From 925b27976d753842c1fd8629439f7cc26517821d Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 12 Oct 2022 22:41:26 +0530
Subject: [PATCH 1/2] Create envoy-admin-exposure.yaml

---
 misconfiguration/envoy-admin-exposure.yaml | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 misconfiguration/envoy-admin-exposure.yaml

diff --git a/misconfiguration/envoy-admin-exposure.yaml b/misconfiguration/envoy-admin-exposure.yaml
new file mode 100644
index 0000000000..61124cab5e
--- /dev/null
+++ b/misconfiguration/envoy-admin-exposure.yaml
@@ -0,0 +1,32 @@
+id: envoy-admin-exposure
+
+info:
+  name: Envoy Admin Exposure
+  author: DhiyaneshDk
+  severity: medium
+  reference:
+    - https://www.envoyproxy.io/docs/envoy/latest/
+  metadata:
+    verified: true
+    shodan-query: title:"Envoy Admin"
+  tags: misconfig,envoy,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>Envoy Admin</title>"
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200