Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Prometheus Config API Endpoint Discovery

By kannthu

Informative
Vidoc logoVidoc Module
#prometheus#config
Description

Prometheus Config API Endpoint Discovery

What is the "Prometheus Config API Endpoint Discovery?"

The Prometheus Config API Endpoint Discovery module is designed to detect misconfigurations in Prometheus, a monitoring and alerting toolkit. It focuses on identifying the config API endpoint, which provides access to the loaded Prometheus configuration file, including target addresses, alerting/discovery services, and the required credentials.

This module is informative in terms of severity, meaning it provides valuable insights and information without indicating a specific vulnerability or software fingerprint.

Author: geeknik

Impact

This module does not directly impact the system being scanned. Instead, it helps identify potential misconfigurations in the Prometheus monitoring setup, which could lead to security vulnerabilities or operational issues if not properly addressed.

How the module works?

The Prometheus Config API Endpoint Discovery module works by sending an HTTP GET request to the "/api/v1/status/config" endpoint. It then applies a series of matching conditions to determine if the endpoint is functioning as expected.

Matching conditions:

- The response status code must be 200. - The response body must contain the following words: "status": "success", "data", and "yaml". - The response header must include the word "application/json".

If all the matching conditions are met, the module reports a successful discovery of the Prometheus config API endpoint.

Example HTTP request:

GET /api/v1/status/config

Note: The above example is a simplified representation of the HTTP request. The actual request may include additional headers or parameters.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/v1/status/confi...
Matching conditions
status: 200and
word: "status": "success":, "data":, "yaml":and
word: application/json
Passive global matcher
No matching conditions.
On match action
Report vulnerability