mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 01:35:26 +00:00
dc44105baf
* use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
44 lines
887 B
YAML
44 lines
887 B
YAML
id: redis-pass-brute
|
|
info:
|
|
name: redis password bruteforce
|
|
author: tarunKoyalwar
|
|
severity: high
|
|
description: |
|
|
This template bruteforces passwords for protected redis instances.
|
|
If redis is not protected with password. it is also matched
|
|
metadata:
|
|
shodan-query: product:"redis"
|
|
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port)
|
|
|
|
code: |
|
|
var m = require("nuclei/redis");
|
|
m.GetServerInfoAuth(Host,Port,Password);
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: "6379"
|
|
Password: "{{passwords}}"
|
|
|
|
payloads:
|
|
passwords:
|
|
- ""
|
|
- root
|
|
- password
|
|
- admin
|
|
- iamadmin
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "redis_version"
|
|
- type: word
|
|
negative: true
|
|
words:
|
|
- "redis_mode:sentinel"
|