id: keycloak-json

info:
  name: Keycloak JSON File
  author: oppsec
  severity: info
  metadata:
    max-request: 1
  tags: exposure,keycloak,config,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/keycloak.json"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - realm
          - resource
          - auth-server-url
        condition: and

      - type: status
        status:
          - 200

# digest: 4b0a004830460221009acc353a326ecb9df8fae0ac2780849233f7b1bca07d6b306abbcaa25e8936e4022100e4b00ec3576fa8492000c405ad847e18296b91f3d3c6bec750fa928b434a18e7:922c64590222798bb761d5b6d8e72950