fix: fp on metadata service check templates

http/misconfiguration/proxy/metadata-alibaba.yaml

@@ -9,7 +9,7 @@ id: metadata-service-alibaba
 # inside the private network.
 info:
   name: Alibaba Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The Alibaba host is configured as a proxy which allows access to the metadata service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -28,7 +28,7 @@ info:
 http:
   - raw:
       - |+
-        GET http://{{hostval}}/dynamic/instance-identity/document HTTP/1.1
+        GET http://{{hostval}}/latest/meta-data HTTP/1.1
         Host: {{hostval}}
 
     payloads:
@@ -40,6 +40,10 @@ http:
       - type: word
         part: body
         words:
+          - "vpc-id"
+          - "vswitch-cidr-block"
+          - "vswitch-id"
           - "zone-id"
+        condition: and
 
-# digest: 490a004630440220495fde6b8e524846446e53dead7f589f22c254d0ca7b6e09e07210469773749f0220264d2180b4589c8663f68bab544d951ad739fae7f3b6dccaaacee29718cb4778:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220495fde6b8e524846446e53dead7f589f22c254d0ca7b6e09e07210469773749f0220264d2180b4589c8663f68bab544d951ad739fae7f3b6dccaaacee29718cb4778:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-aws.yaml

@@ -9,7 +9,7 @@ id: metadata-service-aws
 # inside the private network.
 info:
   name: Amazon AWS Metadata Service Check
-  author: sullo,DhiyaneshDk
+  author: sullo,DhiyaneshDk,daffainfo
   severity: critical
   description: The host is configured as a proxy which allows access to the metadata provided by a cloud provider such as AWS or OVH. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -44,8 +44,10 @@ http:
       - type: word
         part: body
         words:
-          - "public-ipv4"
-          - "privateIp"
-        condition: or
+          - "ami-id"
+          - "ami-launch-index"
+          - "ami-manifest-path"
+          - "instance-id"
+        condition: and
 
-# digest: 4b0a00483046022100aaea6b60c84ab81c627ae7f0e712e68c83ca1f2deda1ad5b7d59be164e096642022100837009bd37d871f253921986b407d4b2b2a39619fcd568626a2a8b68e1fbcc25:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100aaea6b60c84ab81c627ae7f0e712e68c83ca1f2deda1ad5b7d59be164e096642022100837009bd37d871f253921986b407d4b2b2a39619fcd568626a2a8b68e1fbcc25:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-azure.yaml

@@ -9,7 +9,7 @@ id: metadata-service-azure
 # inside the private network.
 info:
   name: Microsoft Azure Cloud Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The Microsoft Azure cloud host is configured as a proxy which allows access to the instance metadata service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -41,8 +41,10 @@ http:
       - type: word
         part: body
         words:
-          - "osType"
-          - "ipAddress"
+          - '"azEnvironment"'
+          - '"customData"'
+          - '"evictionPolicy"'
+          - '"licenseType"'
         condition: and
 
-# digest: 4a0a00473045022100b9784f2e42de717877a1da43b204db4fca5e90dea3180d2fda2291e8a8b326d8022050cf70789f494c1a2114b09a24c9be94cdd6d9474d4cb6daf4a4d39b9e4751bd:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b9784f2e42de717877a1da43b204db4fca5e90dea3180d2fda2291e8a8b326d8022050cf70789f494c1a2114b09a24c9be94cdd6d9474d4cb6daf4a4d39b9e4751bd:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-digitalocean.yaml

@@ -9,7 +9,7 @@ id: metadata-service-digitalocean
 # inside the private network.
 info:
   name: DigitalOcean Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The DigitalOcean host is configured as a proxy which allows access to the instance metadata service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -41,5 +41,10 @@ http:
         part: body
         words:
           - "droplet_id"
+          - "hostname"
+          - "vendor_data"
+          - "public_keys"
+          - "region"
+        condition: and
 
-# digest: 4a0a00473045022100c880c7f7c620f95f5581c95773d568904fba4e16bc6a142e4af79941a8e5c6d7022042599d46c091e617c90aef88b0452165506392a8cf9087180c40f8f3f05bfebe:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c880c7f7c620f95f5581c95773d568904fba4e16bc6a142e4af79941a8e5c6d7022042599d46c091e617c90aef88b0452165506392a8cf9087180c40f8f3f05bfebe:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-google.yaml

