Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Pyproject Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#files
Description

What is the "Pyproject Disclosure" module?

The "Pyproject Disclosure" module is a test case designed to detect potential misconfigurations or vulnerabilities in the pyproject.toml file of a software project. It focuses on identifying specific sections such as [build-system] and [tool.poetry] within the file. This module has an informative severity level and was authored by dhiyaneshDk.

Impact

This module aims to identify any exposed or sensitive information present in the pyproject.toml file. By detecting misconfigurations or vulnerabilities, it helps prevent potential security risks and unauthorized access to sensitive data.

How does the module work?

The "Pyproject Disclosure" module sends an HTTP GET request to the pyproject.toml file. It then applies matching conditions to determine if the file contains the expected sections, such as [build-system] and [tool.poetry]. The module checks if the response status is 200, indicating a successful request. If all conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /pyproject.toml

Matching conditions:

- The response body must contain the words [build-system] and [tool.poetry]. - The response status must be 200.

For more information, you can refer to the module's GitHub repository.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/pyproject.toml
Matching conditions
word: [build-system], [tool.poetry]and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability