Kibana Login Panel - Detect

What is the "Kibana Login Panel - Detect" module?

The "Kibana Login Panel - Detect" module is a test case designed to detect the presence of the Kibana login panel. Kibana is a popular open-source data visualization and exploration tool used with Elasticsearch. This module focuses on identifying misconfigurations related to the Kibana login panel.

This module has an informative severity level, which means it provides valuable information without indicating a critical vulnerability or security issue.

Impact

This module does not have a direct impact on the target system. Instead, it helps identify potential misconfigurations in the Kibana login panel, which could lead to unauthorized access or other security concerns if left unaddressed.

How the module works?

The "Kibana Login Panel - Detect" module works by sending HTTP requests to specific paths ("/login" and "/app/kibana") and applying matching conditions to identify the presence of the Kibana login panel.

The module uses two types of matchers:

- Body Matcher: This matcher looks for specific HTML title tags ("", "", "") in the response body. If any of these tags are found, it indicates the presence of the Kibana login panel. - Header Matcher: This matcher applies a regular expression to the "Kbn-Name" header. If the header matches the specified regular expression ("(?i)(Kbn-Name)"), it confirms the presence of the Kibana login panel.

The module considers the match successful if any of the matchers (body or header) return a positive result. It then reports the detection of the Kibana login panel as per the defined action (in this case, "reportVulnerability").

Here is an example of an HTTP request sent by the module:

GET /login HTTP/1.1
Host: example.com

Please note that the above example is for illustrative purposes only and may not reflect the actual target system or request details.