Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect websites using Google bucket storage

By kannthu

Informative
Vidoc logoVidoc Module
#google#tech#bucket
Description

Detect websites using Google bucket storage

What is "Detect websites using Google bucket storage?"

This module is designed to detect websites that are using Google bucket storage. It targets websites that may have misconfigurations or vulnerabilities related to their use of Google bucket storage. The severity of the detected issues is informative, meaning it provides valuable information but may not pose an immediate threat.

This module was authored by pdteam.

Impact

The impact of misconfigurations or vulnerabilities related to Google bucket storage can vary depending on the specific issue. However, it can potentially lead to unauthorized access to sensitive data stored in the buckets, data leakage, or other security risks.

How the module works?

This module works by analyzing the HTTP requests and matching them against specific conditions. It checks for the presence of certain headers in the HTTP requests, such as x-goog-component-count, x-goog-expiration, x-goog-generation, x-goog-metageneration, x-goog-stored-content-encoding, x-goog-stored-content-length, and x-guploader-uploadid.

If any of these headers are found in the HTTP requests, it indicates that the website is using Google bucket storage. The module then reports this information as a potential misconfiguration or vulnerability.

Here is an example of an HTTP request that could trigger the detection:

GET /example-bucket HTTP/1.1
Host: example.com
x-goog-component-count: 1
x-goog-expiration: 2023-12-31
x-goog-generation: 1234567890
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 12345
x-guploader-uploadid: ABCDEFGHIJKLMNOPQRSTUVWXYZ

The module matches the conditions by using a DSL (Domain Specific Language) that checks if any of the specified headers are present in the HTTP requests. The matching conditions are combined using the logical operator "or".

It's important to note that this module is just one test case that can be performed as part of the Vidoc platform's scanning process.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: contains(toLower(all_headers), `x-goog-c...
On match action
Report vulnerability