From 4e78a390d70e92025418d472e220a792ae097307 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 3 Oct 2023 13:59:48 +0530
Subject: [PATCH] Update pi-hole-detect.yaml

---
 http/technologies/pi-hole-detect.yaml | 29 ++++++++++++++-------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/http/technologies/pi-hole-detect.yaml b/http/technologies/pi-hole-detect.yaml
index f10a1dddc0..308b0979d2 100644
--- a/http/technologies/pi-hole-detect.yaml
+++ b/http/technologies/pi-hole-detect.yaml
@@ -1,41 +1,42 @@
-id: pi-hole-detect
+id: pi-hole-panel
 
 info:
-  name: pi-hole detector
+  name: Pi-hole Login Panel - Detect
   author: geeknik
   severity: info
-  tags: tech,pihole
   metadata:
-    max-request: 1
+    max-request: 5
+    verified: true
+    shodan-query: title:"Pi-hole"
+  tags: tech,pihole,detect
 
 http:
   - method: GET
     path:
+      - "{{BaseURL}}"
       - "{{BaseURL}}/admin/index.php"
       - "{{BaseURL}}/admin/login.php"
       - "{{BaseURL}}/admin/index.php?login"
       - "{{BaseURL}}/index.php?login"
 
-    matchers-condition: and
+    host-redirects: true
+    max-redirects: 2
+    stop-at-first-match: true
+    matchers-condition: or
     matchers:
-      - type: status
-        status:
-          - 200
-
       - type: word
+        part: body
         words:
           - "Pi-hole"
           - "Web Interface"
           - "FTL"
-        part: body
-        condition: or
+        condition: and
 
       - type: word
+        part: body
         words:
-          - '<title>Pi-hole - '
+          - '<title>Pi-hole'
           - 'Pi-hole: Your black hole for Internet advertisements'
           - 'Pi-hole: A black hole for Internet advertisements'
-          - 'https://pi-hole.net'
           - '<pre>sudo pihole -a -p</pre>'
-        part: body
         condition: or