Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Cargo TOML File Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#files#cargo
Description

What is the "Cargo TOML File Disclosure?"

The "Cargo TOML File Disclosure" module is designed to detect the exposure of sensitive files in the Cargo.toml file of a Rust project. This module targets the Cargo.toml file, which is a configuration file used by the Cargo package manager in Rust.

The severity of this module is classified as informative, meaning it provides valuable information but does not pose a direct vulnerability or misconfiguration.

This module was authored by DhiyaneshDk.

Impact

The exposure of the Cargo.toml file can potentially reveal sensitive information about the project, such as package dependencies and other metadata. This information could be useful for attackers to gain insights into the project's structure and potentially exploit any vulnerabilities.

How the module works?

The "Cargo TOML File Disclosure" module works by sending an HTTP GET request to the "/Cargo.toml" path of the target. It then applies matching conditions to determine if the Cargo.toml file is exposed and contains specific keywords.

An example of the HTTP request sent by this module:

GET /Cargo.toml

The module uses the following matching conditions:

- The response body must contain the keywords "[package]" and "[dependencies]". - The response status code must be 200 (OK).

If both matching conditions are met, the module identifies the Cargo.toml file as exposed and reports it as a potential vulnerability.

For more information about the Cargo.toml file and its structure, refer to the official Rust documentation.

Metadata:

- Verified: true - Shodan query: html:"Cargo.toml"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Cargo.toml
Matching conditions
word: [package], [dependencies]and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability