Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Springboot Mappings Actuator

By kannthu

Low
Vidoc logoVidoc Module
#springboot#exposure
Description

Detect Springboot Mappings Actuator

This module detects the exposure of Spring Boot mappings and actuator endpoints, allowing you to identify potential security risks in your application.

What is the "Detect Springboot Mappings Actuator?"

The "Detect Springboot Mappings Actuator" module is designed to identify misconfigurations and potential vulnerabilities in Spring Boot applications. It specifically focuses on detecting the exposure of mappings and actuator endpoints, which can pose security risks if not properly secured.

This module targets Spring Boot applications and provides a low severity level, indicating that the identified issues may have limited impact but should still be addressed to ensure the security of your application.

Impact

If the exposure of Spring Boot mappings and actuator endpoints is detected, it could potentially allow unauthorized access to sensitive information or functionality within your application. This could lead to data breaches, unauthorized modifications, or other security incidents.

How the module works?

The "Detect Springboot Mappings Actuator" module works by sending HTTP requests to specific endpoints and analyzing the responses. It uses a set of matching conditions to determine if the mappings and actuator endpoints are exposed.

Here is an example of an HTTP request sent by this module:

GET /mappings HTTP/1.1
Host: example.com
Accept: application/json

The module checks for the presence of specific keywords in the response body, such as "mappings", "method", and "produces". It also verifies that the response headers contain one of the following content types: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". Additionally, it ensures that the response status code is 200.

If all the matching conditions are met, the module reports the potential exposure of Spring Boot mappings and actuator endpoints.

Note: This module is designed to assist in identifying security risks and should be used as part of a comprehensive security testing strategy. It is important to address any identified issues promptly to ensure the security of your Spring Boot application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/mappings/actuator/mappings
Matching conditions
word: mappings, method, producesand
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability