Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GoCD Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#go#panel#gocd
Description

What is the "GoCD Login Panel - Detect" module?

The "GoCD Login Panel - Detect" module is designed to detect the presence of the GoCD login panel. GoCD is a popular open-source continuous delivery server that helps automate and streamline the software delivery process. This module focuses on detecting any misconfigurations or vulnerabilities related to the GoCD login panel.

This module has an informative severity level, which means it provides valuable information without indicating any immediate security risks. It is intended to help users identify potential issues and take appropriate actions to ensure the security and proper functioning of their GoCD login panel.

Impact

This module does not have any direct impact on the system or application being scanned. It is purely a detection module that helps identify potential misconfigurations or vulnerabilities related to the GoCD login panel. The impact of any detected issues will depend on the specific findings and the actions taken by the user to address them.

How the module works?

The "GoCD Login Panel - Detect" module works by sending an HTTP GET request to the "/go/auth/login" path of the target system. It then applies matching conditions to determine if the GoCD login panel is present and functioning correctly.

The module uses two matching conditions:

    - Matcher 1: It checks if the response body contains the words "<title>Login - Go</title>" and "gocd-params". This ensures that the page title and content indicate the presence of the GoCD login panel. - Matcher 2: It verifies that the HTTP response status is 200, indicating a successful request. This confirms that the GoCD login panel is accessible and responsive.

If both matching conditions are met, the module reports a successful detection of the GoCD login panel. If any of the conditions fail, it indicates a potential misconfiguration or vulnerability that requires further investigation and remediation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/go/auth/login
Matching conditions
word: <title>Login - Go</title>, gocd-paramsand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability