Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Tracer SC Login Panel - Detect

By kannthu

Vidoc logoVidoc Module

Tracer SC Login Panel - Detect

What is the "Tracer SC Login Panel - Detect?"

The "Tracer SC Login Panel - Detect" module is designed to detect the presence of the Tracer SC login panel. Tracer SC is a software used for building management and automation, specifically for building automation systems. This module focuses on identifying potential misconfigurations or vulnerabilities related to the Tracer SC login panel.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a critical security issue.

This module was authored by geeknik.


The impact of the Tracer SC login panel detection module is primarily informational. It helps identify the presence of the login panel, which can be useful for assessing the security posture of a system using Tracer SC. However, it does not directly indicate any specific security vulnerabilities or misconfigurations.

How does the module work?

The module works by sending an HTTP GET request to the "/hui/index.html" path and applying several matching conditions to determine if the Tracer SC login panel is present.

The matching conditions include:

- Checking if the HTTP response status is 200 (OK) - Verifying if the response body contains the "" tag - Ensuring that the response header includes the "text/html" content type

If all of these conditions are met, the module considers the Tracer SC login panel to be detected.

Here is an example of the HTTP request sent by the module:

GET /hui/index.html

Please note that the actual module definition is not shown here for simplicity.

For more information about Tracer SC and building automation systems, you can refer to the Trane website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: <title>Tracer SC</title>and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability