id: exposed-kafdrop

info:
  name: Publicly exposed Kafdrop Interface
  author: dhiyaneshDk
  severity: low
  description: Publicly Kafdrop Interface is exposed.
  metadata:
    max-request: 1
  tags: exposure,misconfig,kafdrop

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: word
        words:
          - "<title>Kafdrop: Broker List</title>"
          - "Kafka Cluster Overview"
        condition: and
# digest: 4a0a00473045022100a7c8bf98f981ed00ae0f934c24d151888c5a725aee27c6013cb675e1c53a5e0a02202ac945eb94d5b8a9c55119c215bea03a496aea3e2820d05a62249fc686e2bd58:922c64590222798bb761d5b6d8e72950