diff --git a/http/default-logins/soplanning/soplanning-default-login.yaml b/http/default-logins/soplanning/soplanning-default-login.yaml
new file mode 100644
index 0000000000..1cea63f856
--- /dev/null
+++ b/http/default-logins/soplanning/soplanning-default-login.yaml
@@ -0,0 +1,48 @@
+id: soplanning-default-login
+
+info:
+  name: SOPlanning - Default Login
+  author: Kazgangap
+  severity: high
+  description: |
+    SOPlanning contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  reference:
+    - https://www.soplanning.org/en/
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: soplanning
+    product: soplanning
+    shodan-query: html:"soplanning"
+  tags: soplanning,default-login
+
+http:
+  - raw:
+      - |
+        POST /process/login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        login={{username}}&password={{password}}
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+
+    host-redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'title="Logout"'
+          - 'title="Modify my profile"'
+          - 'Settings'
+        condition: and
+
+      - type: status
+        status:
+          - 200