URL Extension Inspector

ID: url-extension-inspector

Severity: unknown

Author: ayadim

Tags: file,url-analyse,urls,extension

Description

This template assists you in discovering intriguing extensions within a list of URLs.

YAML Source

id: url-extension-inspector

info:
  name: URL Extension Inspector
  author: ayadim
  severity: unknown
  description: |
    This template assists you in discovering intriguing extensions within a list of URLs.
  reference:
    - https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/
  tags: file,url-analyse,urls,extension
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: Hot finding
        regex:
          - "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)"

      - type: regex
        name: Backup file
        regex:
          - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")"

      - type: regex
        name: PHP Source
        regex:
          - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"

      - type: regex
        name: ASP Source
        regex:
          - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"

      - type: regex
        name: Database file
        regex:
          - "(?i)\\.db|\\.sql('|\")"

      - type: regex
        name: Bash script
        regex:
          - "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")"

      - type: regex
        name: 1Password password manager database file
        regex:
          - "(?i)\\.agilekeychain('|\")"

      - type: regex
        name: ASP configuration file
        regex:
          - "(?i)\\.asa('|\")"

      - type: regex
        name: Apple Keychain database file
        regex:
          - "(?i)\\.keychain('|\")"

      - type: regex
        name: Azure service configuration schema file
        regex:
          - "(?i)\\.cscfg('|\")"

      - type: regex
        name: Compressed archive file
        regex:
          - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")"

      - type: regex
        name: Configuration file
        regex:
          - "(?i)(\\.ini|\\.config|\\.conf)('|\")"

      - type: regex
        name: Day One journal file
        regex:
          - "(?i)\\.dayone('|\")"

      - type: regex
        name: Document file
        regex:
          - "(?i)(\\.doc|\\.docx|\\.rtf)('|\")"

      - type: regex
        name: GnuCash database file
        regex:
          - "(?i)\\.gnucash('|\")"

      - type: regex
        name: Include file
        regex:
          - "(?i)\\.inc('|\")"

      - type: regex
        name: XML file
        regex:
          - "(?i)\\.xml('|\")"

      - type: regex
        name: Old file
        regex:
          - "(?i)\\.old('|\")"

      - type: regex
        name: Log file
        regex:
          - "(?i)\\.log('|\")"

      - type: regex
        name: Java file
        regex:
          - "(?i)\\.java('|\")"

      - type: regex
        name: SQL dump file
        regex:
          - "(?i)\\.sql('|\")"

      - type: regex
        name: Excel file
        regex:
          - "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")"

      - type: regex
        name: Certificate file
        regex:
          - "(?i)(\\.cer|\\.crt|\\.p7b)('|\")"

      - type: regex
        name: Java key storte
        regex:
          - "(?i)\\.jks('|\")"

      - type: regex
        name: KDE Wallet Manager database file
        regex:
          - "(?i)\\.kwallet('|\")"

      - type: regex
        name: Little Snitch firewall configuration file
        regex:
          - "(?i)\\.xpl('|\")"

      - type: regex
        name: Microsoft BitLocker Trusted Platform Module password file
        regex:
          - "(?i)\\.tpm('|\")"

      - type: regex
        name: Microsoft BitLocker recovery key file
        regex:
          - "(?i)\\.bek('|\")"

      - type: regex
        name: Microsoft SQL database file
        regex:
          - "(?i)\\.mdf('|\")"

      - type: regex
        name: Microsoft SQL server compact database file
        regex:
          - "(?i)\\.sdf('|\")"

      - type: regex
        name: Network traffic capture file
        regex:
          - "(?i)\\.pcap('|\")"

      - type: regex
        name: OpenVPN client configuration file
        regex:
          - "(?i)\\.ovpn('|\")"

      - type: regex
        name: PDF file
        regex:
          - "(?i)\\.pdf('|\")"

      - type: regex
        name: PHP file
        regex:
          - "(?i)\\.pcap('|\")"

      - type: regex
        name: Password Safe database file
        regex:
          - "(?i)\\.psafe3('|\")"

      - type: regex
        name: Potential configuration file
        regex:
          - "(?i)\\.yml('|\")"

      - type: regex
        name: Potential cryptographic key bundle
        regex:
          - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")"

      - type: regex
        name: Potential private key
        regex:
          - "(?i)otr.private_key('|\")"

      - type: regex
        name: Presentation file
        regex:
          - "(?i)(\\.ppt|\\.pptx)('|\")"

      - type: regex
        name: Python file
        regex:
          - "(?i)\\.py('|\")"

      - type: regex
        name: Remote Desktop connection file
        regex:
          - "(?i)\\.rdp('|\")"

      - type: regex
        name: Ruby On Rails file
        regex:
          - "(?i)\\.rb('|\")"

      - type: regex
        name: SQLite database file
        regex:
          - "(?i)\\.sqlite|\\.sqlitedb('|\")"

      - type: regex
        name: SQLite3 database file
        regex:
          - "(?i)\\.sqlite3('|\")"

      - type: regex
        name: Sequel Pro MySQL database manager bookmark file
        regex:
          - "(?i)\\.plist('|\")"

      - type: regex
        name: Shell configuration file
        regex:
          - "(?i)(\\.exports|\\.functions|\\.extra)('|\")"

      - type: regex
        name: Temporary file
        regex:
          - "(?i)\\.tmp"

      - type: regex
        name: Terraform variable config file
        regex:
          - "(?i)\\.tfvars('|\")"

      - type: regex
        name: Text file
        regex:
          - "(?i)\\.txt('|\")"

      - type: regex
        name: Tunnelblick VPN configuration file
        regex:
          - "(?i)\\.tblk('|\")"

      - type: regex
        name: Windows BitLocker full volume encrypted data file
        regex:
          - "(?i)\\.fve('|\")"
# digest: 490a0046304402205b2080f516f955839eaf0396d3db2b4b8b390e39f65840c2807d992257eafc000220633e1999e0c2de945088150cf68403e7889d9e7376245478b2cc2c28974afd95:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "file/url-analyse/url-extension-inspector.yaml"

View on Github