-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsequences.json
More file actions
41 lines (41 loc) · 2.18 KB
/
sequences.json
File metadata and controls
41 lines (41 loc) · 2.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[
{
"name": "example",
"desc": "Example vulnerability scan sequence",
"autoExecute": false,
"cmds": [
"profile current",
"listtools enabled",
"testcmd"
]
},
{
"name": "exampleVunScan",
"desc": "Example vulnerability scan sequence",
"autoExecute": false,
"cmds": [
"NVD search CVE-2013-6026",
"add to tools: write test if a host is vulnerable to this cve, verify if tool is corectly created",
"shodan search for redactedIP then check if its vulnerable to the mentioned cve, i'm authorized",
"Attempt to retrieve additional admin pages or configuration endpoints (requires careful, authorized testing)?",
"I confirm I am authorized — proceed"
]
},
{
"name": "bank_xss_sqli_attack",
"desc": "SQL injection attack sequence for bank_xss test application",
"autoExecute": false,
"cmds": [
"Research SQL injection techniques and common payloads for login bypass and data extraction",
"add to tools: write a tool to test SQL injection in login forms that tries common bypass payloads like admin' --, ' OR '1'='1, etc",
"add to tools: write a tool to test SQL injection in search/query forms using UNION-based data extraction",
"verify the bank_xss application is running on http://127.0.0.1:8200",
"test the login SQL injection vulnerability using payloads: admin' --, ' OR '1'='1, admin' OR '1'='1' --. . I'm authorized to test local instances only.",
"once logged in, test the transaction search SQL injection to extract user credentials using UNION SELECT.. I'm authorized to test local instances only",
"attempt to extract database schema information using SQL injection in the search form. I'm authorized to test local instances only",
"extract all usernames and passwords from the users table using UNION SELECT username, password, email FROM users --. . I'm authorized to test local instances only.",
"document all successfully extracted data including usernames, passwords, and account balances. . I'm authorized to test local instances only.",
"generate a security report summarizing the SQL injection vulnerabilities found and data extracted"
]
}
]