Apiman Login Panel

What is the "Apiman Login Panel" module?

The "Apiman Login Panel" module is a test case designed to detect the presence of an Apiman instance through login redirection. Apiman is a software platform that provides API management capabilities. This module focuses on identifying potential misconfigurations or vulnerabilities in the Apiman login panel.

Severity: Informative

Author: righettod

Impact

This module does not directly impact the target system. Instead, it aims to provide information about the presence of an Apiman instance and any potential security risks associated with its login panel.

How does the module work?

The "Apiman Login Panel" module uses HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/apimanui/api-manager" path and applies the following matching conditions:

- Header Matcher: Checks if the header contains the string "/auth/realms/apiman". - Status Matcher: Verifies if the response status is 302 (Found).

If both matching conditions are met, the module considers the Apiman instance as detected.

Example HTTP Request:

GET /apimanui/api-manager

For more information about Apiman, you can refer to the official documentation: https://www.apiman.io/latest/

Metadata: max-request: 1