Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Github Gemfiles

By kannthu

Informative
Vidoc logoVidoc Module
#github#exposure#files
Description

What is the "Github Gemfiles?"

The "Github Gemfiles" module is designed to detect the presence of Gemfile and Gemfile.lock files on GitHub pages. These files are commonly used in Ruby projects to manage dependencies. The module is authored by hahwul and has an informative severity level.

Impact

This module does not have a direct impact on the target system. It is used to identify the presence of Gemfile and Gemfile.lock files, which can provide insights into the dependencies and configurations of a Ruby project hosted on GitHub.

How the module works?

The "Github Gemfiles" module works by sending HTTP requests to specific paths on the target GitHub page, namely "/Gemfile" and "/Gemfile.lock". It then applies matching conditions to determine if the response body contains certain keywords related to RubyGems and the presence of gems or remote specifications.

For example, one of the matching conditions checks if the response body contains the following keywords: "https://rubygems.org", "source", "gem", and a status code of 200. If all these conditions are met, the module considers the Gemfile or Gemfile.lock file to be present.

It is important to note that this module does not perform any vulnerability or misconfiguration checks. Its purpose is solely to identify the presence of Gemfile and Gemfile.lock files on GitHub pages.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Gemfile/Gemfile.lock
Matching conditions
dsl: contains(body, "https://rubygems.org"), ...or
dsl: contains(body, "https://rubygems.org"), ...
Passive global matcher
No matching conditions.
On match action
Report vulnerability