diff --git a/http/exposures/backups/php-backup-files.yaml b/http/exposures/backups/php-backup-files.yaml
index e7bc0fe8fb..72e42d3392 100644
--- a/http/exposures/backups/php-backup-files.yaml
+++ b/http/exposures/backups/php-backup-files.yaml
@@ -69,7 +69,9 @@ http:
         - /wp-login.php
         - /config.php
         - /config
+        - /const.DB.php.bak
         - /const.DB.php
+
       bakext:
         - ".~"
         - ".bk"
diff --git a/http/exposures/backups/zip-backup-files.yaml b/http/exposures/backups/zip-backup-files.yaml
index 9fc5d99fcc..65acd98f53 100644
--- a/http/exposures/backups/zip-backup-files.yaml
+++ b/http/exposures/backups/zip-backup-files.yaml
@@ -56,6 +56,20 @@ http:
         - "database"
         - "Release"
         - "inetpub"
+        - "temp"
+        - "package"
+        - "tmp"
+        - "db"
+        - "data"
+        - "database"
+        - "ftp"
+        - "output"
+        - "admin"
+        - "upload"
+        - "src"
+        - "conf/conf"
+        - "old"
+
       EXT:
         - "tar"
         - "7z"
diff --git a/http/exposures/configs/dockerfile-hidden-disclosure.yaml b/http/exposures/configs/dockerfile-hidden-disclosure.yaml
index a787930d09..fbd62acf4a 100644
--- a/http/exposures/configs/dockerfile-hidden-disclosure.yaml
+++ b/http/exposures/configs/dockerfile-hidden-disclosure.yaml
@@ -20,6 +20,7 @@ http:
     path:
       - "{{BaseURL}}/.dockerfile"
       - "{{BaseURL}}/.Dockerfile"
+      - "{{BaseURL}}/Dockerfile"
 
     matchers-condition: and
     matchers:
diff --git a/http/exposures/files/shellscripts.yaml b/http/exposures/files/shellscripts.yaml
index cbeb75af4c..3ad1d7e5e4 100644
--- a/http/exposures/files/shellscripts.yaml
+++ b/http/exposures/files/shellscripts.yaml
@@ -17,6 +17,7 @@ http:
       - "{{BaseURL}}/.travis.sh"
       - "{{BaseURL}}/install.sh"
       - "{{BaseURL}}/update.sh"
+      - "{{BaseURL}}/upload.sh"
       - "{{BaseURL}}/config.sh"
       - "{{BaseURL}}/build.sh"
       - "{{BaseURL}}/setup.sh"
@@ -35,6 +36,9 @@ http:
       - "{{BaseURL}}/local2dev.sh"
       - "{{BaseURL}}/local2prod.sh"
       - "{{BaseURL}}/prod2local.sh"
+      - "{{BaseURL}}/rsync.sh"
+      - "{{BaseURL}}/sync.sh"
+      - "{{BaseURL}}/test.sh"
 
     matchers-condition: and
     matchers:
diff --git a/http/exposures/logs/go-pprof-debug.yaml b/http/exposures/logs/go-pprof-debug.yaml
new file mode 100644
index 0000000000..10c9028aca
--- /dev/null
+++ b/http/exposures/logs/go-pprof-debug.yaml
@@ -0,0 +1,32 @@
+id: go-pprof-debug
+
+info:
+  name: Go pprof Debug Page
+  author: w8ay
+  severity: low
+  description: go pprof debug page was exposed.
+  tags: logs,exposure,go,pprof
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/debug/pprof/heap?debug=1"
+      - "{{BaseURL}}/pprof/heap?debug=1"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'heap profile:'
+          - 'Alloc'
+        condition: and
+
+      - type: word
+        words:
+          - "text/plain"
+        part: header
+
+      - type: status
+        status:
+          - 200