updated matcher format & req

2024-01-30 14:14:14 +05:30 · 2024-01-30 14:14:14 +05:30 · 863fc27569
parent 0c0265db7a
commit 863fc27569
1 changed files with 12 additions and 6 deletions
--- a/http/misconfiguration/node-express-dev-environment.yaml
+++ b/http/misconfiguration/node-express-dev-environment.yaml
@ -1,6 +1,7 @@
-id: node-express-dev-environment
+id: node-express-dev-env
+
 info:
-  name: Node.js Express NODE_ENV Development Mode - Detection
+  name: Node.js Express NODE_ENV Development Mode
  author: FLX
  severity: medium
  reference:
@ -9,10 +10,10 @@ info:
  description: |
    The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application.
  metadata:
+    max-request: 2
    verified: true
-    max-request: 1
    shodan-query: "X-Powered-By: Express"
-  tags: node,nodejs,express,misconfig,development,environment
+  tags: nodejs,express,misconfig,development,environment,trace

 flow: http(1) && http(2)

@ -29,12 +30,17 @@ http:

  - raw:
      - |
-        GET {{BaseURL}} HTTP/1.1
+        GET / HTTP/1.1
+        Host: {{Hostname}}
        Content-Type: application/json
        Connection: close

        t
+
    matchers:
      - type: dsl
        dsl:
-          - "contains(tolower(all_headers), 'x-powered-by: express') && status_code==400 && contains(body, 'SyntaxError')"
+          - "status_code==400"
+          - "contains(body, 'SyntaxError: Unexpected token')"
+          - "contains(tolower(all_headers), 'x-powered-by: express')"
+        condition: and