Initial commit

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+
+contact_links:
+  - name: Ask an question / advise on using nuclei-templates
+    url: https://github.com/projectdiscovery/fuzzing-templates/discussions/categories/q-a
+    about: Ask a question or request support for using fuzzing-templates
+
+  - name: Share idea / feature to discuss for nuclei-templates
+    url: https://github.com/projectdiscovery/fuzzing-templates/discussions/categories/ideas
+    about: Share idea / feature to discuss for fuzzing-templates
+
+  - name: Connect with PD Team & Community (Discord)
+    url: https://discord.gg/projectdiscovery
+    about: Connect with PD Team & Community for direct communication

.github/ISSUE_TEMPLATE/false-negative.md

@@ -0,0 +1,21 @@
+---
+name: False Negative
+about: 'Issue for template missing valid/expected result.'
+labels: 'false-negative'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Nuclei Version:
+
+<!-- You can find current version of nuclei with "nuclei -version" -->
+
+### Template file:
+
+<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" -->
+
+### Command to reproduce:
+
+<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
+<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->

.github/ISSUE_TEMPLATE/false-positive.md

@@ -0,0 +1,24 @@
+---
+name: False Positive
+about: 'Issue for template producing invalid/unexpected result.'
+labels: 'false-positive'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Nuclei Version:
+
+<!-- You can find current version of nuclei with "nuclei -version" -->
+
+### Template file:
+
+<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" -->
+
+### Command to reproduce:
+
+<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
+<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->
+
+### Anything else:
+<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,18 @@
+---
+name: Feature request
+about: Request feature to implement in this project
+labels: 'Type: Enhancement'
+---
+
+<!--
+1. Please make sure to provide a detailed description with all the relevant information that might be required to start working on this feature.
+2. In case you are not sure about your request or whether the particular feature is already supported or not, please start a discussion instead.
+3. GitHub Discussion: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
+4. Join our discord server at https://discord.gg/projectdiscovery to discuss the idea on the #nuclei-templates channel.
+-->
+
+### Please describe your feature request:
+<!-- A clear and concise description of feature to implement -->
+
+### Describe the use case of this feature:
+<!-- A clear and concise description of the feature request's motivation and the use-cases in which it could be useful. -->

.github/ISSUE_TEMPLATE/issue-report.md

@@ -0,0 +1,21 @@
+---
+name: Issue report
+about: "Issue to report invalid template"
+labels: 'Type: Bug'
+
+---
+
+<!-- 
+1. Please search to see if an issue already exists for the bug you encountered.
+2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei-templates/discussions or
+3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei-templates channel.
+-->
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Issue description:
+<!-- A concise description of what you're experiencing. -->
+
+
+### Anything else:
+<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

.github/ISSUE_TEMPLATE/new-template.md

@@ -0,0 +1,17 @@
+---
+name: Template Request
+about: 'request for new template to be created.'
+labels: 'new-template'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+
+### Template for?
+
+<!-- Name the CVE / Vulnerability / Exploit / Misconfiguration / Technology -->
+
+### Details:
+
+<!-- Required information to create a nuclei template such as exploit link / source / reference / vulnerable setup / search query / demo host -->

.github/ISSUE_TEMPLATE/submit-template.md

@@ -0,0 +1,23 @@
+---
+name: Template Contribution
+about: Contributing nuclei template using GitHub Issue
+labels: 'nuclei-template'
+---
+
+### Template Information:
+
+<!-- Include basic information of the template including reference -->
+<!-- Templates without any reference mostly likely to take more time for review/validation -->
+
+
+### Nuclei Template:
+
+<!-- Include nuclei template in between code block shared below -->
+
+
+```yaml
+
+```
+
+<!-- Include template results if available or redacted valid response snippet of valid match -->
+<!-- Example response help us to update the matchers as unique as possible to avoid possible false-positive results. -->

.github/workflows/cve-annotate.yml

@@ -0,0 +1,51 @@
+name: ✍🏻 CVE Annotate
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  annotate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get Github tag
+        id: meta
+        run: |
+          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
+
+      - name: Setup CVE annotate
+        if: steps.meta.outputs.TAG != ''
+        env:
+          VERSION: ${{ steps.meta.outputs.TAG }}
+        run: |
+          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
+          sudo unzip cve-annotate.zip -d /usr/local/bin
+        working-directory: /tmp
+
+      - name: Generate CVE Annotations
+        id: cve-annotate
+        run: |
+          cve-annotate -i . -d .
+          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
+
+      - name: Commit files
+        if: steps.cve-annotate.outputs.CHANGES > 0
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add .
+          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
+
+      - name: Push changes
+        if: steps.cve-annotate.outputs.CHANGES > 0
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: ${{ github.ref }}

.github/workflows/syntax-checking.yml

@@ -0,0 +1,17 @@
+name: ❄️ YAML Lint
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Yamllint
+        uses: karancode/yamllint-github-action@master
+        with:
+          yamllint_config_filepath: .yamllint
+          yamllint_strict: false
+          yamllint_comment: true

.github/workflows/template-validate.yml

@@ -0,0 +1,31 @@
+name: 🛠 Template Validate
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Get Github tag
+        id: meta
+        run: |
+          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
+
+      - name: Setup Nuclei
+        if: steps.meta.outputs.TAG != ''
+        env:
+          VERSION: ${{ steps.meta.outputs.TAG }}
+        run: |
+          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/nuclei_${VERSION:1}_linux_amd64.zip
+          sudo unzip nuclei*.zip -d /usr/local/bin
+        working-directory: /tmp
+
+      - name: Template Validation
+        run: |
+          cp -r ${{ github.workspace }} $HOME
+          nuclei -validate
+          nuclei -validate -w ./workflows

.gitignore

@@ -0,0 +1 @@
+notes.txt

.yamllint

@@ -0,0 +1,16 @@
+extends: default
+
+ignore: |
+  .pre-commit-config.yml
+  .github/workflows/*.yml
+
+rules:
+  document-start: disable
+  line-length: disable
+  new-lines: disable
+  new-line-at-end-of-file: disable
+  truthy: disable
+  comments:
+    require-starting-space: true
+    ignore-shebangs: true
+    min-spaces-from-content: 1

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 ProjectDiscovery
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,81 @@
+
+
+<h1 align="center">
+Fuzzing Templates
+</h1>
+<h4 align="center">Community curated list of fuzzing templates for the nuclei engine to find unknown security vulnerabilities.</h4>
+
+
+<p align="center">
+<a href="https://github.com/projectdiscovery/fuzzing-templates/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
+<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
+<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
+</p>
+      
+<p align="center">
+  <a href="https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/">Documentation</a> •
+  <a href="https://github.com/projectdiscovery/fuzzing-templates/graphs/contributors">Contributions</a> •
+  <a href="https://github.com/projectdiscovery/fuzzing-templates/discussions">Discussion</a> •
+  <a href="https://discord.gg/projectdiscovery">Community</a>
+</p>
+
+----
+
+Fuzzing templates are used with [nuclei](https://github.com/projectdiscovery/nuclei) scanner which powers the actual scanning engine. This repository contains various fuzzing templates for the scanner provided by our team, as well as contributed by the community.
+
+We welcome contributions from the community through pull requests or issues to increase the coverage of security testing. Unlike the [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) project, which focuses on known vulnerabilities, fuzzing templates are specifically designed to **discover previously unknown vulnerabilities** in applications.
+
+
+
+📖 Documentation
+-----
+
+Please navigate to https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/ for detailed documentation to **build your own fuzzing** template.
+We have also added a set of templates to help you understand how things work.
+
+🌪️ Using Fuzzing Templates
+-----
+
+1. **Install Nuclei**
+
+```
+go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
+```
+
+2. **Clone Fuzzing Templates**
+
+```
+git clone https://github.com/projectdiscovery/fuzzing-templates.git
+```
+
+3. **Run Fuzzing Templates**
+```
+nuclei -t fuzzing-templates -list fuzz_endpoints.txt
+```
+
+> **Note**:
+
+> *You can use existing nuclei options to filter / run specific directory / sub directory / templates or tags* 
+
+💬 Discussion
+-----
+
+Got questions / doubts / ideas to discuss?
+Feel free to open a discussion on [GitHub discussions](https://github.com/projectdiscovery/fuzzing-templates/discussions) board.
+
+
+👨‍💻 Community
+-----
+
+You are welcome to join the active [Discord Community](https://discord.gg/projectdiscovery) to discuss directly with project maintainers and share things with others around security and automation.
+Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be updated on all the things about Nuclei.
+
+
+<p align="center">
+<a href="https://github.com/projectdiscovery/fuzzing-templates/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=projectdiscovery/fuzzing-templates&max=300">
+</a>
+</p>
+
+
+Thanks again for your contribution and keeping this community vibrant. ❤️