1
id: pd-nuclei-auth-test
2

3
info:
4
  name: ProjectDiscovery Test Dev Servers
5
  author: pdteam
6
  description: |
7
    This is a auth file for ProjectDiscovery dev servers.
8
    It contains auth data of all projectdiscovery dev servers.
9

10
# Note: this is a dummy example file. none of the secrets here are real.
11

12
# static secrets
13
static:
14
  # for header based auth session
15
  # NOTE: Headers preserve exact casing (e.g., x-pdcp-key stays as x-pdcp-key)
16
  # This is useful for APIs that require case-sensitive header names
17
  - type: header
18
    domains:
19
      - api.projectdiscovery.io
20
      - cve.projectdiscovery.io
21
      - chaos.projectdiscovery.io
22
    headers:
23
      - key: x-pdcp-key
24
        value: <api-key-here>
25
      - key: barAuthToken
26
        value: <auth-token-here>
27

28
  # for query based auth session
29
  - type: Query
30
    domains:
31
      - scanme.sh
32
    params:
33
      - key: token
34
        value: 1a2b3c4d5e6f7g8h9i0j
35

36
  # for cookie based auth session
37
  - type: Cookie
38
    domains:
39
      - scanme.sh
40
    cookies:
41
      - key: PHPSESSID
42
        value: 1a2b3c4d5e6f7g8h9i0j
43

44
  # for basic auth session
45
  - type: BasicAuth
46
    domains:
47
      - scanme.sh
48
    username: test
49
    password: test
50

51
  # for authorization bearer token
52
  - type: BearerToken
53
    domains-regex:
54
      - .*scanme.sh
55
      - .*pdtm.sh
56
    token: test
57

58

59
# dynamic secrets (powered by nuclei-templates)
60
dynamic:
61
  - template: /path/to/wordpress-login.yaml
62
    variables:
63
      - name: username
64
        value: pdteam
65
      - name: password
66
        value: nuclei-v3.2.0
67
    type: Cookie
68
    domains:
69
      - localhost:8080
70
    cookies:
71
      - raw: "{{wp-global-cookie}}"
72
      - raw: "{{wp-admin-cookie}}"
73
      - raw: "{{wp-plugin-cookie}}"
74

75

76