From 5f348ed82eb9f7274aba99c7a4bf321ca5241a3f Mon Sep 17 00:00:00 2001 From: Averroes Date: Sun, 7 Aug 2022 14:46:58 +0200 Subject: [PATCH 1/2] Update README Update a way to install waybackurls and gf --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e02866f..6dca02a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Gf-Patterns V 1.9 +# Gf-Patterns V 2.0 ## [GF](https://github.com/tomnomnom/gf) By [![Twitter](https://img.shields.io/badge/twitter-@TomNomNom-blue.svg)](https://twitter.com/TomNomNom) @@ -12,10 +12,10 @@ If you've got Go installed and configured you can install `waybackurls & Gf` wit ```bash -▶ go get -u github.com/tomnomnom/waybackurls +▶ go install github.com/tomnomnom/waybackurls@latest ``` ```bash -▶ go get -u github.com/tomnomnom/gf +▶ go install github.com/tomnomnom/gf@latest ``` If you've installed using `go get`, you can enable auto-completion to your `.bashrc` like this: From 1794297d41cb8d96e9a71c436c25a4cafd5c36d6 Mon Sep 17 00:00:00 2001 From: Averroes Date: Sun, 7 Aug 2022 15:13:24 +0200 Subject: [PATCH 2/2] Adding examples from Tomnomnom repository --- aws-keys.json | 4 ++++ base64.json | 6 ++++++ cors.json | 6 ++++++ debug-pages.json | 5 +++++ firebase.json | 4 ++++ fw.json | 29 +++++++++++++++++++++++++++++ go-functions.json | 4 ++++ http-auth.json | 4 ++++ ip.json | 4 ++++ json-sec.json | 4 ++++ meg-headers.json | 4 ++++ php-curl.json | 4 ++++ php-errors.json | 17 +++++++++++++++++ php-serialized.json | 8 ++++++++ php-sinks.json | 4 ++++ php-sources.json | 7 +++++++ s3-buckets.json | 10 ++++++++++ sec.json | 4 ++++ servers.json | 4 ++++ strings.json | 7 +++++++ takeovers.json | 32 ++++++++++++++++++++++++++++++++ upload-fields.json | 4 ++++ urls.json | 4 ++++ 23 files changed, 179 insertions(+) create mode 100644 aws-keys.json create mode 100644 base64.json create mode 100644 cors.json create mode 100644 debug-pages.json create mode 100644 firebase.json create mode 100644 fw.json create mode 100644 go-functions.json create mode 100644 http-auth.json create mode 100644 ip.json create mode 100644 json-sec.json create mode 100644 meg-headers.json create mode 100644 php-curl.json create mode 100644 php-errors.json create mode 100644 php-serialized.json create mode 100644 php-sinks.json create mode 100644 php-sources.json create mode 100644 s3-buckets.json create mode 100644 sec.json create mode 100644 servers.json create mode 100644 strings.json create mode 100644 takeovers.json create mode 100644 upload-fields.json create mode 100644 urls.json diff --git a/aws-keys.json b/aws-keys.json new file mode 100644 index 0000000..fefbd75 --- /dev/null +++ b/aws-keys.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanrE", + "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" +} diff --git a/base64.json b/base64.json new file mode 100644 index 0000000..18e86e0 --- /dev/null +++ b/base64.json @@ -0,0 +1,6 @@ +{ + "flags": "-HnroE", + "pattern": "([^A-Za-z0-9+/]|^)(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[%a-zA-Z0-9+/]+={0,2}" +} + + diff --git a/cors.json b/cors.json new file mode 100644 index 0000000..d4e8637 --- /dev/null +++ b/cors.json @@ -0,0 +1,6 @@ +{ + "flags": "-HnriE", + "patterns": [ + "Access-Control-Allow" + ] +} diff --git a/debug-pages.json b/debug-pages.json new file mode 100644 index 0000000..9a14e76 --- /dev/null +++ b/debug-pages.json @@ -0,0 +1,5 @@ +{ + "flags": "-HnraiE", + "pattern": "(Application-Trace|Routing Error|DEBUG\"? ?