Merge pull request #9378 from projectdiscovery/fuzz-tags

reverted bruteforce tags to fuzz

.nuclei-ignore

@@ -16,7 +16,6 @@ tags:
   - "fuzz"
   - "dos"
   - "local"
-  - "brute-force"
   - "bruteforce"
 
 # The following templates have been excluded because they have weak matchers and may generate FP results.

cloud/enum/azure-vm-cloud-enum.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: cloud,cloud-enum,azure,bruteforce,enum
+  tags: cloud,cloud-enum,azure,fuzz,enum
 
 self-contained: true
 

config/bugbounty.yml

@@ -20,7 +20,7 @@ type:
 exclude-tags:
   - tech
   - dos
-  - brute-force
+  - fuzz
   - creds-stuffing
   - token-spray
   - osint

config/pentest.yml

@@ -15,5 +15,5 @@ type:
 
 exclude-tags:
   - dos
-  - brute-force
+  - fuzz
   - osint

config/recommended.yml

@@ -20,7 +20,7 @@ type:
 exclude-tags:
   - tech
   - dos
-  - brute-force
+  - fuzz
   - creds-stuffing
   - token-spray
   - osint

http/cves/2017/CVE-2017-17562.yaml

@@ -28,7 +28,7 @@ info:
     max-request: 65
     vendor: embedthis
     product: goahead
-  tags: cve,cve2017,rce,goahead,bruteforce,kev,vulhub,embedthis
+  tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub,embedthis
 
 http:
   - raw:

http/cves/2019/CVE-2019-17382.yaml

@@ -27,7 +27,7 @@ info:
     max-request: 100
     vendor: zabbix
     product: zabbix
-  tags: cve2019,cve,bruteforce,auth-bypass,login,edb,zabbix
+  tags: cve2019,cve,fuzz,auth-bypass,login,edb,zabbix
 
 http:
   - raw:

http/cves/2022/CVE-2022-2034.yaml

@@ -28,7 +28,7 @@ info:
     vendor: automattic
     product: sensei_lms
     framework: wordpress
-  tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,bruteforce,hackerone,wordpress,wp-plugin,automattic
+  tags: cve,cve2022,wp,disclosure,wpscan,sensei-lms,fuzz,hackerone,wordpress,wp-plugin,automattic
 
 http:
   - method: GET

http/cves/2022/CVE-2022-2599.yaml

@@ -29,7 +29,7 @@ info:
     vendor: anti-malware_security_and_brute-force_firewall_project
     product: anti-malware_security_and_brute-force_firewall
     framework: wordpress
-  tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project
+  tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan
 
 http:
   - raw:

http/cves/2023/CVE-2023-24489.yaml

@@ -28,7 +28,7 @@ info:
     vendor: citrix
     product: sharefile_storage_zones_controller
     shodan-query: title:"ShareFile Storage Server"
-  tags: cve2023,cve,sharefile,rce,intrusive,fileupload,bruteforce,kev,citrix
+  tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix
 variables:
   fileName: '{{rand_base(8)}}'
 

http/default-logins/oracle/peoplesoft-default-login.yaml

@@ -16,7 +16,7 @@ info:
     verified: true
     max-request: 200
     shodan-query: title:"Oracle PeopleSoft Sign-in"
-  tags: default-login,peoplesoft,oracle,bruteforce
+  tags: default-login,peoplesoft,oracle,fuzz
 
 http:
   - method: POST

http/exposed-panels/adminer-panel-detect.yaml

@@ -19,7 +19,7 @@ info:
     vendor: adminer
     product: adminer
     max-request: 741
-  tags: panel,bruteforce,adminer,login,sqli
+  tags: panel,fuzz,adminer,login,sqli
 
 http:
   - raw:

http/exposures/backups/php-backup-files.yaml

@@ -7,7 +7,7 @@ info:
   description: PHP Source File is disclosed to external users.
   metadata:
     max-request: 1512
-  tags: exposure,backup,php,disclosure,bruteforce
+  tags: exposure,backup,php,disclosure,fuzz
 
 http:
   - method: GET

http/fuzzing/cache-poisoning-fuzz.yaml

@@ -9,7 +9,7 @@ info:
     - https://portswigger.net/web-security/web-cache-poisoning
   metadata:
     max-request: 5834
-  tags: fuzzing,bruteforce,cache
+  tags: fuzz,cache
 
 http:
   - raw:

http/fuzzing/header-command-injection.yaml

@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-77
   metadata:
     max-request: 7650
-  tags: fuzzing,bruteforce,rce
+  tags: fuzz,rce
 
 http:
   - raw:

http/fuzzing/iis-shortname.yaml

@@ -15,7 +15,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 4
-  tags: bruteforce,edb
+  tags: iis,edb
 
 http:
   - raw:

http/fuzzing/linux-lfi-fuzzing.yaml

@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 22
-  tags: fuzzing,linux,lfi,bruteforce
+  tags: linux,lfi,fuzzing
 
 http:
   - method: GET

http/fuzzing/mdb-database-file.yaml

@@ -13,7 +13,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 341
-  tags: bruteforce,mdb,asp
+  tags: fuzz,mdb,asp
 
 http:
   - raw:

http/fuzzing/prestashop-module-fuzz.yaml

@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     max-request: 639
-  tags: fuzzing,bruteforce,prestashop
+  tags: fuzz,prestashop
 
 http:
   - raw:

http/fuzzing/ssrf-via-proxy.yaml

@@ -10,7 +10,7 @@ info:
     - https://twitter.com/ImoJOnDz/status/1649089777629827072
   metadata:
     max-request: 9
-  tags: ssrf,proxy,oast,bruteforce
+  tags: ssrf,proxy,oast,fuzz
 
 http:
   - payloads:

http/fuzzing/valid-gmail-check.yaml

@@ -8,7 +8,7 @@ info:
     - https://github.com/dievus/geeMailUserFinder
   metadata:
     max-request: 1
-  tags: bruteforce,gmail
+  tags: fuzzing,gmail
 
 self-contained: true
 

http/fuzzing/waf-fuzz.yaml

@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 58
-  tags: fuzzing,waf,tech,bruteforce
+  tags: waf,tech,fuzz
 
 http:
   - raw:

http/fuzzing/wordpress-plugins-detect.yaml

@@ -5,8 +5,8 @@ info:
   author: 0xcrypto
   severity: info
   metadata:
-    max-request: 100563
-  tags: fuzzing,bruteforce,wordpress
+    max-request: 98135
+  tags: fuzz,wordpress
 
 http:
   - raw:

http/fuzzing/wordpress-themes-detect.yaml

@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     max-request: 24434
-  tags: bruteforce,wordpress,wp
+  tags: fuzz,wordpress
 
 http:
   - raw:

http/fuzzing/wordpress-weak-credentials.yaml

@@ -14,7 +14,7 @@ info:
     cwe-id: CWE-1391
   metadata:
     max-request: 276
-  tags: wordpress,default-login,bruteforce
+  tags: wordpress,default-login,fuzz
 
 http:
   - raw:

http/fuzzing/xff-403-bypass.yaml

@@ -7,7 +7,7 @@ info:
   description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.
   metadata:
     max-request: 3
-  tags: fuzzing,bruteforce
+  tags: fuzzing
 
 http:
   - raw:

http/miscellaneous/defacement-detect.yaml

@@ -16,7 +16,7 @@ info:
   metadata:
     verified: true
     max-request: 85
-  tags: misc,defacement,spam,hacktivism,bruteforce
+  tags: misc,defacement,spam,hacktivism,fuzz
 
 http:
   - method: GET

http/miscellaneous/ntlm-directories.yaml

@@ -8,7 +8,7 @@ info:
     - https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666
   metadata:
     max-request: 47
-  tags: miscellaneous,misc,bruteforce,windows
+  tags: miscellaneous,misc,fuzz,windows
 
 http:
   - raw:

http/misconfiguration/aem/aem-userinfo-servlet.yaml

@@ -8,7 +8,7 @@ info:
   metadata:
     max-request: 1
     shodan-query: http.component:"Adobe Experience Manager"
-  tags: aem,bruteforce,misconfig
+  tags: aem,misconfig
 
 http:
   - method: GET

http/misconfiguration/gitlab/gitlab-user-enum.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     max-request: 100
     shodan-query: http.title:"GitLab"
-  tags: gitlab,enum,misconfig,bruteforce
+  tags: gitlab,enum,misconfig,fuzz
 
 http:
   - raw:

http/misconfiguration/proxy/open-proxy-internal.yaml

@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-441
   metadata:
     max-request: 25
-  tags: exposure,config,proxy,misconfig,bruteforce
+  tags: exposure,config,proxy,misconfig,fuzz
 
 http:
   - raw:

http/misconfiguration/proxy/open-proxy-localhost.yaml

@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-441
   metadata:
     max-request: 6
-  tags: exposure,config,proxy,misconfig,bruteforce
+  tags: exposure,config,proxy,misconfig,fuzz
 
 http:
   - raw:

http/misconfiguration/proxy/open-proxy-portscan.yaml

@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-441
   metadata:
     max-request: 8
-  tags: exposure,config,proxy,misconfig,bruteforce
+  tags: exposure,config,proxy,misconfig,fuzz
 
 http:
   - raw:

http/technologies/graylog/graylog-api-exposure.yaml

@@ -13,7 +13,7 @@ info:
     verified: true
     max-request: 50
     shodan-query: Graylog
-  tags: tech,graylog,api,swagger,bruteforce
+  tags: tech,graylog,api,swagger,fuzz
 
 http:
   - method: GET

http/vulnerabilities/tongda/tongda-auth-bypass.yaml

@@ -14,7 +14,7 @@ info:
     shodan-query: title:"通达OA"
     fofa-query: title="通达OA"
     zoomeye-query: app:"通达OA"
-  tags: tongda,auth-bypass,bruteforce
+  tags: tongda,auth-bypass,fuzz
 
 http:
   - raw:

http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml

@@ -10,7 +10,7 @@ info:
     - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/
   metadata:
     max-request: 276
-  tags: wordpress,php,xmlrpc,bruteforce
+  tags: wordpress,php,xmlrpc,fuzz
 
 http:
   - raw:

javascript/cves/2023/CVE-2023-34039.yaml

@@ -29,7 +29,8 @@ info:
     verified: true
     vendor: vmware
     product: aria_operations_for_networks
-  tags: js,packetstorm,cve,cve2019,vmware,aria,rce,bruteforce,vrealize
+  tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize
+
 variables:
   keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory
 

javascript/default-logins/ssh-default-logins.yaml

@@ -7,7 +7,7 @@ info:
   metadata:
     max-request: 223
     shodan-query: port:1433
-  tags: js,ssh,default-login,network,bruteforce
+  tags: js,ssh,default-login,network,fuzz
 
 javascript:
   - pre-condition: |

network/misconfig/mysql-native-password.yaml

@@ -12,7 +12,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 1
-  tags: network,mysql,bruteforce,db,misconfig
+  tags: network,mysql,db,misconfig
 
 tcp:
   - host:

network/misconfig/tidb-native-password.yaml

@@ -11,7 +11,7 @@ info:
     cwe-id: CWE-200
   metadata:
     max-request: 1
-  tags: network,tidb,bruteforce,db,misconfig
+  tags: network,tidb,db,misconfig
 
 tcp:
   - host: