​

Scan for Misconfigured Software

​

Description

Scan for web misconfigurations that range from disclosing information and exposing sensitive functionality to enabling complete takeover of an asset

​

Features

• Scans for a wide range of misconfiguration scenarios.
• Validates the server responses to minimize false positives.
• Can scan thousands of web servers simulataneously.

​

Inputs

​

Required

• urls: a list of URLs

https://foo.example.com

https://bar.example.com

https://bar.example.com/app

​

Optional

• header: Header(s) to include in HTTP requests
• header-file: File with header(s) to include in HTTP requests
• rate-limit: Maximum number of requests to send per second per machine (default: 300)

​

Outputs

• findings: JSONLines records of finding details.

{"finding": "Uninitialized GitLab instances", "location": "https://foo.example.com/users/sign_in", "severity": "high", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "description": "Prior to version 14, GitLab installations required a root password to be set via the web UI. If the administrator skipped this step, any visitor could set a password and control the instance."}

{"finding": "Public Swagger API", "location": "https://bar.example.com/app/docs", "severity": "info", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "description": "Public Swagger API was detected."}

​

Changelog

• v1.0.0
  • Initial release
• v1.0.1
  • Added Basic Auth to the list of flagged configurations with a severity level of info
• v1.1.0
  • Added header-file input
• v1.2.0
  • Added recursive scanning to detect vulnerabilities at every level of the input URL paths