Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SFTP credentials exposure

By kannthu

Medium
Vidoc logoVidoc Module
#config#ftp#exposure
Description

What is "SFTP credentials exposure?"

The "SFTP credentials exposure" module is designed to detect instances where SFTP (Secure File Transfer Protocol) credentials are exposed. This module targets software configurations that may inadvertently expose sensitive credentials, potentially leading to unauthorized access and data breaches. The severity of this module is classified as medium.

Impact

If SFTP credentials are exposed, malicious actors can gain unauthorized access to sensitive data and potentially compromise the security of the system. This can result in data breaches, unauthorized modifications, and other security incidents.

How the module works?

The "SFTP credentials exposure" module works by sending HTTP requests to specific paths, such as "/sftp-config.json" and "/ftpsync.settings". It then applies matching conditions to determine if the exposed credentials are present. The matching conditions include checking the response body for specific words like "file_permissions" and "extra_list_connections" and verifying that the response status is 200.

For example, the module may send a GET request to "/sftp-config.json" and check if the response body contains the words "file_permissions" and "extra_list_connections". If these conditions are met and the response status is 200, the module will report a vulnerability.

By detecting and reporting instances of SFTP credentials exposure, this module helps organizations identify and address potential security risks, ensuring the protection of sensitive data and maintaining the integrity of their systems.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sftp-config.json/ftpsync.settings
Matching conditions
word: file_permissions, extra_list_connectionsand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability