Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fortinet FortiManager Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#fortinet#fortios#fortimanager#detect
Description

What is the "Fortinet FortiManager Panel - Detect" module?

The "Fortinet FortiManager Panel - Detect" module is designed to detect the presence of the Fortinet FortiManager panel. Fortinet FortiManager is a management platform used for centralized control and monitoring of Fortinet devices. This module focuses on detecting the panel and does not perform any configuration or vulnerability checks. The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a security risk. The original author of this module is johnk3r.

Impact

This module does not have any direct impact as it only detects the presence of the Fortinet FortiManager panel. However, the information obtained from this detection can be used for further analysis and security assessments.

How does the module work?

The "Fortinet FortiManager Panel - Detect" module works by sending an HTTP GET request to the "/p/login/" path of the target. It then applies matching conditions to determine if the response indicates the presence of the FortiManager panel. The matching conditions include checking the response body for the presence of the keyword "FortiManager" and verifying that the response status is 200 (OK). If both conditions are met, the module considers the FortiManager panel to be detected.

Example HTTP request:

GET /p/login/ HTTP/1.1
Host: [target_host]

The module's matching conditions:

- The response body must contain the keyword "FortiManager". - The response status must be 200 (OK).

For more information about Fortinet FortiManager, you can visit the official Fortinet FortiManager website.

Metadata:

- Max request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/p/login/
Matching conditions
word: FortiManagerand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability