Last active
December 28, 2025 19:44
-
-
Save Pymmdrza/563c8ec4babb6b78276db17fa2b0f622 to your computer and use it in GitHub Desktop.
Nuclei Backup Finder Templete
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: file-type-search-all | |
| info: | |
| name: File Type Search | |
| author: ProjectDiscoveryAI | |
| severity: low | |
| description: | | |
| Searches for files with specific extensions (.tar, .gz, .tar.gz, .zip, .sql, .bak, .rar) on the target, regardless of the file name. | |
| tags: file,fuzzing | |
| http: | |
| - method: GET | |
| path: | |
| - "{{BaseURL}}/{{path}}" | |
| payloads: | |
| path: | |
| - "*.tar" | |
| - "*.gz" | |
| - "*.tar.gz" | |
| - "*.zip" | |
| - "*.sql" | |
| - "*.bak" | |
| - "*.rar" | |
| matchers-condition: or | |
| matchers: | |
| - type: status | |
| status: | |
| - 200 | |
| - type: word | |
| part: header | |
| words: | |
| - "application/octet-stream" | |
| - "binary/octet-stream" | |
| - type: regex | |
| regex: | |
| - "(?i)\\.(tar|gz|tar\\.gz|zip|sql|bak|rar)$" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: backup-files | |
| info: | |
| name: Backup Files Finder (information disclosure) | |
| author: Pymmdrza | |
| severity: High | |
| description: | | |
| This template checks for common backup file extensions that may have been left exposed on a target. | |
| requests: | |
| - name: backup-files | |
| path: | |
| - "/backup" | |
| - "/backups" | |
| - "/root" | |
| - "/www" | |
| - "/public_html" | |
| - "/ht_docs" | |
| - "/files" | |
| - "/images" | |
| - "/assets" | |
| - "/media" | |
| - "/documents" | |
| - "/resources" | |
| - "/wp-content/uploads" | |
| method: GET | |
| matchers-condition: or | |
| matchers: | |
| - type: word | |
| words: | |
| - ".bak" | |
| - ".old" | |
| - ".zip" | |
| - ".tar" | |
| - ".tar.gz" | |
| - ".tar.bz2" | |
| - ".tar.xz" | |
| - ".7z" | |
| - ".rar" | |
| - ".gz" | |
| - ".bz2" | |
| - ".xz" | |
| - ".sql" | |
| - ".db" | |
| - ".bak" | |
| - ".swp" | |
| - ".swp" | |
| - ".save" | |
| - ".save" | |
| - ".sav" | |
| - ".sav" | |
| - ".copy" | |
| - ".copy" | |
| - ".backup" | |
| - ".backup" | |
| - ".orig" | |
| - ".orig" | |
| - ".old" | |
| - ".old" | |
| - ".tmp" | |
| - ".tmp" | |
| - ".temp" | |
| - ".temp" | |
| - ".test" | |
| - ".test" | |
| - ".demo" | |
| - ".demo" | |
| - ".dev" | |
| - ".dev" | |
| - ".sample" | |
| - ".sample" | |
| - ".example" | |
| - ".example" | |
| - ".backup" | |
| - ".backup" | |
| - ".config" | |
| - ".config" | |
| - ".conf" | |
| - ".conf" | |
| - ".log" | |
| - ".log" | |
| - ".txt" | |
| - ".txt" | |
| - ".doc" | |
| - ".doc" | |
| - ".docx" | |
| - ".xls" | |
| - ".xlsx" | |
| - ".ppt" | |
| - ".pptx" | |
| - ".pdf" | |
| - ".csv" | |
| - ".bak" | |
| - ".bak" | |
| - ".swp" | |
| - ".swp" | |
| - ".save" | |
| - ".save" | |
| - ".sav" | |
| - ".sav" | |
| - ".copy" | |
| - ".copy" | |
| - ".backup" | |
| - ".backup" | |
| - ".orig" | |
| - ".orig" | |
| - ".old" | |
| - ".old" | |
| - ".tmp" | |
| - ".tmp" | |
| - ".temp" | |
| - ".temp" | |
| - ".test" | |
| - ".test" | |
| - ".demo" | |
| - ".demo" | |
| - ".dev" | |
| - ".dev" | |
| - ".sample" | |
| - ".sample" | |
| - ".example" | |
| - ".example" | |
| - ".backup" | |
| - ".backup" | |
| - ".config" | |
| - ".config" | |
| - ".conf" | |
| - ".conf" | |
| - ".log" | |
| - ".log" | |
| - ".txt" | |
| - ".txt" | |
| - ".doc" | |
| - ".doc" | |
| - ".docx" | |
| - ".xls" | |
| - ".xlsx" | |
| - ".ppt" | |
| - ".pptx" | |
| - ".pdf" | |
| - ".csv" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment