-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrules.yaml
62 lines (53 loc) · 1.77 KB
/
rules.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
rules:
# Version control systems
- name: Git Repository - HEAD
path: /.git/HEAD
signature: "ref: refs/"
description: "Exposed Git repository can reveal source code and sensitive data"
severity: high
- name: Git Repository - Config
path: /.git/config
signature: "[core]"
description: "Exposed Git configuration may contain repository URLs and credentials"
severity: high
- name: Git Repository - Index
path: /.git/index
signature: "DIRC"
description: "Exposed Git index reveals file structure and changes"
severity: high
- name: Git Repository - Logs
path: /.git/logs/HEAD
signature: "0000000000000000"
description: "Exposed Git logs contain commit history and possibly sensitive comments"
severity: high
# API Documentation
- name: Swagger UI
path: /swagger-ui.html
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: Swagger UI - Alt
path: /swagger/index.html
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: Swagger JSON
path: /v2/api-docs
signature: "swagger"
description: "Exposed Swagger definition reveals API structure"
severity: medium
- name: Swagger UI - Docs
path: /docs/
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: OpenAPI
path: /openapi.json
signature: "openapi"
description: "Exposed OpenAPI definition reveals API structure"
severity: medium
- name: API Documentation
path: /api/docs
signature: "API"
description: "Exposed API documentation reveals endpoint structure"
severity: medium