minor cleanups and matcher update

default-logins/gophish/gophish-default-credentials.yaml

@@ -2,7 +2,7 @@ id: gophish-default-credentials
 
 info:
   name: Gophish < v0.10.1 default credentials
-  author: arcc
+  author: arcc,dhiyaneshDK
   severity: high
   tags: gophish,default-login
 
@@ -11,21 +11,21 @@ requests:
       - |
         GET /login HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
-        Connection: close
+
       - |
         POST /login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
 
-        username=admin&password=gophish&csrf_token={{replace(url_encode(html_unescape(csrf_token)), "+", "%2B")}}
+        username={{user}}&password={{pass}}&csrf_token={{replace(url_encode(html_unescape(csrf_token)), "+", "%2B")}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - gophish
+
     cookie-reuse: true
     extractors:
       - type: regex
@@ -35,12 +35,12 @@ requests:
         group: 1
         regex:
           - 'name="csrf_token" value="(.+?)"'
-    matchers-condition: and
+
     matchers:
-      - type: status
-        status:
-          - 302
-      - type: word
-        words:
-          - "Location: /"
-        part: header
+      - type: dsl
+        dsl:
+          - "!contains(tolower(all_headers), 'location: /login')"
+          - "contains(tolower(all_headers), 'location: /')"
+          - "contains(tolower(all_headers), 'gophish')"
+          - "status_code==302"
+        condition: and