Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Token Json File Disclosure

By kannthu

Low
Vidoc logoVidoc Module
#exposure#cloud#google#devops#files
Description

The "Token Json File Disclosure" module for the Vidoc platform is designed to identify misconfigurations in cloud and DevOps environments that can result in the unintentional exposure of sensitive information. This module specifically targets ".json" files that may contain access tokens and token types.

This module is classified as having low severity. It is intended to help users identify potential vulnerabilities or misconfigurations in their systems and take appropriate actions to mitigate any risks.

When the module is executed, it sends HTTP GET requests to the following paths: /token.json and /search/token.json. It then applies two matching conditions:

  1. The module checks if the response body contains the phrases "access_token" and "token_type".
  2. The module checks if the response status code is 200 (OK).

If both conditions are met, the module reports a vulnerability, indicating that a token json file has been exposed and may pose a security risk.

This module was created by an unknown author and is part of the Vidoc platform's module library.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/token.json/search/token.json
Matching conditions
word: "access_token":, "token_type":and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability