Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Exposed Kibana" module is designed to detect misconfigurations in the Kibana software. Kibana is an open-source data visualization and exploration tool commonly used with Elasticsearch. This module focuses on identifying instances of Kibana that are exposed to the internet without proper authentication.
This module has a medium severity level, indicating that it can potentially lead to security vulnerabilities if left unaddressed.
Author: Shine
If the "Exposed Kibana" module detects an exposed instance of Kibana, it indicates that unauthorized individuals may have access to sensitive data and functionalities. This can pose a significant risk to the confidentiality and integrity of the system.
The "Exposed Kibana" module works by sending a GET request to the "/app/kibana/" path of the target system. It then applies matching conditions to determine if the response indicates the presence of an exposed Kibana instance.
The matching conditions used by this module are:
- Matchers: - Part: All - Type: Word - Words: kibanaWelcomeView, cluster_uuid, kibanaWelcomeLogo, kibanaWelcomeTitle - Negative: False - Condition: And - Part: All - Type: Status - Status: 200 - Negative: False - Condition: AndIf both matching conditions are met, the module reports a vulnerability, indicating that an exposed Kibana instance has been found.