2023-07-18 08:59:22 +00:00
|
|
|
id: graylog-api-exposure
|
2023-03-27 10:59:35 +00:00
|
|
|
|
|
|
|
info:
|
2023-07-13 08:28:52 +00:00
|
|
|
name: Graylog REST API Endpoints - Exposure
|
2023-03-27 10:59:35 +00:00
|
|
|
author: Arqsz
|
|
|
|
severity: info
|
2023-07-18 06:04:24 +00:00
|
|
|
description: |
|
|
|
|
Graylog is a centralized log management solution. According to the official documentation, it exposes multiple endpoints (some by default).
|
2023-03-27 10:59:35 +00:00
|
|
|
reference:
|
|
|
|
- https://go2docs.graylog.org/5-0/setting_up_graylog/rest_api.html
|
|
|
|
- https://gist.github.com/asachs01/f1f317b2924a688deb8ed2520a4520bd
|
2023-07-13 08:28:52 +00:00
|
|
|
metadata:
|
2023-10-14 11:27:55 +00:00
|
|
|
verified: true
|
2023-07-18 08:03:55 +00:00
|
|
|
max-request: 50
|
2023-07-13 08:28:52 +00:00
|
|
|
shodan-query: Graylog
|
2024-03-19 15:20:31 +00:00
|
|
|
tags: tech,graylog,api,swagger,fuzz
|
2023-03-27 10:59:35 +00:00
|
|
|
|
2023-07-13 08:28:52 +00:00
|
|
|
http:
|
2023-07-13 10:52:58 +00:00
|
|
|
- method: GET
|
2023-03-27 10:59:35 +00:00
|
|
|
path:
|
2023-07-13 10:52:58 +00:00
|
|
|
- "{{BaseURL}}"
|
2023-03-27 10:59:35 +00:00
|
|
|
- "{{BaseURL}}/api/api-docs"
|
|
|
|
- "{{BaseURL}}/api/api-browser"
|
|
|
|
- "{{BaseURL}}/api/cluster"
|
|
|
|
- "{{BaseURL}}/api/dashboards"
|
|
|
|
- "{{BaseURL}}/api/events/definitions"
|
|
|
|
- "{{BaseURL}}/api/events/definitions/validate"
|
|
|
|
- "{{BaseURL}}/api/events/notifications/test"
|
|
|
|
- "{{BaseURL}}/api/events/search"
|
|
|
|
- "{{BaseURL}}/api/free-enterprise/license"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/checkSubscriptions"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/inputs"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/startSubscription"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/cloudwatch/log_groups"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/inputs"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_stream"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription_policy"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/health_check"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/streams"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/archives/catalog/rebuild"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/backends"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/cluster/archives/catalog/rebuild"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.collector/configurations"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.license/licenses/verify"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.report/reports"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.security/team-sync/test/backend"
|
|
|
|
- "{{BaseURL}}/api/plugins/org.graylog.plugins.security/teams"
|
|
|
|
- "{{BaseURL}}/api/scheduler/jobs"
|
|
|
|
- "{{BaseURL}}/api/system/authentication/services/backends"
|
|
|
|
- "{{BaseURL}}/api/system/authentication/services/test/backend/connection"
|
|
|
|
- "{{BaseURL}}/api/system/authentication/services/test/backend/login"
|
|
|
|
- "{{BaseURL}}/api/system"
|
|
|
|
- "{{BaseURL}}/api/system/content_packs"
|
|
|
|
- "{{BaseURL}}/api/system/indexer/cluster/health"
|
|
|
|
- "{{BaseURL}}/api/system/indexer/cluster/name"
|
|
|
|
- "{{BaseURL}}/api/system/debug/events/cluster"
|
|
|
|
- "{{BaseURL}}/api/system/debug/events/local"
|
|
|
|
- "{{BaseURL}}/api/system/jobs"
|
|
|
|
- "{{BaseURL}}/api/system/pipelines/pipeline"
|
|
|
|
- "{{BaseURL}}/api/system/pipelines/rule"
|
|
|
|
- "{{BaseURL}}/api/system/urlwhitelist/check"
|
|
|
|
- "{{BaseURL}}/api/system/urlwhitelist/generate_regex"
|
|
|
|
- "{{BaseURL}}/api/views"
|
|
|
|
- "{{BaseURL}}/api/views/fields"
|
|
|
|
- "{{BaseURL}}/api/views/forValue"
|
|
|
|
- "{{BaseURL}}/api/views/search/messages"
|
|
|
|
- "{{BaseURL}}/api/views/search/metadata"
|
|
|
|
- "{{BaseURL}}/api/views/search/sync"
|
|
|
|
- "{{BaseURL}}/api/users"
|
|
|
|
|
2023-07-13 08:28:52 +00:00
|
|
|
host-redirects: true
|
2023-03-27 10:59:35 +00:00
|
|
|
stop-at-first-match: true
|
2023-10-14 11:27:55 +00:00
|
|
|
|
2023-07-13 08:28:52 +00:00
|
|
|
matchers-condition: or
|
2023-03-27 10:59:35 +00:00
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
2023-07-13 08:28:52 +00:00
|
|
|
- "status_code == 200"
|
2023-07-18 09:20:20 +00:00
|
|
|
- "contains_any(header, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
|
2023-07-13 08:28:52 +00:00
|
|
|
- "contains_any(body, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
|
|
|
|
- "contains_any(body, 'swagger')"
|
2023-03-27 10:59:35 +00:00
|
|
|
condition: and
|
|
|
|
|
|
|
|
- type: dsl
|
2023-07-13 08:28:52 +00:00
|
|
|
name: unauthorized-graylog-header
|
2023-03-27 10:59:35 +00:00
|
|
|
dsl:
|
2023-07-13 08:28:52 +00:00
|
|
|
- "status_code == 401"
|
2023-07-18 09:20:20 +00:00
|
|
|
- "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
|
2023-03-27 10:59:35 +00:00
|
|
|
condition: and
|
2024-02-28 07:36:01 +00:00
|
|
|
# digest: 490a0046304402205f8ec88c8c872e1f72f827d27f188fb5cf33790e02129f8c031dcf388ae2267302206b1141795fc1f4b771b9f166252c932adacbd6f72f94e352eb1e0e392659f9d4:922c64590222798bb761d5b6d8e72950
|