Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Spring Boot AuditEvents Actuator Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#springboot#exposure
Description

What is the "Spring Boot AuditEvents Actuator Panel - Detect?" module?

The "Spring Boot AuditEvents Actuator Panel - Detect" module is designed to detect the presence of the Spring Boot Auditevents Actuator panel. This module focuses on identifying potential misconfigurations in the Spring Boot application that could lead to security vulnerabilities.

This module targets Spring Boot applications and provides valuable insights into the configuration of the Auditevents Actuator panel. It helps security professionals and developers identify any potential weaknesses in the application's auditing and monitoring capabilities.

The severity of this module is classified as informative, meaning it provides valuable information without directly indicating a vulnerability or exploit.

This module was authored by DhiyaneshDK.

Impact

The "Spring Boot AuditEvents Actuator Panel - Detect" module does not directly impact the application's functionality or introduce any vulnerabilities. Instead, it serves as a tool to identify potential misconfigurations in the Auditevents Actuator panel, allowing developers and security professionals to address any issues and enhance the application's security posture.

How does the module work?

The "Spring Boot AuditEvents Actuator Panel - Detect" module operates by sending HTTP requests to specific endpoints related to the Auditevents Actuator panel. It then applies a set of matching conditions to determine if the panel is present and properly configured.

One example of an HTTP request sent by this module is a GET request to the "/auditevents" and "/actuator/auditevents" endpoints. The module checks the response body, headers, and status code to validate the presence and configuration of the Auditevents Actuator panel.

The matching conditions used by this module include:

- Checking if the response body contains the JSON string "{\"events\":" - Verifying if the response headers include any of the following content types: "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json" - Ensuring that the response status code is 200 (OK)

By evaluating these conditions, the module determines whether the Auditevents Actuator panel is properly configured or if there are potential misconfigurations that need attention.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/auditevents/actuator/auditevent...
Matching conditions
word: {"events":and
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability