Skip to content

Commit

Permalink
Update aws-detect.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritikchaddha
ritikchaddha authored Nov 19, 2023
1 parent 236d321 commit fa6f55d
Showing 1 changed file with 23 additions and 29 deletions.
52 changes: 23 additions & 29 deletions http/technologies/aws/aws-detect.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
id: aws-detect

info:
name: AWS Detect
name: AWS Service - Detect
author: 6mile
severity: info
description: Detect if AWS is being used in this target application
description: Detect if AWS is being used in the application.
reference:
- https://github.com/6mile/cloud-headers
classification:
cwe-id: CWE-200
tags: tech,aws,amazon,graphql,appsync,xray,kms,waf,alb,cloudfront,codebuild,git,api-gateway,dynamodb
metadata:
max-request: 1
tags: tech,aws,amazon,alb,cloudfront,codebuild,gateway,xray,captcha,dynamodb,kms

http:
- method: GET
Expand All @@ -20,107 +20,101 @@ http:

host-redirects: true
max-redirects: 3

matchers-condition: or
matchers:

- type: word
condition: or
#name: Main AWS Detection template
name: aws-service
part: header
case-insensitive: true
words:
- 'X-Amz-Cf-Id:'
- 'X-Amz-Cf-Pop:'
- 'Server: awselb/2.0'
- 'X-Amz-Server-Side-Encryption:'
- 'X-Amzn-Requestid:'
- 'X-Amzn-Errortype:'
- 'X-Amz-Apigw-Id:'
- 'X-Amz-Content-Sha256:'
- 'X-Amz-Date:'
- 'X-Amzn-Trace-Id:'
- 'X-Amz-Version-Id:'
- 'X-Amzn-Waf-Action:'
- 'X-Amz-Id-2:'
- 'X-Amz-Delete-Marker:'
- 'X-Amzn-Remapped-Connection:'
- 'X-Amzn-Remapped-Content-Length:'
- 'X-Amzn-Remapped-Date:'
condition: or
case-insensitive: true

- type: word
name: aws-alb
part: header
case-insensitive: true
words:
- 'Server: awselb/2.0'
- 'Set-Cookie: AWSALB='
- 'Set-Cookie: AWSALBCORS='
condition: or
case-insensitive: true

- type: word
name: aws-cloudfront
part: header
case-insensitive: true
words:
- 'X-Amz-Cf-Id:'
- 'X-Amz-Cf-Pop:'
condition: or
case-insensitive: true

- type: dsl
name: aws-cloudfront
condition: or
dsl:
- "contains(tolower(header), 'x-cache: hit from cloudfront')"
- "contains(tolower(header), 'x-cache: refreshhit from cloudfront')"
- "contains(tolower(header), 'x-cache: miss from cloudfront')"
- "contains(tolower(header), 'x-cache: error from cloudfront')"
condition: or

- type: word
name: aws-codebuild
part: header
case-insensitive: true
words:
- "arn: arn:aws:codebuild"
- 'X-Amz-Meta-Codebuild-Buildarn:'
- 'X-Amz-Meta-Codebuild-Content-Sha256:'
- 'X-Amz-Meta-Codebuild-Content-Md5:'
condition: or
case-insensitive: true

- type: word
name: aws-api-gateway
part: header
case-insensitive: true
words:
- 'X-Amz-Apigw-Id:'
- 'X-Amzn-Requestid:'
- 'X-Amzn-Errortype: MissingAuthenticationTokenException'
- 'X-Amzn-Remapped-Connection:'
- 'X-Amzn-Remapped-Content-Length:'
- 'X-Amzn-Remapped-Date:'
condition: or
case-insensitive: true

- type: word
name: aws-kms
part: header
case-insensitive: true
words:
- 'X-Amz-Server-Side-Encryption:'
condition: or
case-insensitive: true

- type: word
name: aws-xray
part: header
case-insensitive: true
words:
- 'X-Amzn-Trace-Id:'
condition: or
case-insensitive: true

- type: word
name: aws-waf-captcha
part: header
case-insensitive: true
words:
- 'X-Amzn-Waf-Action:'
condition: or
case-insensitive: true

- type: word
name: aws-dynamodb
part: header
case-insensitive: true
words:
- 'X-Amz-Crc32:'
- 'X-Amz-Target:'
condition: or
case-insensitive: true

0 comments on commit fa6f55d

Please sign in to comment.