Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Leaky Paths wordlist - content discovery

By kannthu

Informative
Vidoc logoVidoc Module
#content-discovery#bruteforce
Description

What is the "Leaky Paths wordlist - content discovery?" module?

The "Leaky Paths wordlist - content discovery" module is designed to detect misconfigurations and vulnerabilities related to content discovery on web servers. It targets a specific software and helps identify potential leaks in the server's file system or sensitive information exposure. This module is created by an undisclosed author.

Impact

If misconfigurations or vulnerabilities are found using this module, it could potentially lead to unauthorized access, data leakage, or other security risks. It is important to address any issues identified by this module promptly to ensure the security and integrity of the web server.

How does the module work?

The "Leaky Paths wordlist - content discovery" module utilizes HTTP request templates and matching conditions to scan for specific paths or files on the target web server. It sends GET requests to various paths and checks the response status codes for matches against a predefined list of expected codes.

For example, one of the paths it may check is "/+CSCOE+/logon.html". If the server responds with a status code of 200, 204, 301, 302, 307, 401, 403, 405, or 500, it is considered a match. The module also includes a wordlist of other paths to check for potential leaks or vulnerabilities.

By analyzing the responses and matching conditions, the module can identify potential misconfigurations or vulnerabilities related to content discovery on the target web server.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/{%paths%}
Payloads
1 payload lists
Matching conditions
status: 200, 204, 301, 302, 307, 401, 403, 405, ...
Passive global matcher
No matching conditions.
On match action
Report vulnerability