Moleculer Microservices Project

What is the "Moleculer Microservices Project?"

The "Moleculer Microservices Project" module is designed to detect misconfigurations in the Moleculer microservice framework. It targets instances of the Moleculer microservice that are accessible without the required authentication in place. This module has a low severity level and was authored by pussycat0x.

Impact

If the Moleculer microservice is accessible without authentication, it can potentially expose sensitive data or allow unauthorized access to the system. This can lead to security breaches and compromise the integrity of the microservice.

How the module works?

The module works by sending HTTP requests to the target Moleculer microservice and checking for specific conditions. It verifies that the response status is 200 (OK) and that the response header contains the word "text/html". The module also matches specific words in the response body, such as "Moleculer Microservices Project" and "Service/Action name". If all the conditions are met, the module reports a vulnerability.

Here is an example of an HTTP request sent by the module:

GET / HTTP/1.1
Host: target-microservice.com
User-Agent: Vidoc-Scanner
Accept: text/html

The module's matching conditions are as follows:

- All words "Moleculer Microservices Project" and "Service/Action name" must be present in the response body. - The response header must contain the word "text/html". - The response status must be 200 (OK).

When all the matching conditions are satisfied, the module identifies the vulnerability and reports it.