Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Portainer - Init Deploy Discovery

By kannthu

Vidoc logoVidoc Module

What is the "Portainer - Init Deploy Discovery?"

The "Portainer - Init Deploy Discovery" module is designed to detect misconfigurations in the Portainer software. Portainer is a popular tool used in the Docker ecosystem for managing containerized applications. This module focuses on the initial deployment phase of Portainer and aims to identify any vulnerabilities or weaknesses that could be exploited.

This module has a severity level of medium, indicating that the detected misconfigurations could potentially lead to security risks if left unaddressed.


If misconfigurations are found, attackers may be able to gain unauthorized access to the Portainer software, potentially compromising the security of the containerized applications managed by Portainer. This could result in data breaches, unauthorized modifications, or disruption of services.

How the module works?

The "Portainer - Init Deploy Discovery" module works by sending HTTP requests to the Portainer software and analyzing the responses. It checks for specific conditions that indicate misconfigurations or vulnerabilities.

One example of an HTTP request sent by this module is:

GET /api/users/admin/check

The module then applies matching conditions to the response to determine if any vulnerabilities or misconfigurations are present. The matching conditions for this module include:

- All: The response must contain the phrase "No administrator account found inside the database". - Header: The response must have the header "application/json". - Status: The response status code must be 404.

If all of these conditions are met, the module will report a vulnerability, indicating that a misconfiguration has been detected in the Portainer software.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: No administrator account found inside th...and
word: application/jsonand
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability