diff --git a/nettacker/modules/scan/admin.yaml b/nettacker/modules/scan/admin.yaml index 94ea5f225..6fecc3ce0 100644 --- a/nettacker/modules/scan/admin.yaml +++ b/nettacker/modules/scan/admin.yaml @@ -44,3 +44,6 @@ payloads: status_code: regex: 200|403|401 reverse: false + content: + regex: (?i)(Cloudflare|Incapsula|Sucuri|Access Denied|Webroot|Error 403 Forbidden) + reverse: true diff --git a/nettacker/modules/scan/dir.yaml b/nettacker/modules/scan/dir.yaml index 6298a8530..4d38118c8 100644 --- a/nettacker/modules/scan/dir.yaml +++ b/nettacker/modules/scan/dir.yaml @@ -44,3 +44,6 @@ payloads: status_code: regex: 200|403|401 reverse: false + content: + regex: (?i)(Cloudflare|Incapsula|Sucuri|Access Denied|Webroot|Error 403 Forbidden) + reverse: true diff --git a/nettacker/modules/vuln/clickjacking.yaml b/nettacker/modules/vuln/clickjacking.yaml index 407221347..aa5a66c3a 100644 --- a/nettacker/modules/vuln/clickjacking.yaml +++ b/nettacker/modules/vuln/clickjacking.yaml @@ -36,11 +36,11 @@ payloads: conditions: headers: x-frame-options: - regex: ^((?!SAMEORIGIN|DENY).)+$ - reverse: false + regex: SAMEORIGIN|DENY + reverse: true Content-Security-Policy: - regex: ^((?!frame-ancestors|frame-src).)+$ - reverse: false + regex: frame-ancestors|frame-src + reverse: true content: - regex: ^((?!http-equiv=.*Content-Security-Policy.*content=.*(DENY|SAMEORIGIN)).)+$ - reverse: false + regex: http-equiv=.*Content-Security-Policy.*content=.*(DENY|SAMEORIGIN) + reverse: true diff --git a/nettacker/modules/vuln/subdomain_takeover.yaml b/nettacker/modules/vuln/subdomain_takeover.yaml index e05eb8142..42fa05213 100644 --- a/nettacker/modules/vuln/subdomain_takeover.yaml +++ b/nettacker/modules/vuln/subdomain_takeover.yaml @@ -33,8 +33,14 @@ payloads: - 80 - 443 response: - condition_type: or + condition_type: and conditions: + status_code: + regex: "403" + reverse: true + content: + regex: (?i)(Cloudflare|Incapsula|Sucuri|Access Denied|Webroot|Error 403 Forbidden) + reverse: true iterative_response_match: Aftership Takeover: response: