moving templates around

patch-1
sandeep 2021-11-28 03:39:10 +05:30
parent 99b3f31abc
commit 0425b36e10
5 changed files with 23 additions and 20 deletions

View File

@ -1,4 +1,4 @@
id: prometheus-config-endpoint
id: prometheus-config
info:
name: Prometheus config API endpoint
@ -6,7 +6,7 @@ info:
severity: info
description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
tags: prometheus,exposure
tags: prometheus
requests:
- method: GET
@ -21,9 +21,9 @@ requests:
- type: word
words:
- 'job_name:'
- '{"status":"success","data":'
- 'targets:'
- '"status": "success":'
- '"data":'
- '"yaml":'
condition: and
- type: word

View File

@ -1,10 +1,11 @@
id: prometheus-exporter-detect
id: prometheus-exporter
info:
name: Prometheus exporter detect
author: jarijaas
severity: info
description: Prometheus exporter detector
tags: panel
tags: prometheus
reference: https://github.com/prometheus/prometheus/wiki/Default-port-allocations
requests:
@ -16,14 +17,13 @@ requests:
matchers:
- type: word
words:
- Exporter # Exporters have "Exporter" in the page title (e.g, Node Exporter, Bind Exporter and so on)
- /metrics
- 'Exporter'
- '<a href="/metrics">Metrics</a>'
condition: and
extractors: # Extract exporter name
extractors:
- type: regex
part: body
name: exporter_name
group: 1
regex:
- "<title>(.*?)</title>"

View File

@ -1,4 +1,4 @@
id: prometheus-flags-endpoint
id: prometheus-flags
info:
name: Prometheus flags API endpoint
@ -6,7 +6,7 @@ info:
severity: info
description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
tags: prometheus,exposure
tags: prometheus
requests:
- method: GET

View File

@ -1,15 +1,16 @@
id: exposed-prometheus-log
id: prometheus-log
info:
name: Exposed Prometheus
author: dhiyaneshDK
severity: low
tags: exposure,prometheus,logs
tags: prometheus
requests:
- method: GET
path:
- "{{BaseURL}}/prometheus"
- "{{BaseURL}}/actuator/prometheus"
matchers-condition: and
matchers:

View File

@ -1,4 +1,4 @@
id: prometheus-targets-endpoint
id: prometheus-targets
info:
name: Prometheus targets API endpoint
@ -6,7 +6,7 @@ info:
severity: info
description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developers knowledge.
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
tags: prometheus,exposure
tags: prometheus
requests:
- method: GET
@ -20,9 +20,11 @@ requests:
- 200
- type: word
part: body
words:
- '{"status":"success","data":'
- 'Labels'
- '"status": "success"'
- '"data":'
- '"labels":'
condition: and
- type: word