Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Springboot Beans Actuator

By kannthu

Low
Vidoc logoVidoc Module
#springboot#exposure
Description

What is the "Detect Springboot Beans Actuator?"

The "Detect Springboot Beans Actuator" module is designed to detect the presence of Spring beans in a Spring Boot application. It specifically targets applications running on the Spring Boot framework and allows for the detection of potential misconfigurations or vulnerabilities. The severity of this module is classified as low.

Impact

This module helps identify any misconfigurations or vulnerabilities related to Spring beans in a Spring Boot application. By detecting these issues, it enables developers to address them and enhance the security and performance of their applications.

How the module works?

The "Detect Springboot Beans Actuator" module works by sending HTTP requests to specific endpoints ("/beans" and "/actuator/beans") in the target application. It then applies matching conditions to determine if the response indicates the presence of Spring beans.

The matching conditions for this module are as follows:

- The response body must contain the words "type", "beans", "dependencies", and "scope". - The HTTP response status must be 200 (OK). - The response headers must include one of the following: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json".

If all of these conditions are met, the module will report a potential misconfiguration or vulnerability related to Spring beans in the target application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/beans/actuator/beans
Matching conditions
word: "type", "beans", "dependencies", "scope"and
status: 200and
word: application/json, application/vnd.spring...
Passive global matcher
No matching conditions.
On match action
Report vulnerability