Palo Alto Networks GlobalProtect Login Panel - Detect

What is the "Palo Alto Networks GlobalProtect Login Panel - Detect?"

The "Palo Alto Networks GlobalProtect Login Panel - Detect" module is designed to detect the presence of the Palo Alto Networks GlobalProtect login panel. This module focuses on identifying misconfigurations or vulnerabilities related to the GlobalProtect login panel. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat. The original author of this module is organiccrap.

Impact

This module does not directly impact the target system. Instead, it provides information about the presence of the Palo Alto Networks GlobalProtect login panel, allowing users to assess the security posture of their systems and take appropriate actions to mitigate any potential risks.

How does the module work?

The module works by sending HTTP requests to specific paths, namely "/global-protect/login.esp" and "/sslmgr". It then applies matching conditions to the responses received from the target system. The matching condition in this module checks for the presence of the "" and "Invalid parameters" strings in the response. If either of these strings is found, the module considers the GlobalProtect login panel to be present.

Here is an example of an HTTP request sent by the module:

GET /global-protect/login.esp HTTP/1.1
Host: [target_host]

The module uses an "and" condition for the matching conditions, meaning both strings must be present in the response for the module to detect the GlobalProtect login panel.

The metadata associated with this module includes the maximum number of requests allowed, which is set to 2.