id: internal-ip-disclosure

info:
  name: Internal IP Disclosure
  author: WillD96
  severity: info
  reference:
    - https://support.kemptechnologies.com/hc/en-us/articles/203522429-How-to-Mitigate-Against-Internal-IP-Address-Domain-Name-Disclosure-In-Real-Server-Redirect
  metadata:
    max-request: 2
  tags: misconfig,disclosure

http:
  - raw:
      - |+
        GET / HTTP/1.0
        Accept: */*

      - |+
        GET / HTTP/1.0
        Host:
        Accept: */*

    stop-at-first-match: true
    unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.

    matchers-condition: and
    matchers:
      - type: regex
        part: location
        regex:
          - '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'

      - type: dsl
        dsl:
          - ip != location

      - type: status
        status:
          - 301
          - 302

    extractors:
      - type: regex
        part: location
        regex:
          - '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'
# digest: 490a0046304402202ccecab303233a1e75a78c8d3912d25f4b57cea0f77bde7b02f472f4084515f602205c380911aaf6c5293902999ed0f4901d57b5451c7fe26b1f1d209e9fee407854:922c64590222798bb761d5b6d8e72950