[=:] ?True|Caused by:|stack trace:|Microsoft .NET Framework|Traceback|[0-9]:in `|#!/us|WebApplicationException|java\\.lang\\.|phpinfo|swaggerUi|on line [0-9]|SQLSTATE)" + +} diff --git a/firebase.json b/firebase.json new file mode 100644 index 0000000..bc3bdf6 --- /dev/null +++ b/firebase.json @@ -0,0 +1,4 @@ +{ + "flags": "-Hnri", + "pattern": "firebaseio.com" +} diff --git a/fw.json b/fw.json new file mode 100644 index 0000000..7bf7081 --- /dev/null +++ b/fw.json @@ -0,0 +1,29 @@ +{ + "flags": "-HnriE", + "patterns": [ + "django", + "laravel", + "symfony", + "graphite", + "grafana", + "X-Drupal-Cache", + "struts", + "code ?igniter", + "cake ?php", + "grails", + "elastic ?search", + "kibana", + "log ?stash", + "tomcat", + "jenkins", + "hudson", + "com.atlassian.jira", + "Apache Subversion", + "Chef Server", + "RabbitMQ Management", + "Mongo", + "Travis CI - Enterprise", + "BMC Remedy", + "artifactory" + ] +} diff --git a/go-functions.json b/go-functions.json new file mode 100644 index 0000000..35021c9 --- /dev/null +++ b/go-functions.json @@ -0,0 +1,4 @@ +{ + "flags": "-HnriE", + "pattern": "func [a-z0-9_]+\\(" +} diff --git a/http-auth.json b/http-auth.json new file mode 100644 index 0000000..bab9eca --- /dev/null +++ b/http-auth.json @@ -0,0 +1,4 @@ +{ + "flags": "-hrioaE", + "pattern": "[a-z0-9_/\\.:-]+@[a-z0-9-]+\\.[a-z0-9.-]+" +} diff --git a/ip.json b/ip.json new file mode 100644 index 0000000..8be02b9 --- /dev/null +++ b/ip.json @@ -0,0 +1,4 @@ +{ + "flags": "-HnroE", + "pattern": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" +} diff --git a/json-sec.json b/json-sec.json new file mode 100644 index 0000000..85d0055 --- /dev/null +++ b/json-sec.json @@ -0,0 +1,4 @@ +{ + "flags": "-harioE", + "pattern": "(\\\\?\"|"|%22)[a-z0-9_-]*(api[_-]?key|S3|aws_|secret|passw|auth)[a-z0-9_-]*(\\\\?\"|"|%22): ?(\\\\?\"|"|%22)[^\"&]+(\\\\?\"|"|%22)" +} diff --git a/meg-headers.json b/meg-headers.json new file mode 100644 index 0000000..daedd5c --- /dev/null +++ b/meg-headers.json @@ -0,0 +1,4 @@ +{ + "flags": "-hroiE", + "pattern": "^\u003c [a-z0-9_\\-]+: .*" +} diff --git a/php-curl.json b/php-curl.json new file mode 100644 index 0000000..300c98c --- /dev/null +++ b/php-curl.json @@ -0,0 +1,4 @@ +{ + "flags": "-HnrE", + "pattern": "CURLOPT_(HTTPHEADER|HEADER|COOKIE|RANGE|REFERER|USERAGENT|PROXYHEADER)" +} diff --git a/php-errors.json b/php-errors.json new file mode 100644 index 0000000..5dca835 --- /dev/null +++ b/php-errors.json @@ -0,0 +1,17 @@ +{ + "flags": "-HnriE", + "patterns": [ + "php warning", + "php error", + "fatal error", + "uncaught exception", + "include_path", + "undefined index", + "undefined variable", + "\\?php", + "<\\?[^x]", + "stack trace\\:", + "expects parameter [0-9]*", + "Debug Trace" + ] +} diff --git a/php-serialized.json b/php-serialized.json new file mode 100644 index 0000000..5b0a7f4 --- /dev/null +++ b/php-serialized.json @@ -0,0 +1,8 @@ +{ + "flags": "-HnrE", + "patterns": [ + "a:[0-9]+:{", + "O:[0-9]+:\"", + "s:[0-9]+:\"" + ] +} diff --git a/php-sinks.json b/php-sinks.json new file mode 100644 index 0000000..6d134a9 --- /dev/null +++ b/php-sinks.json @@ -0,0 +1,4 @@ +{ + "flags": "-HnriE", + "pattern": "[^a-z0-9_](system|exec|popen|pcntl_exec|eval|create_function|unserialize|file_exists|md5_file|filemtime|filesize|assert) ?\\(" +} diff --git a/php-sources.json b/php-sources.json new file mode 100644 index 0000000..3a66f05 --- /dev/null +++ b/php-sources.json @@ -0,0 +1,7 @@ +{ + "flags": "-HnrE", + "patterns": [ + "\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)", + "php://(input|stdin)" + ] +} diff --git a/s3-buckets.json b/s3-buckets.json new file mode 100644 index 0000000..1ec3842 --- /dev/null +++ b/s3-buckets.json @@ -0,0 +1,10 @@ +{ + "flags": "-hrioaE", + "patterns": [ + "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", + "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", + "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", + "//s3\\.amazonaws\\.com/[a-z0-9._-]+", + "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" + ] +} diff --git a/sec.json b/sec.json new file mode 100644 index 0000000..1d5dc17 --- /dev/null +++ b/sec.json @@ -0,0 +1,4 @@ +{ + "flags": "-HanriE", + "pattern": "(aws_access|aws_secret|api[_-]?key|ListBucketResult|S3_ACCESS_KEY|Authorization:|RSA PRIVATE|Index of|aws_|secret|ssh-rsa AA)" +} diff --git a/servers.json b/servers.json new file mode 100644 index 0000000..86b0916 --- /dev/null +++ b/servers.json @@ -0,0 +1,4 @@ +{ + "flags": "-hri", + "pattern": "server: " +} diff --git a/strings.json b/strings.json new file mode 100644 index 0000000..ef33e0e --- /dev/null +++ b/strings.json @@ -0,0 +1,7 @@ +{ + "flags": "-hroiaE", + "patterns": [ + "\"[^\"]+\"", + "'[^']+'" + ] +} diff --git a/takeovers.json b/takeovers.json new file mode 100644 index 0000000..628c050 --- /dev/null +++ b/takeovers.json @@ -0,0 +1,32 @@ +{ + "flags": "-HnriE", + "patterns": [ + "There is no app configured at that hostname", + "NoSuchBucket", + "No Such Account", + "You're Almost There", + "a GitHub Pages site here", + "There's nothing here", + "project not found", + "Your CNAME settings", + "InvalidBucketName", + "PermanentRedirect", + "The specified bucket does not exist", + "Repository not found", + "Sorry, We Couldn't Find That Page", + "The feed has not been found.", + "The thing you were looking for is no longer here, or never was", + "Please renew your subscription", + "There isn't a Github Pages site here.", + "We could not find what you're looking for.", + "No settings were found for this company:", + "No such app", + "is not a registered InCloud YouTrack", + "Unrecognized domain", + "project not found", + "This UserVoice subdomain is currently available!", + "Do you want to register", + "Help Center Closed" + ] +} + diff --git a/upload-fields.json b/upload-fields.json new file mode 100644 index 0000000..9315988 --- /dev/null +++ b/upload-fields.json @@ -0,0 +1,4 @@ +{ + "flags": "-HnriE", + "pattern": "\u003cinput[^\u003e]+type=[\"']?file[\"']?" +} diff --git a/urls.json b/urls.json new file mode 100644 index 0000000..345a183 --- /dev/null +++ b/urls.json @@ -0,0 +1,4 @@ +{ + "flags": "-oriahE", + "pattern": "https?://[^\"\\'> ]+" +}