Implement 13 new Nuclei Templates for ASVS 4.0.3 Compliance Checks

.github/scripts/update-readme.py

@@ -0,0 +1,88 @@
+import os
+import re
+import math
+
+# Function to find .yaml files recursively in all directories under templates
+def find_yaml_files(root_dir):
+    yaml_files = []
+    for dirpath, _, filenames in os.walk(root_dir):
+        for filename in filenames:
+            if filename.endswith('.yaml') and re.match(r'(\d+\.)+\d+\.yaml', filename):
+                yaml_files.append(os.path.join(dirpath, filename))
+    return yaml_files
+
+# Function to list all templates with a default ❌ mark
+def initialize_template_status(yaml_files):
+    template_status = {}
+    for file in yaml_files:
+        base_name = os.path.splitext(os.path.basename(file))[0]
+        template_status[base_name] = "❌"  # Default to ❌
+    return template_status
+
+# Function to check if a related vulnerable page exists and update the status
+def update_vulnerable_status(template_status, vuln_dir):
+    for vuln_file in os.listdir(vuln_dir):
+        if vuln_file.startswith("ASVS_"):
+            base_name = vuln_file.replace("ASVS_", "").replace("_", ".")
+            if base_name in template_status:
+                template_status[base_name] = f'<a href="https://snbig.github.io/Vulnerable-Pages/{vuln_file}">✔️</a>' # Update to ✔️ if found
+
+# Function to update README.md with a table (4 columns: Template Name, Vulnerable Page, Template Name, Vulnerable Page)
+def update_readme(template_status, root_dir):
+    readme_file = 'README.md'
+    github_base_url = "https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/"
+
+    try:
+        with open(readme_file, 'r', encoding='utf-8') as file:
+            readme_content = file.read()
+
+        # Sort templates based on the first two sections of the version number
+        sorted_templates = sorted(template_status.items(), key=lambda x: tuple(map(int, x[0].split(".")[:2])))
+
+        # Create table rows with 4 columns
+        table_rows = ""
+        for i in range(0, len(sorted_templates), 2):
+            # Take two templates at a time
+            row_templates = sorted_templates[i:i + 2]
+            row_html = ""
+            for file_name, status in row_templates:
+                file_path = next(file for file in yaml_files if file_name in file)  # Find full file path
+                file_url = github_base_url + file_path.replace(os.sep, '/')  # Convert path to GitHub URL
+                file_link = f'<a href="{file_url}">{file_name}</a>'
+                row_html += f"<td>{file_link}</td><td align='center'>{status}</td>"
+            table_rows += f"<tr>{row_html}</tr>\n"
+
+        table_html = f'''<h2 align="center">Available Templates</h2>
+<table border="1" cellpadding="5" cellspacing="0" align="center">
+<tr><th>Template Name</th><th>Vulnerable Page</th><th>Template Name</th><th>Vulnerable Page</th></tr>
+{table_rows}
+</table>
+</center>
+'''
+
+        if "<h2 align=\"center\">Available Templates</h2>" in readme_content:
+            h2_index = readme_content.index("<h2 align=\"center\">Available Templates</h2>")
+            readme_content = readme_content[:h2_index]
+
+        readme_content += f'{table_html}'
+        with open(readme_file, 'w', encoding='utf-8') as file:
+            file.write(readme_content)
+
+        print("README.md updated successfully.")
+
+    except FileNotFoundError:
+        print(f"{readme_file} not found.")
+    except Exception as e:
+        print(f"An error occurred: {e}")
+
+if __name__ == '__main__':
+    root_dir = 'templates'
+    vuln_dir = 'Vulnerable-Pages'
+    yaml_files = find_yaml_files(root_dir)
+
+    if yaml_files:
+        template_status = initialize_template_status(yaml_files)
+        update_vulnerable_status(template_status, vuln_dir)
+        update_readme(template_status, root_dir)
+    else:
+        print("No matching YAML files found.")

.github/workflows/syntax-checking.yml

@@ -2,6 +2,8 @@ name: ❄️ YAML Lint
 
 on: 
   push:
+    paths:
+      - '**.yaml'
   pull_request:
     paths:
       - '**.yaml'

.github/workflows/template-sign.yml

@@ -14,8 +14,9 @@ jobs:
     if: github.repository == 'OWASP/www-project-asvs-security-evaluation-templates-with-nuclei'
     steps:
       - uses: actions/checkout@v4
-
       - uses: projectdiscovery/actions/setup/nuclei@v1
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
       - run: nuclei -lfa -duc -sign -ud $GITHUB_WORKSPACE -t .
         env:
           NUCLEI_USER_CERTIFICATE: ${{ secrets.NUCLEI_USER_CERTIFICATE }}

.github/workflows/template-validate.yml

@@ -2,6 +2,8 @@ name: 🛠 Template Validate
 
 on:
   push:
+    paths:
+      - '**.yaml'
   pull_request:
     paths:
       - '**.yaml'
@@ -26,5 +28,6 @@ jobs:
       - name: Template Validation
         run: |
           cp -r ${{ github.workspace }}/templates /home/runner/nuclei-templates
+          cd /home/runner/nuclei-templates
           nuclei -duc -validate -allow-local-file-access
           nuclei -duc -validate -allow-local-file-access -w /home/runner/nuclei-templates/workflows

.github/workflows/update-readme.yml

@@ -0,0 +1,56 @@
+name: Update README with Templates
+
+on:
+  push:
+    branches:
+      - dev
+    paths:
+      - '**.yaml'
+  pull_request:
+    branches:
+      - dev
+
+jobs:
+  update-readme:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+        with:
+          submodules: true  # Ensure submodules are initialized and updated
+
+      - name: Initialize and update submodules (if needed)
+        run: git submodule update --init --recursive
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Run Python script to update README
+        run: python .github/scripts/update-readme.py
+
+      # Set up GPG for commit signing
+      - name: Set up GPG
+        run: |
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
+          git config --global user.name "Signing Bot"
+          git config --global user.email "[email protected]"
+          git config --global commit.gpgSign true
+          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
+
+      # Commit changes with GPG signing
+      - name: Commit changes if any
+        run: |
+          git add README.md
+          if ! git diff --cached --quiet; then
+            git commit -S -m "Update README table"
+          else
+            echo "No changes to commit"
+          fi
+
+      # Push changes
+      - name: Push changes
+        run: |
+          git pull origin dev --rebase
+          git push origin dev

README.md

@@ -30,4 +30,32 @@ For detailed information and guidelines about contributing in developing templat
 
 #### Core Team
 The project current core team are:
-- [Hamed Salimain](https://github.com/Snbig)  (Project Leader)
+- [Hamed Salimian](https://github.com/Snbig)  (Project Leader)
+- [AmirHossein Raeisi](https://github.com/Ahsraeisi)  (Project Co-Leader)
+- [Masoud Abdaal](https://github.com/MasoudAbdaal)  (Contributor)
+- [AmirMohammad Ahmadi](https://github.com/)  (Contributor)
+<h2 align="center">Available Templates</h2>
+<table border="1" cellpadding="5" cellspacing="0" align="center">
+<tr><th>Template Name</th><th>Vulnerable Page</th><th>Template Name</th><th>Vulnerable Page</th></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/2.1.11.yaml">2.1.11</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_2_1_11">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.1.1.yaml">3.1.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.4.1.yaml">3.4.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.4.2.yaml">3.4.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.5.yaml">5.1.5</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_1_5">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.2.yaml">5.1.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.1.yaml">5.1.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.1.yaml">5.2.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.5.1.yaml">5.2.5.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.6.yaml">5.2.6</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/5.3.3.1.yaml">5.3.3.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.3.2.yaml">5.3.3.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.9.yaml">5.3.9</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.5.2.yaml">5.5.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/8.2.1.yaml">8.2.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.3.yaml">9.1.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.2.yaml">9.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/12.1.1.yaml">12.1.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_1_1">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/code/12.1.1.2.yaml">12.1.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.3.3.yaml">12.3.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.6.1.yaml">12.6.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_6_1">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/13.1.3.yaml">13.1.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.1.yaml">13.2.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.3.yaml">13.2.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.2.yaml">13.2.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_2_2">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.3.1.yaml">13.3.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_3_1">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/14.2.3.yaml">14.2.3</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/workflows/14.3.2.yaml">14.3.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.4.yaml">14.4.4</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.3.yaml">14.4.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.5.yaml">14.4.5</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.7.yaml">14.4.7</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.1.yaml">14.4.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.6.yaml">14.4.6</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.2.yaml">14.4.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.1.yaml">14.5.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.3.yaml">14.5.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_3">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.2.yaml">14.5.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_2">✔️</a></td></tr>
+
+</table>
+</center>

templates/13.2.3.yaml

@@ -0,0 +1,46 @@
+id: ASVS-4-0-3-V13-2-3
+
+info:
+  name: ASVS 13.2.3 Check
+  author: Masoud Abdaal
+  severity: medium
+  classification:
+    cwe-id: CWE-352
+  reference:
+    - https://github.com/OWASP/ASVS/blob/master/4.0/en/0x21-V13-API.md#v132-restful-web-service
+  tags: asvs,13.2.3
+  description: |
+     Verify that RESTful web services that utilize cookies are protected from Cross-Site Request Forgery via the use of at least one or more of the following: double submit cookie pattern, CSRF nonces, or Origin request header checks
+
+http:
+  - raw:
+      - |
+        GET {{BaseURL}} HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{origin_schema}}{{origin_host}}{{origin_port}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
+        Accept: */*
+
+    cookie-reuse: true
+    payloads:
+      origin_host:
+        - 127.0.0.1
+        - localhost
+        - '{{resolve("{{FQDN}}")}}'
+      origin_schema:
+        - http://
+        - https://
+      origin_port:
+        -
+        - :80
+        - :443
+    attack: clusterbomb
+
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        name: 'Access Restriction Bypass Via Origin Spoof'
+        dsl:
+          - status_code < 210 && status_code >= 200
+          - to_number(forbidden_status_code) != status_code
+# digest: 490a00463044022050741006143f221ad95a93394da23c3bd73610d9f22873f039394a22c85958b602205cf0afc9b7f7a0628148c24168902290446034a0a136daab47024b7cd8750ef8:236a7c23afe836fbe231d6e037cff444

templates/3.1.1.yaml

@@ -0,0 +1,34 @@
+id: ASVS-4-0-3-V3-1-1
+
+info:
+  name: ASVS 3.1.1 Check
+  author: Hamed Salimian
+  severity: medium
+  classification:
+    cwe-id: CWE-598
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables.html
+    - https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/Web/session-id.txt
+  tags: asvs,3.1.1
+  description: |
+    Verify the application never reveals session tokens in URL parameters.
+
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    redirects: true
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - (i?)((https?|wss?))?(://)?[^\s?]+(?:\?|&)(?:session|sessionID|ASP.NET_SessionId|ASPSESSIONID|SITESERVER|cfid|cftoken|jsessionid|sessid|sid|viewstate|zenid|PHPSESSID|ConsumerKey|ConsumerSecret|DB_USERNAME|HEROKU_API_KEY|HOMEBREW_GITHUB_API_TOKEN|JEKYLL_GITHUB_TOKEN|PT_TOKEN|SESSION_TOKEN|SF_USERNAME|SLACK_BOT_TOKEN|access-token|access_token|access_token_secret|accesstoken|admin|api-key|api_key|api_secret_key|api_token|auth_token|authkey|authorization|authorization_key|authorization_token|authtoken|aws_access_key_id|aws_secret_access_key|bearer|bot_access_token|bucket|client-secret|client_id|client_key|client_secret|clientsecret|consumer_key|consumer_secret|dbpasswd|email|encryption-key|encryption_key|encryptionkey|id_dsa|irc_pass|key|oauth_token|pass|password|private_key|private-key|privatekey|secret|secret-key|secret_key|secret_token|secretkey|secretkey|session_key|session_secret|slack_api_token|slack_secret_token|slack_token|ssh-key|ssh_key|sshkey|token|username|xoxa-2|xoxr)=[^&\s]+
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - (i?)((https?|wss?))?(://)?[^\s?]+(?:\?|&)(?:session|sessionID|ASP.NET_SessionId|ASPSESSIONID|SITESERVER|cfid|cftoken|jsessionid|sessid|sid|viewstate|zenid|PHPSESSID|ConsumerKey|ConsumerSecret|DB_USERNAME|HEROKU_API_KEY|HOMEBREW_GITHUB_API_TOKEN|JEKYLL_GITHUB_TOKEN|PT_TOKEN|SESSION_TOKEN|SF_USERNAME|SLACK_BOT_TOKEN|access-token|access_token|access_token_secret|accesstoken|admin|api-key|api_key|api_secret_key|api_token|auth_token|authkey|authorization|authorization_key|authorization_token|authtoken|aws_access_key_id|aws_secret_access_key|bearer|bot_access_token|bucket|client-secret|client_id|client_key|client_secret|clientsecret|consumer_key|consumer_secret|dbpasswd|email|encryption-key|encryption_key|encryptionkey|id_dsa|irc_pass|key|oauth_token|pass|password|private_key|private-key|privatekey|secret|secret-key|secret_key|secret_token|secretkey|secretkey|session_key|session_secret|slack_api_token|slack_secret_token|slack_token|ssh-key|ssh_key|sshkey|token|username|xoxa-2|xoxr)=[^&\s]+
+# digest: 4a0a0047304502200b04f148664841a92e2869491bb697da5a91b249b52641cce2fd21b2af3ed58e022100c90f5e35cb5924de9cc68967dfb48baae881590e336956b906b90e7730ca7bdc:236a7c23afe836fbe231d6e037cff444