Update redoc_exposed.md

Author: HamzaSahin61

documentation/modules/auxiliary/scanner/http/redoc_exposed.md

@@ -1,29 +1,33 @@
-## ReDoc API Docs UI Exposed
-
-Detects publicly exposed ReDoc API documentation pages by looking for known DOM elements and script names. The module is read-only and sends safe `GET` requests.
-
-
-#### REDOC_PATHS
-Comma-separated custom paths to probe. If unset, defaults to:
-/redoc,/redoc/,/docs,/api/docs,/openapi
+## Vulnerable Application
 
+Detects publicly exposed ReDoc API documentation pages by looking for known DOM elements and script names. The module
+is read-only and sends safe `GET` requests.
 
 ### How It Works
-
 - Prefers DOM checks (`<redoc>`, `#redoc`, or scripts containing `redoc` / `redoc.standalone`).
 - Falls back to title/body heuristics for “redoc”.
 - Considers only **2xx** and **403** responses (avoids noisy redirects).
-
-### Verification Steps
+  
+## Verification Steps
 
 1. Start `msfconsole`.
 2. `use auxiliary/scanner/http/redoc_exposed`
 3. `set RHOSTS <target-or-range>`
 4. (Optional) `set SSL true`
 5. (Optional) `set REDOC_PATHS /redoc,/docs`
 6. `run`
+   
+## Options
+### REDOC_PATHS
+Comma-separated custom paths to probe. If unset, defaults to `/redoc,/redoc/,/docs,/api/docs,/openapi`
 
-### Scenarios
+## How It Works
+
+- Prefers DOM checks (`<redoc>`, `#redoc`, or scripts containing `redoc` / `redoc.standalone`).
+- Falls back to title/body heuristics for “redoc”.
+- Considers only **2xx** and **403** responses (avoids noisy redirects).
+- 
+## Scenarios
 
 ```text
 msf6 > use auxiliary/scanner/http/redoc_exposed
@@ -32,9 +36,8 @@ msf6 auxiliary(scanner/http/redoc_exposed) > run
 [+] 192.0.2.15 - ReDoc likely exposed at /docs
 [*] 192.0.2.23 - no ReDoc found
 ```
-### Notes
+## Notes
 
 * **Stability**: `CRASH_SAFE` (GET requests only).
 * **Reliability**: No session creation.
 * **SideEffects**: Requests may appear in server logs (`IOC_IN_LOGS`).
-