Nuclei-Templates-Worth-Avoiding.txt

  - missing-csp
  - deprecated-tls
  - http-missing-security-headers
  - tls-version
  - addeventlistener-detect
  - addeventlistener-message
  - aem-misconfigs
  - akamai-cache-detect
  - apache-detect
  - api-endpoints
  - api-linkfinder
  - apple-app-site-association
  - Application-dos
  - aspx-debug-mode
  - aws-cloudfront-service
  - azure-domain-tenant
  - basic-auth-detect
  - basic-auth-detection
  - basic-cors-misconfig-flash
  - caa-fingerprint
  - cname-fingerprint
  - cname-service
  - cname-service-detection
  - cors-misconfig
  - credentials-disclosure
  - credentials-disclosure-all
  - deprecated-tls
  - detect-all-takeovers
  - detect-options-method
  - detect-sentry
  - developer-notes
  - display-via-header
  - dmarc-detect
  - email-address-extraction
  - email-extractor
  - expired-ssl
  - exposed-metrics
  - Express-LFR-GET
  - Express-LFR-json
  - fastly-takeover
  - fingerprinthub-web-fingerprints
  - foulenzer-tech
  - generic-tokens
  - google-bucket-service
  - google-frontend-httpserver
  - gpc-json
  - graphite-browser-default-credential
  - hashicorp-consul-version
  - header-reflection
  - header-sqli
  - http-missing-security-headers
  - http-username-password
  - insecure-crossdomain
  - jira-unauthenticated-user-picker
  - kubelet-metrics
  - kubernetes-metrics
  - Labda_403Bypass_slash
  - Labda_403_Finder
  - lvm-exporter-metrics
  - metatag-cms
  - mismatched-ssl
  - missing-hsts
  - missing-x-frame-options
  - mx-fingerprint
  - nameserver-detection
  - nameserver-fingerprint
  - nginx-version
  - old-copyright
  - openam-detect
  - openresty-detect
  - options-method
  - possibility-of-webshell
  - postgres-exporter-metrics
  - puppetdb-detect
  - request-based-interaction
  - robots-txt
  - robots-txt-endpoint
  - s3-hunter
  - search-field
  - security-txt
  - self-signed-ssl
  - sitemap-detect
  - ssl-dns-names
  - ssl-issuer
  - ssrf-by-proxy
  - swagger-api
  - swagger-version
  - tabnabbing-check
  - tech-detect
  - tls-sni-proxy
  - tls-version
  - txt-fingerprint
  - unauthenticated-varnish-cache-purge
  - user-id-headers
  - waf-detect
  - wordpress-detect
  - wp-admin-find
  - wp-detect
  - x-forwarded-for
  - x-forwarded-host
  - xss-deprecated-header