Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Django Config - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#config#django
Description

What is the "Django Config - Detect" module?

The "Django Config - Detect" module is designed to detect misconfigurations in Django applications. It targets the Django web application framework and aims to identify potential vulnerabilities that could be exploited. The severity of the detected issues is classified as informative. This module was authored by nobody.

Impact

The module scans for Django configuration information that could reveal web application framework exceptions. These exceptions may indicate potential exploitation attempts.

How does the module work?

The "Django Config - Detect" module uses HTTP request templates and matching conditions to perform its scanning. It checks for the following conditions:

- The presence of specific words in the response body, such as "seeing this error because you have <code>DEBUG = True</code>," "SuspiciousOperation," "DisallowedHost," and more. - The presence of the "text/html" header in the response. - A response status code of 400.

If all of these conditions are met, the module reports a potential misconfiguration in the Django application.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner
Accept: text/html

Please note that the actual JSON definitions of the module are not shown here for simplicity.

Module preview

Concurrent Requests (0)
Passive global matcher
word: seeing this error because you have <code...and
word: text/htmland
status: 400
On match action
Report vulnerability