rules/web/web_source_code_enumeration.yml

title: Source Code Enumeration Detection by Keyword
id: 953d460b-f810-420a-97a2-cfca4c98e602
description: Detects source code enumeration that use GET requests by keyword searches in URL strings
author: James Ahearn
references:
    - https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html
    - https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1
logsource:
    category: webserver
detection:
    keywords:
        - '*.git/*'
    condition: keywords
fields:
    - client_ip
    - vhost
    - url
    - response
falsepositives:
    - unknown
level: medium
Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00			`title: Source Code Enumeration Detection by Keyword`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`id: 953d460b-f810-420a-97a2-cfca4c98e602`
Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00			`description: Detects source code enumeration that use GET requests by keyword searches in URL strings`
			`author: James Ahearn`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`references:`
			`- https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html`
			`- https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1`
Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00			`logsource:`
			`category: webserver`
			`detection:`
			`keywords:`
			`- '.git/'`
			`condition: keywords`
			`fields:`
			`- client_ip`
			`- vhost`
			`- url`
			`- response`
			`falsepositives:`
			`- unknown`
			`level: medium`