id: salesforce-aura

info:
  name: Detect the exposure of Salesforce Lightning aura API
  author: aaron_costello (@ConspiracyProof),Ph33rr
  severity: info
  reference:
    - https://www.enumerated.de/index/salesforce
    - https://github.com/Ph33rr/cirrusgo (test endpoint)
  tags: aura,unauth,salesforce,exposure

requests:
  - method: POST
    path:
      - "{{BaseURL}}/aura"
      - "{{BaseURL}}/s/sfsites/aura"
      - "{{BaseURL}}/sfsites/aura"
      - "{{BaseURL}}/s/aura"
      - "{{BaseURL}}/s/fact"

    body: "{}"

    matchers:
      - type: word
        part: body
        words:
          - 'aura:invalidSession'