Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

README.md file disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#markdown#files
Description

README.md File Disclosure

What is the "README.md file disclosure?"

The "README.md file disclosure" module is designed to detect the exposure of the README.md file in a target software. This module focuses on identifying misconfigurations that may lead to the disclosure of sensitive information contained in the README.md file.

This module is an informative module, meaning it provides information about potential vulnerabilities or misconfigurations but does not pose an immediate threat to the target software.

This module was created by an unknown author.

Impact

If the README.md file is exposed, it can potentially reveal sensitive information about the target software, such as project details, installation instructions, or even credentials. This information can be valuable to attackers and may lead to further exploitation or unauthorized access.

How the module works?

The "README.md file disclosure" module works by sending an HTTP GET request to the target software's server, specifically targeting the "/README.md" path. It then applies a series of matching conditions to determine if the file is exposed.

The matching conditions include:

- Checking if the file contains any headings (marked by "#" or "##") - Verifying if the file's header indicates it is in either "text/markdown" or "text/plain" format - Ensuring that the HTTP response status is 200 (OK)

If all of these conditions are met, the module considers the README.md file to be exposed and reports it as a potential vulnerability.

Here is an example of the HTTP request sent by the module:

GET /README.md HTTP/1.1
Host: [target software's server]

Please note that this is a simplified example and the actual request may contain additional headers or parameters.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/README.md
Matching conditions
word: #, ##and
word: text/markdown, text/plainand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability