javascript, token spray, headless, file tagging improvements and consistency

2023-12-12 16:25:50 -07:00 · 2023-12-12 16:25:50 -07:00 · 8b10d8c44a
parent 0f1b89d3f5
commit 8b10d8c44a
111 changed files with 141 additions and 37 deletions
--- a/dns/elasticbeanstalk-takeover.yaml
+++ b/dns/elasticbeanstalk-takeover.yaml
@ -24,7 +24,7 @@ info:
      For example:
      CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com
      Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c
-  tags: dns,takeover,aws
+  tags: dns,takeover,aws,elasticbeanstalk

 dns:
  - name: "{{FQDN}}"
--- a/file/android/adb-backup-enabled.yaml
+++ b/file/android/adb-backup-enabled.yaml
@ -10,7 +10,8 @@ info:
    - https://adb-backup.com/
  classification:
    cwe-id: CWE-200
-  tags: android,file
+  tags: android,file,adb
+  
 file:
  - extensions:
      - all
--- a/file/android/biometric-detect.yaml
+++ b/file/android/biometric-detect.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: android,file
+  tags: android,file,biometric
+
 file:
  - extensions:
      - all
--- a/file/android/certificate-validation.yaml
+++ b/file/android/certificate-validation.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-200
  tags: android,file
+  
 file:
  - extensions:
      - all
--- a/file/android/content-scheme.yaml
+++ b/file/android/content-scheme.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: android,file
+  
 file:
  - extensions:
      - xml
--- a/file/android/debug-enabled.yaml
+++ b/file/android/debug-enabled.yaml
@ -6,6 +6,7 @@ info:
  severity: low
  description: Android debug enabling was detected.
  tags: android,file
+  
 file:
  - extensions:
      - all
--- a/file/android/deep-link-detect.yaml
+++ b/file/android/deep-link-detect.yaml
@ -16,6 +16,7 @@ info:
  metadata:
    verified: true
  tags: android,file,deeplink
+  
 file:
  - extensions:
      - xml
--- a/file/android/dynamic-broadcast-receiver.yaml
+++ b/file/android/dynamic-broadcast-receiver.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: android,file
+  
 file:
  - extensions:
      - all
--- a/file/android/file-scheme.yaml
+++ b/file/android/file-scheme.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: android,file
+  
 file:
  - extensions:
      - xml
--- a/file/android/google-storage-bucket.yaml
+++ b/file/android/google-storage-bucket.yaml
@ -8,6 +8,7 @@ info:
    verified: "true"
    github-query: "/[a-z0-9.-]+\\.appspot\\.com/"
  tags: file,android,google
+  
 file:
  - extensions:
      - all
--- a/file/android/provider-path.yaml
+++ b/file/android/provider-path.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-200
  tags: android,file
+  
 file:
  - extensions:
      - all
--- a/file/android/webview-addjavascript-interface.yaml
+++ b/file/android/webview-addjavascript-interface.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
-  tags: android,file
+  tags: android,file,webview
+
 file:
  - extensions:
      - all
--- a/file/android/webview-javascript.yaml
+++ b/file/android/webview-javascript.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: android,file,javascript
+  tags: android,file,js,webview
+  
 file:
  - extensions:
      - all
--- a/file/android/webview-load-url.yaml
+++ b/file/android/webview-load-url.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: android,file
+  tags: android,file,webview
+  
 file:
  - extensions:
      - all
--- a/file/android/webview-universal-access.yaml
+++ b/file/android/webview-universal-access.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
-  tags: android,file
+  tags: android,file,webview
+  
 file:
  - extensions:
      - all
--- a/file/audit/cisco/configure-aaa-service.yaml
+++ b/file/audit/cisco/configure-aaa-service.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/configure-service-timestamps-debug.yaml
+++ b/file/audit/cisco/configure-service-timestamps-debug.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/configure-service-timestamps-logmessages.yaml
+++ b/file/audit/cisco/configure-service-timestamps-logmessages.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/disable-ip-source-route.yaml
+++ b/file/audit/cisco/disable-ip-source-route.yaml
@ -14,6 +14,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/disable-pad-service.yaml
+++ b/file/audit/cisco/disable-pad-service.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/enable-secret-for-password-user-and-.yaml
+++ b/file/audit/cisco/enable-secret-for-password-user-and-.yaml
@ -9,6 +9,7 @@ info:
  reference:
    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
  tags: cisco,config-audit,cisco-switch,file,router
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/logging-enable.yaml
+++ b/file/audit/cisco/logging-enable.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file
+  
 file:
  - extensions:
      - conf
--- a/file/audit/cisco/set-and-secure-passwords.yaml
+++ b/file/audit/cisco/set-and-secure-passwords.yaml
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: cisco,config-audit,cisco-switch,file
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/auto-usb-install.yaml
+++ b/file/audit/fortigate/auto-usb-install.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/heuristic-scan.yaml
+++ b/file/audit/fortigate/heuristic-scan.yaml
@ -12,6 +12,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/inactivity-timeout.yaml
+++ b/file/audit/fortigate/inactivity-timeout.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/maintainer-account.yaml
+++ b/file/audit/fortigate/maintainer-account.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/password-policy.yaml
+++ b/file/audit/fortigate/password-policy.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: fortigate,config,audit,file,firewall
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/remote-auth-timeout.yaml
+++ b/file/audit/fortigate/remote-auth-timeout.yaml
@ -12,6 +12,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/scp-admin.yaml
+++ b/file/audit/fortigate/scp-admin.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/fortigate/strong-ciphers.yaml
+++ b/file/audit/fortigate/strong-ciphers.yaml
@ -7,6 +7,7 @@ info:
  description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
  tags: audit,config,file,firewall,fortigate
+  
 file:
  - extensions:
      - conf
--- a/file/audit/pfsense/configure-dns-server.yaml
+++ b/file/audit/pfsense/configure-dns-server.yaml
@ -15,6 +15,7 @@ info:
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
+  
 file:
  - extensions:
      - xml
--- a/file/audit/pfsense/configure-session-timeout.yaml
+++ b/file/audit/pfsense/configure-session-timeout.yaml
@ -1,7 +1,7 @@
 id: configure-session-timeout

 info:
-  name: PfSence Configure Sessions Timeout Not Set - Detect
+  name: PfSense Configure Sessions Timeout Not Set - Detect
  author: pussycat0x
  severity: info
  description: |
@ -15,6 +15,7 @@ info:
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
+
 file:
  - extensions:
      - xml
--- a/file/audit/pfsense/enable-https-protocol.yaml
+++ b/file/audit/pfsense/enable-https-protocol.yaml
@ -1,11 +1,11 @@
 id: enable-https-protocol

 info:
-  name: Pfsence Web Admin Management Portal HTTPS Not Set   - Detect
+  name: Pfsense Web Admin Management Portal HTTPS Not Set   - Detect
  author: pussycat0x
  severity: info
  description: |
-    PfSence Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
+    PfSense Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
  classification:
@ -15,6 +15,7 @@ info:
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
+
 file:
  - extensions:
      - xml
--- a/file/audit/pfsense/known-default-account.yaml
+++ b/file/audit/pfsense/known-default-account.yaml
@ -1,11 +1,11 @@
 id: known-default-account

 info:
-  name: PfSence Known Default Account - Detect
+  name: PfSense Known Default Account - Detect
  author: pussycat0x
  severity: info
  description: |
-    PfSence configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
+    PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
  reference: |
    - https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
  classification:
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,pfsense
+
 file:
  - extensions:
      - xml
--- a/file/audit/pfsense/password-protected-consolemenu.yaml
+++ b/file/audit/pfsense/password-protected-consolemenu.yaml
@ -1,11 +1,11 @@
 id: password-protected-consolemenu

 info:
-  name: PfSence Consolemenu Password Protection Not Implememnted - Detect
+  name: PfSense Consolemenu Password Protection Not Implememnted - Detect
  author: pussycat0x
  severity: info
  description: |
-    PfSence password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
+    PfSense password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
  classification:
@ -15,6 +15,7 @@ info:
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
+
 file:
  - extensions:
      - xml
--- a/file/audit/pfsense/set-hostname.yaml
+++ b/file/audit/pfsense/set-hostname.yaml
@ -1,11 +1,11 @@
 id: set-hostname

