Gogs Login Panel - Detect

What is the "Gogs Login Panel - Detect" module?

The "Gogs Login Panel - Detect" module is designed to detect the presence of the Gogs login panel. Gogs is a self-hosted Git service that provides a lightweight and efficient way to manage repositories. This module focuses on identifying the login panel of Gogs, which can help in assessing the security posture of the application.

This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: DhiyaneshDk, daffainfo

Impact

The impact of detecting the Gogs login panel is primarily informational. It helps in identifying the presence of the login panel, but it does not indicate any specific vulnerabilities or misconfigurations.

How does the module work?

The "Gogs Login Panel - Detect" module works by sending an HTTP GET request to the "/user/login" path of the target application. It then applies two matching conditions to determine if the Gogs login panel is present:

- The first matching condition checks the response body for specific words, such as "<meta property="og:title" content="Gogs" and "js/gogs.js?v=". If both words are found in the response body, the condition is met. - The second matching condition verifies that the HTTP response status is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the Gogs login panel.

For example, the module sends an HTTP GET request to the "/user/login" path and expects a response with a status code of 200. It then checks the response body for the presence of "<meta property="og:title" content="Gogs" and "js/gogs.js?v=". If these conditions are satisfied, the module reports the detection of the Gogs login panel.

Reference: https://gogs.io/

Metadata:

- max-request: 1 - verified: true - shodan-query: title:"Sign In - Gogs" - google-query: intitl