id: esphome-dashboard

info:
  name: ESPHome Dashboard Exposure
  author: ritikchaddha
  severity: medium
  description: |
    ESPHome Dashboard exposes the secrets like wifi password,api keys and internal logs, it also allows users to make changes through the dashboard.
  metadata:
    verified: true
    shodan-query: title:"Dashboard - ESPHome"
  tags: misconfig,esphome,exposure,iot

requests:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Dashboard - ESPHome'

      - type: status
        status:
          - 200