id: springboot-metrics

info:
  name: Detect Springboot metrics Actuator
  author: pussycat0x
  severity: low
  description: Additional routes may be displayed
  tags: springboot,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"
      - "{{BaseURL}}/actuator/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mem"
          - "mem.free"
          - "processors"
          - "instance.uptime"
          - "systemload.average"
          - "nonheap.init"
          - "heap.committed"
        condition: and

      - type: status
        status:
          - 200