nuclei-templates/http/technologies/graylog/graylog-api-exposure.yaml

91 lines
4.3 KiB
YAML
Raw Normal View History

id: graylog-api-exposure
info:
2023-07-13 08:28:52 +00:00
name: Graylog REST API Endpoints - Exposure
author: Arqsz
severity: info
2023-07-18 06:04:24 +00:00
description: |
Graylog is a centralized log management solution. According to the official documentation, it exposes multiple endpoints (some by default).
reference:
- https://go2docs.graylog.org/5-0/setting_up_graylog/rest_api.html
- https://gist.github.com/asachs01/f1f317b2924a688deb8ed2520a4520bd
2023-07-13 08:28:52 +00:00
metadata:
2023-10-14 11:27:55 +00:00
verified: true
max-request: 50
2023-07-13 08:28:52 +00:00
shodan-query: Graylog
2024-03-19 15:20:31 +00:00
tags: tech,graylog,api,swagger,fuzz
2023-07-13 08:28:52 +00:00
http:
2023-07-13 10:52:58 +00:00
- method: GET
path:
2023-07-13 10:52:58 +00:00
- "{{BaseURL}}"
- "{{BaseURL}}/api/api-docs"
- "{{BaseURL}}/api/api-browser"
- "{{BaseURL}}/api/cluster"
- "{{BaseURL}}/api/dashboards"
- "{{BaseURL}}/api/events/definitions"
- "{{BaseURL}}/api/events/definitions/validate"
- "{{BaseURL}}/api/events/notifications/test"
- "{{BaseURL}}/api/events/search"
- "{{BaseURL}}/api/free-enterprise/license"
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/checkSubscriptions"
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/inputs"
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/startSubscription"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/cloudwatch/log_groups"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/inputs"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_stream"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription_policy"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/health_check"
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/streams"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/archives/catalog/rebuild"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/backends"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/cluster/archives/catalog/rebuild"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.collector/configurations"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.license/licenses/verify"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.report/reports"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.security/team-sync/test/backend"
- "{{BaseURL}}/api/plugins/org.graylog.plugins.security/teams"
- "{{BaseURL}}/api/scheduler/jobs"
- "{{BaseURL}}/api/system/authentication/services/backends"
- "{{BaseURL}}/api/system/authentication/services/test/backend/connection"
- "{{BaseURL}}/api/system/authentication/services/test/backend/login"
- "{{BaseURL}}/api/system"
- "{{BaseURL}}/api/system/content_packs"
- "{{BaseURL}}/api/system/indexer/cluster/health"
- "{{BaseURL}}/api/system/indexer/cluster/name"
- "{{BaseURL}}/api/system/debug/events/cluster"
- "{{BaseURL}}/api/system/debug/events/local"
- "{{BaseURL}}/api/system/jobs"
- "{{BaseURL}}/api/system/pipelines/pipeline"
- "{{BaseURL}}/api/system/pipelines/rule"
- "{{BaseURL}}/api/system/urlwhitelist/check"
- "{{BaseURL}}/api/system/urlwhitelist/generate_regex"
- "{{BaseURL}}/api/views"
- "{{BaseURL}}/api/views/fields"
- "{{BaseURL}}/api/views/forValue"
- "{{BaseURL}}/api/views/search/messages"
- "{{BaseURL}}/api/views/search/metadata"
- "{{BaseURL}}/api/views/search/sync"
- "{{BaseURL}}/api/users"
2023-07-13 08:28:52 +00:00
host-redirects: true
stop-at-first-match: true
2023-10-14 11:27:55 +00:00
2023-07-13 08:28:52 +00:00
matchers-condition: or
matchers:
- type: dsl
dsl:
2023-07-13 08:28:52 +00:00
- "status_code == 200"
2023-07-18 09:20:20 +00:00
- "contains_any(header, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
2023-07-13 08:28:52 +00:00
- "contains_any(body, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
- "contains_any(body, 'swagger')"
condition: and
- type: dsl
2023-07-13 08:28:52 +00:00
name: unauthorized-graylog-header
dsl:
2023-07-13 08:28:52 +00:00
- "status_code == 401"
2023-07-18 09:20:20 +00:00
- "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
condition: and
# digest: 490a0046304402205f8ec88c8c872e1f72f827d27f188fb5cf33790e02129f8c031dcf388ae2267302206b1141795fc1f4b771b9f166252c932adacbd6f72f94e352eb1e0e392659f9d4:922c64590222798bb761d5b6d8e72950