id: private-key-exposure

info:
  name: Private key exposure via helper detector
  author: aashiq
  severity: high
  description: Searches for private key exposure by attempting to query the helper endpoint on node_modules
  metadata:
    max-request: 1
  tags: exposure,node,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/node_modules/mqtt/test/helpers/"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "Index of /node_modules/mqtt/test/helpers"
          - "Parent Directory"
        condition: and

# digest: 4b0a00483046022100c294a6ee94342fdf659b75a7fc34f5d42c33d258d54b2e288099f251ff38fbad022100d0dc677e42c8a464b65c64f32be52316c197379599896e1897c6d42be8a64e5a:922c64590222798bb761d5b6d8e72950