moving templates around

misconfiguration/prometheus/prometheus-config.yaml

@@ -1,4 +1,4 @@
-id: prometheus-config-endpoint
+id: prometheus-config
 
 info:
   name: Prometheus config API endpoint
@@ -6,7 +6,7 @@ info:
   severity: info
   description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  tags: prometheus,exposure
+  tags: prometheus
 
 requests:
   - method: GET
@@ -21,12 +21,12 @@ requests:
 
       - type: word
         words:
-          - 'job_name:'
-          - '{"status":"success","data":'
-          - 'targets:'
+          - '"status": "success":'
+          - '"data":'
+          - '"yaml":'
         condition: and
 
       - type: word
         part: header
         words:
-          - 'application/json'
+          - 'application/json'

misconfiguration/prometheus/prometheus-exporter.yaml

@@ -1,10 +1,11 @@
-id: prometheus-exporter-detect
+id: prometheus-exporter
+
 info:
   name: Prometheus exporter detect
   author: jarijaas
   severity: info
   description: Prometheus exporter detector
-  tags: panel
+  tags: prometheus
   reference: https://github.com/prometheus/prometheus/wiki/Default-port-allocations
 
 requests:
@@ -16,14 +17,13 @@ requests:
     matchers:
       - type: word
         words:
-          - Exporter # Exporters have "Exporter" in the page title (e.g, Node Exporter, Bind Exporter and so on)
-          - /metrics
+          - 'Exporter'
+          - '<a href="/metrics">Metrics</a>'
         condition: and
 
-    extractors: # Extract exporter name
+    extractors:
       - type: regex
         part: body
-        name: exporter_name
         group: 1
         regex:
           - "<title>(.*?)</title>"

misconfiguration/prometheus/prometheus-flags.yaml

@@ -1,4 +1,4 @@
-id: prometheus-flags-endpoint
+id: prometheus-flags
 
 info:
   name: Prometheus flags API endpoint
@@ -6,7 +6,7 @@ info:
   severity: info
   description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  tags: prometheus,exposure
+  tags: prometheus
 
 requests:
   - method: GET

misconfiguration/prometheus/prometheus-log.yaml

@@ -1,15 +1,16 @@
-id: exposed-prometheus-log
+id: prometheus-log
 
 info:
   name: Exposed Prometheus
   author: dhiyaneshDK
   severity: low
-  tags: exposure,prometheus,logs
+  tags: prometheus
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/prometheus"
+      - "{{BaseURL}}/actuator/prometheus"
 
     matchers-condition: and
     matchers:

misconfiguration/prometheus/prometheus-targets.yaml

@@ -1,4 +1,4 @@
-id: prometheus-targets-endpoint
+id: prometheus-targets
 
 info:
   name: Prometheus targets API endpoint
@@ -6,7 +6,7 @@ info:
   severity: info
   description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developer’s knowledge.
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  tags: prometheus,exposure
+  tags: prometheus
 
 requests:
   - method: GET
@@ -20,9 +20,11 @@ requests:
           - 200
 
       - type: word
+        part: body
         words:
-          - '{"status":"success","data":'
-          - 'Labels'
+          - '"status": "success"'
+          - '"data":'
+          - '"labels":'
         condition: and
 
       - type: word