Detect exposed Swagger UI

What is the "Detect exposed Swagger UI?" module?

The "Detect exposed Swagger UI" module is designed to identify instances of the Swagger UI web interface that are publicly accessible. Swagger UI is a web interface used to interact with web APIs defined using the OpenAPI (formerly known as Swagger) specification. This module helps detect misconfigurations where the Swagger UI is exposed to the public, potentially exposing sensitive API documentation and resources.

This module has a low severity level, indicating that the vulnerability it detects may have limited impact on the overall security of the system.

Impact

If the Swagger UI is exposed to the public, it can potentially allow unauthorized access to API documentation and resources. This can lead to information disclosure and increase the risk of unauthorized access to sensitive data or functionality.

How does the module work?

The "Detect exposed Swagger UI" module works by sending HTTP requests to specific paths commonly associated with Swagger UI installations. It uses matching conditions to determine if the Swagger UI is present and accessible.

For example, the module may send a GET request to paths such as "/swagger-ui", "/api/docs/", or "/api/swagger/index.html". It then checks the response body for the presence of the phrase "Swagger UI" and verifies that the response status is 200 (indicating a successful request).

The module also includes global matching conditions that apply to all requests, ensuring consistent detection criteria.

If a match is found, the module reports the vulnerability, indicating that the Swagger UI is exposed and potentially accessible to unauthorized users.