Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Generic Env File Disclosure

By kannthu

High
Vidoc logoVidoc Module
#config#exposure#env
Description

Generic Env File Disclosure

What is the "Generic Env File Disclosure?"

The "Generic Env File Disclosure" module is designed to detect misconfigurations in the environment files of a web application. It targets applications that use environment files to store sensitive information such as database credentials and tokens. This module helps identify instances where these environment files are publicly accessible, which can pose a security risk.

This module has a severity level of high, indicating that the vulnerability it detects can have significant consequences if not addressed.

Author: kazet

Impact

If a .env file containing sensitive information is publicly accessible, it can be exploited by attackers to gain unauthorized access to the application's resources. This can lead to data breaches, unauthorized modifications, and other security incidents.

How does the module work?

The "Generic Env File Disclosure" module works by sending HTTP requests to specific paths commonly used for storing environment files. It checks the response body of these requests for patterns that indicate the presence of sensitive information, such as database credentials and tokens.

For example, one of the paths checked is "/.env", which is a common default location for environment files. The module uses regular expressions to match patterns like "KEY", "TOKEN", "PASS", "SECRET", "DB_URL", "DATABASE_URL", and "MAILER_URL" followed by an equal sign. If a match is found, the module reports a vulnerability.

Here is an example of an HTTP request sent by the module:

GET /.env HTTP/1.1
Host: example.com

The module's matching conditions include checking the response body for the specified patterns. It uses the "and" condition, meaning all the patterns must be present for a match to occur.

It is important to note that the module does not provide any remediation actions. Its purpose is to identify the presence of a vulnerability so that appropriate measures can be taken to secure the environment files.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.env/.env.bak/.env.dev(+19 paths)
Matching conditions
regex: (?mi)^[a-z_]*(KEY|TOKEN|PASS|SECRET|DB_U...
Passive global matcher
No matching conditions.
On match action
Report vulnerability