From 863fc2756944264d7c4b6c0ba065a2e02b4f20f0 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 30 Jan 2024 14:14:14 +0530 Subject: [PATCH] updated matcher format & req --- ...ironment.yaml => node-express-dev-env.yaml} | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) rename http/misconfiguration/{node-express-dev-environment.yaml => node-express-dev-env.yaml} (73%) diff --git a/http/misconfiguration/node-express-dev-environment.yaml b/http/misconfiguration/node-express-dev-env.yaml similarity index 73% rename from http/misconfiguration/node-express-dev-environment.yaml rename to http/misconfiguration/node-express-dev-env.yaml index 7bcf68eb4d..3050fad10c 100644 --- a/http/misconfiguration/node-express-dev-environment.yaml +++ b/http/misconfiguration/node-express-dev-env.yaml @@ -1,6 +1,7 @@ -id: node-express-dev-environment +id: node-express-dev-env + info: - name: Node.js Express NODE_ENV Development Mode - Detection + name: Node.js Express NODE_ENV Development Mode author: FLX severity: medium reference: @@ -9,10 +10,10 @@ info: description: | The Node.js application runs in development mode, which can expose sensitive information, such as source code and secrets, depending on the application. metadata: + max-request: 2 verified: true - max-request: 1 shodan-query: "X-Powered-By: Express" - tags: node,nodejs,express,misconfig,development,environment + tags: nodejs,express,misconfig,development,environment,trace flow: http(1) && http(2) @@ -29,12 +30,17 @@ http: - raw: - | - GET {{BaseURL}} HTTP/1.1 + GET / HTTP/1.1 + Host: {{Hostname}} Content-Type: application/json Connection: close t + matchers: - type: dsl dsl: - - "contains(tolower(all_headers), 'x-powered-by: express') && status_code==400 && contains(body, 'SyntaxError')" + - "status_code==400" + - "contains(body, 'SyntaxError: Unexpected token')" + - "contains(tolower(all_headers), 'x-powered-by: express')" + condition: and