Create springboot-detect

detects sensitive actuator endpoints
2020-04-12 14:55:17 -07:00 · 2020-04-12 14:55:17 -07:00 · 2e6b821d61
parent eaa308ce63
commit 2e6b821d61
1 changed files with 55 additions and 0 deletions
--- a/security-misconfiguration/springboot-detect
+++ b/security-misconfiguration/springboot-detect
@ -0,0 +1,55 @@
+id: springboot-actuators
+
+info:
+  name: Detect the exposure of Springboot Actuators
+  author: that_juan_
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/trace"
+      - "{{BaseURL}}/loggers"
+      - "{{BaseURL}}/autoconfig"
+      - "{{BaseURL}}/heapdump"
+      - "{{BaseURL}}/threaddump"
+      - "{{BaseURL}}/env"
+      - "{{BaseURL}}/management"
+      - "{{BaseURL}}/dump"
+      - "{{BaseURL}}/configprops"
+      - "{{BaseURL}}/mappings"
+      - "{{BaseURL}}/auditevents"
+      - "{{BaseURL}}/beans"
+      - "{{BaseURL}}/jolokia"
+      - "{{BaseURL}}/cloudfoundryapplication"
+      - "{{BaseURL}}/jolokia"
+      - "{{BaseURL}}/hystrix.stream"
+      - "{{BaseURL}}/actuator"
+      - "{{BaseURL}}/actuator/auditevents"
+      - "{{BaseURL}}/actuator/beans"
+      - "{{BaseURL}}/actuator/conditions"
+      - "{{BaseURL}}/actuator/configprops"
+      - "{{BaseURL}}/actuator/env"
+      - "{{BaseURL}}/actuator/heapdump"
+      - "{{BaseURL}}/actuator/threaddump"
+      - "{{BaseURL}}/actuator/jolokia"
+      - "{{BaseURL}}/actuator/hystrix.stream"
+      - "{{BaseURL}}/actuator/flyway"
+      - "{{BaseURL}}/actuator/integrationgraph"
+      - "{{BaseURL}}//actuator/management"
+    matchers:
+      - type: word
+        words:
+          - 'method'
+          - 'spring'
+          - ''
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - 'application/json'
+          - 'attachment'
+        condition: or
+        part: header