diff --git a/http/exposed-panels/thruk-login.yaml b/http/exposed-panels/thruk-login.yaml
deleted file mode 100644
index 6708b94a76c..00000000000
--- a/http/exposed-panels/thruk-login.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-id: thruk-login
-
-info:
-  name: Thruk Monitoring Panel - Detect
-  author: ffffffff0x
-  severity: info
-  description: Thruk Monitoring panel was detected.
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cwe-id: CWE-200
-    cpe: cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:*
-  metadata:
-    max-request: 1
-    vendor: thruk
-    product: thruk
-    fofa-query:
-      - title=="Thruk Monitoring Webinterface"
-      - title=="thruk monitoring webinterface"
-      - body="thruk"
-    shodan-query: http.html:"thruk"
-  tags: thruk,panel
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/thruk/cgi-bin/login.cgi?thruk/"
-
-    host-redirects: true
-    max-redirects: 2
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Thruk Monitoring Webinterface</title>'
-
-      - type: word
-        part: header
-        words:
-          - "thruk_test="
-# digest: 4b0a00483046022100c164ecaab7ebe50c3a134d59987805dcfc86d3eb0db900c958d6720b9d814840022100c1db6b41eed13fb1978257d1c7d9450fdbcc3dc8612004940ed658021b353c0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposed-panels/thruk-panel.yaml b/http/exposed-panels/thruk-panel.yaml
new file mode 100644
index 00000000000..efa9012e866
--- /dev/null
+++ b/http/exposed-panels/thruk-panel.yaml
@@ -0,0 +1,45 @@
+id: thruk-panel
+
+info:
+  name: Thruk Login Panel - Detect
+  author: ffffffff0x,righettod
+  severity: info
+  description: Thruk Monitoring panel was detected.
+  reference:
+    - https://thruk.org/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cwe-id: CWE-200
+    cpe: cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 6
+    vendor: thruk
+    product: thruk
+    fofa-query:
+      - title=="Thruk Monitoring Webinterface"
+      - title=="thruk monitoring webinterface"
+      - body="thruk"
+    shodan-query: http.html:"thruk" || http.title:"thruk monitoring webinterface"
+  tags: thruk,panel,login
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    redirects: true
+    max-redirects: 6
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200 || status_code == 401'
+          - 'contains_any(to_lower(body), "<title>thruk monitoring webinterface</title>", "<title>thruk - monitoring webinterface</title>", "thruk_static_export") || contains_any(to_lower(header), "x-thruk-auth-key", "thruk_test=")'
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '(?i)version_info\s*=\s*.?([a-z0-9./\s.-]+).?'