tagging updates for SSL & network related templates

2023-12-07 14:57:41 -07:00 · 2023-12-07 14:57:41 -07:00 · 2bdfb18686
parent b2a79787b3
commit 2bdfb18686
60 changed files with 60 additions and 60 deletions
--- a/network/cves/2016/CVE-2016-3510.yaml
+++ b/network/cves/2016/CVE-2016-3510.yaml
@ -19,7 +19,7 @@ info:
  metadata:
    max-request: 1
    verified: true
-  tags: cve,cve2016,weblogic,t3,rce,oast,deserialization,network
+  tags: cve,cve2016,oracle,weblogic,t3,rce,oast,deserialization,network

 variables:
  start: "016501ffffffffffffffff000000710000ea6000000018432ec6a2a63985b5af7d63e64383f42a6d92c9e9af0f9472027973720078720178720278700000000c00000002000000000000000000000001007070707070700000000c00000002000000000000000000000001007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000"
--- a/network/cves/2020/CVE-2020-1938.yaml
+++ b/network/cves/2020/CVE-2020-1938.yaml
@ -24,7 +24,7 @@ info:
    product: geode
    shodan-query: title:"Apache Tomcat"
    vendor: apache
-  tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat
+  tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp
 tcp:
  - host:
      - "{{Hostname}}"
--- a/network/cves/2022/CVE-2022-24706.yaml
+++ b/network/cves/2022/CVE-2022-24706.yaml
@ -27,7 +27,7 @@ info:
    shodan-query: product:"CouchDB"
    vendor: apache
    verified: "true"
-  tags: cve,cve2022,network,couch,rce,kev
+  tags: cve,cve2022,network,couch,rce,kev,couchdb
 variables:
  name_msg: "00156e00050007499c4141414141414041414141414141"
  challenge_reply: "00157201020304"
--- a/network/detection/activemq-openwire-transport-detect.yaml
+++ b/network/detection/activemq-openwire-transport-detect.yaml
@ -10,7 +10,7 @@ info:
    max-request: 1
    shodan-query: product:"ActiveMQ OpenWire transport"
    verified: true
-  tags: network,activemq,detect
+  tags: network,activemq,detect,openwire

 tcp:
  - inputs:
--- a/network/detection/apache-activemq-detect.yaml
+++ b/network/detection/apache-activemq-detect.yaml
@ -10,7 +10,7 @@ info:
    max-request: 1
    shodan-query: product:"Apache ActiveMQ"
    verified: true
-  tags: network,activemq,oss,detect
+  tags: network,activemq,oss,detect,apache

 tcp:
  - inputs:
--- a/network/detection/axigen-mail-server-detect.yaml
+++ b/network/detection/axigen-mail-server-detect.yaml
@ -11,7 +11,7 @@ info:
    max-request: 1
    shodan-query: product:"Axigen"
    verified: true
-  tags: network,axigen,detect
+  tags: network,axigen,detect,smtp

 tcp:
  - inputs:
--- a/network/detection/bgp-detect.yaml
+++ b/network/detection/bgp-detect.yaml
@ -15,7 +15,7 @@ info:
  metadata:
    max-request: 1
    shodan-query: product:"BGP"
-  tags: network,bgp
+  tags: network,bgp,detect

 tcp:
  - inputs:
--- a/network/detection/cisco-finger-detect.yaml
+++ b/network/detection/cisco-finger-detect.yaml
@ -10,7 +10,7 @@ info:
    max-request: 1
    shodan-query: product:"Cisco fingerd"
    verified: true
-  tags: network,finger,detect
+  tags: network,finger,detect,cisco

 tcp:
  - inputs:
--- a/network/detection/dotnet-remoting-service-detect.yaml
+++ b/network/detection/dotnet-remoting-service-detect.yaml
@ -13,7 +13,7 @@ info:
    max-request: 1
    shodan-query: product:"MS .NET Remoting httpd"
    verified: true
-  tags: network,detect,microsoft
+  tags: network,detect,microsoft,dotnet

 tcp:
  - inputs:
--- a/network/detection/expn-mail-detect.yaml
+++ b/network/detection/expn-mail-detect.yaml
@ -8,7 +8,7 @@ info:
    The "EXPN" can be used by attackers to learn about valid usernames on the target system. On some SMTP servers, EXPN can be used to show the subscribers of a mailing list subscription lists are generally considered to be sensitive information.
  metadata:
    max-request: 1
-  tags: mail,expn,network,detect
+  tags: mail,expn,network,detect,smtp

 tcp:
  - inputs:
--- a/network/detection/iplanet-imap-detect.yaml
+++ b/network/detection/iplanet-imap-detect.yaml
@ -12,7 +12,7 @@ info:
  metadata:
    fofa-query: app="iPlanet-Messaging-Server-5.2" && protocol="imap"
    max-request: 1
-  tags: network,imap,detect
+  tags: network,imap,detect,iplanet

 tcp:
  - inputs:
--- a/network/detection/riak-detect.yaml
+++ b/network/detection/riak-detect.yaml
@ -9,7 +9,7 @@ info:
    max-request: 1
    shodan-query: product:"Riak"
    verified: true
-  tags: network,oss,detect
+  tags: network,oss,detect,riak,nosql

 tcp:
  - inputs:
--- a/network/detection/sap-router.yaml
+++ b/network/detection/sap-router.yaml
@ -8,7 +8,7 @@ info:
    SAProuter is a software application that provides a remote connection between our customer's network and SAP.
  metadata:
    max-request: 1
-  tags: network,sap,detect
+  tags: network,sap,detect,saprouter

 tcp:
  - inputs:
--- a/network/detection/smtp-detect.yaml
+++ b/network/detection/smtp-detect.yaml
@ -8,7 +8,7 @@ info:
    SMTP is part of the application layer of the TCP/IP protocol. Using a process called “store and forward,” SMTP moves your email on and across networks.
  metadata:
    max-request: 1
-  tags: network,service,smtp,detect
+  tags: network,service,smtp,detect,mail

 tcp:
  - inputs:
--- a/network/detection/starttls-mail-detect.yaml
+++ b/network/detection/starttls-mail-detect.yaml
@ -8,7 +8,7 @@ info:
    STARTTLS is an email protocol command that tells an email server that an email client, including an email client running in a web browser, wants to turn an existing insecure connection into a secure one.
  metadata:
    max-request: 1
-  tags: mail,starttls,network,detect
+  tags: mail,starttls,network,detect,smtp

 tcp:
  - inputs:
--- a/network/detection/weblogic-iiop-detect.yaml
+++ b/network/detection/weblogic-iiop-detect.yaml
@ -8,7 +8,7 @@ info:
    The IIOP (Internet Inter-ORB Protocol) protocol makes it possible for distributed programs written in different programming languages to communicate over the Internet.
  metadata:
    max-request: 1
-  tags: network,weblogic,detect
+  tags: network,weblogic,detect,oracle,iiop
 tcp:
  - inputs:
      - data: "{{hex_decode('47494f50010200030000001700000002000000000000000b4e616d6553657276696365')}}"
--- a/network/detection/weblogic-t3-detect.yaml
+++ b/network/detection/weblogic-t3-detect.yaml
@ -8,7 +8,7 @@ info:
    T3 is the protocol used to transport information between WebLogic servers and other types of Java programs.
  metadata:
    max-request: 2
-  tags: network,weblogic,detect
+  tags: network,weblogic,detect,t3,oracle
 tcp:
  - inputs:
      - data: "t3 12.2.1
--- a/network/detection/ws_ftp-ssh-detect.yaml
+++ b/network/detection/ws_ftp-ssh-detect.yaml
@ -16,7 +16,7 @@ info:
    vendor: progress
    product: ws_ftp
    shodan-query: "WS_FTP port:22"
-  tags: network,ssh,ws_ftp
+  tags: network,ssh,ws_ftp,detect

