id: htpasswd-detection info: name: Detect exposed .htpasswd files author: geeknik severity: info tags: config,exposure requests: - method: GET path: - "{{BaseURL}}/.htpasswd" matchers-condition: and matchers: - type: word words: - ":{SHA}" - ":$apr1$" - ":$2y$" condition: or - type: status status: - 200