Create tinlance-remita-credentials-exposure.yaml to http/secrets/

LloydCoder · web-flow · commit ae358714d868 · 2025-12-06T22:25:10.000+08:00
New detector for Remita. Tested with Nuclei v3.x. #newtemplate
diff --git a/detectors/nuclei/http/secrets/tinlance-remita-credentials-exposure.yaml b/detectors/nuclei/http/secrets/tinlance-remita-credentials-exposure.yaml
@@ -0,0 +1,28 @@
+id: tinlance-remita-credentials-exposure
+
+info:
+  name: Remita Merchant ID & API Key Exposure - Tinlance Detection
+  author: Lloydcoder
+  severity: high
+  description: Detects leaked Remita merchant IDs, API keys and secret hashes used across Nigerian billing systems.
+  tags: exposure,remita,nigeria,fintech,tinlance,lloydcoder
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "\\b\\d{10,15}\\|[a-zA-Z0-9]{40,}\\b"
+          - "merchantId[\"']?\\s*[:=]\\s*[\"']?\\d{10,}[\"']?"
+      - type: word
+        words:
+          - "remita"
+          - "merchantId"
+          - "apiKey"
+          - "publicKey"
+        condition: or
+        case-insensitive: true
