Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Manage Engine AD Search

By kannthu

Vidoc logoVidoc Module

What is the "Manage Engine AD Search?"

The "Manage Engine AD Search" module is designed to detect misconfigurations in the Manage Engine AD Manager service. This service can be configured to allow anonymous users to browse the Active Directory (AD) list remotely. The module targets this software to identify potential security vulnerabilities.

Severity: High

Author: PR3R00T


If misconfigured, the Manage Engine AD Manager service can expose sensitive information from the AD list to unauthorized users. This can lead to potential data breaches, unauthorized access to user accounts, and other security risks.

How does the module work?

The module sends a GET request to the "/" endpoint of the Manage Engine AD Manager service. It then applies matching conditions to determine if the service is misconfigured.

The matching conditions include:

- Status: The response status code must be 200. - Keywords: The response body must contain the words "ManageEngine" and "ADManager".

If all matching conditions are met, the module reports a vulnerability.

Example HTTP request:


Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: ManageEngine, ADManager
Passive global matcher
No matching conditions.
On match action
Report vulnerability