Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "OpenAPI - Detect" module is designed to detect the presence of OpenAPI, a specification for building APIs. It focuses on identifying misconfigurations or vulnerabilities related to OpenAPI. This module is authored by pdteam and ynnirc.
Severity: Informative
This module does not have a direct impact on the system. It serves as an informative tool to identify potential issues with OpenAPI configurations or vulnerabilities.
The "OpenAPI - Detect" module works by sending HTTP requests and applying matching conditions to identify the presence of OpenAPI. It uses the following matching conditions:
- Path: The module checks if the path "/openapi.json" exists in the HTTP request. - Headers: It looks for specific headers such as "application/openapi+json" or "application/json" in the request. - Status: The module verifies if the HTTP response status is 200.If all the matching conditions are met, the module detects the presence of OpenAPI.
Example HTTP request:
GET /openapi.json
For more information about OpenAPI, you can visit the OpenAPI website.