Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

OpenAPI - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#api
Description

What is the "OpenAPI - Detect" module?

The "OpenAPI - Detect" module is designed to detect the presence of OpenAPI, a specification for building APIs. It focuses on identifying misconfigurations or vulnerabilities related to OpenAPI. This module is authored by pdteam and ynnirc.

Severity: Informative

Impact

This module does not have a direct impact on the system. It serves as an informative tool to identify potential issues with OpenAPI configurations or vulnerabilities.

How does the module work?

The "OpenAPI - Detect" module works by sending HTTP requests and applying matching conditions to identify the presence of OpenAPI. It uses the following matching conditions:

- Path: The module checks if the path "/openapi.json" exists in the HTTP request. - Headers: It looks for specific headers such as "application/openapi+json" or "application/json" in the request. - Status: The module verifies if the HTTP response status is 200.

If all the matching conditions are met, the module detects the presence of OpenAPI.

Example HTTP request:

GET /openapi.json

For more information about OpenAPI, you can visit the OpenAPI website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/openapi.json
Matching conditions
word: openapi, pathsand
word: application/openapi+json, application/js...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability