@cyberstrike-io/cyberstrike 1.1.10 → 1.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -7
- package/package.json +2 -2
- package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-00/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-99/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-11/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-auth-session/SKILL.md +0 -3
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05.1/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05.2/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-01.1/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-11/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-12/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-13/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-clnt-14/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-11/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-12/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-conf-13/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-cryp-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-cryp-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-cryp-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-cryp-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-errh-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-errh-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-idnt-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-idnt-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-idnt-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-idnt-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-idnt-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-info-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-injection/SKILL.md +0 -3
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.1/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.2/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.3/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.4/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.5/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.6/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.7/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-05.8/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-11/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-11.1/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-12/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-13/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-14/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-15/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-16/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-17/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-18/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-19/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-inpv-20/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-logic-client-api/SKILL.md +0 -3
- package/skill/WEB/OWASP_WSTG_4.2/wstg-recon-config/SKILL.md +0 -3
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-01/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-02/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-03/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-04/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-05/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-06/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-07/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-08/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-09/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-10/SKILL.md +0 -6
- package/skill/WEB/OWASP_WSTG_4.2/wstg-sess-11/SKILL.md +0 -6
- package/skill/ad-security/SKILL.md +0 -3
- package/skill/bun-file-io/SKILL.md +0 -3
- package/skill/kerberos-attacks/SKILL.md +0 -3
- package/skill/recon-methodology/SKILL.md +0 -3
