id: iotawatt-app-exposure
info:
  name: IoTaWatt Configuration app
  author: pussycat0x
  severity: high
  description: unauthenticated IoTaWatt energy monitor leads to upload to any of several third-party energy websites/database
  metadata:
    fofa-query: 'app="IoTaWatt-Configuration-app"'
  tags: iot,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - '<h3>Configure IoTaWatt Device</h3>'
          - '<title>IoTaWatt Configuration app</title>'
        condition: and
        part: body

      - type: status
        status:
          - 200