@@ -41,6 +41,9 @@ http:
       - type: word
         part: body
         words:
-          - "attributes/"
+          - "instance/"
+          - "oslogin/"
+          - "project/"
+        condition: and
 
-# digest: 4a0a00473045022100b1826497b2bd96a52b296f4be8780cd3f16c8082b4c661edc67c2eea7ec87a2d022008e42eecdfa425df28fe4a437dc7a5c04c5d7aed67b580ddbd8ec7b11491404c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b1826497b2bd96a52b296f4be8780cd3f16c8082b4c661edc67c2eea7ec87a2d022008e42eecdfa425df28fe4a437dc7a5c04c5d7aed67b580ddbd8ec7b11491404c:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-hetzner.yaml

@@ -9,7 +9,7 @@ id: metadata-service-hetzner
 # inside the private network.
 info:
   name: Hetzner Cloud Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The Hetzner Cloud host is configured as a proxy which allows access to the instance metadata service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -17,6 +17,7 @@ info:
     - https://docs.hetzner.cloud/#server-metadata
     - https://blog.projectdiscovery.io/abusing-reverse-proxies-metadata/
     - https://www.mcafee.com/blogs/enterprise/cloud-security/how-an-attacker-could-use-instance-metadata-to-breach-your-app-in-aws/
+    - https://docs.hetzner.cloud
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
     cvss-score: 9.3
@@ -41,8 +42,8 @@ http:
         part: body
         words:
           - "alias_ips:"
-          - "local-ipv4:"
-          - "instance-id:"
-        condition: or
+          - "mac_address:"
+          - "network_id:"
+        condition: and
 
-# digest: 4a0a0047304502207cf3fa7f173714c4d46c9d7443fc19477aff56e43e8fbf3ec92c74fa6d447bc8022100899653a9610331f9197f0f7a191c190f11ec9fbb60ea75ab0dad2f9d5738c4cc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207cf3fa7f173714c4d46c9d7443fc19477aff56e43e8fbf3ec92c74fa6d447bc8022100899653a9610331f9197f0f7a191c190f11ec9fbb60ea75ab0dad2f9d5738c4cc:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-openstack.yaml

@@ -8,7 +8,7 @@ id: metadata-service-openstack
 # inside the private network.
 info:
   name: Openstack Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The Openstack host is configured as a proxy which allows access to the instance metadata service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -39,6 +39,9 @@ http:
       - type: word
         part: body
         words:
+          - "meta_data.json"
+          - "user_data"
           - "vendor_data.json"
+        condition: and
 
-# digest: 490a0046304402201114388120943546bb32c03289955b8e2df3660ab5a403d294519ec91336a57502207c799b2ab3c6b4fb310cba35dab6d548a0d1e160f203359a387cc8f9f3fe8eab:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201114388120943546bb32c03289955b8e2df3660ab5a403d294519ec91336a57502207c799b2ab3c6b4fb310cba35dab6d548a0d1e160f203359a387cc8f9f3fe8eab:922c64590222798bb761d5b6d8e72950

http/misconfiguration/proxy/metadata-oracle.yaml

@@ -9,7 +9,7 @@ id: metadata-service-oracle
 # inside the private network.
 info:
   name: Oracle Cloud Metadata Service Check
-  author: sullo
+  author: sullo,daffainfo
   severity: critical
   description: The Oracle cloud host is configured as a proxy which allows access to the instance metadata IMDSv1 service. This could allow significant access to the host/infrastructure.
   remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. Upgrade to IMDSv2 if possible.
@@ -41,6 +41,9 @@ http:
       - type: word
         part: body
         words:
+          - "displayName"
+          - "shape"
           - "availabilityDomain"
-
-# digest: 490a004630440220576757775bf5ad31380fc6e30e256b1e060702d0e79c7979012281d39150fb2d02203f3c6ed82cfe3d5eaaf268e86e1cfec2c358d4fa2dfd4b6f031214b251675d43:922c64590222798bb761d5b6d8e72950
+          - "region"
+        condition: and
+# digest: 490a004630440220576757775bf5ad31380fc6e30e256b1e060702d0e79c7979012281d39150fb2d02203f3c6ed82cfe3d5eaaf268e86e1cfec2c358d4fa2dfd4b6f031214b251675d43:922c64590222798bb761d5b6d8e72950