id: iot-vdme-simulator

info:
  name: IoT vDME Simulator
  author: tess
  severity: low
  description: |
    Exposed IoT vDME Simulator panel allows anonymous access to create new Items.
  metadata:
    verified: true
    shodan-query: http.title:"IoT vDME Simulator"
  tags: exposure,misconfig,panel

requests:
  - method: GET
    path:
      - '{{BaseURL}}'
      - '{{BaseURL}}:9998'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>IoT vDME Simulator</title>'
          - 'Configuration Repository'
          - 'Current configuration'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200