projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Home Page:https://github.com/projectdiscovery/nuclei

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TokenSpray api-front

Luqiih opened this issue · comments

Template Information:

This template is used to validate Front API token/keys

References:

Nuclei Template:

id: api-front

info:
  name: LaunchDarkly REST API
  author: Luqmaan Hadia [Luqiih](https://github.com/Luqiih)
  severity: info
  reference:
    - https://dev.frontapp.com/reference/introduction
  tags: token-spray,front

self-contained: true
requests:
  - raw:
      - |
        GET https://api2.frontapp.com/me HTTP/1.1
        Host: api2.frontapp.com
        Authorization: Bearer {{token}}
        Accept: application/json

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

Output from tests:

┌──(luqii㉿DESKTOP-ELT2HGM)-[~/nuclei-templates]
└─$ echo $token
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZXMiOlsic[Redacted]

┌──(luqii㉿DESKTOP-ELT2HGM)-[~/nuclei-templates]
└─$ nuclei -t token-spray/ -var token=$token

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.7.0

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.0 (outdated)
[INF] Using Nuclei Templates 9.0.2 (latest)
[INF] Templates added in last update: 24
[INF] Templates loaded for scan: 156
[2022-05-21 18:41:02] [api-front] [http] [info] https://api2.frontapp.com/me [token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZXMiOlsiceyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZXMiOlsic[Redacted]]

Response using cURL:

┌──(luqii㉿DESKTOP-ELT2HGM)-[~/nuclei-templates]
└─$ curl -v --request GET      --url https://api2.frontapp.com/me      --header 'Accept: application/json'      --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZXMiOlsicredacted]'
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 54.67.112.132:443...
* Connected to api2.frontapp.com (54.67.112.132) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=frontapp.com
*  start date: Feb 24 00:00:00 2022 GMT
*  expire date: Mar 25 23:59:59 2023 GMT
*  subjectAltName: host "api2.frontapp.com" matched cert's "*.frontapp.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56320a103110)
> GET /me HTTP/2
> Host: api2.frontapp.com
> user-agent: curl/7.81.0
> accept: application/json
> authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZXMiOlsic[redacted]
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< date: Sat, 21 May 2022 16:45:18 GMT
< content-type: application/json; charset=utf-8
< content-length: 121
< x-protected-by: Sqreen
< x-ratelimit-limit: 100
< x-ratelimit-remaining: 98
< x-ratelimit-reset: 1653151544.165
< etag: W/"79-oDDuPTXIjhTTyzCzbC4KyNj1erQ"
< x-front-time: 121
<
* Connection #0 to host api2.frontapp.com left intact
{"_links":{"self":"https://[redacted].api.frontapp.com/me"},"name":"[redacted]","id":"[redacted]"}
ezoic increase your site revenue