Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detects Springboot Features Actuator" module is designed to detect misconfigurations in Springboot applications. It specifically targets the Springboot Actuator feature, which provides endpoints for monitoring and managing the application. This module has a low severity level and was authored by DhiyaneshDK.
This module helps identify potential misconfigurations in the Springboot Actuator feature. Misconfigurations in this area can lead to unauthorized access or exposure of sensitive information, posing a security risk to the application.
The module works by sending HTTP requests to specific endpoints related to the Springboot Actuator feature. It then applies matching conditions to determine if any misconfigurations are present. The matching conditions include:
- Checking the response body for the presence of the keywords "\"enabled\":[\" and "\"disabled\":[\"" to identify enabled or disabled features. - Verifying the presence of specific headers, such as "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". - Ensuring that the HTTP response status is 200.By analyzing these conditions, the module can identify potential misconfigurations in the Springboot Actuator feature.
Example HTTP request:
GET /features HTTP/1.1
Host: example.com
Note: The above example is a simplified representation of the HTTP request and does not include all the headers and parameters that may be present in the actual request.