - Fork 0
/
http_scripts.json.example
72 lines (72 loc) · 1.96 KB
/
http_scripts.json.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
[
{
"name": "demo_script",
"version": "1.0",
"type": "CVE",
"description": "Demo script to demonstrate the functionality",
"author": "Catalin Ancutei",
"steps": [
{
"not": {
"function_pass": "http_method_is",
"args": {
"method": "GET"
}
}
},
{
"or": [
{
"function_pass": "http_path_contains",
"args": {
"tokens": [
"exec",
"execv"
]
}
},
{
"function_pass": "http_body_contains",
"args": {
"tokens": [
"echo"
]
}
}
]
},
{
"return": {
"id": "CVE-1234-56789",
"type": "DIRECTORY_TRAVERSAL",
"score": 5.3
}
}
]
},
{
"name": "log4j",
"version": "1.0",
"type": "CVE",
"description": "Check if log4j is vulnerable to CVE-2021-44228",
"author": "Catalin Ancutei",
"steps": [
{
"function_pass": "http_packet_contains",
"args": {
"tokens": [
"${jndi:ldap",
"${jndi:dns"
]
}
},
{
"return": {
"id": "CVE-2021-44228",
"type": "REMOTE_CODE_EXECUTION",
"score": 9.4
}
}
]
}
]