id: prometheus-metrics info: name: Exposed Prometheus metrics - Detect author: dhiyaneshDK, philippedelteil severity: low reference: - https://github.com/prometheus/prometheus - https://hackerone.com/reports/1026196 tags: exposure,prometheus,hackerone,config requests: - method: GET path: - "{{BaseURL}}/metrics" matchers-condition: and matchers: - type: word words: - 'cpu_seconds_total' - 'http_request_duration_seconds' - 'process_virtual_memory_bytes' - 'process_start_time_seconds' condition: or - type: status status: - 200 # Enhanced by md on 2023/02/23