id: readme-md

info:
  name: README.md file disclosure
  author: ambassify
  severity: info
  description: Internal documentation file often used in projects which can contain sensitive information.
  metadata:
    max-request: 1
    shodan-query: html:"README.MD"
  tags: exposure,markdown,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/README.md"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "#"
          - "##"
        condition: or

      - type: word
        part: header
        words:
          - "text/markdown"
          - "text/plain"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a0046304402206b76417eb6df0d92f2be2e0e45dfd39f0a1cdf5b87d9f6ec37e7ea4d1def1d4102206cdfd8906eea83131ea20f8a5b02454daff67c9a37435fce8a389ef6d93ac0c8:922c64590222798bb761d5b6d8e72950