Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Server Status Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#serverstatus
Description

What is the "Server Status Panel - Detect" module?

The "Server Status Panel - Detect" module is designed to detect the presence of a server status panel. It targets a specific software and helps identify if the server is misconfigured or vulnerable. The severity of the detected issue is classified as informative. This module was authored by DhiyaneshDK.

Impact

The presence of a server status panel can potentially expose sensitive information about the server's configuration and status. This information can be leveraged by attackers to gain unauthorized access or launch further attacks on the server.

How does the module work?

The "Server Status Panel - Detect" module works by performing HTTP requests and applying matching conditions to identify the presence of a server status panel. It uses the following matching conditions:

- Part: Body, Type: Word - Looks for the presence of the "<title>ServerStatus</title>" tag in the HTML body of the server's response. - Part: Header, Type: Word - Checks if the response header contains the word "text/html". - Part: All, Type: Status - Verifies if the response status code is 200 (OK).

If all the matching conditions are met, the module reports the presence of a server status panel.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc

It is important to note that this module is designed to detect the presence of a server status panel and does not perform any further actions or exploit any vulnerabilities.

Module preview

Concurrent Requests (0)
Passive global matcher
word: <title>ServerStatus</title>and
word: text/htmland
status: 200
On match action
Report vulnerability