48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
id: internal-ip-disclosure
|
|
|
|
info:
|
|
name: Internal IP Disclosure
|
|
author: WillD96
|
|
severity: info
|
|
reference:
|
|
- https://support.kemptechnologies.com/hc/en-us/articles/203522429-How-to-Mitigate-Against-Internal-IP-Address-Domain-Name-Disclosure-In-Real-Server-Redirect
|
|
metadata:
|
|
max-request: 2
|
|
tags: misconfig,disclosure
|
|
|
|
http:
|
|
- raw:
|
|
- |+
|
|
GET / HTTP/1.0
|
|
Accept: */*
|
|
|
|
- |+
|
|
GET / HTTP/1.0
|
|
Host:
|
|
Accept: */*
|
|
|
|
stop-at-first-match: true
|
|
unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: location
|
|
regex:
|
|
- '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- ip != location
|
|
|
|
- type: status
|
|
status:
|
|
- 301
|
|
- 302
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: location
|
|
regex:
|
|
- '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'
|
|
# digest: 490a0046304402202ccecab303233a1e75a78c8d3912d25f4b57cea0f77bde7b02f472f4084515f602205c380911aaf6c5293902999ed0f4901d57b5451c7fe26b1f1d209e9fee407854:922c64590222798bb761d5b6d8e72950 |