moriarty-project 0.1.6__py3-none-any.whl

moriarty/assets/templates/exposures/env-exposed.yaml

@@ -0,0 +1,41 @@
+id: env-exposed
+
+info:
+  name: Environment File Exposure
+  author: moriarty
+  severity: critical
+  description: Detects exposed .env files containing sensitive credentials
+  tags: env,exposure,secrets
+
+requests:
+  - method: GET
+    path:
+      - "/.env"
+      - "/.env.local"
+      - "/.env.production"
+      - "/.env.dev"
+      - "/.env.backup"
+      - "/config/.env"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_PASSWORD"
+          - "API_KEY"
+          - "SECRET"
+          - "AWS_"
+          - "STRIPE_"
+        condition: or
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: credentials
+        regex:
+          - "([A-Z_]+)=([^\\n]+)"
+          - "password['\"]?\\s*[:=]\\s*['\"]?([^\\n'\"]+)"
+          - "api[_-]?key['\"]?\\s*[:=]\\s*['\"]?([^\\n'\"]+)"

moriarty/assets/templates/exposures/git-exposed.yaml

@@ -0,0 +1,41 @@
+id: git-exposed
+
+info:
+  name: Git Repository Exposure
+  author: moriarty
+  severity: high
+  description: Detects exposed .git directories that can leak sensitive information
+  tags: git,exposure,misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "/.git/config"
+      - "/.git/HEAD"
+      - "/.git/index"
+      - "/.git/logs/HEAD"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "[core]"
+          - "[remote"
+          - "repositoryformatversion"
+        condition: or
+
+      - type: word
+        words:
+          - "ref:"
+          - "refs/heads"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: repo_url
+        regex:
+          - 'url = (.+)'
+          - 'https?://[^\s]+'

moriarty/assets/templates/exposures/phpinfo.yaml

@@ -0,0 +1,36 @@
+id: phpinfo-exposure
+
+info:
+  name: PHPInfo Page Exposure
+  author: moriarty
+  severity: medium
+  description: Detects exposed phpinfo() pages
+  tags: php,exposure,info-disclosure
+
+requests:
+  - method: GET
+    path:
+      - "/phpinfo.php"
+      - "/info.php"
+      - "/test.php"
+      - "/php.php"
+      - "/infophp.php"
+      - "/i.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Version"
+          - "phpinfo()"
+        condition: or
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: php_version
+        regex:
+          - "PHP Version ([0-9.]+)"

moriarty/assets/templates/exposures/svn-exposed.yaml

@@ -0,0 +1,28 @@
+id: svn-exposed
+
+info:
+  name: SVN Repository Exposure
+  author: moriarty
+  severity: high
+  description: Detects exposed SVN repositories
+  tags: svn,exposure,vcs
+
+requests:
+  - method: GET
+    path:
+      - "/.svn/entries"
+      - "/.svn/wc.db"
+      - "/.svn/all-wcprops"
+
+    matchers:
+      - type: word
+        words:
+          - "svn:special"
+          - "svn:externals"
+          - "dir"
+          - "file"
+        condition: or
+
+      - type: status
+        status:
+          - 200

moriarty/assets/templates/fuzzing/api-endpoints.yaml

@@ -0,0 +1,39 @@
+id: api-endpoints-fuzz
+
+info:
+  name: API Endpoints Discovery
+  author: moriarty
+  severity: info
+  description: Discovers common API endpoints
+  tags: fuzzing,api
+
+requests:
+  - method: GET
+    path:
+      - "/api"
+      - "/api/v1"
+      - "/api/v2"
+      - "/api/v3"
+      - "/v1/api"
+      - "/v2/api"
+      - "/rest"
+      - "/rest/v1"
+      - "/rest/api"
+      - "/graphql"
+      - "/graphiql"
+      - "/api/graphql"
+      - "/api-docs"
+      - "/swagger"
+      - "/swagger.json"
+      - "/swagger.yaml"
+      - "/swagger-ui"
+      - "/openapi.json"
+      - "/docs"
+      - "/redoc"
+
+    matchers:
+      - type: status
+        status:
+          - 200
+          - 401
+          - 403

