Wazuh Login Panel

What is the "Wazuh Login Panel?"

The "Wazuh Login Panel" module is designed to detect the presence of the Wazuh open-source security platform's login panel. Wazuh is a comprehensive security solution that helps organizations monitor and protect their IT infrastructure. This module focuses on identifying the login panel, which can provide valuable insights into the security posture of the Wazuh installation.

This module has an informative severity level, meaning it provides valuable information but does not indicate a critical vulnerability or misconfiguration.

Author: cyllective, daffainfo

Impact

This module does not directly impact the target system. It is primarily used for information gathering purposes and does not pose any immediate security risks or vulnerabilities.

How does the module work?

The "Wazuh Login Panel" module works by sending a GET request to the "/app/login" path of the target system. It then applies two matching conditions to determine if the login panel is present:

- The module checks the response body for specific words that indicate the presence of the Wazuh login panel, such as "id: wazuh," "title: Wazuh," "icon: plugins/wazuh/img/icon_blue.png," and "url: /app/wazuh." - The module also verifies that the response status code is 200, indicating a successful request.

If both matching conditions are met, the module considers the Wazuh login panel to be present on the target system.

Example HTTP request:

GET /app/login

Matching conditions:

- Response body contains the words: "id":"wazuh", "title":"Wazuh", "icon":"plugins/wazuh/img/icon_blue.png", and "url":"/app/wazuh" - Response status code is 200

By analyzing the presence of the Wazuh login panel, organizations can gain insights into the security measures implemented by the Wazuh platform and ensure its proper configuration.

Reference: https://github.com/wazuh/wazuh

Metadata: max-request: 1, shodan-query: http.title:"Wazuh"