Scan for Misconfigured Software
Scan for Misconfigured Software
Scan for web misconfigurations that can expose sensitive functionality
Category
Vulnerability Scanning
Inputs
urls
file
requiredList of web server URLs
header
string
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
Outputs
findings
Features
Scan for Misconfigured Software
Description
Scan for web misconfigurations that range from disclosing information and exposing sensitive functionality to enabling complete takeover of an asset
Features
- Scans for a wide range of misconfiguration scenarios.
- Validates the server responses to minimize false positives.
- Can scan thousands of web servers simulataneously.
Inputs
Required
- urls: a list of URLs
https://foo.example.com
https://bar.example.com
https://bar.example.com/app
Optional
- header: Header(s) to include in HTTP requests
- header-file: File with header(s) to include in HTTP requests
- rate-limit: Maximum number of requests to send per second per machine (default: 300)
Outputs
- findings: JSONLines records of finding details.
{"finding": "Uninitialized GitLab instances", "location": "https://foo.example.com/users/sign_in", "severity": "high", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "description": "Prior to version 14, GitLab installations required a root password to be set via the web UI. If the administrator skipped this step, any visitor could set a password and control the instance."}
{"finding": "Public Swagger API", "location": "https://bar.example.com/app/docs", "severity": "info", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "description": "Public Swagger API was detected."}
Changelog
- v1.0.0
- Initial release
- v1.0.1
- Added
Basic Authto the list of flagged configurations with a severity level ofinfo
- Added
- v1.1.0
- Added
header-fileinput
- Added