Nmap Development mailing list archives
New http scripts for api keys
From: Jason Ostrom <jpo () pobox com>
Date: Mon, 11 May 2020 09:13:13 -0500
I’ve created a pull request for two new nse scripts. One of them is for a flaw that a couple of commercial scanners missed. I wanted to make sure that the entire community (through nmap) has a detection for this rather than having to pay a commercial vendor for the check. https://github.com/nmap/nmap/pull/2040 More details: The script 'http-ruby-environment.nse': Sample script to detect the presence of a Ruby on Rails rack-mini-profiler gem that is used to provide performance metrics for Rails applications. This simple detection script finds the environment variables page and looks for exposed API keys and other sensitive data such as credentials at '?pp=env' appended to default host URL. It is possible that Rails developers can expose environment variables through the gem without fully understanding their implications. The 'rack-mini-profiler' is a performance gem utilized by Ruby on Rails developers to better understand performance details of Rails applications. For more information: [1] https://github.com/MiniProfiler/rack-mini-profiler [2] https://www.speedshop.co/2015/08/05/rack-mini-profiler-the-secret-weapon.html [3] https://stackify.com/rack-mini-profiler-a-complete-guide-on-rails-performance/ A demo project named 'Hammer' that demonstrates a mis-configured Rails app with this vulnerability: [4] https://github.com/iknowjason/hammer A gentle introduction to the 'Hammer' project: [5] https://medium.com/@iknowjason/building-a-vulnerable-rails-application-for-learning-2a1de8cf98d5
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New http scripts for api keys Jason Ostrom (May 11)