Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module detects the exposure of Spring Boot mappings and actuator endpoints, allowing you to identify potential security risks in your application.
The "Detect Springboot Mappings Actuator" module is designed to identify misconfigurations and potential vulnerabilities in Spring Boot applications. It specifically focuses on detecting the exposure of mappings and actuator endpoints, which can pose security risks if not properly secured.
This module targets Spring Boot applications and provides a low severity level, indicating that the identified issues may have limited impact but should still be addressed to ensure the security of your application.
If the exposure of Spring Boot mappings and actuator endpoints is detected, it could potentially allow unauthorized access to sensitive information or functionality within your application. This could lead to data breaches, unauthorized modifications, or other security incidents.
The "Detect Springboot Mappings Actuator" module works by sending HTTP requests to specific endpoints and analyzing the responses. It uses a set of matching conditions to determine if the mappings and actuator endpoints are exposed.
Here is an example of an HTTP request sent by this module:
GET /mappings HTTP/1.1
Host: example.com
Accept: application/json
The module checks for the presence of specific keywords in the response body, such as "mappings", "method", and "produces". It also verifies that the response headers contain one of the following content types: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". Additionally, it ensures that the response status code is 200.
If all the matching conditions are met, the module reports the potential exposure of Spring Boot mappings and actuator endpoints.
Note: This module is designed to assist in identifying security risks and should be used as part of a comprehensive security testing strategy. It is important to address any identified issues promptly to ensure the security of your Spring Boot application.