Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

NPM Anonymous CLI Metrics Json

By kannthu

Low
Vidoc logoVidoc Module
#npm#devops#exposure#files
Description

What is the "NPM Anonymous CLI Metrics Json?"

The "NPM Anonymous CLI Metrics Json" module is a test case designed to detect misconfigurations in the NPM (Node Package Manager) software. It focuses on the exposure of the "anonymous-cli-metrics.json" file, which contains anonymous CLI metrics data.

This module has a low severity level, indicating that the detected misconfigurations may not pose a significant risk but should still be addressed.

This module was authored by DhiyaneshDK.

Impact

If the "anonymous-cli-metrics.json" file is exposed, it may potentially leak anonymous CLI metrics data. While this data may not contain sensitive information, it is still advisable to secure the file to prevent any unintended exposure.

How does the module work?

The "NPM Anonymous CLI Metrics Json" module works by sending HTTP requests to specific paths, namely "/anonymous-cli-metrics.json" and "/.npm/anonymous-cli-metrics.json". It then applies matching conditions to determine if misconfigurations are present.

One example of a matching condition is checking for the presence of the keywords "metricId" and "metrics" within the response. Additionally, the module verifies that the HTTP response status is 200 (OK).

By evaluating these conditions, the module can identify instances where the "anonymous-cli-metrics.json" file is exposed and potentially at risk of unauthorized access.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/anonymous-cli-metri.../.npm/anonymous-cli-...
Matching conditions
word: "metricId", "metrics"and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability