Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apiman Login Panel

By kannthu

Informative
Vidoc logoVidoc Module
#panel#apiman
Description

What is the "Apiman Login Panel" module?

The "Apiman Login Panel" module is a test case designed to detect the presence of an Apiman instance through login redirection. Apiman is a software platform that provides API management capabilities. This module focuses on identifying potential misconfigurations or vulnerabilities in the Apiman login panel.

Severity: Informative

Author: righettod

Impact

This module does not directly impact the target system. Instead, it aims to provide information about the presence of an Apiman instance and any potential security risks associated with its login panel.

How does the module work?

The "Apiman Login Panel" module uses HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/apimanui/api-manager" path and applies the following matching conditions:

- Header Matcher: Checks if the header contains the string "/auth/realms/apiman". - Status Matcher: Verifies if the response status is 302 (Found).

If both matching conditions are met, the module considers the Apiman instance as detected.

Example HTTP Request:

GET /apimanui/api-manager

For more information about Apiman, you can refer to the official documentation: https://www.apiman.io/latest/

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/apimanui/api-manage...
Matching conditions
word: /auth/realms/apimanand
status: 302
Passive global matcher
No matching conditions.
On match action
Report vulnerability