 tcp:
  - host:
--- a/network/enumeration/smtp/smtp-commands-enum.yaml
+++ b/network/enumeration/smtp/smtp-commands-enum.yaml
--- a/network/jarm/c2/cobalt-strike-c2-jarm.yaml
+++ b/network/jarm/c2/cobalt-strike-c2-jarm.yaml
@ -12,7 +12,7 @@ info:
    verified: true
    max-request: 1
    shodan-query: ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1+port:443
-  tags: jarm,c2,ir,osint
+  tags: jarm,c2,ir,osint,cti,cobalt-strike
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/covenant-c2-jarm.yaml
+++ b/network/jarm/c2/covenant-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://twitter.com/MichalKoczwara/status/1548685058403360770
  metadata:
    max-request: 1
-  tags: c2,ir,osint,covenant,jarm
+  tags: jarm,c2,ir,osint,cti,covenant
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/deimos-c2-jarm.yaml
+++ b/network/jarm/c2/deimos-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://twitter.com/MichalKoczwara/status/1551632627387473920
  metadata:
    max-request: 1
-  tags: c2,ir,osint,deimos,jarm,network
+  tags: jarm,c2,ir,osint,cti,deimos,network
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/evilginx2-jarm.yaml
+++ b/network/jarm/c2/evilginx2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/kgretzky/evilginx2
  metadata:
    max-request: 1
-  tags: evilginx2,c2,phishing,jarm
+  tags: jarm,c2,ir,osint,cti,evilginx2,phishing
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/generic-c2-jarm.yaml
+++ b/network/jarm/c2/generic-c2-jarm.yaml
@ -10,7 +10,7 @@ info:
    - https://github.com/MichaelKoczwara/C2JARM
  metadata:
    max-request: 1
-  tags: network,c2,jarm,cti
+  tags: network,jarm,c2,ir,osint,cti
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/grat2-c2-jarm.yaml
+++ b/network/jarm/c2/grat2-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/r3nhat/GRAT2
  metadata:
    max-request: 1
-  tags: shad0w,c2,osint,ir,jarm
+  tags: jarm,c2,ir,osint,cti,shad0w
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/havoc-c2-jarm.yaml
+++ b/network/jarm/c2/havoc-c2-jarm.yaml
@ -13,7 +13,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: 'ssl:postalCode=3540 ssl.jarm:3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e'
-  tags: c2,ir,osint,havoc,network
+  tags: jarm,c2,ir,osint,cti,havoc,network
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/mac-c2-jarm.yaml
+++ b/network/jarm/c2/mac-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/cedowens/MacC2
  metadata:
    max-request: 1
-  tags: c2,ir,osint,macc2,jarm
+  tags: jarm,c2,ir,osint,cti,macc2
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/macshell-c2-jarm.yaml
+++ b/network/jarm/c2/macshell-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/cedowens/MacShellSwift
  metadata:
    max-request: 1
-  tags: c2,ir,osint,macshell,jarm
+  tags: jarm,c2,ir,osint,cti,macshell
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/merlin-c2-jarm.yaml
+++ b/network/jarm/c2/merlin-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://merlin-c2.readthedocs.io/en/latest/
  metadata:
    max-request: 1
-  tags: c2,ir,osint,merlin,jarm
+  tags: jarm,c2,ir,osint,cti,merlin
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/metasploit-c2-jarm.yaml
+++ b/network/jarm/c2/metasploit-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
  metadata:
    max-request: 1
-  tags: c2,ir,osint,metasploit,jarm
+  tags: jarm,c2,ir,osint,cti,metasploit
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/mythic-c2-jarm.yaml
+++ b/network/jarm/c2/mythic-c2-jarm.yaml
@ -12,7 +12,7 @@ info:
    - https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
  metadata:
    max-request: 1
-  tags: c2,ir,osint,mythic,jarm
+  tags: jarm,c2,ir,osint,cti,mythic
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/posh-c2-jarm.yaml
+++ b/network/jarm/c2/posh-c2-jarm.yaml
@ -12,7 +12,7 @@ info:
    - https://poshc2.readthedocs.io/en/latest/
  metadata:
    max-request: 1
-  tags: c2,ir,osint,posh,jarm
+  tags: jarm,c2,ir,osint,cti,posh
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/shad0w-c2-jarm.yaml
+++ b/network/jarm/c2/shad0w-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/bats3c/shad0w
  metadata:
    max-request: 1
-  tags: shad0w,c2,osint,ir,jarm
+  tags: jarm,c2,ir,osint,cti,shad0w
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/silenttrinity-c2-jarm.yaml
+++ b/network/jarm/c2/silenttrinity-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/byt3bl33d3r/SILENTTRINITY
  metadata:
    max-request: 1
-  tags: silenttrinity,c2,osint,ir,jarm
+  tags: jarm,c2,ir,osint,cti,silenttrinity
 tcp:
  - inputs:
      - data: 2E
--- a/network/jarm/c2/sliver-c2-jarm.yaml
+++ b/network/jarm/c2/sliver-c2-jarm.yaml
@ -11,7 +11,7 @@ info:
    - https://github.com/BishopFox/sliver
  metadata:
    max-request: 1
-  tags: c2,ir,osint,sliver,jarm
+  tags: jarm,c2,ir,osint,cti,sliver
 tcp:
  - inputs:
      - data: 2E
--- a/network/misconfig/printers-info-leak.yaml
+++ b/network/misconfig/printers-info-leak.yaml
@ -6,11 +6,11 @@ info:
  severity: info
  reference:
    - https://book.hacktricks.xyz/pentesting/9100-pjl
-  tags: network,iot,printer,misconfig
  description: |
    Unauthorized access to printers allows attackers to print, eavesdrop sensitive documents.
  metadata:
    max-request: 1
+  tags: network,iot,printer,misconfig

 tcp:
  - inputs:
--- a/network/misconfig/sap-router-info-leak.yaml
+++ b/network/misconfig/sap-router-info-leak.yaml
@ -10,7 +10,7 @@ info:
    - https://support.sap.com/en/tools/connectivity-tools/saprouter.html
  metadata:
    max-request: 1
-  tags: network,sap,misconfig
+  tags: network,sap,misconfig,saprouter

 tcp:
  - inputs:
--- a/ssl/c2/asyncrat-c2.yaml
+++ b/ssl/c2/asyncrat-c2.yaml
@ -13,7 +13,7 @@ info:
    max-request: 1
    shodan-query: ssl:"AsyncRAT Server"
    censys-query: services.tls.certificates.leaf_data.issuer.common_name:AsyncRat
-  tags: c2,ir,osint,malware
+  tags: c2,ir,osint,malware,ssl,asyncrat
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/bitrat-c2.yaml
+++ b/ssl/c2/bitrat-c2.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "BitRAT"'
-  tags: c2,ir,osint,bitrat,ssl
+  tags: c2,ir,osint,malware,ssl,bitrat
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/cobalt-strike-c2.yaml
+++ b/ssl/c2/cobalt-strike-c2.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: ssl.cert.serial:146473198
-  tags: ssl,c2,ir,osint,panel
+  tags: c2,ir,osint,malware,ssl,panel,cobalt-strike
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/covenant-c2-ssl.yaml
+++ b/ssl/c2/covenant-c2-ssl.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: ssl:”Covenant” http.component:”Blazor”
-  tags: c2,ir,osint,covenant,ssl
+  tags: c2,ir,osint,malware,ssl,covenant
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/dcrat-server-c2.yaml
+++ b/ssl/c2/dcrat-server-c2.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "DcRat Server"'
-  tags: c2,ir,osint,dcrat,ssl
+  tags: c2,ir,osint,malware,ssl,dcrat
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/gozi-malware-c2.yaml
+++ b/ssl/c2/gozi-malware-c2.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: 'services.tls.certificates.leaf_data.issuer_dn: "C=XX, ST=1, L=1, O=1, OU=1, CN=\*"'
-  tags: c2,ir,osint,gozi,malware,ssl
+  tags: c2,ir,osint,malware,ssl,gozi
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/havoc-c2.yaml
+++ b/ssl/c2/havoc-c2.yaml
@ -13,7 +13,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: 'ssl:postalCode=3540 ssl.jarm:3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e'
-  tags: c2,ir,osint,havoc,ssl
+  tags: c2,ir,osint,malware,ssl,havoc
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/icedid.yaml
+++ b/ssl/c2/icedid.yaml
@ -10,7 +10,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: CN=localhost, C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
-  tags: c2,ir,osint,malware,bokbot,trojan
+  tags: c2,ir,osint,malware,ssl,bokbot,icedid
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/metasploit-c2.yaml
+++ b/ssl/c2/metasploit-c2.yaml
@ -1,7 +1,7 @@
 id: metasploit-c2

