From e9f93a9806e9f03d88405f133ca1b74d001786fb Mon Sep 17 00:00:00 2001
From: Parth Malhotra <28601533+parthmalhotra@users.noreply.github.com>
Date: Tue, 25 Jun 2024 12:56:29 +0530
Subject: [PATCH] Update compliance.yml

---
 profiles/compliance.yml | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/profiles/compliance.yml b/profiles/compliance.yml
index 65e5be0b1b..544a1958f8 100644
--- a/profiles/compliance.yml
+++ b/profiles/compliance.yml
@@ -1,9 +1,36 @@
-# This is a configuration file for the compliance template profile.
-# Additional configuration profiles can be created for different types of nuclei scans.
-# They should be placed under the 'config' directory at:
-# https://github.com/projectdiscovery/nuclei-templates
-# Here is an example of how to use a config profile:
-# nuclei -config config/compliance.yml -list target_list_to_scan.txt
+# Nuclei Configuration Profile for Compliance Detection
+#
+# This configuration file is specifically tailored for detecting compliance-related issues using Nuclei.
+#
+# Purpose:
+# This profile is focused on identifying a wide range of security issues to ensure compliance with various security standards and best practices. It includes templates for detecting misconfigurations, vulnerabilities, exposures, and other security risks.
+#
+# Included Templates:
+# This configuration references specific templates tagged with various security-related tags to cover comprehensive compliance scanning:
+# - misconfig: Templates for detecting misconfigurations.
+# - cve: Templates for detecting Common Vulnerabilities and Exposures.
+# - exposure: Templates for detecting sensitive information exposures.
+# - default-login: Templates for detecting default login credentials.
+# - xss: Templates for detecting Cross-Site Scripting vulnerabilities.
+# - lfi: Templates for detecting Local File Inclusion vulnerabilities.
+# - edb: Templates for vulnerabilities listed in the Exploit Database.
+# - rce: Templates for detecting Remote Code Execution vulnerabilities.
+# - sqli: Templates for detecting SQL Injection vulnerabilities.
+# - unauth: Templates for detecting unauthorized access vulnerabilities.
+# - ssrf: Templates for detecting Server-Side Request Forgery vulnerabilities.
+# - redirect: Templates for detecting open redirection vulnerabilities.
+# - disclosure: Templates for detecting sensitive information disclosure.
+# - takeover: Templates for detecting subdomain takeover vulnerabilities.
+# - traversal: Templates for detecting directory traversal vulnerabilities.
+# - generic: Templates for detecting generic security issues.
+# - deserialization: Templates for detecting deserialization vulnerabilities.
+# - ssl: Templates for detecting SSL/TLS related issues.
+# - keys: Templates for detecting exposed keys.
+# - token: Templates for detecting exposed tokens.
+#
+# Running this profile
+# You can run this profile using the following command:
+# nuclei -profile compliance -u https://example.com
 
 tags:
   - misconfig
@@ -26,4 +53,4 @@ tags:
   - deserialization
   - ssl
   - keys
-  - token
\ No newline at end of file
+  - token