nuclei-templates/security-misconfiguration/springboot-detect.yaml

id: springboot-actuators

info:
  name: Detect the exposure of Springboot Actuators
  author: that_juan_
  severity: medium

requests:
  - method: GET
    path:
      - "{{BaseURL}}/trace"
      - "{{BaseURL}}/loggers"
      - "{{BaseURL}}/autoconfig"
      - "{{BaseURL}}/threaddump"
      - "{{BaseURL}}/env"
      - "{{BaseURL}}/management"
      - "{{BaseURL}}/dump"
      - "{{BaseURL}}/configprops"
      - "{{BaseURL}}/mappings"
      - "{{BaseURL}}/auditevents"
      - "{{BaseURL}}/beans"
      - "{{BaseURL}}/cloudfoundryapplication"
      - "{{BaseURL}}//jolokia"
      - "{{BaseURL}}/actuator"
      - "{{BaseURL}}/actuator/auditevents"
      - "{{BaseURL}}/actuator/beans"
      - "{{BaseURL}}/actuator/health"
      - "{{BaseURL}}/actuator/conditions"
      - "{{BaseURL}}/actuator/configprops"
      - "{{BaseURL}}/actuator/env"
      - "{{BaseURL}}/actuator/dump"
      - "{{BaseURL}}/actuator/threaddump"
      - "{{BaseURL}}/actuator/flyway"
      - "{{BaseURL}}/actuator/integrationgraph"
      - "{{BaseURL}}//actuator/management"
      - "{{BaseURL}}//actuator/jolokia"
    matchers:
      - type: regex
        part: body
        regex:
          - "method"
          - "spring"
          - "TYPE"
          - "system"
          - "database"
          - "cron"
        condition: or
      - type: status
        status:
          - 200
      - type: word
        words:
          - "application/json"
          - "hprof"
        condition: or
        part: header
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`id: springboot-actuators`

			`info:`
			`name: Detect the exposure of Springboot Actuators`
			`author: that_juan_`
			`severity: medium`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/trace"`
			`- "{{BaseURL}}/loggers"`
			`- "{{BaseURL}}/autoconfig"`
			`- "{{BaseURL}}/threaddump"`
			`- "{{BaseURL}}/env"`
			`- "{{BaseURL}}/management"`
			`- "{{BaseURL}}/dump"`
			`- "{{BaseURL}}/configprops"`
			`- "{{BaseURL}}/mappings"`
			`- "{{BaseURL}}/auditevents"`
			`- "{{BaseURL}}/beans"`
			`- "{{BaseURL}}/cloudfoundryapplication"`
Update springboot-detect.yaml 2020-04-15 20:05:33 +00:00			`- "{{BaseURL}}//jolokia"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`- "{{BaseURL}}/actuator"`
			`- "{{BaseURL}}/actuator/auditevents"`
			`- "{{BaseURL}}/actuator/beans"`
Update springboot-detect.yaml 2020-04-14 15:32:51 +00:00			`- "{{BaseURL}}/actuator/health"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`- "{{BaseURL}}/actuator/conditions"`
			`- "{{BaseURL}}/actuator/configprops"`
			`- "{{BaseURL}}/actuator/env"`
Update springboot-detect.yaml 2020-04-14 15:32:51 +00:00			`- "{{BaseURL}}/actuator/dump"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`- "{{BaseURL}}/actuator/threaddump"`
			`- "{{BaseURL}}/actuator/flyway"`
			`- "{{BaseURL}}/actuator/integrationgraph"`
			`- "{{BaseURL}}//actuator/management"`
Update springboot-detect.yaml 2020-04-15 20:12:21 +00:00			`- "{{BaseURL}}//actuator/jolokia"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`matchers:`
Update springboot-detect.yaml 2020-04-14 15:32:51 +00:00			`- type: regex`
			`part: body`
			`regex:`
Update syntax 2020-05-25 08:13:15 +00:00			`- "method"`
			`- "spring"`
			`- "TYPE"`
			`- "system"`
			`- "database"`
			`- "cron"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`condition: or`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
Update syntax 2020-05-25 08:13:15 +00:00			`- "application/json"`
			`- "hprof"`
Create springboot-detect detects sensitive actuator endpoints 2020-04-12 21:55:17 +00:00			`condition: or`
			`part: header`