up PoCs 2022-08-22

README.md

@@ -38,7 +38,7 @@
   * Snmp
   * Wap-wsp (Elasticsearch)
   * RouterOs
-  * HTTP BasicAuth, contains SVN（Apache Subversion） crack
+  * HTTP BasicAuth(Authorization), contains Webdav、SVN（Apache Subversion） crack
   * Weblogic, enable nuclei through enableNuclei=true at the same time, support T3, IIOP and other detection
   * Tomcat
   * Jboss

README_CN.md

@@ -38,7 +38,7 @@ Vulnerabilities Scan；15000+PoC漏洞扫描；[ 23 ] 种应用弱口令爆破
   * Snmp
   * Wap-wsp（Elasticsearch）
   * RouterOs
-  * HTTP BasicAuth, contains SVN（Apache Subversion） crack
+  * HTTP  BasicAuth(Authorization), contains Webdav、SVN（Apache Subversion） crack
   * Weblogic，同时通过 enableNuclei=true 开启nuclei，支持T3、IIOP等检测
   * Tomcat
   * Jboss

brute/dicts/softc.txt

@@ -28,4 +28,9 @@ VMware
 四川久远银海软件股份有限公司
 新型农村社会养老保险信息系统
 长沙创智和宇信息技术有限公司
-北京北控电信通信息技术有限公司
+北京北控电信通信息技术有限公司
+北京五木恒润科技有限公司
+浪潮集团
+北大方正集团有限公司
+方正科技集团股份有限公司
+东软（集团）有限公司

config/databases/db_404_strings

@@ -0,0 +1,55 @@
+#VERSION,2.003
+#######################################################################
+# File Source: https://cirt.net
+# (c) 2001 Chris Sullo, All Rights Reserved.
+# This file may only be distributed and used with the full Nikto package.
+# This file may not be used with any software product without written permission from 
+# Chris Sullo (csullo@gmail.com)
+#
+# Note:
+# By submitting updates to this file you are transferring any and all copyright
+# interest in the data to Chris Sullo so it can modified, incorporated into this product
+# relicensed or reused.
+#######################################################################
+# Notes:
+# Strings to be used for 404 content match
+#######################################################################
+Access Failed
+an error
+Bad Request
+Client Authentication Remote Service
+could not find
+error has occurred
+Error 404
+Error Occurred While Processing Request
+Error processing SSI file
+ExtendNet DX Configuration
+FireWall-1 message
+forcelogon.htm
+IMail Server Web Messaging
+Management Console
+name=qt id="search" size=40 value=" "
+No web site is configured at this address
+not found
+parameter is incorrect                                   # IIS 5.0 500 error
+Please identify yourself:
+Reload acp_userinfo database
+RSA SecurID User Name Request
+The userid or password that was specified is not valid.  # Tivoli server administrator
+TYPE=password	                                         # As in "<input type=password>"
+Unable to complete your request
+unable to open
+Web access denied
+Hack Attempts
+does not exist                                           # SAP NetWeaver
+<b>Wrong URL.                                            # Cisco SSL VPN
+page may no longer exist
+page no longer exist
+Your session has expired				# cPanel webmail
+no longer available
+Request Rejected
+More about this error					# MS Lync 2010
+No target SAP system for request			# SAP web server
+no valid destination server available for		# SAP web server
+unauthorized public IP address				# BigIP
+<TITLE>Invalid URL</TITLE>                              # AkamaiGhost

config/databases/db_content_search

@@ -0,0 +1,39 @@
+#VERSION,2.000
+#######################################################################
+# File Source: https://cirt.net
+# (c) 2001 Chris Sullo, All Rights Reserved.
+# This file may only be distributed and used with the full Nikto package.
+# This file may not be used with any software product without written permission from
+# Chris Sullo (csullo@gmail.com)
+#
+# Note:
+# By submitting updates to this file you are transferring any and all copyright
+# interest in the data to Chris Sullo so it can modified, incorporated into this product
+# relicensed or reused.
+#######################################################################
+# Notes:
+# These can be regular expressions, but will be eval'd case insensitive.
+# Since these are run after every page retrieved, we should try to keep these as fast
+# regular expressions as possible, and limited to only critical findings.
+#######################################################################
+"nikto_id","osvdb","matchstring","message"
+"750500","3268","[iI]ndex [oO]f \/","Directory indexing found."
+"750501","0","Warning(?:<\/b>)?:\s+(?:include|require)(?:_once)?\(","PHP include error may indicate local or remote file inclusion is possible."
+"750502","0","failed to open stream: No such file or directory in (?:<b>)?(?:[a-zA-Z]:\\|\/)","PHP include error reveals the full path to the web root."
+"750503","0","mysql_p?connect\(","Potential PHP MySQL database connection string found."
+"750504","0","pgp_p?connect\(","Potential PHP PostgreSQL database connection string found."
+"750505","0","sqlite_p?open\(","Potential PHP SQLite database connection string found."
+"750506","0","mssql_p?connect\(","Potential PHP MSSQL database connection string found."
+"750507","0","Call to undefined function.*\(\) in \/","PHP error reveals file system path."
+"750508","36099","FrameworkLog.xsl\"\\?>.*<version>(?:[0-2]|3\.(?:[0-5]|6\.0\.(?:[0-4]|5(?:[0-3]|4[0-5]))))","McAfee Common Management Agent 3.6.0.546 and below contain multiple overflows."
+"750509","0","However, we found documents with names similar to the one you requested","The mod_speling module can reveal otherwise 'hidden' files in directories."
+"750510","0","makes use of the Zend Scripting Language","Output from the phpinfo() function was found."
+"750511","0","SQLSTATE\[","A database error may reveal internal details about the running database."
+"750512","0","jetty-dir.css\" REL=\"stylesheet\" TYPE=\"text/css\"\/><TITLE>Directory: \/","Directory indexing found (Jetty)."
+"750513","0","404-server!!","This string is associated with the 'meuhy.php' backdoor file uploader/downloader."
+"750514","0","Brazilians Defacers","This string is associated with pages tagged by HackerBrasilll group."
+"750515","0","HackerBrasilll","This string is associated with pages tagged by HackerBrasilll group."
+"750516","0","plain HTTP to an SSL","You appear to be scanning an HTTPS site with HTTP. This won't work as you expect.."
+"750517","0","plain HTTP request was sent to HTTPS","You appear to be scanning an HTTPS site with HTTP. This won't work as you expect."
+"750518","0","password e-?mailed","Possible cleartext emailing of stored password."
+"750519","0","[T]omcat\s[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}","The detailed Tomcat version is disclosed in error pages."