Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Public Swagger API - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#api#swagger
Description

What is the "Public Swagger API - Detect" module?

The "Public Swagger API - Detect" module is designed to detect the presence of a public Swagger API. Swagger is an open-source software framework that allows developers to design, build, document, and consume RESTful web services. This module specifically targets public Swagger APIs, which are APIs that are accessible to anyone without authentication.

This module is classified as informative, meaning it provides information about the presence of a public Swagger API but does not indicate any specific vulnerabilities or misconfigurations.

This module was authored by pdteam and c-sh0.

Impact

The presence of a public Swagger API can potentially expose sensitive information about the API endpoints, request parameters, and data structures. This information can be used by attackers to gain insights into the API's functionality and potentially exploit any vulnerabilities or misconfigurations.

How does the module work?

The "Public Swagger API - Detect" module works by sending HTTP requests to various common paths and checking for specific patterns in the response. It uses the following matching conditions:

- The response must have a status code of 200. - The response body must contain one or more of the following patterns:
- "swagger:"
- "Swagger 2.0"
- "\"swagger\":"
- "Swagger UI"
- "loadSwaggerUI"
- "**token**: id=\"swagger-ui"

If both matching conditions are met, the module considers the presence of a public Swagger API as detected.

Example HTTP request:

GET /swagger-ui/swagger-ui.js
Headers: Accept: text/html

The module sends similar requests to other common paths associated with Swagger APIs to increase the chances of detection.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/swagger-ui/swagger-.../swagger/swagger-ui..../swagger-ui.js(+50 paths)
Headers

Accept: text/html

Matching conditions
word: swagger:, Swagger 2.0, "swagger":, Swagg...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability