nuclei/integration_tests/protocols/javascript/redis-pass-brute.yaml

id: redis-pass-brute
info:
  name: redis password bruteforce
  author: tarunKoyalwar
  severity: high
  description: |
    This template bruteforces passwords for protected redis instances.
    If redis is not protected with password. it is also matched
  metadata:
    shodan-query: product:"redis"


javascript:
  - pre-condition: |
      isPortOpen(Host,Port)

    code: |
      var m = require("nuclei/redis");
      m.GetServerInfoAuth(Host,Port,Password);

    args:
      Host: "{{Host}}"
      Port: "6379"
      Password: "{{passwords}}"

    payloads:
      passwords:
        - ""
        - root
        - password
        - admin
        - iamadmin
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "redis_version"
      - type: word
        negative: true
        words:
          - "redis_mode:sentinel"
javascript protocol for scripting (includes 15+ proto libs) (#4109) * rebase js-layer PR from @ice3man543 * package restructuring * working * fix duplicated event & matcher status * fix lint error * fix response field * add new functions * multiple minor improvements * fix incorrect stats in js protocol * sort output metadata in cli * remove temp files * remove dead code * add unit and integration test * fix lint error * add jsdoclint using llm * fix error in test * add js lint using llm * generate docs of libs * llm lint * remove duplicated docs * update generated docs * update prompt in doclint * update docs * temp disable version check test * fix unit test and add retry * fix panic in it * update and move jsdocs * updated jsdocs * update docs * update container platform in test * dir restructure and adding docs * add api_reference and remove markdown docs * fix imports * add javascript design and contribution docs * add js protocol documentation * update integration test and docs * update doc ext mdx->md * minor update to docs * new integration test and more * move go libs and add docs * gen new net docs and more * final docs update * add new devtool * use fastdialer * fix build fail * use fastdialer + network sandbox support * add reserved keyword 'Port' * update Port to new syntax * misc update * always enable templatectx in js protocol * move docs to 'js-proto-docs' repo * remove scrapefuncs binary --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-09-16 16:02:17 +05:30			`id: redis-pass-brute`
			`info:`
			`name: redis password bruteforce`
			`author: tarunKoyalwar`
			`severity: high`
			`description: \|`
			`This template bruteforces passwords for protected redis instances.`
			`If redis is not protected with password. it is also matched`
			`metadata:`
			`shodan-query: product:"redis"`


			`javascript:`
			`- pre-condition: \|`
			`isPortOpen(Host,Port)`

			`code: \|`
			`var m = require("nuclei/redis");`
			`m.GetServerInfoAuth(Host,Port,Password);`

			`args:`
			`Host: "{{Host}}"`
			`Port: "6379"`
			`Password: "{{passwords}}"`

			`payloads:`
			`passwords:`
			`- ""`
			`- root`
			`- password`
			`- admin`
			`- iamadmin`
			`stop-at-first-match: true`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "redis_version"`
			`- type: word`
			`negative: true`
			`words:`
			`- "redis_mode:sentinel"`