id: codeigniter-env info: name: Codeigniter .env file author: emenalf severity: high tags: config,exposure requests: - method: GET path: - "{{BaseURL}}/.env" - "{{BaseURL}}/.env.dev.local" - "{{BaseURL}}/.env.development.local" - "{{BaseURL}}/.env.prod.local" - "{{BaseURL}}/.env.production.local" - "{{BaseURL}}/.env.local" - "{{BaseURL}}/.env.example" - "{{BaseURL}}/.env.stage" - "{{BaseURL}}/.env.live" - "{{BaseURL}}/.env_1" - "{{BaseURL}}/.env.old" - "{{BaseURL}}/.env_sample" matchers-condition: and matchers: - type: regex regex: - "(?m)^APP_(NAME|ENV|KEY|DEBUG|URL|PASSWORD)" - "(?m)^DB_(HOST|PASSWORD|DATABASE)" condition: or - type: status status: - 200