Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ArcGIS Enterprise Panel

By kannthu

Informative
Vidoc logoVidoc Module
#docs#arcgis#cms#panel
Description

What is the "ArcGIS Enterprise Panel?"

The "ArcGIS Enterprise Panel" module is designed to detect misconfigurations, vulnerabilities, or the presence of the ArcGIS software. It targets ArcGIS Enterprise, a mapping and analytics platform that enables organizations to securely share and manage geographic information.

This module has an informative severity level, meaning it provides valuable information without posing an immediate threat.

Author: Podalirius

Impact

This module helps identify potential security risks or misconfigurations in ArcGIS Enterprise installations. By detecting vulnerabilities or misconfigurations, organizations can take appropriate measures to mitigate potential risks and ensure the secure operation of their ArcGIS environment.

How does the module work?

The "ArcGIS Enterprise Panel" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends HTTP requests to the target ArcGIS Enterprise instance and evaluates the responses based on predefined conditions.

For example, one of the HTTP requests sent by this module could be:

GET /portal/portalhelp/en/

The module then applies matching conditions to the response to determine if specific criteria are met. In this case, the matching conditions include:

- The response must contain the words "ArcGIS Enterprise" and "Installation and Deployment" (CWE-ID: CWE-200). - The response status code must be 200 (OK).

If both conditions are met, the module considers the test case successful and reports the discovery of an ArcGIS instance.

For more information about ArcGIS Enterprise, you can refer to the official documentation: https://enterprise.arcgis.com/en/

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/portal/portalhelp/e...
Matching conditions
word: ArcGIS Enterprise, Installation and Depl...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability