Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ArcGIS Token Service - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#arcgis#tokens#detect
Description

What is the "ArcGIS Token Service - Detect?"

The "ArcGIS Token Service - Detect" module is designed to check for the existence of the ArcGIS Token Service on an ArcGIS server. ArcGIS is a geographic information system (GIS) software that allows users to create, analyze, and share maps and spatial data. This module focuses on detecting misconfigurations related to the ArcGIS Token Service.

This module has an informative severity level, which means it provides valuable information but does not indicate a critical vulnerability or security issue.

Author: HeeresS

Impact

This module does not directly impact the system being scanned. Instead, it helps identify potential misconfigurations in the ArcGIS Token Service, which could lead to security vulnerabilities if left unaddressed.

How does the module work?

The "ArcGIS Token Service - Detect" module sends an HTTP GET request to the "/arcgis/tokens/" path on the target server. It then applies two matching conditions to determine if the ArcGIS Token Service is present:

    - The module checks the response body for the presence of the string "alt="ArcGIS Token Service". This indicates that the ArcGIS Token Service HTML element is present in the response body. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports a successful detection of the ArcGIS Token Service.

Example HTTP request:

GET /arcgis/tokens/ HTTP/1.1
Host: [target server]

Note: The actual target server and other specific details will be provided by the Vidoc platform during scanning.

For more information about ArcGIS, you can visit the official website: https://enterprise.arcgis.com/en/

Metadata:

- max-request: 1 - verified: true - shodan-query: title:"ArcGIS"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/arcgis/tokens/
Matching conditions
word: alt="ArcGIS Token Serviceand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability