diff --git a/library/helpers/attackPath.test.ts b/library/helpers/attackPath.test.ts
index fc772370..b4e3ac54 100644
--- a/library/helpers/attackPath.test.ts
+++ b/library/helpers/attackPath.test.ts
@@ -11,7 +11,8 @@ t.test("it gets paths to payload", async (t) => {
     d: [12, "test", "payload"],
   };
 
-  t.same(get("payload", testObj1), [".a.b.c", ".d.[2]"]);
+  t.same(get("payload", testObj1), [".a.b.c"]);
+  t.same(get("payload", testObj1, 2), [".a.b.c", ".d.[2]"]);
   t.same(get("test", testObj1), [".d.[1]"]);
   t.same(get("notfound", testObj1), []);
 
@@ -26,15 +27,11 @@ t.test("it gets paths to payload", async (t) => {
   );
 
   t.same(
-    get("string", [
+    get(
       "string",
-      1,
-      true,
-      null,
-      undefined,
-      { test: "test" },
-      "string",
-    ]),
+      ["string", 1, true, null, undefined, { test: "test" }, "string"],
+      2
+    ),
     [".[0]", ".[6]"]
   );
 
@@ -58,19 +55,8 @@ t.test("it works with jwt", async (t) => {
   t.same(get("notfound", testObj2), []);
 });
 
-t.test("maximum match count of 10", async (t) => {
+t.test("set max count", async (t) => {
   const testArr = Array.from({ length: 20 }, () => "test");
 
-  t.same(get("test", testArr), [
-    ".[0]",
-    ".[1]",
-    ".[2]",
-    ".[3]",
-    ".[4]",
-    ".[5]",
-    ".[6]",
-    ".[7]",
-    ".[8]",
-    ".[9]",
-  ]);
+  t.same(get("test", testArr, 5), [".[0]", ".[1]", ".[2]", ".[3]", ".[4]"]);
 });
diff --git a/library/helpers/attackPath.ts b/library/helpers/attackPath.ts
index 2261c3d9..03214dcc 100644
--- a/library/helpers/attackPath.ts
+++ b/library/helpers/attackPath.ts
@@ -1,8 +1,8 @@
 import { isPlainObject } from "./isPlainObject";
 import { tryDecodeAsJWT } from "./tryDecodeAsJWT";
 
-// Maximum match count to return
-const MAX_MATCH_COUNT = 1;
+// Default match count to return
+const DEFAULT_MATCH_COUNT = 1;
 
 export type PathPart =
   | { type: "jwt" }
@@ -33,14 +33,15 @@ export function buildPathToPayload(pathToPayload: PathPart[]): string {
 
 export function getPathsToPayload(
   attackPayload: string,
-  obj: unknown
+  obj: unknown,
+  matchCount = DEFAULT_MATCH_COUNT
 ): string[] {
   const matches: string[] = [];
 
   const attackPayloadLowercase = attackPayload.toLowerCase();
 
   const traverse = (value: unknown, path: PathPart[] = []) => {
-    if (matches.length >= MAX_MATCH_COUNT) {
+    if (matches.length >= matchCount) {
       return;
     }