Scan for Technology-Specific Vulnerabilities
Scan for Technology-Specific Vulnerabilities
Scan the identified technologies on your attack surface using tailored checks and methodologies for each
Category
Vulnerability Scanning
Inputs
header
string
Header(s) to include in HTTP requests
header-file
file
Header(s) to include in HTTP requests
web-technologies
file
requiredJSONLines records of web technology discovery details from the Fingerprint Web Technologies module
Outputs
findingsweb-technologies
Features
Scan for Technology-Specific Vulnerabilities
Description
Scan the identified technologies on your attack surface using tailored checks and methodologies for each. The currently supported technologies are:
- WordPress
- Microsoft IIS
- Ivanti Pulse Secure
- Joomla
- GitLab
- Jenkins
- Spring Boot
- Jira
- Splunk
- WebLogic
Features
- Performs custom checks based on the identified technologies for a more targeted scan.
- Detects related components and extensions, such as WordPress plugins and themes.
- Can scan thousands of web servers simultaneously.
Inputs
Required
- web-technologies: JSONLines records of web technology discovery details from the “Fingerprint Web Technologies” module.
{"asset": "https://foo.example.com", "technology": "WordPress"}
{"asset": "https://bar.example.com", "technology": "Microsoft IIS"}
{"asset": "https://baz.example.com", "technology": "Springboot Actuators"}
Optional
- header: Header(s) to include in HTTP requests
- header-file: File with header(s) to include in HTTP requests
Outputs
- findings: JSONLines records of finding details.
{"finding": "Outdated WordPress Plugin", "location": "https://foo.example.com", "severity": "unknown", "hostname": "foo.example.com", "domain_name": "example.com", "method": "GET", "description": "Detected WordPress plugin \"elementor\" version 3.6.2"}
{"finding": "IIS Short File Name Enumeration", "location": "https://bar.example.com", "severity": "unknown", "hostname": "bar.example.com", "domain_name": "example.com", "method": "GET", "description": "The IIS server is vulnerable to an issue that reveals short names for files and directories using the 8.3 file naming scheme. By sending specially crafted requests containing the tilde \"~\" character, attackers can exploit this flaw to discover hidden files or directories, potentially exposing sensitive information"}
{"finding": "Spring Boot Actuators (Jolokia) XXE", "location": "https://baz.example.com/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml", "hostname": "baz.example.com", "domain_name": "example.com", "severity": "high", "method": "GET", "description": "A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine."}
- web-technologies: JSONLines records of web component discovery details.
{"asset": "https://foo.example.com", "technology": "elementor WordPress plugin", "location": "https://foo.example.com/wp-content/plugins/elementor/", "context": "3.6.2"}
Changelog
- v1.0.0
- Initial release
- v1.1.0
- Added
header-fileinput
- Added