From 50c7a243f0190e9bd40888edc3f0d105e916c8a7 Mon Sep 17 00:00:00 2001 From: Matej Smycka Date: Wed, 22 Oct 2025 09:38:05 +0200 Subject: [PATCH] chore: add 'vuln','discovery' tags to new templates --- .../k8s-apiserver-anonymous-access.yaml | 86 +++++++++---------- .../k8s-apiserver-token-auth-file.yaml | 82 +++++++++--------- http/cves/2021/CVE-2021-30116.yaml | 2 +- http/cves/2022/CVE-2022-48323.yaml | 2 +- http/cves/2023/CVE-2023-3519.yaml | 2 +- http/cves/2023/CVE-2023-6655.yaml | 2 +- http/cves/2024/CVE-2024-13979.yaml | 2 +- http/cves/2025/CVE-2025-11750.yaml | 2 +- http/cves/2025/CVE-2025-34038.yaml | 2 +- http/cves/2025/CVE-2025-53771.yaml | 2 +- http/cves/2025/CVE-2025-55748.yaml | 2 +- http/cves/2025/CVE-2025-57808.yaml | 2 +- http/exposed-panels/ictbroadcast-panel.yaml | 2 +- .../configs/nextjs-vite-public-env.yaml | 2 +- .../innovatrics-smartface-panel.yaml | 2 +- http/takeovers/redirect-pizza-takeover.yaml | 2 +- http/technologies/backdrop-cms-detect.yaml | 2 +- http/technologies/enigma-nms-detect.yaml | 2 +- .../udp/misconfiguration/mdns-enum.yaml | 2 +- 19 files changed, 101 insertions(+), 101 deletions(-) diff --git a/cloud/kubernetes/security-compliance/k8s-apiserver-anonymous-access.yaml b/cloud/kubernetes/security-compliance/k8s-apiserver-anonymous-access.yaml index df45da96f61..b1f91d57a3b 100644 --- a/cloud/kubernetes/security-compliance/k8s-apiserver-anonymous-access.yaml +++ b/cloud/kubernetes/security-compliance/k8s-apiserver-anonymous-access.yaml @@ -1,45 +1,45 @@ -id: k8s-apiserver-anonymous-access - -info: - name: Ensure kube-apiserver --anonymous-auth is explicitly disabled - author: songyaeji - severity: high - description: Checks whether kube-apiserver explicitly sets --anonymous-auth=false in its startup arguments. - impact: | - If --anonymous-auth is not explicitly disabled, anonymous unauthenticated requests might be allowed, - enabling unauthenticated access to cluster resources. - remediation: | - Edit the kube-apiserver manifest (e.g., /etc/kubernetes/manifests/kube-apiserver.yaml) or startup flags - and ensure "--anonymous-auth=false" is present in the apiserver arguments. - reference: - - https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ - tags: cloud,devops,kubernetes,security,devsecops,api-server,k8s,k8s-cluster-security - -variables: - argument: "--anonymous-auth=false" - -self-contained: true -code: - - engine: - - sh - - bash - source: | - kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" 2>/dev/null || \ - kubectl get pods -n kube-system -l k8s-app=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" 2>/dev/null || \ - kubectl get pods -n kube-system -o jsonpath="{.items[?(@.metadata.name.indexOf('kube-apiserver')>=0)].spec.containers[*].command}" 2>/dev/null || \ - echo "" - matchers-condition: and - matchers: - - type: word - words: - - 'kube-apiserver' - - type: word - words: - - "{{argument}}" - negative: true - - extractors: - - type: dsl - dsl: +id: k8s-apiserver-anonymous-access + +info: + name: Ensure kube-apiserver --anonymous-auth is explicitly disabled + author: songyaeji + severity: high + description: Checks whether kube-apiserver explicitly sets --anonymous-auth=false in its startup arguments. + impact: | + If --anonymous-auth is not explicitly disabled, anonymous unauthenticated requests might be allowed, + enabling unauthenticated access to cluster resources. + remediation: | + Edit the kube-apiserver manifest (e.g., /etc/kubernetes/manifests/kube-apiserver.yaml) or startup flags + and ensure "--anonymous-auth=false" is present in the apiserver arguments. + reference: + - https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + tags: cloud,devops,kubernetes,security,devsecops,api-server,k8s,k8s-cluster-security,vuln + +variables: + argument: "--anonymous-auth=false" + +self-contained: true +code: + - engine: + - sh + - bash + source: | + kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" 2>/dev/null || \ + kubectl get pods -n kube-system -l k8s-app=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" 2>/dev/null || \ + kubectl get pods -n kube-system -o jsonpath="{.items[?(@.metadata.name.indexOf('kube-apiserver')>=0)].spec.containers[*].command}" 2>/dev/null || \ + echo "" + matchers-condition: and + matchers: + - type: word + words: + - 'kube-apiserver' + - type: word + words: + - "{{argument}}" + negative: true + + extractors: + - type: dsl + dsl: - '"kube-apiserver configuration does not explicitly set " + argument + ". This may allow anonymous access."' # digest: 4b0a00483046022100fe7b6017299371487169b66b4e188679450b8189bdff8025e09071dafa3f436a022100c5777c8156bd0f6fc7a6ad02caf36293bc8187a4d6e1cc08c4937645ba60acb2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-apiserver-token-auth-file.yaml b/cloud/kubernetes/security-compliance/k8s-apiserver-token-auth-file.yaml index df6b2fb63ff..110283dd398 100644 --- a/cloud/kubernetes/security-compliance/k8s-apiserver-token-auth-file.yaml +++ b/cloud/kubernetes/security-compliance/k8s-apiserver-token-auth-file.yaml @@ -1,43 +1,43 @@ -id: k8s-apiserver-token-auth-file - -info: - name: Detect kube-apiserver --token-auth-file usage - author: songyaeji - severity: high - description: Detects whether kube-apiserver includes the --token-auth-file startup argument. - impact: | - If the API server is started with --token-auth-file, static token file authentication may be allowed, which can enable long-lived or poorly managed tokens and weaken cluster authentication posture. - remediation: | - Remove the --token-auth-file argument from the kube-apiserver startup flags (e.g., edit - /etc/kubernetes/manifests/kube-apiserver.yaml) or ensure any tokens in that file are rotated - and managed securely. Prefer dynamic, short-lived service account tokens and RBAC. - reference: - - https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ - tags: cloud,devops,kubernetes,security,devsecops,api-server,k8s,k8s-cluster-security - -variables: - argument: "--token-auth-file" - -self-contained: true -code: - - engine: - - sh - - bash - source: | - kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" - - matchers-condition: and - matchers: - - type: word - words: - - 'kube-apiserver' - - - type: word - words: - - "{{argument}}" - - extractors: - - type: dsl - dsl: +id: k8s-apiserver-token-auth-file + +info: + name: Detect kube-apiserver --token-auth-file usage + author: songyaeji + severity: high + description: Detects whether kube-apiserver includes the --token-auth-file startup argument. + impact: | + If the API server is started with --token-auth-file, static token file authentication may be allowed, which can enable long-lived or poorly managed tokens and weaken cluster authentication posture. + remediation: | + Remove the --token-auth-file argument from the kube-apiserver startup flags (e.g., edit + /etc/kubernetes/manifests/kube-apiserver.yaml) or ensure any tokens in that file are rotated + and managed securely. Prefer dynamic, short-lived service account tokens and RBAC. + reference: + - https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + tags: cloud,devops,kubernetes,security,devsecops,api-server,k8s,k8s-cluster-security,vuln + +variables: + argument: "--token-auth-file" + +self-contained: true +code: + - engine: + - sh + - bash + source: | + kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" + + matchers-condition: and + matchers: + - type: word + words: + - 'kube-apiserver' + + - type: word + words: + - "{{argument}}" + + extractors: + - type: dsl + dsl: - '"kube-apiserver is configured with " + argument + ". Review and remove if unnecessary."' # digest: 4a0a004730450220570c31f832b4f552d4a3638204241b460d3ed793f5873d3f76e1c5962c20c626022100f2ae478f1ab12d1a905c0a34a802a6edd1605a4d6b38e12096e68fb5dbe1c5f3:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2021/CVE-2021-30116.yaml b/http/cves/2021/CVE-2021-30116.yaml index 3d337902a52..84f371d19a2 100644 --- a/http/cves/2021/CVE-2021-30116.yaml +++ b/http/cves/2021/CVE-2021-30116.yaml @@ -27,7 +27,7 @@ info: vendor: kaseya product: virtual_system_administrator shodan-query: http.favicon.hash:-1445519482 - tags: cve,cve2021,kaseya,virtual_system_administrator,kev,vkev + tags: cve,cve2021,kaseya,virtual_system_administrator,kev,vkev,vuln flow: | http(1) diff --git a/http/cves/2022/CVE-2022-48323.yaml b/http/cves/2022/CVE-2022-48323.yaml index a052e85dc45..d53998be434 100644 --- a/http/cves/2022/CVE-2022-48323.yaml +++ b/http/cves/2022/CVE-2022-48323.yaml @@ -24,7 +24,7 @@ info: max-request: 2 vendor: sunlogin product: sunflower - tags: cve,cve2022,sunflower,rce,vkev + tags: cve,cve2022,sunflower,rce,vkev,vuln http: - raw: diff --git a/http/cves/2023/CVE-2023-3519.yaml b/http/cves/2023/CVE-2023-3519.yaml index e3dc899e4ed..34058a73d9e 100644 --- a/http/cves/2023/CVE-2023-3519.yaml +++ b/http/cves/2023/CVE-2023-3519.yaml @@ -25,7 +25,7 @@ info: - title="netscaler aaa" - title="citrix gateway" || title:"netscaler gateway" shodan-query: http.title:"citrix gateway" || title:"netscaler gateway" - tags: cve,cve2025,citrix,saml,rce,kev,passive,vkev + tags: cve,cve2025,citrix,saml,rce,kev,passive,vkev,vuln http: - raw: diff --git a/http/cves/2023/CVE-2023-6655.yaml b/http/cves/2023/CVE-2023-6655.yaml index 93548cab577..0cbc1722401 100644 --- a/http/cves/2023/CVE-2023-6655.yaml +++ b/http/cves/2023/CVE-2023-6655.yaml @@ -22,7 +22,7 @@ info: vendor: hrp2000 product: e-hr fofa-query: title="人力资源信息管理系统" - tags: cve,cve2023,hjsoft,management-system,sqli,vkev + tags: cve,cve2023,hjsoft,management-system,sqli,vkev,vuln flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-13979.yaml b/http/cves/2024/CVE-2024-13979.yaml index f2163c5e614..6f0327ee600 100644 --- a/http/cves/2024/CVE-2024-13979.yaml +++ b/http/cves/2024/CVE-2024-13979.yaml @@ -25,7 +25,7 @@ info: verified: false max-request: 1 fofa-query: "圣乔ERP系统" - tags: cve,cve2024,erp,sqli,vkev + tags: cve,cve2024,erp,sqli,vkev,vuln http: - raw: diff --git a/http/cves/2025/CVE-2025-11750.yaml b/http/cves/2025/CVE-2025-11750.yaml index a70db8bf151..a924221fd2b 100644 --- a/http/cves/2025/CVE-2025-11750.yaml +++ b/http/cves/2025/CVE-2025-11750.yaml @@ -17,7 +17,7 @@ info: product: dify shodan-query: http.favicon.hash:"97378986" fofa-query: icon_hash="97378986" - tags: cve,cve2025,langgenius,dify,user-enum + tags: cve,cve2025,langgenius,dify,user-enum,vuln variables: fake_email: "{{to_lower(rand_text_alphanumeric(16))}}@{{to_lower(rand_text_alphanumeric(16))}}.com" diff --git a/http/cves/2025/CVE-2025-34038.yaml b/http/cves/2025/CVE-2025-34038.yaml index 32c7c203e45..8756cf346ff 100644 --- a/http/cves/2025/CVE-2025-34038.yaml +++ b/http/cves/2025/CVE-2025-34038.yaml @@ -19,7 +19,7 @@ info: metadata: max-request: 1 fofa-query: app="泛微-协同办公OA" - tags: cve,cve2025,ecology,sqli,vkev + tags: cve,cve2025,ecology,sqli,vkev,vuln http: - method: GET diff --git a/http/cves/2025/CVE-2025-53771.yaml b/http/cves/2025/CVE-2025-53771.yaml index cb81d28df01..8b224a121f1 100644 --- a/http/cves/2025/CVE-2025-53771.yaml +++ b/http/cves/2025/CVE-2025-53771.yaml @@ -27,7 +27,7 @@ info: verified: true max-request: 1 shodan-query: http.component:"sharepoint" - tags: cve,cve2025,sharepoint,auth-bypass,microsoft,toolshell,vkev + tags: cve,cve2025,sharepoint,auth-bypass,microsoft,toolshell,vkev,vuln variables: dataset_gadget_b64: 'AAEAAAD/////AQAAAAAAAAAMAgAAAE5TeXN0ZW0uRGF0YSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAABNTeXN0ZW0uRGF0YS5EYXRhU2V0AgAAAAlYbWxTY2hlbWELWG1sRGlmZkdyYW0BAQIAAAAGAwAAAKEKPHhzOnNjaGVtYSB4bWxucz0iIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOm1zZGF0YT0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp4bWwtbXNkYXRhIiBpZD0ic29tZWRhdGFzZXQiPg0KICAgICAgICAgICAgICAgIDx4czplbGVtZW50IG5hbWU9InNvbWVkYXRhc2V0IiBtc2RhdGE6SXNEYXRhU2V0PSJ0cnVlIiBtc2RhdGE6VXNlQ3VycmVudExvY2FsZT0idHJ1ZSI+DQogICAgICAgICAgICAgICAgICAgIDx4czpjb21wbGV4VHlwZT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx4czpjaG9pY2UgbWluT2NjdXJzPSIwIiBtYXhPY2N1cnM9InVuYm91bmRlZCI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHhzOmVsZW1lbnQgbmFtZT0iaGVoZSI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx4czpjb21wbGV4VHlwZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx4czpzZXF1ZW5jZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8eHM6ZWxlbWVudCBuYW1lPSJwd24iIG1zZGF0YTpEYXRhVHlwZT0iU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdGAxW1tTeXN0ZW0uRGF0YS5TZXJ2aWNlcy5JbnRlcm5hbC5FeHBhbmRlZFdyYXBwZXJgMltbU3lzdGVtLldlYi5VSS5Mb3NGb3JtYXR0ZXIsIFN5c3RlbS5XZWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iMDNmNWY3ZjExZDUwYTNhXSxbU3lzdGVtLldpbmRvd3MuRGF0YS5PYmplY3REYXRhUHJvdmlkZXIsIFByZXNlbnRhdGlvbkZyYW1ld29yaywgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPTMxYmYzODU2YWQzNjRlMzVdXSwgU3lzdGVtLkRhdGEuU2VydmljZXMsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0iIHR5cGU9InhzOmFueVR5cGUiIG1pbk9jY3Vycz0iMCIvPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC94czpzZXF1ZW5jZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC94czpjb21wbGV4VHlwZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3hzOmVsZW1lbnQ+DQogICAgICAgICAgICAgICAgICAgICAgICA8L3hzOmNob2ljZT4NCiAgICAgICAgICAgICAgICAgICAgPC94czpjb21wbGV4VHlwZT4NCiAgICAgICAgICAgICAgICA8L3hzOmVsZW1lbnQ+DQogICAgICAgICAgICA8L3hzOnNjaGVtYT4GBAAAAMtHPGRpZmZncjpkaWZmZ3JhbSB4bWxuczptc2RhdGE9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206eG1sLW1zZGF0YSIgeG1sbnM6ZGlmZmdyPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOnhtbC1kaWZmZ3JhbS12MSI+DQogICAgICAgICAgICAgICAgPHNvbWVkYXRhc2V0Pg0KICAgICAgICAgICAgICAgICAgICA8aGVoZSBkaWZmZ3I6aWQ9IlRhYmxlIiBtc2RhdGE6cm93T3JkZXI9IjAiIGRpZmZncjpoYXNDaGFuZ2VzPSJpbnNlcnRlZCI+DQogICAgICAgICAgICAgICAgICAgICAgICA8cHduIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxFeHBhbmRlZFdyYXBwZXJPZkxvc0Zvcm1hdHRlck9iamVjdERhdGFQcm92aWRlciB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiA+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxFeHBhbmRlZEVsZW1lbnQvPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8UHJvamVjdGVkUHJvcGVydHkwPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPE1ldGhvZE5hbWU+RGVzZXJpYWxpemU8L01ldGhvZE5hbWU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8TWV0aG9kUGFyYW1ldGVycz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8YW55VHlwZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4c2k6dHlwZT0ieHNkOnN0cmluZyI+SEFYPC9hbnlUeXBlPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9NZXRob2RQYXJhbWV0ZXJzPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPE9iamVjdEluc3RhbmNlIHhzaTp0eXBlPSJMb3NGb3JtYXR0ZXIiPjwvT2JqZWN0SW5zdGFuY2U+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvUHJvamVjdGVkUHJvcGVydHkwPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvRXhwYW5kZWRXcmFwcGVyT2ZMb3NGb3JtYXR0ZXJPYmplY3REYXRhUHJvdmlkZXI+DQogICAgICAgICAgICAgICAgICAgICAgICA8L3B3bj4NCiAgICAgICAgICAgICAgICAgICAgPC9oZWhlPg0KICAgICAgICAgICAgICAgIDwvc29tZWRhdGFzZXQ+DQogICAgICAgICAgICA8L2RpZmZncjpkaWZmZ3JhbT4L' diff --git a/http/cves/2025/CVE-2025-55748.yaml b/http/cves/2025/CVE-2025-55748.yaml index 352f83534e3..dcf7fd7e392 100644 --- a/http/cves/2025/CVE-2025-55748.yaml +++ b/http/cves/2025/CVE-2025-55748.yaml @@ -25,7 +25,7 @@ info: verified: true max-request: 1 fofa-query: app="XWIKI-Platform" - tags: cve,cve2025,xwiki,lfi + tags: cve,cve2025,xwiki,lfi,vuln http: - method: GET diff --git a/http/cves/2025/CVE-2025-57808.yaml b/http/cves/2025/CVE-2025-57808.yaml index dece0f9b5ac..f33c496dc33 100644 --- a/http/cves/2025/CVE-2025-57808.yaml +++ b/http/cves/2025/CVE-2025-57808.yaml @@ -18,7 +18,7 @@ info: verified: true max-request: 1 shodan-query: http.title:"ESPHome" - tags: cve,cve2025,auth-bypass,esphome + tags: cve,cve2025,auth-bypass,esphome,vuln http: - method: GET diff --git a/http/exposed-panels/ictbroadcast-panel.yaml b/http/exposed-panels/ictbroadcast-panel.yaml index eb415c73544..be76a6849ae 100644 --- a/http/exposed-panels/ictbroadcast-panel.yaml +++ b/http/exposed-panels/ictbroadcast-panel.yaml @@ -12,7 +12,7 @@ info: verified: true max-request: 1 shodan-query: http.favicon.hash:-60395993 - tags: panel,ictbroadcast,login + tags: panel,ictbroadcast,login,discovery http: - method: GET diff --git a/http/exposures/configs/nextjs-vite-public-env.yaml b/http/exposures/configs/nextjs-vite-public-env.yaml index d082a1e69c7..dda2d50d02e 100644 --- a/http/exposures/configs/nextjs-vite-public-env.yaml +++ b/http/exposures/configs/nextjs-vite-public-env.yaml @@ -12,7 +12,7 @@ info: - https://supabase.com/docs/guides/api#api-keys metadata: verified: true - tags: exposure,env,nextjs,vite,supabase + tags: exposure,env,nextjs,vite,supabase,vuln http: - method: GET diff --git a/http/misconfiguration/innovatrics-smartface-panel.yaml b/http/misconfiguration/innovatrics-smartface-panel.yaml index c470f640d73..f3a0dc01703 100644 --- a/http/misconfiguration/innovatrics-smartface-panel.yaml +++ b/http/misconfiguration/innovatrics-smartface-panel.yaml @@ -11,7 +11,7 @@ info: metadata: max-request: 1 shodan-query: http.favicon.hash:-1410437493 - tags: panel,smartface,login,detect + tags: panel,smartface,login,detect,vuln flow: http(1) && http(2) diff --git a/http/takeovers/redirect-pizza-takeover.yaml b/http/takeovers/redirect-pizza-takeover.yaml index 397c762e076..dc31c5352af 100644 --- a/http/takeovers/redirect-pizza-takeover.yaml +++ b/http/takeovers/redirect-pizza-takeover.yaml @@ -11,7 +11,7 @@ info: max-request: 1 shodan-query: html:"redirect.pizza" fofa-query: body="redirect.pizza" - tags: takeover,redirect-pizza + tags: takeover,redirect-pizza,vuln http: - method: GET diff --git a/http/technologies/backdrop-cms-detect.yaml b/http/technologies/backdrop-cms-detect.yaml index 9a937917422..fcc0c29048e 100644 --- a/http/technologies/backdrop-cms-detect.yaml +++ b/http/technologies/backdrop-cms-detect.yaml @@ -10,7 +10,7 @@ info: max-request: 1 verified: true shodan-query: html:"Backdrop CMS" - tags: tech,backdrop,cms,detect + tags: tech,backdrop,cms,detect,discovery http: - method: GET diff --git a/http/technologies/enigma-nms-detect.yaml b/http/technologies/enigma-nms-detect.yaml index 9266e321351..089d72a0c26 100644 --- a/http/technologies/enigma-nms-detect.yaml +++ b/http/technologies/enigma-nms-detect.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: 'http.title:"ENIGMA NMS"' - tags: tech,enigma,nms,detection + tags: tech,enigma,nms,detection,discovery http: - method: GET diff --git a/javascript/udp/misconfiguration/mdns-enum.yaml b/javascript/udp/misconfiguration/mdns-enum.yaml index 10d9a680487..cf388f17a5b 100644 --- a/javascript/udp/misconfiguration/mdns-enum.yaml +++ b/javascript/udp/misconfiguration/mdns-enum.yaml @@ -9,7 +9,7 @@ info: metadata: verified: true shodan-query: port:5353 - tags: dns,udp,mdns,enum,js + tags: dns,udp,mdns,enum,js,enum javascript: - pre-condition: |