Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

npm Config - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#config#exposure
Description

What is the "npm Config - Detect" module?

The "npm Config - Detect" module is designed to detect misconfigurations in npm packages. It targets the npm configuration files, specifically the package.json and package-lock.json files. This module is created by geeknik and afaq.

Severity: Informative

Impact

This module helps identify potential misconfigurations in npm packages, which can lead to security vulnerabilities or other issues. By detecting these misconfigurations, developers can take appropriate actions to ensure the proper configuration of their npm packages.

How does the module work?

The "npm Config - Detect" module works by sending HTTP requests to the specified paths ("/package.json" and "/package-lock.json") and applying matching conditions to the responses. The module uses the following matching conditions:

- Check if the response contains the words "name" and "version" in any part of the response. - Check if the response header includes the word "application/json". - Check if the response status is 200 (OK).

If all the matching conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /package.json

The module analyzes the response of this request based on the matching conditions described above.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/package.json/package-lock.json
Matching conditions
word: name, versionand
word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability