Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Ngrok Status Page

By kannthu

Low
Vidoc logoVidoc Module
#ngrok#misconfig#status
Description

What is the "Ngrok Status Page?"

The "Ngrok Status Page" module is designed to detect the presence of the Ngrok status page on a target website. Ngrok is a popular platform that provides secure tunnels to localhost, allowing users to expose a local web server to the internet. The Ngrok status page is a web page that provides real-time information about the health and performance of the Ngrok service.

This module has a low severity level, indicating that it poses a relatively low risk to the target website.

Author: pussycat0x

Impact

This module does not have a direct impact on the target website. It is primarily used to gather information about the presence and accessibility of the Ngrok status page.

How does the module work?

The module sends a GET request to the "/status" path of the target website. It then applies two matching conditions to determine if the Ngrok status page is present:

    - The module checks if the response body contains either the "<title>ngrok</title>" or "<title>ngrok - Status</title>" HTML tags. This indicates that the page is the Ngrok status page. - The module checks if the response status code is 200, indicating a successful request. This ensures that the page is accessible.

If both matching conditions are met, the module reports a successful detection of the Ngrok status page.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/status
Matching conditions
word: <title>ngrok</title>, <title>ngrok - Sta...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability