diff --git a/cnvd/CNVD-2020-62422.yaml b/cnvd/CNVD-2020-62422.yaml
index 736770f82c..c2470e1201 100644
--- a/cnvd/CNVD-2020-62422.yaml
+++ b/cnvd/CNVD-2020-62422.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: medium
   reference: https://blog.csdn.net/m0_46257936/article/details/113150699
-  tags: lfi,cnvd
+  tags: lfi,cnvd,seeyon
 
 requests:
   - method: GET
@@ -26,4 +26,4 @@ requests:
         words:
           - "ctpDataSource.password"
         condition: and
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2007/CVE-2007-5728.yaml b/cves/2007/CVE-2007-5728.yaml
index 98c2548f6f..9d71758d46 100644
--- a/cves/2007/CVE-2007-5728.yaml
+++ b/cves/2007/CVE-2007-5728.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
-  tags: cve,cve2007,xss,pgadmin
+  tags: cve,cve2007,xss,pgadmin,phppgadmin
   reference: https://www.exploit-db.com/exploits/30090
   metadata:
     shodan-query: 'http.title:"phpPgAdmin"'
diff --git a/cves/2008/CVE-2008-6668.yaml b/cves/2008/CVE-2008-6668.yaml
index f034e02349..8d28f7d91a 100644
--- a/cves/2008/CVE-2008-6668.yaml
+++ b/cves/2008/CVE-2008-6668.yaml
@@ -8,7 +8,7 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6668
   author: geeknik
   severity: high
-  tags: nweb2fax,lfi,cve,cve2008
+  tags: nweb2fax,lfi,cve,cve2008,traversal
 
 requests:
   - method: GET
diff --git a/cves/2009/CVE-2009-0932.yaml b/cves/2009/CVE-2009-0932.yaml
index 20514f9861..dc5993966c 100644
--- a/cves/2009/CVE-2009-0932.yaml
+++ b/cves/2009/CVE-2009-0932.yaml
@@ -9,7 +9,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/16154
     - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
-  tags: cve,cve2009,horde,lfi
+  tags: cve,cve2009,horde,lfi,traversal
 
 requests:
   - method: GET
diff --git a/cves/2009/CVE-2009-1558.yaml b/cves/2009/CVE-2009-1558.yaml
index 9141371d04..0459548703 100644
--- a/cves/2009/CVE-2009-1558.yaml
+++ b/cves/2009/CVE-2009-1558.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
   reference: https://www.exploit-db.com/exploits/32954
-  tags: cve,cve2009,iot,lfi
+  tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
 
 requests:
   - method: GET
diff --git a/cves/2009/CVE-2009-4202.yaml b/cves/2009/CVE-2009-4202.yaml
index 33b3f6694d..8f872ac535 100644
--- a/cves/2009/CVE-2009-4202.yaml
+++ b/cves/2009/CVE-2009-4202.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/8870
     - https://www.cvedetails.com/cve/CVE-2009-4202
-  tags: cve,cve2009,joomla,lfi
+  tags: cve,cve2009,joomla,lfi,photo
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2009/CVE-2009-4679.yaml b/cves/2009/CVE-2009-4679.yaml
index 10596c502d..d8a2c1c5b9 100644
--- a/cves/2009/CVE-2009-4679.yaml
+++ b/cves/2009/CVE-2009-4679.yaml
@@ -8,7 +8,7 @@ info:
   reference: |
     - https://www.exploit-db.com/exploits/33440
     - https://www.cvedetails.com/cve/CVE-2009-4679
-  tags: cve,cve2009,joomla,lfi
+  tags: cve,cve2009,joomla,lfi,nexus
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2010/CVE-2010-0759.yaml b/cves/2010/CVE-2010-0759.yaml
index 93c80ee785..85c6ddd98e 100644
--- a/cves/2010/CVE-2010-0759.yaml
+++ b/cves/2010/CVE-2010-0759.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/11498
     - https://www.cvedetails.com/cve/CVE-2010-0759
-  tags: cve,cve2010,joomla,lfi
+  tags: cve,cve2010,joomla,lfi,plugin
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2010/CVE-2010-1217.yaml b/cves/2010/CVE-2010-1217.yaml
index 45872b620b..a16a2b9e55 100644
--- a/cves/2010/CVE-2010-1217.yaml
+++ b/cves/2010/CVE-2010-1217.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/11814
     - https://www.cvedetails.com/cve/CVE-2010-1217
-  tags: cve,cve2010,joomla,lfi
+  tags: cve,cve2010,joomla,lfi,plugin
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2010/CVE-2010-1302.yaml b/cves/2010/CVE-2010-1302.yaml
index 8bf459dd68..90c52b2f83 100644
--- a/cves/2010/CVE-2010-1302.yaml
+++ b/cves/2010/CVE-2010-1302.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/11978
     - https://www.cvedetails.com/cve/CVE-2010-1302
-  tags: cve,cve2010,joomla,lfi
+  tags: cve,cve2010,joomla,lfi,graph
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2010/CVE-2010-1304.yaml b/cves/2010/CVE-2010-1304.yaml
index 96833ebf19..bacd107b78 100644
--- a/cves/2010/CVE-2010-1304.yaml
+++ b/cves/2010/CVE-2010-1304.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/11998
     - https://www.cvedetails.com/cve/CVE-2010-1304
-  tags: cve,cve2010,joomla,lfi
+  tags: cve,cve2010,joomla,lfi,status
 
 requests:
   - method: GET
diff --git a/cves/2010/CVE-2010-1461.yaml b/cves/2010/CVE-2010-1461.yaml
index 13660c3ae8..1e3d3663a4 100644
--- a/cves/2010/CVE-2010-1461.yaml
+++ b/cves/2010/CVE-2010-1461.yaml
@@ -8,7 +8,7 @@ info:
   reference: |
     - https://www.exploit-db.com/exploits/12232
     - https://www.cvedetails.com/cve/CVE-2010-1461
-  tags: cve,cve2010,joomla,lfi
+  tags: cve,cve2010,joomla,lfi,photo
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2010/CVE-2010-2307.yaml b/cves/2010/CVE-2010-2307.yaml
index 108671e209..d23c7cfd89 100644
--- a/cves/2010/CVE-2010-2307.yaml
+++ b/cves/2010/CVE-2010-2307.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.securityfocus.com/bid/40550/info
     - https://nvd.nist.gov/vuln/detail/CVE-2010-2307
-  tags: cve,cve2010,iot,lfi
+  tags: cve,cve2010,iot,lfi,motorola
 
 requests:
   - method: GET
diff --git a/cves/2010/CVE-2010-2861.yaml b/cves/2010/CVE-2010-2861.yaml
index 7f29024985..58f43f1fad 100644
--- a/cves/2010/CVE-2010-2861.yaml
+++ b/cves/2010/CVE-2010-2861.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
     - http://www.adobe.com/support/security/bulletins/apsb10-18.html
-  tags: cve,cve2010,coldfusion,lfi
+  tags: cve,cve2010,coldfusion,lfi,adobe
 
 requests:
   - method: GET
diff --git a/cves/2010/CVE-2010-4231.yaml b/cves/2010/CVE-2010-4231.yaml
index 282ff28783..58e8e65051 100644
--- a/cves/2010/CVE-2010-4231.yaml
+++ b/cves/2010/CVE-2010-4231.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2010-4231
     - https://www.exploit-db.com/exploits/15505
-  tags: cve,cve2010,iot,lfi
+  tags: cve,cve2010,iot,lfi,camera
 
 requests:
   - method: GET
diff --git a/cves/2010/CVE-2010-4282.yaml b/cves/2010/CVE-2010-4282.yaml
index 074fd7401b..889195c6eb 100644
--- a/cves/2010/CVE-2010-4282.yaml
+++ b/cves/2010/CVE-2010-4282.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/15643
     - https://www.cvedetails.com/cve/CVE-2010-4282
-  tags: cve,cve2010,lfi,joomla
+  tags: cve,cve2010,lfi,joomla,phpshowtime
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2012/CVE-2012-0392.yaml b/cves/2012/CVE-2012-0392.yaml
index 011cc75b69..a6d6be2810 100644
--- a/cves/2012/CVE-2012-0392.yaml
+++ b/cves/2012/CVE-2012-0392.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
   reference: https://blog.csdn.net/weixin_43416469/article/details/113850545
-  tags: cve,cve2012,apache,rce,struts
+  tags: cve,cve2012,apache,rce,struts,java
 
 requests:
   - method: GET
@@ -22,4 +22,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2012/CVE-2012-0896.yaml b/cves/2012/CVE-2012-0896.yaml
index 5e2ad102d4..5a0423bc41 100644
--- a/cves/2012/CVE-2012-0896.yaml
+++ b/cves/2012/CVE-2012-0896.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://packetstormsecurity.com/files/108631/
     - https://www.cvedetails.com/cve/CVE-2012-0896
-  tags: cve,cve2012,lfi,wordpress,wp-plugin
+  tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal
 
 requests:
   - method: GET
diff --git a/cves/2012/CVE-2012-0991.yaml b/cves/2012/CVE-2012-0991.yaml
index 338de87d83..c9bbdc69ff 100644
--- a/cves/2012/CVE-2012-0991.yaml
+++ b/cves/2012/CVE-2012-0991.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/36650
     - https://www.cvedetails.com/cve/CVE-2012-0991
-  tags: cve,cve2012,lfi,openemr
+  tags: cve,cve2012,lfi,openemr,traversal
 
 requests:
   - method: GET
diff --git a/cves/2012/CVE-2012-1226.yaml b/cves/2012/CVE-2012-1226.yaml
index 40b0d31332..262bacd6a8 100644
--- a/cves/2012/CVE-2012-1226.yaml
+++ b/cves/2012/CVE-2012-1226.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/36873
     - https://www.cvedetails.com/cve/CVE-2012-1226
-  tags: cve,cve2012,lfi
+  tags: cve,cve2012,lfi,dolibarr,traversal
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2012/CVE-2012-4878.yaml b/cves/2012/CVE-2012-4878.yaml
index 8b3e35a428..c50f80c82b 100644
--- a/cves/2012/CVE-2012-4878.yaml
+++ b/cves/2012/CVE-2012-4878.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/37034
     - https://www.cvedetails.com/cve/CVE-2012-4878
-  tags: cve,cve2012,lfi
+  tags: cve,cve2012,lfi,traversal
 
 requests:
   - method: GET
diff --git a/cves/2012/CVE-2012-4940.yaml b/cves/2012/CVE-2012-4940.yaml
index 58679a3d38..6e9ed3f4d9 100644
--- a/cves/2012/CVE-2012-4940.yaml
+++ b/cves/2012/CVE-2012-4940.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
   reference: https://www.exploit-db.com/exploits/37996
-  tags: cve,cve2012,axigen,lfi
+  tags: cve,cve2012,axigen,lfi,mail
 
 requests:
   - method: GET
@@ -22,4 +22,4 @@ requests:
           - "bit app support"
           - "fonts"
           - "extensions"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/cves/2013/CVE-2013-1965.yaml b/cves/2013/CVE-2013-1965.yaml
index e2e5f0a70c..b6b996e988 100644
--- a/cves/2013/CVE-2013-1965.yaml
+++ b/cves/2013/CVE-2013-1965.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
   reference: http://struts.apache.org/development/2.x/docs/s2-012.html
-  tags: cve,cve2013,apache,rce,struts
+  tags: cve,cve2013,apache,rce,struts,ognl
 
 requests:
   - method: POST
diff --git a/cves/2013/CVE-2013-2251.yaml b/cves/2013/CVE-2013-2251.yaml
index 67158a4a69..261a2f0b68 100644
--- a/cves/2013/CVE-2013-2251.yaml
+++ b/cves/2013/CVE-2013-2251.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code.
   reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
-  tags: cve,cve2013,rce,struts,apache
+  tags: cve,cve2013,rce,struts,apache,ognl
 
 requests:
   - raw:
diff --git a/cves/2014/CVE-2014-2323.yaml b/cves/2014/CVE-2014-2323.yaml
index 61d21ce54c..c7205766d8 100644
--- a/cves/2014/CVE-2014-2323.yaml
+++ b/cves/2014/CVE-2014-2323.yaml
@@ -6,7 +6,7 @@ info:
   reference: https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
   author: geeknik
   severity: critical
-  tags: cve,cve2014,sqli,lighttpd
+  tags: cve,cve2014,sqli,lighttpd,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2014/CVE-2014-2962.yaml b/cves/2014/CVE-2014-2962.yaml
index c0b20521c0..2456af7a2e 100644
--- a/cves/2014/CVE-2014-2962.yaml
+++ b/cves/2014/CVE-2014-2962.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
   reference: https://www.exploit-db.com/exploits/38488
-  tags: cve,cve2014,lfi,router
+  tags: cve,cve2014,lfi,router,firmware,traversal
 
 requests:
   - method: GET
diff --git a/cves/2014/CVE-2014-3120.yaml b/cves/2014/CVE-2014-3120.yaml
index a2bd566a60..2e3eb0f6e1 100644
--- a/cves/2014/CVE-2014-3120.yaml
+++ b/cves/2014/CVE-2014-3120.yaml
@@ -9,7 +9,7 @@ info:
   reference:
     - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
     - https://www.elastic.co/blog/logstash-1-4-3-released
-  tags: cve,cve2014,elastic,rce
+  tags: cve,cve2014,elastic,rce,elasticsearch
 
 requests:
   - raw:
diff --git a/cves/2014/CVE-2014-4558.yaml b/cves/2014/CVE-2014-4558.yaml
index 38f4f31020..74e48031ac 100644
--- a/cves/2014/CVE-2014-4558.yaml
+++ b/cves/2014/CVE-2014-4558.yaml
@@ -7,7 +7,7 @@ info:
   reference: |
     - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4558
-  tags: cve,cve2014,wordpress,wp-plugin,xss
+  tags: cve,cve2014,wordpress,wp-plugin,xss,woocommerce
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -34,4 +34,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2014/CVE-2014-4561.yaml b/cves/2014/CVE-2014-4561.yaml
index 257dd609d7..583e403abb 100644
--- a/cves/2014/CVE-2014-4561.yaml
+++ b/cves/2014/CVE-2014-4561.yaml
@@ -7,7 +7,7 @@ info:
   reference: |
     - https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4561
-  tags: cve,cve2014,wordpress,wp-plugin,xss
+  tags: cve,cve2014,wordpress,wp-plugin,xss,weather
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -34,4 +34,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2014/CVE-2014-5111.yaml b/cves/2014/CVE-2014-5111.yaml
index f525a4441f..36a72b9429 100644
--- a/cves/2014/CVE-2014-5111.yaml
+++ b/cves/2014/CVE-2014-5111.yaml
@@ -8,7 +8,7 @@ info:
   reference: |
     - https://www.exploit-db.com/exploits/39351
     - https://www.cvedetails.com/cve/CVE-2014-5111
-  tags: cve,cve2014,lfi
+  tags: cve,cve2014,lfi,trixbox
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2015/CVE-2015-1427.yaml b/cves/2015/CVE-2015-1427.yaml
index 79427e3ba5..5a449bec3c 100644
--- a/cves/2015/CVE-2015-1427.yaml
+++ b/cves/2015/CVE-2015-1427.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://blog.csdn.net/JiangBuLiu/article/details/94457980
     - http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
-  tags: cve,cve2015,elastic,rce
+  tags: cve,cve2015,elastic,rce,elasticsearch
 
 requests:
   - raw:
diff --git a/cves/2015/CVE-2015-1503.yaml b/cves/2015/CVE-2015-1503.yaml
index e14c5aac2d..273a65668b 100644
--- a/cves/2015/CVE-2015-1503.yaml
+++ b/cves/2015/CVE-2015-1503.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2015-1503
     cwe-id: CWE-200
-  tags: cve,cve2015,icewarp,lfi
+  tags: cve,cve2015,icewarp,lfi,mail
 
 requests:
   - method: GET
diff --git a/cves/2015/CVE-2015-1880.yaml b/cves/2015/CVE-2015-1880.yaml
index 9f2f2a251d..583e70729a 100644
--- a/cves/2015/CVE-2015-1880.yaml
+++ b/cves/2015/CVE-2015-1880.yaml
@@ -30,4 +30,4 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/cves/2015/CVE-2015-2067.yaml b/cves/2015/CVE-2015-2067.yaml
index d80740f258..b69d7df5ad 100644
--- a/cves/2015/CVE-2015-2067.yaml
+++ b/cves/2015/CVE-2015-2067.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/35996
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2067
-  tags: cve,cve2015,lfi,magento,magmi
+  tags: cve,cve2015,lfi,magento,magmi,plugin
 
 requests:
   - method: GET
diff --git a/cves/2015/CVE-2015-2068.yaml b/cves/2015/CVE-2015-2068.yaml
index 578b48511b..592e896cfa 100644
--- a/cves/2015/CVE-2015-2068.yaml
+++ b/cves/2015/CVE-2015-2068.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/35996
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2068
-  tags: cve,cve2015,magento,magmi,xss
+  tags: cve,cve2015,magento,magmi,xss,plugin
 
 requests:
   - method: GET
diff --git a/cves/2015/CVE-2015-3306.yaml b/cves/2015/CVE-2015-3306.yaml
index da62b75d4c..c12fff4515 100644
--- a/cves/2015/CVE-2015-3306.yaml
+++ b/cves/2015/CVE-2015-3306.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   reference: https://github.com/t0kx/exploit-CVE-2015-3306
   description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
-  tags: cve,cve2015,ftp,rce,network
+  tags: cve,cve2015,ftp,rce,network,proftpd
 
 network:
   - inputs:
@@ -26,4 +26,4 @@ network:
       - type: word
         words:
           - "Copy successful"
-        part: raw
\ No newline at end of file
+        part: raw
diff --git a/cves/2015/CVE-2015-3337.yaml b/cves/2015/CVE-2015-3337.yaml
index 57306fca9b..54768b240b 100644
--- a/cves/2015/CVE-2015-3337.yaml
+++ b/cves/2015/CVE-2015-3337.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
   reference: https://www.exploit-db.com/exploits/37054/
-  tags: cve,cve2015,elastic,lfi
+  tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
 
 requests:
   - method: GET
diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml
index 8f542a5c14..9d3958a8e5 100644
--- a/cves/2015/CVE-2015-7450.yaml
+++ b/cves/2015/CVE-2015-7450.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py
     - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-7450
-  tags: cve,cve2015,websphere,deserialization,rce,oast
+  tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2015/CVE-2015-8813.yaml b/cves/2015/CVE-2015-8813.yaml
index 2651aa807d..cfc4cd20e0 100644
--- a/cves/2015/CVE-2015-8813.yaml
+++ b/cves/2015/CVE-2015-8813.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
-  tags: cve,cve2015,ssrf,oast
+  tags: cve,cve2015,ssrf,oast,umbraco
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
     cvss-score: 8.20
@@ -24,4 +24,4 @@ requests:
       - type: word
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
-          - "http"
\ No newline at end of file
+          - "http"
diff --git a/cves/2016/CVE-2016-1000137.yaml b/cves/2016/CVE-2016-1000137.yaml
index eb4ae2195c..bbfc42fdc5 100644
--- a/cves/2016/CVE-2016-1000137.yaml
+++ b/cves/2016/CVE-2016-1000137.yaml
@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
-  tags: cve,cve2016,wordpress,xss,wp-plugin
+  tags: cve,cve2016,wordpress,xss,wp-plugin,maps
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2016/CVE-2016-1000146.yaml b/cves/2016/CVE-2016-1000146.yaml
index 4d9e921b14..f14bf4f330 100644
--- a/cves/2016/CVE-2016-1000146.yaml
+++ b/cves/2016/CVE-2016-1000146.yaml
@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
-  tags: cve,cve2016,wordpress,xss,wp-plugin
+  tags: cve,cve2016,wordpress,xss,wp-plugin,mail
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2016/CVE-2016-10956.yaml b/cves/2016/CVE-2016-10956.yaml
index e70c75ed3a..0d3a7bd668 100644
--- a/cves/2016/CVE-2016-10956.yaml
+++ b/cves/2016/CVE-2016-10956.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://cxsecurity.com/issue/WLB-2016080220
     - https://wpvulndb.com/vulnerabilities/8609
-  tags: cve,cve2016,wordpress,wp-plugin,lfi
+  tags: cve,cve2016,wordpress,wp-plugin,lfi,mail
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2016/CVE-2016-4975.yaml b/cves/2016/CVE-2016-4975.yaml
index 1bc031521f..f94762b21e 100644
--- a/cves/2016/CVE-2016-4975.yaml
+++ b/cves/2016/CVE-2016-4975.yaml
@@ -5,7 +5,7 @@ info:
   author: melbadry9,nadino,xElkomy,sullo
   severity: low
   description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
-  tags: crlf,generic,cves,cve2016
+  tags: crlf,generic,cves,cve2016,apache
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
diff --git a/cves/2016/CVE-2016-7552.yaml b/cves/2016/CVE-2016-7552.yaml
index 0e56752878..d5cbdd06b5 100644
--- a/cves/2016/CVE-2016-7552.yaml
+++ b/cves/2016/CVE-2016-7552.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
   reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
-  tags: cve,cve2016,lfi
+  tags: cve,cve2016,lfi,auth,bypass
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml
index bd7c9bcac5..3c0839798e 100644
--- a/cves/2017/CVE-2017-0929.yaml
+++ b/cves/2017/CVE-2017-0929.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 7.50
     cve-id: CVE-2017-0929
     cwe-id: CWE-918
-  tags: cve,cve2017,oast,ssrf,dnn
+  tags: cve,cve2017,oast,ssrf,dnn,dotnetnuke
 
 requests:
   - method: GET
@@ -29,4 +29,4 @@ requests:
 
       - type: status
         status:
-          - 500
\ No newline at end of file
+          - 500
diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml
index ef6415afce..9c2bcff1c4 100644
--- a/cves/2017/CVE-2017-1000170.yaml
+++ b/cves/2017/CVE-2017-1000170.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   reference: https://www.exploit-db.com/exploits/49693
   description: jqueryFileTree 2.1.5 and older Directory Traversal
-  tags: cve,cve2017,wordpress,wp-plugin,lfi
+  tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
@@ -28,4 +28,4 @@ requests:
         part: body
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2017/CVE-2017-1000486.yaml b/cves/2017/CVE-2017-1000486.yaml
index d7a07c5e57..dac660480f 100644
--- a/cves/2017/CVE-2017-1000486.yaml
+++ b/cves/2017/CVE-2017-1000486.yaml
@@ -10,7 +10,7 @@ info:
     - https://github.com/pimps/CVE-2017-1000486
     - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
     - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
-  tags: cve,cve2017,primetek,rce
+  tags: cve,cve2017,primetek,rce,injection
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -32,4 +32,4 @@ requests:
       - type: word
         words:
           - 'Mogwailabs: CHECKCHECK'
-        part: header
\ No newline at end of file
+        part: header
diff --git a/cves/2017/CVE-2017-11610.yaml b/cves/2017/CVE-2017-11610.yaml
index 8f4f552adf..e395163d92 100644
--- a/cves/2017/CVE-2017-11610.yaml
+++ b/cves/2017/CVE-2017-11610.yaml
@@ -10,7 +10,7 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2017-11610
   metadata:
     shodan-query: 'http.title:"Supervisor Status"'
-  tags: cve,cve2017,rce,supervisor,oast
+  tags: cve,cve2017,rce,supervisor,oast,xmlrpc
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.80
diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml
index 7e7edb5586..102fb0d338 100644
--- a/cves/2017/CVE-2017-12635.yaml
+++ b/cves/2017/CVE-2017-12635.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
   reference: https://github.com/assalielmehdi/CVE-2017-12635
-  tags: cve,cve2017,couchdb
+  tags: cve,cve2017,couchdb,apache
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2017/CVE-2017-12637.yaml b/cves/2017/CVE-2017-12637.yaml
index 905e10391a..681d71740a 100644
--- a/cves/2017/CVE-2017-12637.yaml
+++ b/cves/2017/CVE-2017-12637.yaml
@@ -5,7 +5,7 @@ info:
   author: apt-mirror
   severity: high
   description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
-  tags: cve,cve2017,sap,lfi
+  tags: cve,cve2017,sap,lfi,java,traversal
   reference:
     - https://www.cvedetails.com/cve/CVE-2017-12637/
     - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
diff --git a/cves/2017/CVE-2017-14535.yaml b/cves/2017/CVE-2017-14535.yaml
index a9b3be6385..8cc11f11f1 100644
--- a/cves/2017/CVE-2017-14535.yaml
+++ b/cves/2017/CVE-2017-14535.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
     - https://www.exploit-db.com/exploits/49913
-  tags: cve,cve2017,trixbox,rce
+  tags: cve,cve2017,trixbox,rce,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.80
diff --git a/cves/2017/CVE-2017-16877.yaml b/cves/2017/CVE-2017-16877.yaml
index ed8c14a5be..576497d6ca 100644
--- a/cves/2017/CVE-2017-16877.yaml
+++ b/cves/2017/CVE-2017-16877.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
   reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
-  tags: cve,cve2017,nextjs,lfi
+  tags: cve,cve2017,nextjs,lfi,traversal
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2017/CVE-2017-5521.yaml b/cves/2017/CVE-2017-5521.yaml
index 7c792b2225..b4af9ed3ad 100644
--- a/cves/2017/CVE-2017-5521.yaml
+++ b/cves/2017/CVE-2017-5521.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://www.cvedetails.com/cve/CVE-2017-5521/
     - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
-  tags: cve,cve2017,auth-bypass
+  tags: cve,cve2017,auth-bypass,netgear
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.10
diff --git a/cves/2017/CVE-2017-7269.yaml b/cves/2017/CVE-2017-7269.yaml
index 533586dd4f..99fbe781e0 100644
--- a/cves/2017/CVE-2017-7269.yaml
+++ b/cves/2017/CVE-2017-7269.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
     - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
-  tags: cve,cve2017,rce
+  tags: cve,cve2017,rce,windows
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2017/CVE-2017-7921.yaml b/cves/2017/CVE-2017-7921.yaml
index 5a1fbdfe03..e9a9330366 100644
--- a/cves/2017/CVE-2017-7921.yaml
+++ b/cves/2017/CVE-2017-7921.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - http://www.hikvision.com/us/about_10805.html
     - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
-  tags: cve,cve2017,auth-bypass
+  tags: cve,cve2017,auth-bypass,hikvision
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.00
diff --git a/cves/2017/CVE-2017-9822.yaml b/cves/2017/CVE-2017-9822.yaml
index 10a07fec84..09de04f19d 100644
--- a/cves/2017/CVE-2017-9822.yaml
+++ b/cves/2017/CVE-2017-9822.yaml
@@ -5,7 +5,7 @@ info:
   author: milo2012
   severity: high
   description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected to deserialization vulnerability that leads to Remote Code Execution (RCE)
-  tags: cve,cve2017,dotnetnuke,bypass
+  tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization
   reference: https://github.com/murataydemir/CVE-2017-9822
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
@@ -33,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 404
\ No newline at end of file
+          - 404
diff --git a/cves/2018/CVE-2018-0296.yaml b/cves/2018/CVE-2018-0296.yaml
index 2bc87caa63..2c6f06d521 100644
--- a/cves/2018/CVE-2018-0296.yaml
+++ b/cves/2018/CVE-2018-0296.yaml
@@ -4,7 +4,7 @@ info:
   name: Cisco ASA path traversal vulnerability
   author: organiccrap
   severity: high
-  tags: cve,cve2018,cisco,lfi
+  tags: cve,cve2018,cisco,lfi,traversal
   reference: https://github.com/yassineaboukir/CVE-2018-0296
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
diff --git a/cves/2018/CVE-2018-1000130.yaml b/cves/2018/CVE-2018-1000130.yaml
index 9421966f6e..9b56c41fde 100644
--- a/cves/2018/CVE-2018-1000130.yaml
+++ b/cves/2018/CVE-2018-1000130.yaml
@@ -5,7 +5,7 @@ info:
   author: milo2012
   severity: high
   description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
-  tags: cve,cve2018,jolokia,rce
+  tags: cve,cve2018,jolokia,rce,jndi,proxy
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.10
diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml
index 5dbeddcdaa..df0c630278 100644
--- a/cves/2018/CVE-2018-1000861.yaml
+++ b/cves/2018/CVE-2018-1000861.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK,pikpikcu
   severity: critical
   reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861
-  tags: cve,cve2018,jenkin,rce
+  tags: cve,cve2018,jenkin,rce,jenkins
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-10141.yaml b/cves/2018/CVE-2018-10141.yaml
index 577e38e5cb..796fc3eb3d 100644
--- a/cves/2018/CVE-2018-10141.yaml
+++ b/cves/2018/CVE-2018-10141.yaml
@@ -32,4 +32,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2018/CVE-2018-10818.yaml b/cves/2018/CVE-2018-10818.yaml
index f4982c8731..2dc224d38d 100644
--- a/cves/2018/CVE-2018-10818.yaml
+++ b/cves/2018/CVE-2018-10818.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
     - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
-  tags: cve,cve2018,lg-nas,rce,oast
+  tags: cve,cve2018,lg-nas,rce,oast,injection
 
 requests:
   - raw:
diff --git a/cves/2018/CVE-2018-11759.yaml b/cves/2018/CVE-2018-11759.yaml
index 27fee436c6..15a423c544 100644
--- a/cves/2018/CVE-2018-11759.yaml
+++ b/cves/2018/CVE-2018-11759.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
   reference: https://github.com/immunIT/CVE-2018-11759
-  tags: cve,cve2018,apache,tomcat
+  tags: cve,cve2018,apache,tomcat,status
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2018/CVE-2018-11784.yaml b/cves/2018/CVE-2018-11784.yaml
index ec8276c693..0dca4eab1e 100644
--- a/cves/2018/CVE-2018-11784.yaml
+++ b/cves/2018/CVE-2018-11784.yaml
@@ -6,7 +6,7 @@ info:
   description: Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
   reference: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
   severity: medium
-  tags: tomcat,redirect,cve,cve2018
+  tags: tomcat,redirect,cve,cve2018,apache
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
     cvss-score: 4.30
diff --git a/cves/2018/CVE-2018-1271.yaml b/cves/2018/CVE-2018-1271.yaml
index 52a285b05a..0ecfd3dda1 100644
--- a/cves/2018/CVE-2018-1271.yaml
+++ b/cves/2018/CVE-2018-1271.yaml
@@ -5,7 +5,7 @@ info:
   author: hetroublemakr
   severity: medium
   reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
-  tags: cve,cve2018,spring,lfi
+  tags: cve,cve2018,spring,lfi,traversal
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 5.90
diff --git a/cves/2018/CVE-2018-1273.yaml b/cves/2018/CVE-2018-1273.yaml
index 819b07b7a6..46a3d307c6 100644
--- a/cves/2018/CVE-2018-1273.yaml
+++ b/cves/2018/CVE-2018-1273.yaml
@@ -12,7 +12,7 @@ info:
     specially crafted request parameters against Spring Data REST backed HTTP resources
     or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
-  tags: cve,cve2018,vmware,rce
+  tags: cve,cve2018,vmware,rce,spring
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml
index cd23caa054..d8f965c9a1 100644
--- a/cves/2018/CVE-2018-12998.yaml
+++ b/cves/2018/CVE-2018-12998.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/unh3x/just4cve/issues/10
     - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html
     - https://nvd.nist.gov/vuln/detail/CVE-2018-12998
-  tags: cve,cve2018,zoho,xss
+  tags: cve,cve2018,zoho,xss,manageengine
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2018/CVE-2018-13380.yaml b/cves/2018/CVE-2018-13380.yaml
index 96cfe5534c..97d5ec71fb 100644
--- a/cves/2018/CVE-2018-13380.yaml
+++ b/cves/2018/CVE-2018-13380.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
-  tags: cve,cve2018,fortios,xss
+  tags: cve,cve2018,fortios,xss,fortinet
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2018/CVE-2018-15138.yaml b/cves/2018/CVE-2018-15138.yaml
index 3d0282e43b..7548517b7e 100644
--- a/cves/2018/CVE-2018-15138.yaml
+++ b/cves/2018/CVE-2018-15138.yaml
@@ -12,7 +12,7 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2018-15138
     cwe-id: CWE-22
-  tags: cve,cve2018,ericsson,lfi
+  tags: cve,cve2018,ericsson,lfi,traversal
 
 requests:
   - method: GET
diff --git a/cves/2018/CVE-2018-16299.yaml b/cves/2018/CVE-2018-16299.yaml
index 08a387bb74..437f60bcf3 100644
--- a/cves/2018/CVE-2018-16299.yaml
+++ b/cves/2018/CVE-2018-16299.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
   reference: https://www.exploit-db.com/exploits/45439
-  tags: wordpress,cve2018,cve,lfi
+  tags: wordpress,cve2018,cve,lfi,plugin
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2018/CVE-2018-16341.yaml b/cves/2018/CVE-2018-16341.yaml
index ebc296d3da..eac56aef00 100644
--- a/cves/2018/CVE-2018-16341.yaml
+++ b/cves/2018/CVE-2018-16341.yaml
@@ -5,7 +5,7 @@ info:
   author: madrobot
   severity: high
   description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
-  tags: cve,cve2018,nuxeo,ssti,rce
+  tags: cve,cve2018,nuxeo,ssti,rce,bypass
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
       - type: word
         words:
           - "31333333337"
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2018/CVE-2018-17246.yaml b/cves/2018/CVE-2018-17246.yaml
index c4f12c3f51..d33f88198a 100644
--- a/cves/2018/CVE-2018-17246.yaml
+++ b/cves/2018/CVE-2018-17246.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
     - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
-  tags: cve,cve2018,lfi
+  tags: cve,cve2018,lfi,kibana
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-18069.yaml b/cves/2018/CVE-2018-18069.yaml
index eab47b98dc..2f61102505 100644
--- a/cves/2018/CVE-2018-18069.yaml
+++ b/cves/2018/CVE-2018-18069.yaml
@@ -5,7 +5,7 @@ info:
   author: nadino
   severity: medium
   description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
-  tags: cve,cve2018,wordpress,xss
+  tags: cve,cve2018,wordpress,xss,plugin
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2018/CVE-2018-18777.yaml b/cves/2018/CVE-2018-18777.yaml
index b0b5a72de4..6c485e337c 100644
--- a/cves/2018/CVE-2018-18777.yaml
+++ b/cves/2018/CVE-2018-18777.yaml
@@ -9,7 +9,7 @@ info:
     allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
     (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
   reference: https://www.exploit-db.com/exploits/45755
-  tags: cve,cve2018,microstrategy,lfi
+  tags: cve,cve2018,microstrategy,lfi,traversal
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 4.30
diff --git a/cves/2018/CVE-2018-19458.yaml b/cves/2018/CVE-2018-19458.yaml
index 8bfc61e40a..ab49b9ff30 100644
--- a/cves/2018/CVE-2018-19458.yaml
+++ b/cves/2018/CVE-2018-19458.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/45780
     - https://www.cvedetails.com/cve/CVE-2018-19458
-  tags: cve,cve2018,lfi
+  tags: cve,cve2018,lfi,proxy
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2018/CVE-2018-20985.yaml b/cves/2018/CVE-2018-20985.yaml
index 9158d407cd..fb8f50d540 100644
--- a/cves/2018/CVE-2018-20985.yaml
+++ b/cves/2018/CVE-2018-20985.yaml
@@ -8,7 +8,7 @@ info:
     - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
     - https://www.cvedetails.com/cve/CVE-2018-20985/
   severity: critical
-  tags: cve,cve2018,wordpress,lfi
+  tags: cve,cve2018,wordpress,lfi,plugin
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-2628.yaml b/cves/2018/CVE-2018-2628.yaml
index 86e858609d..3d4df5a23e 100644
--- a/cves/2018/CVE-2018-2628.yaml
+++ b/cves/2018/CVE-2018-2628.yaml
@@ -5,7 +5,7 @@ info:
   author: milo2012
   severity: critical
   reference: https://www.nc-lp.com/blog/weaponize-oracle-weblogic-server-poc-cve-2018-2628
-  tags: cve,cve2018,oracle,weblogic,network
+  tags: cve,cve2018,oracle,weblogic,network,deserialization
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-2893.yaml b/cves/2018/CVE-2018-2893.yaml
index f87d6e3fa4..6135367a9b 100644
--- a/cves/2018/CVE-2018-2893.yaml
+++ b/cves/2018/CVE-2018-2893.yaml
@@ -4,7 +4,7 @@ info:
   name: Oracle WebLogic Server Deserialization RCE (CVE-2018-2893)
   author: milo2012
   severity: critical
-  tags: cve,cve2018,weblogic,network
+  tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
   reference: https://www.anquanke.com/post/id/152164, https://vulners.com/nessus/WEBLOGIC_CVE_2018_2893.NASL
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
diff --git a/cves/2018/CVE-2018-3167.yaml b/cves/2018/CVE-2018-3167.yaml
index 45ba1789ea..9d1975c38d 100644
--- a/cves/2018/CVE-2018-3167.yaml
+++ b/cves/2018/CVE-2018-3167.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: medium
   description: https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145
-  tags: cve,cve2018,oracle,ebs,ssrf
+  tags: cve,cve2018,oracle,ebs,ssrf,blind
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2018/CVE-2018-3760.yaml b/cves/2018/CVE-2018-3760.yaml
index 221891cb15..a155100b9b 100644
--- a/cves/2018/CVE-2018-3760.yaml
+++ b/cves/2018/CVE-2018-3760.yaml
@@ -12,7 +12,7 @@ info:
   description: |
     Ruby On Rails is a well-known Ruby Web development framework, which uses Sprockets as a static file server in development environment. Sprockets is a Ruby library that compiles and distributes static resource files.
     There is a path traversal vulnerability caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
-  tags: cve,cve2018,rails,lfi
+  tags: cve,cve2018,rails,lfi,ruby
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2018/CVE-2018-3810.yaml b/cves/2018/CVE-2018-3810.yaml
index d7c71edf22..242f61e9c0 100644
--- a/cves/2018/CVE-2018-3810.yaml
+++ b/cves/2018/CVE-2018-3810.yaml
@@ -5,7 +5,7 @@ info:
   author: princechaddha
   severity: critical
   reference: https://www.exploit-db.com/exploits/43420
-  tags: wordpress,cve,cve2018
+  tags: wordpress,cve,cve2018,google
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -40,4 +40,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2018/CVE-2018-5316.yaml b/cves/2018/CVE-2018-5316.yaml
index f2a21c4a73..975724f566 100644
--- a/cves/2018/CVE-2018-5316.yaml
+++ b/cves/2018/CVE-2018-5316.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316
-  tags: cve,cve2018,wordpress,xss,wp-plugin
+  tags: cve,cve2018,wordpress,xss,wp-plugin,woocommerce
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2018/CVE-2018-7251.yaml b/cves/2018/CVE-2018-7251.yaml
index d89c8df6dd..17ebdb1a9e 100644
--- a/cves/2018/CVE-2018-7251.yaml
+++ b/cves/2018/CVE-2018-7251.yaml
@@ -4,7 +4,7 @@ info:
   name: AnchorCMS Error Log Exposure
   author: pdteam
   severity: critical
-  tags: cve,cve2018,anchorcms,logs
+  tags: cve,cve2018,anchorcms,logs,error
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2018/CVE-2018-7490.yaml b/cves/2018/CVE-2018-7490.yaml
index 1e3744b1e1..d77d8d8251 100644
--- a/cves/2018/CVE-2018-7490.yaml
+++ b/cves/2018/CVE-2018-7490.yaml
@@ -4,7 +4,7 @@ info:
   name: uWSGI PHP Plugin Directory Traversal
   author: madrobot
   severity: high
-  tags: cve,cve2018,uwsgi,php,lfi
+  tags: cve,cve2018,uwsgi,php,lfi,plugin
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2018/CVE-2018-9118.yaml b/cves/2018/CVE-2018-9118.yaml
index 3440542393..9f254e1203 100644
--- a/cves/2018/CVE-2018-9118.yaml
+++ b/cves/2018/CVE-2018-9118.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Affected by this vulnerability is an unknown functionality of the file exports/download.php. The manipulation of the argument filename with the input value leads to a directory traversal vulnerability
   reference: https://www.exploit-db.com/exploits/44417
-  tags: wordpress,wp-plugin,lfi,cve,cve2018
+  tags: wordpress,wp-plugin,lfi,cve,cve2018,traversal
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2019/CVE-2019-0230.yaml b/cves/2019/CVE-2019-0230.yaml
index afe490d14c..780f70d9a0 100644
--- a/cves/2019/CVE-2019-0230.yaml
+++ b/cves/2019/CVE-2019-0230.yaml
@@ -8,7 +8,7 @@ info:
     - https://cwiki.apache.org/confluence/display/WW/S2-059
     - https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
   severity: critical
-  tags: struts,rce,cve,cve2019
+  tags: struts,rce,cve,cve2019,apache
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-10092.yaml b/cves/2019/CVE-2019-10092.yaml
index 8a546703a7..9f1de4dbd5 100644
--- a/cves/2019/CVE-2019-10092.yaml
+++ b/cves/2019/CVE-2019-10092.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
     - https://httpd.apache.org/security/vulnerabilities_24.html
-  tags: cve,cve2019,apache,htmli
+  tags: cve,cve2019,apache,htmli,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -22,4 +22,4 @@ requests:
     matchers:
       - type: word
         words:
-          - "<a href=\"/\\google.com/evil.html\">"
\ No newline at end of file
+          - "<a href=\"/\\google.com/evil.html\">"
diff --git a/cves/2019/CVE-2019-10232.yaml b/cves/2019/CVE-2019-10232.yaml
index f9b9155fc7..796e20b3de 100644
--- a/cves/2019/CVE-2019-10232.yaml
+++ b/cves/2019/CVE-2019-10232.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
     - https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
-  tags: cve,cve2019,glpi,sqli
+  tags: cve,cve2019,glpi,sqli,injection
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-10475.yaml b/cves/2019/CVE-2019-10475.yaml
index bd50686df4..483032d353 100644
--- a/cves/2019/CVE-2019-10475.yaml
+++ b/cves/2019/CVE-2019-10475.yaml
@@ -4,7 +4,7 @@ info:
   name: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
   author: madrobot
   severity: medium
-  tags: cve,cve2019,jenkins,xss
+  tags: cve,cve2019,jenkins,xss,plugin
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -33,4 +33,4 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/cves/2019/CVE-2019-12593.yaml b/cves/2019/CVE-2019-12593.yaml
index d0cadf98c8..0fd429f06a 100644
--- a/cves/2019/CVE-2019-12593.yaml
+++ b/cves/2019/CVE-2019-12593.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: high
   description: IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
-  tags: cve,cve2019,lfi
+  tags: cve,cve2019,lfi,icewarp
   reference:
     - https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
     - https://nvd.nist.gov/vuln/detail/CVE-2019-12593
@@ -33,4 +33,4 @@ requests:
       - type: word
         words:
           - "[intl]"
-          - "root:x:0"
\ No newline at end of file
+          - "root:x:0"
diff --git a/cves/2019/CVE-2019-12725.yaml b/cves/2019/CVE-2019-12725.yaml
index ec398f19ae..aa832de42b 100644
--- a/cves/2019/CVE-2019-12725.yaml
+++ b/cves/2019/CVE-2019-12725.yaml
@@ -12,7 +12,7 @@ info:
   reference:
     - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
     - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
-  tags: cve,cve2019,rce
+  tags: cve,cve2019,rce,zeroshell
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-14322.yaml b/cves/2019/CVE-2019-14322.yaml
index 4c63be4e87..f09127fe7b 100644
--- a/cves/2019/CVE-2019-14322.yaml
+++ b/cves/2019/CVE-2019-14322.yaml
@@ -4,7 +4,7 @@ info:
   name: Odoo 12.0 - Local File Inclusion
   author: madrobot
   severity: high
-  tags: cve,cve2019,lfi
+  tags: cve,cve2019,lfi,odoo
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
@@ -34,4 +34,4 @@ requests:
           - "fonts"
           - "extensions"
         condition: and
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2019/CVE-2019-14974.yaml b/cves/2019/CVE-2019-14974.yaml
index 66654e66ed..324308f363 100644
--- a/cves/2019/CVE-2019-14974.yaml
+++ b/cves/2019/CVE-2019-14974.yaml
@@ -4,7 +4,7 @@ info:
   name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  tags: cve,cve2019,xss
+  tags: cve,cve2019,xss,sugarcrm
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-15501.yaml b/cves/2019/CVE-2019-15501.yaml
index f1cdb338d5..e2ea1d72f4 100644
--- a/cves/2019/CVE-2019-15501.yaml
+++ b/cves/2019/CVE-2019-15501.yaml
@@ -8,7 +8,7 @@ info:
     - https://www.exploit-db.com/exploits/47302
     - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
-  tags: cve,cve2019,xss
+  tags: cve,cve2019,xss,listserv
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml
index 988cb5d0d9..64016b991d 100644
--- a/cves/2019/CVE-2019-16332.yaml
+++ b/cves/2019/CVE-2019-16332.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://plugins.trac.wordpress.org/changeset/2152730
     - https://wordpress.org/plugins/api-bearer-auth/#developers
-  tags: cve,cve2019,wordpress,xss,wp-plugin
+  tags: cve,cve2019,wordpress,xss,wp-plugin,auth
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-16662.yaml b/cves/2019/CVE-2019-16662.yaml
index 7ab910ea7e..696076cc85 100644
--- a/cves/2019/CVE-2019-16662.yaml
+++ b/cves/2019/CVE-2019-16662.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: critical
   reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
-  tags: cve,cve2019,rce,intrusive
+  tags: cve,cve2019,rce,intrusive,rconfig
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml
index 24cfb039e5..8dfa5344ff 100644
--- a/cves/2019/CVE-2019-17382.yaml
+++ b/cves/2019/CVE-2019-17382.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
   reference: https://www.exploit-db.com/exploits/47467
-  tags: cve,cve2019,zabbix,fuzz
+  tags: cve,cve2019,zabbix,fuzz,bypass,login
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.10
diff --git a/cves/2019/CVE-2019-17506.yaml b/cves/2019/CVE-2019-17506.yaml
index 0dbb3edcee..8e68f7fb78 100644
--- a/cves/2019/CVE-2019-17506.yaml
+++ b/cves/2019/CVE-2019-17506.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
   reference: https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
-  tags: cve,cve2019,dlink
+  tags: cve,cve2019,dlink,router
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -33,4 +33,4 @@ requests:
           - "</password>"
           - "DEVICE.ACCOUNT"
         part: body
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/cves/2019/CVE-2019-1821.yaml b/cves/2019/CVE-2019-1821.yaml
index 94b84c2ebf..3c95729884 100644
--- a/cves/2019/CVE-2019-1821.yaml
+++ b/cves/2019/CVE-2019-1821.yaml
@@ -10,7 +10,7 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2019-1821
   metadata:
     shodan-query: 'http.title:"prime infrastructure"'
-  tags: cve,cve2019,rce,fileupload,unauth,intrusive
+  tags: cve,cve2019,rce,fileupload,unauth,intrusive,cisco
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-19134.yaml b/cves/2019/CVE-2019-19134.yaml
index 5a3e696f04..d15a56af09 100644
--- a/cves/2019/CVE-2019-19134.yaml
+++ b/cves/2019/CVE-2019-19134.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
   reference: https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
-  tags: cve,cve2019,wordpress,xss,wp-plugin
+  tags: cve,cve2019,wordpress,xss,wp-plugin,maps
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-19368.yaml b/cves/2019/CVE-2019-19368.yaml
index 0105b0b817..c4289cdd72 100644
--- a/cves/2019/CVE-2019-19368.yaml
+++ b/cves/2019/CVE-2019-19368.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
   reference: https://github.com/harshit-shukla/CVE-2019-19368/
-  tags: cve,cve2019,xss
+  tags: cve,cve2019,xss,ftp
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml
index 8f9a04ea11..d0bd4cbb67 100644
--- a/cves/2019/CVE-2019-19908.yaml
+++ b/cves/2019/CVE-2019-19908.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
   reference: https://cinzinga.github.io/CVE-2019-19908/
-  tags: cve,cve2019,xss
+  tags: cve,cve2019,xss,injection,javascript
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2019/CVE-2019-3401.yaml b/cves/2019/CVE-2019-3401.yaml
index 9696be56d8..a3d0348acc 100644
--- a/cves/2019/CVE-2019-3401.yaml
+++ b/cves/2019/CVE-2019-3401.yaml
@@ -5,7 +5,7 @@ info:
   author: TechbrunchFR,milo2012
   description: The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
   severity: medium
-  tags: cve,cve2019,jira,atlassian
+  tags: cve,cve2019,jira,atlassian,exposure
   reference: https://jira.atlassian.com/browse/JRASERVER-69244
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
diff --git a/cves/2019/CVE-2019-3929.yaml b/cves/2019/CVE-2019-3929.yaml
index 5098a71d3c..4dd148b3e1 100644
--- a/cves/2019/CVE-2019-3929.yaml
+++ b/cves/2019/CVE-2019-3929.yaml
@@ -9,7 +9,7 @@ info:
     - http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html
     - https://www.exploit-db.com/exploits/46786/
     - https://nvd.nist.gov/vuln/detail/CVE-2019-3929
-  tags: rce,cve,cve2019,oast
+  tags: rce,cve,cve2019,oast,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2019/CVE-2019-5418.yaml b/cves/2019/CVE-2019-5418.yaml
index 51c1e78b62..6ce78b0c7b 100644
--- a/cves/2019/CVE-2019-5418.yaml
+++ b/cves/2019/CVE-2019-5418.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/omarkurt/CVE-2019-5418
     - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
-  tags: cve,cve2019,rails,lfi
+  tags: cve,cve2019,rails,lfi,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2019/CVE-2019-8449.yaml b/cves/2019/CVE-2019-8449.yaml
index 8467b0fa56..5ae0e70a6c 100644
--- a/cves/2019/CVE-2019-8449.yaml
+++ b/cves/2019/CVE-2019-8449.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.doyler.net/security-not-included/more-jira-enumeration
     - https://jira.atlassian.com/browse/JRASERVER-69796
-  tags: cve,cve2019,atlassian,jira
+  tags: cve,cve2019,atlassian,jira,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2019/CVE-2019-9733.yaml b/cves/2019/CVE-2019-9733.yaml
index 91b8589da2..dc23bcb74f 100644
--- a/cves/2019/CVE-2019-9733.yaml
+++ b/cves/2019/CVE-2019-9733.yaml
@@ -9,7 +9,7 @@ info:
     - http://packetstormsecurity.com/files/152172/JFrog-Artifactory-Administrator-Authentication-Bypass.html
     - https://www.ciphertechs.com/jfrog-artifactory-advisory/
     - https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6
-  tags: cve,cve2019,artifactory
+  tags: cve,cve2019,artifactory,login
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -39,4 +39,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2019/CVE-2019-9955.yaml b/cves/2019/CVE-2019-9955.yaml
index ed6ed3a6cf..02ef8f9271 100644
--- a/cves/2019/CVE-2019-9955.yaml
+++ b/cves/2019/CVE-2019-9955.yaml
@@ -4,7 +4,7 @@ info:
   name: CVE-2019-9955 Zyxel XSS
   author: pdteam
   severity: medium
-  tags: cve,cve2019,xss
+  tags: cve,cve2019,xss,zyxel
   description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
   reference:
     http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
diff --git a/cves/2020/CVE-2020-10148.yaml b/cves/2020/CVE-2020-10148.yaml
index 2aa69a564f..a26a11967e 100644
--- a/cves/2020/CVE-2020-10148.yaml
+++ b/cves/2020/CVE-2020-10148.yaml
@@ -12,7 +12,7 @@ info:
     - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
     - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
     - https://twitter.com/0xsha/status/1343800953946787847
-  tags: cve,cve2020,solarwinds,rce
+  tags: cve,cve2020,solarwinds,rce,auth,bypass
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -40,4 +40,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2020/CVE-2020-10770.yaml b/cves/2020/CVE-2020-10770.yaml
index 6e92956a36..756813b008 100644
--- a/cves/2020/CVE-2020-10770.yaml
+++ b/cves/2020/CVE-2020-10770.yaml
@@ -14,7 +14,7 @@ info:
     cvss-score: 5.30
     cve-id: CVE-2020-10770
     cwe-id: CWE-601
-  tags: keycloak,ssrf,oast,cve,cve2020
+  tags: keycloak,ssrf,oast,cve,cve2020,blind
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml
index 46bc230027..df7872c9e1 100644
--- a/cves/2020/CVE-2020-11034.yaml
+++ b/cves/2020/CVE-2020-11034.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
     - https://github.com/glpi-project/glpi/archive/9.4.6.zip
     - https://nvd.nist.gov/vuln/detail/CVE-2020-11034
-  tags: cve,cve2020,redirect
+  tags: cve,cve2020,redirect,glpi
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2020/CVE-2020-11547.yaml b/cves/2020/CVE-2020-11547.yaml
index c9b6f8c040..428ec75ad0 100644
--- a/cves/2020/CVE-2020-11547.yaml
+++ b/cves/2020/CVE-2020-11547.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure
     - https://nvd.nist.gov/vuln/detail/CVE-2020-11547
-  tags: cve,cve2020,prtg,disclosure
+  tags: cve,cve2020,prtg,disclosure,network
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2020/CVE-2020-11930.yaml b/cves/2020/CVE-2020-11930.yaml
index 9f8898694d..543e1d0764 100644
--- a/cves/2020/CVE-2020-11930.yaml
+++ b/cves/2020/CVE-2020-11930.yaml
@@ -9,7 +9,7 @@ info:
   reference:
     - https://wpscan.com/vulnerability/10181
     - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
-  tags: cve,cve2020,wordpress,xss
+  tags: cve,cve2020,wordpress,xss,plugin
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2020/CVE-2020-12116.yaml b/cves/2020/CVE-2020-12116.yaml
index 696fd1ce4f..27fceb2fac 100644
--- a/cves/2020/CVE-2020-12116.yaml
+++ b/cves/2020/CVE-2020-12116.yaml
@@ -5,7 +5,7 @@ info:
   author: dwisiswant0
   severity: high
   description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
-  tags: cve,cve2020,zoho,lfi
+  tags: cve,cve2020,zoho,lfi,manageengine
   reference: https://github.com/BeetleChunks/CVE-2020-12116
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@@ -43,4 +43,4 @@ requests:
         dsl:
           - 'contains(body_2, "BEGIN RSA PRIVATE KEY")'
           - 'status_code_2 == 200'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml
index 3f57c57e69..73818f066f 100644
--- a/cves/2020/CVE-2020-12800.yaml
+++ b/cves/2020/CVE-2020-12800.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
   reference: https://github.com/amartinsec/CVE-2020-12800
-  tags: cve,cve2020,wordpress,wp-plugin
+  tags: cve,cve2020,wordpress,wp-plugin,upload
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml
index 789f25b5ee..3bc65d24ca 100644
--- a/cves/2020/CVE-2020-13167.yaml
+++ b/cves/2020/CVE-2020-13167.yaml
@@ -5,7 +5,7 @@ info:
   author: dwisiswant0
   severity: critical
   description: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
-  tags: cve,cve2020,netsweeper,rce
+  tags: cve,cve2020,netsweeper,rce,python,webadmin
   reference:
     - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
     - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml
index 13693b822a..42d1d0f6e1 100644
--- a/cves/2020/CVE-2020-13700.yaml
+++ b/cves/2020/CVE-2020-13700.yaml
@@ -9,7 +9,7 @@ info:
     An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
     It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
     wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
-  tags: cve,cve2020,wordpress
+  tags: cve,cve2020,wordpress,plugin
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2020/CVE-2020-14092.yaml b/cves/2020/CVE-2020-14092.yaml
index 50f652bb22..26696c0027 100644
--- a/cves/2020/CVE-2020-14092.yaml
+++ b/cves/2020/CVE-2020-14092.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: WordPress Payment Form For Paypal Pro 'query' parameter allows for any unauthenticated user to perform SQL queries with result output to a web page in JSON format.
   reference: https://wpscan.com/vulnerability/10287
-  tags: cve,cve2020,wordpress,wp-plugin,sqli
+  tags: cve,cve2020,wordpress,wp-plugin,sqli,paypal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -35,4 +35,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2020/CVE-2020-14179.yaml b/cves/2020/CVE-2020-14179.yaml
index d586846e72..9c100a6ef2 100644
--- a/cves/2020/CVE-2020-14179.yaml
+++ b/cves/2020/CVE-2020-14179.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
   reference: https://jira.atlassian.com/browse/JRASERVER-71536
-  tags: cve,cve2020,atlassian,jira
+  tags: cve,cve2020,atlassian,jira,exposure,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2020/CVE-2020-15505.yaml b/cves/2020/CVE-2020-15505.yaml
index 1877acd2d4..3672a1f449 100644
--- a/cves/2020/CVE-2020-15505.yaml
+++ b/cves/2020/CVE-2020-15505.yaml
@@ -15,7 +15,7 @@ info:
     - https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505
     - https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10
     - https://github.com/orangetw/JNDI-Injection-Bypass
-  tags: cve,cve2020,mobileiron,rce
+  tags: cve,cve2020,mobileiron,rce,sentry
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -39,4 +39,4 @@ requests:
         part: header
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2020/CVE-2020-16952.yaml b/cves/2020/CVE-2020-16952.yaml
index f126ba25cf..30a86624e1 100644
--- a/cves/2020/CVE-2020-16952.yaml
+++ b/cves/2020/CVE-2020-16952.yaml
@@ -9,7 +9,7 @@ info:
     - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
     - https://srcincite.io/pocs/cve-2020-16952.py.txt
     - https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md
-  tags: cve,cve2020,sharepoint,iis
+  tags: cve,cve2020,sharepoint,iis,microsoft
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
     cvss-score: 7.80
@@ -37,4 +37,4 @@ requests:
         status:
           - 200
           - 201
-        condition: or
\ No newline at end of file
+        condition: or
diff --git a/cves/2020/CVE-2020-17505.yaml b/cves/2020/CVE-2020-17505.yaml
index 6e0d00f86d..66a697edcf 100644
--- a/cves/2020/CVE-2020-17505.yaml
+++ b/cves/2020/CVE-2020-17505.yaml
@@ -5,7 +5,7 @@ info:
   author: dwisiswant0
   severity: high
   description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
-  tags: cve,cve2020,rce
+  tags: cve,cve2020,rce,artica,proxy
   reference: https://blog.max0x4141.com/post/artica_proxy/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
diff --git a/cves/2020/CVE-2020-17506.yaml b/cves/2020/CVE-2020-17506.yaml
index bc3ee60d1e..1e77724ba0 100644
--- a/cves/2020/CVE-2020-17506.yaml
+++ b/cves/2020/CVE-2020-17506.yaml
@@ -5,7 +5,7 @@ info:
   author: dwisiswant0
   severity: critical
   description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
-  tags: cve,cve2020
+  tags: cve,cve2020,artica,proxy
   reference: https://blog.max0x4141.com/post/artica_proxy/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml
index 86ff4d8977..8d102b311e 100644
--- a/cves/2020/CVE-2020-17518.yaml
+++ b/cves/2020/CVE-2020-17518.yaml
@@ -8,7 +8,7 @@ info:
   description: |
     Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system,
     through a maliciously modified HTTP HEADER.
-  tags: cve,cve2020,apache,lfi
+  tags: cve,cve2020,apache,lfi,flink,upload
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
     cvss-score: 7.50
diff --git a/cves/2020/CVE-2020-17519.yaml b/cves/2020/CVE-2020-17519.yaml
index 5e386eed1f..5a3a611a2e 100644
--- a/cves/2020/CVE-2020-17519.yaml
+++ b/cves/2020/CVE-2020-17519.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
   reference: https://github.com/B1anda0/CVE-2020-17519
-  tags: cve,cve2020,apache,lfi
+  tags: cve,cve2020,apache,lfi,flink
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml
index acc8e77e77..8b0c0bebf9 100644
--- a/cves/2020/CVE-2020-1943.yaml
+++ b/cves/2020/CVE-2020-1943.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
   severity: medium
-  tags: cve,cve2020,apache,xss
+  tags: cve,cve2020,apache,xss,ofbiz
   reference:
     - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E
   classification:
@@ -33,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2020/CVE-2020-2096.yaml b/cves/2020/CVE-2020-2096.yaml
index 318435509c..2957a85f94 100644
--- a/cves/2020/CVE-2020-2096.yaml
+++ b/cves/2020/CVE-2020-2096.yaml
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.10
     cve-id: CVE-2020-2096
     cwe-id: CWE-79
-  tags: cve,cve2020,jenkins,xss
+  tags: cve,cve2020,jenkins,xss,gitlab,plugin
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-2140.yaml b/cves/2020/CVE-2020-2140.yaml
index 54be67bdf5..541cf80516 100644
--- a/cves/2020/CVE-2020-2140.yaml
+++ b/cves/2020/CVE-2020-2140.yaml
@@ -5,7 +5,7 @@ info:
   severity: medium
   description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
   reference: https://www.jenkins.io/security/advisory/2020-03-09/
-  tags: cve,cve2020,jenkins,xss
+  tags: cve,cve2020,jenkins,xss,plugin
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -32,4 +32,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2020/CVE-2020-24186.yaml b/cves/2020/CVE-2020-24186.yaml
index 20c73cd80d..3889ec4b1a 100644
--- a/cves/2020/CVE-2020-24186.yaml
+++ b/cves/2020/CVE-2020-24186.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
   reference: https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md
-  tags: cve,cve2020,wordpress,wp-plugin,rce
+  tags: cve,cve2020,wordpress,wp-plugin,rce,upload
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.00
diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml
index 8bd38792df..0fad0fbef6 100644
--- a/cves/2020/CVE-2020-24312.yaml
+++ b/cves/2020/CVE-2020-24312.yaml
@@ -9,7 +9,7 @@ info:
   reference:
     - https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
     - https://nvd.nist.gov/vuln/detail/CVE-2020-24312
-  tags: cve,cve2020,wordpress,backups
+  tags: cve,cve2020,wordpress,backups,plugin
 
   # Note: Manually check content
   classification:
@@ -34,4 +34,4 @@ requests:
           - 'Index of'
           - 'wp-content/uploads/wp-file-manager-pro/fm_backup'
           - 'backup_'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/cves/2020/CVE-2020-24589.yaml b/cves/2020/CVE-2020-24589.yaml
index b4d8205149..e15fc3ed20 100644
--- a/cves/2020/CVE-2020-24589.yaml
+++ b/cves/2020/CVE-2020-24589.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XXE.
   reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
-  tags: cve,cve2020,wso2,xxe,oast
+  tags: cve,cve2020,wso2,xxe,oast,blind
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
     cvss-score: 9.1
diff --git a/cves/2020/CVE-2020-26413.yaml b/cves/2020/CVE-2020-26413.yaml
index abfff46eb2..8aeff846b2 100644
--- a/cves/2020/CVE-2020-26413.yaml
+++ b/cves/2020/CVE-2020-26413.yaml
@@ -9,7 +9,7 @@ info:
     - https://gitlab.com/gitlab-org/gitlab/-/issues/244275
     - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
     - https://nvd.nist.gov/vuln/detail/CVE-2020-26413
-  tags: cve,cve2020,gitlab,exposure,enum
+  tags: cve,cve2020,gitlab,exposure,enum,graphql
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml
index 4e6105c4ea..1f7f2f947b 100644
--- a/cves/2020/CVE-2020-28976.yaml
+++ b/cves/2020/CVE-2020-28976.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/49189
     - https://nvd.nist.gov/vuln/detail/CVE-2020-28976
-  tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast
+  tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast,blind
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml
index e183ae1ea7..1ff117a1d1 100644
--- a/cves/2020/CVE-2020-35489.yaml
+++ b/cves/2020/CVE-2020-35489.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
-  tags: cve,cve2020,wordpress,wp-plugin
+  tags: cve,cve2020,wordpress,wp-plugin,rce,upload
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.00
@@ -38,4 +38,4 @@ requests:
         regex:
           - '^= (5\.3\.[2-9]+|5\.[4-9]+\.|[6-9]\.[0-9]+\.[0-9]+|1[0-9]+\.) ='
         negative: true
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2020/CVE-2020-35846.yaml b/cves/2020/CVE-2020-35846.yaml
index 2cb08ab7d4..b012cee002 100644
--- a/cves/2020/CVE-2020-35846.yaml
+++ b/cves/2020/CVE-2020-35846.yaml
@@ -8,7 +8,7 @@ info:
     Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
     The $eq operator matches documents where the value of a field equals the specified value.
   reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
-  tags: cve,cve2020,nosqli,sqli
+  tags: cve,cve2020,nosqli,sqli,cockpit,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -41,4 +41,4 @@ requests:
       - type: word
         part: body
         words:
-          - "password_verify() expects parameter"
\ No newline at end of file
+          - "password_verify() expects parameter"
diff --git a/cves/2020/CVE-2020-35847.yaml b/cves/2020/CVE-2020-35847.yaml
index 9d33adc30f..93756688ee 100644
--- a/cves/2020/CVE-2020-35847.yaml
+++ b/cves/2020/CVE-2020-35847.yaml
@@ -8,7 +8,7 @@ info:
     resetpassword method of the Auth controller,
     which is responsible for changing the user password using the reset token.
   reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
-  tags: cve,cve2020,nosqli,sqli
+  tags: cve,cve2020,nosqli,sqli,cockpit,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -32,4 +32,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9]+)"'
\ No newline at end of file
+          - 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9]+)"'
diff --git a/cves/2020/CVE-2020-35848.yaml b/cves/2020/CVE-2020-35848.yaml
index 3b1a7d649a..b560962774 100644
--- a/cves/2020/CVE-2020-35848.yaml
+++ b/cves/2020/CVE-2020-35848.yaml
@@ -8,7 +8,7 @@ info:
     newpassword method of the Auth controller,
     which is responsible for displaying the user password reset form.
   reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
-  tags: cve,cve2020,nosqli,sqli
+  tags: cve,cve2020,nosqli,sqli,cockpit,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -32,4 +32,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
\ No newline at end of file
+          - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
diff --git a/cves/2020/CVE-2020-36289.yaml b/cves/2020/CVE-2020-36289.yaml
index 134c4160f8..7b2c0afd15 100644
--- a/cves/2020/CVE-2020-36289.yaml
+++ b/cves/2020/CVE-2020-36289.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
-  tags: cve,cve2020,jira,atlassian
+  tags: cve,cve2020,jira,atlassian,unauth
   reference:
     - https://twitter.com/ptswarm/status/1402644004781633540
     - https://nvd.nist.gov/vuln/detail/CVE-2020-36289
diff --git a/cves/2020/CVE-2020-4463.yaml b/cves/2020/CVE-2020-4463.yaml
index 96e904d323..5b474dffa6 100644
--- a/cves/2020/CVE-2020-4463.yaml
+++ b/cves/2020/CVE-2020-4463.yaml
@@ -13,7 +13,7 @@ info:
   reference:
     - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
     - https://github.com/Ibonok/CVE-2020-4463
-  tags: cve,cve2020,ibm,xxe
+  tags: cve,cve2020,ibm,xxe,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
     cvss-score: 8.20
@@ -42,4 +42,4 @@ requests:
         words:
           - "QueryMXPERSONResponse"
           - "MXPERSONSet"
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2020/CVE-2020-5410.yaml b/cves/2020/CVE-2020-5410.yaml
index d4f7de242d..e8a81af7f6 100644
--- a/cves/2020/CVE-2020-5410.yaml
+++ b/cves/2020/CVE-2020-5410.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
   reference: https://tanzu.vmware.com/security/cve-2020-5410
-  tags: cve,cve2020,lfi,springcloud
+  tags: cve,cve2020,lfi,springcloud,config,traversal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2020/CVE-2020-5775.yaml b/cves/2020/CVE-2020-5775.yaml
index 912c0bf47b..11b344641d 100644
--- a/cves/2020/CVE-2020-5775.yaml
+++ b/cves/2020/CVE-2020-5775.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-5775
     - https://www.tenable.com/security/research/tra-2020-49
-  tags: cve,cve2020,ssrf,oast
+  tags: cve,cve2020,ssrf,oast,blind
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
     cvss-score: 5.80
diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml
index ad90884501..4073d2b145 100644
--- a/cves/2020/CVE-2020-5777.yaml
+++ b/cves/2020/CVE-2020-5777.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
   reference: https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35
-  tags: cve,cve2020,magmi,magento
+  tags: cve,cve2020,magmi,magento,auth,bypass,plugin
 
   # Response code 503 indicates a potential successful "Too many connections" error
   # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php
diff --git a/cves/2020/CVE-2020-6308.yaml b/cves/2020/CVE-2020-6308.yaml
index bb51b3b39a..4dc92d511d 100644
--- a/cves/2020/CVE-2020-6308.yaml
+++ b/cves/2020/CVE-2020-6308.yaml
@@ -5,7 +5,7 @@ info:
   author: madrobot
   severity: medium
   reference: https://github.com/InitRoot/CVE-2020-6308-PoC
-  tags: cve,cve2020,sap,ssrf,oast
+  tags: cve,cve2020,sap,ssrf,oast,blind
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
diff --git a/cves/2020/CVE-2020-7318.yaml b/cves/2020/CVE-2020-7318.yaml
index 7f5f53afc6..5d994c8781 100644
--- a/cves/2020/CVE-2020-7318.yaml
+++ b/cves/2020/CVE-2020-7318.yaml
@@ -12,7 +12,7 @@ info:
 
     reference:
     - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
-  tags: cve,cve2020,xss
+  tags: cve,cve2020,xss,mcafee
   classification:
     cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.30
@@ -40,4 +40,4 @@ requests:
           - "Policy Name"
           - "'\"><svg/onload=alert(document.domain)>"
         condition: and
-        part: body
\ No newline at end of file
+        part: body
diff --git a/cves/2020/CVE-2020-8497.yaml b/cves/2020/CVE-2020-8497.yaml
index 6c4d12f606..14601fef0a 100644
--- a/cves/2020/CVE-2020-8497.yaml
+++ b/cves/2020/CVE-2020-8497.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 5.30
     cve-id: CVE-2020-8497
     cwe-id: CWE-306
-  tags: cve,cve2020,fms
+  tags: cve,cve2020,fms,artica
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-8512.yaml b/cves/2020/CVE-2020-8512.yaml
index 8db1c6dddd..f5758bc818 100644
--- a/cves/2020/CVE-2020-8512.yaml
+++ b/cves/2020/CVE-2020-8512.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/47988
     - https://twitter.com/sagaryadav8742/status/1275170967527006208
-  tags: cve,cve2020,xss
+  tags: cve,cve2020,xss,icewarp
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -31,4 +31,4 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/cves/2020/CVE-2020-9047.yaml b/cves/2020/CVE-2020-9047.yaml
index 29d78f3858..f416f25935 100644
--- a/cves/2020/CVE-2020-9047.yaml
+++ b/cves/2020/CVE-2020-9047.yaml
@@ -20,7 +20,7 @@ info:
     - https://github.com/norrismw/CVE-2020-9047
     - https://www.johnsoncontrols.com/cyber-solutions/security-advisories
     - https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
-  tags: cve,cve2020,rce
+  tags: cve,cve2020,rce,exacqvision,service
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.20
diff --git a/cves/2020/CVE-2020-9054.yaml b/cves/2020/CVE-2020-9054.yaml
index e7fb124544..e9491963f0 100644
--- a/cves/2020/CVE-2020-9054.yaml
+++ b/cves/2020/CVE-2020-9054.yaml
@@ -18,7 +18,7 @@ info:
   reference:
     - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/
     - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
-  tags: cve,cve2020,rce
+  tags: cve,cve2020,rce,zyxel,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2020/CVE-2020-9376.yaml b/cves/2020/CVE-2020-9376.yaml
index a8e7f8c014..5afd406fa5 100644
--- a/cves/2020/CVE-2020-9376.yaml
+++ b/cves/2020/CVE-2020-9376.yaml
@@ -12,7 +12,7 @@ info:
     - https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f
     - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
     - https://www.dlink.com.br/produto/dir-610/
-  tags: cve,cve2020,dlink
+  tags: cve,cve2020,dlink,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2020/CVE-2020-9484.yaml b/cves/2020/CVE-2020-9484.yaml
index 4b0d079fdd..3adcf4004f 100644
--- a/cves/2020/CVE-2020-9484.yaml
+++ b/cves/2020/CVE-2020-9484.yaml
@@ -17,7 +17,7 @@ info:
     cvss-score: 7.00
     cve-id: CVE-2020-9484
     cwe-id: CWE-502
-  tags: cve,cve2020,apache,tomcat
+  tags: cve,cve2020,apache,tomcat,rce
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml
index 062a835761..b07e38398a 100644
--- a/cves/2020/CVE-2020-9496.yaml
+++ b/cves/2020/CVE-2020-9496.yaml
@@ -5,7 +5,7 @@ info:
   author: dwisiswant0
   severity: medium
   description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
-  tags: cve,cve2020,apache
+  tags: cve,cve2020,apache,java,ofbiz
   reference:
     - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml
index 1d17cd2a0e..9d2447af59 100644
--- a/cves/2021/CVE-2021-20114.yaml
+++ b/cves/2021/CVE-2021-20114.yaml
@@ -1,34 +1,34 @@
-id: CVE-2021-20114
-
-info:
-  name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
-  author: push4d
-  severity: high
-  description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
-  reference:
-    - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-20114
-  tags: cve,cve2021,tcexam,disclosure
-
+id: CVE-2021-20114
+
+info:
+  name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
+  author: push4d
+  severity: high
+  description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
+  reference:
+    - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20114
+  tags: cve,cve2021,tcexam,disclosure,exposure
+
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2021-20114
     cwe-id: CWE-200
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/cache/backup/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of /cache/backup"
-          - "Parent Directory"
-          - ".sql.gz"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cache/backup/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of /cache/backup"
+          - "Parent Directory"
+          - ".sql.gz"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/cves/2021/CVE-2021-21234.yaml b/cves/2021/CVE-2021-21234.yaml
index 182a3934d7..b70c6421a6 100644
--- a/cves/2021/CVE-2021-21234.yaml
+++ b/cves/2021/CVE-2021-21234.yaml
@@ -9,7 +9,7 @@ info:
     - https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234
     - https://github.com/cristianeph/vulnerability-actuator-log-viewer
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21234
-  tags: cve,cve2021,springboot,lfi
+  tags: cve,cve2021,springboot,lfi,actuator
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 7.70
diff --git a/cves/2021/CVE-2021-21801.yaml b/cves/2021/CVE-2021-21801.yaml
index 2233bcbbc4..4b163e3861 100644
--- a/cves/2021/CVE-2021-21801.yaml
+++ b/cves/2021/CVE-2021-21801.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
   reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
-  tags: cve,cve2021,rseenet,xss
+  tags: cve,cve2021,rseenet,xss,graph
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2021/CVE-2021-21816.yaml b/cves/2021/CVE-2021-21816.yaml
index de4ad69f3f..1454d889c9 100644
--- a/cves/2021/CVE-2021-21816.yaml
+++ b/cves/2021/CVE-2021-21816.yaml
@@ -6,7 +6,7 @@ info:
   author: gy741
   severity: medium
   reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281
-  tags: cve,cve2021,dlink,exposure,router
+  tags: cve,cve2021,dlink,exposure,router,syslog
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
     cvss-score: 4.30
diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml
index d69c8904d3..fb0bd68a1d 100644
--- a/cves/2021/CVE-2021-21972.yaml
+++ b/cves/2021/CVE-2021-21972.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   reference: https://swarm.ptsecurity.com/unauth-rce-vmware/
   description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin.
-  tags: cve,cve2021,vmware,rce
+  tags: cve,cve2021,vmware,rce,vcenter
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-21985.yaml b/cves/2021/CVE-2021-21985.yaml
index 3c61e44f64..a4d5297a43 100644
--- a/cves/2021/CVE-2021-21985.yaml
+++ b/cves/2021/CVE-2021-21985.yaml
@@ -10,7 +10,7 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21985
     - https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     - https://github.com/alt3kx/CVE-2021-21985_PoC
-  tags: cve,cve2021,rce,vsphere
+  tags: cve,cve2021,rce,vsphere,vmware
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-22005.yaml b/cves/2021/CVE-2021-22005.yaml
index 82caf272c4..03f06672dc 100644
--- a/cves/2021/CVE-2021-22005.yaml
+++ b/cves/2021/CVE-2021-22005.yaml
@@ -9,7 +9,7 @@ info:
     - https://kb.vmware.com/s/article/85717
     - https://www.vmware.com/security/advisories/VMSA-2021-0020.html
     - https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
-  tags: cve,cve2021,vmware,vcenter
+  tags: cve,cve2021,vmware,vcenter,upload
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -37,4 +37,4 @@ requests:
           - "status_code_2 == 201"
           - "contains(body_1, 'VMware vSphere')"
           - "content_length_2 == 0"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/cves/2021/CVE-2021-22145.yaml b/cves/2021/CVE-2021-22145.yaml
index 3a38bddc00..16253fb2cf 100644
--- a/cves/2021/CVE-2021-22145.yaml
+++ b/cves/2021/CVE-2021-22145.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/jaeles-project/jaeles-signatures/blob/e9595197c80521d64e31b846808095dd07c407e9/cves/elasctic-memory-leak-cve-2021-22145.yaml
     - https://nvd.nist.gov/vuln/detail/CVE-2021-22145
     - https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html
-  tags: cve,cve2021,elascticsearch
+  tags: cve,cve2021,elascticsearch,elasticsearch
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 6.50
diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml
index c9842dc7c4..60395bdd31 100644
--- a/cves/2021/CVE-2021-24237.yaml
+++ b/cves/2021/CVE-2021-24237.yaml
@@ -5,7 +5,7 @@ info:
   name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
   description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
   severity: medium
-  tags: cve,cve2021,realteo,xss,wordpress
+  tags: cve,cve2021,realteo,xss,wordpress,plugin
   reference:
     - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
     - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
diff --git a/cves/2021/CVE-2021-24274.yaml b/cves/2021/CVE-2021-24274.yaml
index ecb34605e2..9b08cf1014 100644
--- a/cves/2021/CVE-2021-24274.yaml
+++ b/cves/2021/CVE-2021-24274.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 6.10
     cve-id: CVE-2021-24274
     cwe-id: CWE-79
-  tags: wordpress,cve,cve2021,wp-plugin
+  tags: wordpress,cve,cve2021,wp-plugin,maps
 
 requests:
   - method: GET
diff --git a/cves/2021/CVE-2021-24291.yaml b/cves/2021/CVE-2021-24291.yaml
index 736f309f8a..d5501bff21 100644
--- a/cves/2021/CVE-2021-24291.yaml
+++ b/cves/2021/CVE-2021-24291.yaml
@@ -6,7 +6,7 @@ info:
   description: The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
   reference: https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a
   severity: medium
-  tags: cve,cve2021,xss,wordpress,wp-plugin
+  tags: cve,cve2021,xss,wordpress,wp-plugin,photo
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml
index 333f041e4a..8a5e2658fc 100644
--- a/cves/2021/CVE-2021-25281.yaml
+++ b/cves/2021/CVE-2021-25281.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 9.80
     cve-id: CVE-2021-25281
     cwe-id: CWE-287
-  tags: cve,cve2021,saltapi,rce,saltstack
+  tags: cve,cve2021,saltapi,rce,saltstack,unauth
 
 requests:
   - raw:
diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml
index 6c596f1aad..ca14cbb326 100644
--- a/cves/2021/CVE-2021-25646.yaml
+++ b/cves/2021/CVE-2021-25646.yaml
@@ -8,7 +8,7 @@ info:
   description: |
     Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data.
     Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
-  tags: cve,cve2021,apache,rce
+  tags: cve,cve2021,apache,rce,druid
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.80
diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml
index 223055583e..96cbbbf68c 100644
--- a/cves/2021/CVE-2021-26084.yaml
+++ b/cves/2021/CVE-2021-26084.yaml
@@ -5,7 +5,7 @@ info:
   severity: critical
   name: Confluence Server OGNL injection - RCE
   description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
-  tags: cve,cve2021,rce,confluence
+  tags: cve,cve2021,rce,confluence,injection,ognl
   reference:
     - https://jira.atlassian.com/browse/CONFSERVER-67940
     - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084
diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml
index e8d74a17dc..5fbda4f90e 100644
--- a/cves/2021/CVE-2021-26812.yaml
+++ b/cves/2021/CVE-2021-26812.yaml
@@ -5,7 +5,7 @@ info:
   author: aceseven (digisec360)
   description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
   severity: medium
-  tags: cve,cve2021,moodle,jitsi,xss
+  tags: cve,cve2021,moodle,jitsi,xss,plugin
   reference:
     - https://github.com/udima-university/moodle-mod_jitsi/issues/67
     - https://nvd.nist.gov/vuln/detail/CVE-2021-26812
@@ -34,4 +34,4 @@ requests:
       - type: word
         part: header
         words:
-          - "MoodleSession"
\ No newline at end of file
+          - "MoodleSession"
diff --git a/cves/2021/CVE-2021-27132.yaml b/cves/2021/CVE-2021-27132.yaml
index 5718543b60..8f85a5016f 100644
--- a/cves/2021/CVE-2021-27132.yaml
+++ b/cves/2021/CVE-2021-27132.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: critical
   description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132
-  tags: cve,cve2021,crlf
+  tags: cve,cve2021,crlf,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-27931.yaml b/cves/2021/CVE-2021-27931.yaml
index fc0d3806b8..413cf9752e 100644
--- a/cves/2021/CVE-2021-27931.yaml
+++ b/cves/2021/CVE-2021-27931.yaml
@@ -13,7 +13,7 @@ info:
     cvss-score: 9.10
     cve-id: CVE-2021-27931
     cwe-id: CWE-611
-  tags: cve,cve2021,lumis,xxe,oast
+  tags: cve,cve2021,lumis,xxe,oast,blind
 
 requests:
   - raw:
diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml
index 60ffa8230b..ba4fbba6a3 100644
--- a/cves/2021/CVE-2021-28151.yaml
+++ b/cves/2021/CVE-2021-28151.yaml
@@ -9,7 +9,7 @@ info:
   reference:
     - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-28151
-  tags: cve,cve2021,hongdian,rce
+  tags: cve,cve2021,hongdian,rce,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.80
diff --git a/cves/2021/CVE-2021-29156.yaml b/cves/2021/CVE-2021-29156.yaml
index 976a0d7a51..7632ca8b22 100644
--- a/cves/2021/CVE-2021-29156.yaml
+++ b/cves/2021/CVE-2021-29156.yaml
@@ -4,7 +4,7 @@ info:
   name: LDAP Injection In Openam
   author: melbadry9,xelkomy
   severity: high
-  tags: cve,cve2021,openam
+  tags: cve,cve2021,openam,ldap,injection
   description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
   reference: https://blog.cybercastle.io/ldap-injection-in-openam/
   classification:
diff --git a/cves/2021/CVE-2021-31602.yaml b/cves/2021/CVE-2021-31602.yaml
index d4e579b196..90526428dc 100644
--- a/cves/2021/CVE-2021-31602.yaml
+++ b/cves/2021/CVE-2021-31602.yaml
@@ -16,7 +16,7 @@ info:
     cvss-score: 7.50
     cve-id: CVE-2021-31602
     cwe-id: CWE-863
-  tags: cve,cve2021,pentaho,auth-bypass
+  tags: cve,cve2021,pentaho,auth-bypass,spring
 
 requests:
   - method: GET
@@ -36,4 +36,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml
index 016d7dfa7b..3f987a3734 100644
--- a/cves/2021/CVE-2021-31755.yaml
+++ b/cves/2021/CVE-2021-31755.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3
     - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
-  tags: cve,cve2021,tenda,rce,oast
+  tags: cve,cve2021,tenda,rce,oast,router
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml
index 9b713950a9..8d7adef102 100644
--- a/cves/2021/CVE-2021-33221.yaml
+++ b/cves/2021/CVE-2021-33221.yaml
@@ -6,7 +6,7 @@ info:
   description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
   reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf
   severity: critical
-  tags: cve,cve2021,commscope,ruckus,debug
+  tags: cve,cve2021,commscope,ruckus,debug,service,leak
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-33564.yaml b/cves/2021/CVE-2021-33564.yaml
index b6b1e0781e..ca0ed3abf2 100644
--- a/cves/2021/CVE-2021-33564.yaml
+++ b/cves/2021/CVE-2021-33564.yaml
@@ -5,7 +5,7 @@ info:
   author: 0xsapra
   severity: critical
   reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
-  tags: cve,cve2021,rce,ruby
+  tags: cve,cve2021,rce,ruby,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-33807.yaml b/cves/2021/CVE-2021-33807.yaml
index 4cee9b0a73..4acf49004b 100644
--- a/cves/2021/CVE-2021-33807.yaml
+++ b/cves/2021/CVE-2021-33807.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
-  tags: cve,cve2021,lfi
+  tags: cve,cve2021,lfi,gespage
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2021/CVE-2021-34370.yaml b/cves/2021/CVE-2021-34370.yaml
index 0e34c5c406..bfc7221009 100644
--- a/cves/2021/CVE-2021-34370.yaml
+++ b/cves/2021/CVE-2021-34370.yaml
@@ -9,7 +9,7 @@ info:
     - https://www.exploit-db.com/exploits/49990
     - https://nvd.nist.gov/vuln/detail/CVE-2021-34370
     - https://www.accela.com/civic-platform/
-  tags: xss,redirect,cve,cve2021
+  tags: xss,redirect,cve,cve2021,accela
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2021/CVE-2021-36749.yaml b/cves/2021/CVE-2021-36749.yaml
index c0f1e3224e..ee7c19ce46 100644
--- a/cves/2021/CVE-2021-36749.yaml
+++ b/cves/2021/CVE-2021-36749.yaml
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2021-36749
     cwe-id: CWE-668
-  tags: cve,cve2021,apache,lfi,auth-bypass
+  tags: cve,cve2021,apache,lfi,auth-bypass,druid
 
 requests:
   - raw:
diff --git a/cves/2021/CVE-2021-37216.yaml b/cves/2021/CVE-2021-37216.yaml
index de96cad6d0..ae55fc1d23 100644
--- a/cves/2021/CVE-2021-37216.yaml
+++ b/cves/2021/CVE-2021-37216.yaml
@@ -9,7 +9,7 @@ info:
     reflected XSS attacks to access and modify specific data.
   reference: https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html
   severity: medium
-  tags: cve,cve2021,xss,qsan
+  tags: cve,cve2021,xss,qsan,storage
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -38,4 +38,4 @@ requests:
 
       - type: dsl
         dsl:
-          - "!contains(tolower(all_headers), 'x-xss-protection')"
\ No newline at end of file
+          - "!contains(tolower(all_headers), 'x-xss-protection')"
diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml
index aa50dba941..2c662dc7e8 100644
--- a/cves/2021/CVE-2021-37573.yaml
+++ b/cves/2021/CVE-2021-37573.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   reference:
     - https://seclists.org/fulldisclosure/2021/Aug/13
-  tags: cve,cve2021,xss,tjws
+  tags: cve,cve2021,xss,tjws,java
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
diff --git a/cves/2021/CVE-2021-37704.yaml b/cves/2021/CVE-2021-37704.yaml
index cefb540971..4849621398 100644
--- a/cves/2021/CVE-2021-37704.yaml
+++ b/cves/2021/CVE-2021-37704.yaml
@@ -5,7 +5,7 @@ info:
   author: whoever
   severity: medium
   description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache.
-  tags: cve,cve2021,exposure,phpfastcache
+  tags: cve,cve2021,exposure,phpfastcache,phpinfo
   reference:
     https://github.com/PHPSocialNetwork/phpfastcache/pull/813
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml
index bf8c66917d..af1429ae53 100644
--- a/cves/2021/CVE-2021-40539.yaml
+++ b/cves/2021/CVE-2021-40539.yaml
@@ -11,7 +11,7 @@ info:
     - https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539
     - https://github.com/synacktiv/CVE-2021-40539
-  tags: cve,cve2021,rce,ad,intrusive
+  tags: cve,cve2021,rce,ad,intrusive,manageengine
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-40856.yaml b/cves/2021/CVE-2021-40856.yaml
index 287fd5caff..e1e6d537de 100644
--- a/cves/2021/CVE-2021-40856.yaml
+++ b/cves/2021/CVE-2021-40856.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40856
-  tags: cve,cve2021,comfortel,auth-bypass
+  tags: cve,cve2021,comfortel,auth-bypass,auerswald
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2021/CVE-2021-41291.yaml b/cves/2021/CVE-2021-41291.yaml
index b0e8b161ea..b093e562b9 100644
--- a/cves/2021/CVE-2021-41291.yaml
+++ b/cves/2021/CVE-2021-41291.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
     - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
-  tags: cve,cve2021,ecoa,lfi
+  tags: cve,cve2021,ecoa,lfi,traversal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
@@ -24,4 +24,4 @@ requests:
     matchers:
       - type: regex
         regex:
-          - "root:.*:0:0:"
\ No newline at end of file
+          - "root:.*:0:0:"
diff --git a/cves/2021/CVE-2021-41293.yaml b/cves/2021/CVE-2021-41293.yaml
index 4a4c48e176..8a45fb3d51 100644
--- a/cves/2021/CVE-2021-41293.yaml
+++ b/cves/2021/CVE-2021-41293.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
     - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
-  tags: cve,cve2021,ecoa,lfi
+  tags: cve,cve2021,ecoa,lfi,disclosure
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2021/CVE-2021-41648.yaml b/cves/2021/CVE-2021-41648.yaml
index cd7789ebef..58f28013b0 100644
--- a/cves/2021/CVE-2021-41648.yaml
+++ b/cves/2021/CVE-2021-41648.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
   reference: https://github.com/MobiusBinary/CVE-2021-41648
-  tags: cve,cve2021,sqli
+  tags: cve,cve2021,sqli,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2021/CVE-2021-41649.yaml b/cves/2021/CVE-2021-41649.yaml
index f9b72ad760..c25aafc9c0 100644
--- a/cves/2021/CVE-2021-41649.yaml
+++ b/cves/2021/CVE-2021-41649.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
   reference: https://github.com/MobiusBinary/CVE-2021-41649
-  tags: cve,cve2021,sqli
+  tags: cve,cve2021,sqli,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml
index 4b8ac8ef2a..d7798f2871 100644
--- a/cves/2021/CVE-2021-41773.yaml
+++ b/cves/2021/CVE-2021-41773.yaml
@@ -11,7 +11,7 @@ info:
     - https://twitter.com/ptswarm/status/1445376079548624899
     - https://twitter.com/h4x0r_dz/status/1445401960371429381
     - https://github.com/blasty/CVE-2021-41773
-  tags: cve,cve2021,lfi,rce,apache,misconfig
+  tags: cve,cve2021,lfi,rce,apache,misconfig,traversal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
diff --git a/cves/2021/CVE-2021-42013.yaml b/cves/2021/CVE-2021-42013.yaml
index e789a8f86e..775d9e90d0 100644
--- a/cves/2021/CVE-2021-42013.yaml
+++ b/cves/2021/CVE-2021-42013.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6d
     - https://nvd.nist.gov/vuln/detail/CVE-2021-42013
     - https://twitter.com/itsecurityco/status/1446136957117943815
-  tags: cve,cve2021,lfi,apache,rce,misconfig
+  tags: cve,cve2021,lfi,apache,rce,misconfig,traversal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
@@ -43,4 +43,4 @@ requests:
       - type: word
         name: RCE
         words:
-          - "CVE-2021-42013"
\ No newline at end of file
+          - "CVE-2021-42013"
diff --git a/cves/2021/CVE-2021-43287.yaml b/cves/2021/CVE-2021-43287.yaml
index 6081b95043..446931a69f 100644
--- a/cves/2021/CVE-2021-43287.yaml
+++ b/cves/2021/CVE-2021-43287.yaml
@@ -8,7 +8,7 @@ info:
     - https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50
     - https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
     - https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140
-  tags: cve,cve2021,go,lfi,gocd
+  tags: cve,cve2021,go,lfi,gocd,takeover
   metadata:
     shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
 
diff --git a/cves/2021/CVE-2021-43778.yaml b/cves/2021/CVE-2021-43778.yaml
index 36adb3cd32..15c78b3cdb 100644
--- a/cves/2021/CVE-2021-43778.yaml
+++ b/cves/2021/CVE-2021-43778.yaml
@@ -12,7 +12,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1
     cve-id: CVE-2021-43778
-  tags: glpi,cve,cve2021,lfi
+  tags: glpi,cve,cve2021,lfi,plugin,traversal
 
 requests:
   - method: GET
diff --git a/cves/2021/CVE-2021-44228.yaml b/cves/2021/CVE-2021-44228.yaml
index dc07421eea..d8fd60e109 100644
--- a/cves/2021/CVE-2021-44228.yaml
+++ b/cves/2021/CVE-2021-44228.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
     - https://www.lunasec.io/docs/blog/log4j-zero-day/
     - https://gist.github.com/bugbountynights/dde69038573db1c12705edb39f9a704a
-  tags: cve,cve2021,rce,oast,log4j
+  tags: cve,cve2021,rce,oast,log4j,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.00
diff --git a/cves/2021/CVE-2021-44848.yaml b/cves/2021/CVE-2021-44848.yaml
index 178f13497e..8dc769da77 100644
--- a/cves/2021/CVE-2021-44848.yaml
+++ b/cves/2021/CVE-2021-44848.yaml
@@ -9,7 +9,7 @@ info:
     - https://github.com/cybelesoft/virtualui/issues/1
     - https://nvd.nist.gov/vuln/detail/CVE-2021-44848
     - https://www.tenable.com/cve/CVE-2021-44848
-  tags: cve,cve2021,exposure,thinfinity
+  tags: cve,cve2021,exposure,thinfinity,virtualui
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
@@ -33,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/cves/2021/CVE-2021-45046.yaml b/cves/2021/CVE-2021-45046.yaml
index 14e9e310c6..00866abd88 100644
--- a/cves/2021/CVE-2021-45046.yaml
+++ b/cves/2021/CVE-2021-45046.yaml
@@ -9,7 +9,7 @@ info:
     - https://securitylab.github.com/advisories/GHSL-2021-1054_GHSL-2021-1055_log4j2/
     - https://twitter.com/marcioalm/status/1471740771581652995
     - https://logging.apache.org/log4j/2.x/
-  tags: cve,cve2021,rce,oast,log4j
+  tags: cve,cve2021,rce,oast,log4j,injection
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 9.00
diff --git a/default-logins/aem/aem-default-login.yaml b/default-logins/aem/aem-default-login.yaml
index 4a3fe43989..0f201e7c6b 100644
--- a/default-logins/aem/aem-default-login.yaml
+++ b/default-logins/aem/aem-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Adobe AEM Default Login
   author: random-robbie
   severity: critical
-  tags: aem,default-login
+  tags: aem,default-login,adobe
 
 requests:
   - raw:
diff --git a/default-logins/ambari/ambari-default-login.yaml b/default-logins/ambari/ambari-default-login.yaml
index 6bb9c6de1a..e251839b56 100644
--- a/default-logins/ambari/ambari-default-login.yaml
+++ b/default-logins/ambari/ambari-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Ambari Default Login
   author: pdteam
   severity: medium
-  tags: ambari,default-login
+  tags: ambari,default-login,apache
 
 requests:
   - raw:
@@ -23,4 +23,4 @@ requests:
         words:
           - '"Users" : {'
           - 'AMBARI.'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/default-logins/apache/airflow-default-login.yaml b/default-logins/apache/airflow-default-login.yaml
index 6b84d33a88..0e15190cd6 100644
--- a/default-logins/apache/airflow-default-login.yaml
+++ b/default-logins/apache/airflow-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Airflow Default Login
   author: pdteam
   severity: critical
-  tags: airflow,default-login
+  tags: airflow,default-login,apache
   reference: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html
   metadata:
     shodan-query: title:"Sign In - Airflow"
@@ -53,4 +53,4 @@ requests:
 
       - type: word
         words:
-          - 'You should be redirected automatically to target URL: <a href="/">'
\ No newline at end of file
+          - 'You should be redirected automatically to target URL: <a href="/">'
diff --git a/default-logins/axis2/axis2-default-login.yaml b/default-logins/axis2/axis2-default-login.yaml
index db69d4767f..1320f9e2bc 100644
--- a/default-logins/axis2/axis2-default-login.yaml
+++ b/default-logins/axis2/axis2-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Axis2 Default Login
   author: pikpikcu
   severity: high
-  tags: axis,apache,default-login
+  tags: axis,apache,default-login,axis2
 
 requests:
   - raw:
diff --git a/default-logins/ibm/ibm-storage-default-credential.yaml b/default-logins/ibm/ibm-storage-default-credential.yaml
index 6b2df92269..366094a9af 100644
--- a/default-logins/ibm/ibm-storage-default-credential.yaml
+++ b/default-logins/ibm/ibm-storage-default-credential.yaml
@@ -4,7 +4,7 @@ info:
   name: IBM Storage Management Default Login
   author: madrobot
   severity: medium
-  tags: default-login,ibm
+  tags: default-login,ibm,storage
 
 requests:
   - raw:
diff --git a/default-logins/ofbiz/ofbiz-default-login.yaml b/default-logins/ofbiz/ofbiz-default-login.yaml
index 4471e1295a..e30d6504ec 100644
--- a/default-logins/ofbiz/ofbiz-default-login.yaml
+++ b/default-logins/ofbiz/ofbiz-default-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache OfBiz Default Login
   author: pdteam
   severity: medium
-  tags: ofbiz,default-login
+  tags: ofbiz,default-login,apache
 
 requests:
   - raw:
@@ -27,4 +27,4 @@ requests:
         words:
           - "ofbiz-pagination-template"
           - "<span>Powered by OFBiz</span>"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/dns/cname-service-detection.yaml b/dns/cname-service-detection.yaml
index 3a9702f323..3724ef21c0 100644
--- a/dns/cname-service-detection.yaml
+++ b/dns/cname-service-detection.yaml
@@ -4,7 +4,7 @@ info:
   name: cname service detection
   author: pdteam
   severity: info
-  tags: dns
+  tags: dns,service
 
 dns:
   - name: "{{FQDN}}"
diff --git a/dns/mx-service-detector.yaml b/dns/mx-service-detector.yaml
index 412fb605ae..0f03d5b4ca 100644
--- a/dns/mx-service-detector.yaml
+++ b/dns/mx-service-detector.yaml
@@ -5,7 +5,7 @@ info:
   author: binaryfigments
   severity: info
   description: Check the email service or spam filter that is used for a domain.
-  tags: dns
+  tags: dns,service
 
 dns:
   - name: "{{FQDN}}"
diff --git a/dns/worksites-detection.yaml b/dns/worksites-detection.yaml
index 6e5c299024..1099eae60e 100644
--- a/dns/worksites-detection.yaml
+++ b/dns/worksites-detection.yaml
@@ -4,7 +4,7 @@ info:
   name: worksites.net service detection
   author: melbadry9
   severity: info
-  tags: dns
+  tags: dns,service
   reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
 
 dns:
diff --git a/exposed-panels/activemq-panel.yaml b/exposed-panels/activemq-panel.yaml
index decfe10017..a269d2dfe1 100644
--- a/exposed-panels/activemq-panel.yaml
+++ b/exposed-panels/activemq-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache ActiveMQ Exposure
   author: pdteam
   severity: info
-  tags: panel,activemq
+  tags: panel,activemq,apache
 
 requests:
   - method: GET
diff --git a/exposed-panels/adminer-panel.yaml b/exposed-panels/adminer-panel.yaml
index d15890b1c8..d7c4ad532d 100644
--- a/exposed-panels/adminer-panel.yaml
+++ b/exposed-panels/adminer-panel.yaml
@@ -4,7 +4,7 @@ info:
   author: random_robbie,meme-lord
   severity: info
   reference: https://blog.sorcery.ie/posts/adminer/
-  tags: panel
+  tags: panel,adminer,login
 
   # <= 4.2.4 can have unauthenticated RCE via SQLite driver
   # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
@@ -39,4 +39,4 @@ requests:
         part: body
         group: 1
         regex:
-          - '<span class="version">([0-9.]+)'
\ No newline at end of file
+          - '<span class="version">([0-9.]+)'
diff --git a/exposed-panels/advance-setup.yaml b/exposed-panels/advance-setup.yaml
index 957677ccf9..6e01e7df87 100644
--- a/exposed-panels/advance-setup.yaml
+++ b/exposed-panels/advance-setup.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6819
-  tags: panel
+  tags: panel,setup
 
 requests:
   - method: GET
diff --git a/exposed-panels/alienvault-usm.yaml b/exposed-panels/alienvault-usm.yaml
index 5934bf4ae0..ded506566b 100644
--- a/exposed-panels/alienvault-usm.yaml
+++ b/exposed-panels/alienvault-usm.yaml
@@ -4,7 +4,7 @@ info:
   name: AlienVault USM
   author: dhiyaneshDK
   severity: info
-  tags: panel
+  tags: panel,alienvault
   metadata:
     shodan-query: 'http.title:"AlienVault USM"'
 
diff --git a/exposed-panels/ambari-exposure.yaml b/exposed-panels/ambari-exposure.yaml
index 397ecf3b21..b94a4c0382 100644
--- a/exposed-panels/ambari-exposure.yaml
+++ b/exposed-panels/ambari-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Ambari Exposure / Unauthenticated Access
   author: pdteam
   severity: medium
-  tags: panel,apache,ambari
+  tags: panel,apache,ambari,exposure
 
 requests:
   - method: GET
diff --git a/exposed-panels/ampps-admin-panel.yaml b/exposed-panels/ampps-admin-panel.yaml
index c297a5060f..3dc153d361 100644
--- a/exposed-panels/ampps-admin-panel.yaml
+++ b/exposed-panels/ampps-admin-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: AMPPS Admin Login Panel
   author: deFr0ggy
   severity: info
-  tags: panel,ampps
+  tags: panel,ampps,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/ampps-panel.yaml b/exposed-panels/ampps-panel.yaml
index 2b77a49db3..38d3d1d423 100644
--- a/exposed-panels/ampps-panel.yaml
+++ b/exposed-panels/ampps-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: AMPPS Login Panel
   author: deFr0ggy
   severity: info
-  tags: panel,ampps
+  tags: panel,ampps,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/argocd-login.yaml b/exposed-panels/argocd-login.yaml
index 5cdfbb23b3..4bf12b6196 100644
--- a/exposed-panels/argocd-login.yaml
+++ b/exposed-panels/argocd-login.yaml
@@ -7,7 +7,7 @@ info:
   description: Argo CD is a tool which will read your environment configuration (written either as a helm chart, kustomize files, jsonnet or plain yaml files) from your git repository and apply it to your Kubernetes namespaces.
   metadata:
     shodan-query: http.title:"Argo CD"
-  tags: panel,argocd
+  tags: panel,argocd,login,kubernetes
 
 requests:
   - method: GET
@@ -23,4 +23,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposed-panels/atlassian-crowd-panel.yaml b/exposed-panels/atlassian-crowd-panel.yaml
index b0a82d7536..b7819bc20a 100644
--- a/exposed-panels/atlassian-crowd-panel.yaml
+++ b/exposed-panels/atlassian-crowd-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Atlassian Crowd panel detect
   author: organiccrap
   severity: info
-  tags: panel
+  tags: panel,atlassian
 
 requests:
   - method: GET
diff --git a/exposed-panels/avantfax-panel.yaml b/exposed-panels/avantfax-panel.yaml
index e1db5ca430..68b10166f2 100644
--- a/exposed-panels/avantfax-panel.yaml
+++ b/exposed-panels/avantfax-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"AvantFAX - Login"
-  tags: panel,avantfax
+  tags: panel,avantfax,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/azkaban-web-client.yaml b/exposed-panels/azkaban-web-client.yaml
index 8d916af0d2..e02686810a 100644
--- a/exposed-panels/azkaban-web-client.yaml
+++ b/exposed-panels/azkaban-web-client.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22
-  tags: panel
+  tags: panel,azkaban
 
 requests:
   - method: GET
diff --git a/exposed-panels/bitrix-panel.yaml b/exposed-panels/bitrix-panel.yaml
index 6dcda6cbdf..700f7a2a85 100644
--- a/exposed-panels/bitrix-panel.yaml
+++ b/exposed-panels/bitrix-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Bitrix Login Panel
   author: juicypotato1
   severity: info
-  tags: panel,bitrix
+  tags: panel,bitrix,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/bolt-cms-panel.yaml b/exposed-panels/bolt-cms-panel.yaml
index 8f633e6e72..6276037c18 100644
--- a/exposed-panels/bolt-cms-panel.yaml
+++ b/exposed-panels/bolt-cms-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Bolt is a simple CMS written in PHP. It is based on Silex and Symfony components, uses Twig and either SQLite, MySQL or PostgreSQL.
   reference: https://github.com/bolt/bolt
-  tags: panel,bolt,cms
+  tags: panel,bolt,cms,login
 
 requests:
   - method: GET
@@ -34,4 +34,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposed-panels/cacti-panel.yaml b/exposed-panels/cacti-panel.yaml
index 2151db02e8..b8fc9566ca 100644
--- a/exposed-panels/cacti-panel.yaml
+++ b/exposed-panels/cacti-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik,daffainfo
   description: Cacti is a complete network graphing solution -- https://www.cacti.net/
   severity: info
-  tags: tech,cacti
+  tags: tech,cacti,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/calendarix-panel.yaml b/exposed-panels/calendarix-panel.yaml
index a8581f03b6..f71d64b01c 100644
--- a/exposed-panels/calendarix-panel.yaml
+++ b/exposed-panels/calendarix-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Calendarix login detect
   author: r3dg33k
   severity: info
-  tags: panel,calendarix
+  tags: panel,calendarix,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/camunda-login-panel.yaml b/exposed-panels/camunda-login-panel.yaml
index ca5b5f04c2..b4a6543207 100644
--- a/exposed-panels/camunda-login-panel.yaml
+++ b/exposed-panels/camunda-login-panel.yaml
@@ -5,7 +5,7 @@ info:
   severity: info
   description: Default Credentials of demo:demo on Camunda application.
   reference: https://docs.camunda.org/manual/7.15/webapps/admin/user-management/
-  tags: camunda,panel
+  tags: camunda,panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/cas-login.yaml b/exposed-panels/cas-login.yaml
index 0d057c8fa4..8a225d7e04 100644
--- a/exposed-panels/cas-login.yaml
+++ b/exposed-panels/cas-login.yaml
@@ -4,7 +4,7 @@ info:
   name: CAS Login Panel
   author: pdteam
   severity: info
-  tags: apereo,cas,panel
+  tags: apereo,cas,panel,login
   metadata:
     shodan-query: http.title:'CAS - Central Authentication Service'
     github: https://github.com/apereo/cas
@@ -19,4 +19,4 @@ requests:
     matchers:
       - type: word
         words:
-          - 'Central Authentication Service'
\ No newline at end of file
+          - 'Central Authentication Service'
diff --git a/exposed-panels/centreon-panel.yaml b/exposed-panels/centreon-panel.yaml
index bcc8753a76..88baaaf63d 100644
--- a/exposed-panels/centreon-panel.yaml
+++ b/exposed-panels/centreon-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"Centreon"
-  tags: panel,centreon
+  tags: panel,centreon,login
 
 requests:
   - method: GET
@@ -31,4 +31,4 @@ requests:
         part: body
         group: 1
         regex:
-          - 'v. (.*)'
\ No newline at end of file
+          - 'v. (.*)'
diff --git a/exposed-panels/citrix-adc-gateway-detect.yaml b/exposed-panels/citrix-adc-gateway-detect.yaml
index e72716c96a..a542c13028 100644
--- a/exposed-panels/citrix-adc-gateway-detect.yaml
+++ b/exposed-panels/citrix-adc-gateway-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Citrix ADC Gateway detect
   author: organiccrap
   severity: info
-  tags: panel
+  tags: panel,citrix
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '_ctxstxt_CitrixCopyright'
\ No newline at end of file
+          - '_ctxstxt_CitrixCopyright'
diff --git a/exposed-panels/citrix-vpn-detect.yaml b/exposed-panels/citrix-vpn-detect.yaml
index 6dad344382..51248b8c91 100644
--- a/exposed-panels/citrix-vpn-detect.yaml
+++ b/exposed-panels/citrix-vpn-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Citrix VPN Detection
   author: pdteam
   severity: info
-  tags: panel
+  tags: panel,citrix
 
 requests:
   - method: GET
diff --git a/exposed-panels/clave-login-panel.yaml b/exposed-panels/clave-login-panel.yaml
index 6b10058d50..af2b72c86d 100644
--- a/exposed-panels/clave-login-panel.yaml
+++ b/exposed-panels/clave-login-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Clave login panel
   author: __Fazal
   severity: info
-  tags: panel,clave
+  tags: panel,clave,login
 
 requests:
   - method: GET
@@ -20,4 +20,4 @@ requests:
 
       - type: word
         words:
-          - "Clave"
\ No newline at end of file
+          - "Clave"
diff --git a/exposed-panels/cortex-xsoar-login.yaml b/exposed-panels/cortex-xsoar-login.yaml
index 8f827c4fab..36c5ec3819 100644
--- a/exposed-panels/cortex-xsoar-login.yaml
+++ b/exposed-panels/cortex-xsoar-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22Cortex+XSOAR%22
-  tags: panel,soar
+  tags: panel,soar,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/couchdb-exposure.yaml b/exposed-panels/couchdb-exposure.yaml
index ba05fd5775..83e4c2e185 100644
--- a/exposed-panels/couchdb-exposure.yaml
+++ b/exposed-panels/couchdb-exposure.yaml
@@ -3,7 +3,7 @@ info:
   name: couchdb exposure
   author: organiccrap
   severity: low
-  tags: panel
+  tags: panel,couchdb
 
 requests:
   - method: GET
@@ -21,4 +21,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposed-panels/couchdb-fauxton.yaml b/exposed-panels/couchdb-fauxton.yaml
index 5ca46a8540..ec99210c94 100644
--- a/exposed-panels/couchdb-fauxton.yaml
+++ b/exposed-panels/couchdb-fauxton.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache CouchDB Fauxton Exposure
   author: pdteam
   severity: low
-  tags: panel
+  tags: panel,apache,couchdb
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '<title>Project Fauxton</title>'
\ No newline at end of file
+          - '<title>Project Fauxton</title>'
diff --git a/exposed-panels/d-link-wireless.yaml b/exposed-panels/d-link-wireless.yaml
index 70a472b484..7ef91edf61 100644
--- a/exposed-panels/d-link-wireless.yaml
+++ b/exposed-panels/d-link-wireless.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6784
-  tags: panel,dlink
+  tags: panel,dlink,router
 
 requests:
   - method: GET
diff --git a/exposed-panels/dell-wyse-login.yaml b/exposed-panels/dell-wyse-login.yaml
index 0e6c9f0f21..377c12a045 100644
--- a/exposed-panels/dell-wyse-login.yaml
+++ b/exposed-panels/dell-wyse-login.yaml
@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: info
   reference: https://research.nccgroup.com/2021/07/06/technical-advisory-arbitrary-file-read-in-dell-wyse-management-suite-cve-2021-21586-cve-2021-21587/
-  tags: panel,dell
+  tags: panel,dell,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/django-admin-panel.yaml b/exposed-panels/django-admin-panel.yaml
index 802041e0f9..5e939f8a82 100644
--- a/exposed-panels/django-admin-panel.yaml
+++ b/exposed-panels/django-admin-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Python Django Admin Panel
   author: pdteam
   severity: info
-  tags: panel
+  tags: panel,django,python
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
         words:
           - "<a href=\"/admin/\">Django administration</a>"
         condition: and
-        part: body
\ No newline at end of file
+        part: body
diff --git a/exposed-panels/druid-console-exposure.yaml b/exposed-panels/druid-console-exposure.yaml
index cdeb366871..7e84cf9204 100644
--- a/exposed-panels/druid-console-exposure.yaml
+++ b/exposed-panels/druid-console-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Alibaba Druid Console Exposure
   author: pdteam
   severity: medium
-  tags: panel
+  tags: panel,alibaba,druid
 
 requests:
   - method: GET
@@ -16,4 +16,4 @@ requests:
         words:
           - 'src="/druid.js"'
           - 'href="/druid.css"'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/exposed-panels/emerson-power-panel.yaml b/exposed-panels/emerson-power-panel.yaml
index 92e76704ce..a8bc9a39cc 100644
--- a/exposed-panels/emerson-power-panel.yaml
+++ b/exposed-panels/emerson-power-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-dork: 'http.title:"Emerson Network Power IntelliSlot Web Card"'
-  tags: panel,intellislot,emerson
+  tags: panel,intellislot,emerson,network
 
 requests:
   - method: GET
diff --git a/exposed-panels/ems-login-panel.yaml b/exposed-panels/ems-login-panel.yaml
index 85879462c6..d21d135a2b 100644
--- a/exposed-panels/ems-login-panel.yaml
+++ b/exposed-panels/ems-login-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: EMS Login page detection
   author: __Fazal
   severity: info
-  tags: panel,ems
+  tags: panel,ems,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/flink-exposure.yaml b/exposed-panels/flink-exposure.yaml
index 3205841860..239e891e27 100644
--- a/exposed-panels/flink-exposure.yaml
+++ b/exposed-panels/flink-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Flink Exposure
   author: pdteam
   severity: low
-  tags: panel
+  tags: panel,apache,flink
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '<title>Apache Flink Web Dashboard</title>'
\ No newline at end of file
+          - '<title>Apache Flink Web Dashboard</title>'
diff --git a/exposed-panels/forcepoint.yaml b/exposed-panels/forcepoint.yaml
index f8fcfb33d1..0c7fcafa93 100644
--- a/exposed-panels/forcepoint.yaml
+++ b/exposed-panels/forcepoint.yaml
@@ -5,7 +5,7 @@ info:
   author: husain
   severity: info
   reference: https://www.forcepoint.com/product/email-security
-  tags: forcepoint,panel
+  tags: forcepoint,panel,login
 
 requests:
   - method: GET
@@ -27,4 +27,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'Version&[a-zA-Z][a-zA-Z][a-zA-Z][a-zA-Z];[0-9]+\.[0-9]'
\ No newline at end of file
+          - 'Version&[a-zA-Z][a-zA-Z][a-zA-Z][a-zA-Z];[0-9]+\.[0-9]'
diff --git a/exposed-panels/fortinet-fortigate-panel.yaml b/exposed-panels/fortinet-fortigate-panel.yaml
index 59f9aaa793..a36a47836d 100644
--- a/exposed-panels/fortinet-fortigate-panel.yaml
+++ b/exposed-panels/fortinet-fortigate-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Fortinet FortiGate SSL VPN Panel
   author: bsysop
   severity: info
-  tags: panel,fortinet
+  tags: panel,fortinet,fortigate
 
 requests:
   - method: GET
diff --git a/exposed-panels/fortiweb-panel.yaml b/exposed-panels/fortiweb-panel.yaml
index ca7b04fff9..566b562d83 100644
--- a/exposed-panels/fortiweb-panel.yaml
+++ b/exposed-panels/fortiweb-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Fortinet FortiWeb Login Panel
   author: PR3R00T
   severity: info
-  tags: panel,fortinet
+  tags: panel,fortinet,fortiweb,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/github-enterprise-detect.yaml b/exposed-panels/github-enterprise-detect.yaml
index bb831d7879..8a7fed4649 100644
--- a/exposed-panels/github-enterprise-detect.yaml
+++ b/exposed-panels/github-enterprise-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Detect Github Enterprise
   author: ehsahil
   severity: info
-  tags: panel
+  tags: panel,github
 
 requests:
   - method: GET
diff --git a/exposed-panels/glpi-authentication.yaml b/exposed-panels/glpi-authentication.yaml
index b5aa1a7a32..0e403b8ccb 100644
--- a/exposed-panels/glpi-authentication.yaml
+++ b/exposed-panels/glpi-authentication.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22GLPI+-+Authentication%22
-  tags: panel,auth
+  tags: panel,auth,glpi
 
 requests:
   - method: GET
diff --git a/exposed-panels/glpi-login.yaml b/exposed-panels/glpi-login.yaml
index 0c9a5af320..d97ecda788 100644
--- a/exposed-panels/glpi-login.yaml
+++ b/exposed-panels/glpi-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: info
   reference: https://www.exploit-db.com/ghdb/7002
-  tags: panel
+  tags: panel,glpi
 
 requests:
   - method: GET
diff --git a/exposed-panels/go-anywhere-client.yaml b/exposed-panels/go-anywhere-client.yaml
index 2413ce7052..3759a6984f 100644
--- a/exposed-panels/go-anywhere-client.yaml
+++ b/exposed-panels/go-anywhere-client.yaml
@@ -4,7 +4,7 @@ info:
   name: GoAnywhere client login detection
   author: iamthefrogy
   severity: info
-  tags: panel,goanywhere
+  tags: panel,goanywhere,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/hadoop-exposure.yaml b/exposed-panels/hadoop-exposure.yaml
index c5b65f05fc..5f3f1b4a49 100644
--- a/exposed-panels/hadoop-exposure.yaml
+++ b/exposed-panels/hadoop-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Hadoop Exposure
   author: pdteam
   severity: low
-  tags: panel
+  tags: panel,apache,hadoop
 
 requests:
   - method: GET
@@ -13,4 +13,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '<div class="navbar-brand">Hadoop</div>'
\ No newline at end of file
+          - '<div class="navbar-brand">Hadoop</div>'
diff --git a/exposed-panels/hivemanager-login-panel.yaml b/exposed-panels/hivemanager-login-panel.yaml
index 3115608ccb..649daec165 100644
--- a/exposed-panels/hivemanager-login-panel.yaml
+++ b/exposed-panels/hivemanager-login-panel.yaml
@@ -3,7 +3,7 @@ info:
   name: HiveManager Login panel
   author: binaryfigments
   severity: info
-  tags: panel,hivemanager
+  tags: panel,hivemanager,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/hp-service-manager.yaml b/exposed-panels/hp-service-manager.yaml
index 4e0086a997..08ed6fc8b3 100644
--- a/exposed-panels/hp-service-manager.yaml
+++ b/exposed-panels/hp-service-manager.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22HP+Service+Manager%22
-  tags: panel,hp
+  tags: panel,hp,service
 
 requests:
   - method: GET
diff --git a/exposed-panels/ibm/ibm-service-assistant.yaml b/exposed-panels/ibm/ibm-service-assistant.yaml
index 14c562382f..eb12ceabdc 100644
--- a/exposed-panels/ibm/ibm-service-assistant.yaml
+++ b/exposed-panels/ibm/ibm-service-assistant.yaml
@@ -4,7 +4,7 @@ info:
   name: IBM Service Assistant
   author: dhiyaneshDK
   severity: info
-  tags: panel,ibm
+  tags: panel,ibm,service
   metadata:
     shodan-query: 'http.title:"Welcome to Service Assistant"'
 
diff --git a/exposed-panels/iptime-router.yaml b/exposed-panels/iptime-router.yaml
index b11cf83bae..9b90fa9fdd 100644
--- a/exposed-panels/iptime-router.yaml
+++ b/exposed-panels/iptime-router.yaml
@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: info
   reference: http://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
-  tags: panel,login
+  tags: panel,login,iptime,router
 
 requests:
   - method: GET
@@ -27,4 +27,4 @@ requests:
         part: body
         group: 1
         regex:
-          - <TITLE>ipTIME ([A-Z0-9_-]+)<\/TITLE>
\ No newline at end of file
+          - <TITLE>ipTIME ([A-Z0-9_-]+)<\/TITLE>
diff --git a/exposed-panels/jeedom-panel.yaml b/exposed-panels/jeedom-panel.yaml
index 382c61003f..ee6cc9431c 100644
--- a/exposed-panels/jeedom-panel.yaml
+++ b/exposed-panels/jeedom-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"Jeedom"
-  tags: panel,jeedom
+  tags: panel,jeedom,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/jfrog.yaml b/exposed-panels/jfrog.yaml
index be15c7fbd8..a4412b55e8 100644
--- a/exposed-panels/jfrog.yaml
+++ b/exposed-panels/jfrog.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6797
-  tags: panel
+  tags: panel,jfrog
 
 requests:
   - method: GET
diff --git a/exposed-panels/kafka-connect-ui.yaml b/exposed-panels/kafka-connect-ui.yaml
index 7eeab84fb6..286da7dd57 100644
--- a/exposed-panels/kafka-connect-ui.yaml
+++ b/exposed-panels/kafka-connect-ui.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Kafka Connect UI Exposure
   author: pdteam
   severity: low
-  tags: panel,kafka
+  tags: panel,kafka,apache
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '<title>Kafka Connect UI</title>'
\ No newline at end of file
+          - '<title>Kafka Connect UI</title>'
diff --git a/exposed-panels/kafka-monitoring.yaml b/exposed-panels/kafka-monitoring.yaml
index d7d75e2c47..c59b3e3920 100644
--- a/exposed-panels/kafka-monitoring.yaml
+++ b/exposed-panels/kafka-monitoring.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Kafka Monitor Exposure
   author: pdteam
   severity: low
-  tags: panel,kafka
+  tags: panel,kafka,apache
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
       - type: word
         words:
           - '>KafkaMonitor</a>'
-          - '>Kafka Monitor GUI</h1>'
\ No newline at end of file
+          - '>Kafka Monitor GUI</h1>'
diff --git a/exposed-panels/kafka-topics-ui.yaml b/exposed-panels/kafka-topics-ui.yaml
index 9b4fc715ae..573fd0d6dd 100644
--- a/exposed-panels/kafka-topics-ui.yaml
+++ b/exposed-panels/kafka-topics-ui.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Kafka Topics UI Exposure
   author: pdteam
   severity: low
-  tags: panel,kafka
+  tags: panel,kafka,apache
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - '<title>Kafka Topics UI - Browse Kafka Data</title>'
\ No newline at end of file
+          - '<title>Kafka Topics UI - Browse Kafka Data</title>'
diff --git a/exposed-panels/key-cloak-admin-panel.yaml b/exposed-panels/key-cloak-admin-panel.yaml
index a927762b28..26c5d683c8 100644
--- a/exposed-panels/key-cloak-admin-panel.yaml
+++ b/exposed-panels/key-cloak-admin-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Keycloak Admin Panel
   author: incogbyte,righettod
   severity: info
-  tags: panel
+  tags: panel,keycloak
 
 requests:
   - method: GET
@@ -21,4 +21,4 @@ requests:
           - "<a href=\"http://www.keycloak.org\">"
           - "keycloak"
         part: body
-        condition: or
\ No newline at end of file
+        condition: or
diff --git a/exposed-panels/lacie-panel.yaml b/exposed-panels/lacie-panel.yaml
index d7497ead8c..af8b774dc3 100644
--- a/exposed-panels/lacie-panel.yaml
+++ b/exposed-panels/lacie-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/7118
-  tags: panel,lacie
+  tags: panel,lacie,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/lancom-router-panel.yaml b/exposed-panels/lancom-router-panel.yaml
index 6faaf29400..9e15b91dda 100644
--- a/exposed-panels/lancom-router-panel.yaml
+++ b/exposed-panels/lancom-router-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Lancom Router Panel
   author: __Fazal
   severity: info
-  tags: panel,lancom
+  tags: panel,lancom,router
 
 requests:
   - method: GET
@@ -19,4 +19,4 @@ requests:
 
       - type: word
         words:
-          - "LANCOM 1790VA-4G"
\ No newline at end of file
+          - "LANCOM 1790VA-4G"
diff --git a/exposed-panels/livezilla-login-panel.yaml b/exposed-panels/livezilla-login-panel.yaml
index 4f5e04c1cd..33956e2e56 100644
--- a/exposed-panels/livezilla-login-panel.yaml
+++ b/exposed-panels/livezilla-login-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Livezilla login detect
   author: __Fazal
   severity: info
-  tags: panel,livezilla
+  tags: panel,livezilla,login
 
 requests:
   - method: GET
@@ -19,4 +19,4 @@ requests:
 
       - type: word
         words:
-          - 'LiveZilla'
\ No newline at end of file
+          - 'LiveZilla'
diff --git a/exposed-panels/metabase-panel.yaml b/exposed-panels/metabase-panel.yaml
index 0834bf34c6..89548eea1e 100644
--- a/exposed-panels/metabase-panel.yaml
+++ b/exposed-panels/metabase-panel.yaml
@@ -7,7 +7,7 @@ info:
   metadata:
     shodan-query: http.title:"Metabase"
   severity: info
-  tags: panel,metabase
+  tags: panel,metabase,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/microsoft-exchange-panel.yaml b/exposed-panels/microsoft-exchange-panel.yaml
index 9db620dfa3..ea0585a8b1 100644
--- a/exposed-panels/microsoft-exchange-panel.yaml
+++ b/exposed-panels/microsoft-exchange-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: r3dg33k
   severity: info
   description: Publicly accessible Microsoft Exchange Server Control Panel
-  tags: microsoft,panel
+  tags: microsoft,panel,exchange
   reference: https://docs.microsoft.com/en-us/answers/questions/58814/block-microsoft-exchange-server-2016-exchange-admi.html
 
 requests:
@@ -21,4 +21,4 @@ requests:
 
       - type: word
         words:
-          - 'Exchange Admin Center'
\ No newline at end of file
+          - 'Exchange Admin Center'
diff --git a/exposed-panels/mobileiron-login.yaml b/exposed-panels/mobileiron-login.yaml
index df72731601..f8134ee8b9 100644
--- a/exposed-panels/mobileiron-login.yaml
+++ b/exposed-panels/mobileiron-login.yaml
@@ -4,7 +4,7 @@ info:
   name: MobileIron Login
   author: dhiyaneshDK,dwisiswant0
   severity: info
-  tags: panel
+  tags: panel,mobileiron
 
 requests:
   - method: GET
diff --git a/exposed-panels/neos-panel.yaml b/exposed-panels/neos-panel.yaml
index d1baa5207d..5075bf0b8f 100644
--- a/exposed-panels/neos-panel.yaml
+++ b/exposed-panels/neos-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: detection of default route to admin login panel based on warranty disclainer in footer
   reference: https://github.com/neos/neos/blob/master/Configuration/Routes.yaml
-  tags: panel,neos,cms
+  tags: panel,neos,cms,login
 
 requests:
   - method: GET
@@ -28,4 +28,4 @@ requests:
     extractors:
       - type: kval
         kval:
-          - 'x_flow_powered'
\ No newline at end of file
+          - 'x_flow_powered'
diff --git a/exposed-panels/netis-router.yaml b/exposed-panels/netis-router.yaml
index 73aea5ed1f..895f82c7bd 100644
--- a/exposed-panels/netis-router.yaml
+++ b/exposed-panels/netis-router.yaml
@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: info
   reference: https://www.tacnetsol.com/blog/cve-2019-8985-rce
-  tags: panel,login,netis
+  tags: panel,login,netis,router
 
 requests:
   - method: GET
diff --git a/exposed-panels/netscaler-aaa-login.yaml b/exposed-panels/netscaler-aaa-login.yaml
index 317b95f7ea..efc686fea2 100644
--- a/exposed-panels/netscaler-aaa-login.yaml
+++ b/exposed-panels/netscaler-aaa-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: info
   reference: https://www.exploit-db.com/ghdb/6898
-  tags: panel,netscaler
+  tags: panel,netscaler,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/nginx-proxy-manager.yaml b/exposed-panels/nginx-proxy-manager.yaml
index 493ecdfb1e..6eaa832afd 100644
--- a/exposed-panels/nginx-proxy-manager.yaml
+++ b/exposed-panels/nginx-proxy-manager.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22Nginx+Proxy+Manager%22
-  tags: panel
+  tags: panel,nginx,proxy
 
 requests:
   - method: GET
diff --git a/exposed-panels/nutanix-web-console-login.yaml b/exposed-panels/nutanix-web-console-login.yaml
index 93fe37c09a..4346f4bcbf 100644
--- a/exposed-panels/nutanix-web-console-login.yaml
+++ b/exposed-panels/nutanix-web-console-login.yaml
@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: info
   description: Default Credentials of admin:admin on Nutanix web console.
-  tags: panel,nutanix
+  tags: panel,nutanix,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/okta-panel.yaml b/exposed-panels/okta-panel.yaml
index c635ac6296..c6df19b54a 100644
--- a/exposed-panels/okta-panel.yaml
+++ b/exposed-panels/okta-panel.yaml
@@ -1,25 +1,25 @@
-id: okta-panel
-
-info:
-  name: Okta Login Panel
-  author: pussycat0x
-  severity: info
-  reference: https://www.shodan.io/search?query=http.title%3A%22okta%22
-  tags: panel,okta
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    redirects: true
-    max-redirects: 2
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Okta - Sign In</title>'
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: okta-panel
+
+info:
+  name: Okta Login Panel
+  author: pussycat0x
+  severity: info
+  reference: https://www.shodan.io/search?query=http.title%3A%22okta%22
+  tags: panel,okta,login
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Okta - Sign In</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/plesk-onyx.yaml b/exposed-panels/plesk-onyx.yaml
index 6f57f7dcf8..98a244e53c 100644
--- a/exposed-panels/plesk-onyx.yaml
+++ b/exposed-panels/plesk-onyx.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6501
-  tags: panel,plesk
+  tags: panel,plesk,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/rabbitmq-dashboard.yaml b/exposed-panels/rabbitmq-dashboard.yaml
index 9a1abcdfe3..732f59a4f4 100644
--- a/exposed-panels/rabbitmq-dashboard.yaml
+++ b/exposed-panels/rabbitmq-dashboard.yaml
@@ -4,7 +4,7 @@ info:
   name: RabbitMQ Dashboard
   author: fyoorer
   severity: info
-  tags: panel
+  tags: panel,rabbitmq
 
 requests:
   - method: GET
diff --git a/exposed-panels/rancher-panel.yaml b/exposed-panels/rancher-panel.yaml
index f7eae0a56f..18fba98578 100644
--- a/exposed-panels/rancher-panel.yaml
+++ b/exposed-panels/rancher-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes.
   reference: https://github.com/rancher/rancher
-  tags: panel,rancher,kubernetes,devops,cloud
+  tags: panel,rancher,kubernetes,devops,cloud,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/rocketmq-console-exposure.yaml b/exposed-panels/rocketmq-console-exposure.yaml
index 9a86dc6984..daecd5cd44 100644
--- a/exposed-panels/rocketmq-console-exposure.yaml
+++ b/exposed-panels/rocketmq-console-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache RocketMQ Console Exposure
   author: pdteam
   severity: info
-  tags: panel
+  tags: panel,apache
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - "<title>RocketMq-console-ng</title>"
\ No newline at end of file
+          - "<title>RocketMq-console-ng</title>"
diff --git a/exposed-panels/samba-swat-panel.yaml b/exposed-panels/samba-swat-panel.yaml
index 833afa73dc..7e69bc9f0c 100644
--- a/exposed-panels/samba-swat-panel.yaml
+++ b/exposed-panels/samba-swat-panel.yaml
@@ -3,7 +3,7 @@ info:
   name: Samba SWAT panel
   author: PR3R00T
   severity: info
-  tags: panel
+  tags: panel,samba
 
 requests:
   - method: GET
diff --git a/exposed-panels/samsung-printer-detect.yaml b/exposed-panels/samsung-printer-detect.yaml
index f5bb474097..d14f077216 100644
--- a/exposed-panels/samsung-printer-detect.yaml
+++ b/exposed-panels/samsung-printer-detect.yaml
@@ -1,24 +1,24 @@
-id: samsung-printer-detect
-
-info:
-  name: SAMSUNG Printer Detection
-  author: pussycat0x
-  severity: info
-  tags: iot,panel,samsung
-  metadata:
-    fofa-query: 'app="SAMSUNG-Printer"'
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/sws/index.html"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title> SyncThru Web Service </title>'
-
-      - type: status
-        status:
-          - 200
+id: samsung-printer-detect
+
+info:
+  name: SAMSUNG Printer Detection
+  author: pussycat0x
+  severity: info
+  tags: iot,panel,samsung,printer
+  metadata:
+    fofa-query: 'app="SAMSUNG-Printer"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sws/index.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title> SyncThru Web Service </title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/sap-hana-xsengine-panel.yaml b/exposed-panels/sap-hana-xsengine-panel.yaml
index 2b6556f77d..fbd5d438be 100644
--- a/exposed-panels/sap-hana-xsengine-panel.yaml
+++ b/exposed-panels/sap-hana-xsengine-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: SAP HANA XSEngine Admin Panel
   author: PR3R00T
   severity: info
-  tags: panel
+  tags: panel,sap
 
 requests:
   - method: GET
diff --git a/exposed-panels/secure-login-panel.yaml b/exposed-panels/secure-login-panel.yaml
index 360eaa811d..382b8d1950 100644
--- a/exposed-panels/secure-login-panel.yaml
+++ b/exposed-panels/secure-login-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"Secure Login Service"
-  tags: panel,sls
+  tags: panel,sls,login,service
 
 requests:
   - method: GET
diff --git a/exposed-panels/sequoiadb-login.yaml b/exposed-panels/sequoiadb-login.yaml
index 311aed2730..935fffd0a1 100644
--- a/exposed-panels/sequoiadb-login.yaml
+++ b/exposed-panels/sequoiadb-login.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"SequoiaDB"
-  tags: sequoiadb,panel
+  tags: sequoiadb,panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/servicedesk-login-panel.yaml b/exposed-panels/servicedesk-login-panel.yaml
index bb50d7d5af..5d949bca29 100644
--- a/exposed-panels/servicedesk-login-panel.yaml
+++ b/exposed-panels/servicedesk-login-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: aashiq
   severity: info
   description: Searches for ServiceDesk login panels by trying to query the "/servicedesk/customer/user/login" endpoint
-  tags: servicedesk,confluence,jira,panel
+  tags: servicedesk,confluence,jira,panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/setup-page-exposure.yaml b/exposed-panels/setup-page-exposure.yaml
index 468f287075..b87711565c 100644
--- a/exposed-panels/setup-page-exposure.yaml
+++ b/exposed-panels/setup-page-exposure.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: medium
   description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive information disclosure
-  tags: panel,zenphoto
+  tags: panel,zenphoto,setup
 
 requests:
   - method: GET
diff --git a/exposed-panels/sharecenter-login.yaml b/exposed-panels/sharecenter-login.yaml
index 1c3df0b1ad..9d44383380 100644
--- a/exposed-panels/sharecenter-login.yaml
+++ b/exposed-panels/sharecenter-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: info
   reference: https://www.exploit-db.com/ghdb/6892
-  tags: panel
+  tags: panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/sitecore-login-panel.yaml b/exposed-panels/sitecore-login-panel.yaml
index 64258de71b..2c6afc303c 100644
--- a/exposed-panels/sitecore-login-panel.yaml
+++ b/exposed-panels/sitecore-login-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Sitecore Login Panel
   author: b4uh0lz
   severity: info
-  tags: panel,sitecore
+  tags: panel,sitecore,login
 
 requests:
   - method: GET
@@ -20,4 +20,4 @@ requests:
       - type: word
         words:
           - "Sitecore Login"
-        part: body
\ No newline at end of file
+        part: body
diff --git a/exposed-panels/siteomat-login.yaml b/exposed-panels/siteomat-login.yaml
index 240ddae406..4b06563b38 100644
--- a/exposed-panels/siteomat-login.yaml
+++ b/exposed-panels/siteomat-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6624
-  tags: panel,siteomat
+  tags: panel,siteomat,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/skycaiji-admin-panel.yaml b/exposed-panels/skycaiji-admin-panel.yaml
index c3d0aac283..302f6cef6f 100644
--- a/exposed-panels/skycaiji-admin-panel.yaml
+++ b/exposed-panels/skycaiji-admin-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: SkyCaiji Admin Panel
   author: princechaddha
   severity: info
-  tags: panel,tech
+  tags: panel,tech,skycaiji
 
 requests:
   - method: GET
diff --git a/exposed-panels/solarwinds-orion.yaml b/exposed-panels/solarwinds-orion.yaml
index e50b653a22..9ab0d7bad7 100644
--- a/exposed-panels/solarwinds-orion.yaml
+++ b/exposed-panels/solarwinds-orion.yaml
@@ -4,7 +4,7 @@ info:
   name: SolarWinds Orion Panel
   author: puzzlepeaches
   severity: info
-  tags: panel
+  tags: panel,solarwinds
 
 requests:
   - method: GET
diff --git a/exposed-panels/solr-exposure.yaml b/exposed-panels/solr-exposure.yaml
index 9bfed42a5f..848666e343 100644
--- a/exposed-panels/solr-exposure.yaml
+++ b/exposed-panels/solr-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Solr Exposure
   author: pdteam
   severity: medium
-  tags: panel,solr
+  tags: panel,solr,apache
   metadata:
     shodan-query: http.title:"Solr Admin"
 
diff --git a/exposed-panels/somfy-login.yaml b/exposed-panels/somfy-login.yaml
index 61c85d3773..8103707ac5 100644
--- a/exposed-panels/somfy-login.yaml
+++ b/exposed-panels/somfy-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Somfy Login Page
   author: DhiyaneshDK
   severity: info
-  tags: panel
+  tags: panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/sonarqube-login.yaml b/exposed-panels/sonarqube-login.yaml
index fed56ea5d9..1f9ab0f8cd 100644
--- a/exposed-panels/sonarqube-login.yaml
+++ b/exposed-panels/sonarqube-login.yaml
@@ -4,7 +4,7 @@ info:
   name: SonarQube panel detect
   author: dhiyaneshDk
   severity: info
-  tags: panel
+  tags: panel,sonarqube
 
 requests:
   - method: GET
diff --git a/exposed-panels/sophos-fw-version-detect.yaml b/exposed-panels/sophos-fw-version-detect.yaml
index b76c34133b..6ac0642b6b 100644
--- a/exposed-panels/sophos-fw-version-detect.yaml
+++ b/exposed-panels/sophos-fw-version-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Sophos Firewall version detection
   author: organiccrap
   severity: info
-  tags: panel
+  tags: panel,sophos
 
 requests:
   - method: GET
@@ -24,4 +24,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
\ No newline at end of file
+          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
diff --git a/exposed-panels/strapi-panel.yaml b/exposed-panels/strapi-panel.yaml
index ff373e8e4f..a4067c3e4d 100644
--- a/exposed-panels/strapi-panel.yaml
+++ b/exposed-panels/strapi-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Strapi Login Panel
   author: idealphase
   severity: info
-  tags: panel,strapi
+  tags: panel,strapi,login
 
 requests:
   - method: GET
@@ -20,4 +20,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposed-panels/terramaster-login.yaml b/exposed-panels/terramaster-login.yaml
index a5f6a1017d..cae8d3f850 100644
--- a/exposed-panels/terramaster-login.yaml
+++ b/exposed-panels/terramaster-login.yaml
@@ -4,7 +4,7 @@ info:
   name: TerraMaster Login Panel
   author: gy741
   severity: info
-  tags: panel,terramaster
+  tags: panel,terramaster,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/tracer-sc-login.yaml b/exposed-panels/tracer-sc-login.yaml
index 7a9f3e9d93..acf00cc90a 100644
--- a/exposed-panels/tracer-sc-login.yaml
+++ b/exposed-panels/tracer-sc-login.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: info
   reference: https://www.trane.com/commercial/north-america/us/en/products-systems/building-management---automation/building-automation-systems/tracer-sc-plus.html
-  tags: tracer,trane,iot,panel
+  tags: tracer,trane,iot,panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/traefik-dashboard.yaml b/exposed-panels/traefik-dashboard.yaml
index 4ec724074d..7d502de723 100644
--- a/exposed-panels/traefik-dashboard.yaml
+++ b/exposed-panels/traefik-dashboard.yaml
@@ -4,7 +4,7 @@ info:
   name: Traefik Dashboard
   author: schniggie,StreetOfHackerR007
   severity: info
-  tags: panel
+  tags: panel,traefik
 
 requests:
   - method: GET
diff --git a/exposed-panels/veeam-backup-azure-panel.yaml b/exposed-panels/veeam-backup-azure-panel.yaml
index bb21930fea..40d72d0ea5 100644
--- a/exposed-panels/veeam-backup-azure-panel.yaml
+++ b/exposed-panels/veeam-backup-azure-panel.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: title:"Veeam Backup for Microsoft Azure"
-  tags: azure,panel,backup,veeam
+  tags: azure,panel,backup,veeam,microsoft
 
 requests:
   - method: GET
diff --git a/exposed-panels/vigor-login.yaml b/exposed-panels/vigor-login.yaml
index d487f7344e..ea9a2b8405 100644
--- a/exposed-panels/vigor-login.yaml
+++ b/exposed-panels/vigor-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6610
-  tags: panel
+  tags: panel,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/vmware-horizon.yaml b/exposed-panels/vmware-horizon.yaml
index 557db326fb..ef142e3df1 100644
--- a/exposed-panels/vmware-horizon.yaml
+++ b/exposed-panels/vmware-horizon.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6496
-  tags: panel
+  tags: panel,horizon,vmware
 
 requests:
   - method: GET
diff --git a/exposed-panels/watchguard-panel.yaml b/exposed-panels/watchguard-panel.yaml
index 6029717174..4144b871fe 100644
--- a/exposed-panels/watchguard-panel.yaml
+++ b/exposed-panels/watchguard-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: ahmetpergamum
   severity: info
   reference: https://www.exploit-db.com/ghdb/7008
-  tags: panel
+  tags: panel,watchguard
 
 requests:
   - method: GET
diff --git a/exposed-panels/web-service-panel.yaml b/exposed-panels/web-service-panel.yaml
index 9a7d309981..99499ae153 100644
--- a/exposed-panels/web-service-panel.yaml
+++ b/exposed-panels/web-service-panel.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/7116
-  tags: panel
+  tags: panel,service
 
 requests:
   - method: GET
diff --git a/exposed-panels/weblogic-login.yaml b/exposed-panels/weblogic-login.yaml
index 06bc069a35..39a4fb59f8 100644
--- a/exposed-panels/weblogic-login.yaml
+++ b/exposed-panels/weblogic-login.yaml
@@ -4,7 +4,7 @@ info:
   name: Weblogic Login Panel
   author: bing0o,meme-lord
   severity: info
-  tags: panel,oracle,weblogic
+  tags: panel,oracle,weblogic,login
   metadata:
     shodan-query: product:"Oracle Weblogic"
 
@@ -27,4 +27,4 @@ requests:
       - type: regex
         group: 1
         regex:
-          - 'WebLogic Server Version: (.*?)<'
\ No newline at end of file
+          - 'WebLogic Server Version: (.*?)<'
diff --git a/exposed-panels/webmin-panel.yaml b/exposed-panels/webmin-panel.yaml
index c75733a336..ee87e5206c 100644
--- a/exposed-panels/webmin-panel.yaml
+++ b/exposed-panels/webmin-panel.yaml
@@ -4,7 +4,7 @@ info:
   name: Webmin Admin Panel
   author: PR3R00T
   severity: info
-  tags: panel
+  tags: panel,webmin
 
 requests:
   - method: GET
diff --git a/exposed-panels/whm-login-detect.yaml b/exposed-panels/whm-login-detect.yaml
index 7976fe89ed..5196b41d8e 100644
--- a/exposed-panels/whm-login-detect.yaml
+++ b/exposed-panels/whm-login-detect.yaml
@@ -1,22 +1,22 @@
-id: whm-login-detect
-info:
-  name: WHM Login Detect
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7128
-  tags: whm,panel
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>WHM Login</title>"
-
-      - type: status
-        status:
-          - 200
+id: whm-login-detect
+info:
+  name: WHM Login Detect
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7128
+  tags: whm,panel,login
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>WHM Login</title>"
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/workspace-one-uem.yaml b/exposed-panels/workspace-one-uem.yaml
index ec19ceb37d..5361a0c5cb 100644
--- a/exposed-panels/workspace-one-uem.yaml
+++ b/exposed-panels/workspace-one-uem.yaml
@@ -5,7 +5,7 @@ info:
   author: gevakun
   severity: info
   reference: https://twitter.com/Jhaddix/status/1295861505963909120
-  tags: panel,workspaceone
+  tags: panel,workspaceone,login
 
 requests:
   - method: GET
diff --git a/exposed-panels/yarn-manager-exposure.yaml b/exposed-panels/yarn-manager-exposure.yaml
index e8b7c3524a..a599206724 100644
--- a/exposed-panels/yarn-manager-exposure.yaml
+++ b/exposed-panels/yarn-manager-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Yarn ResourceManager Exposure / Unauthenticated Access
   author: pdteam
   severity: low
-  tags: panel,apache,yarn
+  tags: panel,apache,yarn,exposure
 
 requests:
   - method: GET
diff --git a/exposures/backups/php-backup-files.yaml b/exposures/backups/php-backup-files.yaml
index 9416761ac3..50a0289cb9 100644
--- a/exposures/backups/php-backup-files.yaml
+++ b/exposures/backups/php-backup-files.yaml
@@ -4,7 +4,7 @@ info:
   name: PHP source disclosure through backup files
   author: StreetOfHackerR007 (Rohit Soni)
   severity: medium
-  tags: exposure,backup,php
+  tags: exposure,backup,php,disclosure
 
 requests:
   - method: GET
@@ -48,4 +48,4 @@ requests:
           - "text/plain"
           - "bytes"
         part: header
-        condition: or
\ No newline at end of file
+        condition: or
diff --git a/exposures/backups/sql-dump.yaml b/exposures/backups/sql-dump.yaml
index c6747c39b3..0bf0d2bcb0 100644
--- a/exposures/backups/sql-dump.yaml
+++ b/exposures/backups/sql-dump.yaml
@@ -4,7 +4,7 @@ info:
   name: MySQL Dump Files
   author: geeknik,dwisiswant0
   severity: medium
-  tags: exposure,backup
+  tags: exposure,backup,mysql
 
 requests:
   - method: GET
diff --git a/exposures/configs/alibaba-canal-info-leak.yaml b/exposures/configs/alibaba-canal-info-leak.yaml
index 424d0f6848..bfb98b7311 100644
--- a/exposures/configs/alibaba-canal-info-leak.yaml
+++ b/exposures/configs/alibaba-canal-info-leak.yaml
@@ -4,7 +4,7 @@ info:
   name: Alibaba Canal Info Leak
   author: pikpikcu
   severity: info
-  tags: config,exposure
+  tags: config,exposure,alibaba
   reference:
     - https://github.com/alibaba/canal/issues/632
     - https://netty.io/wiki/reference-counted-objects.html
diff --git a/exposures/configs/circleci-config.yaml b/exposures/configs/circleci-config.yaml
index 98cf8b37cf..ba9570ab74 100644
--- a/exposures/configs/circleci-config.yaml
+++ b/exposures/configs/circleci-config.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: low
   reference: https://circleci.com/docs/2.0/sample-config/
-  tags: config,exposure
+  tags: config,exposure,circleci
 
 requests:
   - method: GET
diff --git a/exposures/configs/circleci-ssh-config.yaml b/exposures/configs/circleci-ssh-config.yaml
index 3c3d245991..0d19b816b8 100644
--- a/exposures/configs/circleci-ssh-config.yaml
+++ b/exposures/configs/circleci-ssh-config.yaml
@@ -4,7 +4,7 @@ info:
   name: circleci ssh-config exposure
   author: geeknik
   severity: low
-  tags: config,exposure
+  tags: config,exposure,circleci
 
 requests:
   - method: GET
diff --git a/exposures/configs/cisco-network-config.yaml b/exposures/configs/cisco-network-config.yaml
index a1de4cc36a..04d2a4045e 100644
--- a/exposures/configs/cisco-network-config.yaml
+++ b/exposures/configs/cisco-network-config.yaml
@@ -5,7 +5,7 @@ info:
   author: DhiyaneshDk
   severity: low
   reference: https://www.exploit-db.com/ghdb/5430
-  tags: config,exposure
+  tags: config,exposure,cisco,network
 
 requests:
   - method: GET
diff --git a/exposures/configs/codeigniter-env.yaml b/exposures/configs/codeigniter-env.yaml
index e3967f0ff8..3d19875c13 100644
--- a/exposures/configs/codeigniter-env.yaml
+++ b/exposures/configs/codeigniter-env.yaml
@@ -4,7 +4,7 @@ info:
   name: Codeigniter .env file
   author: emenalf
   severity: high
-  tags: config,exposure
+  tags: config,exposure,codeigniter
 
 requests:
   - method: GET
@@ -32,4 +32,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposures/configs/git-config-nginxoffbyslash.yaml b/exposures/configs/git-config-nginxoffbyslash.yaml
index d252900fb5..5861f9adc1 100644
--- a/exposures/configs/git-config-nginxoffbyslash.yaml
+++ b/exposures/configs/git-config-nginxoffbyslash.yaml
@@ -4,7 +4,7 @@ info:
   author: organiccrap
   severity: medium
   description: Nginx off-by-slash vulnerability exposes Git configuration.
-  tags: config,exposure
+  tags: config,exposure,nginx
   reference:
     - https://twitter.com/Random_Robbie/status/1262676628167110656
     - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py
diff --git a/exposures/configs/hikvision-info-leak.yaml b/exposures/configs/hikvision-info-leak.yaml
index c9c6095b67..a626f8a44f 100644
--- a/exposures/configs/hikvision-info-leak.yaml
+++ b/exposures/configs/hikvision-info-leak.yaml
@@ -4,7 +4,7 @@ info:
   name: Hikvision Info Leak
   author: pikpikcu
   severity: medium
-  tags: exposure,config
+  tags: exposure,config,hikvision
 
 requests:
   - method: GET
@@ -22,4 +22,4 @@ requests:
       - type: word
         words:
           - "text/xml"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/exposures/configs/jetbrains-datasources.yaml b/exposures/configs/jetbrains-datasources.yaml
index 2be4dd0504..c04e2673e5 100644
--- a/exposures/configs/jetbrains-datasources.yaml
+++ b/exposures/configs/jetbrains-datasources.yaml
@@ -5,7 +5,7 @@ info:
   author: FlorianMaak
   severity: info
   description: Contains uuid of datasource to retrieve via .idea/dataSources/{uuid}.xml to expose database structure.
-  tags: config,exposure
+  tags: config,exposure,jetbrains
 
 requests:
   - method: GET
diff --git a/exposures/configs/joomla-config-file.yaml b/exposures/configs/joomla-config-file.yaml
index 04f75c426a..676958e944 100644
--- a/exposures/configs/joomla-config-file.yaml
+++ b/exposures/configs/joomla-config-file.yaml
@@ -5,7 +5,7 @@ info:
   author: oppsec
   severity: low
   description: configuration.php-dist is a file created by Joomla to save Joomla settings.
-  tags: config,exposure
+  tags: config,exposure,joomla
 
 requests:
   - method: GET
diff --git a/exposures/configs/kubernetes-kustomization-disclosure.yaml b/exposures/configs/kubernetes-kustomization-disclosure.yaml
index c7ac644556..aab37e4992 100644
--- a/exposures/configs/kubernetes-kustomization-disclosure.yaml
+++ b/exposures/configs/kubernetes-kustomization-disclosure.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: medium
   reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/kubernetes-kustomization-disclosure.json
-  tags: exposure,config
+  tags: exposure,config,kubernetes
 
 requests:
   - method: GET
diff --git a/exposures/configs/kyan-credential-exposure.yaml b/exposures/configs/kyan-credential-exposure.yaml
index ce77127596..93512bb62f 100644
--- a/exposures/configs/kyan-credential-exposure.yaml
+++ b/exposures/configs/kyan-credential-exposure.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   reference:
     - https://mp.weixin.qq.com/s/6phWjDrGG0pCpGuCdLusIg
-  tags: kyan,exposure,config
+  tags: kyan,exposure,config,network
 
 requests:
   - method: GET
diff --git a/exposures/configs/nagios-status-page.yaml b/exposures/configs/nagios-status-page.yaml
index cb60f87cd9..29e9cb549b 100644
--- a/exposures/configs/nagios-status-page.yaml
+++ b/exposures/configs/nagios-status-page.yaml
@@ -4,7 +4,7 @@ info:
   name: Nagios Current Status Page
   author: dhiyaneshDk
   severity: low
-  tags: exposure,nagios
+  tags: exposure,nagios,status
   reference: https://www.exploit-db.com/ghdb/6918
 
 requests:
diff --git a/exposures/configs/opcache-status-exposure.yaml b/exposures/configs/opcache-status-exposure.yaml
index de7cba5078..1a576ac817 100644
--- a/exposures/configs/opcache-status-exposure.yaml
+++ b/exposures/configs/opcache-status-exposure.yaml
@@ -4,7 +4,7 @@ info:
   name: OPcache Status Exposure
   author: pdteam
   severity: low
-  tags: config,exposure
+  tags: config,exposure,status
 
 requests:
   - method: GET
@@ -18,4 +18,4 @@ requests:
           - "<th>opcache_enabled</th>"
           - "<th>opcache_hit_rate</th>"
         condition: and
-        part: body
\ No newline at end of file
+        part: body
diff --git a/exposures/configs/perl-status.yaml b/exposures/configs/perl-status.yaml
index 805f1b124f..76d539b2d2 100644
--- a/exposures/configs/perl-status.yaml
+++ b/exposures/configs/perl-status.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache mod_perl Status Page Exposure
   author: pdteam
   severity: medium
-  tags: config,exposure
+  tags: config,exposure,apache,status
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
         words:
           - "<title>Apache2::Status"
           - "Perl version"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/exposures/configs/phpinfo.yaml b/exposures/configs/phpinfo.yaml
index 9f8af1ce1e..de732be701 100644
--- a/exposures/configs/phpinfo.yaml
+++ b/exposures/configs/phpinfo.yaml
@@ -4,7 +4,7 @@ info:
   name: phpinfo Disclosure
   author: pdteam,daffainfo,meme-lord,dhiyaneshDK
   severity: low
-  tags: config,exposure
+  tags: config,exposure,phpinfo
 
 requests:
   - method: GET
diff --git a/exposures/configs/ruijie-phpinfo.yaml b/exposures/configs/ruijie-phpinfo.yaml
index b57e02ab73..85111312a5 100644
--- a/exposures/configs/ruijie-phpinfo.yaml
+++ b/exposures/configs/ruijie-phpinfo.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: low
   reference: https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20phpinfo.view.php%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
-  tags: phpinfo,rujjie,config,exposure
+  tags: phpinfo,rujjie,config,exposure,ruijie
 
 requests:
   - method: GET
diff --git a/exposures/configs/samba-config.yaml b/exposures/configs/samba-config.yaml
index bf58536c4f..15e05034c0 100644
--- a/exposures/configs/samba-config.yaml
+++ b/exposures/configs/samba-config.yaml
@@ -4,7 +4,7 @@ info:
   name: Samba config file disclosure
   author: sheikhrishad
   severity: info
-  tags: config,exposure,smb
+  tags: config,exposure,smb,samba
 
 requests:
   - method: GET
@@ -21,4 +21,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/exposures/configs/server-private-keys.yaml b/exposures/configs/server-private-keys.yaml
index 3bfc5c6d13..0cc6c96dbc 100644
--- a/exposures/configs/server-private-keys.yaml
+++ b/exposures/configs/server-private-keys.yaml
@@ -50,4 +50,4 @@ requests:
         dsl:
           - '!contains(body_2, "<html")'
           - '!contains(body_2, "<HTML")'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/exposures/files/domcfg-page.yaml b/exposures/files/domcfg-page.yaml
index 1d9bad7a50..d728bf0593 100644
--- a/exposures/files/domcfg-page.yaml
+++ b/exposures/files/domcfg-page.yaml
@@ -4,7 +4,7 @@ info:
   author: gevakun
   severity: low
   reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824
-  tags: exposure
+  tags: exposure,lotus
 
 requests:
   - method: GET
diff --git a/exposures/files/drupal-install.yaml b/exposures/files/drupal-install.yaml
index 664b8c4d40..b681c5193f 100644
--- a/exposures/files/drupal-install.yaml
+++ b/exposures/files/drupal-install.yaml
@@ -4,7 +4,7 @@ info:
   name: Drupal Install
   author: NkxxkN
   severity: low
-  tags: exposure
+  tags: exposure,drupal
 
 requests:
   - method: GET
diff --git a/exposures/files/exposed-alps-spring.yaml b/exposures/files/exposed-alps-spring.yaml
index 67f0809567..e46c800dfe 100644
--- a/exposures/files/exposed-alps-spring.yaml
+++ b/exposures/files/exposed-alps-spring.yaml
@@ -4,7 +4,7 @@ info:
   name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
   author: dwisiswant0
   severity: medium
-  tags: exposure
+  tags: exposure,spring
   reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
 
 requests:
diff --git a/exposures/files/github-page-config.yaml b/exposures/files/github-page-config.yaml
index 368ddee069..a2563fd40d 100644
--- a/exposures/files/github-page-config.yaml
+++ b/exposures/files/github-page-config.yaml
@@ -5,7 +5,7 @@ info:
   author: hahwul
   severity: info
   description: Find github pages config file.
-  tags: github,exposure
+  tags: github,exposure,config
 
 requests:
   - method: GET
@@ -23,4 +23,4 @@ requests:
           - "jekyll"
           - "title"
           - "baseurl"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/exposures/files/glpi-status-ldap-domain-disclosure.yaml b/exposures/files/glpi-status-ldap-domain-disclosure.yaml
index 9c912eac72..906f384c38 100644
--- a/exposures/files/glpi-status-ldap-domain-disclosure.yaml
+++ b/exposures/files/glpi-status-ldap-domain-disclosure.yaml
@@ -4,7 +4,7 @@ info:
   name: GLPI Status Domain Disclosure
   author: dogasantos
   severity: info
-  tags: glpi,exposure
+  tags: glpi,exposure,status
 
 requests:
   - method: GET
diff --git a/exposures/files/rails-secret-token-disclosure.yaml b/exposures/files/rails-secret-token-disclosure.yaml
index 047262e88b..8c7d76f9df 100644
--- a/exposures/files/rails-secret-token-disclosure.yaml
+++ b/exposures/files/rails-secret-token-disclosure.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: medium
   reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json
-  tags: exposure,files
+  tags: exposure,files,rails,ruby,token
 
 requests:
   - method: GET
diff --git a/exposures/files/sensitive-storage-exposure.yaml b/exposures/files/sensitive-storage-exposure.yaml
index a65916dea3..0b841cf60b 100644
--- a/exposures/files/sensitive-storage-exposure.yaml
+++ b/exposures/files/sensitive-storage-exposure.yaml
@@ -1,29 +1,29 @@
-id: sensitive-storage-data-expose
-info:
-  name: Sensitive Storage Data Exposed
-  author: pussycat0x
-  severity: medium
-  description: Searches for sensitive keys file,logs,debugbar,app.
-  reference: https://www.exploit-db.com/ghdb/6304
-  tags: expose,listing,config,logs
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/storage/"
-      - "{{BaseURL}}/api_smartapp/storage/"
-      - "{{BaseURL}}/equipbid/storage/"
-      - "{{BaseURL}}/server/storage/"
-      - "{{BaseURL}}/intikal/storage/"
-      - "{{BaseURL}}/elocker_old/storage/"
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "oauth-private.key"
-          - "oauth-private.key"
-        condition: and
-      - type: status
-        status:
-          - 200
+id: sensitive-storage-data-expose
+info:
+  name: Sensitive Storage Data Exposed
+  author: pussycat0x
+  severity: medium
+  description: Searches for sensitive keys file,logs,debugbar,app.
+  reference: https://www.exploit-db.com/ghdb/6304
+  tags: expose,listing,config,logs,storage
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/storage/"
+      - "{{BaseURL}}/api_smartapp/storage/"
+      - "{{BaseURL}}/equipbid/storage/"
+      - "{{BaseURL}}/server/storage/"
+      - "{{BaseURL}}/intikal/storage/"
+      - "{{BaseURL}}/elocker_old/storage/"
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "oauth-private.key"
+          - "oauth-private.key"
+        condition: and
+      - type: status
+        status:
+          - 200
diff --git a/exposures/logs/error-logs.yaml b/exposures/logs/error-logs.yaml
index ffa763ae58..6689addbc3 100644
--- a/exposures/logs/error-logs.yaml
+++ b/exposures/logs/error-logs.yaml
@@ -3,7 +3,7 @@ info:
   name: common error log files
   author: geeknik,daffainfo
   severity: low
-  tags: logs,exposure
+  tags: logs,exposure,error
 
 requests:
   - method: GET
diff --git a/exposures/logs/struts-debug-mode.yaml b/exposures/logs/struts-debug-mode.yaml
index 9a8b14dbe7..8abc5f4364 100644
--- a/exposures/logs/struts-debug-mode.yaml
+++ b/exposures/logs/struts-debug-mode.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Struts setup in Debug-Mode
   author: pdteam
   severity: low
-  tags: logs,struts,apache,exposure
+  tags: logs,struts,apache,exposure,setup
 
 requests:
   - method: GET
@@ -16,4 +16,4 @@ requests:
         words:
           - "<debug>"
           - "<struts.actionMapping>"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/exposures/tokens/amazon/amazon-mws-auth-token.yaml b/exposures/tokens/amazon/amazon-mws-auth-token.yaml
index 7bf17d69fb..eb41de1dae 100644
--- a/exposures/tokens/amazon/amazon-mws-auth-token.yaml
+++ b/exposures/tokens/amazon/amazon-mws-auth-token.yaml
@@ -1,18 +1,18 @@
-id: amazon-mws-auth-token
-
-info:
-  name: Amazon MWS Auth Token
-  author: puzzlepeaches
-  severity: info
-  tags: exposure,token,aws
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+id: amazon-mws-auth-token
+
+info:
+  name: Amazon MWS Auth Token
+  author: puzzlepeaches
+  severity: info
+  tags: exposure,token,aws,amazon,auth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
diff --git a/exposures/tokens/generic/general-tokens.yaml b/exposures/tokens/generic/general-tokens.yaml
index 7a2bb134c8..c8adae21bc 100644
--- a/exposures/tokens/generic/general-tokens.yaml
+++ b/exposures/tokens/generic/general-tokens.yaml
@@ -1,45 +1,45 @@
-id: generic-tokens
-
-info:
-  name: Generic Tokens
-  author: nadino,geeknik
-  severity: info
-  tags: exposure,token
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - regex("TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-          - regex("API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-          - regex("KEY[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-          - regex("SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-          - regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-          - regex("PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
-
-      - type: regex
-        part: body
-        regex:
-          - '(?i)key(sinternal|up|down|press|boardnavigation|words?|board|ebrow|board_fill|_retry_interval|_fetched|_expiresat|board_shortcuts|s_close|s_previous|s_next|s_zoom|s_play_pause)'
-          - '(?i)password(lessauth|requirementsashtmllist|emailnotfoundmessage|label|errormessage|message|_checkemail_title|_newfield_retype|_text_new|login_submit|_has_expired_title|_has_expired_text|_error|_hint|_strength)'
-          - '(?i)(!native)|(.*keybindings)'
-          - '(?i)(layout|a)key'
-          - '(?i)token_expires_in'
-        condition: or
-        negative: true
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - (T|t)(O|o)(K|k)(E|e)(N|n)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)+()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
-          - (A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
-          - (K|k)(E|e)(Y|y)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
-          - (S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
-          - (A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
-          - (P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
+id: generic-tokens
+
+info:
+  name: Generic Tokens
+  author: nadino,geeknik
+  severity: info
+  tags: exposure,token,generic
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - regex("TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+          - regex("API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+          - regex("KEY[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+          - regex("SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+          - regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+          - regex("PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))
+
+      - type: regex
+        part: body
+        regex:
+          - '(?i)key(sinternal|up|down|press|boardnavigation|words?|board|ebrow|board_fill|_retry_interval|_fetched|_expiresat|board_shortcuts|s_close|s_previous|s_next|s_zoom|s_play_pause)'
+          - '(?i)password(lessauth|requirementsashtmllist|emailnotfoundmessage|label|errormessage|message|_checkemail_title|_newfield_retype|_text_new|login_submit|_has_expired_title|_has_expired_text|_error|_hint|_strength)'
+          - '(?i)(!native)|(.*keybindings)'
+          - '(?i)(layout|a)key'
+          - '(?i)token_expires_in'
+        condition: or
+        negative: true
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - (T|t)(O|o)(K|k)(E|e)(N|n)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)+()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
+          - (A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
+          - (K|k)(E|e)(Y|y)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")?
+          - (S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
+          - (A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
+          - (P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")?
diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml
index 0c3d4080a0..6128f1217d 100644
--- a/exposures/tokens/generic/shoppable-token.yaml
+++ b/exposures/tokens/generic/shoppable-token.yaml
@@ -5,7 +5,7 @@ info:
   author: philippedelteil
   severity: info
   reference: https://ask.shoppable.com/knowledge/quick-start-api-guide
-  tags: exposure,shoppable,token
+  tags: exposure,shoppable,token,auth,service
 
 requests:
   - method: GET
diff --git a/exposures/tokens/google/oauth-access-key.yaml b/exposures/tokens/google/oauth-access-key.yaml
index 20d29e3b76..0c0955ec13 100755
--- a/exposures/tokens/google/oauth-access-key.yaml
+++ b/exposures/tokens/google/oauth-access-key.yaml
@@ -4,7 +4,7 @@ info:
   name: Google OAuth Access Key Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,google
 
 requests:
   - method: GET
@@ -15,4 +15,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'ya29\.[0-9A-Za-z\-_]+'
\ No newline at end of file
+          - 'ya29\.[0-9A-Za-z\-_]+'
diff --git a/exposures/tokens/microsoft/microsoft-teams-webhook.yaml b/exposures/tokens/microsoft/microsoft-teams-webhook.yaml
index 0c1015e573..0c0bf6d78e 100755
--- a/exposures/tokens/microsoft/microsoft-teams-webhook.yaml
+++ b/exposures/tokens/microsoft/microsoft-teams-webhook.yaml
@@ -4,7 +4,7 @@ info:
   name: Microsoft Teams Webhook Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,microsoft
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+'
\ No newline at end of file
+          - 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+'
diff --git a/exposures/tokens/paypal/braintree-access-token.yaml b/exposures/tokens/paypal/braintree-access-token.yaml
index fc4e695c66..cc50596326 100755
--- a/exposures/tokens/paypal/braintree-access-token.yaml
+++ b/exposures/tokens/paypal/braintree-access-token.yaml
@@ -4,7 +4,7 @@ info:
   name: PayPal Braintree Access Token Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,paypal
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
\ No newline at end of file
+          - 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
diff --git a/exposures/tokens/sendgrid/sendgrid-api-key.yaml b/exposures/tokens/sendgrid/sendgrid-api-key.yaml
index 9c8b341d5c..cb06fc3ffc 100644
--- a/exposures/tokens/sendgrid/sendgrid-api-key.yaml
+++ b/exposures/tokens/sendgrid/sendgrid-api-key.yaml
@@ -4,7 +4,7 @@ info:
   name: Sendgrid API Key Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,sendgrid
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
\ No newline at end of file
+          - 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
diff --git a/exposures/tokens/sonarqube/sonarqube-token.yaml b/exposures/tokens/sonarqube/sonarqube-token.yaml
index c9c3704ac9..b4f1b1b979 100755
--- a/exposures/tokens/sonarqube/sonarqube-token.yaml
+++ b/exposures/tokens/sonarqube/sonarqube-token.yaml
@@ -4,7 +4,7 @@ info:
   name: SonarQube Token Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,sonarqube
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
\ No newline at end of file
+          - "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
diff --git a/exposures/tokens/stripe/stripe-restricted-key.yaml b/exposures/tokens/stripe/stripe-restricted-key.yaml
index f5e5d5e0cb..cdf368d652 100755
--- a/exposures/tokens/stripe/stripe-restricted-key.yaml
+++ b/exposures/tokens/stripe/stripe-restricted-key.yaml
@@ -4,7 +4,7 @@ info:
   name: Stripe Restricted Key Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,stripe
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
\ No newline at end of file
+          - 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
diff --git a/exposures/tokens/stripe/stripe-secret-key.yaml b/exposures/tokens/stripe/stripe-secret-key.yaml
index 59f0d8b8a2..e2e7d6de26 100755
--- a/exposures/tokens/stripe/stripe-secret-key.yaml
+++ b/exposures/tokens/stripe/stripe-secret-key.yaml
@@ -4,7 +4,7 @@ info:
   name: Stripe Secret Key Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,stripe
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
\ No newline at end of file
+          - 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
diff --git a/exposures/tokens/zoho/zoho-webhook-token.yaml b/exposures/tokens/zoho/zoho-webhook-token.yaml
index 0e30c9288e..3fccd958a2 100755
--- a/exposures/tokens/zoho/zoho-webhook-token.yaml
+++ b/exposures/tokens/zoho/zoho-webhook-token.yaml
@@ -4,7 +4,7 @@ info:
   name: Zoho Webhook Disclosure
   author: Ice3man
   severity: info
-  tags: exposure,token
+  tags: exposure,token,zoho
 
 requests:
   - method: GET
@@ -14,4 +14,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
\ No newline at end of file
+          - 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
diff --git a/file/android/webview-javascript.yaml b/file/android/webview-javascript.yaml
index 9637251e12..34f4b7bfc1 100644
--- a/file/android/webview-javascript.yaml
+++ b/file/android/webview-javascript.yaml
@@ -4,7 +4,7 @@ info:
   name: Webview JavaScript enabled
   author: gaurang
   severity: info
-  tags: android,file
+  tags: android,file,javascript
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     matchers:
       - type: word
         words:
-          - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V"
\ No newline at end of file
+          - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V"
diff --git a/file/keys/amazon-mws-auth-token.yaml b/file/keys/amazon-mws-auth-token.yaml
index 69843674c0..0ab5703b9c 100644
--- a/file/keys/amazon-mws-auth-token.yaml
+++ b/file/keys/amazon-mws-auth-token.yaml
@@ -4,7 +4,7 @@ info:
   name: Amazon MWS Auth Token
   author: gaurang
   severity: medium
-  tags: token,file
+  tags: token,file,amazon,auth
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
\ No newline at end of file
+          - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
diff --git a/file/keys/cloudinary.yaml b/file/keys/cloudinary.yaml
index 960dabd6e3..0823117195 100644
--- a/file/keys/cloudinary.yaml
+++ b/file/keys/cloudinary.yaml
@@ -4,7 +4,7 @@ info:
   name: Cloudinary Basic Auth
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,cloudinary
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
\ No newline at end of file
+          - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
diff --git a/file/keys/credential-exposure.yaml b/file/keys/credential-exposure.yaml
index 71ed00a1ab..732ad44e81 100644
--- a/file/keys/credential-exposure.yaml
+++ b/file/keys/credential-exposure.yaml
@@ -15,7 +15,7 @@ info:
   author: Sy3Omda,geeknik
   severity: info
   description: Look for multiple keys/tokens/passwords hidden inside of files.
-  tags: exposure,token,file
+  tags: exposure,token,file,disclosure
 
 file:
   - extensions:
diff --git a/file/keys/credentials.yaml b/file/keys/credentials.yaml
index 484b2e6710..1c7e110e0a 100644
--- a/file/keys/credentials.yaml
+++ b/file/keys/credentials.yaml
@@ -4,7 +4,7 @@ info:
   name: Basic Auth Credentials
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,auth
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
\ No newline at end of file
+          - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
diff --git a/file/keys/facebook-client-id.yaml b/file/keys/facebook-client-id.yaml
index 038fdbd646..91942db402 100644
--- a/file/keys/facebook-client-id.yaml
+++ b/file/keys/facebook-client-id.yaml
@@ -4,7 +4,7 @@ info:
   name: Facebook Client ID
   author: gaurang
   severity: info
-  tags: token,file
+  tags: token,file,facebook
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
\ No newline at end of file
+          - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
diff --git a/file/keys/facebook-secret.yaml b/file/keys/facebook-secret.yaml
index ebd1df4171..63da7e748e 100644
--- a/file/keys/facebook-secret.yaml
+++ b/file/keys/facebook-secret.yaml
@@ -4,7 +4,7 @@ info:
   name: Facebook Secret Key
   author: gaurang
   severity: low
-  tags: token,file
+  tags: token,file,facebook
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
\ No newline at end of file
+          - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
diff --git a/file/keys/firebase-database.yaml b/file/keys/firebase-database.yaml
index 62a323df09..b02e6e2190 100644
--- a/file/keys/firebase-database.yaml
+++ b/file/keys/firebase-database.yaml
@@ -4,7 +4,7 @@ info:
   name: Firebase Database Detect
   author: gaurang
   severity: info
-  tags: token,file
+  tags: token,file,firebase
 
 file:
   - extensions:
@@ -14,4 +14,4 @@ file:
       - type: regex
         regex:
           - "[a-z0-9.-]+\\.firebaseio\\.com"
-          - "[a-z0-9.-]+\\.firebaseapp\\.com"
\ No newline at end of file
+          - "[a-z0-9.-]+\\.firebaseapp\\.com"
diff --git a/file/keys/gcp-service-account.yaml b/file/keys/gcp-service-account.yaml
index 8f4b0a4129..9dd972a00f 100644
--- a/file/keys/gcp-service-account.yaml
+++ b/file/keys/gcp-service-account.yaml
@@ -4,7 +4,7 @@ info:
   name: Google (GCP) Service-account
   author: gaurang
   severity: low
-  tags: token,file
+  tags: token,file,google
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "\"type\": \"service_account\""
\ No newline at end of file
+          - "\"type\": \"service_account\""
diff --git a/file/keys/github-personal-token.yaml b/file/keys/github-personal-token.yaml
index ac9983c6b6..97227c7fc5 100644
--- a/file/keys/github-personal-token.yaml
+++ b/file/keys/github-personal-token.yaml
@@ -4,7 +4,7 @@ info:
   name: Github Personal Token
   author: geeknik
   severity: high
-  tags: token,file
+  tags: token,file,github
 
 file:
   - extensions:
diff --git a/file/keys/google-api.yaml b/file/keys/google-api.yaml
index 8fc2776945..1242ce0367 100644
--- a/file/keys/google-api.yaml
+++ b/file/keys/google-api.yaml
@@ -4,7 +4,7 @@ info:
   name: Google API key
   author: gaurang
   severity: info
-  tags: token,file
+  tags: token,file,google
 
 file:
   - extensions:
diff --git a/file/keys/linkedin-id.yaml b/file/keys/linkedin-id.yaml
index dedc141863..209dcb4d6e 100644
--- a/file/keys/linkedin-id.yaml
+++ b/file/keys/linkedin-id.yaml
@@ -4,7 +4,7 @@ info:
   name: Linkedin Client ID
   author: gaurang
   severity: low
-  tags: token,file
+  tags: token,file,linkedin
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
\ No newline at end of file
+          - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
diff --git a/file/keys/mailchimp-api.yaml b/file/keys/mailchimp-api.yaml
index 226457a440..7e5a4bad37 100644
--- a/file/keys/mailchimp-api.yaml
+++ b/file/keys/mailchimp-api.yaml
@@ -4,7 +4,7 @@ info:
   name: Mailchimp API Key
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,mailchimp
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "[0-9a-f]{32}-us[0-9]{1,2}"
\ No newline at end of file
+          - "[0-9a-f]{32}-us[0-9]{1,2}"
diff --git a/file/keys/mailgun-api.yaml b/file/keys/mailgun-api.yaml
index 917fb270c0..ec96ecfed8 100644
--- a/file/keys/mailgun-api.yaml
+++ b/file/keys/mailgun-api.yaml
@@ -4,7 +4,7 @@ info:
   name: Mailgun API Key
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,mailgun
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "key-[0-9a-zA-Z]{32}"
\ No newline at end of file
+          - "key-[0-9a-zA-Z]{32}"
diff --git a/file/keys/paypal-braintree-token.yaml b/file/keys/paypal-braintree-token.yaml
index 53cbc3564c..59dc3e8dbd 100644
--- a/file/keys/paypal-braintree-token.yaml
+++ b/file/keys/paypal-braintree-token.yaml
@@ -4,7 +4,7 @@ info:
   name: Paypal Braintree Access Token
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,paypal
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
\ No newline at end of file
+          - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
diff --git a/file/keys/s3-bucket.yaml b/file/keys/s3-bucket.yaml
index 2451b6f9a6..e51f559e8c 100644
--- a/file/keys/s3-bucket.yaml
+++ b/file/keys/s3-bucket.yaml
@@ -4,7 +4,7 @@ info:
   name: S3 Bucket Detect
   author: gaurang
   severity: info
-  tags: token,file
+  tags: token,file,bucket
 
 file:
   - extensions:
@@ -17,4 +17,4 @@ file:
           - "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com"
           - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)"
           - "//s3\\.amazonaws\\.com/[a-z0-9._-]+"
-          - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+"
\ No newline at end of file
+          - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+"
diff --git a/file/keys/sendgrid-api.yaml b/file/keys/sendgrid-api.yaml
index 4b5c0e3c65..000c4516ea 100644
--- a/file/keys/sendgrid-api.yaml
+++ b/file/keys/sendgrid-api.yaml
@@ -4,7 +4,7 @@ info:
   name: Sendgrid API Key
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,sendgrid
 
 file:
   - extensions:
diff --git a/file/keys/slack-api.yaml b/file/keys/slack-api.yaml
index 96801a34e1..ea761c24d4 100644
--- a/file/keys/slack-api.yaml
+++ b/file/keys/slack-api.yaml
@@ -4,7 +4,7 @@ info:
   name: Slack API Key
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,slack
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "xox[baprs]-([0-9a-zA-Z]{10,48})?"
\ No newline at end of file
+          - "xox[baprs]-([0-9a-zA-Z]{10,48})?"
diff --git a/file/keys/slack-webhook.yaml b/file/keys/slack-webhook.yaml
index 0ed290829d..97548ae165 100644
--- a/file/keys/slack-webhook.yaml
+++ b/file/keys/slack-webhook.yaml
@@ -4,7 +4,7 @@ info:
   name: Slack Webhook
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,slack
 
 file:
   - extensions:
diff --git a/file/keys/square-access-token.yaml b/file/keys/square-access-token.yaml
index 6d29fc31d3..5601c992e7 100644
--- a/file/keys/square-access-token.yaml
+++ b/file/keys/square-access-token.yaml
@@ -4,7 +4,7 @@ info:
   name: Square Access Token
   author: gaurang,daffainfo
   severity: high
-  tags: token,file
+  tags: token,file,square
 
 file:
   - extensions:
@@ -14,4 +14,4 @@ file:
       - type: regex
         regex:
           - "EAAAE[a-zA-Z0-9_-]{59}"
-          - "sq0atp-[0-9A-Za-z\\-_]{22}"
\ No newline at end of file
+          - "sq0atp-[0-9A-Za-z\\-_]{22}"
diff --git a/file/keys/square-oauth-secret.yaml b/file/keys/square-oauth-secret.yaml
index e32fa9237a..15571e71bc 100644
--- a/file/keys/square-oauth-secret.yaml
+++ b/file/keys/square-oauth-secret.yaml
@@ -4,7 +4,7 @@ info:
   name: Square OAuth Secret
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,square
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "sq0csp-[0-9A-Za-z\\-_]{43}"
\ No newline at end of file
+          - "sq0csp-[0-9A-Za-z\\-_]{43}"
diff --git a/file/keys/stripe-api-key.yaml b/file/keys/stripe-api-key.yaml
index 64fe34bfcc..d65411c71f 100644
--- a/file/keys/stripe-api-key.yaml
+++ b/file/keys/stripe-api-key.yaml
@@ -4,7 +4,7 @@ info:
   name: Stripe API Key
   author: gaurang
   severity: high
-  tags: token,file
+  tags: token,file,stripe
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
\ No newline at end of file
+          - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
diff --git a/file/keys/twitter-secret.yaml b/file/keys/twitter-secret.yaml
index 546834c131..e7052b9a1a 100644
--- a/file/keys/twitter-secret.yaml
+++ b/file/keys/twitter-secret.yaml
@@ -4,7 +4,7 @@ info:
   name: Twitter Secret
   author: gaurang
   severity: medium
-  tags: token,file
+  tags: token,file,twitter
 
 file:
   - extensions:
@@ -13,4 +13,4 @@ file:
     extractors:
       - type: regex
         regex:
-          - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
\ No newline at end of file
+          - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
diff --git a/file/logs/suspicious-sql-error-messages.yaml b/file/logs/suspicious-sql-error-messages.yaml
index b822c58af5..01ed280c22 100644
--- a/file/logs/suspicious-sql-error-messages.yaml
+++ b/file/logs/suspicious-sql-error-messages.yaml
@@ -5,7 +5,7 @@ info:
   description: Detects SQL error messages that indicate probing for an injection attack
   author: geeknik
   severity: high
-  tags: file,logs,sql
+  tags: file,logs,sql,error
 
 file:
   - extensions:
diff --git a/fuzzing/adminer-panel-fuzz.yaml b/fuzzing/adminer-panel-fuzz.yaml
index 0676457b68..3de873c020 100644
--- a/fuzzing/adminer-panel-fuzz.yaml
+++ b/fuzzing/adminer-panel-fuzz.yaml
@@ -4,7 +4,7 @@ info:
   author: random_robbie,meme-lord
   severity: info
   reference: https://blog.sorcery.ie/posts/adminer/
-  tags: fuzz,adminer
+  tags: fuzz,adminer,login
 
   # <= 4.2.4 can have unauthenticated RCE via SQLite driver
   # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL
diff --git a/fuzzing/wordpress-plugins-detect.yaml b/fuzzing/wordpress-plugins-detect.yaml
index c9f21082e4..78e62380ea 100644
--- a/fuzzing/wordpress-plugins-detect.yaml
+++ b/fuzzing/wordpress-plugins-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: WordPress Plugins Detection
   author: 0xcrypto
   severity: info
-  tags: fuzz
+  tags: fuzz,wordpress
 
 requests:
   - raw:
diff --git a/fuzzing/wordpress-themes-detect.yaml b/fuzzing/wordpress-themes-detect.yaml
index dd98af2fe3..d2f35faefe 100644
--- a/fuzzing/wordpress-themes-detect.yaml
+++ b/fuzzing/wordpress-themes-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: WordPress Theme Detection
   author: 0xcrypto
   severity: info
-  tags: fuzz
+  tags: fuzz,wordpress
 
 requests:
   - raw:
@@ -24,4 +24,4 @@ requests:
 
       - type: word
         words:
-          - "== Description =="
\ No newline at end of file
+          - "== Description =="
diff --git a/headless/dvwa-headless-automatic-login.yaml b/headless/dvwa-headless-automatic-login.yaml
index 0c508c095a..9e45496b95 100644
--- a/headless/dvwa-headless-automatic-login.yaml
+++ b/headless/dvwa-headless-automatic-login.yaml
@@ -3,7 +3,7 @@ info:
   name: DVWA Headless Automatic Login
   author: pdteam
   severity: high
-  tags: headless
+  tags: headless,dvwa
 
 headless:
   - steps:
diff --git a/iot/huawei-home-gateway.yaml b/iot/huawei-home-gateway.yaml
index fc0e0ac5c0..e3db239d8c 100644
--- a/iot/huawei-home-gateway.yaml
+++ b/iot/huawei-home-gateway.yaml
@@ -4,7 +4,7 @@ info:
   name: HUAWEI Home Gateway HG658d
   author: dhiyaneshDK
   severity: info
-  tags: iot
+  tags: iot,huawei
   metadata:
     shodan-query: 'http.title:"HUAWEI Home Gateway HG658d"'
 
diff --git a/iot/kevinlab-device-detect.yaml b/iot/kevinlab-device-detect.yaml
index dccb08d14b..d1b70a5e53 100644
--- a/iot/kevinlab-device-detect.yaml
+++ b/iot/kevinlab-device-detect.yaml
@@ -5,7 +5,7 @@ info:
   description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings by collecting and analyzing various information of energy usage and facilities as well as efficiency and indoor environment control.
   author: gy741
   severity: info
-  tags: iot
+  tags: iot,kevinlab
 
 requests:
   - method: GET
diff --git a/iot/liveview-axis-camera.yaml b/iot/liveview-axis-camera.yaml
index 0ef8d9c0b5..9d90bf0b97 100644
--- a/iot/liveview-axis-camera.yaml
+++ b/iot/liveview-axis-camera.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6843
-  tags: iot
+  tags: iot,axis,network
 
 requests:
   - method: GET
diff --git a/iot/nuuno-network-login.yaml b/iot/nuuno-network-login.yaml
index e77146c372..390da3e116 100644
--- a/iot/nuuno-network-login.yaml
+++ b/iot/nuuno-network-login.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/6840
-  tags: iot,panel
+  tags: iot,panel,network,nuuo
 
 requests:
   - method: GET
diff --git a/iot/panasonic-network-management.yaml b/iot/panasonic-network-management.yaml
index 78bdd0b49c..4f2e8124c7 100644
--- a/iot/panasonic-network-management.yaml
+++ b/iot/panasonic-network-management.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: medium
   reference: https://www.exploit-db.com/ghdb/6487
-  tags: iot,camera,panasonic
+  tags: iot,camera,panasonic,network
 
 requests:
   - method: GET
diff --git a/iot/routeros-login.yaml b/iot/routeros-login.yaml
index e2c89bee5d..44acb9ade6 100644
--- a/iot/routeros-login.yaml
+++ b/iot/routeros-login.yaml
@@ -4,7 +4,7 @@ info:
   name: RouterOS router configuration page login
   author: dhiyaneshDK
   severity: info
-  tags: panel
+  tags: panel,router
   metadata:
     shodan-query: 'http.title:"RouterOS router configuration page"'
 
diff --git a/iot/targa-camera-lfi.yaml b/iot/targa-camera-lfi.yaml
index 3a34d332ca..30d02bcb00 100644
--- a/iot/targa-camera-lfi.yaml
+++ b/iot/targa-camera-lfi.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The ANPR camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the Download Archive in Storage page using get_file.php script is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks and aid the attacker to disclose clear-text credentials resulting in authentication bypass.
   reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5616.php
-  tags: targa,lfi,iot
+  tags: targa,lfi,iot,camera,selea
 
 requests:
   - method: GET
@@ -22,4 +22,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/iot/targa-camera-ssrf.yaml b/iot/targa-camera-ssrf.yaml
index 994b19128d..3e96a4bd3a 100644
--- a/iot/targa-camera-ssrf.yaml
+++ b/iot/targa-camera-ssrf.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application.
   reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php
-  tags: targa,ssrf,oast,iot
+  tags: targa,ssrf,oast,iot,camera,selea
 
 requests:
   - raw:
diff --git a/miscellaneous/htaccess-config.yaml b/miscellaneous/htaccess-config.yaml
index b4d2026f16..b3d994711c 100644
--- a/miscellaneous/htaccess-config.yaml
+++ b/miscellaneous/htaccess-config.yaml
@@ -4,7 +4,7 @@ info:
   name: HTaccess config file
   author: Yash Anand @yashanand155
   severity: info
-  tags: misc
+  tags: misc,config
 
 requests:
   - method: GET
diff --git a/miscellaneous/microsoft-azure-error.yaml b/miscellaneous/microsoft-azure-error.yaml
index 82c46cbe75..d9503e6fbc 100644
--- a/miscellaneous/microsoft-azure-error.yaml
+++ b/miscellaneous/microsoft-azure-error.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: title:"Microsoft Azure Web App - Error 404"
-  tags: error,azure
+  tags: error,azure,microsoft
 
 requests:
   - method: GET
diff --git a/miscellaneous/moodle-changelog.yaml b/miscellaneous/moodle-changelog.yaml
index 8f73d5040e..3bb3c7e4e6 100644
--- a/miscellaneous/moodle-changelog.yaml
+++ b/miscellaneous/moodle-changelog.yaml
@@ -5,7 +5,7 @@ info:
   author: oppsec
   severity: info
   description: Moodle has a file which describes API changes in core libraries and APIs, and can be used to discover Moodle version.
-  tags: misc
+  tags: misc,moodle
 
 requests:
   - method: GET
diff --git a/miscellaneous/unpatched-coldfusion.yaml b/miscellaneous/unpatched-coldfusion.yaml
index b5999fa193..8d9c45d578 100644
--- a/miscellaneous/unpatched-coldfusion.yaml
+++ b/miscellaneous/unpatched-coldfusion.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
     - https://twitter.com/Daviey/status/1374070630283415558
-  tags: rce,adobe,misc
+  tags: rce,adobe,misc,coldfusion
 
 requests:
   - method: GET
diff --git a/misconfiguration/aem/aem-login-status.yaml b/misconfiguration/aem/aem-login-status.yaml
index d8446f7869..4dc6d773a3 100644
--- a/misconfiguration/aem/aem-login-status.yaml
+++ b/misconfiguration/aem/aem-login-status.yaml
@@ -12,6 +12,7 @@ requests:
   - method: GET
     path:
       - '{{BaseURL}}/system/sling/loginstatus.css'
+
     matchers-condition: and
     matchers:
       - type: status
@@ -20,5 +21,4 @@ requests:
 
       - type: word
         words:
-          - 'CREDENTIAL_CHALLENGE'
-        condition: and
+          - 'CREDENTIAL_CHALLENGE'
\ No newline at end of file
diff --git a/misconfiguration/aem/aem-userinfo-servlet.yaml b/misconfiguration/aem/aem-userinfo-servlet.yaml
index f20d99bbc1..01684b7d96 100644
--- a/misconfiguration/aem/aem-userinfo-servlet.yaml
+++ b/misconfiguration/aem/aem-userinfo-servlet.yaml
@@ -5,7 +5,7 @@ info:
   name: AEM  UserInfo Servlet
   severity: info
   description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
-  tags: aem
+  tags: aem,bruteforce
 
 
 requests:
diff --git a/misconfiguration/alibaba-mongoshake-unauth.yaml b/misconfiguration/alibaba-mongoshake-unauth.yaml
index 6de46b6ec7..23048a649f 100644
--- a/misconfiguration/alibaba-mongoshake-unauth.yaml
+++ b/misconfiguration/alibaba-mongoshake-unauth.yaml
@@ -4,7 +4,7 @@ info:
   name: Alibaba Mongoshake Unauth
   author: pikpikcu
   severity: info
-  tags: mongoshake,unauth
+  tags: mongoshake,unauth,alibaba
 
 requests:
   - method: GET
diff --git a/misconfiguration/apache/apache-tomcat-snoop.yaml b/misconfiguration/apache/apache-tomcat-snoop.yaml
index 850bde90c4..266c29ed79 100644
--- a/misconfiguration/apache/apache-tomcat-snoop.yaml
+++ b/misconfiguration/apache/apache-tomcat-snoop.yaml
@@ -6,7 +6,7 @@ info:
   severity: low
   description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
   reference: https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
-  tags: apache,misconfig,tomcat
+  tags: apache,misconfig,tomcat,disclosure
 
 requests:
   - method: GET
@@ -21,4 +21,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/misconfiguration/apc-info.yaml b/misconfiguration/apc-info.yaml
index b972ed5961..740673ab68 100644
--- a/misconfiguration/apc-info.yaml
+++ b/misconfiguration/apc-info.yaml
@@ -4,7 +4,7 @@ info:
   name: APCu service information leakage
   author: koti2
   severity: low
-  tags: config
+  tags: config,service
 
 requests:
   - method: GET
diff --git a/misconfiguration/aws-object-listing.yaml b/misconfiguration/aws-object-listing.yaml
index 8abf4a92aa..2748d21094 100644
--- a/misconfiguration/aws-object-listing.yaml
+++ b/misconfiguration/aws-object-listing.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: low
   reference: https://mikey96.medium.com/cloud-based-storage-misconfigurations-critical-bounties-361647f78a29
-  tags: aws,misconfig
+  tags: aws,misconfig,bucket
 
 requests:
   - method: GET
diff --git a/misconfiguration/aws-redirect.yaml b/misconfiguration/aws-redirect.yaml
index 010dbbfeca..1826635a49 100644
--- a/misconfiguration/aws-redirect.yaml
+++ b/misconfiguration/aws-redirect.yaml
@@ -5,7 +5,7 @@ info:
   author: manikanta a.k.a @secureitmania
   severity: info
   reference: https://link.medium.com/fgXKJHR9P7
-  tags: aws
+  tags: aws,takeover
 
 requests:
   - method: GET
diff --git a/misconfiguration/elasticsearch.yaml b/misconfiguration/elasticsearch.yaml
index b2fc04965a..2608b2425f 100644
--- a/misconfiguration/elasticsearch.yaml
+++ b/misconfiguration/elasticsearch.yaml
@@ -4,7 +4,7 @@ info:
   name: ElasticSearch Information Disclosure
   author: Shine
   severity: low
-  tags: elastic,unauth
+  tags: elastic,unauth,elasticsearch
 
 requests:
   - method: GET
diff --git a/misconfiguration/exposed-kafdrop.yaml b/misconfiguration/exposed-kafdrop.yaml
index 09d0bbd351..e343af08ee 100644
--- a/misconfiguration/exposed-kafdrop.yaml
+++ b/misconfiguration/exposed-kafdrop.yaml
@@ -4,7 +4,7 @@ info:
   name: Publicly exposed Kafdrop Interface
   author: dhiyaneshDk
   severity: low
-  tags: exposure,misconfig
+  tags: exposure,misconfig,kafdrop
 
 requests:
   - method: GET
diff --git a/misconfiguration/gitlab/gitlab-api-user-enum.yaml b/misconfiguration/gitlab/gitlab-api-user-enum.yaml
index 493f36650f..1bf2ce6c8d 100644
--- a/misconfiguration/gitlab/gitlab-api-user-enum.yaml
+++ b/misconfiguration/gitlab/gitlab-api-user-enum.yaml
@@ -5,7 +5,7 @@ info:
   name: GitLab - User Information Disclosure Via Open API
   severity: medium
   reference: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158
-  tags: gitlab,enum,misconfig
+  tags: gitlab,enum,misconfig,disclosure
 
 requests:
   - raw:
diff --git a/misconfiguration/ibm-friendly-path-exposure.yaml b/misconfiguration/ibm-friendly-path-exposure.yaml
index 201e84d9dd..8d7d30f27c 100644
--- a/misconfiguration/ibm-friendly-path-exposure.yaml
+++ b/misconfiguration/ibm-friendly-path-exposure.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: Finds friendly path exposed that can be used to access signup page and create new user accounts.
   reference: https://clarkvoss.medium.com/how-to-harpon-big-blue-c163722638d8
-  tags: ibm,exposure
+  tags: ibm,exposure,websphere
 
 requests:
   - method: GET
@@ -33,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/misconfiguration/jkstatus-manager.yaml b/misconfiguration/jkstatus-manager.yaml
index 8b01538324..d5d0a1d1f3 100644
--- a/misconfiguration/jkstatus-manager.yaml
+++ b/misconfiguration/jkstatus-manager.yaml
@@ -4,7 +4,7 @@ info:
   name: JK Status Manager
   author: pdteam
   severity: low
-  tags: config
+  tags: config,status
 
 requests:
   - method: GET
diff --git a/misconfiguration/kubernetes/kubernetes-metrics.yaml b/misconfiguration/kubernetes/kubernetes-metrics.yaml
index ff9910a0cd..096c816296 100644
--- a/misconfiguration/kubernetes/kubernetes-metrics.yaml
+++ b/misconfiguration/kubernetes/kubernetes-metrics.yaml
@@ -1,29 +1,29 @@
-id: kubernetes-metrics
-
-info:
-  name: Detect Kubernetes Exposed Metrics
-  author: pussycat0x
-  severity: low
-  description: Information Disclosure of Garbage Collection
-  tags: kubernetes,exposure,devops
-  reference: https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#metrics-in-kubernetes
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/metrics"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        condition: and
-        words:
-          - "namespace"
-          - "HELP"
-          - "TYPE"
-          - "kube"
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: kubernetes-metrics
+
+info:
+  name: Detect Kubernetes Exposed Metrics
+  author: pussycat0x
+  severity: low
+  description: Information Disclosure of Garbage Collection
+  tags: kubernetes,exposure,devops
+  reference: https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#metrics-in-kubernetes
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/metrics"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        condition: and
+        words:
+          - "namespace"
+          - "HELP"
+          - "TYPE"
+          - "kube"
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/kubernetes/kubernetes-resource-report.yaml b/misconfiguration/kubernetes/kubernetes-resource-report.yaml
index 64c518fa31..7a56d78b5a 100644
--- a/misconfiguration/kubernetes/kubernetes-resource-report.yaml
+++ b/misconfiguration/kubernetes/kubernetes-resource-report.yaml
@@ -1,24 +1,24 @@
-id: kubernetes-resource-report
-
-info:
-  name: Detect Overview Kubernetes Resource Report
-  author: pussycat0x
-  severity: medium
-  description: Information Disclosure of Kubernetes Resource Report
-  tags: kubernetes,exposure
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "Overview - Kubernetes Resource Report"
-
-      - type: status
-        status:
-          - 200
+id: kubernetes-resource-report
+
+info:
+  name: Detect Overview Kubernetes Resource Report
+  author: pussycat0x
+  severity: medium
+  description: Information Disclosure of Kubernetes Resource Report
+  tags: kubernetes,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Overview - Kubernetes Resource Report"
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/mikrotik-graph.yaml b/misconfiguration/mikrotik-graph.yaml
index c1502e4f0e..96749e5b58 100644
--- a/misconfiguration/mikrotik-graph.yaml
+++ b/misconfiguration/mikrotik-graph.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: low
   reference: https://www.exploit-db.com/ghdb/4395
-  tags: unauth
+  tags: unauth,router
 
 requests:
   - method: GET
diff --git a/misconfiguration/nginx/nginx-status.yaml b/misconfiguration/nginx/nginx-status.yaml
index b0294e7dc1..82de95e870 100644
--- a/misconfiguration/nginx/nginx-status.yaml
+++ b/misconfiguration/nginx/nginx-status.yaml
@@ -4,7 +4,7 @@ info:
   name: Nginx Status Page
   author: dhiyaneshDK
   severity: info
-  tags: misconfig,nginx
+  tags: misconfig,nginx,status
 
 requests:
   - method: GET
diff --git a/misconfiguration/node-exporter-metrics.yaml b/misconfiguration/node-exporter-metrics.yaml
index b5242c50c6..ca788abbe5 100644
--- a/misconfiguration/node-exporter-metrics.yaml
+++ b/misconfiguration/node-exporter-metrics.yaml
@@ -1,26 +1,26 @@
-id: node-exporter-metrics
-
-info:
-  name: Detect Node Exporter Metrics
-  author: pussycat0x
-  severity: low
-  description: Information Disclosure of Garbage Collection
-  tags: node,exposure,debug
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/metrics"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "node_cooling_device"
-          - "node_network"
-        condition: and
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: node-exporter-metrics
+
+info:
+  name: Detect Node Exporter Metrics
+  author: pussycat0x
+  severity: low
+  description: Information Disclosure of Garbage Collection
+  tags: node,exposure,debug
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/metrics"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "node_cooling_device"
+          - "node_network"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/prometheus/prometheus-config.yaml b/misconfiguration/prometheus/prometheus-config.yaml
index 0b250ef884..7b800533de 100644
--- a/misconfiguration/prometheus/prometheus-config.yaml
+++ b/misconfiguration/prometheus/prometheus-config.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  tags: prometheus
+  tags: prometheus,config
 
 requests:
   - method: GET
@@ -29,4 +29,4 @@ requests:
       - type: word
         part: header
         words:
-          - 'application/json'
\ No newline at end of file
+          - 'application/json'
diff --git a/misconfiguration/prometheus/prometheus-flags.yaml b/misconfiguration/prometheus/prometheus-flags.yaml
index 7509fae967..c0b22379c8 100644
--- a/misconfiguration/prometheus/prometheus-flags.yaml
+++ b/misconfiguration/prometheus/prometheus-flags.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  tags: prometheus
+  tags: prometheus,leak
 
 requests:
   - method: GET
diff --git a/misconfiguration/python-metrics.yaml b/misconfiguration/python-metrics.yaml
index 593b019435..0d03d3cfff 100644
--- a/misconfiguration/python-metrics.yaml
+++ b/misconfiguration/python-metrics.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: low
   description: Information Disclosure of Garbage Collection
-  tags: exposure,devops
+  tags: exposure,devops,python
   reference:
     - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22
     - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c
@@ -19,10 +19,10 @@ requests:
     matchers:
       - type: word
         part: body
-        condition: and
         words:
           - "python_gc_objects_collected_total"
           - "python_info"
+        condition: and
 
       - type: status
         status:
diff --git a/misconfiguration/salesforce-aura.yaml b/misconfiguration/salesforce-aura.yaml
index 1edfc43a87..9d84bf4f6e 100644
--- a/misconfiguration/salesforce-aura.yaml
+++ b/misconfiguration/salesforce-aura.yaml
@@ -5,7 +5,7 @@ info:
   author: aaron_costello (@ConspiracyProof)
   severity: info
   reference: https://www.enumerated.de/index/salesforce
-  tags: aura,unauth,salesforce
+  tags: aura,unauth,salesforce,exposure
 
 requests:
   - method: POST
@@ -18,6 +18,6 @@ requests:
 
     matchers:
       - type: word
+        part: body
         words:
           - 'aura:invalidSession'
-        part: body
diff --git a/misconfiguration/server-status-localhost.yaml b/misconfiguration/server-status-localhost.yaml
index 38755bb670..4901410a09 100644
--- a/misconfiguration/server-status-localhost.yaml
+++ b/misconfiguration/server-status-localhost.yaml
@@ -20,8 +20,10 @@ requests:
       X-Remote-Addr: "127.0.0.1"
       X-Remote-IP: "127.0.0.1"
       X-True-IP: "127.0.0.1"
+
     path:
       - "{{BaseURL}}/server-status"
+
     matchers:
       - type: word
         words:
diff --git a/misconfiguration/service-pwd.yaml b/misconfiguration/service-pwd.yaml
index 1c8daf5b8a..f42c28b6b7 100644
--- a/misconfiguration/service-pwd.yaml
+++ b/misconfiguration/service-pwd.yaml
@@ -1,24 +1,24 @@
-id: service-pwd
-info:
-  name: Service password file
-  author: pussycat0x
-  severity: high
-  description: Searches for sensitive service.pwd file.
-  reference: https://www.exploit-db.com/ghdb/7256
-  tags: exposure,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/_vti_pvt/service.pwd"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "# -FrontPage-"
-        part: body
-
-      - type: status
-        status:
-          - 200
+id: service-pwd
+info:
+  name: Service password file
+  author: pussycat0x
+  severity: high
+  description: Searches for sensitive service.pwd file.
+  reference: https://www.exploit-db.com/ghdb/7256
+  tags: exposure,listing,service
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/_vti_pvt/service.pwd"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "# -FrontPage-"
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/springboot/springboot-autoconfig.yaml b/misconfiguration/springboot/springboot-autoconfig.yaml
index 36a1d8f251..e120711b1e 100644
--- a/misconfiguration/springboot/springboot-autoconfig.yaml
+++ b/misconfiguration/springboot/springboot-autoconfig.yaml
@@ -1,28 +1,28 @@
-id: springboot-autoconfig
-
-info:
-  name: Detect Springboot autoconfig Actuator
-  author: pussycat0x
-  severity: low
-  description: Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied.
-  tags: springboot,exposure
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/autoconfig"
-      - "{{BaseURL}}/actuator/autoconfig"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "positiveMatches"
-          - "AuditAutoConfiguration#auditListener"
-          - "EndpointAutoConfiguration#beansEndpoint"
-        condition: and
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: springboot-autoconfig
+
+info:
+  name: Detect Springboot autoconfig Actuator
+  author: pussycat0x
+  severity: low
+  description: Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied.
+  tags: springboot,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/autoconfig"
+      - "{{BaseURL}}/actuator/autoconfig"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "positiveMatches"
+          - "AuditAutoConfiguration#auditListener"
+          - "EndpointAutoConfiguration#beansEndpoint"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/springboot/springboot-dump.yaml b/misconfiguration/springboot/springboot-dump.yaml
index 5f9cbb3fb3..a4d6571c3d 100644
--- a/misconfiguration/springboot/springboot-dump.yaml
+++ b/misconfiguration/springboot/springboot-dump.yaml
@@ -1,31 +1,31 @@
-id: springboot-dump
-
-info:
-  name: Detect Springboot Dump Actuator
-  author: pussycat0x
-  severity: low
-  description: Performs a thread dump
-  tags: springboot,exposure
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/dump"
-      - "{{BaseURL}}/actuator/dump"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "threadName"
-          - "threadId"
-          - "waitedTime"
-          - "lockName"
-          - "stackTrace"
-          - "methodName"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: springboot-dump
+
+info:
+  name: Detect Springboot Dump Actuator
+  author: pussycat0x
+  severity: low
+  description: Performs a thread dump
+  tags: springboot,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/dump"
+      - "{{BaseURL}}/actuator/dump"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "threadName"
+          - "threadId"
+          - "waitedTime"
+          - "lockName"
+          - "stackTrace"
+          - "methodName"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/springboot/springboot-health.yaml b/misconfiguration/springboot/springboot-health.yaml
index dbae2cba79..42339354c4 100644
--- a/misconfiguration/springboot/springboot-health.yaml
+++ b/misconfiguration/springboot/springboot-health.yaml
@@ -1,28 +1,28 @@
-id: springboot-health
-
-info:
-  name: Detect Springboot Health Actuator
-  author: pussycat0x
-  severity: info
-  description: Additional routes may be displayed
-  tags: springboot,exposure
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/health"
-      - "{{BaseURL}}/actuator/health"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"status"'
-          - '"diskSpace"'
-          - '"jms"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: springboot-health
+
+info:
+  name: Detect Springboot Health Actuator
+  author: pussycat0x
+  severity: info
+  description: Additional routes may be displayed
+  tags: springboot,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/health"
+      - "{{BaseURL}}/actuator/health"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"status"'
+          - '"diskSpace"'
+          - '"jms"'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/springboot/springboot-loggers.yaml b/misconfiguration/springboot/springboot-loggers.yaml
index fb001dfd39..15abdb57f7 100644
--- a/misconfiguration/springboot/springboot-loggers.yaml
+++ b/misconfiguration/springboot/springboot-loggers.yaml
@@ -31,4 +31,4 @@ requests:
           - "application/vnd.spring-boot.actuator"
           - "application/vnd.spring-boot.actuator.v1+json"
         condition: or
-        part: header
\ No newline at end of file
+        part: header
diff --git a/misconfiguration/springboot/springboot-metrics.yaml b/misconfiguration/springboot/springboot-metrics.yaml
index 775e89ff38..7c2b07e57d 100644
--- a/misconfiguration/springboot/springboot-metrics.yaml
+++ b/misconfiguration/springboot/springboot-metrics.yaml
@@ -1,32 +1,32 @@
-id: springboot-metrics
-
-info:
-  name: Detect Springboot metrics Actuator
-  author: pussycat0x
-  severity: low
-  description: Additional routes may be displayed
-  tags: springboot,exposure
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/metrics"
-      - "{{BaseURL}}/actuator/metrics"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "mem"
-          - "mem.free"
-          - "processors"
-          - "instance.uptime"
-          - "systemload.average"
-          - "nonheap.init"
-          - "heap.committed"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: springboot-metrics
+
+info:
+  name: Detect Springboot metrics Actuator
+  author: pussycat0x
+  severity: low
+  description: Additional routes may be displayed
+  tags: springboot,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/metrics"
+      - "{{BaseURL}}/actuator/metrics"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mem"
+          - "mem.free"
+          - "processors"
+          - "instance.uptime"
+          - "systemload.average"
+          - "nonheap.init"
+          - "heap.committed"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/ssrf-via-oauth-misconfig.yaml b/misconfiguration/ssrf-via-oauth-misconfig.yaml
index d9b4e75556..9c9bec669a 100644
--- a/misconfiguration/ssrf-via-oauth-misconfig.yaml
+++ b/misconfiguration/ssrf-via-oauth-misconfig.yaml
@@ -5,7 +5,7 @@ info:
   author: KabirSuda
   severity: medium
   description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.
-  tags: misconfig,oast,oauth
+  tags: misconfig,oast,oauth,ssrf
   reference: https://portswigger.net/research/hidden-oauth-attack-vectors
 
 requests:
@@ -30,4 +30,4 @@ requests:
       - type: word
         part: interactsh_protocol  # Confirms the DNS Interaction
         words:
-          - "dns"
\ No newline at end of file
+          - "dns"
diff --git a/misconfiguration/tcpconfig.yaml b/misconfiguration/tcpconfig.yaml
index 283f9b86d7..02f917dbd0 100644
--- a/misconfiguration/tcpconfig.yaml
+++ b/misconfiguration/tcpconfig.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: low
   reference: https://www.exploit-db.com/ghdb/6782
-  tags: logs
+  tags: logs,config
 
 requests:
   - method: GET
diff --git a/misconfiguration/unauthenticated-glances.yaml b/misconfiguration/unauthenticated-glances.yaml
index b486511351..724ad7d951 100644
--- a/misconfiguration/unauthenticated-glances.yaml
+++ b/misconfiguration/unauthenticated-glances.yaml
@@ -6,7 +6,7 @@ info:
   severity: low
   description: Glance running web server mode & Unauthenticated leads system monitoring to info disclosure
   reference: https://glances.readthedocs.io/en/latest/quickstart.html#how-to-protect-your-server-or-web-server-with-a-login-password
-  tags: exposure
+  tags: exposure,glances
 
 requests:
   - method: GET
@@ -22,4 +22,4 @@ requests:
       - type: word
         part: body
         words:
-          - "<title>Monitor</title>"
\ No newline at end of file
+          - "<title>Monitor</title>"
diff --git a/misconfiguration/unauthenticated-prtg.yaml b/misconfiguration/unauthenticated-prtg.yaml
index 27baca82ab..bff255809d 100644
--- a/misconfiguration/unauthenticated-prtg.yaml
+++ b/misconfiguration/unauthenticated-prtg.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: high
   reference: https://www.exploit-db.com/ghdb/5808
-  tags: config,unauth
+  tags: config,unauth,prtg
 
 requests:
   - method: GET
diff --git a/misconfiguration/ups-status.yaml b/misconfiguration/ups-status.yaml
index b1906a58a0..481f53a7e8 100644
--- a/misconfiguration/ups-status.yaml
+++ b/misconfiguration/ups-status.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: low
   reference: https://www.exploit-db.com/ghdb/752
-  tags: logs
+  tags: logs,status
 
 requests:
   - method: GET
diff --git a/misconfiguration/viewpoint-system-status.yaml b/misconfiguration/viewpoint-system-status.yaml
index 326fa9876c..007c42145f 100644
--- a/misconfiguration/viewpoint-system-status.yaml
+++ b/misconfiguration/viewpoint-system-status.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: low
   reference: https://www.shodan.io/search?query=http.title%3A%22ViewPoint+System+Status%22
-  tags: status,exposures
+  tags: status,exposures,viewpoint
 
 requests:
   - method: GET
diff --git a/misconfiguration/wamp-xdebug-detect.yaml b/misconfiguration/wamp-xdebug-detect.yaml
index ba4a42756b..ac6f7803d5 100644
--- a/misconfiguration/wamp-xdebug-detect.yaml
+++ b/misconfiguration/wamp-xdebug-detect.yaml
@@ -5,7 +5,7 @@ info:
   author: e_schultze_
   severity: info
   reference: https://github.com/random-robbie/My-Shodan-Scripts/blob/1b01bceecc9be0b74b202f445874920eee48bba5/wamp-xdebug/wamp-xdebug.py
-  tags: debug,config
+  tags: debug,config,wamp
 
 requests:
   - method: GET
diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
index 381ada1c40..f22b0e015f 100644
--- a/misconfiguration/wildcard-postmessage.yaml
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: info
   reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
-  tags: xss
+  tags: xss,postmessage
 
 requests:
   - method: GET
diff --git a/misconfiguration/zhiyuan-oa-unauthorized.yaml b/misconfiguration/zhiyuan-oa-unauthorized.yaml
index ae4c64a660..77c78b3896 100644
--- a/misconfiguration/zhiyuan-oa-unauthorized.yaml
+++ b/misconfiguration/zhiyuan-oa-unauthorized.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: low
   reference: https://buaq.net/go-53721.html
-  tags: seeyon,unauth
+  tags: seeyon,unauth,zhiyuan
 
 requests:
   - method: GET
diff --git a/network/clickhouse-unauth.yaml b/network/clickhouse-unauth.yaml
index fe5531d2b7..33665dc9a2 100644
--- a/network/clickhouse-unauth.yaml
+++ b/network/clickhouse-unauth.yaml
@@ -4,7 +4,7 @@ info:
   name: Unauth ClickHouse Disclosure
   author: lu4nx
   severity: high
-  tags: network,clickhouse
+  tags: network,clickhouse,unauth
 
 network:
   - inputs:
diff --git a/network/detect-addpac-voip-gateway.yaml b/network/detect-addpac-voip-gateway.yaml
index 046a2ee37e..92c4cac357 100644
--- a/network/detect-addpac-voip-gateway.yaml
+++ b/network/detect-addpac-voip-gateway.yaml
@@ -5,7 +5,7 @@ info:
   reference: http://www.addpac.com/addpac_eng2/down.php?file=505_f16.pdf
   author: geeknik
   severity: info
-  tags: network,addpac,apos
+  tags: network,addpac,apos,voip
 
 network:
   - inputs:
diff --git a/network/detect-jabber-xmpp.yaml b/network/detect-jabber-xmpp.yaml
index a2492d1715..d1a6d4b20e 100644
--- a/network/detect-jabber-xmpp.yaml
+++ b/network/detect-jabber-xmpp.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Jabber is the original name of the Extensible Messaging and Presence Protocol (XMPP), the open technology for instant messaging and presence.
   reference: https://datatracker.ietf.org/doc/html/rfc6120
-  tags: network,jabber,xmpp
+  tags: network,jabber,xmpp,messaging
 
 network:
   - inputs:
diff --git a/network/exposed-adb.yaml b/network/exposed-adb.yaml
index f22afd96b4..077647eb7e 100644
--- a/network/exposed-adb.yaml
+++ b/network/exposed-adb.yaml
@@ -4,7 +4,7 @@ info:
   name: Exposed Android Debug Bridge
   author: pdteam,pikpikcu
   severity: critical
-  tags: network,adb,rce
+  tags: network,adb,rce,android
   reference: https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
 
 network:
diff --git a/network/exposed-redis.yaml b/network/exposed-redis.yaml
index 97e2ee11d5..0ac159a452 100644
--- a/network/exposed-redis.yaml
+++ b/network/exposed-redis.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: high
   reference: https://redis.io/topics/security
-  tags: network,redis
+  tags: network,redis,unauth
 
 network:
   - inputs:
@@ -24,4 +24,4 @@ network:
       - type: word
         negative: true
         words:
-          - "redis_mode:sentinel"
\ No newline at end of file
+          - "redis_mode:sentinel"
diff --git a/network/exposed-zookeeper.yaml b/network/exposed-zookeeper.yaml
index e06d9aac78..273fe05f9b 100644
--- a/network/exposed-zookeeper.yaml
+++ b/network/exposed-zookeeper.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: high
   reference: https://zookeeper.apache.org/security.html
-  tags: network,zookeeper
+  tags: network,zookeeper,unauth
 
 network:
   - inputs:
@@ -19,4 +19,4 @@ network:
     matchers:
       - type: word
         words:
-          - "zookeeper.version"
\ No newline at end of file
+          - "zookeeper.version"
diff --git a/network/ftp-default-credentials.yaml b/network/ftp-default-credentials.yaml
index b8b7460d62..b8c8a5c1aa 100644
--- a/network/ftp-default-credentials.yaml
+++ b/network/ftp-default-credentials.yaml
@@ -4,7 +4,7 @@ info:
   name: FTP Service with anonymous Login
   author: pussycat0x
   severity: info
-  tags: network,ftp,default-login
+  tags: network,ftp,default-login,service
 
 network:
 
@@ -19,4 +19,4 @@ network:
         words:
           - "230"
           - "Anonymous user logged in"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/network/ftp-weak-credentials.yaml b/network/ftp-weak-credentials.yaml
index dd1b457eb8..ce70f887e5 100644
--- a/network/ftp-weak-credentials.yaml
+++ b/network/ftp-weak-credentials.yaml
@@ -1,35 +1,35 @@
-id: ftp-weak-credentials
-
-info:
-  name: FTP Service with weak credentials
-  author: pussycat0x
-  severity: critical
-  tags: network,ftp,default-login
-
-network:
-
-  - inputs:
-      - data: "USER {{username}}\r\nPASS {{password}}\r\n"
-
-    host:
-      - "{{Hostname}}:21"
-      - "{{Host}}"
-
-    attack: clusterbomb
-    payloads:
-      username:
-        - admin
-        - root
-      password:
-        - password
-        - toor
-        - nas
-        - guest
-        - default
-        - pass1
-        - stingray
-
-    matchers:
-      - type: word
-        words:
-          - "230 Login successful"
+id: ftp-weak-credentials
+
+info:
+  name: FTP Service with weak credentials
+  author: pussycat0x
+  severity: critical
+  tags: network,ftp,default-login,service
+
+network:
+
+  - inputs:
+      - data: "USER {{username}}\r\nPASS {{password}}\r\n"
+
+    host:
+      - "{{Hostname}}:21"
+      - "{{Host}}"
+
+    attack: clusterbomb
+    payloads:
+      username:
+        - admin
+        - root
+      password:
+        - password
+        - toor
+        - nas
+        - guest
+        - default
+        - pass1
+        - stingray
+
+    matchers:
+      - type: word
+        words:
+          - "230 Login successful"
diff --git a/network/iplanet-imap-detect.yaml b/network/iplanet-imap-detect.yaml
index 8762652b37..a2e6c12667 100644
--- a/network/iplanet-imap-detect.yaml
+++ b/network/iplanet-imap-detect.yaml
@@ -1,27 +1,27 @@
-id: iplanet-imap-detect
-
-info:
-  name: iplanet messaging imap protocol
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-query: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"'
-  tags: network,imap
-
-network:
-  - inputs:
-      - data: "\n"
-    host:
-      - "{{Hostname}}"
-      - "{{Host}}:110"
-
-    matchers:
-      - type: word
-        words:
-          - "iPlanet Messaging Server"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "iPlanet Messaging Server ([0-9.]+)"
+id: iplanet-imap-detect
+
+info:
+  name: iplanet messaging imap protocol
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-query: 'app="iPlanet-Messaging-Server-5.2" && protocol="imap"'
+  tags: network,imap
+
+network:
+  - inputs:
+      - data: "\n"
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:110"
+
+    matchers:
+      - type: word
+        words:
+          - "iPlanet Messaging Server"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "iPlanet Messaging Server ([0-9.]+)"
diff --git a/network/java-rmi-detect.yaml b/network/java-rmi-detect.yaml
index 07437783bb..798a559d01 100644
--- a/network/java-rmi-detect.yaml
+++ b/network/java-rmi-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Detect Java RMI Protocol
   author: F1tz
   severity: info
-  tags: network,rmi
+  tags: network,rmi,java
 
 network:
   - inputs:
@@ -18,4 +18,4 @@ network:
       - type: regex
         part: raw
         regex:
-          - "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"
\ No newline at end of file
+          - "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"
diff --git a/network/mongodb-unauth.yaml b/network/mongodb-unauth.yaml
index 8aa84c1d0a..904fcb4355 100644
--- a/network/mongodb-unauth.yaml
+++ b/network/mongodb-unauth.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: high
   reference: https://github.com/orleven/Tentacle
-  tags: network,mongodb
+  tags: network,mongodb,unauth
 
 network:
   - inputs:
@@ -19,4 +19,4 @@ network:
     matchers:
       - type: word
         words:
-          - "totalLinesWritten"
\ No newline at end of file
+          - "totalLinesWritten"
diff --git a/network/printers-info-leak.yaml b/network/printers-info-leak.yaml
index 3b98af129b..0bb66aeaef 100644
--- a/network/printers-info-leak.yaml
+++ b/network/printers-info-leak.yaml
@@ -1,19 +1,19 @@
-id: printers-info-leak
-
-info:
-  name: Unauthorized Printer Access
-  author: pussycat0x
-  severity: info
-  tags: network,iot
-  reference: https://book.hacktricks.xyz/pentesting/9100-pjl
-network:
-  - inputs:
-      - data: "@PJL INFO STATUS\n"
-    host:
-      - "{{Host}}:9100"
-    matchers:
-      - type: word
-        words:
-          - "CODE="
-          - "PJL INFO STATUS"
-        condition: and
+id: printers-info-leak
+
+info:
+  name: Unauthorized Printer Access
+  author: pussycat0x
+  severity: info
+  tags: network,iot,printer
+  reference: https://book.hacktricks.xyz/pentesting/9100-pjl
+network:
+  - inputs:
+      - data: "@PJL INFO STATUS\n"
+    host:
+      - "{{Host}}:9100"
+    matchers:
+      - type: word
+        words:
+          - "CODE="
+          - "PJL INFO STATUS"
+        condition: and
diff --git a/network/tidb-unauth.yaml b/network/tidb-unauth.yaml
index 19374b668c..b12e481689 100644
--- a/network/tidb-unauth.yaml
+++ b/network/tidb-unauth.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   metadata:
     zoomeye-dork: tidb +port:"4000"
-  tags: network,tidb
+  tags: network,tidb,unauth
 
 network:
   - inputs:
diff --git a/network/vnc-detect.yaml b/network/vnc-detect.yaml
index 8f747a471a..b1fcdb2029 100644
--- a/network/vnc-detect.yaml
+++ b/network/vnc-detect.yaml
@@ -1,24 +1,24 @@
-id: vnc-service-detection
-info:
-  name: VNC Service Detection
-  author: pussycat0x
-  severity: info
-  tags: network,vnc
-  description: VNC service detection
-network:
-  - inputs:
-      - data: "\r\n"
-    host:
-      - "{{Host}}:5900"
-      - "{{Hostname}}"
-
-    matchers:
-      - type: word
-        words:
-          - "RFB"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "RFB ([0-9.]+)"
+id: vnc-service-detection
+info:
+  name: VNC Service Detection
+  author: pussycat0x
+  severity: info
+  tags: network,vnc,service
+  description: VNC service detection
+network:
+  - inputs:
+      - data: "\r\n"
+    host:
+      - "{{Host}}:5900"
+      - "{{Hostname}}"
+
+    matchers:
+      - type: word
+        words:
+          - "RFB"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "RFB ([0-9.]+)"
diff --git a/network/vsftpd-detection.yaml b/network/vsftpd-detection.yaml
index 542af6907f..8d91e01b1e 100644
--- a/network/vsftpd-detection.yaml
+++ b/network/vsftpd-detection.yaml
@@ -1,21 +1,21 @@
-id: vsftpd-detection
-
-info:
-  name: VSFTPD v2.3.4 Backdoor Command Execution
-  author: pussycat0x
-  severity: critical
-  tags: network,vsftpd,ftp
-  reference: https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
-
-network:
-  - inputs:
-      - data: "USER anonymous\r\nPASS pussycat0x\r\n"
-
-    host:
-      - "{{Host}}:21"
-      - "{{Hostname}}"
-
-    matchers:
-      - type: word
-        words:
-          - "vsFTPd 2.3.4"
\ No newline at end of file
+id: vsftpd-detection
+
+info:
+  name: VSFTPD v2.3.4 Backdoor Command Execution
+  author: pussycat0x
+  severity: critical
+  tags: network,vsftpd,ftp,backdoor
+  reference: https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
+
+network:
+  - inputs:
+      - data: "USER anonymous\r\nPASS pussycat0x\r\n"
+
+    host:
+      - "{{Host}}:21"
+      - "{{Hostname}}"
+
+    matchers:
+      - type: word
+        words:
+          - "vsFTPd 2.3.4"
diff --git a/network/weblogic-iiop-detect.yaml b/network/weblogic-iiop-detect.yaml
index a451249992..1aae2ded85 100644
--- a/network/weblogic-iiop-detect.yaml
+++ b/network/weblogic-iiop-detect.yaml
@@ -21,4 +21,4 @@ network:
         words:
           - "GIOP"
           - "weblogic"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/takeovers/aws-bucket-takeover.yaml b/takeovers/aws-bucket-takeover.yaml
index c2836b743f..786b470805 100644
--- a/takeovers/aws-bucket-takeover.yaml
+++ b/takeovers/aws-bucket-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: AWS Bucket Takeover Detection
   author: pdteam
   severity: high
-  tags: takeover,aws
+  tags: takeover,aws,bucket
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -21,4 +21,4 @@ requests:
       - type: dsl
         dsl:
           - contains(tolower(all_headers), 'x-guploader-uploadid')
-        negative: true
\ No newline at end of file
+        negative: true
diff --git a/takeovers/ghost-takeover.yaml b/takeovers/ghost-takeover.yaml
index cfc804c35b..ab896ce382 100644
--- a/takeovers/ghost-takeover.yaml
+++ b/takeovers/ghost-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: ghost takeover detection
   author: pdteam
   severity: high
-  tags: takeover
+  tags: takeover,ghost
   reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/89
 
 requests:
@@ -21,4 +21,4 @@ requests:
 
       - type: status
         status:
-          - 302
\ No newline at end of file
+          - 302
diff --git a/takeovers/github-takeover.yaml b/takeovers/github-takeover.yaml
index 50b1196a48..f4337a06db 100644
--- a/takeovers/github-takeover.yaml
+++ b/takeovers/github-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: github takeover detection
   author: pdteam
   severity: high
-  tags: takeover
+  tags: takeover,github
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
diff --git a/takeovers/heroku-takeover.yaml b/takeovers/heroku-takeover.yaml
index a6e03e96ac..c7134f9799 100644
--- a/takeovers/heroku-takeover.yaml
+++ b/takeovers/heroku-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: heroku takeover detection
   author: 0xPrial,pdteam
   severity: high
-  tags: takeover
+  tags: takeover,heroku
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -17,4 +17,4 @@ requests:
         words:
           - "herokucdn.com/error-pages/no-such-app.html"
           - "<title>No such app</title>"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/takeovers/hubspot-takeover.yaml b/takeovers/hubspot-takeover.yaml
index 38d6b33e7e..79897ddbcf 100644
--- a/takeovers/hubspot-takeover.yaml
+++ b/takeovers/hubspot-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: hubspot takeover detection
   author: pdteam
   severity: high
-  tags: takeover
+  tags: takeover,hubspot
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -17,4 +17,4 @@ requests:
         words:
           - "Domain not found"
           - "does not exist in our system"
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/takeovers/intercom-takeover.yaml b/takeovers/intercom-takeover.yaml
index 50850fce2b..0aa3d2ebf7 100644
--- a/takeovers/intercom-takeover.yaml
+++ b/takeovers/intercom-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: intercom takeover detection
   author: pdteam
   severity: high
-  tags: takeover
+  tags: takeover,intercom
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -17,4 +17,4 @@ requests:
         words:
           - 'This page is reserved for artistic dogs.'
           - '<h1 class="headline">Uh oh. That page doesn’t exist.</h1>'
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/takeovers/jetbrains-takeover.yaml b/takeovers/jetbrains-takeover.yaml
index 69d29867dd..b5a0a96679 100644
--- a/takeovers/jetbrains-takeover.yaml
+++ b/takeovers/jetbrains-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: jetbrains takeover detection
   author: pdteam
   severity: high
-  tags: takeover
+  tags: takeover,jetbrains
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -14,4 +14,4 @@ requests:
     matchers:
       - type: word
         words:
-          - is not a registered InCloud YouTrack.
\ No newline at end of file
+          - is not a registered InCloud YouTrack.
diff --git a/takeovers/netlify-takeover.yaml b/takeovers/netlify-takeover.yaml
index 58c0306995..88ca3d67ac 100644
--- a/takeovers/netlify-takeover.yaml
+++ b/takeovers/netlify-takeover.yaml
@@ -4,7 +4,7 @@ info:
   name: netlify takeover detection
   author: 0xPrial,pdteam
   severity: high
-  tags: takeover
+  tags: takeover,netlify
   reference: https://github.com/EdOverflow/can-i-take-over-xyz
 
 requests:
@@ -21,4 +21,4 @@ requests:
       - type: word
         words:
           - "Netlify"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/technologies/abyss-web-server.yaml b/technologies/abyss-web-server.yaml
index 334f49e123..f81bbd8e12 100644
--- a/technologies/abyss-web-server.yaml
+++ b/technologies/abyss-web-server.yaml
@@ -1,25 +1,25 @@
-id: abyss-web-server
-
-info:
-  name: Detect Abyss Web Server
-  author: pussycat0x
-  severity: info
-  tags: tech
-  metadata:
-    fofa-query: 'app="Abyss-Web-Server"'
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "Welcome to Abyss Web Server"
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: abyss-web-server
+
+info:
+  name: Detect Abyss Web Server
+  author: pussycat0x
+  severity: info
+  tags: tech
+  metadata:
+    fofa-query: 'app="Abyss-Web-Server"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Welcome to Abyss Web Server"
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/apache/apache-guacamole.yaml b/technologies/apache/apache-guacamole.yaml
index d5c7785ad8..263a49278b 100644
--- a/technologies/apache/apache-guacamole.yaml
+++ b/technologies/apache/apache-guacamole.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Guacamole Login Page and version detection
   author: r3dg33k
   severity: info
-  tags: apache,guacamole,tech
+  tags: apache,guacamole,tech,login
 
 requests:
   - method: GET
diff --git a/technologies/autobahn-python-detect.yaml b/technologies/autobahn-python-detect.yaml
index dcf44c5a7d..3a6054cc5a 100644
--- a/technologies/autobahn-python-detect.yaml
+++ b/technologies/autobahn-python-detect.yaml
@@ -1,29 +1,29 @@
-id: autobahn-python-detect
-
-info:
-  name: Autobahn-Python Webserver Detect
-  author: pussycat0x
-  severity: info
-  reference: https://www.shodan.io/search?query=%22AutobahnPython%22
-  tags: tech
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        regex:
-          - '<h1>AutobahnPython([ 0-9.]+)<\/h1>'
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - 'AutobahnPython([ 0-9.]+)'
+id: autobahn-python-detect
+
+info:
+  name: Autobahn-Python Webserver Detect
+  author: pussycat0x
+  severity: info
+  reference: https://www.shodan.io/search?query=%22AutobahnPython%22
+  tags: tech,webserver
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - '<h1>AutobahnPython([ 0-9.]+)<\/h1>'
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - 'AutobahnPython([ 0-9.]+)'
diff --git a/technologies/aws/aws-bucket-service.yaml b/technologies/aws/aws-bucket-service.yaml
index f2d61d54f4..643596813d 100644
--- a/technologies/aws/aws-bucket-service.yaml
+++ b/technologies/aws/aws-bucket-service.yaml
@@ -4,7 +4,7 @@ info:
   name: Detect websites using AWS bucket storage
   author: pdteam
   severity: info
-  tags: aws,tech
+  tags: aws,tech,bucket
 
 requests:
   - method: GET
diff --git a/technologies/aws/aws-cloudfront-service.yaml b/technologies/aws/aws-cloudfront-service.yaml
index c7241b09d8..b247e81533 100644
--- a/technologies/aws/aws-cloudfront-service.yaml
+++ b/technologies/aws/aws-cloudfront-service.yaml
@@ -4,7 +4,7 @@ info:
   name: AWS Cloudfront service detection
   author: jiheon-dev
   severity: info
-  tags: aws,tech
+  tags: aws,tech,service
   description: Detect websites using AWS cloudfront service
 
 requests:
@@ -19,4 +19,4 @@ requests:
           - "contains(tolower(all_headers), 'x-cache: hit from cloudfront')"
           - "contains(tolower(all_headers), 'x-cache: refreshhit from cloudfront')"
           - "contains(tolower(all_headers), 'x-cache: miss from cloudfront')"
-          - "contains(tolower(all_headers), 'x-cache: error from cloudfront')"
\ No newline at end of file
+          - "contains(tolower(all_headers), 'x-cache: error from cloudfront')"
diff --git a/technologies/csrfguard-detect.yaml b/technologies/csrfguard-detect.yaml
index 76e49b655e..f3242a8547 100644
--- a/technologies/csrfguard-detect.yaml
+++ b/technologies/csrfguard-detect.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Detects OWASP CSRF Guard 3.x & 4.x versions and whether token-per-page support is enabled based on default configuration.
   reference: https://github.com/OWASP/www-project-csrfguard
-  tags: tech,csrfguard
+  tags: tech,csrfguard,owasp
 
 requests:
   - raw:
@@ -68,4 +68,4 @@ requests:
       - type: json
         name: "page-token"
         json:
-          - '.pageTokens'
\ No newline at end of file
+          - '.pageTokens'
diff --git a/technologies/default-lighttpd-page.yaml b/technologies/default-lighttpd-page.yaml
index b5ee2404d6..910c5f5d10 100644
--- a/technologies/default-lighttpd-page.yaml
+++ b/technologies/default-lighttpd-page.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22Powered+by+lighttpd%22
-  tags: tech
+  tags: tech,lighttpd
 
 requests:
   - method: GET
diff --git a/technologies/dell/dell-idrac6-detect.yaml b/technologies/dell/dell-idrac6-detect.yaml
index 6f3c118b88..92cc6e0ea2 100644
--- a/technologies/dell/dell-idrac6-detect.yaml
+++ b/technologies/dell/dell-idrac6-detect.yaml
@@ -26,4 +26,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - '[0-9]{2}G'
\ No newline at end of file
+          - '[0-9]{2}G'
diff --git a/technologies/dell/dell-idrac7-detect.yaml b/technologies/dell/dell-idrac7-detect.yaml
index 220cfc4503..54a1ed9513 100644
--- a/technologies/dell/dell-idrac7-detect.yaml
+++ b/technologies/dell/dell-idrac7-detect.yaml
@@ -26,4 +26,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - '[0-9]{2}G'
\ No newline at end of file
+          - '[0-9]{2}G'
diff --git a/technologies/dell/dell-idrac8-detect.yaml b/technologies/dell/dell-idrac8-detect.yaml
index 2fd72b97aa..cf17618202 100644
--- a/technologies/dell/dell-idrac8-detect.yaml
+++ b/technologies/dell/dell-idrac8-detect.yaml
@@ -26,4 +26,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - '[0-9]{2}G'
\ No newline at end of file
+          - '[0-9]{2}G'
diff --git a/technologies/detect-sentry.yaml b/technologies/detect-sentry.yaml
index c89bc2ccda..dadbcb0bfb 100644
--- a/technologies/detect-sentry.yaml
+++ b/technologies/detect-sentry.yaml
@@ -18,4 +18,4 @@ requests:
       - type: regex
         part: body
         regex:
-          - "https://[0-9a-f]*@[a-z0-9]+\\.[a-z.]+.?[0-9]+"
\ No newline at end of file
+          - "https://[0-9a-f]*@[a-z0-9]+\\.[a-z.]+.?[0-9]+"
diff --git a/technologies/dwr-index-detect.yaml b/technologies/dwr-index-detect.yaml
index 35ec814ac3..4acfc9423a 100644
--- a/technologies/dwr-index-detect.yaml
+++ b/technologies/dwr-index-detect.yaml
@@ -1,27 +1,27 @@
-id: dwr-index-detect
-
-info:
-  name: DWR detect test page detection
-  author: pussycat0x
-  severity: low
-  description: The index contains the list of exposed Java classes. From here one can navigate to the test page of each class where every callable method is described and can be easily tested. This is a great way to find out what methods are exposed and learn how they function.
-  reference: http://aetherlab.net/2012/09/experiences-in-pentesting-dwr/
-  metadata:
-    google-dork: intitle:"DWR Test Index"
-  tags: tech,misconfig,dwr
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/dwr/index.html'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title>DWR Test Index</title>"
-
-      - type: status
-        status:
-          - 200
+id: dwr-index-detect
+
+info:
+  name: DWR detect test page detection
+  author: pussycat0x
+  severity: low
+  description: The index contains the list of exposed Java classes. From here one can navigate to the test page of each class where every callable method is described and can be easily tested. This is a great way to find out what methods are exposed and learn how they function.
+  reference: http://aetherlab.net/2012/09/experiences-in-pentesting-dwr/
+  metadata:
+    google-dork: intitle:"DWR Test Index"
+  tags: tech,misconfig,dwr
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/dwr/index.html'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>DWR Test Index</title>"
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/geo-webserver.yaml b/technologies/geo-webserver.yaml
index 58e1acc52c..2b1ab6d373 100644
--- a/technologies/geo-webserver.yaml
+++ b/technologies/geo-webserver.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"GeoWebServer"
-  tags: panel
+  tags: panel,geowebserver
 
 requests:
   - method: GET
diff --git a/technologies/google/google-bucket-service.yaml b/technologies/google/google-bucket-service.yaml
index 581c71ab67..26feaa908c 100644
--- a/technologies/google/google-bucket-service.yaml
+++ b/technologies/google/google-bucket-service.yaml
@@ -4,7 +4,7 @@ info:
   name: Detect websites using Google bucket storage
   author: pdteam
   severity: info
-  tags: google,tech
+  tags: google,tech,bucket
 
 requests:
   - method: GET
diff --git a/technologies/gunicorn-detect.yaml b/technologies/gunicorn-detect.yaml
index 4ad26a0ab4..0c162e4c4e 100644
--- a/technologies/gunicorn-detect.yaml
+++ b/technologies/gunicorn-detect.yaml
@@ -25,4 +25,4 @@ requests:
       - type: kval
         part: header
         kval:
-          - Server
\ No newline at end of file
+          - Server
diff --git a/technologies/hanwang-detect.yaml b/technologies/hanwang-detect.yaml
index fb2f2076c7..2fd4c30f7c 100644
--- a/technologies/hanwang-detect.yaml
+++ b/technologies/hanwang-detect.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     fofa-query: "汉王人脸考勤管理系统"
-  tags: hanwang,detect
+  tags: hanwang
 
 requests:
   - method: GET
diff --git a/technologies/iplanet-web-server.yaml b/technologies/iplanet-web-server.yaml
index c29f448425..b12161538d 100644
--- a/technologies/iplanet-web-server.yaml
+++ b/technologies/iplanet-web-server.yaml
@@ -1,25 +1,25 @@
-id: iplanet-web-server
-
-info:
-  name: Detect iPlanet Webserver Detection
-  author: pussycat0x
-  severity: info
-  tags: tech
-  metadata:
-    fofa-query: 'app="iPlanet-Web-Server,-Enterprise-Edition-4.1"'
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "iPlanet"
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: iplanet-web-server
+
+info:
+  name: Detect iPlanet Webserver Detection
+  author: pussycat0x
+  severity: info
+  tags: tech,webserver
+  metadata:
+    fofa-query: 'app="iPlanet-Web-Server,-Enterprise-Edition-4.1"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "iPlanet"
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/kubernetes/kubernetes-enterprise-manager.yaml b/technologies/kubernetes/kubernetes-enterprise-manager.yaml
index a8ddac8a7e..b4b44e09ad 100644
--- a/technologies/kubernetes/kubernetes-enterprise-manager.yaml
+++ b/technologies/kubernetes/kubernetes-enterprise-manager.yaml
@@ -1,25 +1,25 @@
-id: kubernetes-enterprise-manager
-
-info:
-  name: Detect Kubernetes Enterprise Manager
-  author: pussycat0x
-  severity: info
-  tags: tech,kubernetes
-  metadata:
-    fofa-query: 'app="Kubernetes-Enterprise-Manager"'
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "Kubernetes Enterprise Manager"
-
-      - type: status
-        status:
-          - 200
+id: kubernetes-enterprise-manager
+
+info:
+  name: Detect Kubernetes Enterprise Manager
+  author: pussycat0x
+  severity: info
+  tags: tech,kubernetes
+  metadata:
+    fofa-query: 'app="Kubernetes-Enterprise-Manager"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Kubernetes Enterprise Manager"
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/kubernetes/kubernetes-mirantis.yaml b/technologies/kubernetes/kubernetes-mirantis.yaml
index d01d8dee7c..356caa62d7 100644
--- a/technologies/kubernetes/kubernetes-mirantis.yaml
+++ b/technologies/kubernetes/kubernetes-mirantis.yaml
@@ -1,25 +1,25 @@
-id: kubernetes-mirantis
-
-info:
-  name: Detect Mirantis Kubernetes Engine
-  author: pussycat0x
-  severity: info
-  tags: tech,kubernetes
-  metadata:
-    fofa-query: 'app="Mirantis-Kubernetes-Engine"'
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "Mirantis Kubernetes Engine"
-
-      - type: status
-        status:
-          - 200
+id: kubernetes-mirantis
+
+info:
+  name: Detect Mirantis Kubernetes Engine
+  author: pussycat0x
+  severity: info
+  tags: tech,kubernetes
+  metadata:
+    fofa-query: 'app="Mirantis-Kubernetes-Engine"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Mirantis Kubernetes Engine"
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/magmi-detect.yaml b/technologies/magmi-detect.yaml
index da4aa5c661..359fb9d9d5 100644
--- a/technologies/magmi-detect.yaml
+++ b/technologies/magmi-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: MAGMI (Magento Mass Importer) Plugin Detect
   author: dwisiswant0
   severity: info
-  tags: magento,magmi
+  tags: magento,magmi,plugin
 
 requests:
   - method: GET
@@ -20,4 +20,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/technologies/microsoft-iis-8.yaml b/technologies/microsoft-iis-8.yaml
index 30e7eac1fd..32d3e2653e 100644
--- a/technologies/microsoft-iis-8.yaml
+++ b/technologies/microsoft-iis-8.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   metadata:
     shodan-query: http.title:"Microsoft Internet Information Services 8"
-  tags: tech,iis
+  tags: tech,iis,microsoft
 
 requests:
   - method: GET
diff --git a/technologies/netsweeper-webadmin-detect.yaml b/technologies/netsweeper-webadmin-detect.yaml
index 04b545b315..43ea1ceae3 100644
--- a/technologies/netsweeper-webadmin-detect.yaml
+++ b/technologies/netsweeper-webadmin-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Netsweeper WebAdmin detected
   author: dwisiswant0
   severity: info
-  tags: tech,netsweeper
+  tags: tech,netsweeper,webadmin
 
 requests:
   - method: GET
@@ -23,4 +23,4 @@ requests:
         part: body
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/technologies/nginx/nginx-linux-page.yaml b/technologies/nginx/nginx-linux-page.yaml
index 53f2ba8e09..0e65ebac57 100644
--- a/technologies/nginx/nginx-linux-page.yaml
+++ b/technologies/nginx/nginx-linux-page.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDk
   severity: info
   reference: https://www.shodan.io/search?query=http.title%3A%22Test+Page+for+the+Nginx+HTTP+Server+on+Amazon+Linux%22
-  tags: tech,nginx
+  tags: tech,nginx,amazon
 
 requests:
   - method: GET
diff --git a/technologies/node-red-detect.yaml b/technologies/node-red-detect.yaml
index 562f02c523..805c7cffa2 100644
--- a/technologies/node-red-detect.yaml
+++ b/technologies/node-red-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Node RED Detect
   author: pikpikcu
   severity: info
-  tags: tech,apache
+  tags: tech,apache,node
 
 requests:
   - method: GET
diff --git a/technologies/oidc-detect.yaml b/technologies/oidc-detect.yaml
index eade1914d6..d3c7804ec2 100644
--- a/technologies/oidc-detect.yaml
+++ b/technologies/oidc-detect.yaml
@@ -21,4 +21,4 @@ requests:
         words:
           - issuer
           - authorization_endpoint
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/technologies/oracle/oracle-iplanet-web-server.yaml b/technologies/oracle/oracle-iplanet-web-server.yaml
index 3fcb39ddbd..dcf6b13bc8 100644
--- a/technologies/oracle/oracle-iplanet-web-server.yaml
+++ b/technologies/oracle/oracle-iplanet-web-server.yaml
@@ -23,4 +23,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/technologies/php-proxy-detect.yaml b/technologies/php-proxy-detect.yaml
index fb898af353..7223a27d31 100644
--- a/technologies/php-proxy-detect.yaml
+++ b/technologies/php-proxy-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: PHP Proxy Detect
   author: pikpikcu
   severity: info
-  tags: tech,php
+  tags: tech,php,proxy
 
 requests:
   - method: GET
diff --git a/technologies/shiro-detect.yaml b/technologies/shiro-detect.yaml
index 9ce943e7bf..e94d5aa675 100644
--- a/technologies/shiro-detect.yaml
+++ b/technologies/shiro-detect.yaml
@@ -19,4 +19,4 @@ requests:
       - type: word
         part: header
         words:
-          - "rememberMe=deleteMe"
\ No newline at end of file
+          - "rememberMe=deleteMe"
diff --git a/technologies/sonicwall-email-security-detect.yaml b/technologies/sonicwall-email-security-detect.yaml
index 37b391836e..802d6d9597 100644
--- a/technologies/sonicwall-email-security-detect.yaml
+++ b/technologies/sonicwall-email-security-detect.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html
     - https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
-  tags: tech,panel
+  tags: tech,panel,sonicwall
 
 requests:
   - method: GET
diff --git a/technologies/springboot-actuator.yaml b/technologies/springboot-actuator.yaml
index ebc7edbe1e..005aad947e 100644
--- a/technologies/springboot-actuator.yaml
+++ b/technologies/springboot-actuator.yaml
@@ -28,4 +28,4 @@ requests:
       - type: dsl
         name: "favicon"
         dsl:
-          - "status_code==200 && (\"116323821\" == mmh3(base64_py(body)))"
\ No newline at end of file
+          - "status_code==200 && (\"116323821\" == mmh3(base64_py(body)))"
diff --git a/technologies/synology-web-station.yaml b/technologies/synology-web-station.yaml
index 4f741bbd77..8bde0932a3 100644
--- a/technologies/synology-web-station.yaml
+++ b/technologies/synology-web-station.yaml
@@ -5,7 +5,7 @@ info:
   author: dhiyaneshDK
   severity: info
   reference: https://www.exploit-db.com/ghdb/7125
-  tags: tech
+  tags: tech,synology
 
 requests:
   - method: GET
diff --git a/technologies/telerik/telerik-fileupload-detect.yaml b/technologies/telerik/telerik-fileupload-detect.yaml
index 8f150d8b40..b901971c77 100644
--- a/technologies/telerik/telerik-fileupload-detect.yaml
+++ b/technologies/telerik/telerik-fileupload-detect.yaml
@@ -4,7 +4,7 @@ info:
   name: Detect Telerik Web UI fileupload handler
   author: organiccrap
   severity: info
-  tags: tech,telerik
+  tags: tech,telerik,fileupload
 
 requests:
   - method: GET
diff --git a/technologies/tileserver-gl.yaml b/technologies/tileserver-gl.yaml
index 688c25aabd..38fb8c394a 100644
--- a/technologies/tileserver-gl.yaml
+++ b/technologies/tileserver-gl.yaml
@@ -8,7 +8,7 @@ info:
   metadata:
     shodan-query: http.title:"TileServer GL - Server for vector and raster maps with GL styles"
     google-dork: intitle:"TileServer GL - Server for vector and raster maps with GL styles"
-  tags: tech
+  tags: tech,tileserver
 
 requests:
   - method: GET
diff --git a/technologies/weblogic-detect.yaml b/technologies/weblogic-detect.yaml
index 1b245db0e3..fa768308b0 100644
--- a/technologies/weblogic-detect.yaml
+++ b/technologies/weblogic-detect.yaml
@@ -23,4 +23,4 @@ requests:
 
       - type: status
         status:
-          - 404
\ No newline at end of file
+          - 404
diff --git a/token-spray/api-alienvault.yaml b/token-spray/api-alienvault.yaml
index 8bfd4447da..d0e5ba33ae 100644
--- a/token-spray/api-alienvault.yaml
+++ b/token-spray/api-alienvault.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://otx.alienvault.com/api
     - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md
-  tags: token-spray,alienvault
+  tags: token-spray,alienvault,exchange
 
 self-contained: true
 requests:
diff --git a/token-spray/api-charity.yaml b/token-spray/api-charity.yaml
index 1dfa570737..ba28ca00cf 100644
--- a/token-spray/api-charity.yaml
+++ b/token-spray/api-charity.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - http://charityapi.orghunter.com/
     - https://github.com/daffainfo/all-about-apikey/blob/main/Business/Charity%20Search.md
-  tags: token-spray,charity
+  tags: token-spray,charity,search
 
 self-contained: true
 requests:
diff --git a/vulnerabilities/apache/apache-flink-unauth-rce.yaml b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
index ccc8012049..fdeb3c64c9 100644
--- a/vulnerabilities/apache/apache-flink-unauth-rce.yaml
+++ b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache Flink Unauth RCE
   author: pikpikcu
   severity: critical
-  tags: apache,flink,rce,intrusive
+  tags: apache,flink,rce,intrusive,unauth
   reference:
     - https://www.exploit-db.com/exploits/48978
     - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
diff --git a/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml b/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
index c5937771c0..d86db343ec 100644
--- a/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
+++ b/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
@@ -4,7 +4,7 @@ info:
   name: Apache OFBiz Log4j JNDI RCE
   author: pdteam
   severity: critical
-  tags: ofbiz,oast,log4j,rce,apache
+  tags: ofbiz,oast,log4j,rce,apache,jndi
 
 requests:
   - raw:
@@ -30,4 +30,4 @@ requests:
         part: interactsh_request
         group: 1
         regex:
-          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'   # Print extracted ${hostName} in output
\ No newline at end of file
+          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'   # Print extracted ${hostName} in output
diff --git a/vulnerabilities/apache/apache-solr-log4j-rce.yaml b/vulnerabilities/apache/apache-solr-log4j-rce.yaml
index 19d21efac7..bd31144333 100644
--- a/vulnerabilities/apache/apache-solr-log4j-rce.yaml
+++ b/vulnerabilities/apache/apache-solr-log4j-rce.yaml
@@ -9,7 +9,7 @@ info:
     - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
     - https://twitter.com/sirifu4k1/status/1470011568834424837
     - https://github.com/apache/solr/pull/454
-  tags: solr,oast,log4j,rce,apache
+  tags: solr,oast,log4j,rce,apache,jndi
 
 requests:
   - method: GET
@@ -33,4 +33,4 @@ requests:
         part: interactsh_request
         group: 1
         regex:
-          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'   # Print extracted ${hostName} in output
\ No newline at end of file
+          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'   # Print extracted ${hostName} in output
diff --git a/vulnerabilities/generic/error-based-sql-injection.yaml b/vulnerabilities/generic/error-based-sql-injection.yaml
index c0119a2e3c..d41cf43580 100644
--- a/vulnerabilities/generic/error-based-sql-injection.yaml
+++ b/vulnerabilities/generic/error-based-sql-injection.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: high
   description: Detects the possibility of SQL injection in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml.
-  tags: sqli,generic
+  tags: sqli,generic,error
 
 requests:
   - method: GET
diff --git a/vulnerabilities/generic/generic-blind-xxe.yaml b/vulnerabilities/generic/generic-blind-xxe.yaml
index a08f153493..5fc978ae6e 100644
--- a/vulnerabilities/generic/generic-blind-xxe.yaml
+++ b/vulnerabilities/generic/generic-blind-xxe.yaml
@@ -4,7 +4,7 @@ info:
   name: Generic Blind XXE
   author: geeknik
   severity: high
-  tags: xxe,generic
+  tags: xxe,generic,blind
 
 requests:
   - raw:
diff --git a/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml b/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml
index 8e99a56920..c04a91a101 100644
--- a/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml
+++ b/vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   reference: https://hackerone.com/reports/406387
   severity: high
-  tags: ssrf,generic
+  tags: ssrf,generic,xmlrpc
 
 requests:
   - raw:
diff --git a/vulnerabilities/ibm/ibm-infoprint-lfi.yaml b/vulnerabilities/ibm/ibm-infoprint-lfi.yaml
index 5945201731..5b425e4664 100644
--- a/vulnerabilities/ibm/ibm-infoprint-lfi.yaml
+++ b/vulnerabilities/ibm/ibm-infoprint-lfi.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: Directory traversal vulnerability on IBM InfoPrint 4247-Z03 Impact Matrix Printer.
   reference: https://www.exploit-db.com/exploits/47835
-  tags: ibm,lfi
+  tags: ibm,lfi,matrix,printer
 
 requests:
   - method: GET
diff --git a/vulnerabilities/jira/jira-service-desk-signup.yaml b/vulnerabilities/jira/jira-service-desk-signup.yaml
index dd1c371355..1cfce39b45 100644
--- a/vulnerabilities/jira/jira-service-desk-signup.yaml
+++ b/vulnerabilities/jira/jira-service-desk-signup.yaml
@@ -4,7 +4,7 @@ info:
   name: Jira Service Desk Signup
   author: TechbrunchFR
   severity: medium
-  tags: jira,atlassian
+  tags: jira,atlassian,service
 
 requests:
   - method: POST
diff --git a/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml b/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml
index 0336b5eaa4..41eb4ecdcf 100644
--- a/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml
+++ b/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml
@@ -4,7 +4,7 @@ info:
   name: Jolokia Java Heap Information Disclosure
   author: milo2012
   severity: info
-  tags: jolokia,disclosure
+  tags: jolokia,disclosure,java
 
 requests:
   - raw:
diff --git a/vulnerabilities/linkerd/linkerd-ssrf.yaml b/vulnerabilities/linkerd/linkerd-ssrf.yaml
index 3060e058eb..692b0fa385 100644
--- a/vulnerabilities/linkerd/linkerd-ssrf.yaml
+++ b/vulnerabilities/linkerd/linkerd-ssrf.yaml
@@ -4,7 +4,7 @@ info:
   name: Linkerd Service detection
   author: dudez
   severity: info
-  tags: tech,linkerd
+  tags: tech,linkerd,service
   reference: https://twitter.com/nirvana_msu/status/1084144955034165248
 
 requests:
@@ -29,4 +29,4 @@ requests:
           - '(?mi)Exceeded .*? binding timeout while resolving name'
           - '(?mi)exceeded .*? to unspecified while dyn binding'
         part: body
-        condition: or
\ No newline at end of file
+        condition: or
diff --git a/vulnerabilities/other/asanhamayesh-lfi.yaml b/vulnerabilities/other/asanhamayesh-lfi.yaml
index c4a9e8b10e..462ea627f3 100644
--- a/vulnerabilities/other/asanhamayesh-lfi.yaml
+++ b/vulnerabilities/other/asanhamayesh-lfi.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://cxsecurity.com/issue/WLB-2018030006
     - https://asanhamayesh.com
-  tags: asanhamayesh,lfi
+  tags: asanhamayesh,lfi,traversal
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/caucho-resin-info-disclosure.yaml b/vulnerabilities/other/caucho-resin-info-disclosure.yaml
index 04795427db..46df0de4f7 100644
--- a/vulnerabilities/other/caucho-resin-info-disclosure.yaml
+++ b/vulnerabilities/other/caucho-resin-info-disclosure.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: info
   reference: https://www.exploit-db.com/exploits/27888
-  tags: exposure,resin
+  tags: exposure,resin,caucho
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/comtrend-password-exposure.yaml b/vulnerabilities/other/comtrend-password-exposure.yaml
index 1764bf1d74..67210aa522 100644
--- a/vulnerabilities/other/comtrend-password-exposure.yaml
+++ b/vulnerabilities/other/comtrend-password-exposure.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: A vulnerability in COMTREND ADSL Router allows remote authenticated users to execute arbitrary commands via the telnet interface, the password for this interface is leaked to unauthenticated users via the 'password.cgi' endpoint.
   reference: https://www.exploit-db.com/exploits/16275
-  tags: router,exposure,iot
+  tags: router,exposure,iot,rce
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/global-domains-lfi.yaml b/vulnerabilities/other/global-domains-lfi.yaml
index 06cedfe0a0..a7d542d48b 100644
--- a/vulnerabilities/other/global-domains-lfi.yaml
+++ b/vulnerabilities/other/global-domains-lfi.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://cxsecurity.com/issue/WLB-2018020247
     - http://www.nic.ws
-  tags: globaldomains,lfi
+  tags: globaldomains,lfi,traversal
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/groupoffice-lfi.yaml b/vulnerabilities/other/groupoffice-lfi.yaml
index 5aa0d15503..142e511ab2 100644
--- a/vulnerabilities/other/groupoffice-lfi.yaml
+++ b/vulnerabilities/other/groupoffice-lfi.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://cxsecurity.com/issue/WLB-2018020249
     - http://www.group-office.com
-  tags: groupoffice,lfi
+  tags: groupoffice,lfi,traversal
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/hasura-graphql-psql-exec.yaml b/vulnerabilities/other/hasura-graphql-psql-exec.yaml
index 00d5756dd4..3bbee82009 100644
--- a/vulnerabilities/other/hasura-graphql-psql-exec.yaml
+++ b/vulnerabilities/other/hasura-graphql-psql-exec.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: A vulnerability in Hasura GraphQL Engine allows remote unauthenticated users to execute arbitrary SQL statements via the '/v2/query' endpoint.
   reference: https://www.exploit-db.com/exploits/49802
-  tags: hasura,rce
+  tags: hasura,rce,graphql
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/hasura-graphql-ssrf.yaml b/vulnerabilities/other/hasura-graphql-ssrf.yaml
index ab8bbe4a7a..1cca56e8e7 100644
--- a/vulnerabilities/other/hasura-graphql-ssrf.yaml
+++ b/vulnerabilities/other/hasura-graphql-ssrf.yaml
@@ -4,7 +4,7 @@ info:
   author: princechaddha
   severity: high
   reference: https://cxsecurity.com/issue/WLB-2021040115
-  tags: hasura,ssrf
+  tags: hasura,ssrf,graphql
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/kevinlab-bems-backdoor.yaml b/vulnerabilities/other/kevinlab-bems-backdoor.yaml
index ae79e71a41..6727c6b900 100644
--- a/vulnerabilities/other/kevinlab-bems-backdoor.yaml
+++ b/vulnerabilities/other/kevinlab-bems-backdoor.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: The BEMS solution has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel, and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
   reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php
-  tags: kevinlab
+  tags: kevinlab,backdoor
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/netgear-router-exposure.yaml b/vulnerabilities/other/netgear-router-exposure.yaml
index 381f0973b1..392fd516f7 100644
--- a/vulnerabilities/other/netgear-router-exposure.yaml
+++ b/vulnerabilities/other/netgear-router-exposure.yaml
@@ -8,7 +8,7 @@ info:
     - https://www.exploit-db.com/exploits/45741
   author: geeknik
   severity: critical
-  tags: netgear,exposure,iot
+  tags: netgear,exposure,iot,router
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/nginx-module-vts-xss.yaml b/vulnerabilities/other/nginx-module-vts-xss.yaml
index 006da625d1..9c48e332f3 100644
--- a/vulnerabilities/other/nginx-module-vts-xss.yaml
+++ b/vulnerabilities/other/nginx-module-vts-xss.yaml
@@ -4,7 +4,7 @@ info:
   name: Nginx virtual host traffic status module XSS
   author: madrobot
   severity: medium
-  tags: nginx,xss
+  tags: nginx,xss,status
 
 requests:
   - method: GET
@@ -25,4 +25,4 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
diff --git a/vulnerabilities/other/nuuo-nvrmini2-rce.yaml b/vulnerabilities/other/nuuo-nvrmini2-rce.yaml
index dfad086cc8..1bb1d015d6 100644
--- a/vulnerabilities/other/nuuo-nvrmini2-rce.yaml
+++ b/vulnerabilities/other/nuuo-nvrmini2-rce.yaml
@@ -4,7 +4,7 @@ info:
   name: NUUO NVRmini 2 3.0.8 - Remote Code Execution
   author: berkdusunur
   severity: critical
-  tags: rce
+  tags: rce,nuuo
   reference:
     - https://www.exploit-db.com/exploits/45070
     - https://github.com/berkdsnr/NUUO-NVRMINI-RCE
@@ -24,4 +24,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml b/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml
index f1d82689fa..83336dff9f 100644
--- a/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml
+++ b/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml
@@ -4,7 +4,7 @@ info:
   name: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie
   author: madrobot
   severity: high
-  tags: ssti,rce
+  tags: ssti,rce,csrf
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/phpwiki-lfi.yaml b/vulnerabilities/other/phpwiki-lfi.yaml
index 0d0a84e034..d32be0483c 100644
--- a/vulnerabilities/other/phpwiki-lfi.yaml
+++ b/vulnerabilities/other/phpwiki-lfi.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
   reference: https://www.exploit-db.com/exploits/38027
-  tags: phpwiki,lfi
+  tags: phpwiki,lfi,xss
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/qihang-media-lfi.yaml b/vulnerabilities/other/qihang-media-lfi.yaml
index 42e4aaed79..d82ba21f01 100644
--- a/vulnerabilities/other/qihang-media-lfi.yaml
+++ b/vulnerabilities/other/qihang-media-lfi.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The QiHang Media Web application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.
   reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
-  tags: qihang,lfi
+  tags: qihang,lfi,disclosure
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/ruijie-networks-rce.yaml b/vulnerabilities/other/ruijie-networks-rce.yaml
index a93e658328..2168911631 100644
--- a/vulnerabilities/other/ruijie-networks-rce.yaml
+++ b/vulnerabilities/other/ruijie-networks-rce.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
     - https://www.ruijienetworks.com # vendor homepage
-  tags: ruijie,rce
+  tags: ruijie,rce,network
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/sangfor-edr-auth-bypass.yaml b/vulnerabilities/other/sangfor-edr-auth-bypass.yaml
index 2e4aa14045..313272d6d7 100644
--- a/vulnerabilities/other/sangfor-edr-auth-bypass.yaml
+++ b/vulnerabilities/other/sangfor-edr-auth-bypass.yaml
@@ -4,7 +4,7 @@ info:
   author: princechaddha
   severity: high
   description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username.
-  tags: sangfor,auth-bypass
+  tags: sangfor,auth-bypass,login
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/sangfor-edr-rce.yaml b/vulnerabilities/other/sangfor-edr-rce.yaml
index 997f107b6f..3eb316542f 100644
--- a/vulnerabilities/other/sangfor-edr-rce.yaml
+++ b/vulnerabilities/other/sangfor-edr-rce.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: A vulnerability in Sangfor EDR product allows remote unauthenticated users to cause the product to execute arbitrary commands.
   reference: https://www.cnblogs.com/0day-li/p/13650452.html
-  tags: rce
+  tags: rce,sangfor
 
 requests:
   - method: POST
diff --git a/vulnerabilities/other/sponip-network-system-ping-rce.yaml b/vulnerabilities/other/sponip-network-system-ping-rce.yaml
index eb63546aaa..e60a99688b 100644
--- a/vulnerabilities/other/sponip-network-system-ping-rce.yaml
+++ b/vulnerabilities/other/sponip-network-system-ping-rce.yaml
@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: critical
   reference: https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247486018&idx=1&sn=d744907475a4ea9ebeb26338c735e3e9
-  tags: sponip,rce,oast
+  tags: sponip,rce,oast,network
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/symantec-messaging-gateway.yaml b/vulnerabilities/other/symantec-messaging-gateway.yaml
index 4bab74cd1c..ab5c216ab1 100644
--- a/vulnerabilities/other/symantec-messaging-gateway.yaml
+++ b/vulnerabilities/other/symantec-messaging-gateway.yaml
@@ -5,7 +5,7 @@ info:
   author: Random_Robbie
   severity: medium
   description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal
-  tags: lfi
+  tags: lfi,messaging,symantec
 
 requests:
   - method: GET
diff --git a/vulnerabilities/other/unifi-network-log4j-rce.yaml b/vulnerabilities/other/unifi-network-log4j-rce.yaml
index 8aa48a3dbb..40fd263e78 100644
--- a/vulnerabilities/other/unifi-network-log4j-rce.yaml
+++ b/vulnerabilities/other/unifi-network-log4j-rce.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
     - https://twitter.com/sprocket_ed/status/1473301038832701441
-  tags: rce,log4j,ubnt,unifi,oast
+  tags: rce,log4j,ubnt,unifi,oast,jndi,network
   metadata:
     shodan-query: http.title:"UniFi Network"
 
diff --git a/vulnerabilities/other/visual-tools-dvr-rce.yaml b/vulnerabilities/other/visual-tools-dvr-rce.yaml
index 8b0edcd260..41d9f17306 100644
--- a/vulnerabilities/other/visual-tools-dvr-rce.yaml
+++ b/vulnerabilities/other/visual-tools-dvr-rce.yaml
@@ -7,7 +7,7 @@ info:
   description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
   reference:
     - https://www.exploit-db.com/exploits/50098
-  tags: visualtools,rce,oast
+  tags: visualtools,rce,oast,injection
 
 requests:
   - raw:
diff --git a/vulnerabilities/other/wooyun-path-traversal.yaml b/vulnerabilities/other/wooyun-path-traversal.yaml
index 3956371181..9c16b43a73 100644
--- a/vulnerabilities/other/wooyun-path-traversal.yaml
+++ b/vulnerabilities/other/wooyun-path-traversal.yaml
@@ -9,7 +9,7 @@ info:
     A general document of UFIDA ERP-NC contains a vulnerability
     (affecting a large number of well-known school government and enterprise cases
     such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
-  tags: lfi
+  tags: lfi,wooyun
 
 requests:
   - method: GET
@@ -26,4 +26,4 @@ requests:
           - <DataSourceClassName>
           - </DataSourceClassName>
         part: body
-        condition: and
\ No newline at end of file
+        condition: and
diff --git a/vulnerabilities/other/zhiyuan-file-upload.yaml b/vulnerabilities/other/zhiyuan-file-upload.yaml
index f596b39871..88232d148c 100644
--- a/vulnerabilities/other/zhiyuan-file-upload.yaml
+++ b/vulnerabilities/other/zhiyuan-file-upload.yaml
@@ -6,7 +6,7 @@ info:
   severity: critical
   description: A vulnerability in Zhiyuan OA allows remote unauthenticated attackers to upload arbitrary files to the remote server which they can later access and cause their code to be executed.
   reference: https://www.programmersought.com/article/92658169875/
-  tags: zhiyuan,rce
+  tags: zhiyuan,rce,upload
 
 requests:
   - method: GET
diff --git a/vulnerabilities/rails/rails6-xss.yaml b/vulnerabilities/rails/rails6-xss.yaml
index 05d14c2db1..7991dd37b2 100644
--- a/vulnerabilities/rails/rails6-xss.yaml
+++ b/vulnerabilities/rails/rails6-xss.yaml
@@ -4,7 +4,7 @@ info:
   author: ooooooo_q,rootxharsh,iamnoooob
   severity: medium
   reference: https://hackerone.com/reports/904059
-  tags: rails,xss
+  tags: rails,xss,crlf
 
   #  XSS (6.0.0 < rails < 6.0.3.2); Payload is location=%0djavascript:alert(1);
   #  Nuclei has issues with 302 response missing a Location header thus the
diff --git a/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml b/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml
index 9247d17e78..a3296ec1f7 100644
--- a/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml
+++ b/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml
@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: high
   reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
-  tags: sqli,simplecrm,auth-bypass
+  tags: sqli,simplecrm,auth-bypass,injection
 
 requests:
   - method: POST
diff --git a/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
index 811f02cb35..c6894d3e8b 100644
--- a/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
   reference: https://www.exploit-db.com/exploits/26305
-  tags: xss,squirrelmail
+  tags: xss,squirrelmail,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
index b52889fbf8..a0daf19e46 100644
--- a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
@@ -6,7 +6,7 @@ info:
   severity: medium
   description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
   reference: https://www.exploit-db.com/exploits/34814
-  tags: xss,squirrelmail
+  tags: xss,squirrelmail,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml b/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
index 60b28b1a65..a6ab46dae7 100644
--- a/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
@@ -4,7 +4,7 @@ info:
   name: Vmware Vcenter LFI for Linux appliances
   author: PR3R00T
   severity: high
-  tags: vmware,lfi
+  tags: vmware,lfi,vcenter
 
 requests:
   - method: GET
@@ -13,4 +13,4 @@ requests:
     matchers:
       - type: word
         words:
-          - "vCenter Server"
\ No newline at end of file
+          - "vCenter Server"
diff --git a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml
index 9ee7ce40bb..53a04713d1 100644
--- a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://kb.vmware.com/s/article/7960893
     - https://twitter.com/ptswarm/status/1316016337550938122
-  tags: vmware,lfi
+  tags: vmware,lfi,vcenter
 
 requests:
   - raw:
diff --git a/vulnerabilities/vmware/vmware-vcenter-ssrf.yaml b/vulnerabilities/vmware/vmware-vcenter-ssrf.yaml
index a5c3a08d86..4bd82a9b23 100644
--- a/vulnerabilities/vmware/vmware-vcenter-ssrf.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-ssrf.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: critical
   reference: https://github.com/l0ggg/VMware_vCenter
-  tags: ssrf,lfi,xss,oast
+  tags: ssrf,lfi,xss,oast,vcenter,vmware
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/aspose-file-download.yaml b/vulnerabilities/wordpress/aspose-file-download.yaml
index 78d4048c1b..f6b3f7b609 100644
--- a/vulnerabilities/wordpress/aspose-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-file-download.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The Aspose Cloud eBook Generator WordPress plugin was affected by a File Download security vulnerability.
   reference: https://wpscan.com/vulnerability/7866
-  tags: wordpress,wp-plugin,lfi
+  tags: wordpress,wp-plugin,lfi,aspose,ebook
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/aspose-words-file-download.yaml b/vulnerabilities/wordpress/aspose-words-file-download.yaml
index 6cf04ee7eb..a9187a88fa 100644
--- a/vulnerabilities/wordpress/aspose-words-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-words-file-download.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://wpscan.com/vulnerability/7869
     - https://wordpress.org/plugins/aspose-doc-exporter
-  tags: wordpress,wp-plugin,lfi
+  tags: wordpress,wp-plugin,lfi,aspose
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml b/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml
index 6225458a19..64937eb924 100644
--- a/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml
+++ b/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: high
   description: The WordPress Easy WP SMTP Plugin has its 'easy-wp-smtp' folder remotely acccessible and its content available for access.
   reference: https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/
-  tags: wordpress,wp-plugin
+  tags: wordpress,wp-plugin,smtp
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml b/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml
index 8dda442e3f..e85cc156ae 100644
--- a/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml
+++ b/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml
@@ -3,7 +3,7 @@ info:
   name: Wordpress W3C Total Cache SSRF <= 0.9.4
   author: random_robbie
   severity: medium
-  tags: wordpress,wp-plugin
+  tags: wordpress,wp-plugin,cache,ssrf
   description: The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.
   reference:
     - https://wpvulndb.com/vulnerabilities/8644
@@ -17,4 +17,4 @@ requests:
       - type: word
         words:
           - "NessusFileIncludeTest"
-        part: body
\ No newline at end of file
+        part: body
diff --git a/vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml b/vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
index 47348a7a21..4b29345142 100644
--- a/vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
+++ b/vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
@@ -4,7 +4,7 @@ info:
   name: WordPress Plugin "AffiliateWP – Allowed Products" Log Disclosure
   author: dhiyaneshDK
   severity: low
-  tags: wordpress,log
+  tags: wordpress,log,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml
index 2404e9dcb9..b37c237ac7 100644
--- a/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Searches for sensitive directories present in the bbpress wordpress plugin.
   reference: https://www.exploit-db.com/ghdb/6158
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml
index ed40dd3432..17ab9d7926 100644
--- a/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Searches for sensitive directories present in the elementor wordpress plugin.
   reference: https://www.exploit-db.com/ghdb/6297
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml
index b8dae0946e..26a93dff45 100644
--- a/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Searches for sensitive directories present in the gtranslate wordpress plugin.
   reference: https://www.exploit-db.com/ghdb/6160
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
index 60be402e20..d50fb50d35 100644
--- a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
+++ b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
@@ -7,7 +7,7 @@ info:
   reference: https://wpscan.com/vulnerability/10192
   description: |
     The Simple File List WordPress plugin was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution. The Python exploit first uploads a file containing PHP code but with a png image file extension. A second request is sent to move (rename) the png file to a PHP file.
-  tags: wordpress,wp-plugin,rce,intrusive
+  tags: wordpress,wp-plugin,rce,intrusive,upload,python
 
 requests:
   - raw:
diff --git a/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml
index dfad16747a..da0c5cc324 100644
--- a/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Searches for sensitive directories present in the wordpress-redirection plugin.
   reference: https://www.exploit-db.com/ghdb/6436
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml b/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
index 394e1f314a..6e0733ca6e 100644
--- a/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
+++ b/vulnerabilities/wordpress/wordpress-ssrf-oembed.yaml
@@ -7,7 +7,7 @@ info:
   reference:
     - https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
     - https://github.com/incogbyte/quickpress/blob/master/core/req.go
-  tags: wordpress,ssrf,oast
+  tags: wordpress,ssrf,oast,proxy
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml b/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml
index a1f28d4054..92f0519660 100644
--- a/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml
+++ b/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml
@@ -6,7 +6,7 @@ info:
   severity: info
   description: Searches for sensitive directories present in the woocommerce wordpress plugin.
   reference: https://www.exploit-db.com/ghdb/6192
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin,woocommerce
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
index f3efbb1457..96faa4399a 100644
--- a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
+++ b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
@@ -4,7 +4,7 @@ info:
   name: Unauthenticated SQL injection Woocommerce
   author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot
   severity: critical
-  tags: wordpress,woocomernce,sqli,wp-plugin
+  tags: wordpress,woocomernce,sqli,wp-plugin,injection
   reference:
     - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
     - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
@@ -32,4 +32,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
index cc1ca1e573..d77616569e 100644
--- a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
@@ -5,7 +5,7 @@ info:
   name: Wordfence WAF Bypass WordPress XSS
   reference: https://twitter.com/naglinagli/status/1382082473744564226
   severity: medium
-  tags: wordpress,wordfence,xss
+  tags: wordpress,wordfence,xss,bypass
 
 requests:
   - method: GET
@@ -26,4 +26,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
index f005ff8557..5ada86210a 100644
--- a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
@@ -4,7 +4,7 @@ info:
   name: WordPress Wordfence 7.4.6 Cross Site Scripting
   author: madrobot
   severity: medium
-  tags: wordpress,wp-plugin,xss
+  tags: wordpress,wp-plugin,xss,wordfence
 
 requests:
   - method: GET
@@ -25,4 +25,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
index 5b4e1dba05..e78615fb51 100644
--- a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
@@ -8,7 +8,7 @@ info:
   reference:
     - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html
     - https://www.exploit-db.com/ghdb/6979
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wp-arforms-listing.yaml b/vulnerabilities/wordpress/wp-arforms-listing.yaml
index 3b214effc5..c31253cfc6 100644
--- a/vulnerabilities/wordpress/wp-arforms-listing.yaml
+++ b/vulnerabilities/wordpress/wp-arforms-listing.yaml
@@ -1,28 +1,28 @@
-id: wp-arforms-listing
-info:
-  name: WordPress Plugin Arforms Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6424
-  tags: wordpress,listing
-
-requests:
-
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/arforms/"
-
-    matchers-condition: and
-
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/arforms/"
-        condition: and
-
-      - type: status
-
-        status:
-          - 200
\ No newline at end of file
+id: wp-arforms-listing
+info:
+  name: WordPress Plugin Arforms Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6424
+  tags: wordpress,listing,plugin
+
+requests:
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/arforms/"
+
+    matchers-condition: and
+
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/arforms/"
+        condition: and
+
+      - type: status
+
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-config-setup.yaml b/vulnerabilities/wordpress/wp-config-setup.yaml
index 4d0b660640..fd39154323 100644
--- a/vulnerabilities/wordpress/wp-config-setup.yaml
+++ b/vulnerabilities/wordpress/wp-config-setup.yaml
@@ -5,7 +5,7 @@ info:
   author: princechaddha
   severity: high
   reference: https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/
-  tags: wordpress
+  tags: wordpress,setup
 
 requests:
   - method: GET
@@ -20,4 +20,4 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
diff --git a/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml b/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
index e94a46837e..a51f4d0655 100644
--- a/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
+++ b/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
@@ -1,26 +1,26 @@
-id: wp-email-subscribers-listing
-info:
-  name: WordPress Plugin Email Subscribers Listing
-  author: pussycat0x
-  severity: low
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6428
-  tags: wordpress,listing
-
-requests:
-
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/email-subscribers"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/email-subscribers"
-        condition: and
-
-      - type: status
-
-        status:
-          - 200
+id: wp-email-subscribers-listing
+info:
+  name: WordPress Plugin Email Subscribers Listing
+  author: pussycat0x
+  severity: low
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6428
+  tags: wordpress,listing,plugin
+
+requests:
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/email-subscribers"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/email-subscribers"
+        condition: and
+
+      - type: status
+
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-haberadam-idor.yaml b/vulnerabilities/wordpress/wp-haberadam-idor.yaml
index bc276717b0..f5ab5be5b0 100644
--- a/vulnerabilities/wordpress/wp-haberadam-idor.yaml
+++ b/vulnerabilities/wordpress/wp-haberadam-idor.yaml
@@ -1,37 +1,37 @@
-id: wp-haberadam-idor
-
-info:
-  name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API
-  author: pussycat0x
-  severity: low
-  reference: https://cxsecurity.com/issue/WLB-2021090078
-  metadata:
-    google-dork: inurl:/wp-content/themes/haberadam/
-  tags: wordpress,idor,wp-theme
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id='
-      - '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id='
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"status"'
-          - '"hava"'
-          - '"degree"'
-          - '"icon"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        part: header
-        words:
-          - text/html
+id: wp-haberadam-idor
+
+info:
+  name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API
+  author: pussycat0x
+  severity: low
+  reference: https://cxsecurity.com/issue/WLB-2021090078
+  metadata:
+    google-dork: inurl:/wp-content/themes/haberadam/
+  tags: wordpress,idor,wp-theme,disclosure
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id='
+      - '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id='
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"status"'
+          - '"hava"'
+          - '"degree"'
+          - '"icon"'
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - text/html
diff --git a/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml b/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
index 59ed30206c..5612b790af 100644
--- a/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
+++ b/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
@@ -1,27 +1,27 @@
-id: wp-idx-broker-platinum-listing
-info:
-  name: WordPress Plugin Idx Broker Platinum Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6416
-  tags: wordpress,listing
-
-requests:
-
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/"
-
-    matchers-condition: and
-
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/idx-broker-platinum/"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: wp-idx-broker-platinum-listing
+info:
+  name: WordPress Plugin Idx Broker Platinum Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6416
+  tags: wordpress,listing,plugin
+
+requests:
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/"
+
+    matchers-condition: and
+
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/idx-broker-platinum/"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-iwp-client-listing.yaml b/vulnerabilities/wordpress/wp-iwp-client-listing.yaml
index b97d6e03a1..54ddf70c5a 100644
--- a/vulnerabilities/wordpress/wp-iwp-client-listing.yaml
+++ b/vulnerabilities/wordpress/wp-iwp-client-listing.yaml
@@ -1,25 +1,25 @@
-id: wp-iwp-client-listing
-info:
-  name: WordPress Plugin Iwp-client Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6427
-  tags: wordpress,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/iwp-client/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/iwp-client/"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: wp-iwp-client-listing
+info:
+  name: WordPress Plugin Iwp-client Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6427
+  tags: wordpress,listing,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/iwp-client/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/iwp-client/"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-mailchimp-log-exposure.yaml b/vulnerabilities/wordpress/wp-mailchimp-log-exposure.yaml
index 1869a7386f..023e18c389 100644
--- a/vulnerabilities/wordpress/wp-mailchimp-log-exposure.yaml
+++ b/vulnerabilities/wordpress/wp-mailchimp-log-exposure.yaml
@@ -5,7 +5,7 @@ info:
   author: aashiq
   severity: medium
   description: Searches for Mailchimp log exposure by attempting to query the debug log endpoint on wp-content
-  tags: logs,wordpress,exposure
+  tags: logs,wordpress,exposure,mailchimp
 
 requests:
   - method: GET
@@ -25,4 +25,4 @@ requests:
       - type: word
         words:
           - 'text/plain'
-        part: header
\ No newline at end of file
+        part: header
diff --git a/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml b/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml
index 1813fab599..eee5479fa0 100644
--- a/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml
+++ b/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml
@@ -1,25 +1,25 @@
-id: wordpress-plugins-lifterlms
-
-info:
-  name: WordPress Plugin lifterlms Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6420
-  tags: wordpress,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/lifterlms/"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/lifterlms/"
-        condition: and
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: wordpress-plugins-lifterlms
+
+info:
+  name: WordPress Plugin lifterlms Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6420
+  tags: wordpress,listing,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/lifterlms/"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/lifterlms/"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml b/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml
index 5266895949..0217c99ca1 100644
--- a/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml
+++ b/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml
@@ -1,26 +1,26 @@
-id: wordpress-plugins-ultimate-member
-
-info:
-  name: WordPress Plugin Ultimate Member
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6998
-  tags: wordpress,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/ultimate-member/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/ultimate-member/"
-        condition: and
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: wordpress-plugins-ultimate-member
+
+info:
+  name: WordPress Plugin Ultimate Member
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6998
+  tags: wordpress,listing,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/ultimate-member/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/ultimate-member/"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-popup-listing.yaml b/vulnerabilities/wordpress/wp-popup-listing.yaml
index e8ea453ee8..c60d311327 100644
--- a/vulnerabilities/wordpress/wp-popup-listing.yaml
+++ b/vulnerabilities/wordpress/wp-popup-listing.yaml
@@ -5,7 +5,7 @@ info:
   author: aashiq
   severity: info
   description: Searches for sensitive directories present in the wordpress-popup plugin.
-  tags: wordpress,listing
+  tags: wordpress,listing,plugin
 
 requests:
   - method: GET
diff --git a/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml b/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
index 2ec937706a..829051bd9f 100644
--- a/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
+++ b/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
@@ -1,26 +1,26 @@
-id: wp-sfwd-lms-listing
-
-info:
-  name: WordPress Plugin Sfwd-lms Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6426
-  tags: wordpress,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/sfwd-lms/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/sfwd-lms"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: wp-sfwd-lms-listing
+
+info:
+  name: WordPress Plugin Sfwd-lms Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6426
+  tags: wordpress,listing,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/sfwd-lms/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/sfwd-lms"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-super-forms.yaml b/vulnerabilities/wordpress/wp-super-forms.yaml
index 1d3a407ad9..534a07f2d6 100644
--- a/vulnerabilities/wordpress/wp-super-forms.yaml
+++ b/vulnerabilities/wordpress/wp-super-forms.yaml
@@ -1,22 +1,22 @@
-id: wordpress-super-forms
-info:
-  name: WordPress super-forms Plugin Directory Listing
-  author: pussycat0x
-  severity: low
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6776
-  tags: wordpress,listing
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/super-forms/"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of /wp-content/plugins/super-forms/"
-
-      - type: status
-        status:
-          - 200
\ No newline at end of file
+id: wordpress-super-forms
+info:
+  name: WordPress super-forms Plugin Directory Listing
+  author: pussycat0x
+  severity: low
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6776
+  tags: wordpress,listing,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/super-forms/"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of /wp-content/plugins/super-forms/"
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
index efdb6f29c9..ca4e90da4a 100644
--- a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
+++ b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
@@ -9,7 +9,7 @@ info:
     - https://twitter.com/sec_hawk/status/1426984595094913025?s=21
     - https://github.com/Mohammedsaneem/wordpress-upload-information-disclosure/blob/main/worpress-upload.yaml
     - https://woocommerce.com/products/pdf-invoices/
-  tags: wordpress,listing,exposure
+  tags: wordpress,listing,exposure,woocommerce
 
 requests:
 
diff --git a/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml b/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml
index c81a051e5d..311df4d1fd 100644
--- a/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml
+++ b/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml
@@ -4,7 +4,7 @@ info:
   name: Wordpress XMLRPC Pingback detection
   author: pdteam
   severity: info
-  tags: wordpress,ssrf,oast
+  tags: wordpress,ssrf,oast,xmlrpc
   reference:
     - https://github.com/dorkerdevil/rpckiller
     - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32