hnd3884
diff --git a/‎.github/workflows/tests.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/tests.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.new-additions‎
Lines changed: 35 additions & 116 deletions b/‎.new-additions‎
Lines changed: 35 additions & 116 deletions
diff --git a/‎cloud/aws/cloudformation/stack-notification-disabled.yaml‎
Lines changed: 59 additions & 0 deletions b/‎cloud/aws/cloudformation/stack-notification-disabled.yaml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎cloud/aws/cloudformation/stack-policy-not-inuse.yaml‎
Lines changed: 61 additions & 0 deletions b/‎cloud/aws/cloudformation/stack-policy-not-inuse.yaml‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎cloud/aws/cloudformation/stack-termination-disabled.yaml‎
Lines changed: 59 additions & 0 deletions b/‎cloud/aws/cloudformation/stack-termination-disabled.yaml‎
Lines changed: 59 additions & 0 deletions
@@ -32,6 +32,9 @@ jobs:
     needs: lint
     runs-on: ubuntu-latest
     if: github.repository == 'projectdiscovery/nuclei-templates'
+    permissions:
+      issues: write
+      pull-requests: write
     env:
       HONEYPOT_URL: 'http://honey.scanme.sh'
     steps:
 
@@ -1,116 +1,35 @@
-cloud/aws/dms/dms-multi-az.yaml
-cloud/aws/dms/dms-public-access.yaml
-cloud/aws/dms/dms-version-upgrade.yaml
-cloud/aws/ebs/ebs-encryption-disabled.yaml
-cloud/aws/efs/efs-encryption-disabled.yaml
-cloud/aws/elasticache/cache-automatic-backups-disabled.yaml
-cloud/aws/elasticache/cache-event-notification-disabled.yaml
-cloud/aws/elasticache/cache-redis-encryption-disabled.yaml
-cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml
-cloud/aws/firehose/firehose-server-destination-encryption.yaml
-cloud/aws/firehose/firehose-server-side-encryption.yaml
-cloud/aws/guardduty/guardduty-findings.yaml
-cloud/aws/guardduty/guardduty-not-enabled.yaml
-cloud/aws/guardduty/malware-protection-disabled.yaml
-cloud/aws/guardduty/s3-protection-disabled.yaml
-cloud/aws/inspector2/inspector2-disabled.yaml
-cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml
-cloud/aws/rds/rds-automated-backup-disabled.yaml
-cloud/aws/rds/rds-backtrack-disabled.yaml
-cloud/aws/rds/rds-cluster-protection-disabled.yaml
-cloud/aws/rds/rds-copy-snap.yaml
-cloud/aws/rds/rds-insights-disabled.yaml
-cloud/aws/rds/rds-instance-autoscaling-disabled.yaml
-cloud/aws/rds/rds-log-export-disabled.yaml
-cloud/aws/rds/rds-multi-az.yaml
-cloud/aws/rds/rds-public-access.yaml
-cloud/aws/route53/route53-dns-query-disabled.yaml
-cloud/aws/route53/route53-dnssec-signing-disabled.yaml
-dast/cves/2024/CVE-2024-2961.yaml
-http/cnvd/2024/CNVD-2024-38747.yaml
-http/cves/2015/CVE-2015-8562.yaml
-http/cves/2016/CVE-2016-9299.yaml
-http/cves/2017/CVE-2017-5868.yaml
-http/cves/2018/CVE-2018-7192.yaml
-http/cves/2018/CVE-2018-7193.yaml
-http/cves/2018/CVE-2018-7196.yaml
-http/cves/2019/CVE-2019-8943.yaml
-http/cves/2021/CVE-2021-38156.yaml
-http/cves/2021/CVE-2021-45811.yaml
-http/cves/2023/CVE-2023-1315.yaml
-http/cves/2023/CVE-2023-1317.yaml
-http/cves/2023/CVE-2023-1318.yaml
-http/cves/2023/CVE-2023-2745.yaml
-http/cves/2023/CVE-2023-38040.yaml
-http/cves/2023/CVE-2023-39560.yaml
-http/cves/2023/CVE-2023-40748.yaml
-http/cves/2023/CVE-2023-40749.yaml
-http/cves/2023/CVE-2023-40750.yaml
-http/cves/2023/CVE-2023-40751.yaml
-http/cves/2023/CVE-2023-40752.yaml
-http/cves/2023/CVE-2023-40753.yaml
-http/cves/2023/CVE-2023-40755.yaml
-http/cves/2023/CVE-2023-40931.yaml
-http/cves/2023/CVE-2023-43373.yaml
-http/cves/2023/CVE-2023-5558.yaml
-http/cves/2023/CVE-2023-5561.yaml
-http/cves/2024/CVE-2024-22476.yaml
-http/cves/2024/CVE-2024-32735.yaml
-http/cves/2024/CVE-2024-32736.yaml
-http/cves/2024/CVE-2024-32737.yaml
-http/cves/2024/CVE-2024-32738.yaml
-http/cves/2024/CVE-2024-32739.yaml
-http/cves/2024/CVE-2024-35584.yaml
-http/cves/2024/CVE-2024-3656.yaml
-http/cves/2024/CVE-2024-39713.yaml
-http/cves/2024/CVE-2024-43360.yaml
-http/cves/2024/CVE-2024-44349.yaml
-http/cves/2024/CVE-2024-4439.yaml
-http/cves/2024/CVE-2024-45216.yaml
-http/cves/2024/CVE-2024-45488.yaml
-http/cves/2024/CVE-2024-46310.yaml
-http/cves/2024/CVE-2024-48914.yaml
-http/cves/2024/CVE-2024-49757.yaml
-http/cves/2024/CVE-2024-5910.yaml
-http/cves/2024/CVE-2024-8698.yaml
-http/cves/2024/CVE-2024-9061.yaml
-http/cves/2024/CVE-2024-9234.yaml
-http/cves/2024/CVE-2024-9593.yaml
-http/cves/2024/CVE-2024-9617.yaml
-http/cves/2024/CVE-2024-9796.yaml
-http/default-logins/apache/doris-default-login.yaml
-http/default-logins/sato/sato-default-login.yaml
-http/default-logins/zebra/zebra-printer-default-login.yaml
-http/exposed-panels/1password-scim-panel.yaml
-http/exposed-panels/danswer-panel.yaml
-http/exposed-panels/freescout-panel.yaml
-http/exposed-panels/nagios/nagios-logserver-panel.yaml
-http/exposed-panels/olympic-panel.yaml
-http/exposed-panels/onedev-panel.yaml
-http/exposed-panels/paloalto-expedition-panel.yaml
-http/exposed-panels/reolink-panel.yaml
-http/exposed-panels/sqlpad-panel.yaml
-http/exposed-panels/traccar-panel.yaml
-http/exposed-panels/txadmin-panel.yaml
-http/exposed-panels/usermin-panel.yaml
-http/exposed-panels/veritas-netbackup-panel.yaml
-http/exposed-panels/vmware-aria-panel.yaml
-http/misconfiguration/installer/nagios-logserver-installer.yaml
-http/misconfiguration/redpanda-console.yaml
-http/misconfiguration/root-path-disclosure.yaml
-http/misconfiguration/unauth-cyber-power-systems.yaml
-http/takeovers/wasabi-bucket-takeover.yaml
-http/technologies/accellion-detect.yaml
-http/technologies/gradio-detect.yaml
-http/technologies/lollms-webui-detect.yaml
-http/technologies/mirth-connect-detect.yaml
-http/technologies/oracle-fusion-detect.yaml
-http/technologies/salesforce-b2c-commerce-webdav.yaml
-http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
-http/vulnerabilities/nagios/nagios-xi-xss.yaml
-http/vulnerabilities/other/cyberpanel-rce.yaml
-http/vulnerabilities/wordpress/application-pass-xss.yaml
-http/vulnerabilities/wordpress/wp-footnote-xss.yaml
-http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
-http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
-passive/cves/2024/CVE-2024-40711.yaml
+cloud/aws/cloudformation/stack-notification-disabled.yaml
+cloud/aws/cloudformation/stack-policy-not-inuse.yaml
+cloud/aws/cloudformation/stack-termination-disabled.yaml
+cloud/aws/cloudfront/cloudfront-compress-object.yaml
+cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
+cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
+cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
+cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
+cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
+cloud/aws/cloudfront/cloudfront-origin-shield.yaml
+cloud/aws/cloudfront/cloudfront-security-policy.yaml
+cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
+cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
+cloud/aws/secrets-manager/secret-manager-not-inuse.yaml
+cloud/aws/secrets-manager/secret-rotation-interval.yaml
+cloud/aws/secrets-manager/secrets-rotation-disabled.yaml
+code/cves/2014/CVE-2014-0160.yaml
+file/logs/aspnet-framework-exceptions.yaml
+file/logs/nodejs-framework-exceptions.yaml
+http/cves/2019/CVE-2019-1003000.yaml
+http/cves/2024/CVE-2024-48360.yaml
+http/cves/2024/CVE-2024-4841.yaml
+http/cves/2024/CVE-2024-6049.yaml
+http/cves/2024/CVE-2024-6420.yaml
+http/exposed-panels/cyberpanel-panel.yaml
+http/exposed-panels/nexpose-panel.yaml
+http/exposed-panels/quivr-panel.yaml
+http/iot/ip-webcam.yaml
+http/miscellaneous/azure-blob-core-detect.yaml
+http/technologies/hubble-detect.yaml
+http/technologies/localai-detect.yaml
+http/technologies/pghero-detect.yaml
+http/technologies/wordpress/plugins/burst-statistics.yaml
+http/technologies/wordpress/plugins/flexmls-detect.yaml
+http/vulnerabilities/backdoor/lottie-backdoor.yaml
@@ -0,0 +1,59 @@
+id: stack-notification-disabled
+
+info:
+  name: CloudFormation Stack Notification - Disabled
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that your Amazon CloudFormation stacks are using SNS topics to send notifications when important events occur.
+  impact: |
+    Disabling CloudFormation Stack Notifications can lead to reduced visibility into stack events and errors, delaying the detection of issues and hindering effective monitoring of changes and deployments in the cloud environment.
+  remediation: |
+    Enable CloudFormation Stack Notifications by configuring SNS (Simple Notification Service) topics for your CloudFormation stack. This will ensure real-time alerts on stack events, including updates, errors, and resource creation, providing better monitoring and visibility.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-notification.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html
+  tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let StackSummaries of iterate(template.stacksummaries)){
+    set("stacksummary", StackSummaries)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws cloudformation list-stacks --region $region --stack-status-filter CREATE_COMPLETE --output json --query 'StackSummaries[*].StackName'
+
+    extractors:
+      - type: json
+        name: stacksummaries
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws cloudformation describe-stacks --region $region --stack-name $stacksummary --query 'Stacks[*].NotificationARNs[]'
+
+    matchers:
+      - type: word
+        words:
+          - '[]'
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"CloudFormation Stack Notification " + stacksummary + " is Disabled"'
+# digest: 4a0a0047304502207f53d34d64636fe7e6541bb58cbdcbbb1974db08099320070c23cf817bb50dc0022100ecc19fcf7cc0b0855d0f2be8e07d54d771245bbb69fcea3db558e41e94b200f1:922c64590222798bb761d5b6d8e72950
@@ -0,0 +1,61 @@
+id: stack-policy-not-inuse
+
+info:
+  name: CloudFormation Stack Policy - Not In Use
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure your AWS CloudFormation stacks are using policies as a fail-safe mechanism in order to prevent accidental updates to stack resources.
+  impact: |
+    Lack of a CloudFormation Stack Policy allows unrestricted modifications to stack resources, increasing the risk of unintended or harmful changes.
+  remediation: |
+    Implement a CloudFormation Stack Policy to restrict updates to critical resources, defining explicit rules for which resources can be modified during stack updates.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-policy.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html
+  tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let StackSummaries of iterate(template.stacksummaries)){
+    set("stacksummary", StackSummaries)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws cloudformation list-stacks --region $region --output json --query 'StackSummaries[*].StackName'
+
+    extractors:
+      - type: json
+        name: stacksummaries
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws cloudformation get-stack-policy --region $region --stack-name $stacksummary --output json
+
+    matchers:
+      - type: word
+        words:
+          - 'StackPolicyBody'
+          - 'Effect'
+        negative: true
+
+    extractors:
+      - type: dsl
+        dsl:
+          - 'stacksummary + " No Stack Policy In Use"'
+# digest: 4a0a00473045022100da187a67fe3eec97faa4155c6a575443b2fa3165741d9433ace3f33d5ca2547702206a349dfd6bcf0d2b2e60afe4094a6d6fe934c902794479de1b600aeb54f3dcb5:922c64590222798bb761d5b6d8e72950
@@ -0,0 +1,59 @@
+id: stack-termination-disabled
+
+info:
+  name: CloudFormation Termination Protection - Disabled
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that Termination Protection safety feature is enabled for your Amazon CloudFormation stacks in order to protect them from being accidentally deleted.
+  impact: |
+    Disabled termination protection increases the risk of accidental deletion of critical CloudFormation stacks.
+  remediation: |
+    Enable termination protection for critical CloudFormation stacks by setting TerminationProtection to true in the stack settings, preventing accidental deletions.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/stack-termination-protection.html
+    - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
+  tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let StackSummaries of iterate(template.stacksummaries)){
+    set("stacksummary", StackSummaries)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws cloudformation list-stacks --region $region --stack-status-filter CREATE_COMPLETE --output json --query 'StackSummaries[*].StackName'
+
+    extractors:
+      - type: json
+        name: stacksummaries
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws cloudformation describe-stacks --region $region --stack-name $stacksummary --query 'Stacks[*].EnableTerminationProtection' --output json
+
+    matchers:
+      - type: word
+        words:
+          - 'false'
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"CloudFormation Termination Protection " + stacksummary + " is Disabled"'
+# digest: 4b0a0048304602210088c7b52b7d5406c581b5ea4a344cf8418c1d1f90f0f0a5025a52ad1a9e6139d2022100c985ed046c7bda40aabed7ff5e453c5a2c74f4cc0d1905f411a56d2b095b4fa1:922c64590222798bb761d5b6d8e72950