 info:
-  name: PfSence Hostname Not Set - Detect
+  name: PfSense Hostname Not Set - Detect
  author: pussycat0x
  severity: info
  description: |
-    PfSence Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
+    PfSense Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/general.html
  classification:
@ -13,6 +13,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: firewall,config,audit,pfsense,file
+
 file:
  - extensions:
      - xml
--- a/file/bash/bash-scanner.yaml
+++ b/file/bash/bash-scanner.yaml
@ -9,6 +9,7 @@ info:
    - https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/
    - https://phoenixnap.com/kb/dangerous-linux-terminal-commands
  tags: bash,file,shell,sh
+  
 file:
  - extensions:
      - sh
--- a/file/electron/electron-version-detect.yaml
+++ b/file/electron/electron-version-detect.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: electron,file
+  
 file:
  - extensions:
      - json
--- a/file/electron/node-integration-enabled.yaml
+++ b/file/electron/node-integration-enabled.yaml
@ -10,6 +10,7 @@ info:
    - https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
    - https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
  tags: electron,file,nodejs
+  
 file:
  - extensions:
      - all
--- a/file/js/js-analyse.yaml
+++ b/file/js/js-analyse.yaml
@ -8,7 +8,8 @@ info:
    This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
  metadata:
    verified: true
-  tags: file,js-analyse,js,javascript
+  tags: file,js-analyse,js
+
 file:
  - extensions:
      - js
--- a/file/keys/adobe/adobe-client.yaml
+++ b/file/keys/adobe/adobe-client.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: adobe,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/adobe/adobe-secret.yaml
+++ b/file/keys/adobe/adobe-secret.yaml
@ -12,6 +12,7 @@ info:
  metadata:
    verified: true
  tags: adobe,oauth,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/age/age-identity-secret-key.yaml
+++ b/file/keys/age/age-identity-secret-key.yaml
@ -11,6 +11,7 @@ info:
  metadata:
    verified: true
  tags: age-encryption,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/age/age-recipient-public-key.yaml
+++ b/file/keys/age/age-recipient-public-key.yaml
@ -11,6 +11,7 @@ info:
  metadata:
    verified: true
  tags: age-encryption,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/alibaba/alibaba-key-id.yaml
+++ b/file/keys/alibaba/alibaba-key-id.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: alibaba,access,file,keys
+  
 file:
  - extensions:
      - all
--- a/file/keys/alibaba/alibaba-secret-id.yaml
+++ b/file/keys/alibaba/alibaba-secret-id.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: alibaba,secret,file,keys
+  
 file:
  - extensions:
      - all
--- a/file/keys/amazon/amazon-account-id.yaml
+++ b/file/keys/amazon/amazon-account-id.yaml
@ -14,6 +14,7 @@ info:
  metadata:
    verified: true
  tags: aws,amazon,token,file
+  
 file:
  - extensions:
      - all
--- a/file/keys/amazon/amazon-mws-auth-token.yaml
+++ b/file/keys/amazon/amazon-mws-auth-token.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
-  tags: token,file,amazon,auth
+  tags: token,file,amazon,auth,mws
+
 file:
  - extensions:
      - all
--- a/file/keys/amazon/amazon-session-token.yaml
+++ b/file/keys/amazon/amazon-session-token.yaml
@ -14,6 +14,7 @@ info:
  metadata:
    verified: true
  tags: aws,amazon,token,file,session
+  
 file:
  - extensions:
      - all
--- a/file/keys/amazon/amazon-sns-token.yaml
+++ b/file/keys/amazon/amazon-sns-token.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: file,token,amazon,aws
+  tags: file,token,amazon,aws,sns
+
 file:
  - extensions:
      - all
--- a/file/keys/amazon/aws-access-id.yaml
+++ b/file/keys/amazon/aws-access-id.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: token,file
+  tags: token,file,aws,amazon
+  
 file:
  - extensions:
      - all
--- a/file/keys/amazon/aws-cognito.yaml
+++ b/file/keys/amazon/aws-cognito.yaml
@ -9,7 +9,8 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
-  tags: token,file
+  tags: token,file,aws,amazon
+  
 file:
  - extensions:
      - all
--- a/file/keys/asana/asana-clientid.yaml
+++ b/file/keys/asana/asana-clientid.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: asana,client,file,keys
+  
 file:
  - extensions:
      - all
--- a/file/keys/asana/asana-clientsecret.yaml
+++ b/file/keys/asana/asana-clientsecret.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: asana,client,file,keys,secret
+  
 file:
  - extensions:
      - all
--- a/file/keys/atlassian/atlassian-api-token.yaml
+++ b/file/keys/atlassian/atlassian-api-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: atlassian,file,token,api
+  
 file:
  - extensions:
      - all
--- a/file/keys/azure/azure-connection-string.yaml
+++ b/file/keys/azure/azure-connection-string.yaml
@ -11,6 +11,7 @@ info:
  metadata:
    verified: true
  tags: azure,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/bitbucket/bitbucket-client-id.yaml
+++ b/file/keys/bitbucket/bitbucket-client-id.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: bitbucket,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/bitbucket/bitbucket-client-secret.yaml
+++ b/file/keys/bitbucket/bitbucket-client-secret.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: bitbucket,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/bittrex/bittrex-access-key.yaml
+++ b/file/keys/bittrex/bittrex-access-key.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: bittrex,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/bittrex/bittrex-secret-key.yaml
+++ b/file/keys/bittrex/bittrex-secret-key.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: bittrex,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/confluent/confluent-access-token.yaml
+++ b/file/keys/confluent/confluent-access-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: confluent,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/confluent/confluent-secret-token.yaml
+++ b/file/keys/confluent/confluent-secret-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: confluent,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/digitalocean/digitalocean-access-token.yaml
+++ b/file/keys/digitalocean/digitalocean-access-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: digitalocean,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/digitalocean/digitalocean-personal-access.yaml
+++ b/file/keys/digitalocean/digitalocean-personal-access.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: digitalocean,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/digitalocean/digitalocean-refresh-token.yaml
+++ b/file/keys/digitalocean/digitalocean-refresh-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: digitalocean,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/discord/discord-api-token.yaml
+++ b/file/keys/discord/discord-api-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: discord,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/discord/discord-cilent-secret.yaml
+++ b/file/keys/discord/discord-cilent-secret.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: discord,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/discord/discord-client-id.yaml
+++ b/file/keys/discord/discord-client-id.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: discord,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/dropbox/dropbox-api-token.yaml
+++ b/file/keys/dropbox/dropbox-api-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: dropbox,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/dropbox/dropbox-longlived-token.yaml
+++ b/file/keys/dropbox/dropbox-longlived-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: dropbox,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/dropbox/dropbox-shortlived-token.yaml
+++ b/file/keys/dropbox/dropbox-shortlived-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: dropbox,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/easypost/easypost-api-token.yaml
+++ b/file/keys/easypost/easypost-api-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: easypost,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/easypost/easypost-test-token.yaml
+++ b/file/keys/easypost/easypost-test-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: easypost,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/facebook/facebook-api-token.yaml
+++ b/file/keys/facebook/facebook-api-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: facebook,file,token
+  
 file:
  - extensions:
      - all
--- a/file/keys/facebook/facebook-client-id.yaml
+++ b/file/keys/facebook/facebook-client-id.yaml
@ -10,6 +10,7 @@ info:
    cvss-score: 0
    cwe-id: CWE-200
  tags: token,file,facebook
+  
 file:
  - extensions:
      - all
--- a/file/keys/facebook/facebook-secret.yaml
+++ b/file/keys/facebook/facebook-secret.yaml
@ -6,6 +6,7 @@ info:
  severity: low
  description: Facebook secret key token was detected.
  tags: token,file,facebook
+  
 file:
  - extensions:
      - all
--- a/file/keys/facebook/fb-access-token.yaml
+++ b/file/keys/facebook/fb-access-token.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: facebook,token,file
+  
 file:
  - extensions:
      - all
--- a/headless/cves/2018/CVE-2018-25031.yaml
+++ b/headless/cves/2018/CVE-2018-25031.yaml
@ -29,7 +29,7 @@ info:
    product: swagger_ui
    shodan-query: http.component:"Swagger"
    fofa-query: icon_hash="-1180440057"
-  tags: cve,cve2018,headless,swagger-ui,xss
+  tags: cve,cve2018,headless,swagger,xss

 headless:
  - steps:
--- a/headless/dvwa-headless-automatic-login.yaml
+++ b/headless/dvwa-headless-automatic-login.yaml
@ -5,6 +5,7 @@ info:
  author: pdteam
  severity: high
  tags: headless,dvwa
+  
 headless:
  - steps:
      - args:
--- a/headless/extract-urls.yaml
+++ b/headless/extract-urls.yaml
@ -5,6 +5,7 @@ info:
  author: dwisiswant0
  severity: info
  tags: headless,extractor
+  
 headless:
  - steps:
      - args:
--- a/headless/headless-open-redirect.yaml
+++ b/headless/headless-open-redirect.yaml
@ -11,6 +11,7 @@ info:
    cvss-score: 6.1
    cwe-id: CWE-601
  tags: redirect,generic,headless
+  
 headless:
  - steps:
      - args:
--- a/headless/prototype-pollution-check.yaml
+++ b/headless/prototype-pollution-check.yaml
@ -7,6 +7,7 @@ info:
  metadata:
    max-request: 4
  tags: headless
+  
 headless:
  - steps:
      - args:
--- a/headless/screenshot.yaml
+++ b/headless/screenshot.yaml
@ -6,9 +6,11 @@ info:
  severity: info
  description: Takes a screenshot of the specified URLS.
  tags: headless,screenshot
+  
 variables:
  filename: '{{replace(BaseURL,"/","_")}}'
  dir: "screenshots"
+
 headless:
  - steps:
      - action: setheader
--- a/headless/technologies/js-libraries-detect.yaml
+++ b/headless/technologies/js-libraries-detect.yaml
@ -8,6 +8,7 @@ info:
  metadata:
    max-request: 1
  tags: headless,tech,js
+  
 headless:
  - steps:
      - action: navigate
--- a/headless/technologies/sap-spartacus.yaml
+++ b/headless/technologies/sap-spartacus.yaml
@ -10,6 +10,7 @@ info:
  metadata:
    verified: true
  tags: tech,sap,hybris,angular,spartacus,headless
+  
 headless:
  - steps:
      - action: navigate
--- a/http/token-spray/api-fortitoken-cloud.yaml
+++ b/http/token-spray/api-fortitoken-cloud.yaml
@ -8,7 +8,7 @@ info:
    - https://docs.fortinet.com/document/fortitoken-cloud/latest/rest-api/456035/overview
  metadata:
    max-request: 1
-  tags: token-spray,fortinet
+  tags: token-spray,fortinet,fortitoken

 self-contained: true

--- a/http/token-spray/api-front.yaml
+++ b/http/token-spray/api-front.yaml
@ -1,7 +1,7 @@
 id: api-front

 info:
-  name: LaunchDarkly REST API
+  name: Frontapp API
  author: Luqmaan Hadia [Luqiih](https://github.com/Luqiih)
  severity: info
  reference:
--- a/http/token-spray/api-instagram.yaml
+++ b/http/token-spray/api-instagram.yaml
@ -8,7 +8,7 @@ info:
    - https://developers.facebook.com/docs/instagram-api/getting-started
  metadata:
    max-request: 1
-  tags: token-spray,instagram,graph
+  tags: token-spray,instagram,graph,facebook

 self-contained: true

--- a/http/token-spray/google-safebrowsing.yaml
+++ b/http/token-spray/google-safebrowsing.yaml
@ -10,7 +10,7 @@ info:
    - https://github.com/daffainfo/all-about-apikey/tree/main/google-safe-browsing
  metadata:
    max-request: 1
-  tags: token-spray,google,books
+  tags: token-spray,google,safebrowsing

 self-contained: true

--- a/javascript/cves/2016/CVE-2016-8706.yaml
+++ b/javascript/cves/2016/CVE-2016-8706.yaml
@ -26,6 +26,7 @@ info:
    product: memcached
    verfied: true
  tags: cve,cve2016,rce,js,memcached
+  
 javascript:
  - code: |
      let packet = bytes.NewBuffer();
--- a/javascript/cves/2023/CVE-2023-34039.yaml
+++ b/javascript/cves/2023/CVE-2023-34039.yaml
@ -29,9 +29,11 @@ info:
    verified: true
    vendor: vmware
    product: aria_operations_for_networks
-  tags: packetstorm,cve,cve2019,vmware,aria,rce,fuzz
+  tags: js,packetstorm,cve,cve2019,vmware,aria,rce,fuzz,vrealize
+
 variables:
  keysDir: "helpers/payloads/cve-2023-34039-keys" # load all private keys from this directory
+  
 javascript:
  # init field can be used to make any preperations before the actual exploit
  # here we are reading all private keys from helpers folder and storing them in a list
--- a/javascript/cves/2023/CVE-2023-46604.yaml
+++ b/javascript/cves/2023/CVE-2023-46604.yaml
@ -27,7 +27,7 @@ info:
    vendor: apache
    product: activemq
    shodan-query: product:"ActiveMQ OpenWire Transport"
-  tags: cve,cve2023,network,rce,apache,activemq,deserialization,kev
+  tags: cve,cve2023,network,rce,apache,activemq,deserialization,js,kev

 variables:
  prefix: "1f00000000000000000001010042"
--- a/javascript/default-logins/mssql-default-logins.yaml
+++ b/javascript/default-logins/mssql-default-logins.yaml
@ -10,6 +10,7 @@ info:
    max-request: 7
    shodan-query: port:1433
  tags: js,mssql,default-login,network
+  
 javascript:
  - pre-condition: |
      var m = require("nuclei/mssql");
--- a/javascript/default-logins/postgres-default-logins.yaml
+++ b/javascript/default-logins/postgres-default-logins.yaml
@ -9,7 +9,8 @@ info:
  metadata:
    max-request: 9
    shodan-query: port:5432
-  tags: js,postgres,default-login,network
+  tags: js,postgresql,default-login,network
+  
 javascript:
  - pre-condition: |
      var m = require("nuclei/postgres");
--- a/javascript/default-logins/redis-default-logins.yaml
+++ b/javascript/default-logins/redis-default-logins.yaml
@ -10,6 +10,7 @@ info:
    max-request: 6
    shodan-query: product:"redis"
  tags: js,redis,default-login,network
+  
 javascript:
  - pre-condition: |
      isPortOpen(Host,Port)
--- a/javascript/default-logins/ssh-default-logins.yaml
+++ b/javascript/default-logins/ssh-default-logins.yaml
@ -8,6 +8,7 @@ info:
    max-request: 223
    shodan-query: port:1433
  tags: js,ssh,default-login,network,fuzz
+  
 javascript:
  - pre-condition: |
      var m = require("nuclei/ssh");
--- a/javascript/detection/mssql-detect.yaml
+++ b/javascript/detection/mssql-detect.yaml
@ -8,6 +8,7 @@ info:
    max-request: 1
    shodan-query: port:1433
  tags: js,mssql,detect,network
+  
 javascript:
  - code: |
      var m = require("nuclei/mssql");
--- a/javascript/detection/oracle-tns-listener.yaml
+++ b/javascript/detection/oracle-tns-listener.yaml
@ -13,6 +13,7 @@ info:
    max-request: 1
    shodan-query: product:"Oracle TNS Listener"
  tags: js,oracle,tns,network
+  
 javascript:
  - code: |
      var m = require("nuclei/oracle");
--- a/javascript/detection/ssh-auth-methods.yaml
+++ b/javascript/detection/ssh-auth-methods.yaml
@ -12,6 +12,7 @@ info:
    max-request: 1
    shodan-query: product:"OpenSSH"
  tags: ssh,js,enum,network
+  
 javascript:
  - code: |
      var m = require("nuclei/ssh");
--- a/Show More
+++ b/Show More