Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kibana Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#kibana
Description

What is the "Kibana Login Panel - Detect" module?

The "Kibana Login Panel - Detect" module is a test case designed to detect the presence of the Kibana login panel. Kibana is a popular open-source data visualization and exploration tool used with Elasticsearch. This module focuses on identifying misconfigurations related to the Kibana login panel.

This module has an informative severity level, which means it provides valuable information without indicating a critical vulnerability or security issue.

Impact

This module does not have a direct impact on the target system. Instead, it helps identify potential misconfigurations in the Kibana login panel, which could lead to unauthorized access or other security concerns if left unaddressed.

How the module works?

The "Kibana Login Panel - Detect" module works by sending HTTP requests to specific paths ("/login" and "/app/kibana") and applying matching conditions to identify the presence of the Kibana login panel.

The module uses two types of matchers:

- Body Matcher: This matcher looks for specific HTML title tags ("", "", "") in the response body. If any of these tags are found, it indicates the presence of the Kibana login panel. - Header Matcher: This matcher applies a regular expression to the "Kbn-Name" header. If the header matches the specified regular expression ("(?i)(Kbn-Name)"), it confirms the presence of the Kibana login panel.

The module considers the match successful if any of the matchers (body or header) return a positive result. It then reports the detection of the Kibana login panel as per the defined action (in this case, "reportVulnerability").

Here is an example of an HTTP request sent by the module:

GET /login HTTP/1.1
Host: example.com

Please note that the above example is for illustrative purposes only and may not reflect the actual target system or request details.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/login/app/kibana
Matching conditions
word: <title>Kibana</title>, <title>Elastic</t...or
regex: (?i)(Kbn-Name)
Passive global matcher
No matching conditions.
On match action
Report vulnerability