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 4c6e020d66b79707940327cc51656be6c5cec6e019e91f87be670c21be6e11db
|
|
15
|
-
signature: H6pTJsa1p/K6TafV9iPbdLFoGrPEfMf7839Tq3dncpmoFENwedsZl1i4qc/EhWG9+DnEx/P+Axnt/z6WQ0MbDA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-conf-12
|
|
@@ -397,9 +394,6 @@ Content-Security-Policy-Report-Only: default-src 'self'; report-uri /csp-report
|
|
|
397
394
|
- [MDN CSP Documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
|
|
398
395
|
- [OWASP CSP Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)
|
|
399
396
|
|
|
400
|
-
sha256: b2d3f3a2fe25a5ee028653ee45e639f604709b30db98280914949303c7307b84
|
|
401
|
-
signature: 6sz2I9uZNNc71Jg8uIsp4EW3oRM1EBLZtuTwAQR/DDb4gSoqV9TgJ5FgqGa3h3nBpxUnAvyKoh/1ueXjCspwDA==
|
|
402
|
-
signed_by: cyberstrike-official
|
|
403
397
|
|
|
404
398
|
---
|
|
405
399
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 78de2ffa1f3173423e90fee4a1bad022ed941f1f4b1d76cc00f09ff294421a94
|
|
15
|
-
signature: QX708htiEO+IezzNeLA3jXoRkLb8zmw+Ulw/2UQeKAjNBM7q8ibRffbwrPk4lkV9jt2sYRnfz02oT+Vd8sAMDA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-conf-13
|
|
@@ -396,9 +393,6 @@ def normalize_path(path):
|
|
|
396
393
|
- [Web Cache Deception Research](https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf)
|
|
397
394
|
- [PortSwigger Web Cache Deception](https://portswigger.net/research/web-cache-deception)
|
|
398
395
|
|
|
399
|
-
sha256: 8010131d09b9efa560cfb7cae45bbdcf0a62a11a16ffb4dd9aafcfcb22443aa3
|
|
400
|
-
signature: 3c9IOC7m8XLcYrLRjGo6FRzCU+3pdpvr1pdhGYZbcRFuPGISm8WNKhREVjNx1YYV7Px4gtYGeLlpCwagHjrdDg==
|
|
401
|
-
signed_by: cyberstrike-official
|
|
402
396
|
|
|
403
397
|
---
|
|
404
398
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-326]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 2ced6eb681b3cc32997c3d8ecac07f84f8915e1bcc44e4d28074946dc35c4003
|
|
15
|
-
signature: EJdh6JVFrbUD+v2Uv53oxd0RZLErpMEaJMrTYADhbcPp5MR7EWh/bBBEob3F0LjFafgRJixalpeMpNzF/uLRCA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-cryp-01
|
|
@@ -368,9 +365,6 @@ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains
|
|
|
368
365
|
| **CWE-327** | Use of Broken or Risky Cryptographic Algorithm |
|
|
369
366
|
| **CWE-295** | Improper Certificate Validation |
|
|
370
367
|
|
|
371
|
-
sha256: c1c0a150d29163d0ddddb67fede3289f0edc801a0fb58494952e6ac74ef3c3e4
|
|
372
|
-
signature: yVwmioiuQeSy+NBtLWXkVl0svUP+3GHWE74CeFe7L6GS2WiXmqMMVWKj7iSHZt0U2Ah98og0MFZ2l24YGWILCw==
|
|
373
|
-
signed_by: cyberstrike-official
|
|
374
368
|
|
|
375
369
|
---
|
|
376
370
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-326]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 9b1d9b319c4ec940aebbda0042ce12bf5666c6c7f576576f1fc266b0d7b7621e
|
|
15
|
-
signature: FlzEkceXbrlV2llxB1Mg4gS+mTsKo+FFvPEVszDrwLXqk3THXQqKGenxfdL/aAoR9PKA7xSwbvEkta+b8BlOCQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-cryp-02
|
|
@@ -272,9 +269,6 @@ plaintext = aesgcm.decrypt(nonce, ciphertext, None)
|
|
|
272
269
|
| **CWE-209** | Information Exposure Through Error Message |
|
|
273
270
|
| **CWE-649** | Reliance on Obfuscation or Encryption without Integrity Checking |
|
|
274
271
|
|
|
275
|
-
sha256: 07f1ff5d28213cf6613eb95828823eed09f8f268934128ad80dc563e3033ab0a
|
|
276
|
-
signature: +yrcuvU0/JQCKKlUeYUfuDsZeDvmwALNiefK8wwEEMUGca3ck/rxaXOzDxnaoKu98MJvCIil9MxE7cFO+/v5Ag==
|
|
277
|
-
signed_by: cyberstrike-official
|
|
278
272
|
|
|
279
273
|
---
|
|
280
274
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-311]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 570f7d42bd364de199d50541ba66ad5cfd57a37bc8a8dd15b5f27b1252f01987
|
|
15
|
-
signature: GEBRSfa8TcFQj9gvU5avBEQjpHbqYF5kWiQai8xr2SkW6iEWA+d1V3dfqkBZw6UIO2/4SDL6xCAjpe90ys4MDg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-cryp-03
|
|
@@ -292,9 +289,6 @@ add_header Content-Security-Policy "upgrade-insecure-requests";
|
|
|
292
289
|
| **CWE-319** | Cleartext Transmission of Sensitive Information |
|
|
293
290
|
| **CWE-311** | Missing Encryption of Sensitive Data |
|
|
294
291
|
|
|
295
|
-
sha256: 5c7c407ba0f6ee040a4e0bf3714e8fdec3cdd85624d659a90ef5946d1b27d1dc
|
|
296
|
-
signature: pHBLH+MAhtTzX79zWjD42umup/bp/QaQuXvpdFsnAWWExtV9QXGXL0DHrijNJ/ta094LayQN7dmjEYwvL6/jDg==
|
|
297
|
-
signed_by: cyberstrike-official
|
|
298
292
|
|
|
299
293
|
---
|
|
300
294
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-327]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: b51f233e61f6e16fdf9d341ae5158d39374ce3ca972d61ecf1842c3a47f6a6c7
|
|
15
|
-
signature: V55OLT44ucW5TqAM/YH9sF/H7Y058ZL+yWid5d4ov7zUArP/RTXW7amQ5/dDwC1OTraxZi+9heTG9TKHbDCWCQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-cryp-04
|
|
@@ -249,9 +246,6 @@ if bcrypt.checkpw(password.encode(), stored_hash):
|
|
|
249
246
|
| **CWE-328** | Reversible One-Way Hash |
|
|
250
247
|
| **CWE-329** | Not Using a Random IV with CBC Mode |
|
|
251
248
|
|
|
252
|
-
sha256: c845f171cdf445c2e3e78f5f3e025ccd1d473925e7cebb1133894f0b209cb921
|
|
253
|
-
signature: QBU22HqPkbB1f0NoIR6j9RZThD/4CEcky9T79a4qX55XhtQpkoVf1tbhnVZS6yZiyopWr4NwGOeIq9jYXwIVCQ==
|
|
254
|
-
signed_by: cyberstrike-official
|
|
255
249
|
|
|
256
250
|
---
|
|
257
251
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-209]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: ccfda2f38a6fb8b68f22567a6d0e6282e6e40848f8dde5d9e96241e412e19d87
|
|
15
|
-
signature: pnKdoeAEokEj5OKS2sn1qWTyvbJngbU1qRRTFlD370hJNJZzYE+xsv4+TC9Q+X7zJXGGNUbso7dUu1+FlYY7Cg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-errh-01
|
|
@@ -430,9 +427,6 @@ location = /404.html {
|
|
|
430
427
|
- [OWASP Error Handling](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling)
|
|
431
428
|
- [OWASP Error Handling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html)
|
|
432
429
|
|
|
433
|
-
sha256: 0f870a5ed9f2259a509887bbfb3df426ad23cd5ba98b9eb77c7f8799c9a3151e
|
|
434
|
-
signature: b3UKNI6i0plCxKcemP0VooAREjwYjvifDKHAvD2/VOe+xGwep2P/+ME94XBhmaELKx6POwxBE2/5ekSMuCz6BQ==
|
|
435
|
-
signed_by: cyberstrike-official
|
|
436
430
|
|
|
437
431
|
---
|
|
438
432
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-209]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 706dc4390b51ba8a0aed58c1de89317c53b57c0a5ebf78425c6925d25ac4985f
|
|
15
|
-
signature: KyVLiJ6yULMs/8vipYH1OssEcKoXaDWRghmA1clDNJi2n4QGtwR6gWrCSEPiUr/Wba9PVP44GkTCaWxf7f/xAA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-errh-02
|
|
@@ -273,9 +270,6 @@ error_log = /var/log/php/error.log
|
|
|
273
270
|
| **CWE-209** | Generation of Error Message Containing Sensitive Information |
|
|
274
271
|
| **CWE-215** | Insertion of Sensitive Information Into Debugging Code |
|
|
275
272
|
|
|
276
|
-
sha256: 55d836afd64348b1485f971534d755c36918b6a80d59b0e85bb99c6d933fd25c
|
|
277
|
-
signature: 2mN9XQv3luf6Ei2PADXzubgVwtx8KGqudi0mQ9zODZaFJznQsj06lVz4Z7hWwCtUp3z0R/m72TZlsuGCDZCjAg==
|
|
278
|
-
signed_by: cyberstrike-official
|
|
279
273
|
|
|
280
274
|
---
|
|
281
275
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 73d91181ae694d1154df7bf819e7e3892e342f56c01bf11408ec1e9db24d9a7e
|
|
15
|
-
signature: Q/8/FG0z7jR8NKwqJ3hfEKgdPFcBLuWCuTpc7eIHKFstmk8mb8hiCwr4a0E0VqnvI0gRhbQJfe0zYhiopIHaBw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-idnt-01
|
|
@@ -337,9 +334,6 @@ app.get("/admin/users", authenticate, checkRole(["admin"]), adminController.getU
|
|
|
337
334
|
- [OWASP Authorization Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/)
|
|
338
335
|
- [Burp Suite Autorize](https://github.com/PortSwigger/autorize)
|
|
339
336
|
|
|
340
|
-
sha256: cde4f7dac030e2a98b463dbaae12d4ecc6a6c91a683ec04ba054730de7ed4bca
|
|
341
|
-
signature: rybypy2rA/oAvONSF2fMpF9o7L/9ARHESuCHhllqK5NCuREExw2egBY2Y4k6oz/7K0WQ9lA52h6IQMZ8BEMeDg==
|
|
342
|
-
signed_by: cyberstrike-official
|
|
343
337
|
|
|
344
338
|
---
|
|
345
339
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 662168f2cbf2f7126c439112f7db53effc7ed33e693fb7800a2935c7e0f63fd6
|
|
15
|
-
signature: NJlP2+FworoeEb4ffTpPUUz/8YGAEV92sD/taCrwUjmwjMyrOiyS3HdqALjC6AaO/ryTMdg82vYu1rFPsRZwCg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-idnt-02
|
|
@@ -462,9 +459,6 @@ def register():
|
|
|
462
459
|
- [OWASP Testing Guide - Identity Management](https://owasp.org/www-project-web-security-testing-guide/)
|
|
463
460
|
- [OWASP Mass Assignment](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)
|
|
464
461
|
|
|
465
|
-
sha256: 620e7b5564b6ca5d5b56e581c8456449938c8ea3552166af3c2a077a82d50dac
|
|
466
|
-
signature: 09IeF2gm674RFLlce6Hcn76Zw3K1lPBIWLr5dsPLqK4JqlhmHmmmO8rhBMyOgkDuXCA07/SzHiz9kukuHBZKBw==
|
|
467
|
-
signed_by: cyberstrike-official
|
|
468
462
|
|
|
469
463
|
---
|
|
470
464
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 205faf8f449b1779eeccbf6811da8e9ba5b17d922f868e3f2ae4010465c1d532
|
|
15
|
-
signature: yF2ApHCUNynfJhNGMDjPGVvQ3JgVNcDPubSovOBzqNRyJdFIPHMi8QuBsjxSHMt6LgHWWfG1ARw0CImT8mXyCw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-idnt-03
|
|
@@ -474,9 +471,6 @@ def modify_user(user_id):
|
|
|
474
471
|
- [NIST Account Management](https://csrc.nist.gov/Topics/identity-access-management)
|
|
475
472
|
- [CIS Controls - Account Management](https://www.cisecurity.org/controls)
|
|
476
473
|
|
|
477
|
-
sha256: 4556cf517d0dccbc65f6ac2ece26f14a4a5ceed45e37530d89c146f730dc27b8
|
|
478
|
-
signature: 0iqt7sEC3YVP6koTye+0BtQJ1YnKoqZUNUYWTlsGF5gh1g8xktSk2Kr5S8aQlfl0tClTBJbw4uQm0o/XUtrTAQ==
|
|
479
|
-
signed_by: cyberstrike-official
|
|
480
474
|
|
|
481
475
|
---
|
|
482
476
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 0a2e36641175a9be5727c3adf05a954694f2a0ac1a8fd3eeee583d3f837b1bcf
|
|
15
|
-
signature: JsrZj9HPD1p7Ll+54A8PXTtqaqlOMxNjfjL8Le7g39GmISbfVmpw2MHhPxPP+C7n/39rZXO1s8++v6p3xI3ZDQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-idnt-04
|
|
@@ -510,9 +507,6 @@ def check_lockout(username):
|
|
|
510
507
|
- [OWASP Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
|
|
511
508
|
- [PortSwigger - Username Enumeration](https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses)
|
|
512
509
|
|
|
513
|
-
sha256: 40ddd5710418a14771155e31f7cddd49d15aeb74f51eb81cb27fe735236877b5
|
|
514
|
-
signature: l380JEWnm9i0/vW2NSybHi+n2Tcdpdi9U2Tz/4VtO0LHWIJyGt6eEclyZ+bnoMLsd4oAgsdjLul5pLivh44dAQ==
|
|
515
|
-
signed_by: cyberstrike-official
|
|
516
510
|
|
|
517
511
|
---
|
|
518
512
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 5a99da870d97679e4fcb29a09dd4c18e0abc1bc60fef765b88607bd909e265dc
|
|
15
|
-
signature: OuDR+iysdWGmfXGRyk7evFM99wADLDvHrrd3wKoaMsvxd7tUEdCo4xhljl9HXIJWBgZ8FXzFqNTYGqkOpEKeAA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-idnt-05
|
|
@@ -657,9 +654,6 @@ class User:
|
|
|
657
654
|
- [Unicode Security Considerations](https://unicode.org/reports/tr36/)
|
|
658
655
|
- [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)
|
|
659
656
|
|
|
660
|
-
sha256: 69c9ee23a6aec1ba894e6feeac728777606cf3b88fa39fe515ae306ead7e455c
|
|
661
|
-
signature: 2vHJDpZgijdKvLQmmSeGV6kRUdnWOp+dk5nzxx8DwTwTeQ/8yc4DbV2GDRiBhX1QyrBYRzrgMvADhLrIObc4BQ==
|
|
662
|
-
signed_by: cyberstrike-official
|
|
663
657
|
|
|
664
658
|
---
|
|
665
659
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: [wstg-info-06, wstg-conf-01]
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 8ff669195bce65094b16bc34c809703aee3904361f74e519517c1585674ba8fc
|
|
15
|
-
signature: ++43Lp/VjmMhDLTvPThIqCCPH0m9zhNU9l00C8jJFyjygksUe7Nu+iI/abNUd5yyrgJdBWANPDsO46+dhCzwCg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-01
|
|
@@ -414,9 +411,6 @@ curl -s "https://crt.sh/?q=%.target.com&output=json" | jq -r '.[].name_value' |
|
|
|
414
411
|
- [Wayback Machine](https://web.archive.org/)
|
|
415
412
|
- [Certificate Transparency - crt.sh](https://crt.sh/)
|
|
416
413
|
|
|
417
|
-
sha256: ddd6df97530207a783a7829b2ea247a3aa1658c1786992720ea1d010ab3239dd
|
|
418
|
-
signature: BlNOyZJyn82skCy9dcPB20g/vkYtrTTaZTLnOFIUQQ9qMXuCkdVktUyBRMsHxAK642dZnK4QIntcZZ2LjI4PDA==
|
|
419
|
-
signed_by: cyberstrike-official
|
|
420
414
|
|
|
421
415
|
---
|
|
422
416
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: c41062c84194f149092aa0e8052a355cedd2117ced69a8807a7102f31cdd8fd6
|
|
15
|
-
signature: T/8UfjXBGoBoFHPSlK5JtpQDuU2cpsOmlWiATJjPgqjj4ONq7sy+t8vMdP+MeH7x5RX4451Dio9qlaZ8IYieDw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-02
|
|
@@ -532,9 +529,6 @@ Deploy a hardened reverse proxy (nginx, HAProxy) in front of application servers
|
|
|
532
529
|
- [Apache Security Tips](https://httpd.apache.org/docs/current/misc/security_tips.html)
|
|
533
530
|
- [nginx Security Controls](https://docs.nginx.com/nginx/admin-guide/security-controls/)
|
|
534
531
|
|
|
535
|
-
sha256: 8c87f4ca709112fa27d461a25314bd2932616ba7d6e010f8376b46a29984075c
|
|
536
|
-
signature: zGBaYKlXbaeXDFcsKcc+UU/LVbm6Nn+owcCmLBzDGYRkcIi0bOd9oJfD82AviU/3cfBOLX2n7vbfA0OoDVVmCw==
|
|
537
|
-
signed_by: cyberstrike-official
|
|
538
532
|
|
|
539
533
|
---
|
|
540
534
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: e387287af1065810c99144ae732ca3ed0766741db87efc7c6b28b31de293fe09
|
|
15
|
-
signature: CkCcOlKkhFkTnl3zf/5i571Yby03MTY5AYvWt6Q3Ktwaq0SHXrvGO/6zNaJYcKu+TRmIMMAfFLUKgReq6JUjAw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-03
|
|
@@ -560,9 +557,6 @@ Expires: 2025-12-31T23:59:59.000Z
|
|
|
560
557
|
- [Parsero](https://github.com/behindthefirewalls/Parsero)
|
|
561
558
|
- [Gobuster](https://github.com/OJ/gobuster)
|
|
562
559
|
|
|
563
|
-
sha256: cc975a82cd9e26def443cc394945019324bea01ed344e1f512a5d8127bedebbe
|
|
564
|
-
signature: 7V8O55KY0fetuaHvtL4DC4NNgUTZmOB/PPXJ97Ga3SSUWrWKnAFvL33ZpRLAQsCeJQJIUmjH8YPOaIEgBXqPAA==
|
|
565
|
-
signed_by: cyberstrike-official
|
|
566
560
|
|
|
567
561
|
---
|
|
568
562
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: f7d11fa0e24c2945437c1ae86dea540005354204dfdaf48b1b96b8ca041b31d1
|
|
15
|
-
signature: uZZcNTRMHhtdYqhjMJKuW9K3kB+1K055LovUCzwIr6eGuW6YKXQVFii4H6IdQNIP15Qsje84K8cQN8SA+dWLBw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-04
|
|
@@ -568,9 +565,6 @@ server {
|
|
|
568
565
|
- [SecLists](https://github.com/danielmiessler/SecLists)
|
|
569
566
|
- [Assetnote Wordlists](https://wordlists.assetnote.io/)
|
|
570
567
|
|
|
571
|
-
sha256: fc9df25e01608b01e8d3c8a661abcaf4656e6e827343f8d3ef82fa0c554e34fc
|
|
572
|
-
signature: 6WQ5c5gdGXygsCbY6Cvkpn8nKd9Ojbw/I68tcn7f1LuLiQwtyfEpaLuhraUBHJ0oAK2Hgt421hUuyPdQpsOyAQ==
|
|
573
|
-
signed_by: cyberstrike-official
|
|
574
568
|
|
|
575
569
|
---
|
|
576
570
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: e8e45e90ef2fcf623bc98e4dfd351f244bede001d4319ec6d042eb1e02639897
|
|
15
|
-
signature: OVkH9mGUckFdkcbVoYAPZDukWpl0QfSviRSJfROg1eSPSh9qwei8iMs86t3+TznQvYq0Tq2xlckSdlp1Mcw6Bg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-05
|
|
@@ -646,9 +643,6 @@ module.exports = {
|
|
|
646
643
|
- [KeyHacks](https://github.com/streaak/keyhacks)
|
|
647
644
|
- [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools)
|
|
648
645
|
|
|
649
|
-
sha256: 3100dca52b4065babf393195914946028d472e6d79d64e1047212e6bb95ee028
|
|
650
|
-
signature: ddMoy3FsxoiZcfqmj1MMWlzPZCplN1fIkDNCyP7Nh7ddMUBLZrd+TUQVTVRJ7jfAyM/gGixzbdAJJe7JHiLPBg==
|
|
651
|
-
signed_by: cyberstrike-official
|
|
652
646
|
|
|
653
647
|
---
|
|
654
648
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: [wstg-inpv-05, wstg-inpv-09, wstg-conf-05]
|
|
12
12
|
prerequisites: [wstg-info-01]
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: af750f0920d7b145e9e9ad550bbe43045c580c6287648be665762b4915428620
|
|
15
|
-
signature: U1+Bk/o8uk4u2bNEI1yQVDaJ/m1pAygc9hDEOj56k3bzMQQJeVwPs7dbTXZbDOOuIttvdSYAqhMKZiIC1FBAAw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-06
|
|
@@ -568,9 +565,6 @@ This is a **reconnaissance/enumeration activity**, not a direct vulnerability. T
|
|
|
568
565
|
- [Attack Surface Detector](https://github.com/secdec/attack-surface-detector-cli)
|
|
569
566
|
- [Param Miner (Burp Extension)](https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943)
|
|
570
567
|
|
|
571
|
-
sha256: e528cf1e97a978444c801effda7d922631e084ee2bad33ea595bda5eecf0605b
|
|
572
|
-
signature: 831zUz4pByA1ZwJMrXIHNbT0qGCr7fAsNDarey6AIsgjxTzT8TvDnjdbsMn2HrGRB0Uq9TqGwn2Kgkd25PXBBQ==
|
|
573
|
-
signed_by: cyberstrike-official
|
|
574
568
|
|
|
575
569
|
---
|
|
576
570
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 1e0171ec659c52a19793e8b9c84a0a4d2c1083f18664d59f225472a6ef3e5899
|
|
15
|
-
signature: zRzIvuCjk9cQcFVOfJ9JWqd7boxRIFAN1E7ZMSTFvtSDwqIa8gZfdC2xSQ630yCgI3YRl5KWJV0CkhIauoKzBw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-07
|
|
@@ -393,9 +390,6 @@ Findings discovered during mapping (race conditions, logic flaws) have separate
|
|
|
393
390
|
- [OWASP ZAP](https://www.zaproxy.org/)
|
|
394
391
|
- [Burp Suite](https://portswigger.net/burp)
|
|
395
392
|
|
|
396
|
-
sha256: 8efde05474c7c2634fb167b2107ddc4332a617fce3fa782f075e8e97c882f156
|
|
397
|
-
signature: M15SqdcdEfRdLY8oFaA+2WmVZVFgFBG7XSihe/WEcOoUJu7vqqRw+wyYeDICeuGFUjzTNNbuNCONGo7kVA4KAw==
|
|
398
|
-
signed_by: cyberstrike-official
|
|
399
393
|
|
|
400
394
|
---
|
|
401
395
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 80d26d7f90f05f29ef3b0f5ffc1985f49da67b30c8f6da55745c95052da41638
|
|
15
|
-
signature: S7deI3QOWcBhBxNqSwIbtq3Uv8OPihCGLzJXUDGv3tzo0uTqxgKxJ0p5DzJ5PHv2F9xcCWAoY2kW4fmlNXmKBA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-08
|
|
@@ -527,9 +524,6 @@ DEBUG = False
|
|
|
527
524
|
- [Wappalyzer](https://www.wappalyzer.com/)
|
|
528
525
|
- [BuiltWith](https://builtwith.com/)
|
|
529
526
|
|
|
530
|
-
sha256: 287e3097348370ea5c5c3d2d61531f727be628567e7714b7c5449ab84097e13f
|
|
531
|
-
signature: GWuRK9+WzqoTf/6URt+mUfnE8qHpFGyCdKzn1CQzv3iMbYrGmWL8x126E4nvHjwvXMmjcm0P9ykInvz52z1nBg==
|
|
532
|
-
signed_by: cyberstrike-official
|
|
533
527
|
|
|
534
528
|
---
|
|
535
529
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 368413fe7b12d117ae5660b291aba194f710e644fcee0976efd6ed7c246cfbc7
|
|
15
|
-
signature: L6tumiQy8QBmTU7VcMsfcMDxMEZ7Z71JYwrYdhOg/eMubv3chXUV/Eq0544v96sNP0FXulmm6AOWdJqVbAm7BQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-09
|
|
@@ -85,9 +82,6 @@ When fingerprinting custom applications, document:
|
|
|
85
82
|
5. **Technology Stack**: Underlying frameworks and libraries
|
|
86
83
|
6. **Known CVEs**: Research based on identified versions
|
|
87
84
|
|
|
88
|
-
sha256: 70cf8b5c6c5887c89024653255a06d614a26e120367946e433691e48e2779a49
|
|
89
|
-
signature: AHTd6eskqk9Qz7BTHNP6LHPIoiaO2/rzzV417L/qrJt5Jb9unSXduKQlaBFts7UDVG4aBUHANuoiG7g2UxatCQ==
|
|
90
|
-
signed_by: cyberstrike-official
|
|
91
85
|
|
|
92
86
|
---
|
|
93
87
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 6962e7279462fa21df6d2282641721bc578774d94224733dfe51b4dc88bd2008
|
|
15
|
-
signature: /AdwUHISlLDvfV1EU8rTl96d79ipvya654B3llFgMzAgpPG5tiEkQ7pIAEDSx3T4mmnOl3bIDz542odecr4zBg==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-info-10
|
|
@@ -539,9 +536,6 @@ This is a **reconnaissance activity**, not a direct vulnerability.
|
|
|
539
536
|
- [WhatWeb](https://github.com/urbanadventurer/WhatWeb)
|
|
540
537
|
- [Shodan](https://www.shodan.io/)
|
|
541
538
|
|
|
542
|
-
sha256: 833e547481f243390b57bf3d92f924ed9fbfd420b927623cb32c2c8eebf1b472
|
|
543
|
-
signature: Jcf6buBETvumrgROExwuiA5lXSkcNyTTxAuwOSIhb1QvNyiEhTKLYohx0vq6TFMxJOs8LG+IszZcyBDu41bABA==
|
|
544
|
-
signed_by: cyberstrike-official
|
|
545
539
|
|
|
546
540
|
---
|
|
547
541
|
|
|
@@ -3,9 +3,6 @@ name: wstg-injection
|
|
|
3
3
|
description: WSTG input validation and injection testing - SQLi, XSS, SSTI, SSRF, command injection, XXE
|
|
4
4
|
tags: [injection, sqli, xss, ssti, ssrf, xxe, rce, wstg]
|
|
5
5
|
version: "1.0"
|
|
6
|
-
sha256: 56f08fbbce579041696a8e9a6a7d52d4239006ad888b03af5e5f50c7c2a46ef2
|
|
7
|
-
signature: 53VJ8Dcst4V29fsYVHJcVzSB/c+FWVTLogO65OveGeYsE/LpTb7nmV0zecy5jzL3LOvs1NHgPWLr/LMs+pzsAA==
|
|
8
|
-
signed_by: cyberstrike-official
|
|
9
6
|
---
|
|
10
7
|
|
|
11
8
|
# Input Validation & Injection Testing (WSTG-INPV)
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-93]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 36079779eafc3235cc7bc181508c4df693a1502fa7eda8a6878c75d76d09436a
|
|
15
|
-
signature: 2+3LJ6GIeIoUS1Ede4qtrId4XONJK0xzYMDnMnCDyqfB0NUXJXF3iBhafxnXuwSzCCz3SgtMfhKvzvkzGICAAA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-01
|
|
@@ -432,9 +429,6 @@ element.innerHTML = DOMPurify.sanitize(userInput)
|
|
|
432
429
|
- [PortSwigger XSS](https://portswigger.net/web-security/cross-site-scripting)
|
|
433
430
|
- [XSS Filter Evasion Cheat Sheet](https://owasp.org/www-community/xss-filter-evasion-cheatsheet)
|
|
434
431
|
|
|
435
|
-
sha256: ab9ddf192d1e547ba16373fc94b628e340d9e43c38d56bee3e61082e5ffb3ec5
|
|
436
|
-
signature: vGtzXiETqn+ipt1c2c5j/P++3Gj1HRMD8IrgB8KoLb4rdvMTA7Evzt3qnHsjTnUk/zYa60lmp7a0KQlrfu5zDQ==
|
|
437
|
-
signed_by: cyberstrike-official
|
|
438
432
|
|
|
439
433
|
---
|
|
440
434
|
|
|
@@ -13,9 +13,6 @@ prerequisites: [wstg-info-01]
|
|
|
13
13
|
severity_boost:
|
|
14
14
|
wstg-sess-05: "XSS + CSRF = Session Hijack (Critical)"
|
|
15
15
|
wstg-athn-05: "XSS + Auth Bypass = Account Takeover (Critical)"
|
|
16
|
-
sha256: 077114f72e1763ab0424e061d27e591b842394defee9e19e4a4abe500ab3f051
|
|
17
|
-
signature: w56L5Bi5KTpLbt43vR+PcJVoxBeFXPZ5QTK9lv2BvxEsSaTSODGVC4qG2hAubKe8lVaqHvOcY7+7mCylhfZwBA==
|
|
18
|
-
signed_by: cyberstrike-official
|
|
19
16
|
---
|
|
20
17
|
|
|
21
18
|
# wstg-inpv-02
|
|
@@ -470,9 +467,6 @@ element.innerHTML = clean
|
|
|
470
467
|
- [PortSwigger Stored XSS](https://portswigger.net/web-security/cross-site-scripting/stored)
|
|
471
468
|
- [XSS Hunter](https://xsshunter.com/)
|
|
472
469
|
|
|
473
|
-
sha256: afb97be9af6b2bbda4117c0dc38d38a2a4acf16e84a1cffcee4903da64f898db
|
|
474
|
-
signature: eTXPUyOrGw+upwAFUbTd743Z9d2hR7lLDcjcw5ebIJDUESmqQIIxwCBVyUM+nj3c0N5bACWnVGkOXgyxKmtPBg==
|
|
475
|
-
signed_by: cyberstrike-official
|
|
476
470
|
|
|
477
471
|
---
|
|
478
472
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-89]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: b60f5ce734219061954b0b153fca35e16f0891845c9e9e1d8e03a8ed8b939c11
|
|
15
|
-
signature: Jm6O7GtqQQ22bcxko8lDUrfM2cUYspub9SZJ1VbCFlWKSNzDJ9EypjkVkPUxGH9z0J7dv6d4Sdoy7bufQRL2BQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-03
|
|
@@ -413,9 +410,6 @@ location /admin {
|
|
|
413
410
|
- [OWASP HTTP Verb Tampering](https://owasp.org/www-project-web-security-testing-guide/)
|
|
414
411
|
- [RFC 7231 - HTTP Methods](https://tools.ietf.org/html/rfc7231)
|
|
415
412
|
|
|
416
|
-
sha256: 8ff4d72756d5a5b9dc960ad74e20a3be5bfdb9a06c5f4331dde9db426851b574
|
|
417
|
-
signature: WGG33OnQAt9xE3HXdDcLKCXtzQyA3Ubp4i6XXipU8dMS5l5VWuSVLtQIZjteeYTxiauxvKi8Nmdi6nCSh3XUCw==
|
|
418
|
-
signed_by: cyberstrike-official
|
|
419
413
|
|
|
420
414
|
---
|
|
421
415
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: [CWE-94]
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 06960d45731f8379b41307147c58561d96951ee0ecfad5aaae185a00231754c2
|
|
15
|
-
signature: JacS6PrLHZI1Cn24//JXLt1FRlqH3GmF57AsZWq5qAWQjx6WyqNTHz4f3hnyhtGdOzBmJn4djoQKaWwCvm0VCw==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-04
|
|
@@ -456,9 +453,6 @@ app.get("/api/action", (req, res) => {
|
|
|
456
453
|
- [HPP Research Paper](https://www.madlab.it/slides/BHEU2011/whitepaper-bhEU2011.pdf)
|
|
457
454
|
- [Web Parameter Tampering](https://owasp.org/www-community/attacks/Web_Parameter_Tampering)
|
|
458
455
|
|
|
459
|
-
sha256: 370006291e255ba156f8c1a9dff661e15f8412a9e4527b95b00fafb474e37285
|
|
460
|
-
signature: RqeUlQRPRLEJLUNVb4Zty3tcZOlIrNmftaOVMt7gOGFGVLZWzOlgp8WMq3KXNykOewn9fUipHMz1NbOPs+u/Dg==
|
|
461
|
-
signed_by: cyberstrike-official
|
|
462
456
|
|
|
463
457
|
---
|
|
464
458
|
|
|
@@ -13,9 +13,6 @@ prerequisites: [wstg-info-01, wstg-info-06]
|
|
|
13
13
|
severity_boost:
|
|
14
14
|
wstg-authz-02: "SQLi + IDOR = Account Takeover (Critical)"
|
|
15
15
|
wstg-conf-05: "SQLi + Directory Listing = Full DB Dump (Critical)"
|
|
16
|
-
sha256: ee2399439e87b0b55c85698cff69ffd5b4e51bc58c6f0779dfd4a2c242eeda03
|
|
17
|
-
signature: oTlouVaQ6cB6jlQL/EHE+cTAyp5c8p6WK/Wz/g9AIhkkmXaZTMAZzTk6rlnGm+fSZsnY5vtHx0nND8LpvBesBw==
|
|
18
|
-
signed_by: cyberstrike-official
|
|
19
16
|
---
|
|
20
17
|
|
|
21
18
|
# wstg-inpv-05
|
|
@@ -570,9 +567,6 @@ $result = $stmt->fetchAll();
|
|
|
570
567
|
- [SQLMap Documentation](https://github.com/sqlmapproject/sqlmap/wiki)
|
|
571
568
|
- [PayloadsAllTheThings - SQLi](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection)
|
|
572
569
|
|
|
573
|
-
sha256: 9ed66b832e3fcaf41494f4b14c8195baaf4c4f6a52e37ce04a6d7fbc2aba847c
|
|
574
|
-
signature: k3u2C5t5k09dxwSNnotvrVfMCS8CYbE7AKZD6+rwlqV9Ms8Wf+zj1mkcRL8sHhTmC3HNKyiQ4LZr9lCHqh5LCg==
|
|
575
|
-
signed_by: cyberstrike-official
|
|
576
570
|
|
|
577
571
|
---
|
|
578
572
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: fa762256ff4aa6d1c21dc8bcf2e48e372a5865e1107d258105447aba66c842c8
|
|
15
|
-
signature: XyMGWgEDrnoQk+sFxiUC3I35J9OZf8PQXo3XcHPX2eVp9zHw5QLmy3pACbkCWDhA9kyuhYnImJ4g7i4NI8/9DA==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-05.1
|
|
@@ -394,9 +391,6 @@ cursor.execute("SELECT * FROM users WHERE id = :id", {'id': user_id})
|
|
|
394
391
|
| ---------- | ------------- |
|
|
395
392
|
| **CWE-89** | SQL Injection |
|
|
396
393
|
|
|
397
|
-
sha256: 4a803e418821224c2a53d7734b31a1325db1e0983c1b57c32f8acc2442ebc49b
|
|
398
|
-
signature: yBLQN93PeoY8gCzziVyJe04QnSP/VxzydXrjZd4Dityh72bVhkWqKxe2ZcaJPc3Z6UV/7apAMgKzPvkrTh+zCg==
|
|
399
|
-
signed_by: cyberstrike-official
|
|
400
394
|
|
|
401
395
|
---
|
|
402
396
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 3fb895e2ff0fbb98a917113b588115e375e7281fca58e4154ab4857abf36da19
|
|
15
|
-
signature: nNyM4vGocq69oGQwPhWYOqFXn0RyDFnaQxFJ0ZBl6AF69EiPS4Wt6VPUro1fzSN7w44U+ZfkEeyx0zs+TNdSBQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-05.2
|
|
@@ -455,9 +452,6 @@ cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
|
|
|
455
452
|
| ---------- | ------------- |
|
|
456
453
|
| **CWE-89** | SQL Injection |
|
|
457
454
|
|
|
458
|
-
sha256: d6669fd6789f2c6a2ef34929f68d267d3ce8253693b3b2dd26aa7483fcbd4f4c
|
|
459
|
-
signature: Ort06B2wNJcjLrb1tygQz7VaOvayWYiorJ06KXyjFYlZ+PJwpsmqo47Z0o9lXc+Va0aqyl0PLl/SUadJdgePCg==
|
|
460
|
-
signed_by: cyberstrike-official
|
|
461
455
|
|
|
462
456
|
---
|
|
463
457
|
|
|
@@ -11,9 +11,6 @@ cwe_ids: []
|
|
|
11
11
|
chains_with: []
|
|
12
12
|
prerequisites: []
|
|
13
13
|
severity_boost: {}
|
|
14
|
-
sha256: 6ff9fceabf7461fa8bc17111d07db7e357852ebf3f18cb6c36a4a4e6afebf907
|
|
15
|
-
signature: 1HOJPPbyMO2jUIC7zkPgSYaRfnirret6p7V+QNhy4+6zkM5looWMISejfyJiJJFmjifncyTBIV01gnhEWlWxCQ==
|
|
16
|
-
signed_by: cyberstrike-official
|
|
17
14
|
---
|
|
18
15
|
|
|
19
16
|
# wstg-inpv-05.3
|
|
@@ -449,9 +446,6 @@ cursor.execute("SELECT * FROM users WHERE id = ?", user_id)
|
|
|
449
446
|
| ---------- | ------------- |
|
|
450
447
|
| **CWE-89** | SQL Injection |
|
|
451
448
|
|
|
452
|
-
sha256: c7f1faf76d2244f22baa231b6aa92f10979cfc6f72cdba316a11c097a8f2ac6d
|
|
453
|
-
signature: fBR8C5wjtxT9NZ3fWUlvR/6gDUh/lWJEmqp2mchrK3e6dK3EmJNCZdWHywOhcjGpprfxGzDeAyYq9hHRKpIcBw==
|
|
454
|
-
signed_by: cyberstrike-official
|
|
455
449
|
|
|
456
450
|
---
|
|
457
451
|
|