Category

Vulnerability Scanning

Inputs

urls
file
required
List of web server URLs
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
header-file
file
Header(s) to include in HTTP requests

Outputs

findings

Scan for Misconfigured Software

Description

Scan for web misconfigurations that range from disclosing information and exposing sensitive functionality to enabling complete takeover of an asset

Features

  • Scans for a wide range of misconfiguration scenarios.
  • Validates the server responses to minimize false positives.
  • Can scan thousands of web servers simulataneously.

Inputs

Required

  • urls: a list of URLs
https://foo.example.com

https://bar.example.com

https://bar.example.com/app

Optional

  • header: Header(s) to include in HTTP requests
  • header-file: File with header(s) to include in HTTP requests
  • rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

  • findings: JSONLines records of finding details.
{"finding": "Uninitialized GitLab instances", "location": "https://foo.example.com/users/sign_in", "severity": "high", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "description": "Prior to version 14, GitLab installations required a root password to be set via the web UI. If the administrator skipped this step, any visitor could set a password and control the instance."}

{"finding": "Public Swagger API", "location": "https://bar.example.com/app/docs", "severity": "info", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "description": "Public Swagger API was detected."}

Changelog

  • v1.0.0
    • Initial release
  • v1.0.1
    • Added Basic Auth to the list of flagged configurations with a severity level of info
  • v1.1.0
    • Added header-file input
  • v1.2.0
    • Added recursive scanning to detect vulnerabilities at every level of the input URL paths