Exposed Kibana

What is "Exposed Kibana"?

The "Exposed Kibana" module is designed to detect misconfigurations in the Kibana software. Kibana is an open-source data visualization and exploration tool commonly used with Elasticsearch. This module focuses on identifying instances of Kibana that are exposed to the internet without proper authentication.

This module has a medium severity level, indicating that it can potentially lead to security vulnerabilities if left unaddressed.

Author: Shine

Impact

If the "Exposed Kibana" module detects an exposed instance of Kibana, it indicates that unauthorized individuals may have access to sensitive data and functionalities. This can pose a significant risk to the confidentiality and integrity of the system.

How does the module work?

The "Exposed Kibana" module works by sending a GET request to the "/app/kibana/" path of the target system. It then applies matching conditions to determine if the response indicates the presence of an exposed Kibana instance.

The matching conditions used by this module are:

- Matchers: - Part: All - Type: Word - Words: kibanaWelcomeView, cluster_uuid, kibanaWelcomeLogo, kibanaWelcomeTitle - Negative: False - Condition: And - Part: All - Type: Status - Status: 200 - Negative: False - Condition: And

If both matching conditions are met, the module reports a vulnerability, indicating that an exposed Kibana instance has been found.