 info:
-  name: Detect SSL Certificate Issuer
+  name: Metasploit C2 - Detect
  author: pussycat0x
  severity: info
  description: |
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: ssl:"MetasploitSelfSignedCA"
-  tags: c2,ir,osint,metasploit,panel
+  tags: c2,ir,osint,malware,ssl,metasploit
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/mythic-c2-ssl.yaml
+++ b/ssl/c2/mythic-c2-ssl.yaml
@ -14,7 +14,7 @@ info:
    max-request: 1
    shodan-query: ssl:"Mythic"
    censys-query: services.tls.certificates.leaf_data.issuer.common_name:Mythic
-  tags: c2,ir,osint,malware
+  tags: c2,ir,osint,malware,ssl,mythic
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/orcus-rat-c2.yaml
+++ b/ssl/c2/orcus-rat-c2.yaml
@ -12,7 +12,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Orcus Server", "OrcusServerCertificate"}'
-  tags: c2,ir,osint,orcus,ssl
+  tags: c2,ir,osint,malware,ssl,orcusrat
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/posh-c2.yaml
+++ b/ssl/c2/posh-c2.yaml
@ -13,7 +13,7 @@ info:
    verified: "true"
    max-request: 1
    shodan-query: ssl:"P18055077"
-  tags: c2,ir,osint,posh,ssl
+  tags: c2,ir,osint,malware,ssl,posh
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/quasar-rat-c2.yaml
+++ b/ssl/c2/quasar-rat-c2.yaml
@ -13,7 +13,7 @@ info:
    max-request: 1
    shodan-query: ssl.cert.subject.cn:"Quasar Server CA"
    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Quasar Server CA"}'
-  tags: c2,ir,osint,malware,quasar,rat
+  tags: c2,ir,osint,malware,ssl,quasar
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/c2/shadowpad-c2.yaml
+++ b/ssl/c2/shadowpad-c2.yaml
@ -10,7 +10,7 @@ info:
    verified: "true"
    max-request: 1
    censys-query: services.tls.certificates.leaf_data.subject_dn="C=CN, ST=myprovince, L=mycity, O=myorganization, OU=mygroup, CN=myServer"
-  tags: c2,ir,osint,malware
+  tags: c2,ir,osint,malware,ssl,shadowpad
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/deprecated-tls.yaml
+++ b/ssl/deprecated-tls.yaml
@ -13,7 +13,7 @@ info:
  metadata:
    max-request: 3
    shodan-query: ssl.version:sslv2 ssl.version:sslv3 ssl.version:tlsv1 ssl.version:tlsv1.1
-  tags: ssl
+  tags: ssl,tls

 ssl:
  - address: "{{Host}}:{{Port}}"
--- a/ssl/detect-ssl-issuer.yaml
+++ b/ssl/detect-ssl-issuer.yaml
@ -8,7 +8,7 @@ info:
    Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.
  metadata:
    max-request: 1
-  tags: ssl
+  tags: ssl,tls
 ssl:
  - address: "{{Host}}:{{Port}}"

--- a/ssl/expired-ssl.yaml
+++ b/ssl/expired-ssl.yaml
@ -12,7 +12,7 @@ info:
    - https://www.acunetix.com/vulnerabilities/web/tls-ssl-certificate-about-to-expire/
  metadata:
    max-request: 1
-  tags: ssl
+  tags: ssl,tls
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/insecure-cipher-suite-detect.yaml
+++ b/ssl/insecure-cipher-suite-detect.yaml
@ -10,7 +10,7 @@ info:
    - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/
  metadata:
    max-request: 4
-  tags: ssl
+  tags: ssl,tls
 ssl:
  - address: "{{Host}}:{{Port}}"
    min_version: tls10
--- a/ssl/revoked-ssl-certificate.yaml
+++ b/ssl/revoked-ssl-certificate.yaml
@ -11,7 +11,7 @@ info:
    - https://www.tenable.com/plugins/nnm/5837
  metadata:
    max-request: 1
-  tags: ssl,revoked
+  tags: ssl,revoked,tls
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/self-signed-ssl.yaml
+++ b/ssl/self-signed-ssl.yaml
@ -13,7 +13,7 @@ info:
    - https://www.rapid7.com/db/vulnerabilities/ssl-self-signed-certificate/
  metadata:
    max-request: 1
-  tags: ssl
+  tags: ssl,tls,self-signed
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
--- a/ssl/ssl-dns-names.yaml
+++ b/ssl/ssl-dns-names.yaml
@ -8,7 +8,7 @@ info:
    Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.
  metadata:
    max-request: 1
-  tags: ssl
+  tags: ssl,tls
 ssl:
  - address: "{{Host}}:{{Port}}"

--- a/ssl/tls-version.yaml
+++ b/ssl/tls-version.yaml
@ -9,7 +9,7 @@ info:
    It is important to detect the TLS version in order to ensure secure communication between two computers or servers.
  metadata:
    max-request: 4
-  tags: ssl
+  tags: ssl,tls
 ssl:
  - address: "{{Host}}:{{Port}}"
    min_version: tls10
--- a/ssl/untrusted-root-certificate.yaml
+++ b/ssl/untrusted-root-certificate.yaml
@ -12,7 +12,7 @@ info:
  metadata:
    verified: true
    max-request: 1
-  tags: ssl,untrusted
+  tags: ssl,untrusted,tls
 ssl:
  - address: "{{Host}}:{{Port}}"
    matchers: