search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.27k stars 2.63k forks source link

[nuclei-template] substack.com user user detection (osint) #10350

Closed cheesymoon closed 3 months ago

cheesymoon commented 3 months ago

Template Information:

Very basic user enumeration on substack.com

Nuclei Template:

id: substack

info:
  name: substack.com User Name Information - Detect
  author: cheesymoon
  severity: info
  description: substack.com user name information check was conducted.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: osint,substack

self-contained: true

http:
  - method: GET
    path:
      - "https://substack.com/@{{user}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        negative: true
        words:
          - "No people found for"

      - type: word
        part: body
        words:
          - "@{{user}}"

image

ritikchaddha commented 3 months ago

Hello @cheesymoon, thank you so much for sharing this template with the community and contributing to this project 🍻