Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Apiman Login Panel" module is a test case designed to detect the presence of an Apiman instance through login redirection. Apiman is a software platform that provides API management capabilities. This module focuses on identifying potential misconfigurations or vulnerabilities in the Apiman login panel.
Severity: Informative
Author: righettod
This module does not directly impact the target system. Instead, it aims to provide information about the presence of an Apiman instance and any potential security risks associated with its login panel.
The "Apiman Login Panel" module uses HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/apimanui/api-manager" path and applies the following matching conditions:
- Header Matcher: Checks if the header contains the string "/auth/realms/apiman". - Status Matcher: Verifies if the response status is 302 (Found).If both matching conditions are met, the module considers the Apiman instance as detected.
Example HTTP Request:
GET /apimanui/api-manager
For more information about Apiman, you can refer to the official documentation: https://www.apiman.io/latest/
Metadata: max-request: 1