Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Github pages config file

By kannthu

Informative
Vidoc logoVidoc Module
#github#exposure#config#files
Description

What is the "Github pages config file?"

The "Github pages config file" module is designed to detect the presence of a configuration file used by Github Pages. Github Pages is a feature of the popular code hosting platform Github that allows users to host static websites directly from their Github repositories. This module focuses on identifying misconfigurations in the Github pages configuration file.

This module has an informative severity level, which means it provides valuable information but does not indicate a vulnerability or immediate threat.

Impact

If misconfigured, the Github pages configuration file can lead to issues with the rendering and functionality of the hosted website. It is important to ensure that the configuration file is properly set up to avoid any unintended consequences.

How the module works?

The "Github pages config file" module works by sending an HTTP GET request to the "/_config.yml" path of the target website. It then applies matching conditions to determine if the configuration file is present and if it contains specific keywords such as "jekyll", "title", and "baseurl".

For example, if the HTTP response status is 200 and the words "jekyll", "title", and "baseurl" are found in the configuration file, the module will consider it a match.

This module helps identify potential misconfigurations in the Github pages configuration file, allowing users to address any issues and ensure the proper functioning of their hosted websites.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/_config.yml
Matching conditions
status: 200and
word: jekyll, title, baseurl
Passive global matcher
No matching conditions.
On match action
Report vulnerability