Overview

We've developed twenty-three Nuclei templates as part of the launch of our attack surface management product offering. The vast majority of these templates focus on detecting various web application services such as continuous integration and deployment systems as identifying opportunities to reduce external attack surfaces is a core part of the value proposition of our product offering. We've also developed some templates related to specific vulnerabilities (e.g. a remote code execution in the Code42 application using the Log4Shell vulnerability) and added support for token-spraying Fastly and Gitlab cloud.

Continuous Integration and Deployment Applications:

Enterprise Applications:

Other Applications

  • Gradle Enterprise (gradle-enterprise-panel.yaml): A software build automation tool (https://gradle.com/)
  • Gradle Enterprise Build Cache (gradle-enterprise-build-cache-detect.yaml): Build cache used by Gradle to save time by reusing outputs prodcued by other builds (https://docs.gradle.org/current/userguide/build_cache.html)
  • HTTPBin (httpbin-detection): An application used to test HTTP client libraries (http://httpbin.org/)
  • Redash (redash-detection.yaml): An application that is leveraged for visualizing data similar to Grafana (https://redash.io/)
  • Zentral (zentral-detection.yaml): An open source event aggregator for osquery and Santa (Google's application allowlisting application) (https://zentral.io/)

Exploits

  • Code42 Log4j Exploit (log4j-code42-rce.yaml): Tests for the log4j vulnerability in the Code42 application
  • HTTPBin Cross Site Scripting (httpbin-xss.yaml): Tests for an XSS issue present in the HTTPBin application
  • HTTPBin Open Redirect (httpbin-open-redirect.yaml): Tests for an open redirection issue in the HTTPBin application

Token Spraying:

  • Gitlab Token Spraying (api-github.yaml): A new template for token spraying personal access tokens for the cloud version of Gitlab
  • Fastly Token Spraying (api-fastly.yaml): A new template for token spraying the Fastly CDN provider to check if a given string is a valid Fastly API token.