Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

- method: GET

path:

- '{{BaseURL}}/backup/acme-hyper-branding/.git/HEAD'

- '{{BaseURL}}/backup/acme-impact-alliance/.git/HEAD'

matchers:

- type: word

words:

- "ref: refs/heads/master"

part: body

Listing 5-4

Writing a git finder template with Nuclei

This template works just like the one in the previous example,

except this time, we provide two paths to check against:

/backup/acme-hyper-branding/.git/HEAD and /backup/acme-impact-

alliance/.git/HEAD . The matcher is the string we expect to see in

the HEAD file. You can confirm that this is the case by making a

cURL request to the git repository at 172.16.10.11:

$ curl http://172.16.10.11/backup/acme-hyper-branding/.git/HEAD

ref: refs/heads/master

Download this custom Nuclei template from

https://github.com/dolevf/Black-Hat-Bash/blob/master/ch05/git-

finder.yaml.

Applying the Template

Let’s run Nuclei against 172.16.10.11 with the custom template

we just wrote. Nuclei stores its built in templates in the folder

~/.local/nuclei-templates. First, run the following command to

update Nuclei’s template database:

$ nuclei -ut

Next, save the custom template into the folder ~/.local/nuclei-

templates/custom and give it a name such as git-finder.yaml.

In the following command, the -u (URL) option specifies the

address, and -t (template) specifies the path to the template:

$ nuclei -u 172.16.10.11 -t ~/.local/nuclei-templates/custom/git-finder.yaml

--snip--

[INF] Targets loaded for scan: 1

[INF] Running httpx on input host

[INF] Found 1 URL from httpx

[detect-git-repository] [http] [info] http://172.16.10.11/backup/acme-hyper-branding/.git/HEAD

[detect-git-repository] [http] [info] http://172.16.10.11/backup/acme-impact-alliance/.git/HEAD