moriarty/assets/templates/fuzzing/common-files.yaml

@@ -0,0 +1,37 @@
+id: common-files-fuzz
+
+info:
+  name: Common Sensitive Files
+  author: moriarty
+  severity: medium
+  description: Fuzzes for common sensitive files
+  tags: fuzzing,files
+
+requests:
+  - method: GET
+    path:
+      - "/robots.txt"
+      - "/sitemap.xml"
+      - "/.htaccess"
+      - "/.htpasswd"
+      - "/web.config"
+      - "/phpinfo.php"
+      - "/info.php"
+      - "/test.php"
+      - "/README.md"
+      - "/CHANGELOG.md"
+      - "/composer.json"
+      - "/package.json"
+      - "/.dockerignore"
+      - "/Dockerfile"
+      - "/.gitlab-ci.yml"
+      - "/.travis.yml"
+      - "/swagger.json"
+      - "/swagger.yaml"
+      - "/api-docs"
+      - "/graphql"
+
+    matchers:
+      - type: status
+        status:
+          - 200

moriarty/assets/templates/fuzzing/open-redirect-fuzz.yaml

@@ -0,0 +1,35 @@
+id: open-redirect-fuzz
+
+info:
+  name: Open Redirect Fuzz
+  author: moriarty
+  severity: low
+  description: Fuzzes redirect parameters with malicious destinations to detect open redirects.
+  tags: redirect,fuzzing
+
+requests:
+  - method: GET
+    path:
+      - "/redirect?url=https://example.com"
+      - "/login?next=https://example.com"
+    fuzz:
+      url:
+        - "https://evil.com"
+        - "//attacker.test"
+        - path
+    fuzz_max: 10
+    matchers-condition: or
+    matchers:
+      - type: status
+        status:
+          - 301
+          - 302
+          - 303
+          - 307
+          - 308
+      - type: word
+        part: header
+        words:
+          - "evil.com"
+          - "attacker.test"
+        condition: or

moriarty/assets/templates/fuzzing/xss-search-fuzz.yaml

@@ -0,0 +1,29 @@
+id: xss-search-fuzz
+
+info:
+  name: Reflected XSS Search Fuzz
+  author: moriarty
+  severity: medium
+  description: Exercises search endpoints with common XSS payloads using the auto_fuzz engine.
+  tags: xss,fuzzing,reflection
+
+requests:
+  - method: GET
+    path:
+      - "/search?q={{payload}}"
+    auto_fuzz:
+      payload:
+        - xss
+        - "<svg/onload=alert(1)>"
+        - "<img src=x onerror=alert(1)>"
+    matchers-condition: or
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "<svg/onload=alert"
+          - "onerror=alert"
+      - type: regex
+        part: body
+        regex:
+          - '<script>.*alert\(1\)'

moriarty/assets/templates/git-config.yaml

@@ -0,0 +1,18 @@
+id: git-config
+info:
+  description: Detects exposed .git/config file
+  name: Git Config Exposure
+  severity: high
+matchers:
+- condition: and
+  type: word
+  words:
+  - '[core]'
+  - '[remote'
+- status:
+  - 200
+  type: status
+requests:
+- method: GET
+  path:
+  - /.git/config

moriarty/assets/templates/misconfigurations/cors-misconfiguration.yaml

@@ -0,0 +1,30 @@
+id: cors-misconfiguration
+
+info:
+  name: CORS Misconfiguration
+  author: moriarty
+  severity: medium
+  description: Detects insecure CORS configuration
+  tags: cors,misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "/"
+
+    headers:
+      Origin: https://evil.com
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "Access-Control-Allow-Origin: https://evil.com"
+          - "Access-Control-Allow-Origin: *"
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - "Access-Control-Allow-Credentials: true"

moriarty/assets/templates/misconfigurations/debug-enabled.yaml

@@ -0,0 +1,29 @@
+id: debug-enabled
+
+info:
+  name: Debug Mode Enabled
+  author: moriarty
+  severity: high
+  description: Detects applications with debug mode enabled
+  tags: misconfiguration,debug
+
+requests:
+  - method: GET
+    path:
+      - "/"
+      - "/index.php"
+      - "/index.asp"
+      - "/index.aspx"
+
+    matchers:
+      - type: word
+        words:
+          - "DEBUG = True"
+          - "debug mode is on"
+          - "Debugger is active"
+          - "APP_DEBUG=true"
+          - "display_errors = On"
+          - "Symfony Profiler"
+          - "Laravel Debugbar"
+          - "Stack trace:"
+        condition: or

moriarty/assets/templates/misconfigurations/directory-listing.yaml

@@ -0,0 +1,33 @@
+id: directory-listing
+
+info:
+  name: Directory Listing Enabled
+  author: moriarty
+  severity: medium
+  description: Detects directories with listing enabled
+  tags: misconfiguration,directory-listing
+
+requests:
+  - method: GET
+    path:
+      - "/admin/"
+      - "/backup/"
+      - "/uploads/"
+      - "/files/"
+      - "/images/"
+      - "/assets/"
+      - "/temp/"
+      - "/tmp/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of /"
+          - "Directory listing for"
+          - "Parent Directory"
+        condition: or
+
+      - type: status
+        status:
+          - 200

moriarty/assets/templates/misconfigurations/jwt-none-algo.yaml

@@ -0,0 +1,30 @@
+id: jwt-none-algorithm
+
+info:
+  name: JWT None Algorithm
+  author: moriarty
+  severity: high
+  description: Detects JWT tokens accepting 'none' algorithm
+  tags: jwt,misconfiguration,auth
+
+requests:
+  - method: GET
+    path:
+      - "/api/user"
+      - "/api/profile"
+      - "/api/admin"
+
+    headers:
+      Authorization: "Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhZG1pbiIsImlhdCI6MTUxNjIzOTAyMn0."
+
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "admin"
+          - "user"
+          - "profile"
+        condition: or

moriarty/assets/templates/misconfigurations/ssl-tls-weak.yaml

@@ -0,0 +1,23 @@
+id: ssl-tls-weak
+
+info:
+  name: Weak SSL/TLS Configuration
+  author: moriarty
+  severity: medium
+  description: Detects weak SSL/TLS configuration
+  tags: ssl,tls,misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "/"
+
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "TLSv1.0"
+          - "TLSv1.1"
+          - "SSLv2"
+          - "SSLv3"
+        condition: or

moriarty/assets/templates/vulnerabilities/lfi-basic.yaml

@@ -0,0 +1,31 @@
+id: lfi-basic
+
+info:
+  name: Local File Inclusion
+  author: moriarty
+  severity: critical
+  description: Detects Local File Inclusion vulnerabilities
+  tags: lfi,injection
+
+requests:
+  - method: GET
+    path:
+      - "/?file={{lfi}}"
+      - "/?page={{lfi}}"
+      - "/?include={{lfi}}"
+      - "/index.php?file={{lfi}}"
+
+    payloads:
+      lfi:
+        - "/etc/passwd"
+        - "../../../../etc/passwd"
+        - "..\\..\\..\\..\\windows\\win.ini"
+        - "/proc/self/environ"
+
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+          - "for 16-bit app support"
+          - "\\[extensions\\]"
+        condition: or

moriarty/assets/templates/vulnerabilities/open-redirect.yaml

@@ -0,0 +1,31 @@
+id: open-redirect
+
+info:
+  name: Open Redirect
+  author: moriarty
+  severity: medium
+  description: Detects open redirect vulnerabilities
+  tags: redirect,injection
+
+requests:
+  - method: GET
+    path:
+      - "/?redirect=https://evil.com"
+      - "/?url=https://evil.com"
+      - "/?next=https://evil.com"
+      - "/redirect?url=https://evil.com"
+      - "/login?next=https://evil.com"
+
+    matchers:
+      - type: status
+        status:
+          - 301
+          - 302
+          - 303
+          - 307
+          - 308
+
+      - type: word
+        part: header
+        words:
+          - "evil.com"

