secrets.yaml

# static secrets
static:
  - type: cookie
    domains:
      - pp-services.signin.education.gov.uk
    cookies:
      - key: session
        value: SESSION_VALUE
      - key: _csrf
        value: CSRF_VALUE
  # # 1. Basic Auth based auth
  # - type: basicauth
  #   domains:
  #     - scanme.sh
  #   username: test
  #   password: test

  # # 2. API Key (via query parameters) based auth
  # - type: query
  #   domains:
  #     - example.com
  #   params:
  #     - key: token
  #       value: 1a2b3c4d5e6f7g8h9i0j

  # # 3. Bearer Token based auth
  # - type: bearertoken
  #   domains-regex:
  #     - .*scanme.sh
  #     - .*pdtm.sh
  #   token: test
    
  # # 4. Custom Header based auth
  # - type: header
  #   domains:
  #     - api.projectdiscovery.io
  #     - cve.projectdiscovery.io
  #     - chaos.projectdiscovery.io
  #   headers:
  #     - key: x-pdcp-key
  #       value: <api-key-here>

  # 5. Cookie based auth
  # - type: cookie
  #   domains:
  #     - scanme.sh
  #   cookies:
  #     - key: PHPSESSID
  #       value: 1a2b3c4d5e6f7g8h9i0j
        # raw: "PHPSESSID=1a2b3c4d5e6f7g8h9i0j" (an alternative way to specify cookie value)


# dynamic secrets
# dynamic:
#     # A example dynamic login of Wordpress using REST API
#   - template: /path/to/wordpress-login.yaml
#     variables:
#       - name: username
#         value: pdteam
#       - name: password
#         value: nuclei-fuzz
#     input: auth-server.projectdiscovery.io # optional input/target, not required if target is hardcoded in template
#     # once login is successful, this can be used in below templatized static secret
#     type: cookie
#     domains:
#         - .*wp.*projectdiscovery.io
#     cookies:
#       - raw: "{{wp-global-cookie}}"
#       - raw: "{{wp-admin-cookie}}"
#       - raw: "{{wp-plugin-cookie}}"
    # Note: This here (^) is a static secret in a templatized form
    # so it can be any of the static secret type and not limited to just `cookie`.