id: graylog-api-exposure info: name: Graylog REST API Endpoints - Exposure author: Arqsz severity: info description: | Graylog is a centralized log management solution. According to the official documentation, it exposes multiple endpoints (some by default). reference: - https://go2docs.graylog.org/5-0/setting_up_graylog/rest_api.html - https://gist.github.com/asachs01/f1f317b2924a688deb8ed2520a4520bd metadata: verified: true max-request: 50 shodan-query: Graylog tags: tech,graylog,api,swagger,fuzz http: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/api/api-docs" - "{{BaseURL}}/api/api-browser" - "{{BaseURL}}/api/cluster" - "{{BaseURL}}/api/dashboards" - "{{BaseURL}}/api/events/definitions" - "{{BaseURL}}/api/events/definitions/validate" - "{{BaseURL}}/api/events/notifications/test" - "{{BaseURL}}/api/events/search" - "{{BaseURL}}/api/free-enterprise/license" - "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/checkSubscriptions" - "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/inputs" - "{{BaseURL}}/api/plugins/org.graylog.enterprise.integrations/office365/startSubscription" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/cloudwatch/log_groups" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/inputs" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_stream" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/auto_setup/create_subscription_policy" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/health_check" - "{{BaseURL}}/api/plugins/org.graylog.integrations/aws/kinesis/streams" - "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/archives/catalog/rebuild" - "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/backends" - "{{BaseURL}}/api/plugins/org.graylog.plugins.archive/cluster/archives/catalog/rebuild" - "{{BaseURL}}/api/plugins/org.graylog.plugins.collector/configurations" - "{{BaseURL}}/api/plugins/org.graylog.plugins.license/licenses/verify" - "{{BaseURL}}/api/plugins/org.graylog.plugins.report/reports" - "{{BaseURL}}/api/plugins/org.graylog.plugins.security/team-sync/test/backend" - "{{BaseURL}}/api/plugins/org.graylog.plugins.security/teams" - "{{BaseURL}}/api/scheduler/jobs" - "{{BaseURL}}/api/system/authentication/services/backends" - "{{BaseURL}}/api/system/authentication/services/test/backend/connection" - "{{BaseURL}}/api/system/authentication/services/test/backend/login" - "{{BaseURL}}/api/system" - "{{BaseURL}}/api/system/content_packs" - "{{BaseURL}}/api/system/indexer/cluster/health" - "{{BaseURL}}/api/system/indexer/cluster/name" - "{{BaseURL}}/api/system/debug/events/cluster" - "{{BaseURL}}/api/system/debug/events/local" - "{{BaseURL}}/api/system/jobs" - "{{BaseURL}}/api/system/pipelines/pipeline" - "{{BaseURL}}/api/system/pipelines/rule" - "{{BaseURL}}/api/system/urlwhitelist/check" - "{{BaseURL}}/api/system/urlwhitelist/generate_regex" - "{{BaseURL}}/api/views" - "{{BaseURL}}/api/views/fields" - "{{BaseURL}}/api/views/forValue" - "{{BaseURL}}/api/views/search/messages" - "{{BaseURL}}/api/views/search/metadata" - "{{BaseURL}}/api/views/search/sync" - "{{BaseURL}}/api/users" host-redirects: true stop-at-first-match: true matchers-condition: or matchers: - type: dsl dsl: - "status_code == 200" - "contains_any(header, 'X-Graylog-Node-Id', 'Graylog', 'graylog')" - "contains_any(body, 'X-Graylog-Node-Id', 'Graylog', 'graylog')" - "contains_any(body, 'swagger')" condition: and - type: dsl name: unauthorized-graylog-header dsl: - "status_code == 401" - "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')" condition: and # digest: 4b0a00483046022100cfdfa42b1d6eceea7948a44eebd55448c0553992200628d09080452422232dd7022100a11fdf4e1c293d3669c0923ed6177f2192e0ac22ff1af23651878299747ad7e4:922c64590222798bb761d5b6d8e72950