Merge pull request #757 from wdahlenburg/split_spring_boot_detect

Split up springboot-detect

misconfiguration/springboot/springboot-configprops.yaml

@@ -0,0 +1,32 @@
+id: springboot-configprops
+
+info:
+  name: Detect Springboot Configprops Actuator
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: low
+  description: Sensitive environment variables may not be masked
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/configprops"
+      - "{{BaseURL}}/actuator/configprops"
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "org.springframework.boot.actuate"
+          - "beans"
+          - "contexts"
+        condition: and
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header

misconfiguration/springboot/springboot-env.yaml

@@ -0,0 +1,33 @@
+id: springboot-env
+
+info:
+  name: Detect Springboot Env Actuator
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: high
+  description: Sensitive environment variables may not be masked
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/env"
+      - "{{BaseURL}}/actuator/env"
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "JAVA_HOME"
+          - "sping.config.location"
+          - "spring.application.name"
+          - "local.server.port"
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header

misconfiguration/springboot/springboot-heapdump.yaml

@@ -0,0 +1,38 @@
+id: springboot-heapdump
+
+info:
+  name: Detect Springboot Heapdump Actuator
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: critical
+  description: Environment variables and HTTP requests can be found in the HPROF
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/heapdump"
+      - "{{BaseURL}}/actuator/heapdump"
+    matchers-condition: and
+    matchers:
+      - type: binary
+        part: body
+        binary:
+          - "4a4156412050524f46494c45" # "JAVA PROFILE"
+          - "4850524f46" # "HPROF"
+          - "1f8b080000000000" # Gunzip magic byte
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/octet-stream"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header
+      - type: dsl
+        dsl:
+          - "len(body) >= 100000"
+          - "content_length >= 100000"
+        condition: or
+        part: header

misconfiguration/springboot/springboot-loggers.yaml

@@ -0,0 +1,33 @@
+id: springboot-loggers
+
+info:
+  name: Detect Springboot Loggers
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: low
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/loggers"
+      - "{{BaseURL}}/actuator/loggers"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"loggers"'
+          - '"profiles":'
+        condition: or
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "application/json"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header

misconfiguration/springboot/springboot-mappings.yaml

@@ -0,0 +1,32 @@
+id: springboot-mappings
+
+info:
+  name: Detect Springboot Mappings Actuator
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: low
+  description: Additional routes may be displayed
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/mappings"
+      - "{{BaseURL}}/actuator/mappings"
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mappings"
+          - "method"
+          - "produces"
+        condition: and
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header

misconfiguration/springboot/springboot-trace.yaml

@@ -0,0 +1,35 @@
+id: springboot-trace
+
+info:
+  name: Detect Springboot Trace Actuator
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: low
+  description: View recent HTTP requests and responses
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/trace"
+      - "{{BaseURL}}/actuator/trace"
+      - "{{BaseURL}}/httptrace"
+      - "{{BaseURL}}/actuator/httptrace"
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "traces"
+          - "response"
+          - "request"
+          - "principal"
+        condition: or
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+          - "application/vnd.spring-boot.actuator"
+          - "application/vnd.spring-boot.actuator.v1+json"
+        condition: or
+        part: header

technologies/detect-springboot-actuator.yaml

@@ -0,0 +1,20 @@
+id: detect-springboot-actuator
+
+info:
+  name: Detect Springboot Actuators
+  author: that_juan_ & dwisiswant0 & wdahlenb
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/actuator"
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{"_links":{"self"'
+      - type: status
+        status:
+          - 200