Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ESPHome Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#esphome#iot
Description

ESPHome Login Panel - Detect

What is the "ESPHome Login Panel - Detect?"

The "ESPHome Login Panel - Detect" module is designed to detect the presence of the ESPHome login panel. ESPHome is an open-source framework for building custom firmware for ESP8266/ESP32 devices. This module specifically targets the login panel of ESPHome installations.

The severity of this module is classified as informative, meaning it provides information about the presence of the login panel but does not indicate any specific vulnerability or misconfiguration.

This module was authored by fabaff.

Impact

The impact of detecting the ESPHome login panel is primarily informational. It indicates that the login panel is accessible and can be used to authenticate and manage ESPHome devices.

How does the module work?

The "ESPHome Login Panel - Detect" module works by sending an HTTP GET request to the "/login" path of the target ESPHome installation. It then applies two matching conditions to determine if the login panel is present:

    - The module checks if the response body contains the HTML class "esphome-header". This indicates the presence of the login panel. - The module verifies that the HTTP response status is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the ESPHome login panel.

Example HTTP request:

GET /login

Matching conditions:

- The response body must contain the HTML class "esphome-header". - The HTTP response status must be 200.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/login
Matching conditions
word: class="esphome-headerand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability