20250128

date.txt

@@ -1 +1 @@
-20250127
+20250128

tmp/adobe/adobe-aem-default-credentials.yaml

@@ -0,0 +1,65 @@
+id: adobe-aem-default-credentials
+
+info:
+  name: Adobe AEM Default Credentials
+  author: random-robbie
+  severity: critical
+  tags: aem,default-login,fuzz
+requests:
+
+  - payloads:
+
+      rr_username:
+        - admin
+        - grios
+        - replication-receiver
+        - vgnadmin
+        - [email protected]
+        - [email protected]
+        - [email protected]
+        - [email protected]
+        - [email protected]
+        - [email protected]
+
+      rr_password:
+        - admin
+        - password
+        - replication-receiver
+        - vgnadmin
+        - aparker
+        - jdoe
+        - password
+        - password
+        - password
+        - password
+
+    attack: pitchfork  # Available options: sniper, pitchfork and clusterbomb
+
+    raw:
+      - |
+        POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
+        Accept: text/plain, */*; q=0.01
+        Accept-Language: en-US,en;q=0.5
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+        Content-Length: 67
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}/libs/granite/core/content/login.html
+        Connection: close
+
+        _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - login-token
+          - crx.default
+        condition: and

tmp/adobe/adobe-client.yaml

@@ -0,0 +1,22 @@
+id: adobe-client
+
+info:
+  name: Adobe Client ID
+  author: DhiyaneshDK
+  severity: info
+  reference:
+    - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.yaml
+    - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.go
+  metadata:
+    verified: true
+  tags: adobe,file,token
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

tmp/adobe/adobe-coldfusion-detector-error.yaml

@@ -0,0 +1,29 @@
+id: adobe-coldfusion-detector-error
+info:
+  name: Adobe ColdFusion Detector
+  author: philippedelteil
+  severity: info
+  description: With this template we can detect a running ColdFusion instance due to an error page.
+  reference: https://twitter.com/PhilippeDelteil/status/1418622775829348358
+  tags: adobe,coldfusion
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+    raw:
+      - |
+        GET /_something_.cfm HTTP/1.1
+        Host: {{Subdomains}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'ColdFusion documentation'
+      - type: status
+        status:
+          - 404

tmp/adobe/adobe-connect-central-login-94.yaml

@@ -0,0 +1,28 @@
+id: adobe-connect-central-login
+
+info:
+  name: Adobe Connect Central Login
+  author: dhiyaneshDk
+  severity: info
+  tags: adobe,panel
+
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+
+    raw:
+      - |
+        GET /system/login HTTP/1.1
+        Host: {{Subdomains}}
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Adobe Connect Central Login</title>'
+        part: body
+
+      - type: status
+        status:
+          - 200

tmp/adobe/adobe-connect-username-exposure-99.yaml

@@ -0,0 +1,34 @@
+id: adobe-connect-username-exposure
+
+info:
+  name: Adobe Connect Username Exposure
+  reference: https://packetstormsecurity.com/files/161345/Adobe-Connect-10-Username-Disclosure.html
+  author: dhiyaneshDk
+  severity: low
+  tags: adobe,disclosure
+
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+
+    raw:
+      - |
+        GET /system/help/support HTTP/1.1
+        Host: {{Subdomains}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'Administrators name:'
+          - 'Support Administrators email address:'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

tmp/adobe/adobe-connect-version-103.yaml

@@ -0,0 +1,36 @@
+id: adobe-connect-version
+
+info:
+  name: Adobe Connect Central Version
+  author: dhiyaneshDk
+  severity: info
+  tags: adobe
+
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+
+    raw:
+      - |
+        GET /version.txt HTTP/1.1
+        Host: {{Subdomains}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'package='
+        part: body
+
+      - type: word
+        words:
+          - 'text/plain'
+        part: header
+
+      - type: status
+        status:
+          - 200

tmp/adobe/adobe-connect.yaml

@@ -0,0 +1,14 @@
+name: adobe-connect
+priority: 3
+nuclei_tags:
+  - []
+fingerprint:
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - /common/scripts/showcontent.js
+    favicon_hash: []

tmp/adobe/adobe-cq5.yaml

@@ -0,0 +1,14 @@
+name: adobe-cq5
+priority: 3
+nuclei_tags:
+  - []
+fingerprint:
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - _jcr_content
+    favicon_hash: []

tmp/adobe/adobe-experience-manager-login-107.yaml

@@ -0,0 +1,28 @@
+id: adobe-experience-manager-login
+
+info:
+  name: Adobe-Experience-Manager
+  author: dhiyaneshDK
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22
+  tags: panel,aem
+
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+
+    raw:
+      - |
+        GET /libs/granite/core/content/login.html HTTP/1.1
+        Host: {{Subdomains}}
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>AEM Sign In</title>'
+
+      - type: status
+        status:
+          - 200

tmp/adobe/adobe-experience-manager.yaml

@@ -0,0 +1,14 @@
+name: adobe-experience-manager
+priority: 3
+nuclei_tags:
+ - - aem
+fingerprint:
+ - path: /
+   request_method: get
+   request_headers: {}
+   request_data: ''
+   status_code: 0
+   headers: {}
+   keyword:
+     - tag{background:url(login/clientlib/resources/adobe-logo.png)
+   favicon_hash: []

tmp/adobe/adobe-flex.yaml

@@ -0,0 +1,23 @@
+name: adobe-flex
+priority: 2
+nuclei_tags:
+  - []
+fingerprint:
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - adobe flex
+    favicon_hash: []
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - learn more about flex at http://flex.org
+    favicon_hash: []

tmp/adobe/adobe-golive.yaml

@@ -0,0 +1,14 @@
+name: adobe-golive
+priority: 3
+nuclei_tags:
+  - []
+fingerprint:
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - generator" content="adobe golive
+    favicon_hash: []

tmp/adobe/adobe-magento.yaml

@@ -0,0 +1,23 @@
+name: adobe-magento
+priority: 3
+nuclei_tags:
+  - - magento
+fingerprint:
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - /skin/frontend/
+    favicon_hash: []
+  - path: /
+    request_method: get
+    request_headers: {}
+    request_data: ''
+    status_code: 0
+    headers: {}
+    keyword:
+      - blank_img
+    favicon_hash: []

tmp/adobe/adobe-media-server-111.yaml

@@ -0,0 +1,28 @@
+id: adobe-media-server
+
+info:
+  name: Adobe Media Server
+  author: dhiyaneshDK
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22
+  tags: panel,adobe
+
+requests:
+  - payloads:
+      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
+    attack: sniper
+    threads: 100
+
+    raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Subdomains}}
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Adobe Media Server</title>'
+
+      - type: status
+        status:
+          - 200