id: hashicorp-consul-webgui info: name: HashiCorp Consul Web UI Login Panel - Detect author: c-sh0 severity: info description: HashiCorp Consul Web UI login panel was detected, classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: consul shodan-query: - http.title:"Consul by HashiCorp" - http.title:"consul by hashicorp" - cpe:"cpe:2.3:a:hashicorp:consul" fofa-query: title="consul by hashicorp" google-query: intitle:"consul by hashicorp" tags: consul,webserver,panel,hashicorp http: - method: GET path: - "{{BaseURL}}/ui/" host-redirects: true max-redirects: 2 matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - 'Consul by HashiCorp' - '%22%2C%22CONSUL_COPYRIGHT_URL%22%3A%22https%3A%2F%2Fwww.hashicorp.com%22' condition: or extractors: - type: regex part: body group: 1 regex: - "CONSUL_VERSION:.*([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})" # digest: 4a0a00473045022100d3f66ce9bd6eed6413efae4e533e8f4165772b29806d05d7551f7b2182e327fb022043162ba6524d6e34127a1f9ef3215d6bb8350832b6dd8aa3ae4427fd638b02c4:922c64590222798bb761d5b6d8e72950