misc changes

default-logins/gitlab/gitlab-weak-login.yaml

@@ -1,9 +1,9 @@
-id: gitlab-password-spray
+id: gitlab-weak-login
 info:
-  name: Gitlab Password Spray
-  author: Suman Kar
+  name: Gitlab Weak Login
+  author: Suman_Kar
   severity: high
-  tags: gitlab,password-spray
+  tags: gitlab,default-login
 
   # Gitlab blocks for 10 minutes after 5 "Invalid" attempts for valid user.
   # So make sure, not to attempt more than 4 password for same valid user.
@@ -35,8 +35,21 @@ requests:
 
         {"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"}
 
+    matchers-condition: and
     matchers:
-
       - type: status
         status:
           - 200
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: word
+        part: body
+        words:
+          - '"access_token":'
+          - '"token_type":'
+          - '"refresh_token":'
+        condition: and