GoCD Login Panel - Detect

What is the "GoCD Login Panel - Detect" module?

The "GoCD Login Panel - Detect" module is designed to detect the presence of the GoCD login panel. GoCD is a popular open-source continuous delivery server that helps automate and streamline the software delivery process. This module focuses on detecting any misconfigurations or vulnerabilities related to the GoCD login panel.

This module has an informative severity level, which means it provides valuable information without indicating any immediate security risks. It is intended to help users identify potential issues and take appropriate actions to ensure the security and proper functioning of their GoCD login panel.

Impact

This module does not have any direct impact on the system or application being scanned. It is purely a detection module that helps identify potential misconfigurations or vulnerabilities related to the GoCD login panel. The impact of any detected issues will depend on the specific findings and the actions taken by the user to address them.

How the module works?

The "GoCD Login Panel - Detect" module works by sending an HTTP GET request to the "/go/auth/login" path of the target system. It then applies matching conditions to determine if the GoCD login panel is present and functioning correctly.

The module uses two matching conditions:

- Matcher 1: It checks if the response body contains the words "<title>Login - Go</title>" and "gocd-params". This ensures that the page title and content indicate the presence of the GoCD login panel. - Matcher 2: It verifies that the HTTP response status is 200, indicating a successful request. This confirms that the GoCD login panel is accessible and responsive.

If both matching conditions are met, the module reports a successful detection of the GoCD login panel. If any of the conditions fail, it indicates a potential misconfiguration or vulnerability that requires further investigation and remediation.