Merge pull request #135 from pyllyukko/apache-mod_info

Added apache-mod_info.bcheck
PortSwigger · Oct 19, 2023 · e7ed2fc · e7ed2fc
2 parents 8450ff2 + 984979e
commit e7ed2fc
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/other/apache-mod_info.bcheck b/other/apache-mod_info.bcheck
@@ -0,0 +1,23 @@
+metadata:
+    language: v1-beta
+    name: "Apache mod_info"
+    description: "Check for Apache's mod_info pages"
+    author: "pyllyukko"
+
+run for each:
+    potential_path =
+        "/server-status",
+        "/server-info"
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+
+    if {check.response.status_code} is "200" and "Apache Server" in {check.response.body} then
+        report issue:
+            severity: info
+            confidence: certain
+            detail: `Apache's mod_info page found at {potential_path}.`
+            remediation: "Disable Apache's mod_info module."
+    end if