fixes

exposed-tokens/generic/credentials-disclosure.yaml

@@ -5,10 +5,15 @@ id: credentials-disclosure
 # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
 # Regex count:- 687
 
+# Notes:-
+# This template requires manual inspection once found valid match.
+# Generic token could be anything matching below regex.
+# Impact of leaked token depends on validation of leaked token.
+
 info:
   name: Credentials Disclosure Check
   author: Sy3Omda
-  severity: medium
+  severity: info
   description: Look for multiple keys/tokens/passwords in the page response.
 
 requests:

exposed-tokens/generic/general-tokens.yaml

@@ -1,15 +1,20 @@
-id: general-tokens
+id: generic-tokens
 
 info:
-  name: General Tokens
+  name: Generic Tokens
   author: nadino
-  severity: medium
+  severity: info
 
 requests:
   - method: GET
     path:
       - '{{BaseURL}}'
 
+# Notes:-
+# This template requires manual inspection once found valid match.
+# Generic token could be anything matching below regex.
+# Impact of leaked token depends on validation of leaked token.
+
     matchers-condition: and
     matchers:
       - type: dsl

exposed-tokens/generic/http-username-password.yaml

@@ -1,13 +1,15 @@
 id: http-username-password
 
 # Extract something like https://username:password@vulnerable.com
-# can be improved
 
 info:
   name: Http usernamme password
   author: nadino
   severity: info
 
+# Notes:-
+# This template requires manual inspection once found valid match.
+
 requests:
   - method: GET
     path:

exposures/apis/swagger-api.yaml

@@ -1,4 +1,4 @@
-id: swagger-apis
+id: swagger-api
 
 info:
   name: Swagger API Panel

misconfiguration/unauthenticated-nacos-access.yaml

@@ -20,9 +20,9 @@ requests:
     matchers:
       - type: regex
         regex:
-          - "username"
-          - "password"
-          - "totalCount"
+          - '"username":'
+          - '"password":'
+          - '"totalCount":'
         condition: and
         part: body
       - type: status