moriarty/assets/templates/vulnerabilities/rce-basic.yaml

@@ -0,0 +1,34 @@
+id: rce-basic
+
+info:
+  name: Remote Code Execution
+  author: moriarty
+  severity: critical
+  description: Detects basic RCE vulnerabilities
+  tags: rce,injection
+
+requests:
+  - method: GET
+    path:
+      - "/?cmd={{rce}}"
+      - "/exec?cmd={{rce}}"
+      - "/shell?cmd={{rce}}"
+
+    payloads:
+      rce:
+        - "whoami"
+        - "id"
+        - "cat /etc/passwd"
+        - ";whoami"
+        - "| whoami"
+        - "`whoami`"
+        - "$(whoami)"
+
+    matchers:
+      - type: regex
+        regex:
+          - "uid=[0-9]+\\(.*\\)"
+          - "root:.*:0:0:"
+          - "www-data"
+          - "nobody"
+        condition: or

moriarty/assets/templates/vulnerabilities/sqli-error.yaml

@@ -0,0 +1,39 @@
+id: sqli-error
+
+info:
+  name: SQL Injection - Error Based
+  author: moriarty
+  severity: critical
+  description: Detects error-based SQL injection vulnerabilities
+  tags: sqli,injection,database
+
+requests:
+  - method: GET
+    path:
+      - "/?id={{sqli}}"
+      - "/product.php?id={{sqli}}"
+      - "/user.php?id={{sqli}}"
+
+    payloads:
+      sqli:
+        - "'"
+        - "''"
+        - "' OR '1'='1"
+        - "1' AND '1'='1"
+        - "1' AND '1'='2"
+
+    matchers:
+      - type: regex
+        regex:
+          - "SQL syntax.*MySQL"
+          - "Warning.*mysql_"
+          - "MySqlException"
+          - "PostgreSQL.*ERROR"
+          - "Warning.*pg_"
+          - "valid PostgreSQL result"
+          - "Microsoft SQL.*Driver"
+          - "ODBC SQL Server"
+          - "SQLServer JDBC Driver"
+          - "Oracle error"
+          - "ORA-[0-9]+"
+        condition: or

moriarty/assets/templates/vulnerabilities/ssrf-basic.yaml

@@ -0,0 +1,31 @@
+id: ssrf-basic
+
+info:
+  name: Server-Side Request Forgery
+  author: moriarty
+  severity: high
+  description: Detects SSRF vulnerabilities
+  tags: ssrf,injection
+
+requests:
+  - method: GET
+    path:
+      - "/?url={{ssrf}}"
+      - "/fetch?url={{ssrf}}"
+      - "/proxy?url={{ssrf}}"
+
+    payloads:
+      ssrf:
+        - "http://169.254.169.254/latest/meta-data/"
+        - "http://localhost/admin"
+        - "http://127.0.0.1:22"
+        - "http://[::1]/admin"
+
+    matchers:
+      - type: word
+        words:
+          - "ami-id"
+          - "instance-id"
+          - "local-hostname"
+          - "SSH-"
+        condition: or

moriarty/assets/templates/vulnerabilities/xss-reflected.yaml

@@ -0,0 +1,38 @@
+id: xss-reflected
+
+info:
+  name: Reflected XSS Detection
+  author: moriarty
+  severity: high
+  description: Detects reflected XSS vulnerabilities
+  tags: xss,injection
+
+requests:
+  - method: GET
+    path:
+      - "/?q={{xss}}"
+      - "/search?query={{xss}}"
+      - "/search.php?q={{xss}}"
+
+    payloads:
+      xss:
+        - '<script>alert(1)</script>'
+        - '<img src=x onerror=alert(1)>'
+        - '"><script>alert(1)</script>'
+        - '<svg/onload=alert(1)>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{xss}}'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200