rules:
- name: Git Repository - HEAD
path: /.git/HEAD
signature: "ref: refs/"
description: "Exposed Git repository can reveal source code and sensitive data"
severity: high
- name: Git Repository - Config
path: /.git/config
signature: "[core]"
description: "Exposed Git configuration may contain repository URLs and credentials"
severity: high
- name: Git Repository - Index
path: /.git/index
signature: "DIRC"
description: "Exposed Git index reveals file structure and changes"
severity: high
- name: Git Repository - Logs
path: /.git/logs/HEAD
signature: "0000000000000000"
description: "Exposed Git logs contain commit history and possibly sensitive comments"
severity: high
- name: Swagger UI
path: /swagger-ui.html
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: Swagger UI - Alt
path: /swagger/index.html
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: Swagger JSON
path: /v2/api-docs
signature: "swagger"
description: "Exposed Swagger definition reveals API structure"
severity: medium
- name: Swagger UI - Docs
path: /docs/
signature: "Swagger UI"
description: "Exposed API documentation can reveal endpoint details"
severity: medium
- name: OpenAPI
path: /openapi.json
signature: "openapi"
description: "Exposed OpenAPI definition reveals API structure"
severity: medium
- name: API Documentation
path: /api/docs
signature: "API"
description: "Exposed API documentation reveals endpoint structure"
severity: medium
