Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GitHub Debug Page

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#github#debug
Description

What is the "GitHub Debug Page?"

The "GitHub Debug Page" module is designed to detect misconfigurations on GitHub repositories. It targets repositories that have a debug page enabled, which can potentially expose sensitive information. This module has an informative severity level and was authored by ritikchaddha.

Impact

If a misconfigured GitHub repository is detected, it could lead to the exposure of sensitive information, such as API keys, credentials, or internal system details. This can pose a significant security risk to the organization or individual who owns the repository.

How does the module work?

The "GitHub Debug Page" module works by sending HTTP requests to GitHub repositories and analyzing the responses. It uses specific matching conditions to identify repositories that have a debug page enabled. The module checks if the response body contains the phrase "GitHub Debug" and if the HTTP status code is 200 (OK). If both conditions are met, the module reports a potential misconfiguration.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: github.com

The matching conditions used by the module are:

- The response body must contain the phrase "GitHub Debug". - The HTTP status code must be 200 (OK).

When these conditions are satisfied, the module identifies the repository as potentially misconfigured and reports it as a finding.

Module preview

Concurrent Requests (0)
Passive global matcher
word: GitHub Debugand
status: 200
On match action
Report vulnerability