From 984979eacb33ddc97561ce943c46d687b2346f16 Mon Sep 17 00:00:00 2001 From: pyllyukko Date: Thu, 19 Oct 2023 12:39:10 +0300 Subject: [PATCH] Added apache-mod_info.bcheck --- other/apache-mod_info.bcheck | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 other/apache-mod_info.bcheck diff --git a/other/apache-mod_info.bcheck b/other/apache-mod_info.bcheck new file mode 100644 index 0000000..dd67785 --- /dev/null +++ b/other/apache-mod_info.bcheck @@ -0,0 +1,23 @@ +metadata: + language: v1-beta + name: "Apache mod_info" + description: "Check for Apache's mod_info pages" + author: "pyllyukko" + +run for each: + potential_path = + "/server-status", + "/server-info" + +given host then + send request called check: + method: "GET" + path: {potential_path} + + if {check.response.status_code} is "200" and "Apache Server" in {check.response.body} then + report issue: + severity: info + confidence: certain + detail: `Apache's mod_info page found at {potential_path}.` + remediation: "Disable Apache's mod_info module." + end if