Source Code Enumeration Detection by Keyword

Detects source code enumeration that use GET requests by keyword searches in URL strings

Sigma rule (View on GitHub)

 1title: Source Code Enumeration Detection by Keyword
 2id: 953d460b-f810-420a-97a2-cfca4c98e602
 3status: test
 4description: Detects source code enumeration that use GET requests by keyword searches in URL strings
 5references:
 6    - https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html
 7    - https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1
 8author: James Ahearn
 9date: 2019/06/08
10modified: 2022/10/05
11tags:
12    - attack.discovery
13    - attack.t1083
14logsource:
15    category: webserver
16detection:
17    keywords:
18        - '.git/'
19    condition: keywords
20fields:
21    - client_ip
22    - vhost
23    - url
24    - response
25falsepositives:
26    - Unknown
27level: medium

References

Related rules

to-top