id: strapi-admin-installer

info:
  name: Strapi Admin - Installer
  author: dhiyaneshDk
  severity: critical
  description: |
    Strapi Admin Registration enabled was detected.
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"Welcome to your Strapi app" html:"create an administrator"
  tags: misconfig,exposure,strapi,install

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Welcome to your Strapi app"
          - "Click to create the first administration"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022076e58e40dd0991f4811e863b9cadbf56921fdc339b33d6026f4d60f3f46c8b93022040ec38b78cdf6800d47a552820ae15f3581a9bb69fd03da3672044e2dfc44cbe:922c64590222798bb761d5b6d8e72950