Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Springboot Env Actuator

By kannthu

Low
Vidoc logoVidoc Module
#springboot#exposure
Description

What is the "Detect Springboot Env Actuator?" module?

The "Detect Springboot Env Actuator" module is designed to detect misconfigurations in Spring Boot applications. It specifically targets the Spring Boot Actuator endpoint "/env" and its variations. This module has a low severity level and was authored by that_juan_, dwisiswant0, wdahlenb, philippedelteil, and stupidfish.

Impact

This module aims to identify sensitive environment variables that may not be properly masked in Spring Boot applications. By detecting these misconfigurations, it helps prevent potential security vulnerabilities and data leaks.

How does the module work?

The "Detect Springboot Env Actuator" module works by sending HTTP requests to the targeted Spring Boot Actuator endpoints, such as "/env" and "/actuator/env". It then applies matching conditions to analyze the responses and determine if any sensitive information is exposed.

Here is an example of an HTTP request sent by this module:

GET /env

The module uses various matching conditions to identify misconfigurations:

- The response body is checked for the presence of specific words, such as "applicationConfig" and "activeProfiles". - The response body is also checked for the presence of words related to server ports, such as "server.port" and "local.server.port". - The response headers are checked for specific content types, including "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json", and "application/vnd.spring-boot.actuator.v2+json". - The HTTP response status code is checked to ensure it is 200 (OK).

By combining these matching conditions, the module can accurately detect misconfigurations in Spring Boot applications related to the Actuator endpoint.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/env/actuator/env/actuator;/env;(+1 paths)
Matching conditions
word: applicationConfig, activeProfilesand
word: server.port, local.server.portand
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability