Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Nginx Status Page

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#nginx#status
Description

What is the "Nginx Status Page?"

The "Nginx Status Page" module is designed to detect misconfigurations in Nginx web servers. Nginx is a popular open-source web server software known for its high performance and scalability. This module focuses on identifying potential vulnerabilities or misconfigurations related to the Nginx status page.

This module has an informative severity level, meaning it provides valuable information without indicating a critical security issue. It is authored by dhiyaneshDK.

Impact

The impact of misconfigurations or vulnerabilities in the Nginx status page can vary. It may expose sensitive server information, such as active connections, to unauthorized individuals. This information can potentially be used to gather intelligence about the server's usage, load, or potential attack vectors.

How does the module work?

The "Nginx Status Page" module works by sending HTTP requests to specific endpoints, namely "/nginx_status" and "/nginx-status". It then applies matching conditions to determine if the server is misconfigured or vulnerable.

One example of a matching condition is checking for the presence of the phrase "Active connections:" in the server's response. Additionally, the module verifies that the server returns a 200 status code, indicating a successful response.

By analyzing the server's response and matching conditions, the module can identify potential misconfigurations or vulnerabilities related to the Nginx status page.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/nginx_status/nginx-status
Matching conditions
word: Active connections:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability