New http scripts for api keys

[Jason Ostrom <jpo () pobox com>]

I’ve created a pull request for two new nse scripts.  One of them is for a flaw that a couple of commercial scanners 
missed.

 

I wanted to make sure that the entire community (through nmap) has a detection for this rather than having to pay a 
commercial vendor for the check.

 

https://github.com/nmap/nmap/pull/2040

 

More details:

 

The script 'http-ruby-environment.nse':
Sample script to detect the presence of a Ruby on Rails rack-mini-profiler gem that is used to provide performance 
metrics
for Rails applications. This simple detection script finds the environment variables page and looks for exposed API keys
and other sensitive data such as credentials at '?pp=env' appended to default host URL. It is possible that Rails
developers can expose environment variables through the gem without fully understanding their implications.
The 'rack-mini-profiler' is a performance gem utilized by Ruby on Rails developers to better understand performance 
details
of Rails applications. For more information:
[1] https://github.com/MiniProfiler/rack-mini-profiler
[2] https://www.speedshop.co/2015/08/05/rack-mini-profiler-the-secret-weapon.html
[3] https://stackify.com/rack-mini-profiler-a-complete-guide-on-rails-performance/
A demo project named 'Hammer' that demonstrates a mis-configured Rails app with this vulnerability:
[4] https://github.com/iknowjason/hammer
A gentle introduction to the 'Hammer' project:
[5] https://medium.com/@iknowjason/building-a-vulnerable-rails-application-for-learning-2a1de8cf98d5

 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/